Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Podezření - kontrola

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Mr.Reyals
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 12 kvě 2007 11:01
Kontaktovat uživatele:
Kontaktovat uživatele Mr.Reyals

Podezření - kontrola

#1 Příspěvek od Mr.Reyals »

Ntm se mi trochu laguje a přijde mi, jakoby mi něco žralo výkon zevnitř, prosím o kontolu logu, dík
- Čim více se toho smaže tím lépa.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Uživatel at 2012-02-20 14:28:04
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (2%) free of 76 GB
Total RAM: 1526 MB (50% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:28:07, on 20.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\WireHelpSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\Zoom\TpScrex.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Steam\Steam.exe
C:\Documents and Settings\Uživatel\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421
O4 - HKCU\..\Run: [chromium] C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\WinDir\svchost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\WinDir\svchost.exe
O4 - Startup: ESET NOD32 Antivirus.lnk = C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo. - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: WireHelpSvc - Unknown owner - C:\Program Files\Common Files\WireHelpSvc.exe

--
End of file - 3888 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\djbf7laj.default

prefs.js - "browser.startup.homepage" - "http://home.speedbit.com/?aff=205"
prefs.js - "keyword.URL" - "http://home.speedbit.com/search.aspx?aff=206&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program F\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program F\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program F\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npPDFXCviewNPPlugin.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\djbf7laj.default\extensions\
{1018e4d6-728f-4b20-ad56-37578a4de76b}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\djbf7laj.default\searchplugins\
speedbit.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\WINDOWS\system32\WinDir\svchost.exe [2005-07-29 35320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"chromium"=C:\Program Files\Google\Chrome\Application\chrome.exe [2011-11-15 1036344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\WINDOWS\system32\WinDir\svchost.exe [2005-07-29 35320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Akamai\netsession_win.exe [2012-02-02 3329824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chromium]
C:\Program Files\Google\Chrome\Application\chrome.exe [2011-11-15 1036344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXL]
 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]
C:\WINDOWS\system32\WinDir\svchost.exe [2005-07-29 35320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKLM]
C:\WINDOWS\system32\WinDir\svchost.exe [2005-07-29 35320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OscarEditor]
C:\Program Files\Anti-Vibrate Oscar Editor\OscarEditor.exe [2010-07-22 2636800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Paradox]
C:\Documents and Settings\Uživatel\Data aplikací\System\Paradox.exe [2012-01-27 148992]

C:\Documents and Settings\Uživatel\Nabídka Start\Programy\Po spuštění
ESET NOD32 Antivirus.lnk - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-08-09 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program F\uTorrent\uTorrent.exe"="C:\Program F\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Buffalo\Hry\cs2d_0112_win\CounterStrike2D.exe"="C:\Buffalo\Hry\cs2d_0112_win\CounterStrike2D.exe:*:Enabled:CounterStrike2D"
"C:\Hry\Counter-Strike 1.6\hl.exe"="C:\Hry\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Buffalo\Hry\Terraria\Terraria 1.0.5 + Auto updater\Terraria 1.0.5 + Auto updater\TerrariaServer.exe"="C:\Buffalo\Hry\Terraria\Terraria 1.0.5 + Auto updater\Terraria 1.0.5 + Auto updater\TerrariaServer.exe:*:Enabled:Terraria"
"C:\Program F\totalcmd\TOTALCMD.EXE"="C:\Program F\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Hry\COD1\CoDMP.exe"="C:\Hry\COD1\CoDMP.exe:*:Enabled:CoDMP"
"C:\Hry\Quake III Arena\quake3.exe"="C:\Hry\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program F\Winamp\winamp.exe"="C:\Program F\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Java\jre6\bin\tnameserv.exe"="C:\Program Files\Java\jre6\bin\tnameserv.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\orbd.exe"="C:\Program Files\Java\jre6\bin\orbd.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Hry\unreal\Binaries\UT3.exe"="C:\Hry\unreal\Binaries\UT3.exe:*:Enabled:UT3"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program F\Ventrilo\Ventrilo.exe"="C:\Program F\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe"
"C:\Buffalo\Hry\Company of Heroes\RelicCOH.exe"="C:\Buffalo\Hry\Company of Heroes\RelicCOH.exe:*:Disabled:RelicCOH"
"D:\EasySetupAssistant\EasySetupAssistant.exe"="D:\EasySetupAssistant\EasySetupAssistant.exe:*:Disabled:TP-LINK Easy Setup Assistant"
"C:\Program F\WinHTTrack\WinHTTrack.exe"="C:\Program F\WinHTTrack\WinHTTrack.exe:*:Disabled:WinHTTrack Website Copier, Web Site mirroring for professional and private purposes"
"C:\Program F\QIP Infium\infium.exe"="C:\Program F\QIP Infium\infium.exe:*:Enabled:QIP 2012"
"C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Akamai\netsession_win.exe"="C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Akamai\netsession_win.exe:*:Disabled:Akamai NetSession Client"
"C:\Program Files\Steam\steamapps\amvvay\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\amvvay\counter-strike\hl.exe:*:Enabled:Counter-Strike"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"msacm.divxa32"=msaud32_divx.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"VIDC.FPS1"=frapsvid.dll

