Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Network Crime

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Iron
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 11 bře 2011 17:20

Network Crime

#1 Příspěvek od Iron »

Zdravím, mám problém. Když se přihlásím do svého účtu, objeví se červená obrazovka s tím, že mám nelegální software a chce to po mně odeslat nějaký telefonní hovor. Podle mě je to nějaký virus. Můžete mi poradit? Díky.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Network Crime

#2 Příspěvek od Rudy »

Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Iron
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 11 bře 2011 17:20

Re: Network Crime

#3 Příspěvek od Iron »

Dobře, tady je ten log.

Kód: Vybrat vše

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:21:06, on 11.3.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
F:\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
R3 - URLSearchHook: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
R3 - URLSearchHook: (no name) - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - (no file)
R3 - URLSearchHook: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
R3 - URLSearchHook: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - (no file)
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
R3 - URLSearchHook: ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\HyperCam Toolbar\tbhelper.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIso0.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [SpybotDeletingA2168] command.com /c del "C:\Program Files\VVSN\vvsn.cfg"
O4 - HKLM\..\RunOnce: [SpybotDeletingC721] cmd.exe /c del "C:\Program Files\VVSN\vvsn.cfg"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2960] command.com /c del "C:\Program Files\VVSN\VVSN.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingC379] cmd.exe /c del "C:\Program Files\VVSN\VVSN.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Sony\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE
O4 - HKUS\S-1-5-21-448539723-1965331169-839522115-1003\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-448539723-1965331169-839522115-1003\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - HKUS\S-1-5-21-448539723-1965331169-839522115-1003\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-21-448539723-1965331169-839522115-1003\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe (User '?')
O4 - HKUS\S-1-5-21-448539723-1965331169-839522115-1003\..\Run: [Google Update] "C:\Documents and Settings\Sony\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-448539723-1965331169-839522115-1003\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User '?')
O4 - HKUS\S-1-5-21-448539723-1965331169-839522115-1003\..\Run: [Fraps] C:\FRAPS\FRAPS.EXE (User '?')
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys

--
End of file - 9106 bytes

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Network Crime

#4 Příspěvek od Rudy »

Toto je log z HijackThis, nikoli z RSIT.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

davider222
Návštěvník
Návštěvník
Příspěvky: 16
Registrován: 11 bře 2011 14:26

Re: Network Crime

#5 Příspěvek od davider222 »

Hoďte log z RSIT toto je z HJT (HiJackThis) log z RSIT je podrobnejší. Ale tento je zatial čístý čo sa bežiacich procesov týka. Ale je tu pár vecí iných:

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/

R3 - URLSearchHook: (no name) - {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - (no file)
R3 - URLSearchHook: (no name) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - (no file)
R3 - URLSearchHook: (no name) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)

R3 - URLSearchHook: (no name) - {2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file)
R3 - URLSearchHook: (no name) - {0a452a47-c5a8-4854-a237-4b9b06b376f0} - (no file)
R3 - URLSearchHook: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)

R3 - URLSearchHook: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - (no file)
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
tie no file veci by ste mohli fixnut rovno v tom programe ale počkám radšej nech sa vyjadrí niekto skúsenejší

čo je to VVSN ? je možné že je to vírus alebo ste to inštalovali vy ?

Kód: Vybrat vše

O4 - HKLM\..\RunOnce: [SpybotDeletingA2960] command.com /c del "C:\Program Files\VVSN\VVSN.exe"
04 - HKLM\..\RunOnce: [SpybotDeletingC379] cmd.exe /c del "C:\Program Files\VVSN\VVSN.exe"

Iron
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 11 bře 2011 17:20

Re: Network Crime

#6 Příspěvek od Iron »

Tak snad už mám ten správný:

Kód: Vybrat vše

info.txt logfile of random's system information tool 1.08 2011-03-11 20:27:42

======Uninstall list======

-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
3D Realistic Fireplace Screen Saver 3.4-->"C:\Program Files\3D Realistic Fireplace 3\unins000.exe"
4Musics OGG to MP3 Converter 4.4-->"C:\Program Files\4Musics OGG to MP3 Converter\unins000.exe"
50 FREE MP3s +1 Free Audiobook!-->"C:\Program Files\Winamp\eMusic\Uninst-eMusic-promotion.exe"
AbiWord 2.8.6-->C:\Program Files\AbiWord\UninstallAbiWord2.exe
Adobe Audition 3.0-->msiexec /I {53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -maintain plugin
Adobe Reader 8.1.0 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A81000000003}
Adobe Shockwave Player 11.5-->C:\WINDOWS\system32\Adobe\uninstaller.exe
AllyFreeware 3.6-->"C:\Program Files\Knowledge Base Software\AllyFreeware36\unins000.exe"
AnyToISO-->"C:\Program Files\AnyToISO\unins000.exe"
Apache HTTP Server 2.2.4-->MsiExec.exe /I{85262A06-2D8C-4BC1-B6ED-5A705D09CFFC}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Arta Software version 1.6.0-->"C:\Program Files\ArtaSoftware\unins000.exe"
Artoonix 1.8 Release 2-->"C:\Program Files\Artoonix\unins000.exe"
Asterisk Key 9.0-->C:\Program Files\Passware\un-ariskkey.exe
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Belltech Business Card Designer Pro 5.2.3-->"C:\Program Files\Belltech Business Card Designer Pro\unins000.exe"
BlazeDVD 6.0-->"C:\Program Files\BlazeVideo\BlazeDVD 6.0\unins000.exe"
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Business Card Designer Trial-->MsiExec.exe /I{CDE39D65-080A-48F5-A891-44E845EFB058}
CadStd-->C:\Program Files\Apperson\CadStd\uninst.exe
capella 2002 - profesionální notová sazba-->c:\capella2002\unins000.exe
capella professional 2008-->MsiExec.exe /I{7276B0EC-8602-4083-9B2B-3FF247C89487}
CD MP3 Burner 2.15-->"C:\Program Files\CD MP3 Burner\unins000.exe"
CitrixWire-->C:\Program Files\CitrixWire\uninstall.exe
CityBars Mod v1.0-->C:\Program Files\Mafia\Uninstal.exe
CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Convert Doc-->"C:\Program Files\Softinterface, Inc\Convert Doc\unins000.exe"
Counter-Strike 1.6 Non-Steam patch v36-->"C:\Program Files\Valve\unins000.exe"
Counter-Strike 1.6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{13B792AA-C078-43A4-8A3A-8B12D629940D}\Setup.exe" -l0x19 
Cryptext (Remove Only)-->rundll32 setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\system32\ShellExt\Cryptext.inf
CryptoFish 1.1 Trial version-->"C:\Program files\CryptoFish\DSUn000.uds" "C:\Program files\CryptoFish\DSUn001.uds"
Dealio Toolbar v4.1-->MsiExec.exe /X{C1F83B10-0BEB-475f-BBA2-E235B02B9826}
DebugMode Wax 2.0-->"C:\Program Files\DebugMode\Wax 2.0\uninst.exe"
DemonStar Shareware-->"C:\Program Files\DemonStar_Shareware\unins000.exe"
Digital Guitar Tuner-->C:\Program Files\Digital Guitar Tuner\Uninstall.exe
DocScan Pro version 5.37-->"C:\Program Files\SolarSys\DocScan Pro\unins000.exe"
Download Accelerator Plus (DAP)-->C:\PROGRA~1\DAP\DAPREMOVE.EXE
DVDFab 8.0.0.5 (MATOZ REPACK)-->"C:\Program Files\DVDFab 8\unins000.exe"
DVDVideoSoft Toolbar-->C:\PROGRA~1\DVDVID~1\UNWISE.EXE   /U C:\PROGRA~1\DVDVID~1\INSTALL.LOG  
EAGLE 5.6.0-->cmd.exe /c start "EAGLE Uninstaller" /min "C:\Program Files\EAGLE-5.6.0\bin\uninstall.bat" C:\Program Files\EAGLE-5.6.0\bin
Easy Audio CD Burner 3.71-->C:\PROGRA~1\EASYAU~1\UNWISE.EXE C:\PROGRA~1\EASYAU~1\INSTALL.LOG
EAX Unified-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Creative\EAX Unified\Uninst.isu"
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manuál-->C:\Program Files\EPSON\TPMANUAL\ES_CX_DX\CZE\USE_G\DOCUNINS.EXE
eToro-->C:\PROGRA~1\eToro\UNWISE.EXE C:\PROGRA~1\eToro\INSTALL.LOG
Extreme Ride Mod-->C:\Program Files\Mafia\Odinstalovat Extreme Ride Mod.exe
Face Smoother 1.12-->"C:\Program Files\Face Smoother\unins000.exe"
Farm Frenzy 2-->"C:\WINDOWS\Farm Frenzy 2\uninstall.exe" "/U:C:\Program Files\Farm Frenzy 2\Uninstall\uninstall.xml"
Fraps (remove only)-->"C:\Fraps\uninstall.exe"
