vrus - service.exe Vyřešeno

[jaro3]

Taky jsem na něj nenašel odkaz...

Ještě script v OTMoveIt3:

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
C:\Windows\update.exe
C:\Windows\23.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Postup stejný , zase z něj log..
Vlož sem znovu nový log z RSIT.

Bohužel autor(oldtimer) stáhl z netu všechny svoje programy, tedy i další jako: OTViewIt, OTScanIt atd..

[Reklama]

[Peane]

LOG z OTMoveIt3:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Windows\update.exe moved successfully.
C:\Windows\23.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\Peane7\AppData\Local\Temp\etilqs_94FPeg6etGnjQXpVfPpk scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
File delete failed. C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 06102009_195937

Files moved on Reboot...
File C:\Users\Peane7\AppData\Local\Temp\etilqs_94FPeg6etGnjQXpVfPpk not found!
C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\urlclassifier3.sqlite moved successfully.
C:\Users\Peane7\AppData\Local\Mozilla\Firefox\Profiles\xk5o6ilq.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...


LOG z RSIT (program zase hodil stejný error)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Peane7 at 2009-06-10 20:04:44
Microsoft Windows 7 Ultimate
System drive C: has 8 GB (15%) free of 50 GB
Total RAM: 3071 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:47, on 10.6.2009
Platform: Unknown Windows (WinNT 6.01.3004)
MSIE: Internet Explorer v8.00 (8.00.7100.0000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DNA\btdna.exe
C:\Users\Peane7\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Peane7.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Peane7\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.30\bin\mysqld.exe