======File associations======

.txt - open - notepad.exe %1

======List of files/folders created in the last 1 month======

2012-02-16 11:55:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-16 11:49:10 ----A---- C:\WINDOWS\Rtcw.INI
2012-02-16 11:48:35 ----A---- C:\WINDOWS\imsins.BAK
2012-02-16 11:48:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-16 07:39:23 ----D---- C:\WINDOWS\LastGood.Tmp
2012-02-16 07:38:17 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-02-14 18:15:30 ----HD---- C:\WINDOWS\system32\GroupPolicy
2012-02-14 17:56:45 ----D---- C:\WINDOWS\pss
2012-02-11 23:02:24 ----D---- C:\Program Files\Ubisoft
2012-02-11 23:02:24 ----A---- C:\WINDOWS\system32\xmltok.dll
2012-02-11 23:02:24 ----A---- C:\WINDOWS\system32\xmlparse.dll
2012-02-11 23:02:24 ----A---- C:\WINDOWS\system32\xmlinst.exe
2012-02-11 23:02:24 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2012-02-11 23:02:24 ----A---- C:\WINDOWS\system32\msxml3a.dll
2012-02-05 21:41:08 ----D---- C:\WINDOWS\RegisteredPackages
2012-02-05 21:40:46 ----A---- C:\WINDOWS\system32\psisdecd.dll
2012-02-05 21:40:46 ----A---- C:\WINDOWS\system32\drivers\wstcodec.sys
2012-02-05 21:40:46 ----A---- C:\WINDOWS\system32\drivers\streamip.sys
2012-02-05 21:40:46 ----A---- C:\WINDOWS\system32\drivers\slip.sys
2012-02-05 21:40:46 ----A---- C:\WINDOWS\system32\drivers\ndisip.sys
2012-02-05 21:40:46 ----A---- C:\WINDOWS\system32\drivers\nabtsfec.sys
2012-02-05 21:40:46 ----A---- C:\WINDOWS\system32\drivers\msdv.sys
2012-02-05 21:40:45 ----A---- C:\WINDOWS\system32\drivers\mstee.sys
2012-02-05 21:40:45 ----A---- C:\WINDOWS\system32\drivers\mpe.sys
2012-02-05 21:40:45 ----A---- C:\WINDOWS\system32\drivers\ccdecode.sys
2012-02-05 21:40:45 ----A---- C:\WINDOWS\system32\drivers\bdasup.sys
2012-02-05 21:40:44 ----A---- C:\WINDOWS\system32\dxdllreg.exe
2012-02-05 21:39:25 ----HD---- C:\WINDOWS\msdownld.tmp
2012-02-03 23:16:35 ----D---- C:\Program Files\Common Files\EasyInfo
2012-02-03 23:14:05 ----D---- C:\Program Files\Common Files\DirectX
2012-02-03 04:36:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\TmForever
2012-01-29 20:10:20 ----A---- C:\Documents and Settings\Uživatel\Data aplikací\Uživatel3SQLite3.dll
2012-01-27 17:04:37 ----HD---- C:\Documents and Settings\Uživatel\Data aplikací\System
2012-01-21 12:28:54 ----A---- C:\Program Files\Common Files\WireHelpSvc.exe
2012-01-21 12:28:51 ----A---- C:\WINDOWS\system32\drivers\ESLWireACD.sys
2012-01-21 12:28:42 ----A---- C:\WINDOWS\system32\drivers\ESLvnic.sys
2012-01-21 12:28:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESL Wire

======List of files/folders modified in the last 1 month======

2012-02-20 14:28:06 ----D---- C:\Program Files\trend micro
2012-02-20 14:28:05 ----D---- C:\WINDOWS\Temp
2012-02-20 14:27:34 ----D---- C:\WINDOWS\Prefetch
2012-02-20 14:23:46 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Skype
2012-02-20 14:14:05 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-20 14:13:28 ----D---- C:\Program Files\Steam
2012-02-19 23:52:50 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-19 19:39:18 ----SH---- C:\boot.ini
2012-02-19 19:39:18 ----A---- C:\WINDOWS\win.ini
2012-02-19 19:39:18 ----A---- C:\WINDOWS\system.ini
2012-02-18 15:36:42 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-16 19:37:22 ----SHD---- C:\WINDOWS\Installer
2012-02-16 19:37:16 ----D---- C:\WINDOWS\system32
2012-02-16 19:37:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-16 19:37:11 ----RSD---- C:\WINDOWS\assembly
2012-02-16 19:37:09 ----D---- C:\WINDOWS\WinSxS
2012-02-16 15:35:07 ----D---- C:\WINDOWS
2012-02-16 11:55:35 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-16 11:55:29 ----HD---- C:\WINDOWS\inf
2012-02-16 11:55:27 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-16 11:55:10 ----D---- C:\Program Files\Internet Explorer
2012-02-16 11:54:51 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-16 11:50:08 ----D---- C:\Hry
2012-02-16 11:47:16 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\uTorrent
2012-02-15 16:10:42 ----D---- C:\Program Files\Common Files\Steam
2012-02-14 20:49:44 ----D---- C:\WINDOWS\security
2012-02-11 23:02:24 ----RD---- C:\Program Files
2012-02-11 22:58:52 ----HD---- C:\Program Files\InstallShield Installation Information
2012-02-11 22:58:08 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\DAEMON Tools Lite
2012-02-05 21:41:13 ----D---- C:\WINDOWS\system32\DirectX
2012-02-05 21:41:06 ----D---- C:\WINDOWS\system32\drivers
2012-02-04 14:30:02 ----D---- C:\Program Files\Game Accelerator
2012-02-04 14:29:16 ----D---- C:\Program Files\Messenger
2012-02-04 14:29:11 ----D---- C:\Program Files\Windows Media Connect 2
2012-02-04 14:29:10 ----D---- C:\Program Files\NetWaiting
2012-02-03 23:16:35 ----D---- C:\Program Files\Common Files
2012-01-30 07:37:51 ----D---- C:\Program Files\Common Files\Akamai
2012-01-26 23:45:44 ----D---- C:\Buffalo
2012-01-24 07:32:01 ----DC---- C:\WINDOWS\system32\DRVSTORE
2012-01-24 07:31:37 ----D---- C:\WINDOWS\SoftwareDistribution
2012-01-24 07:31:26 ----D---- C:\WINDOWS\Debug
2012-01-21 12:28:41 ----D---- C:\Program F

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\DRIVERS\iaStor.sys [2010-11-15 324120]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-08-16 232512]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-08-03 95896]
R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2011-10-02 3026]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 lenovo.smi;Lenovo System Interface Driver; C:\WINDOWS\system32\DRIVERS\smiif32.sys [2010-09-07 13680]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-12 17844]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2011-08-15 21035]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 ESLWireAC;ESLWireAC; \??\C:\WINDOWS\system32\drivers\ESLWireACD.sys []
R2 HidUsb;HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2010-06-02 19384]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2010-05-19 13952]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-24 308736]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2008-04-24 103424]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2009-08-26 213544]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit; C:\WINDOWS\system32\DRIVERS\ESLvnic.sys [2011-11-28 24504]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2011-12-24 25280]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2010-06-02 993464]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2010-06-02 217016]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-08-09 5765056]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2011-02-01 31984]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MouseCap;MouseCapture Driver; C:\WINDOWS\System32\Drivers\MouseCap.sys [2005-08-08 6640]
R3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETwLx32.sys [2010-10-07 6609920]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 Tp4Track;PS/2 TrackPoint Driver; C:\WINDOWS\system32\DRIVERS\tp4track.sys [2008-03-04 22568]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2010-06-02 738360]
S3 cpudrv;cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys []
S3 danewFltr;NewDeathAdder Mouse; C:\WINDOWS\system32\drivers\danew.sys [2009-04-21 11136]
S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer; C:\WINDOWS\system32\DRIVERS\hidkmdf.sys [2010-09-25 6656]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow; C:\WINDOWS\system32\DRIVERS\hidusbf.sys [2006-11-08 4544]
S3 Moufiltr;Mouse Test Driver; C:\WINDOWS\system32\DRIVERS\Moufiltr.sys [2005-08-06 9661]
S3 nm;Ovladač programu Sledování sítě; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\TwoTrack.sys [2001-08-17 11520]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VKbms;Virtual HID Minidriver; C:\WINDOWS\system32\DRIVERS\VKbms.sys [2010-10-01 10240]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-11-18 810144]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-10-19 866576]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2011-02-01 38760]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-03 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-10-19 477456]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2010-10-19 966656]
R2 TPHKLOAD;Lenovo Hotkey Client Loader; C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe [2011-04-20 130920]
R2 TPHKSVC;On Screen Display; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [2011-03-29 64952]
R2 WireHelpSvc;WireHelpSvc; C:\Program Files\Common Files\WireHelpSvc.exe [2011-11-28 265120]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute; C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe [2011-04-04 45496]
S2 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-02-15 481064]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-11-18 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 Akamai;Akamai NetSession Interface; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S4 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-28 135664]
S4 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-28 135664]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-08-16 66872]
S4 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2011-08-16 103736]
S4 SUService;System Update; c:\program files\lenovo\system update\suservice.exe [2011-07-25 28672]
S4 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-26 644408]
S4 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Podezření - kontrola