Free Audio CD Burner version 1.2-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free Mp3/Wma/Ogg Converter 4.0.1-->"C:\Program Files\Free Mp3WmaOgg Converter\unins000.exe"
Free YouTube Download 1.2-->"C:\Program Files\DVDVideoSoft\Free YouTube Download\unins000.exe"
Free YouTube to MP3 Converter version 3.2-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
free-downloads.net Toolbar-->C:\PROGRA~1\FREE-D~1.NET\UNWISE.EXE   /U C:\PROGRA~1\FREE-D~1.NET\INSTALL.LOG  
FreeStyler-->"c:\FreeStyler\unins000.exe"
Game Booster-->"C:\Program Files\IObit\Game Booster\unins000.exe"
Game Editor 1.3.9-->C:\Program Files\Game Editor\uninst.exe
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Garmin Communicator Plugin-->MsiExec.exe /X{C7DD94A8-F775-426C-B56C-8E555A59F9E2}
Garmin USB Drivers-->MsiExec.exe /X{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}
GeoGet 2.2.5.541-->"C:\Program Files\GeoGet\unins000.exe"
GhostMouse 2.0-->C:\WINDOWS\uninst.exe -fC:\GMouse20\DeIsL1.isu  -cC:\GMouse20\_ISREG32.DLL
GIMP 2.6.11-->"D:\GIMP-2.0\setup\unins000.exe"
GoldWave v5.55-->"C:\Program Files\GoldWave\unstall.exe" "GoldWave v5.55" "C:\Program Files\GoldWave\unstall.log"
Google Earth-->MsiExec.exe /X{4286E640-B5FB-11DF-AC4B-005056C00008}
Google SketchUp 7-->MsiExec.exe /X{E209F988-EF49-4B3D-84A6-3CBB67F058AC}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Gossiper Toolbar-->C:\PROGRA~1\Gossiper\UNWISE.EXE   /U C:\PROGRA~1\Gossiper\INSTALL.LOG  
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9  -removeonly
Hide IP NG 1.52-->"C:\Program Files\Hide IP NG\unins000.exe"
Hide IP Platinum 3.5-->"C:\Program Files\Hide IP Platinum\unins000.exe"
Hitman - Codename 47-->"d:\\uninstall.exe" C:\WINDOWS\ISUNINST.EXE -y -f"d:\uninstall.isu"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall  /qb+ REBOOTPROMPT=""
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {A4418082-E601-3954-805B-D56A2B50EC8B} /uninstall  /qb+ REBOOTPROMPT=""
HTML editor Yugie (shareware) verze 4.3-->"C:\Program Files\HTML editor Yugie-shareware\unins000.exe"
HyperCam 2-->"C:\Program Files\HyCam2\UnHyCam2.exe"
HyperCam Toolbar-->C:\Program Files\HyperCam Toolbar\UninstallToolbar.exe
HyperSnap 6-->C:\Program Files\HyperSnap 6\HprUnInst.exe
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ7.2-->"C:\Program Files\InstallShield Installation Information\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
ICY Hexplorer (remove only)-->"D:\hexplorer\uninstall.exe"
iMesh-->C:\Program Files\iMesh Applications\iMesh\UninstallSurvey.exe C:\Program Files\iMesh Applications\iMesh\UnwiseLauncher.exe /A C:\PROGRA~1\IMESHA~1\iMesh\INSTALL.LOG
InfraRecorder-->C:\Program Files\InfraRecorder\uninstall.exe
In-Tune Multi-Instrument Tuner v1.81-->"C:\Program Files\InTune\unins000.exe"
IObit Toolbar v4.1-->MsiExec.exe /X{7B8BA496-E201-4246-9A8B-687B49145F53}
IsoBuster 2.8-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
IsoBuster Toolbar-->C:\PROGRA~1\ISOBUS~1\UNWISE.EXE   /U C:\PROGRA~1\ISOBUS~1\INSTALL.LOG  
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
JPEG Resampler Vs 4.7-->"C:\Program Files\JPEG Resampler\unins000.exe"
JustCad 7.0-->C:\WINDOWS\st6unst.exe -n "C:\Program Files\JustCad 7.0\ST6UNST.LOG"  
Karaoke Builder Studio 3.x-->C:\KBStudio\UNWISE.EXE C:\KBStudio\INSTALL.LOG
Ladička 1.00-->C:\Program Files\Ladicka\Uninstall.exe
LEGO Racers-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\LEGO Media\Games\LEGO Racers Demo\Uninst.isu"
LightScribe System Software  1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
LogMeIn Hamachi-->C:\WINDOWS\system32\\msiexec.exe /i {CE4A3D0F-D1B0-47D1-BF99-3E957C548D12} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}
Lyrik 1.2.7-->"C:\Documents and Settings\All Users\Data aplikací\Lyrik\Uninstall\unins000.exe"
Lyrik Winamp Plugin 1.2.4-->"C:\Documents and Settings\All Users\Data aplikací\Lyrik\Uninstall\Winamp\unins000.exe"
Max Payne 2 Tools-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6CB09F11-AA88-499A-A7CC-709B18FE552F}\Setup.exe" -l0x9 