--
End of file - 7688 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1855497769-1127002569-3203998978-1000.job
C:\Windows\tasks\RegCure Program Check.job
C:\Windows\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-06-02 35840]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2008-10-10 69632]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-10-17 7737344]
"HPUsageTracking"=C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-11-02 36864]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2008-07-01 1447168]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-03-17 61440]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-23 68776]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-06-02 148888]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-06-09 518488]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-22 1174016]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-02-24 321344]
"Google Update"=C:\Users\Peane7\AppData\Local\Google\Update\GoogleUpdate.exe [2009-04-21 133104]
"QIP2005"=C:\Program Files\QIP\qip.exe [2009-02-12 3276288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Config]
C:\Program Files\Microsoft Games\Age Of Empires ii\Config.exe [2006-07-06 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe [2009-04-09 228808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
g:\program files\steam\steam.exe [2009-06-09 1217784]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-02-19 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll [2009-04-22 236032]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=0
"EnableLUA"=0
"PromptOnSecureDesktop"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDFSTab"=1
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-06-10 19:59:28 ----A---- C:\RSIT.exe
2009-06-10 16:06:04 ----D---- C:\_OTM
2009-06-10 16:04:13 ----A---- C:\OTM.exe
2009-06-09 22:03:51 ----D---- C:\rsit
2009-06-09 21:48:20 ----A---- C:\Bug.txt
2009-06-09 21:23:45 ----D---- C:\Users\Peane7\AppData\Roaming\Malwarebytes
2009-06-09 21:23:39 ----D---- C:\ProgramData\Malwarebytes
2009-06-09 21:23:39 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-09 20:43:48 ----D---- C:\Program Files\Trend Micro
2009-06-09 20:27:36 ----A---- C:\Windows\system32\lsdelete.exe
2009-06-09 20:18:28 ----HDC---- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-06-09 18:11:50 ----D---- C:\Program Files\RegCure
2009-06-09 17:57:34 ----A---- C:\Windows\system32\BASSMOD.dll
2009-06-09 13:03:08 ----A---- C:\Windows\SetPointInstall.ini
2009-06-09 11:43:59 ----D---- C:\Program Files\Core Services
2009-06-09 10:54:54 ----D---- C:\Users\Peane7\AppData\Roaming\Win7codecs
2009-06-09 10:54:52 ----D---- C:\Program Files\Win7codecs
2009-06-09 10:38:43 ----D---- C:\Program Files\Opera
2009-06-09 09:47:43 ----D---- C:\Users\Peane7\AppData\Roaming\MySQL-Front
2009-06-09 09:47:43 ----D---- C:\Program Files\MySQL-Front
2009-06-06 16:53:04 ----D---- C:\Program Files\MSDN
2009-06-04 19:00:46 ----D---- C:\Program Files\Parallels
2009-06-03 20:07:03 ----D---- C:\Program Files\Microsoft Chart Controls
2009-06-02 20:42:36 ----A---- C:\Windows\system32\javaws.exe
2009-06-02 20:42:36 ----A---- C:\Windows\system32\javaw.exe
2009-06-02 20:42:36 ----A---- C:\Windows\system32\java.exe
2009-06-01 18:52:09 ----D---- C:\Program Files\PlayReady
2009-06-01 18:47:36 ----D---- C:\Windows\ITECIR
2009-06-01 18:47:36 ----A---- C:\Windows\system32\CIRCoInst.dll
