Windows Vista SP 0 (build 7600)
Boot Mode: Normal
Oven soubor Microsoftu: Ano
Whitelist: Ano
Internet Explorer v8.00.7600.16385 (win7_rtm.090713-1255)
Log vygenerovn: 13.8.2011 11:42:58
================================================================

Bc procesy
================================================================

C:\PROGRAM FILES\ESRI\LICENSE\ARCGIS9X\ARCGIS.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SP_RSSER.EXE
C:\PROGRAM FILES\SAMSUNG\SAMSUNG SUPPORT CENTER\SSCKBDHK.EXE
C:\PROGRAM FILES\SAMSUNG\EASY DISPLAY MANAGER\DMHKCORE.EXE
C:\PROGRAM FILES\SAMSUNG\EASYSPEEDUPMANAGER\EASYSPEEDUPMANAGER.EXE
C:\PROGRAM FILES\SAMSUNG\SAMSUNG RECOVERY SOLUTION 4\WCSCHEDULER.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORUPDATE.EXE
(rootkit?) audiodg.exe
C:\PROGRAM FILES\UPM\UPM.EXE

Scanner
================================================================
[R] a2service.exe                                                          
EntryPoint v sekci:                 .ITEXT
|_ Celkov poet sekc:             11
                                       
[R] MsMpEng.exe                                                            
Oven Microsoft:                  Ne
                                       
[?] ARCGIS.EXE                                                             
Bez vrobce                                                                
Nem okno                                                                  
Soubor                              12%
                                       
[?] sp_rsser.exe                                                           
EntryPoint v sekci:                 .ITEXT
|_ Celkov poet sekc:             9
Nem okno                                                                  
Soubor                              70%
                                       
[R] WLIDSVC.EXE                                                            
Oven Microsoft:                  Ne
Podobn jmna:                      WLIDSVC.EXE X WLIDSVCM.EXE
                                       
[R] WLIDSVCM.EXE                                                           
Oven Microsoft:                  Ne
Podobn jmna:                      WLIDSVCM.EXE X WLIDSVC.EXE
                                       
[?] SSCKbdHk.exe                                                           
Soubor                              14%
                                       
[?] dmhkcore.exe                                                           
Soubor                              7%
                                       
[?] EasySpeedUpManager.exe                                                 
Soubor                              7%
                                       
[?] WCScheduler.exe                                                        
Soubor                              7%
                                       
[S] explorer.exe                                                           
Spout se po startu                HKLM Winlogon [Shell]
                                       
[R] RtHDVCpl.exe                                                           
Spout se po startu                HKLM Run [RtHDVCpl]
                                       
[R] SynTPEnh.exe                                                           
Spout se po startu                HKLM Run [SynTPEnh]
                                       
[R] CLMLSvc.exe                                                            
Spout se po startu                HKLM Run [CLMLServer]
                                       
[R] PDVD8Serv.exe                                                          
Spout se po startu                HKLM Run [RemoteControl8]
                                       
[?] SpywareTerminatorShield.Exe                                            
Spout se po startu                HKLM Run [SpywareTerminator]
EntryPoint v sekci:                 .ITEXT
|_ Celkov poet sekc:             9
Soubor                              70%
                                       
[R] jusched.exe                                                            
Spout se po startu                HKLM Run [SunJavaUpdateSched]
                                       
[R] msseces.exe                                                            
Oven Microsoft:                  Ne
Spout se po startu                HKLM Run [MSC]
                                       
[?] SpywareTerminatorUpdate.exe                                            
Spout se po startu                HKCU Run [SpywareTerminatorUpdate]
EntryPoint v sekci:                 .ITEXT
|_ Celkov poet sekc:             9
Soubor                              70%
                                       
[?] audiodg.exe                                                            
Proces se nepodailo otevt                                               
ROOTKIT?                            Skryt cesta
Spout se po startu                HKCU Run [SpywareTerminatorUpdate]
Nelze otevt                                                              
Nem okno                                                                  
                                       
[?] UPM.exe                                                                
Soubor                              7%
                                       

Po sputn
================================================================

HKCU Run
 |_ [!][SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe

HKLM Run
 |_ [R][RtHDVCpl]                    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
 |_ [R][UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5
 |_ [R][UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0
 |_ [R][UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\PowerDirector UpdateWithCreateOnce Software\CyberLink\PowerDirector\7.0
 |_ [R][UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\PowerProducer UpdateWithCreateOnce Software\CyberLink\PowerProducer\5.0
 |_ [R][UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\DVD Suite UpdateWithCreateOnce Software\CyberLink\PowerStarter
 |_ [R][UCam_Menu]                   C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe C:\Program Files\CyberLink\YouCam UpdateWithCreateOnce Software\CyberLink\YouCam\2.0
 |_ [R][NvCplDaemon] C:\windows\system32\NvCpl.dll ,NvStartup
 |_ [!][SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
 |_ [R][MSC]                         C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey

HKLM IC
 |_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll


HKLM BHO
 |_ [?][{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}] C:\ProgramData\LangSoft\WebIE.dll

HKCU IE WebBrowser Toolbar
 |_ [X][{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]  (Soubor nenalezen)

HKLM IE Toolbar
 |_ [?][{BFC32E1D-EE75-4A48-BC60-104E11EE2431}] C:\ProgramData\LangSoft\WebIE.dll

Sluby (Zobraz bc: True, Zobraz zastaven: False, Zobraz i bezpen sluby: False)
================================================================
[!] Spyware Terminator Realtime Shield Service
 |_ Cesta: C:\Program Files\Spyware Terminator\sp_rsser.exe
 |   |_ Vrobce:  Crawler.com
 |   |_ Popis: Spyware Terminator Realtime Shield 32-bit Service
 |   |_ MD5: 642180B8F50E7FC1FBAF87C718E259D6
 |   
 |_ Jmno:  sp_rssrv
 |_ StartName: LocalSystem
 |_ Typ spoutn:  Auto Start
 |_ Status: Sputno
 |_ Typ:  Win32 Own Process
 |_ Dependency: 


Ovladae (Zobraz bc: True, Zobraz zastaven: False, Zobraz i bezpen sluby: False)
================================================================
[?] Atheros Extensible Wireless LAN device driver
 |_ Cesta: C:\windows\system32\DRIVERS\athr.sys
 |   |_ Vrobce:  Atheros Communications, Inc.
 |   |_ Popis: Atheros Extensible Wireless LAN device driver
 |   |_ MD5: 19435D381BF57AF1F0AC2535D23AE25D
 |   
 |_ Jmno:  athr
 |_ StartName: 
 |_ Typ spoutn:  Run sputn
 |_ Status: Sputno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] SAMSUNG Kernel Driver For Windows 7
 |_ Cesta: C:\windows\system32\Drivers\SABI.sys
 |   |_ Vrobce:  SAMSUNG ELECTRONICS
 |   |_ Popis: SAMSUNG Kernel Driver
 |   |_ MD5: 6E5FBB7CBAEC47038B945D5E9B144A64
 |   
 |_ Jmno:  SABI
 |_ StartName: 
 |_ Typ spoutn:  System Start
 |_ Status: Sputno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] sptd
 |_ Cesta: C:\windows\System32\Drivers\sptd.sys
 |   |_ Vrobce:  
 |   |_ Popis: 
 |   |_ MD5: 
 |   
 |_ Jmno:  sptd
 |_ StartName: 
 |_ Typ spoutn:  Boot Start
 |_ Status: Sputno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] Spyware Terminator Driver 2
 |_ Cesta: C:\windows\system32\drivers\sp_rsdrv2.sys
 |   |_ Vrobce:  ?
 |   |_ Popis: ?
 |   |_ MD5: 8831252BCF05FCFB5ABD116A22E552D8
 |   
 |_ Jmno:  sp_rsdrv2
 |_ StartName: 
 |_ Typ spoutn:  System Start
 |_ Status: Sputno
 |_ Typ:  Kernel Driver
 |_ Dependency: 

[?] NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
 |_ Cesta: C:\windows\system32\DRIVERS\yk62x86.sys
 |   |_ Vrobce:  
 |   |_ Popis: 
 |   |_ MD5: 30B73EB97218A16CBC6DE535782A1B35
 |   
 |_ Jmno:  yukonw7
 |_ StartName: 
 |_ Typ spoutn:  Run sputn
 |_ Status: Sputno
 |_ Typ:  Kernel Driver
 |_ Dependency: 


lNetStat
================================================================
Typ:  PID       Proces              Local <-> Remote                             Status
-----------------------------------------------------------------------------------------

Moduly (Zobraz i bezpen DLL: False, Jen bez vrobce: True, Zobraz registrovan: False)
================================================================
[?] zimfprnt.dll
 |_ Cesta: C:\Windows\System32\spool\prtprocs\w32x86\zimfprnt.dll
 |_ MD5: CDD90FA1AF84F483C37CA60FB56DE5D2
 |_ Vrobce:  Zenographics, Inc.
 |_ Procesy
     |_ spoolsv.exe (1660)

[?] zimf.dll
 |_ Cesta: C:\Windows\System32\ZIMF.DLL
 |_ MD5: 0CC7DA54F5FED71160C3FC13E9F972FC
 |_ Vrobce:  Zenographics, Inc.
 |_ Procesy
     |_ spoolsv.exe (1660)

[?] ztag.dll
 |_ Cesta: C:\Windows\System32\ZTAG.dll
 |_ MD5: 7CA836648E40709797D9F3BFF56679EE
 |_ Vrobce:  Zenographics, Inc.
 |_ Procesy
     |_ spoolsv.exe (1660)