#2 Příspěvek od vyosek »

Zdravim a pekne odpoledne preji :)

:arrow: Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Mr.Reyals
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 12 kvě 2007 11:01
Kontaktovat uživatele:
Kontaktovat uživatele Mr.Reyals

Re: Podezření - kontrola

#3 Příspěvek od Mr.Reyals »

Here is it:


info.txt logfile of random's system information tool 1.09 2011-12-07 20:43:49

======Uninstall list======

-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\SETUP.exe -l0x0005 -removeonly
-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\SETUP.exe -l0x0009 -removeonly
-->MsiExec /X{8A809006-C25A-4A3A-9DAB-94659BCDB107}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program F\uTorrent\uTorrent.exe" /UNINSTALL
3D Object Converter for Windows 4.10 Gold Edition-->C:\WINDOWS\GPInstall.exe "/UNINST=C:\Program F\3Dconventor\UnInst.log" "/APPNAME=3D Object Converter for Windows 4.10 Gold Edition"
A4tech USB Mouse Quality Testing Program V6.0-->MsiExec.exe /I{361693F2-A153-4359-A4CB-A1B9FF2AA5E6}
Accelerated Adventures Toolkit 1.00.0-->"C:\Program F\GStudio8\Accelerated Adventures Toolkit\unins000.exe"
Adobe Flash Player 11 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -maintain plugin
Advanced SystemCare 3-->"C:\Program F\IObit\Advanced SystemCare 3\unins000.exe"
AI Viewer-->"C:\Program F\AIViewer\unins000.exe"
Aktualizace systému Windows Internet Explorer 8 (KB2447568)-->"C:\WINDOWS\ie8updates\KB2447568-IE8\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB2345886)-->"C:\WINDOWS\$NtUninstallKB2345886$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB2467659)-->"C:\WINDOWS\$NtUninstallKB2467659$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB2541763)-->"C:\WINDOWS\$NtUninstallKB2541763$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB2607712)-->"C:\WINDOWS\$NtUninstallKB2607712$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB2616676)-->"C:\WINDOWS\$NtUninstallKB2616676$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB2641690)-->"C:\WINDOWS\$NtUninstallKB2641690$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB971029)-->"C:\WINDOWS\$NtUninstallKB971029$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB2378111)-->"C:\WINDOWS\$NtUninstallKB2378111_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB975558)-->"C:\WINDOWS\$NtUninstallKB975558_WM8$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Aktualizace zabezpečení aplikace Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Aktualizace zabezpečení pro Microsoft Windows (KB2564958)-->"C:\WINDOWS\$NtUninstallKB2564958$\spuninst\spuninst.exe"
Aktualizace zabezpečení produktu Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2559049)-->"C:\WINDOWS\ie8updates\KB2559049-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2586448)-->"C:\WINDOWS\ie8updates\KB2586448-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2296011)-->"C:\WINDOWS\$NtUninstallKB2296011$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2347290)-->"C:\WINDOWS\$NtUninstallKB2347290$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2360937)-->"C:\WINDOWS\$NtUninstallKB2360937$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2387149)-->"C:\WINDOWS\$NtUninstallKB2387149$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2393802)-->"C:\WINDOWS\$NtUninstallKB2393802$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2412687)-->"C:\WINDOWS\$NtUninstallKB2412687$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2419632)-->"C:\WINDOWS\$NtUninstallKB2419632$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2423089)-->"C:\WINDOWS\$NtUninstallKB2423089$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2440591)-->"C:\WINDOWS\$NtUninstallKB2440591$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2443105)-->"C:\WINDOWS\$NtUninstallKB2443105$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2476490)-->"C:\WINDOWS\$NtUninstallKB2476490$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2478960)-->"C:\WINDOWS\$NtUninstallKB2478960$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2478971)-->"C:\WINDOWS\$NtUninstallKB2478971$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2479943)-->"C:\WINDOWS\$NtUninstallKB2479943$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2481109)-->"C:\WINDOWS\$NtUninstallKB2481109$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2483185)-->"C:\WINDOWS\$NtUninstallKB2483185$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2485663)-->"C:\WINDOWS\$NtUninstallKB2485663$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2503665)-->"C:\WINDOWS\$NtUninstallKB2503665$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2506212)-->"C:\WINDOWS\$NtUninstallKB2506212$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2507618)-->"C:\WINDOWS\$NtUninstallKB2507618$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2507938)-->"C:\WINDOWS\$NtUninstallKB2507938$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2508272)-->"C:\WINDOWS\$NtUninstallKB2508272$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2508429)-->"C:\WINDOWS\$NtUninstallKB2508429$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2509553)-->"C:\WINDOWS\$NtUninstallKB2509553$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2510581)-->"C:\WINDOWS\$NtUninstallKB2510581$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2524375)-->"C:\WINDOWS\$NtUninstallKB2524375$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2535512)-->"C:\WINDOWS\$NtUninstallKB2535512$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2536276-v2)-->"C:\WINDOWS\$NtUninstallKB2536276-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2544521)-->"C:\WINDOWS\$NtUninstallKB2544521$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2544893)-->"C:\WINDOWS\$NtUninstallKB2544893$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2544893-v2)-->"C:\WINDOWS\$NtUninstallKB2544893-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2555917)-->"C:\WINDOWS\$NtUninstallKB2555917$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2559049)-->"C:\WINDOWS\$NtUninstallKB2559049$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2562937)-->"C:\WINDOWS\$NtUninstallKB2562937$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2566454)-->"C:\WINDOWS\$NtUninstallKB2566454$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2567680)-->"C:\WINDOWS\$NtUninstallKB2567680$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2570222)-->"C:\WINDOWS\$NtUninstallKB2570222$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2570947)-->"C:\WINDOWS\$NtUninstallKB2570947$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Aktualizace zabezpečení systému Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB979687)-->"C:\WINDOWS\$NtUninstallKB979687$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB981322)-->"C:\WINDOWS\$NtUninstallKB981322$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB982132)-->"C:\WINDOWS\$NtUninstallKB982132$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Anti-Vibrate Oscar Editor-->"C:\Program Files\InstallShield Installation Information\{55FB908F-A025-4118-9354-ABD4979203F9}\setup.exe" -runfromtemp -l0x0409 -removeonly