2009-05-31 23:21:46 ----D---- C:\ProjectTemplates
2009-05-31 23:20:44 ----D---- C:\Program Files\Windows Mobile 6 SDK
2009-05-31 23:11:20 ----A---- C:\RecorderSDKLog.txt
2009-05-31 23:07:27 ----A---- C:\Windows\system32\tsccvid.dll
2009-05-31 23:07:26 ----D---- C:\Windows\system32\QuickTime
2009-05-31 23:07:18 ----D---- C:\ProgramData\TechSmith
2009-05-31 23:07:05 ----D---- C:\Program Files\TechSmith
2009-05-31 23:07:05 ----D---- C:\Program Files\Common Files\TechSmith Shared
2009-05-31 22:10:50 ----A---- C:\Windows\ODBC.INI
2009-05-31 22:10:22 ----D---- C:\Windows\system32\js
2009-05-31 22:10:22 ----D---- C:\Windows\system32\images
2009-05-31 22:10:22 ----D---- C:\Windows\system32\html
2009-05-31 22:10:22 ----D---- C:\Windows\system32\css
2009-05-31 22:10:22 ----D---- C:\Program Files\Business Objects
2009-05-31 22:10:11 ----D---- C:\Program Files\Microsoft Device Emulator
2009-05-31 22:09:29 ----D---- C:\Program Files\Windows Mobile 5.0 SDK R2
2009-05-31 22:03:07 ----D---- C:\ProgramData\PreEmptive Solutions
2009-05-31 22:00:07 ----D---- C:\Windows\symbols
2009-05-31 21:58:01 ----D---- C:\Program Files\HTML Help Workshop
2009-05-31 21:58:01 ----D---- C:\Program Files\Common Files\Merge Modules
2009-05-31 21:58:01 ----D---- C:\Program Files\CE Remote Tools
2009-05-31 21:56:44 ----D---- C:\Program Files\Microsoft Web Designer Tools
2009-05-31 21:35:47 ----D---- C:\Program Files\Common Files\Skype
2009-05-31 21:35:46 ----RD---- C:\Program Files\Skype
2009-05-31 17:19:20 ----D---- C:\Windows\PCHEALTH
2009-05-30 20:33:55 ----D---- C:\Users\Peane7\AppData\Roaming\phpDesigner
2009-05-30 20:33:53 ----D---- C:\Program Files\phpDesigner
2009-05-30 11:09:11 ----D---- C:\Program Files\Tukero[X]Team
2009-05-29 20:11:28 ----D---- C:\Program Files\CesarFTP
2009-05-29 19:41:33 ----D---- C:\Users\Peane7\AppData\Roaming\FileZilla
2009-05-29 16:52:26 ----A---- C:\Windows\system32\xvidvfw.dll
2009-05-29 16:47:06 ----A---- C:\Windows\system32\xvidcore.dll
2009-05-29 16:41:59 ----D---- C:\Windows\system32\Lang
2009-05-29 16:41:59 ----A---- C:\Windows\system32\imsmudlg.exe
2009-05-29 16:41:44 ----D---- C:\Intel
2009-05-29 16:41:44 ----A---- C:\Windows\system32\nvccoin.dll
2009-05-29 16:41:28 ----D---- C:\Program Files\Intel
2009-05-29 05:11:20 ----A---- C:\Windows\system32\ff_vfw.dll
2009-05-28 21:48:32 ----D---- C:\Program Files\bobyte
2009-05-28 21:08:10 ----A---- C:\Windows\Marsu-Fix 2.5 Uninstaller.exe.bak
2009-05-28 18:27:23 ----D---- C:\Users\Peane7\AppData\Roaming\Youdagames
2009-05-27 18:39:48 ----D---- C:\Users\Peane7\AppData\Roaming\DAEMON Tools Lite
2009-05-27 18:10:26 ----A---- C:\Windows\system32\d3dx10_40.dll
2009-05-27 18:10:26 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2009-05-27 18:10:25 ----A---- C:\Windows\system32\D3DX9_40.dll
2009-05-27 15:39:55 ----A---- C:\Windows\system32\msmpeg2vdec.dll
2009-05-27 15:39:55 ----A---- C:\Windows\system32\MSMPEG2ENC.DLL
2009-05-27 15:39:55 ----A---- C:\Windows\system32\msmpeg2adec.dll
2009-05-27 15:39:55 ----A---- C:\Windows\system32\MSAC3ENC.DLL
2009-05-27 15:39:55 ----A---- C:\Windows\system32\mfAACEnc.dll
2009-05-27 15:39:51 ----A---- C:\Windows\system32\tquery.dll
2009-05-27 15:39:51 ----A---- C:\Windows\system32\mssrch.dll
2009-05-27 15:39:50 ----A---- C:\Windows\system32\user32.dll
2009-05-27 15:39:50 ----A---- C:\Windows\system32\sxs.dll
