VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Problem s nabihanim PC

https://forum.viry.cz:443/viewtopic.php?t=100430

Stránka 1 z 1

Problem s nabihanim PC

Napsal: 24 dub 2010 16:01
od tloust
Dobry den, jiz delsi dobu me trapi nabihani pc. Pc casto po startu systemu dlouho reaguje velmi zpomalene a neumoznuje spustit jakykoliv program. V Task manageru se sice zobrazi jako Proces, ale jako aplikace jiz ne a na venek se skutecne nic nedeje. V task manageru se objevuje nvsvc32.exe nebo svchost.exe, vytezujici polovinu dostupne pameti. Pri kontrole viru mi Avira, F-Secure ani Malware nic zasadniho nenasli. Netusim co to muze byt.Obcas se take svevolne spousti nezname stranky v Opere.
Prikladam log z UPM.
Dekuji za pomoc

Windows XP SP 3 (build 2600)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
Log vygenerován: 4/24/2010 5:00:03 PM
================================================================

SmallARK
================================================================
[?]NtClose -> C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
[R]NtConnectPort -> C:\WINDOWS\system32\vsdatant.sys
[?]NtCreateFile -> C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
[?]NtCreateKey -> C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
[R]NtCreatePort -> C:\WINDOWS\system32\vsdatant.sys
[R]NtCreateProcess -> C:\WINDOWS\system32\vsdatant.sys
[R]NtCreateProcessEx -> C:\WINDOWS\system32\vsdatant.sys
[?]NtCreateSection -> C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
[?]NtCreateThread -> <?>
[R]NtCreateWaitablePort -> C:\WINDOWS\system32\vsdatant.sys
[R]NtDeleteFile -> C:\WINDOWS\system32\vsdatant.sys
[?]NtDeleteKey -> C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
[?]NtDeleteValueKey -> C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
[R]NtDuplicateObject -> C:\WINDOWS\system32\vsdatant.sys
[?]NtLoadDriver -> C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
[?]NtLoadKey -> <?>
[R]NtLoadKey2 -> C:\WINDOWS\system32\vsdatant.sys
[?]NtOpenFile -> C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
[R]NtOpenProcess -> C:\WINDOWS\system32\vsdatant.sys
[R]NtOpenThread -> C:\WINDOWS\system32\vsdatant.sys
[R]NtRenameKey -> C:\WINDOWS\system32\vsdatant.sys
[?]NtReplaceKey -> <?>
[R]NtRequestWaitReplyPort -> C:\WINDOWS\system32\vsdatant.sys
[?]NtRestoreKey -> <?>
[R]NtSecureConnectPort -> C:\WINDOWS\system32\vsdatant.sys
[?]NtSetInformationFile -> C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
[?]NtSetValueKey -> C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
[R]NtSystemDebugControl -> C:\WINDOWS\system32\vsdatant.sys
[?]NtTerminateProcess -> C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
[?]NtWriteFile -> C:\WINDOWS\system32\drivers\sp_rsdrv2.sys


Běžící procesy
================================================================

C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\SCHEDULER_PROXY.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\PROGRAM FILES\ANALOG DEVICES\CORE\SMAX4PNP.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SPYWARETERMINATORSHIELD.EXE
C:\PROGRAM FILES\EPSON\BSTM\PG\E_L20IC2.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
C:\PROGRAM FILES\COMMON FILES\EPSON\EEBAPI\EEBSVC.EXE
C:\WINDOWS\SYSTEM32\ACS.EXE
C:\WINDOWS\SYSTEM32\ASTSRV.EXE
C:\MATLAB701\WEBSERVER\BIN\WIN32\MATLABSERVER.EXE
C:\MATLAB701\BIN\WIN32\MATLAB.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SP_RSSER.EXE
C:\PROGRAM FILES\COMMON FILES\LENOVO\SCHEDULER\TVTSCHED.EXE
C:\PROGRAM FILES\LENOVO\SYSTEM UPDATE\SUSERVICE.EXE
C:\PROGRAM FILES\UPM\UPM.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 7.0\ACROBAT\ACROBAT.EXE

Scanner
================================================================
[S] csrss.exe
Podvržená cesta modulu: (00270000) [DLL] ?