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Click to Call with Skype-->MsiExec.exe /I{B6CF2967-C81E-40C0-9815-C05774FEF120}
Counter-Strike 1.6-->C:\Hry\Counter-Strike 1.6\Uninstal.exe
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19
Counter-Strike-->"C:\Program Files\Steam\steam.exe" steam://uninstall/10
DAEMON Tools Lite-->C:\Program F\DAEMON Tools Lite\uninst.exe
DivX Setup-->C:\Documents and Settings\All Users\Data aplikací\DivX\Setup\DivXSetup.exe /uninstall
EAX4 Unified Redist-->MsiExec.exe /X{89661B04-C646-4412-B6D3-5E19F02F1F37}
Ethereal 0.99.0-->"C:\Program F\Ethereal\uninstall.exe"
Game Booster-->"C:\Program F\IObit\Game Booster 3\unins000.exe"
Gamestudio A8-->"C:\Program F\GStudio8\uninstall.exe"
GOM Player-->"C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
Google Chrome-->"C:\Program Files\Google\Chrome\Application\15.0.874.121\Installer\setup.exe" --uninstall --multi-install --chrome --system-level --verbose-logging
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
InfraRecorder-->"C:\Program Files\InfraRecorder\uninstall.exe"
Intel PROSet Wireless-->Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall
ISA 2 basic-->C:\PROGRA~1\ISA2\Setup.exe /remove /q0
Java(TM) 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}
Lenovo Auto Scroll Utility-->rundll32.exe "C:\Program Files\Lenovo\VIRTSCRL\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Program Files\Lenovo\VIRTSCRL\tpdu_vs.inf
Lenovo System Interface Driver-->RunDll32.exe setupapi.dll,InstallHinfSection DefaultUninstall.NTx86 130 C:\Program Files\Lenovo\SMIIF\lnvsmi.inf
Microsoft .NET Framework 1.1 Czech Language Pack-->MsiExec.exe /X{5E65E94D-69F2-4850-9E93-6459C53A0F50}
Microsoft .NET Framework 1.1 Security Update (KB2572067)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M2572067\M2572067Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ClientLP
Microsoft .NET Framework 4 Client Profile CSY Language Pack-->MsiExec.exe /X{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}
Microsoft .NET Framework 4 Client Profile-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{3C3901C5-3455-3E0A-A214-0B093A5070A6}
Microsoft .NET Framework 4 Extended CSY Language Pack-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\ExtendedLP\Setup.exe /repair /x86 /lcid 1029 /parameterfolder ExtendedLP
Microsoft .NET Framework 4 Extended CSY Language Pack-->MsiExec.exe /X{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}
Microsoft .NET Framework 4 Extended-->C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{0A0CADCF-78DA-33C4-A350-CD51849B9702}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"
Microsoft Office Excel Viewer-->MsiExec.exe /I{95120000-003F-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-->MsiExec.exe /X{196BB40D-1578-3D01-B289-BEFC77A11A1E}
Microsoft XNA Framework Redistributable 4.0-->MsiExec.exe /I{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}
Mozilla Firefox 8.0 (x86 cs)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (5.0)-->C:\Program F\Mozilla Thunderbird\uninstall\helper.exe
MSM2MSI_gstudio-->MsiExec.exe /I{C53F001E-5912-4E76-AC49-9AC20B36B1A2}
Network Stumbler 0.4.0 (remove only)-->"C:\Program F\Network Stumbler\uninst.exe"
NitroXP-->C:\WINDOWS\unvise32.exe C:\Program F\NitroXP\uninstal.log
Nmap 5.51-->"C:\Program F\Nmap\uninstall.exe"
NVIDIA PhysX-->MsiExec.exe /X{8A809006-C25A-4A3A-9DAB-94659BCDB107}
On Screen Display-->rundll32.exe "C:\Program Files\Lenovo\HOTKEY\cleanup.dll",InfUninstall DefaultUninstall.XP 132 C:\Program Files\Lenovo\HOTKEY\tphk_tp.inf
OnLive-->"C:\Program Files\OnLive\Uninstall.exe"
OpenOffice.org 3.3-->MsiExec.exe /I{10B43A43-FF73-47FD-83E8-A503E84F9ED6}
Oprava hotfix aplikace Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB2443685)-->"C:\WINDOWS\$NtUninstallKB2443685$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB2570791)-->"C:\WINDOWS\$NtUninstallKB2570791$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
OSCAR Editor-->MsiExec.exe /I{55FB908F-A025-4118-9354-ABD4979203F9}
Petr 2.41 Lite-->C:\Program F\PetrLite\Uninstal.exe
PSPad editor-->"C:\Program F\PSPad editor\Uninst\unins000.exe"
Quake III Team Arena-->C:\WINDOWS\IsUninst.exe -f"C:\Hry\Quake III Arena\Q3TA.isu"
Quake III Arena-->C:\WINDOWS\IsUninst.exe -f"C:\Hry\Quake III Arena\QIII.isu"
RGSS-RTP Standard-->MsiExec.exe /I{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7E97AB83-C1FE-38DE-B848-877E0A4BD81E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DB31DEDD-BF95-31E7-A9B7-5480561CEFF3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile CSY Language Pack (KB2518870)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe /uninstallpatch {2CE2EB39-45C8-32D4-8A99-5529C38F1B99} /parameterfolder ClientLP
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7A2C18A1-D2A2-3177-82F1-5FE9CC08ECB0} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {42A3562E-8B4E-39A4-B82D-CC12F82889E3} /parameterfolder Extended
Skype™ 5.5-->MsiExec.exe /X{AA59DDE4-B672-4621-A016-4C248204957A}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\setup.exe" -l0x5 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
System Requirements Lab for Intel-->MsiExec.exe /I{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}
System Update-->MsiExec.exe /X{8675339C-128C-44DD-83BF-0A5D6ABD8297}
TeamSpeak 3 Client-->"C:\Program F\TeamSpeak 3 Client\uninstall.exe"
TeamViewer 6-->C:\Program Files\TeamViewer\Version6\uninstall.exe
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
Theophilos 3-->"C:\Program Files\theo30\unins000.exe"
ThinkPad FullScreen Magnifier-->rundll32.exe "C:\Program Files\Lenovo\ZOOM\cleanup.dll",InfUninstall DefaultUninstall 132 C:\Program Files\Lenovo\Zoom\TpScrex.inf
ThinkPad Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDA_HSF\UIU32m.exe -U -AWB -ITkp0588k.INF
ThinkPad Power Management Driver-->RunDll32.exe tpinspm.dll,Uninstall
ThinkPad TrackPoint Driver-->C:\Program Files\Lenovo\TrackPoint\tp4unins.exe
Total Commander (Remove or Repair)-->C:\Program F\totalcmd\tcuninst.exe
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5E9CF3A4-ADB3-3080-A8BF-976A28340758} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD988F49-E1C8-3C84-9683-0448B6BB8E20} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {81EBB9D7-173C-32E3-B477-149C8DE075E4} /parameterfolder Client
VC80CRTRedist - 8.0.50727.6195-->MsiExec.exe /I{933B4015-4618-4716-A828-5289FC03165F}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Winamp-->"C:\Program F\Winamp\UninstWA.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
WinHTTrack Website Copier 3.44-1-->"C:\Program F\WinHTTrack\unins000.exe"
WinPcap 4.1.2-->"C:\Program Files\WinPcap\uninstall.exe"
WinRAR 4.01 (32-bit)-->C:\Program F\WinRAR\uninstall.exe