2009-05-27 15:39:50 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2009-05-27 15:39:50 ----A---- C:\Windows\system32\SearchIndexer.exe
2009-05-27 15:39:50 ----A---- C:\Windows\system32\mssvp.dll
2009-05-27 15:39:50 ----A---- C:\Windows\system32\mssph.dll
2009-05-27 15:39:49 ----A---- C:\Windows\system32\SearchFilterHost.exe
2009-05-27 15:39:49 ----A---- C:\Windows\system32\mssphtb.dll
2009-05-27 15:39:49 ----A---- C:\Windows\system32\comctl32.dll
2009-05-27 15:39:49 ----A---- C:\Windows\system32\cdosys.dll
2009-05-27 15:39:48 ----A---- C:\Windows\system32\msscntrs.dll
2009-05-27 15:39:48 ----A---- C:\Windows\system32\gdi32.dll
2009-05-27 15:39:43 ----A---- C:\Windows\system32\mshtml.dll
2009-05-27 15:39:42 ----A---- C:\Windows\system32\wininet.dll
2009-05-27 15:39:42 ----A---- C:\Windows\system32\urlmon.dll
2009-05-27 15:39:42 ----A---- C:\Windows\system32\mstime.dll
2009-05-27 15:39:42 ----A---- C:\Windows\system32\msrating.dll
2009-05-27 15:39:42 ----A---- C:\Windows\system32\inseng.dll
2009-05-27 15:39:42 ----A---- C:\Windows\system32\iepeers.dll
2009-05-27 15:39:42 ----A---- C:\Windows\system32\dxtrans.dll
2009-05-27 15:39:42 ----A---- C:\Windows\system32\dxtmsft.dll
2009-05-27 15:39:41 ----A---- C:\Windows\system32\pngfilt.dll
2009-05-27 15:39:41 ----A---- C:\Windows\system32\mshtmled.dll
2009-05-27 15:39:41 ----A---- C:\Windows\system32\jsproxy.dll
2009-05-26 21:34:59 ----D---- C:\Program Files\UlisesSoft
2009-05-25 14:16:28 ----A---- C:\Windows\system32\ElbyVCD.dll
2009-05-25 14:01:38 ----A---- C:\Windows\system32\ElbyCDIO.dll
2009-05-22 00:51:48 ----A---- C:\Windows\system32\xfcodec.dll
2009-05-17 16:18:57 ----D---- C:\Program Files\Complements
2009-05-15 20:57:31 ----D---- C:\Windows\cs-CZ
2009-05-15 20:57:14 ----D---- C:\Windows\system32\cs
2009-05-15 20:55:56 ----D---- C:\Windows\system32\XPSViewer
2009-05-15 20:49:58 ----D---- C:\Application Data
2009-05-14 20:30:14 ----D---- C:\Users\Peane7\AppData\Roaming\dvdcss
2009-05-13 22:15:20 ----A---- C:\Windows\system32\SQSRVRES.DLL
2009-05-13 21:51:24 ----A---- C:\Windows\system32\McxDriv.dll
2009-05-13 20:53:21 ----D---- C:\Program Files\Intelore
2009-05-13 19:52:07 ----D---- C:\Users\Peane7\AppData\Roaming\vlc
2009-05-13 19:51:45 ----D---- C:\Program Files\VideoLAN
2009-05-13 18:18:48 ----A---- C:\Windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2009-05-13 18:18:37 ----A---- C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2009-05-13 18:17:55 ----D---- C:\Windows\system32\RsFx
2009-05-13 18:17:30 ----D---- C:\Users\Peane7\AppData\Roaming\DivX
2009-05-13 18:16:55 ----D---- C:\Windows\system32\1033
2009-05-13 18:08:56 ----D---- C:\Program Files\Microsoft SQL Server
2009-05-13 18:08:37 ----D---- C:\Program Files\Microsoft Synchronization Services
2009-05-13 18:05:50 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2009-05-13 18:05:33 ----D---- C:\Program Files\Microsoft SDKs
2009-05-13 16:58:13 ----A---- C:\Windows\system32\poqexec.exe
2009-05-12 21:47:15 ----D---- C:\ProgramData\Win7codecs
2009-05-12 21:46:01 ----D---- C:\Users\Peane7\AppData\Roaming\Thinstall
2009-05-11 18:03:56 ----D---- C:\Program Files\TeamViewer
2009-05-11 17:56:35 ----D---- C:\Program Files\Common Files\PX Storage Engine
2009-05-11 17:56:15 ----D---- C:\Program Files\DivX
2009-05-11 17:56:15 ----D---- C:\Program Files\Common Files\DivX Shared
2009-05-11 17:05:21 ----D---- C:\Program Files\QS
2009-05-11 17:05:20 ----D---- C:\Users\Peane7\AppData\Roaming\TeamViewer