[S, novf!] services.exe
Non Microsoft v System32:
Ověřený Microsoft: Ne
Nemá okno

[S] svchost.exe
Podvržená cesta modulu: (001A0000) [DLL] ?

[R] sched.exe
Spouští se po startu HKLM Run [SunJavaUpdateSched]

[?] scheduler_proxy.exe
Spouští se po startu HKLM Run [TVT Scheduler Proxy]
Nemá okno
Soubor 7%

[R] TPOSDSVC.exe
Spouští se po startu HKLM Run [TPHOTKEY]

[?] SynTPEnh.exe
Spouští se po startu HKLM Run [SynTPEnh]

[?] smax4pnp.exe
Spouští se po startu HKLM Run [SoundMAXPnP]

[R] LPMGR.EXE
Spouští se po startu HKLM Run [LPManager]

[R] LPMLCHK.EXE
Spouští se po startu HKLM Run [LPMailChecker]

[R] tpfnf7sp.exe
Spouští se po startu HKLM Run [TPFNF7]

[?] SpywareTerminatorShield.Exe
Spouští se po startu HKLM Run [SpywareTerminator]
EntryPoint v sekci: .ITEXT
|_ Celkový počet sekcí: 9
Soubor 70%

[R] avgnt.exe
Spouští se po startu HKLM Run [avgnt]

[R] sldIMScheduler.exe
Spouští se po startu HKLM Run [SolidWorks_CheckForUpdates]

[?] E_L20IC2.EXE
Spouští se po startu HKLM Run [EPSON PageSTM TrayIcon01]
Soubor 7%

[R] EEventManager.exe
Spouští se po startu HKLM Run [EEventManager]

[R] jusched.exe
Spouští se po startu HKLM Run [SunJavaUpdateSched]

[S] ctfmon.exe
Spouští se po startu HKCU Run [ctfmon.exe]

[?] eEBSvc.exe
Nemá okno
Soubor 7%

[?] acs.exe
Non Microsoft v System32:
Nemá okno
Soubor 7%

[?] ASTSRV.EXE
Non Microsoft v System32:
Nemá okno
Soubor 7%

[?] matlabserver.exe
Bez výrobce
Nemá okno
Soubor 12%

[R] MotoConnectService.exe
EntryPoint v sekci: UPX1
|_ Celkový počet sekcí: 3

[?] MATLAB.exe
Nemá okno
Soubor 14%

[?] nvsvc32.exe
Non Microsoft v System32:
Nemá okno

[?] sp_rsser.exe
EntryPoint v sekci: .ITEXT
|_ Celkový počet sekcí: 9
Nemá okno
Soubor 70%

[R] MotoConnect.exe
EntryPoint v sekci: UPX1
|_ Celkový počet sekcí: 3

[?] tvtsched.exe
Nemá okno
Soubor 7%

[?] SUService.exe
EntryPoint v sekci:
|_ Celkový počet sekcí: 3
Nemá okno
Soubor 7%

[R] wuauclt.exe
Ověřený Microsoft: Ne
Podvržená cesta modulu: (001B0000) [DLL] ?

[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]
Podvržená cesta modulu: (001A0000) [DLL] ?

[?] UPM.exe
Soubor 7%

[R] TOTALCMD.EXE
EntryPoint v sekci: UPX1
|_ Celkový počet sekcí: 3

[R] opera.exe
Podvržená cesta modulu: (00270000) [DLL] ?