======Security center information======

AV: ESET NOD32 Antivirus 4.2

======System event log======

Computer Name: IBM
Event Code: 5005
Message:
Record Number: 14672
Source Name: NETwLx32
Time Written: 20111130205727.000000+060
Event Type: Informace
User:

Computer Name: IBM
Event Code: 5007
Message:
Record Number: 14671
Source Name: NETwLx32
Time Written: 20111130205727.000000+060
Event Type: Informace
User:

Computer Name: IBM
Event Code: 5007
Message:
Record Number: 14670
Source Name: NETwLx32
Time Written: 20111130205727.000000+060
Event Type: Informace
User:

Computer Name: IBM
Event Code: 8021
Message: Služba Browser nezískala od hlavního prohledávače \\SARKA-PC v síti \Device\NetBT_Tcpip_{39F126E7-F888-4A42-9052-E975461A7330} seznam serverů.
Data obsahují kód chyby.

Record Number: 14669
Source Name: BROWSER
Time Written: 20111130203220.000000+060
Event Type: Upozornění
User:

Computer Name: IBM
Event Code: 7036
Message: Stav služby Služba modelu COM pro zápis na disk CD (IMAPI) byl změněn na: Zastaveno

Record Number: 14668
Source Name: Service Control Manager
Time Written: 20111130194726.000000+060
Event Type: Informace
User:

=====Application event log=====

Computer Name: IBM
Event Code: 0
Message:
Record Number: 3539
Source Name: RegSrvc
Time Written: 20111123073433.000000+060
Event Type: Informace
User:

Computer Name: IBM
Event Code: 0
Message:
Record Number: 3538
Source Name: gupdate
Time Written: 20111123073433.000000+060
Event Type: Informace
User:

Computer Name: IBM
Event Code: 0
Message:
Record Number: 3537
Source Name: EvtEng
Time Written: 20111123073433.000000+060
Event Type: Informace
User:

Computer Name: IBM
Event Code: 0
Message:
Record Number: 3536
Source Name: gupdate
Time Written: 20111122204201.000000+060
Event Type: Informace
User:

Computer Name: IBM
Event Code: 0
Message:
Record Number: 3535
Source Name: gupdate
Time Written: 20111122204200.000000+060
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Common Files\Lenovo
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 12, GenuineIntel
"PROCESSOR_REVISION"=0e0c
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"TVT"=C:\Program Files\Lenovo

-----------------EOF-----------------
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15703
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Podezření - kontrola

#4 Příspěvek od JaRon »

C:\WINDOWS\system32\WinDir\svchost.exe
otestuj na www.virustotal.com
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Podezření - kontrola

#5 Příspěvek od vyosek »

JaRon píše:C:\WINDOWS\system32\WinDir\svchost.exe
otestuj na http://www.virustotal.com
Udelejte tento krok co dal kolega, at se ujistime ze je to malware...

Predpokladam, ze ten NOD32 mate zakoupenou licenci :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Mr.Reyals
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 12 kvě 2007 11:01
Kontaktovat uživatele:
Kontaktovat uživatele Mr.Reyals

Re: Podezření - kontrola

#6 Příspěvek od Mr.Reyals »

schvost.exe: Detection ratio: 0/41

NOD - mám

EDIT: Ještě jedna doplňující informace: vždy při spouštění počítače (když už je vidět plocha) problikne příkazový řádek (na tak malou chvilku, že nemám šanci přečíst co se děje) dříve to nedělalo.
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Podezření - kontrola

#7 Příspěvek od vyosek »

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Mr.Reyals
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 12 kvě 2007 11:01
Kontaktovat uživatele:
Kontaktovat uživatele Mr.Reyals

Re: Podezření - kontrola

#8 Příspěvek od Mr.Reyals »