[?] zspool.dll
 |_ Cesta: C:\Windows\System32\ZSPOOL.dll
 |_ MD5: 067239789BD7591F5EAA24DAB63D261A
 |_ Vrobce:  Zenographics, Inc.
 |_ Procesy
     |_ spoolsv.exe (1660)

[?] zsdnt5ui.dll
 |_ Cesta: C:\Windows\System32\spool\drivers\w32x86\3\zSDNT5UI.dll
 |_ MD5: 49862AC57816DC5B885402116AF6DC60
 |_ Vrobce:  Zenographics, Inc.
 |_ Procesy
     |_ spoolsv.exe (1660)

[?] zsddm.dll
 |_ Cesta: C:\Windows\System32\spool\drivers\w32x86\3\ZSDDM.DLL
 |_ MD5: D85B0AAEDCD18074B835B27077559E55
 |_ Vrobce:  Zenographics, Inc.
 |_ Procesy
     |_ spoolsv.exe (1660)

[?] zgdi.dll
 |_ Cesta: C:\Windows\System32\spool\drivers\w32x86\3\ZGDI.dll
 |_ MD5: 32D9E71663F5764C4AFE8AE88A5EC39C
 |_ Vrobce:  Zenographics, Inc.
 |_ Procesy
     |_ spoolsv.exe (1660)

[?] zsr.dll
 |_ Cesta: C:\Windows\System32\spool\drivers\w32x86\3\ZSR.dll
 |_ MD5: 6BC95A9E9B1CE97A0594C75B82CAE917
 |_ Vrobce:  Zenographics, Inc.
 |_ Procesy
     |_ spoolsv.exe (1660)

[?] zlm1120.dll
 |_ Cesta: C:\Windows\System32\ZLM1120.dll
 |_ MD5: BB0C92B2C055D321E17D5CD28D0588F0
 |_ Vrobce:  Zenographics, Inc.
 |_ Procesy
     |_ spoolsv.exe (1660)

[?] zsddmui.dll
 |_ Cesta: C:\Windows\System32\spool\drivers\w32x86\3\ZSDDMUI.dll
 |_ MD5: 561921678C1481C97AECD2010F09634C
 |_ Vrobce:  Zenographics, Inc.
 |_ Procesy
     |_ spoolsv.exe (1660)

[?] hookdllps2.dll
 |_ Cesta: C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll
 |_ MD5: 1498259FFF991A4135737080AA0679D1
 |_ Vrobce:  
 |_ Procesy
     |_ dmhkcore.exe (3884)

[!] sptcontmenu.dll
 |_ Cesta: C:\Program Files\Spyware Terminator\sptcontmenu.dll
 |_ MD5: A5E97B2B88CC48FC178E88BF6E02F5EC
 |_ Vrobce:  Crawler.com
 |_ Procesy
     |_ explorer.exe (4004)

[?] webie.dll
 |_ Cesta: C:\ProgramData\LangSoft\WebIE.dll
 |_ MD5: BDB6AE2C60DCCC701D247086A2D7B820
 |_ Vrobce:  ?
 |_ Procesy
     |_ explorer.exe (4004)

[?] rarext.dll
 |_ Cesta: C:\Program Files\WinRAR\RarExt.dll
 |_ MD5: 835B8F5523F2DC6B3F09B52DEA5B7623
 |_ Vrobce:  ?
 |_ Procesy
     |_ explorer.exe (4004)

[?] torentdll.dll
 |_ Cesta: C:\Program Files\Spyware Terminator\TorentDll.dll
 |_ MD5: 9AAB7EBC99C559BE4A6ECA19428B49E5
 |_ Vrobce:  
 |_ Procesy
     |_ SpywareTerminatorUpdate.exe (3036)


Vpis soubor
================================================================
\System32:
[?] CSVer.dll                      7     no vrfy,      {90DBBEA5}
[?] hlp95en.dll                    12    ncmpny,       {DFDAA4CC}
[?] HPMCoSetup.dllHPMCOS~1.DLL     7     no vrfy,      {84854EF2}
[?] hpsfs.dll                      12    ncmpny,       {E41873BC}
[?] ZIMF.DLL                       7     no vrfy,      {72FF3BD2}
[?] ZLM1120.dll                    7     no vrfy,      {CDB16970}
[?] ZSM1120.exe                    12    ncmpny,       {F7A95963}
[?] ZSPOOL.dll                     7     no vrfy,      {7F843899}
[?] ZTAG.dll                       7     no vrfy,      {37B6D16C}
[?] ZTAG.dll                       7     no vrfy,      {37B6D16C}

\Drivers:
[?] MakeMarkerFile.exe     MAKEMA~1.EXE     7     no vrfy,      {C047EA03}
[?] sp_rsdrv2.sys          SP_RSD~1.SYS     25    ncmpny,       {0FB6D88F}

Access violations - HKCU
================================================================


================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]