Max Payne 2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}\Setup.exe" -l0x9 
MediaBar 2.0-->C:\Program Files\iMesh Applications\iMesh MediaBar\Uninstall.exe
Microsoft .NET Framework 1.1 Czech Language Pack-->MsiExec.exe /X{5E65E94D-69F2-4850-9E93-6459C53A0F50}
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Bootvis-->MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Office Converter Pack-->MsiExec.exe /X{6EECB283-E65F-40EF-86D3-D51BF02A8D43}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110405-6000-11D3-8CFE-0150048383C9}
Microsoft Office Word Viewer 2003-->MsiExec.exe /I{90850409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 Management Objects-->MsiExec.exe /I{F5E87B12-3C27-452F-8E78-21D42164FD83}
Microsoft SQL Server Compact 3.5 SP1 Design Tools English-->MsiExec.exe /X{0C19D563-5F25-4621-BF10-01F741BD283F}
Microsoft SQL Server Compact 3.5 SP1 English-->MsiExec.exe /I{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}
Microsoft SQL Server Native Client-->MsiExec.exe /I{BF251EAF-8697-4E89-BF09-C998F97BBC40}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft Visual C# 2008 Express Edition with SP1 - ENU-->MsiExec.exe /X{A4418082-E601-3954-805B-D56A2B50EC8B}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu-->MsiExec.exe /X{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
MixPad Audio Mixer-->C:\Program Files\NCH Swift Sound\MixPad\uninst.exe
Mozilla Firefox (3.5.17)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.0.1)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
MP3 2 Ogg Lab 2004-->"C:\Program Files\MP3 2 Ogg Lab 2004\unins000.exe"
MP3 Cutter 1.6-->"C:\Program Files\MP3 Cutter\unins000.exe"
MP3Resizer 1.8.3-->"C:\Program Files\MP3Resizer\unins000.exe"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6 Service Pack 2 (KB973686)-->MsiExec.exe /I{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}
MTA:SA v1.0.4-->G:\GTA\GTA San Andreas\Uninstall.exe
Musicmatch® Jukebox-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{85D3CC30-8859-481A-9654-FD9B74310BEF}\setup.exe" -l0x9  -uninst 
Nero 7 Premium-->MsiExec.exe /X{91C0B95B-B83A-4828-A775-BBE2DD421029}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NET Installation Assistance for VB6 App (Runtime Only)-->MsiExec.exe /I{66333C41-085E-4DA1-8273-E2BCA382D766}
Network Play System (Patching)-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Electronic Arts\Network Play System\NPSPatch.isu"
NCH Toolbar-->C:\PROGRA~1\NCH\UNWISE.EXE   /U C:\PROGRA~1\NCH\INSTALL.LOG  
Norton Security Scan-->C:\Program Files\Norton Security Scan\Norton Security Scan\Engine\3.0.1.8\InstWrap.exe
NoteWorthy Composer 2-->"C:\Program Files\Noteworthy Software\NoteWorthy Composer 2\Uninstall.exe"
NoteWorthy Composer-->C:\PROGRA~1\NOTEWO~2\Uninstal.exe
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OGG To MP3 Plus-->C:\Program Files\OGG To MP3 Plus\uninst.exe
Open Video Converter version 3.0.1-->"C:\Program Files\OpenVideoConverter\unins000.exe"
Opera 9.64-->MsiExec.exe /X{E1BBBAC5-2857-4155-82A6-54492CE88620}
Operation Flashpoint uninstall-->D:\OperationFlashpoint\uninstall.exe
Oprava Hotfix systému Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
P2P_Energy Toolbar-->C:\PROGRA~1\P2P_EN~1\UNWISE.EXE   /U C:\PROGRA~1\P2P_EN~1\INSTALL.LOG  
Pawno editor-->C:\Program Files\Pawno editor\Uninst0.exe
PC Translator-->C:\DOCUME~1\Filip\LOCALS~1\Temp\UN32.EXE -UP
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
pdfforge Toolbar v4.3-->MsiExec.exe /X{A0B139A7-E8D5-49E8-A7BF-12421E652208}
PhotoStage Slideshow Producer-->C:\Program Files\NCH Software\PhotoStage\uninst.exe
Pinnacle Instant DVD Recorder-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}\setup.exe" -l0x5 UNINSTALL
Pivot Stickfigure Animator-->MsiExec.exe /I{BEAD39CD-901D-4267-8B8B-EAA83CB4B70D}
Prism Video File Converter-->C:\Program Files\NCH Software\Prism\uninst.exe
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
Python 1.5.2 (final)-->C:\PROGRA~1\Python\UNWISE.EXE C:\PROGRA~1\Python\INSTALL.LOG