ComboFix 12-02-19.02 - Uživatel 20.02.2012 22:55:28.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1526.848 [GMT 1:00]
Spuštěný z: c:\documents and settings\U×ivatel\Dokumenty\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Uživatel\Data aplikací\Uživatel3SQLite3.dll
c:\program files\Common Files\WireHelpSvc.exe
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\hwinterface.sys
c:\windows\system32\windir
c:\windows\system32\WinDir\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Legacy_hwinterface
-------\Legacy_WireHelpSvc
-------\Service_hwinterface
-------\Service_WireHelpSvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-20 do 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-16 06:38 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 06:38 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 17:15 . 2012-02-14 17:15 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-02-11 22:02 . 2003-10-27 13:06 115016 ----a-w- c:\windows\system32\MSINET.OCX
2012-02-11 22:02 . 2012-02-11 22:02 -------- d-----w- c:\program files\Ubisoft
2012-02-11 22:02 . 2003-10-27 13:06 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2012-02-11 22:02 . 2003-10-27 13:06 69632 ----a-w- c:\windows\system32\xmltok.dll
2012-02-11 22:02 . 2003-10-27 13:06 36864 ----a-w- c:\windows\system32\xmlparse.dll
2012-02-11 22:02 . 2003-10-27 13:06 26096 ----a-w- c:\windows\system32\xmlinst.exe
2012-02-11 22:02 . 2003-10-27 13:06 35840 ----a-w- c:\windows\system32\comdlg32.oca
2012-02-11 22:02 . 2003-10-27 13:06 29184 ----a-w- c:\windows\system32\MSINET.oca
2012-02-11 22:02 . 2003-10-27 13:06 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-02-11 21:58 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-02-11 21:58 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-02-11 21:58 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-02-11 21:58 . 2003-02-27 15:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-02-11 21:58 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-02-11 21:58 . 2012-02-11 21:58 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-02-11 21:58 . 2012-02-11 21:58 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-02-05 20:21 . 2012-02-05 20:21 -------- d-----w- c:\documents and settings\Uživatel\Games
2012-02-03 22:34 . 2012-02-07 20:46 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\NFS Underground 2
2012-02-03 22:16 . 2012-02-03 22:16 -------- d-----w- c:\program files\Common Files\EasyInfo
2012-02-03 22:14 . 2012-02-03 22:14 -------- d-----w- c:\program files\Common Files\DirectX
2012-02-03 03:36 . 2012-02-03 04:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TmForever
2012-01-28 20:08 . 2012-02-09 06:24 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Akamai
2012-01-28 11:16 . 2012-01-28 11:16 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Identities
2012-01-27 16:04 . 2012-02-12 21:01 -------- d--h--w- c:\documents and settings\Uživatel\Data aplikací\System
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 12:50 . 2012-01-21 11:28 836496 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2012-01-12 17:20 . 2008-04-14 11:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-07 23:49 . 2011-10-02 00:31 249856 ------w- c:\windows\Setup1.exe
2012-01-07 23:49 . 2011-10-02 00:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-01-06 19:56 . 2012-01-06 19:56 124688 ----a-w- c:\windows\system32\Mswinsck.ocx
2011-12-24 22:40 . 2011-12-24 22:40 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-12-17 19:42 . 2008-04-14 11:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2008-04-14 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2008-04-14 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2008-04-14 11:00 385024 ------w- c:\windows\system32\html.iec
2011-12-10 20:58 . 2011-12-10 20:58 84480 ----a-w- c:\windows\system32\EasyHook32.dll
2011-12-10 20:58 . 2011-12-10 20:58 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-12-07 19:29 . 2011-08-15 22:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 12:19 . 2012-01-21 11:28 24504 ----a-w- c:\windows\system32\drivers\ESLvnic.sys
2011-11-25 21:57 . 2008-04-14 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-13 11:09 . 2011-10-02 11:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-15 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"chromium"="c:\program files\Google\Chrome\Application\chrome.exe" [2011-11-15 1036344]
.
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\
ESET NOD32 Antivirus.lnk - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe [2010-11-18 2219184]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXL]
? [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-02-02 01:44 3329824 ----a-w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chromium]
2011-11-15 05:39 1036344 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OscarEditor]
2010-07-22 13:18 2636800 ----a-w- c:\program files\Anti-Vibrate Oscar Editor\OscarEditor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Paradox]
2012-01-27 16:04 148992 ----a-w- c:\documents and settings\Uživatel\Data aplikací\System\Paradox.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program F\\uTorrent\\uTorrent.exe"=
"c:\\Buffalo\\Hry\\cs2d_0112_win\\CounterStrike2D.exe"=
"c:\\Hry\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program F\\totalcmd\\TOTALCMD.EXE"=
"c:\\Hry\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\tnameserv.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\orbd.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program F\\Ventrilo\\Ventrilo.exe"=
"c:\\Program F\\QIP Infium\\infium.exe"=
"c:\\Documents and Settings\\Uživatel\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Steam\\steamapps\\amvvay\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\Uživatel\\Dokumenty\\Downloads\\Killing Floor v1017 Full Game\\Killing Floor v1017 Full Game\\Killing Floor\\System\\KillingFloor.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16.8.2011 13:28 232512]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 11:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 11:28 95896]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [15.8.2011 21:11 13680]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [18.11.2010 13:11 810144]
R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [21.1.2012 12:28 836496]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [15.8.2011 21:11 130920]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [15.8.2011 21:11 64952]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [21.1.2012 12:28 24504]
R3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [8.8.2005 13:44 6640]
R3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [15.8.2011 11:56 6609920]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [4.3.2008 6:28 22568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [15.8.2011 21:11 45496]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 10:58 11336]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [30.8.2011 18:31 11136]
S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\drivers\hidkmdf.sys [30.8.2011 18:31 6656]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [30.8.2011 9:51 4544]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\drivers\VKbms.sys [30.8.2011 18:31 10240]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 12:00 14336]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.10.2011 0:26 135664]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28.10.2011 0:26 135664]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - ESLWIREAC
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 84.16.113.2 84.16.96.2
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\djbf7laj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=206&q=
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=205
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=206&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.search.defaultenginename - SpeedBit Search
FF - user.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=206&q=
FF - user.js: browser.search.order.1 - SpeedBit Search
FF - user.js: browser.search.selectedEngine - SpeedBit Search
FF - user.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=205
FF - user.js: browser.startup.homepage_override_url - hxxp://home.speedbit.com/?aff=205
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=206&q=
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-HKCU - c:\windows\system32\WinDir\svchost.exe
MSConfigStartUp-HKLM - c:\windows\system32\WinDir\svchost.exe
AddRemove-RPG Builder V0.3.59.03 Rebuild - c:\hry\RPGBUILDER\Uninstal.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-20 23:08
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_e286960.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_e286960.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3208)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
.
**************************************************************************
.
Celkový čas: 2012-02-20 23:12:54 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-20 22:12
.
Před spuštěním: 2 401 120 256
Po spuštění: 3 722 088 448
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 505F9CDCB0B7AF23131ECE1794BFB627
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Podezření - kontrola

#9 Příspěvek od vyosek »

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXL]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chromium]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"Akamai"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Akamai\netsession_win.exe"=-

Driver::
Akamai
gupdate
gupdatem

NetSvc::
Akamai

Folder::
C:/Program Files/Common Files/Akamai
C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Akamai

Firefox::
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\djbf7laj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=206&q=
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=205
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=206&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.search.defaultenginename - SpeedBit Search
FF - user.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=206&q=
FF - user.js: browser.search.order.1 - SpeedBit Search
FF - user.js: browser.search.selectedEngine - SpeedBit Search
FF - user.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=205
FF - user.js: browser.startup.homepage_override_url - hxxp://home.speedbit.com/?aff=205
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=206&q=
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0

ClearJavaCache::

AtJob::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Mr.Reyals
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 12 kvě 2007 11:01
Kontaktovat uživatele:
Kontaktovat uživatele Mr.Reyals

Re: Podezření - kontrola

#10 Příspěvek od Mr.Reyals »