[?] Acrobat.exe
Soubor 14%


Po spuštění
================================================================

HKLM Run
|_ [S][PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
|_ [S][PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
|_ [?][TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
|_ [?][SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
|_ [?][SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
|_ [?][SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
|_ [?][nwiz] nwiz.exe /installquiet /keeploaded /nodetect
|_ [?][NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll ,NvTaskbarInit
|_ (Soubor nenalezen)
|_ [R][TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe /r
|_ [S][IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
|_ [?][ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe -startup
|_ [?][ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start
|_ [!][SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
|_ [?][NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll ,NvStartup
|_ [R][avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min
|_ [?][QuickTime Task] C:\Program Files\K-Lite Codec Pack\QTTask.exe -atboottime
|_ [R][SolidWorks_CheckForUpdates] C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe /scheduler
|_ [?][EPSON PageSTM TrayIcon01] C:\Program Files\EPSON\BSTM\PG\E_L20IC2.EXE

HKLM ShellServiceObjectDelayLoad
|_ [?][PostBootReminder] C:\WINDOWS\system32\SHELL32.dll
|_ [?][CDBurn] C:\WINDOWS\system32\SHELL32.dll
|_ [?][WebCheck] C:\WINDOWS\system32\webcheck.dll
|_ [?][WPDShServiceObj] C:\WINDOWS\system32\WPDShServiceObj.dll

HKU Run
|_ [X][svchstx] C:\WINDOWS\TEMP\svchstx.exe (Soubor nenalezen)

HKLM IC
|_ [?][<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] C:\WINDOWS\system32\ieudinit.exe
|_ [?][>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] C:\WINDOWS\inf\unregmp2.exe /ShowWMP
|_ [?][>{26923b43-4d38-484f-9b9e-de460746276c}] C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [?][{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] C:\WINDOWS\INF\msnetmtg.inf ,NetMtg.Install.PerUser.NT
|_ [?][{5945c046-1e7d-11d1-bc44-00c04fd912be}] C:\WINDOWS\INF\msmsgs.inf ,BLC.QuietInstall.PerUser
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp11.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4383}] C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

HKLM Winlogon Notify
|_ [?][tphotkey] C:\Program Files\Lenovo\HOTKEY\tphklock.dll

Job
|_ [X][WGASetup.job] C:\WINDOWS\system32\KB905474\wgasetup.exe (Soubor nenalezen)
|_ [X][WGASetup.job] C:\WINDOWS\system32\KB905474\wgasetup.exe (Soubor nenalezen)


HKLM BHO
|_ [!][{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}] C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
|_ [?][{22BF413B-C6D2-4d91-82A9-A0F997BA588C}] C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
|_ [?][{AE7CD045-E861-484f-8273-0445EE161910}] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

HKCU IE WebBrowser Toolbar
|_ [?][{0E5CBF21-D15F-11D0-8301-00AA005B4383}] C:\WINDOWS\system32\SHELL32.dll
|_ [!][{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
|_ [?][{47833539-D0C5-4125-9FA8-0819E2EAAC93}] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll

HKCU IE Toolbar
|_ [X][{1E796980-9CC5-11D1-A83F-00C04FC99D61}] (Soubor nenalezen)

HKLM IE Toolbar
|_ [?][{47833539-D0C5-4125-9FA8-0819E2EAAC93}] C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
|_ [!][{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] C:\PROGRA~1\Crawler\Toolbar\ctbr.dll

Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] Atheros Configuration Service
|_ Cesta: C:\WINDOWS\system32\acs.exe
| |_ Výrobce: Atheros
| |_ Popis: ACS
| |_ MD5: A1C6D11C11A55CECA432AC00F293A9ED
|
|_ Jméno: acs
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] AST Service
|_ Cesta: C:\WINDOWS\SYSTEM32\astsrv.exe
| |_ Výrobce: Nalpeiron Ltd.
| |_ Popis: Nalpeiron Highend Service
| |_ MD5: 0C83FC56707BF68DB04947052A8188B1
|
|_ Jméno: astcc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] DCOM Server Process Launcher
|_ Cesta: C:\WINDOWS\system32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
|
|_ ServiceDLL: C:\WINDOWS\system32\rpcss.dll
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Distributed COM Services
| |_ MD5: 6B27A5C03DFB94B4245739065431322C
|
|_ Jméno: DcomLaunch
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Share Process
|_ Dependency:

[?] EpsonBidirectionalService
|_ Cesta: C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
| |_ Výrobce: SEIKO EPSON CORPORATION
| |_ Popis: eEBAPI Core Process module
| |_ MD5: ABDD5AD016AFFD34AD40E944CE94BF59
|
|_ Jméno: EpsonBidirectionalService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Event Log
|_ Cesta: C:\WINDOWS\system32\services.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Services and Controller app
| |_ MD5: 65DF52F5B8B6E9BBD183505225C37315
|
|_ Jméno: Eventlog
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Share Process
|_ Dependency:

[?] COM+ Event System
|_ Cesta: C:\WINDOWS\system32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
|
|_ ServiceDLL: C:\WINDOWS\system32\es.dll
| |_ Výrobce: Microsoft Corporation
| |_ Popis: ?
| |_ MD5: D4991D98F2DB73C60D042F1AEF79EFAE
|
|_ Jméno: EventSystem
|_ StartName: LocalSystem
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Win32 Share Process
|_ Dependency: RPCSS

[X] Google Update Service (gupdate1c99dcc3cea70ba)
|_ Cesta: C:\Program Files\Google\Update\GoogleUpdate.exe /svc
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: gupdate1c99dcc3cea70ba
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Own Process
|_ Dependency: RPCSS

[X] Java Quick Starter
|_ Cesta: C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: JavaQuickStarterService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Workstation
|_ Cesta: C:\WINDOWS\system32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
|
|_ ServiceDLL: C:\WINDOWS\System32\wkssvc.dll
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Workstation Service DLL
| |_ MD5: A8888A5327621856C0CEC4E385F69309
|
|_ Jméno: lanmanworkstation
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Share Process
|_ Dependency:

[?] MATLAB Server
|_ Cesta: C:\MATLAB701\webserver\bin\win32\matlabserver.exe
| |_ Výrobce:
| |_ Popis:
| |_ MD5: A02707EABECCF78D43F41E8DAD7AC0A6
|
|_ Jméno: matlabserver
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Network Location Awareness (NLA)
|_ Cesta: C:\WINDOWS\system32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
|
|_ ServiceDLL: C:\WINDOWS\System32\mswsock.dll
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Microsoft Windows Sockets 2.0 Service Provider
| |_ MD5: 832E4DD8964AB7ACC880B2837CB1ED20
|
|_ Jméno: Nla
|_ StartName: LocalSystem
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Win32 Share Process
|_ Dependency: Tcpip

[?] NVIDIA Display Driver Service
|_ Cesta: C:\WINDOWS\system32\nvsvc32.exe
| |_ Výrobce: NVIDIA Corporation
| |_ Popis: NVIDIA Driver Helper Service, Version 177.15
| |_ MD5: 13C34D34785AC7100918FAEC2EC5D55F
|
|_ Jméno: NVSvc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spouští se
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Plug and Play
|_ Cesta: C:\WINDOWS\system32\services.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Services and Controller app
| |_ MD5: 65DF52F5B8B6E9BBD183505225C37315
|
|_ Jméno: PlugPlay
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Share Process
|_ Dependency:

[?] Remote Procedure Call (RPC)
|_ Cesta: C:\WINDOWS\system32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18
|
|_ ServiceDLL: C:\WINDOWS\system32\rpcss.dll
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Distributed COM Services
| |_ MD5: 6B27A5C03DFB94B4245739065431322C
|
|_ Jméno: RpcSs
|_ StartName: NT AUTHORITY\NetworkService
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[!] Spyware Terminator Realtime Shield Service
|_ Cesta: C:\Program Files\Spyware Terminator\sp_rsser.exe
| |_ Výrobce: Crawler.com
| |_ Popis: Spyware Terminator Realtime Shield Service
| |_ MD5: 99F178B82DA63FD947507DA753F11FAA
|
|_ Jméno: sp_rssrv
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] System Update
|_ Cesta: C:\Program Files\Lenovo\System Update\SUService.exe
| |_ Výrobce: Lenovo Group Limited
| |_ Popis: ThinkVantage System Update Service
| |_ MD5: B384A999C5326BA7BC940347A26FC0B9
|
|_ Jméno: SUService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency: winmgmt