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
rajče verze 57 sestavení 192-->"C:\Program Files\rajce\unins000.exe"
Raptr-->"C:\Program Files\Raptr\uninstall.exe"
RAR Password Recovery v1.1 RC16 (remove only)-->C:\Program Files\Intelore\RAR-PR\uninstall.exe
Realtek AC'97 Audio-->Alcrmv.exe -r -m
RealWorld Photos-->MsiExec.exe /I{03C71A63-6A09-4B22-96CB-0C5F31D47549}
Sada Compatibility Pack pro systém Office 2007-->MsiExec.exe /X{90120000-0020-0405-0000-0000000FF1CE}
Safari-->MsiExec.exe /X{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
Skype™ 5.0-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Smart PC Recorder - by freebird-->C:\Program Files\freebird\SmartRecorder\Uninstall.exe
SMS posílač Treca-->"C:\Program Files\SMS posílač Treca\unins000.exe"
Software tiskárny EPSON-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
Soldier of Fortune-->C:\WINDOWS\IsUninst.exe -f"d:\Soldier of Fortune\sof.isu"
Sony Media Manager 2.2-->MsiExec.exe /X{878D2EB2-2D55-42A9-955E-1E08F28529FD}
Sony Vegas 7.0-->MsiExec.exe /X{DFB951D6-4270-42D8-B4B7-AA4B01911DC3}
SpeedBit Video Downloader-->"C:\Program Files\SpeedBit Video Downloader\GRRemove.exe" temp
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Studio 11-->C:\Program Files\InstallShield Installation Information\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}\Setup2.exe -runfromtemp -l0x0005 UNINSTALL -removeonly
Tcl 8.0.5 for Windows-->C:\PROGRA~1\Tcl\UNWISE.EXE C:\PROGRA~1\Tcl\INSTALL.LOG
Thinking2D-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Thinking2D Inc.\Thinking2D\Uninst.isu"
TotalAudioConverter-->"C:\Program Files\TotalAudioConverter\unins000.exe"
TuneUp Utilities 2011-->C:\Program Files\TuneUp Utilities 2011\TUInstallHelper.exe --Trigger-Uninstall
Údržba Samsung ML-1660 Series-->"C:\Program Files\Samsung\Samsung ML-1660 Series\Setup\Setup.exe" /R
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
uTorrent Acceleration Tool-->C:\Program Files\uTorrent Acceleration Tool\uninstall.exe
vanBasco's Karaoke Player-->C:\Program Files\vanBasco's Karaoke Player\uninst.exe
Vbsedit-->C:\Documents and Settings\All Users\Data aplikací\Vbsedit\x86\uninst.exe
Verze 1.12-->"C:\Program Files\Karaoke Editor\unins000.exe"
VidCrop-->"C:\Program Files\GeoVid\VidCrop\unins000.exe"
VideoPad Video Editor-->C:\Program Files\NCH Software\VideoPad\uninst.exe
Vietcong & Vietcong: Fist Alpha-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\Cenega Czech\VIETCONG\Uninstall\setup.exe" -l0x5 
VirtualCloneDrive-->"C:\Program Files\Elaborate Bytes\VirtualCloneDrive\vcd-uninst.exe" /D="C:\Program Files\Elaborate Bytes\VirtualCloneDrive"
VLC media player 1.1.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Vuze Remote Toolbar-->C:\PROGRA~1\VUZE_R~1\UNINST~1.EXE
Vuze-->C:\Program Files\Vuze\uninstall.exe
WavePad Sound Editor-->C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
Winamp Toolbar-->"C:\Program Files\Winamp Toolbar\uninstall.exe"
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)-->rundll32.exe C:\PROGRA~1\DIFX\15B7F172FC21855D\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\grmnusb_8E661E05CC789A6D1B8ABAA087CF60EDD72AC35D\grmnusb.inf
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
WinISD beta-->C:\PROGRA~1\WinISD\UNWISE.EXE C:\PROGRA~1\WinISD\INSTALL.LOG
WinISD Pro [alpha]-->C:\PROGRA~1\LINEAR~1\WINISD~1\UNWISE.EXE C:\PROGRA~1\LINEAR~1\WINISD~1\INSTALL.LOG
winLAME 2010 beta 1-->MsiExec.exe /I{63C16E81-327C-49B6-9643-4F5EFD8A6B2D}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
WinSCP 4.2.8-->"C:\Program Files\WinSCP\unins000.exe"
WinXP Manager-->MsiExec.exe /I{D738A9EC-E4BB-4050-BD85-A01E50CBDD1F}
WONswap-->C:\Program Files\WON\WONswap\WONswapUninstall.exe
X2X Free Video Trim 2.0-->"C:\Program Files\X2Xsoft\Free Video Trim\unins000.exe"
Yahoo! Desktop Login-->MsiExec.exe /I{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}
Yaho's Miranda Pack - Light 4.4-->"C:\Program Files\Yaho's Miranda IM\unins000.exe"
ZD Soft Screen Recorder 4.1.3.0-->C:\Program Files\ZD Soft\Screen Recorder\uninst.exe