ComboFix 12-02-19.02 - Uživatel 21.02.2012 11:38:01.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1526.840 [GMT 1:00]
Spuštěný z: c:\documents and settings\U×ivatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\U×ivatel\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-21 do 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-20 23:00 . 2012-02-21 10:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-02-16 06:38 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 06:38 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 17:15 . 2012-02-14 17:15 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-02-11 22:02 . 2003-10-27 13:06 115016 ----a-w- c:\windows\system32\MSINET.OCX
2012-02-11 22:02 . 2012-02-11 22:02 -------- d-----w- c:\program files\Ubisoft
2012-02-11 22:02 . 2003-10-27 13:06 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2012-02-11 22:02 . 2003-10-27 13:06 69632 ----a-w- c:\windows\system32\xmltok.dll
2012-02-11 22:02 . 2003-10-27 13:06 36864 ----a-w- c:\windows\system32\xmlparse.dll
2012-02-11 22:02 . 2003-10-27 13:06 26096 ----a-w- c:\windows\system32\xmlinst.exe
2012-02-11 22:02 . 2003-10-27 13:06 35840 ----a-w- c:\windows\system32\comdlg32.oca
2012-02-11 22:02 . 2003-10-27 13:06 29184 ----a-w- c:\windows\system32\MSINET.oca
2012-02-11 22:02 . 2003-10-27 13:06 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-02-11 21:58 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-02-11 21:58 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-02-11 21:58 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-02-11 21:58 . 2003-02-27 15:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-02-11 21:58 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-02-11 21:58 . 2012-02-11 21:58 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-02-11 21:58 . 2012-02-11 21:58 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-02-05 20:21 . 2012-02-05 20:21 -------- d-----w- c:\documents and settings\Uživatel\Games
2012-02-03 22:34 . 2012-02-07 20:46 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\NFS Underground 2
2012-02-03 22:16 . 2012-02-03 22:16 -------- d-----w- c:\program files\Common Files\EasyInfo
2012-02-03 22:14 . 2012-02-03 22:14 -------- d-----w- c:\program files\Common Files\DirectX
2012-02-03 03:36 . 2012-02-03 04:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TmForever
2012-01-28 20:08 . 2012-02-09 06:24 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Akamai
2012-01-28 11:16 . 2012-01-28 11:16 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Identities
2012-01-27 16:04 . 2012-02-12 21:01 -------- d--h--w- c:\documents and settings\Uživatel\Data aplikací\System
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 12:50 . 2012-01-21 11:28 836496 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2012-01-12 17:20 . 2008-04-14 11:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-07 23:49 . 2011-10-02 00:31 249856 ------w- c:\windows\Setup1.exe
2012-01-07 23:49 . 2011-10-02 00:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-01-06 19:56 . 2012-01-06 19:56 124688 ----a-w- c:\windows\system32\Mswinsck.ocx
2011-12-24 22:40 . 2011-12-24 22:40 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-12-17 19:42 . 2008-04-14 11:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2008-04-14 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2008-04-14 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2008-04-14 11:00 385024 ------w- c:\windows\system32\html.iec
2011-12-10 20:58 . 2011-12-10 20:58 84480 ----a-w- c:\windows\system32\EasyHook32.dll
2011-12-10 20:58 . 2011-12-10 20:58 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-12-07 19:29 . 2011-08-15 22:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 12:19 . 2012-01-21 11:28 24504 ----a-w- c:\windows\system32\drivers\ESLvnic.sys
2011-11-25 21:57 . 2008-04-14 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-13 11:09 . 2011-10-02 11:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-15 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2012-02-20_22.08.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-21 10:26 . 2012-02-21 10:26 16384 c:\windows\Temp\Perflib_Perfdata_7d0.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"chromium"="c:\program files\Google\Chrome\Application\chrome.exe" [2011-11-15 1036344]
"SpybotSD TeaTimer"="c:\program f\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\
ESET NOD32 Antivirus.lnk - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe [2010-11-18 2219184]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXL]
? [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface]
2012-02-02 01:44 3329824 ----a-w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Akamai\netsession_win.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\chromium]
2011-11-15 05:39 1036344 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OscarEditor]
2010-07-22 13:18 2636800 ----a-w- c:\program files\Anti-Vibrate Oscar Editor\OscarEditor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Paradox]
2012-01-27 16:04 148992 ----a-w- c:\documents and settings\Uživatel\Data aplikací\System\Paradox.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program F\\uTorrent\\uTorrent.exe"=
"c:\\Buffalo\\Hry\\cs2d_0112_win\\CounterStrike2D.exe"=
"c:\\Hry\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program F\\totalcmd\\TOTALCMD.EXE"=
"c:\\Hry\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\tnameserv.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\orbd.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program F\\Ventrilo\\Ventrilo.exe"=
"c:\\Program F\\QIP Infium\\infium.exe"=
"c:\\Documents and Settings\\Uživatel\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Steam\\steamapps\\amvvay\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\Uživatel\\Dokumenty\\Downloads\\Killing Floor v1017 Full Game\\Killing Floor v1017 Full Game\\Killing Floor\\System\\KillingFloor.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16.8.2011 13:28 232512]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 11:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 11:28 95896]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [15.8.2011 21:11 13680]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [18.11.2010 13:11 810144]
R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [21.1.2012 12:28 836496]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [15.8.2011 21:11 130920]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [15.8.2011 21:11 64952]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [21.1.2012 12:28 24504]
R3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [8.8.2005 13:44 6640]
R3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [15.8.2011 11:56 6609920]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [4.3.2008 6:28 22568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [15.8.2011 21:11 45496]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 10:58 11336]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [30.8.2011 18:31 11136]
S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\drivers\hidkmdf.sys [30.8.2011 18:31 6656]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [30.8.2011 9:51 4544]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\drivers\VKbms.sys [30.8.2011 18:31 10240]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S4 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 12:00 14336]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.10.2011 0:26 135664]
S4 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [28.10.2011 0:26 135664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 84.16.113.2 84.16.96.2
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\djbf7laj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=206&q=
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=205
FF - prefs.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=206&q=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.search.defaultenginename - SpeedBit Search
FF - user.js: browser.search.defaulturl - hxxp://home.speedbit.com/search.aspx?aff=206&q=
FF - user.js: browser.search.order.1 - SpeedBit Search
FF - user.js: browser.search.selectedEngine - SpeedBit Search
FF - user.js: browser.startup.homepage - hxxp://home.speedbit.com/?aff=205
FF - user.js: browser.startup.homepage_override_url - hxxp://home.speedbit.com/?aff=205
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: keyword.URL - hxxp://home.speedbit.com/search.aspx?aff=206&q=
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-21 11:44
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_e286960.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/netsession_win_e286960.dll"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(4064)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-02-21 11:46:11
ComboFix-quarantined-files.txt 2012-02-21 10:46
ComboFix2.txt 2012-02-20 22:12
.
Před spuštěním: 3 618 586 624
Po spuštění: 3 604 131 840
.
- - End Of File - - 46B68DCCF930E417A08D684123BFF4A0
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Podezření - kontrola

#11 Příspěvek od vyosek »

:arrow: Chybka, nic se nam nesmazlo - mate diakritiku v nazvu uctu uzivatele

:arrow: Presunte ComboFix primo na disk C:\

:arrow: Taktez primo na disku c:\ vytvorte znovu skript a aplikujte jej
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Mr.Reyals
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 12 kvě 2007 11:01
Kontaktovat uživatele:
Kontaktovat uživatele Mr.Reyals

Re: Podezření - kontrola

#12 Příspěvek od Mr.Reyals »