[?] TVT Scheduler
|_ Cesta: C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
| |_ Výrobce: Lenovo Group Limited
| |_ Popis: ThinkVantage Scheduler
| |_ MD5: E9EA448F1174BE4052416B62263EA4EE
|
|_ Jméno: TVT Scheduler
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:


Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] ADI UAA Function Driver for High Definition Audio Service
|_ Cesta: C:\WINDOWS\system32\drivers\ADIHdAud.sys
| |_ Výrobce: Analog Devices, Inc.
| |_ Popis: High Definition Audio Function Driver
| |_ MD5: CA6D262E0E68DA7AC1E2EDB0A8324031
|
|_ Jméno: ADIHdAudAddService
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] AE Audio Service
|_ Cesta: C:\WINDOWS\system32\drivers\AEAudio.sys
| |_ Výrobce: Andrea Electronics Corporation
| |_ Popis: Audio Noise Filtering Driver (32-bit)
| |_ MD5: B4AFCC2F911939A1C16A26E7EBA7F36B
|
|_ Jméno: AEAudio
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] AFD
|_ Cesta: C:\WINDOWS\System32\drivers\afd.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Ancillary Function Driver for WinSock
| |_ MD5: 7E775010EF291DA96AD17CA4B17137D7
|
|_ Jméno: AFD
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Atheros Wireless Network Adapter Service
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ar5211.sys
| |_ Výrobce: Atheros Communications, Inc.
| |_ Popis: Driver for Atheros AR5001 Wireless Network Adapter
| |_ MD5: BD4A059B937A64F403E693DCAA26FE38
|
|_ Jméno: AR5211
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] atmeltpm
|_ Cesta: C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
| |_ Výrobce: Atmel, Inc.
| |_ Popis: Atmel TPM Driver
| |_ MD5: DBF0D7E2DF33B469EB55406FEA759350
|
|_ Jméno: atmeltpm
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Hardlock
|_ Cesta: C:\WINDOWS\system32\drivers\hardlock.sys
| |_ Výrobce: Aladdin Knowledge Systems Ltd.
| |_ Popis: Hardlock Device Driver for Windows NT
| |_ MD5: D64A40B94602158E40527AE95E7A9193
|
|_ Jméno: Hardlock
|_ StartName:
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] HSFHWAZL
|_ Cesta: C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
| |_ Výrobce: Conexant Systems, Inc.
| |_ Popis: HSF_HWAZL WDM driver
| |_ MD5: 0AAEF566E6782957252FA79F566FBC0B
|
|_ Jméno: HSFHWAZL
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] HSF_DPV
|_ Cesta: C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
| |_ Výrobce: Conexant Systems, Inc.
| |_ Popis: HSF_DP driver
| |_ MD5: E472E0CB4E716CC34C0E045F2C196221
|
|_ Jméno: HSF_DPV
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] HTTP
|_ Cesta: C:\WINDOWS\System32\Drivers\HTTP.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: HTTP Protocol Stack
| |_ MD5: F80A415EF82CD06FFAF0D971528EAD38
|
|_ Jméno: HTTP
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] KSecDD
|_ Cesta: C:\WINDOWS\system32\drivers\KSecDD.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Kernel Security Support Provider Interface
| |_ MD5: B467646C54CC746128904E1654C750C1
|
|_ Jméno: KSecDD
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] MRXSMB
|_ Cesta: C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Windows NT SMB Minirdr
| |_ MD5: F3AEFB11ABC521122B67095044169E98
|
|_ Jméno: MRxSmb
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: File System Driver
|_ Dependency:

[?] nv
|_ Cesta: C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
| |_ Výrobce: NVIDIA Corporation
| |_ Popis: NVIDIA Compatible Windows 2000 Miniport Driver, Version 177.15
| |_ MD5: 4FF8F968C5D2317476DF70079A899827
|
|_ Jméno: nv
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Lenovo Parties Service Access Device Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\psadd.sys
| |_ Výrobce: Lenovo (United States) Inc.
| |_ Popis: SMBIOS Driver
| |_ MD5: 651D3ABC1D82D61B6CFB40CB947B3DB3
|
|_ Jméno: psadd
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] SCDEmu
|_ Cesta: C:\WINDOWS\system32\drivers\SCDEmu.sys
| |_ Výrobce: PowerISO Computing, Inc.
| |_ Popis: PowerISO Virtual Drive
| |_ MD5: A73AE2510014103A44A5A58845219DCB
|
|_ Jméno: SCDEmu
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] USB2.0 PC Camera (SNP2UVC)
|_ Cesta: C:\WINDOWS\system32\DRIVERS\snp2uvc.sys
| |_ Výrobce:
| |_ Popis: UVC Camera Streaming Driver
| |_ MD5: 1EF34706531B188D1CE12127D8233E87
|
|_ Jméno: SNP2UVC
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Spyware Terminator Driver 2
|_ Cesta: C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
| |_ Výrobce: ?
| |_ Popis: ?
| |_ MD5: 8831252BCF05FCFB5ABD116A22E552D8
|
|_ Jméno: sp_rsdrv2
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Srv
|_ Cesta: C:\WINDOWS\system32\DRIVERS\srv.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Server driver
| |_ MD5: 89220B427890AA1DFFD1A02648AE51C3
|
|_ Jméno: Srv
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: File System Driver
|_ Dependency:

[?] Synaptics TouchPad Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\SynTP.sys
| |_ Výrobce: Synaptics, Inc.
| |_ Popis: Synaptics Touchpad Driver
| |_ MD5: 820D28F30AC01CE86860A35DCC7BFAAB
|
|_ Jméno: SynTP
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] TCP/IP Protocol Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\tcpip.sys
| |_ Výrobce: Microsoft Corporation
| |_ Popis: TCP/IP Protocol Driver
| |_ MD5: 9AEFA14BD6B182D61E3119FA5F436D3D
|
|_ Jméno: Tcpip
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency: IPSec

[?] TPHKDRV
|_ Cesta: C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys
| |_ Výrobce: Lenovo Group Limited
| |_ Popis: ThinkPad Hotkey Driver
| |_ MD5: 8AEF2188630F5ECD79AD9ABBA630630B
|
|_ Jméno: TPHKDRV
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] TSMAPIP
|_ Cesta: C:\WINDOWS\System32\drivers\TSMAPIP.SYS
| |_ Výrobce:
| |_ Popis:
| |_ MD5: F10F36E20448A5500A5F83F67EE4AAD4
|
|_ Jméno: TSMAPIP
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] winachsf
|_ Cesta: C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
| |_ Výrobce: Conexant Systems, Inc.
| |_ Popis: HSF_CNXT driver
| |_ MD5: 0E666AC2766F2FD860CC03F405A2ACE1
|
|_ Jméno: winachsf
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] wsimd Service
|_ Cesta: C:\WINDOWS\system32\DRIVERS\wsimd.sys
| |_ Výrobce: Atheros Communications, Inc.
| |_ Popis: Wireless Intermediate Miniport Driver
| |_ MD5: 2EA107F535B0B7BFB1D8D6BD79325DBB
|
|_ Jméno: WSIMD
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:


lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (1496) svchost.exe 0.0.0.0:135 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (2708) matlabserver.exe 0.0.0.0:8888 LISTENING
TCP (2616) jqs.exe 127.0.0.1:5152 LISTENING
TCP (4) Systém 192.168.1.34:139 LISTENING
TCP (580) opera.exe 192.168.1.34:1343 CLOSE_WAIT
TCP (580) opera.exe 192.168.1.34:1355 <-> 129.177.40.15:80 ESTABLISHED
TCP (580) opera.exe 192.168.1.34:1356 <-> 129.177.40.15:80 ESTABLISHED
TCP (580) opera.exe 192.168.1.34:1357 <-> 129.177.40.15:80 ESTABLISHED
UDP (4) Systém 0.0.0.0:445 <-> 129.177.40.15:80 ESTABLISHED
UDP (1200) lsass.exe 0.0.0.0:500
UDP (352) eEBSvc.exe 0.0.0.0:1025
UDP (352) eEBSvc.exe 0.0.0.0:1026
UDP (352) eEBSvc.exe 0.0.0.0:1027
UDP (352) eEBSvc.exe 0.0.0.0:1028
UDP (352) eEBSvc.exe 0.0.0.0:1029
UDP (352) eEBSvc.exe 0.0.0.0:1030
UDP (1200) lsass.exe 0.0.0.0:4500
UDP (1696) svchost.exe 127.0.0.1:123
UDP (2156) acs.exe 127.0.0.1:1031
UDP (1988) svchost.exe 127.0.0.1:1900
UDP (2156) acs.exe 127.0.0.1:9877
UDP (2156) acs.exe 127.0.0.1:9977
UDP (2156) acs.exe 127.0.0.1:65024
UDP (1696) svchost.exe 192.168.1.34:123
UDP (4) Systém 192.168.1.34:137
UDP (4) Systém 192.168.1.34:138
UDP (580) opera.exe 192.168.1.34:1048
UDP (580) opera.exe 192.168.1.34:1900
UDP (1988) svchost.exe 192.168.1.34:1900

Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] tphklock.dll
|_ Cesta: C:\Program Files\Lenovo\HOTKEY\tphklock.dll
|_ MD5: 695E10E408880F5B095A6E06089DCDB6
|_ Výrobce: Lenovo Group Limited
|_ Procesy
|_ winlogon.exe (1140)

[?] dbghelp.dll
|_ Cesta: C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
|_ MD5: 3B5F0BF4125688A531FA21C823EA6193
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ vsmon.exe (2036)
|_ sp_rsser.exe (3116)
|_ drwtsn32.exe (3900)
|_ drwtsn32.exe (3904)
|_ drwtsn32.exe (3648)
|_ drwtsn32.exe (3944)
|_ drwtsn32.exe (3984)
|_ drwtsn32.exe (2292)
|_ drwtsn32.exe (1280)
|_ drwtsn32.exe (3388)
|_ drwtsn32.exe (3852)
|_ drwtsn32.exe (4084)
|_ drwtsn32.exe (4036)
|_ drwtsn32.exe (3360)
|_ drwtsn32.exe (256)
|_ drwtsn32.exe (2512)
|_ UPM.exe (1916)
|_ drwtsn32.exe (1000)

[?] icslta.dll
|_ Cesta: C:\WINDOWS\system32\ZoneLabs\icslta.dll
|_ MD5: 0B80E86A50D350CD31316EB4CD702DB5
|_ Výrobce: Check Point Software Technologies
|_ Procesy
|_ vsmon.exe (2036)

[?] widcommsdk.dll
|_ Cesta: C:\WINDOWS\system32\WidcommSdk.dll
|_ MD5: D935EE463CD5390DBAA8066983F90BB2
|_ Výrobce: Broadcom Corporation.
|_ Procesy
|_ spoolsv.exe (1268)

[?] wbtapi.dll
|_ Cesta: C:\WINDOWS\system32\wbtapi.dll
|_ MD5: B9FB94A7F49445C0EDC6EB2E3A4582BD
|_ Výrobce: Broadcom Corporation.
|_ Procesy
|_ spoolsv.exe (1268)

[?] custmon32.dll
|_ Cesta: C:\WINDOWS\system32\custmon32.dll
|_ MD5: 852C0D9FB2CE2A529FBE0DE4B0A5F1C0
|_ Výrobce:
|_ Procesy
|_ spoolsv.exe (1268)

[?] enppmon.dll
|_ Cesta: C:\WINDOWS\system32\enppmon.dll
|_ MD5: 8FAF34409342047E4D1CAEFD50B6D6C1
|_ Výrobce: SEIKO EPSON CORPORATION
|_ Procesy
|_ spoolsv.exe (1268)

[?] bthcrp.dll
|_ Cesta: C:\WINDOWS\system32\bthcrp.dll
|_ MD5: 633A6CE0CEC6132FF2F675D8E185E5D5
|_ Výrobce: Broadcom Corporation.
|_ Procesy
|_ spoolsv.exe (1268)