Securitycenter WMI appears to be broken

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;G:\Rasmaker2;C:\Program Files\Smart Projects\IsoBuster
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Network Crime

#7 Příspěvek od Rudy »

Ani tenhle. Log z RSIT, který potřebuji vidět, se skládá z logu HiajckThis (to je ten první, který jste sem dal a dále rozšířenou část, což jsou spouštěcí klíče a služby. Bez jeho kontroly nemohu určit další postup.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Iron
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 11 bře 2011 17:20

Re: Network Crime

#8 Příspěvek od Iron »

Omlouvám se za chyby. Snad tento už je správný:

Kód: Vybrat vše

Logfile of random's system information tool 1.08 (written by random/random)
Run by Sony at 2011-03-12 09:16:57
WIN_XP Service Pack 2
System drive C: has 3 GB (6%) free of 60 GB
Total RAM: 1023 MB (79% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Game_Booster_Startup.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1965331169-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1965331169-839522115-1003UA.job
C:\WINDOWS\tasks\hwitmvrysgz.job
C:\WINDOWS\tasks\mixpadSevenDays.job
C:\WINDOWS\tasks\mixpadShakeIcon.job
C:\WINDOWS\tasks\Norton Security Scan for Sony.job
C:\WINDOWS\tasks\photostageSevenDays.job
C:\WINDOWS\tasks\photostageShakeIcon.job
C:\WINDOWS\tasks\prismSevenDays.job
C:\WINDOWS\tasks\prismShakeIcon.job
C:\WINDOWS\tasks\videopadSevenDays.job
C:\WINDOWS\tasks\videopadShakeIcon.job
C:\WINDOWS\tasks\wavepadSevenDays.job
C:\WINDOWS\tasks\wavepadShakeIcon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
IsoBuster Toolbar - C:\Program Files\IsoBuster\tbIso0.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-10-01 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
SBCONVERT Class - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll [2010-07-23 2447360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
SearchPredictObj Class - C:\PROGRA~1\SEARCH~2\SEARCH~1.DLL [2010-02-28 435688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
UrlHelper Class - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll [2008-09-02 398768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2011-02-23 814160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-03-06 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
DAPIELoader Class - C:\PROGRA~1\DAP\DAPIEL~1.DLL [2010-07-23 140880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF7C3CF0-4B15-11D1-ABED-709549C10000}]
GrabberObj Class - C:\PROGRA~1\SPEEDB~1\Toolbar\grabber.dll [2010-07-23 185944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2009-02-19 1262888]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-10-01 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-17 2289664]
"LaunchList"=C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe [2007-03-21 145496]
"Google Update"=C:\Documents and Settings\Sony\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-07-24 133104]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-12-03 14944136]
"Fraps"=C:\FRAPS\FRAPS.EXE [2010-03-31 2340784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast]
C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-02-23 3451496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\CTFMON.EXE [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mimboot.exe [2004-12-06 11264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\WINDOWS\system32\NvCpl.dll [2007-12-05 8523776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2007-12-05 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
C:\PROGRA~1\Raptr\raptrstub.exe [2011-02-11 53160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe [2010-01-07 618496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe [2011-01-28 526336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
C:\Program Files\uTorrent\uTorrent.exe [2010-09-03 328568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirtualCloneDrive]
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VVSN]
C:\Program Files\VVSN\VVSN.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Monitor Apache Servers.lnk]
C:\PROGRA~1\APACHE~1\Apache2.2\bin\APACHE~1.EXE [2007-01-09 41041]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"StarWindServiceAE"=2
"Hamachi2Svc"=2
"Bonjour Service"=2
"TuneUp.UtilitiesSvc"=2
"ose"=3
"NMIndexingService"=3
"MSSQLServerADHelper"=3
"LightScribeService"=2
"JavaQuickStarterService"=2
"gupdate1ca44593c0ab716"=2
"Application Updater"=2
"Apache2"=2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\iMesh Applications\iMesh\iMesh.exe"="C:\Program Files\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe"="C:\Program Files\EA GAMES\Battlefield 1942\BF1942.exe:*:Disabled:BF1942"
"C:\Program Files\Pinnacle\Studio 11\programs\RM.exe"="C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\Studio 11\programs\umi.exe"="C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:*:Enabled:umi"
"D:\Program Files\Emergency 4\Em4.exe"="D:\Program Files\Emergency 4\Em4.exe:*:Enabled:Em4"
"C:\Program Files\Codemasters\OperationFlashpoint\FlashpointResistance.exe"="C:\Program Files\Codemasters\OperationFlashpoint\FlashpointResistance.exe:*:Enabled:Operation Flashpoint"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe"="C:\Program Files\Cenega Czech\VIETCONG\vietcong.exe:*:Enabled:vietcong"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

======File associations======

.reg - open - "regedit.exe" "%1"
.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 months======

2099-03-01 03:28:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\152FD
2099-03-01 01:18:30 ----ASH---- C:\pagefile.sys
2099-03-01 00:47:14 ----D---- C:\WINDOWS\Prefetch
2099-03-01 00:38:48 ----RAH---- C:\WINDOWS\system32\logonui.exe.manifest
2099-03-01 00:32:58 ----A---- C:\WINDOWS\system32\drivers\RTL8139.sys
2099-03-01 00:25:24 ----A---- C:\WINDOWS\system32\spxcoins.dll
2099-03-01 00:25:24 ----A---- C:\WINDOWS\system32\irclass.dll
2099-03-01 00:25:11 ----RA---- C:\WINDOWS\SETEC.tmp
2099-03-01 00:25:08 ----RA---- C:\WINDOWS\SETE0.tmp
2099-03-01 00:25:07 ----RA---- C:\WINDOWS\SETDD.tmp
2011-03-11 20:27:37 ----D---- C:\rsit
2011-03-11 20:27:37 ----D---- C:\Program Files\trend micro
2011-03-11 19:04:04 ----A---- C:\WINDOWS\wininit.ini
2011-03-11 18:46:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-03-11 17:42:48 ----D---- C:\WINDOWS\pss
2011-03-11 16:12:34 ----A---- C:\Documents and Settings\All Users\Data aplikací\~f926.tmp
2011-03-09 15:48:51 ----A---- C:\WINDOWS\system32\VB5DB.DLL
2011-03-09 15:44:01 ----D---- C:\Program Files\Easy Audio CD Burner
2011-03-09 15:44:01 ----A---- C:\WINDOWS\system32\cdr.dll
2011-03-09 15:38:31 ----D---- C:\Program Files\CD MP3 Burner
2011-03-07 16:01:09 ----D---- C:\Documents and Settings\Sony\Data aplikací\IObit
2011-03-03 11:25:25 ----A---- C:\WINDOWS\system32\uxtuneup.dll
2011-03-03 11:22:29 ----A---- C:\WINDOWS\system32\TURegOpt.exe
2011-03-03 11:22:10 ----D---- C:\Documents and Settings\Sony\Data aplikací\TuneUp Software
2011-03-03 11:21:23 ----D---- C:\Program Files\TuneUp Utilities 2011
2011-03-03 11:20:41 ----D---- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2011-03-03 11:20:24 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-03-03 11:12:04 ----D---- C:\Program Files\IObit Toolbar
2011-03-03 11:11:51 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2011-03-03 11:11:48 ----D---- C:\Program Files\IObit
2011-03-03 10:02:26 ----A---- C:\WINDOWS\system32\drivers\aswSnx.sys
2011-03-03 10:01:44 ----D---- C:\Program Files\AVAST Software
2011-03-03 10:01:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
2011-02-24 16:32:47 ----A---- C:\WINDOWS\Active Setup Log.txt
2011-02-24 16:32:47 ----A---- C:\WINDOWS\Active Setup Log.BAK
2011-02-24 16:16:04 ----D---- C:\Documents and Settings\Sony\Data aplikací\PriceGong
2011-02-19 17:37:40 ----D---- C:\Program Files\ZD Soft
2011-02-17 17:43:17 ----D---- C:\Program Files\pdfforge Toolbar