ComboFix 12-02-21.02 - Uživatel 21.02.2012 16:57:47.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1526.860 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AKAMAI
-------\Legacy_GUPDATE
-------\Legacy_GUPDATEM
-------\Service_Akamai
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-21 do 2012-02-21 )))))))))))))))))))))))))))))))
.
.
2012-02-20 23:00 . 2012-02-21 10:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2012-02-16 06:38 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 06:38 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 17:15 . 2012-02-14 17:15 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-02-11 22:02 . 2003-10-27 13:06 115016 ----a-w- c:\windows\system32\MSINET.OCX
2012-02-11 22:02 . 2012-02-11 22:02 -------- d-----w- c:\program files\Ubisoft
2012-02-11 22:02 . 2003-10-27 13:06 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2012-02-11 22:02 . 2003-10-27 13:06 69632 ----a-w- c:\windows\system32\xmltok.dll
2012-02-11 22:02 . 2003-10-27 13:06 36864 ----a-w- c:\windows\system32\xmlparse.dll
2012-02-11 22:02 . 2003-10-27 13:06 26096 ----a-w- c:\windows\system32\xmlinst.exe
2012-02-11 22:02 . 2003-10-27 13:06 35840 ----a-w- c:\windows\system32\comdlg32.oca
2012-02-11 22:02 . 2003-10-27 13:06 29184 ----a-w- c:\windows\system32\MSINET.oca
2012-02-11 22:02 . 2003-10-27 13:06 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-02-11 21:58 . 2002-12-05 13:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-02-11 21:58 . 2002-12-02 12:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-02-11 21:58 . 2002-12-02 12:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-02-11 21:58 . 2003-02-27 15:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-02-11 21:58 . 2002-12-02 14:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-02-11 21:58 . 2012-02-11 21:58 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-02-11 21:58 . 2012-02-11 21:58 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-02-05 20:21 . 2012-02-05 20:21 -------- d-----w- c:\documents and settings\Uživatel\Games
2012-02-03 22:34 . 2012-02-07 20:46 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\NFS Underground 2
2012-02-03 22:16 . 2012-02-03 22:16 -------- d-----w- c:\program files\Common Files\EasyInfo
2012-02-03 22:14 . 2012-02-03 22:14 -------- d-----w- c:\program files\Common Files\DirectX
2012-02-03 03:36 . 2012-02-03 04:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TmForever
2012-01-28 20:08 . 2012-02-09 06:24 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Akamai
2012-01-28 11:16 . 2012-01-28 11:16 -------- d-----w- c:\documents and settings\Uživatel\Local Settings\Data aplikací\Identities
2012-01-27 16:04 . 2012-02-12 21:01 -------- d--h--w- c:\documents and settings\Uživatel\Data aplikací\System
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-24 12:50 . 2012-01-21 11:28 836496 ----a-w- c:\windows\system32\drivers\ESLWireACD.sys
2012-01-12 17:20 . 2008-04-14 11:00 1859968 ----a-w- c:\windows\system32\win32k.sys
2012-01-07 23:49 . 2011-10-02 00:31 249856 ------w- c:\windows\Setup1.exe
2012-01-07 23:49 . 2011-10-02 00:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-01-06 19:56 . 2012-01-06 19:56 124688 ----a-w- c:\windows\system32\Mswinsck.ocx
2011-12-24 22:40 . 2011-12-24 22:40 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-12-17 19:42 . 2008-04-14 11:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2008-04-14 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2008-04-14 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2008-04-14 11:00 385024 ------w- c:\windows\system32\html.iec
2011-12-10 20:58 . 2011-12-10 20:58 84480 ----a-w- c:\windows\system32\EasyHook32.dll
2011-12-10 20:58 . 2011-12-10 20:58 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2011-12-07 19:29 . 2011-08-15 22:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-28 12:19 . 2012-01-21 11:28 24504 ----a-w- c:\windows\system32\drivers\ESLvnic.sys
2011-11-25 21:57 . 2008-04-14 11:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-13 11:09 . 2011-10-02 11:45 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-11-15 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"chromium"="c:\program files\Google\Chrome\Application\chrome.exe" [2011-11-15 1036344]
"SpybotSD TeaTimer"="c:\program f\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\
ESET NOD32 Antivirus.lnk - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe [2010-11-18 2219184]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program F\\uTorrent\\uTorrent.exe"=
"c:\\Buffalo\\Hry\\cs2d_0112_win\\CounterStrike2D.exe"=
"c:\\Hry\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program F\\totalcmd\\TOTALCMD.EXE"=
"c:\\Hry\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\tnameserv.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\orbd.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program F\\Ventrilo\\Ventrilo.exe"=
"c:\\Program F\\QIP Infium\\infium.exe"=
"c:\\Documents and Settings\\Uživatel\\Local Settings\\Data aplikací\\Akamai\\netsession_win.exe"=
"c:\\Program Files\\Steam\\steamapps\\amvvay\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\Uživatel\\Dokumenty\\Downloads\\Killing Floor v1017 Full Game\\Killing Floor v1017 Full Game\\Killing Floor\\System\\KillingFloor.exe"=
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [16.8.2011 13:28 232512]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 11:31 115008]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3.8.2010 11:28 95896]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [15.8.2011 21:11 13680]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [18.11.2010 13:11 810144]
R2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [21.1.2012 12:28 836496]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\Lenovo\HOTKEY\tphkload.exe [15.8.2011 21:11 130920]
R2 TPHKSVC;On Screen Display;c:\program files\Lenovo\HOTKEY\TPHKSVC.exe [15.8.2011 21:11 64952]
R3 ESLvnic1;ESLvnic Virtual Network 32 Bit;c:\windows\system32\drivers\ESLvnic.sys [21.1.2012 12:28 24504]
R3 MouseCap;MouseCapture Driver;c:\windows\system32\drivers\MouseCap.sys [8.8.2005 13:44 6640]
R3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [15.8.2011 11:56 6609920]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [4.3.2008 6:28 22568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\Lenovo\HOTKEY\micmute.exe [15.8.2011 21:11 45496]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18.12.2009 10:58 11336]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [30.8.2011 18:31 11136]
S3 hidkmdf;Filter Driver Service for HID-KMDF Interface layer;c:\windows\system32\drivers\hidkmdf.sys [30.8.2011 18:31 6656]
S3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\drivers\hidusbf.sys [30.8.2011 9:51 4544]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;c:\windows\system32\DRIVERS\wg111v2.sys --> c:\windows\system32\DRIVERS\wg111v2.sys [?]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\drivers\VKbms.sys [30.8.2011 18:31 10240]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
.
.
------- Doplňkový sken -------
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 84.16.113.2 84.16.96.2
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\djbf7laj.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-21 17:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2276)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\LENOVO\HOTKEY\tposdsvc.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
.
**************************************************************************
.
Celkový čas: 2012-02-21 17:11:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-02-21 16:11
.
Před spuštěním: 5 186 670 592
Po spuštění: 5 136 736 256
.
- - End Of File - - E0FC6F265FAB537888DED50B03F4285B



PC zatím frčí naprosto v pohodě
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Podezření - kontrola

#13 Příspěvek od vyosek »

:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A je to :|
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Mr.Reyals
Návštěvník
Návštěvník
Příspěvky: 48
Registrován: 12 kvě 2007 11:01
Kontaktovat uživatele:
Kontaktovat uživatele Mr.Reyals

Re: Podezření - kontrola

#14 Příspěvek od Mr.Reyals »

Super, ccleaner mám a používám, na to ostatní se du hned vrhnout, dobrá práce, dík
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Podezření - kontrola

#15 Příspěvek od vyosek »

Oki, pak napiste ci je vse v poradku
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“