======List of files/folders modified in the last 1 months======

2009-06-10 20:04:45 ----D---- C:\Windows\Temp
2009-06-10 20:04:07 ----D---- C:\Windows\Prefetch
2009-06-10 20:02:26 ----D---- C:\Program Files\Mozilla Firefox
2009-06-10 20:02:11 ----D---- C:\Users\Peane7\AppData\Roaming\DNA
2009-06-10 20:02:11 ----D---- C:\Program Files\DNA
2009-06-10 19:59:37 ----D---- C:\Windows
2009-06-10 16:55:47 ----SHD---- C:\Windows\Installer
2009-06-10 16:55:43 ----SHD---- C:\System Volume Information
2009-06-10 16:55:29 ----D---- C:\Windows\System32
2009-06-10 16:52:44 ----RD---- C:\Program Files
2009-06-10 16:52:43 ----D---- C:\Windows\system32\drivers
2009-06-10 15:59:15 ----D---- C:\Windows\system32\config
2009-06-09 21:23:39 ----HD---- C:\ProgramData
2009-06-09 20:25:31 ----D---- C:\Windows\Tasks
2009-06-09 20:25:31 ----D---- C:\Windows\system32\Tasks
2009-06-09 20:18:21 ----D---- C:\ProgramData\Lavasoft
2009-06-09 20:18:21 ----D---- C:\Program Files\Lavasoft
2009-06-09 18:04:20 ----D---- C:\Windows\inf
2009-06-09 18:04:20 ----A---- C:\Windows\system32\PerfStringBackup.INI
2009-06-09 17:44:00 ----A---- C:\Windows\NeroDigital.ini
2009-06-09 17:18:40 ----D---- C:\Windows\system32\LogFiles
2009-06-09 16:46:01 ----D---- C:\Windows\system32\NDF
2009-06-09 12:54:10 ----D---- C:\Windows\system32\DriverStore
2009-06-09 12:54:10 ----D---- C:\Windows\system32\catroot
2009-06-09 12:54:06 ----D---- C:\Windows\system32\catroot2
2009-06-09 11:00:58 ----D---- C:\Users\Peane7\AppData\Roaming\BSplayer
2009-06-09 10:48:56 ----D---- C:\Windows\WindowsMobile
2009-06-09 10:48:47 ----D---- C:\Program Files\Common Files\Apple
2009-06-09 10:47:39 ----D---- C:\Program Files\Uplink
2009-06-09 10:38:51 ----D---- C:\Users\Peane7\AppData\Roaming\Opera
2009-06-09 09:42:14 ----D---- C:\Windows\Downloaded Program Files
2009-06-08 17:46:51 ----D---- C:\Program Files\Opera 10 Preview
2009-06-08 17:45:18 ----D---- C:\Program Files\Common Files\Steam
2009-06-06 23:13:57 ----D---- C:\Users\Peane7\AppData\Roaming\BitTorrent
2009-06-06 18:48:57 ----D---- C:\Windows\Microsoft.NET
2009-06-06 17:21:31 ----RSD---- C:\Windows\assembly
2009-06-06 17:20:47 ----D---- C:\Windows\Registration
2009-06-06 17:18:35 ----D---- C:\ProgramData\Microsoft Help
2009-06-05 20:09:48 ----D---- C:\Windows\rescache
2009-06-05 15:17:44 ----D---- C:\Program Files\Common Files
2009-06-05 15:07:47 ----D---- C:\Windows\winsxs
2009-06-05 15:05:27 ----D---- C:\Windows\system32\inetsrv
2009-06-05 15:05:26 ----D---- C:\inetpub
2009-06-05 15:05:02 ----D---- C:\Windows\system32\en-US
2009-06-05 07:04:47 ----D---- C:\Program Files\WinRAR
2009-06-04 19:02:46 ----D---- C:\Windows\system32\migration
2009-06-04 19:02:46 ----D---- C:\Windows\system32\cs-CZ
2009-06-03 22:24:49 ----D---- C:\Users\Peane7\AppData\Roaming\WinRAR
2009-06-02 20:42:28 ----A---- C:\Windows\system32\deploytk.dll
2009-06-01 19:46:49 ----D---- C:\ProgramData\Media Center Programs
2009-06-01 18:52:09 ----SD---- C:\ProgramData\Microsoft
2009-06-01 18:47:35 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-01 17:56:51 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2009-05-31 23:29:18 ----SD---- C:\Users\Peane7\AppData\Roaming\Microsoft
2009-05-31 23:13:46 ----D---- C:\Program Files\EA Games
2009-05-31 22:10:02 ----RSD---- C:\Windows\Fonts
2009-05-31 22:08:26 ----D---- C:\Program Files\Microsoft.NET
2009-05-31 22:03:08 ----A---- C:\Users\Peane7\AppData\Roaming\burnaware.ini
2009-05-31 22:03:01 ----D---- C:\Program Files\Common Files\microsoft shared
2009-05-31 22:00:28 ----D---- C:\Program Files\MSBuild
2009-05-31 21:40:17 ----D---- C:\Users\Peane7\AppData\Roaming\Skype
2009-05-31 21:36:10 ----D---- C:\Users\Peane7\AppData\Roaming\skypePM
2009-05-31 21:35:46 ----D---- C:\ProgramData\Skype
2009-05-31 18:28:44 ----HD---- C:\Windows\system32\GroupPolicy
2009-05-31 18:03:07 ----D---- C:\ProgramData\Xfire
2009-05-31 17:19:22 ----D---- C:\Program Files\Microsoft Works
2009-05-31 17:18:14 ----A---- C:\Windows\win.ini
2009-05-30 23:57:37 ----D---- C:\totalcmd
2009-05-30 18:25:01 ----D---- C:\Users\Peane7\AppData\Roaming\Xfire
2009-05-30 17:41:38 ----AD---- C:\ProgramData\TEMP
2009-05-30 17:41:31 ----D---- C:\Fraps
2009-05-27 18:08:33 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-05-27 18:08:31 ----D---- C:\Program Files\AGEIA Technologies
2009-05-27 17:03:40 ----D---- C:\Program Files\Internet Explorer
2009-05-24 23:42:44 ----SHD---- C:\$Recycle.Bin
2009-05-17 10:03:04 ----D---- C:\Windows\system
2009-05-15 20:57:46 ----D---- C:\Program Files\Windows Mail
2009-05-15 20:57:45 ----D---- C:\Program Files\Windows Sidebar
2009-05-15 20:57:42 ----D---- C:\Program Files\Windows Media Player
2009-05-15 20:57:42 ----D---- C:\Program Files\Windows Journal
2009-05-15 20:57:42 ----D---- C:\Program Files\DVD Maker
2009-05-15 20:57:40 ----D---- C:\Program Files\Common Files\System
2009-05-15 20:57:39 ----D---- C:\Windows\servicing
2009-05-15 20:57:39 ----D---- C:\Program Files\Windows Photo Viewer
2009-05-15 20:57:39 ----D---- C:\Program Files\Windows Defender
2009-05-15 20:57:38 ----D---- C:\Windows\ehome
2009-05-15 20:57:16 ----D---- C:\Windows\system32\winrm
2009-05-15 20:57:16 ----D---- C:\Windows\PolicyDefinitions
2009-05-15 20:57:15 ----D---- C:\Windows\system32\oobe
2009-05-15 20:57:14 ----D---- C:\Windows\system32\sysprep
2009-05-15 20:57:14 ----D---- C:\Windows\system32\slmgr
2009-05-15 20:57:14 ----D---- C:\Windows\system32\migwiz
2009-05-15 20:57:14 ----D---- C:\Windows\system32\Boot
2009-05-15 20:55:51 ----D---- C:\Windows\system32\MUI
2009-05-15 20:55:50 ----D---- C:\Windows\system32\WCN
2009-05-15 20:55:49 ----D---- C:\Windows\system32\Dism
2009-05-15 20:55:32 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2009-05-15 20:55:24 ----D---- C:\Windows\system32\wbem
2009-05-15 20:55:24 ----D---- C:\Windows\system32\com
2009-05-15 20:55:21 ----D---- C:\Windows\AppPatch
2009-05-13 18:08:37 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2009-05-13 16:52:33 ----D---- C:\Program Files\K-Lite Codec Pack
2009-05-11 06:12:31 ----D---- C:\Windows\system32\wdi