======List of files/folders modified in the last 1 months======

2099-03-01 04:42:22 ----A---- C:\WINDOWS\OEWABLog.txt
2099-03-01 04:11:19 ----D---- C:\WINDOWS\security
2099-03-01 01:22:22 ----D---- C:\WINDOWS\system32\usmt
2099-03-01 01:22:20 ----D---- C:\WINDOWS\AppPatch
2099-03-01 01:22:19 ----D---- C:\WINDOWS\system32\Setup
2099-03-01 01:22:10 ----D---- C:\WINDOWS\Media
2099-03-01 01:22:08 ----D---- C:\WINDOWS\system32\wbem
2099-03-01 01:21:55 ----D---- C:\WINDOWS\PeerNet
2099-03-01 01:21:55 ----D---- C:\WINDOWS\ime
2099-03-01 01:21:36 ----D---- C:\WINDOWS\system32\npp
2099-03-01 01:21:27 ----D---- C:\WINDOWS\msagent
2099-03-01 01:20:57 ----D---- C:\WINDOWS\ehome
2099-03-01 01:20:07 ----D---- C:\WINDOWS\twain_32
2099-03-01 01:19:53 ----D---- C:\WINDOWS\system32\icsxml
2099-03-01 01:19:29 ----D---- C:\WINDOWS\system32\ias
2099-03-01 01:19:25 ----D---- C:\WINDOWS\system32\1033
2099-03-01 01:19:25 ----D---- C:\WINDOWS\system32\1029
2099-03-01 01:18:30 ----D---- C:\WINDOWS\Driver Cache
2099-03-01 01:18:28 ----D---- C:\WINDOWS\system32\oobe
2099-03-01 00:42:50 ----D---- C:\WINDOWS\nview
2099-03-01 00:42:09 ----A---- C:\WINDOWS\setuplog.txt
2099-03-01 00:39:21 ----ASH---- C:\WINDOWS\fonts\desktop.ini
2099-03-01 00:38:51 ----A---- C:\WINDOWS\ODBCINST.INI
2099-03-01 00:38:50 ----RD---- C:\WINDOWS\Web
2099-03-01 00:38:42 ----RAH---- C:\WINDOWS\system32\cdplayer.exe.manifest
2099-03-01 00:26:01 ----D---- C:\WINDOWS\Help
2099-03-01 00:25:18 ----ASH---- C:\Documents and Settings\All Users\Data aplikací\desktop.ini
2011-03-12 09:16:31 ----A---- C:\WINDOWS\ntbtlog.txt
2011-03-12 09:14:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-03-11 22:53:14 ----D---- C:\WINDOWS\Temp
2011-03-11 22:42:48 ----D---- C:\Program Files\Mozilla Firefox
2011-03-11 20:27:37 ----RD---- C:\Program Files
2011-03-11 20:21:20 ----D---- C:\Documents and Settings\Sony\Data aplikací\Skype
2011-03-11 20:19:54 ----D---- C:\WINDOWS\system32
2011-03-11 19:04:04 ----D---- C:\WINDOWS
2011-03-11 17:58:55 ----SH---- C:\boot.ini
2011-03-11 17:58:55 ----A---- C:\WINDOWS\win.ini
2011-03-11 17:58:55 ----A---- C:\WINDOWS\system.ini
2011-03-11 17:38:33 ----D---- C:\Documents and Settings\Sony\Data aplikací\uTorrent
2011-03-11 17:18:32 ----D---- C:\Documents and Settings\Sony\Data aplikací\Raptr
2011-03-11 16:19:38 ----A---- C:\WINDOWS\NeroDigital.ini
2011-03-11 16:12:33 ----SD---- C:\WINDOWS\Tasks
2011-03-11 16:00:33 ----D---- C:\Documents and Settings\Sony\Data aplikací\skypePM
2011-03-11 14:04:56 ----SHD---- C:\WINDOWS\Installer
2011-03-10 18:00:14 ----D---- C:\Documents and Settings\Sony\Data aplikací\ICQ
2011-03-10 14:13:56 ----D---- C:\Program Files\Mozilla Thunderbird
2011-03-09 22:24:24 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-03-09 20:44:17 ----D---- C:\WINDOWS\system32\CatRoot2
2011-03-09 18:41:37 ----D---- C:\Program Files\Common Files\Symantec Shared
2011-03-09 15:48:50 ----HD---- C:\Program Files\InstallShield Installation Information
2011-03-04 08:01:42 ----D---- C:\Program Files\Alwil Software
2011-03-03 11:22:31 ----D---- C:\WINDOWS\system32\config
2011-03-03 10:02:26 ----D---- C:\WINDOWS\system32\drivers
2011-03-03 10:02:10 ----D---- C:\WINDOWS\WinSxS
2011-02-26 10:19:53 ----D---- C:\Documents and Settings\Sony\Data aplikací\GeoGet
2011-02-24 16:12:00 ----A---- C:\WINDOWS\TRNCOM.INI
2011-02-23 16:04:17 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-02-23 15:24:08 ----D---- C:\Program Files\Gossiper
2011-02-23 15:24:05 ----D---- C:\Program Files\IsoBuster
2011-02-23 15:24:01 ----D---- C:\Program Files\DVDVideoSoft
2011-02-23 15:23:58 ----D---- C:\Program Files\free-downloads.net
2011-02-19 19:29:48 ----D---- C:\Documents and Settings\Sony\Data aplikací\LangSoft
2011-02-17 17:43:18 ----D---- C:\Program Files\Application Updater

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2004-08-04 42368]
R0 imagedrv;imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [2007-07-03 11304]
R0 imagesrv;imagesrv; C:\WINDOWS\system32\DRIVERS\imagesrv.sys [2007-07-03 132904]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-20 44944]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 MxlW2k;MxlW2k; C:\WINDOWS\system32\drivers\MxlW2k.sys [2011-03-01 28352]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-02-23 30680]
S1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-02-23 25432]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-02-23 371544]
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-02-23 301528]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-02-23 49240]
S1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
S1 glaide32;glaide32; \??\C:\WINDOWS\system32\drivers\glaide32.sys []
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-02-23 19544]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-02-23 102232]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S2 DLPortIO;DriverLINX Port I/O Driver; C:\WINDOWS\system32\drivers\DLPortIO.sys [1999-01-10 3584]
S2 SSPORT;SSPORT; \??\C:\WINDOWS\system32\Drivers\SSPORT.sys []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 ce6230;Intel CE6230 Standalone USB Driver; C:\WINDOWS\system32\DRIVERS\CE6230StandaloneDriver.sys [2007-04-27 44800]
S3 ce6230BDACAP;Realfine CE6230 BDA Driver; C:\WINDOWS\system32\DRIVERS\CE6230BDA.sys [2007-04-27 19328]
S3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM); C:\WINDOWS\system32\DRIVERS\vacs2xkd.sys [2007-11-01 42880]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-10-25 9600]
S3 Maplom;Maplom; C:\WINDOWS\system32\drivers\Maplom.sys []
S3 MaplomL;MaplomL; C:\WINDOWS\system32\drivers\MaplomL.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-17 15360]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-17 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-12-05 7435392]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-09-15 47360]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 YMIDUSB;Yamaha Corporation USB MIDI Driver; C:\WINDOWS\System32\Drivers\ymidusb.sys [2009-08-04 18560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-02-23 42184]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-12-05 155716]
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-04-03 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S4 Apache2;Apache2; C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe [2007-01-09 20539]
S4 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2011-01-28 387072]
S4 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S4 gupdate1ca44593c0ab716;Služba Google Update (gupdate1ca44593c0ab716); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-10-03 133104]
S4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 1238408]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-03-06 153376]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
S4 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe []
S4 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-02-18 1517376]

-----------------EOF-----------------

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Network Crime

#9 Příspěvek od Rudy »

Ještě poprosím o sken ComboFix a z log z něho:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Iron
Návštěvník
Návštěvník
Příspěvky: 5
Registrován: 11 bře 2011 17:20

Re: Network Crime

#10 Příspěvek od Iron »

Děkuji už jsem to vyšetřil. Dostal jsem se tam přes nouzový režim a oscanoval anti malwarem. Tak děkuju všem co pomohli.

Uživatelský avatar
Rudy
Site Admin
Site Admin
Příspěvky: 118200
Registrován: 30 říj 2003 13:42
Bydliště: Plzeň
Kontaktovat uživatele:

Re: Network Crime

#11 Příspěvek od Rudy »

Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.

Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.

Navštivte: Obrázek

e-mail: rudy(zavináč)forum.viry.cz

Varování:
Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!


Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.

Odpovědět