Děkuji

[jaro3]

Tak ještě jeden script v OTMoveIt3:

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDFSTab"=0

:Files
C:\Windows\system32\RsFx

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


*****************************************************************************************************************************************
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O13 - Gopher Prefix:

takže jestli nejsou problémy,tak vyčisti systém CCleanerem

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

pokud nejsou problémy , je to vše.

[Peane]

Moc děkuji za pomoc a za váš čas.

Chtěl bych se zeptat co mám používat za antiviry/spyware cleanery adt abych předešel podobným problémům do budoucna.
Mám NOD32 ale jak je vidět tak nvm jak moc je účinný.

Jak mám prověřovat soubory neznámého původu stažené z internetu?

Děkuji

[jaro3]

Žádný antivir není na 100%...ani nemůže, pokud máš NOD32 placený , můžeš ponechat, na Spyware- SpywareTerminator, Spybot atd.
Můžeš si stáhnout některý free firewall a doplnit sestavu- ZoneAlarm, Outpost, Comodo atd.
Vyzkoušej programy , zejména co se týče zatěžování systému- záleží též na Tvém HW.
Můžeš dát vyřešeno, fajfku. MbAM si ponech , pravidelně aktualizuj a prováděj sken, nemá rez. ochranu -nezatěžuje tedy systém ( jen při skenu).