[?] avevtlog.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\avevtlog.dll
|_ MD5: DDF0D660E994D0BB912F37DCA7AFE8F7
|_ Výrobce: Avira GmbH
|_ Procesy
|_ sched.exe (1620)
|_ avguard.exe (2232)

[?] cfglib.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\cfglib.dll
|_ MD5: 01936B92434B6AB994D9BB2139729CFB
|_ Výrobce: Avira GmbH
|_ Procesy
|_ sched.exe (1620)
|_ avgnt.exe (856)
|_ avguard.exe (2232)

[?] sqlite3.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
|_ MD5: 0815AFF09E50A3CF1349396F5B2EBC6A
|_ Výrobce: ?
|_ Procesy
|_ sched.exe (1620)
|_ avguard.exe (2232)

[?] libeay32.dll
|_ Cesta: C:\PROGRA~1\THINKV~1\PrdCtr\libeay32.dll
|_ MD5: EF123E93CE000AA3DBFE3526AAC82673
|_ Výrobce: The OpenSSL Project, http://www.openssl.org/
|_ Procesy
|_ LPMLCHK.EXE (752)

[?] ssleay32.dll
|_ Cesta: C:\PROGRA~1\THINKV~1\PrdCtr\ssleay32.dll
|_ MD5: 839FD5226289E5BE2E4CF8719AF80BA3
|_ Výrobce: The OpenSSL Project, http://www.openssl.org/
|_ Procesy
|_ LPMLCHK.EXE (752)

[?] ccgen.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\ccgen.dll
|_ MD5: E297D7EDE615BC39F6A3708E2F9A924C
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (856)

[?] ccgrdw.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\ccgrdw.dll
|_ MD5: 41303E032613D2C4E29BE8B8EB5F027B
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (856)

[?] ccguard.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\ccguard.dll
|_ MD5: 80803BF24C42C1B7130F8AD69E05B744
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (856)

[?] avipc.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\avipc.dll
|_ MD5: 06990855177B4AB5366864738C43D459
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (856)
|_ avguard.exe (2232)
|_ avshadow.exe (2384)

[?] ccupdate.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\ccupdate.dll
|_ MD5: 91FE94F0DEFA802320466BAB90BB4F0A
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (856)

[?] cclic.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\cclic.dll
|_ MD5: 81BA09327B20A9BF88E47091D9D0D3C7
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (856)

[?] ccmsg.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\ccmsg.dll
|_ MD5: F65ABCDEDECB5D5FE6CD037867DBEC5D
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (856)

[?] ccwkrlib.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\ccwkrlib.dll
|_ MD5: 96BCD91D7F84EC265CEB2F4D47838A51
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avgnt.exe (856)

[?] nview.dll
|_ Cesta: C:\WINDOWS\system32\nview.dll
|_ MD5: F5D57F903EE0D2F05D265167063E57FF
|_ Výrobce: ?
|_ Procesy
|_ sldIMScheduler.exe (1032)
|_ jusched.exe (1744)

[?] mfc42.dll
|_ Cesta: C:\PROGRA~1\EPSONS~1\EVENTM~1\Mfc42.dll
|_ MD5: 4D197238FDFAA5793D1B0961AAEF649A
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ EEventManager.exe (1836)
|_ MotoConnect.exe (3300)

[?] eebrsvc.dll
|_ Cesta: C:\Program Files\Common Files\EPSON\eEBAPI\eEBRsvc.dll
|_ MD5: 8E67BE6E39D604770F382C2BB5A60BA8
|_ Výrobce: SEIKO EPSON CORPORATION
|_ Procesy
|_ eEBSvc.exe (352)

[?] eebipdev.dll
|_ Cesta: C:\Program Files\Common Files\EPSON\eEBAPI\eEBIPDev.DLL
|_ MD5: 677F3A98920208881DDAA0C789CCD116
|_ Výrobce: SEIKO EPSON CORPORATION
|_ Procesy
|_ eEBSvc.exe (352)

[?] eeblpdev.dll
|_ Cesta: C:\Program Files\Common Files\EPSON\eEBAPI\eEBLPDEV.DLL
|_ MD5: 89971C511861513C5C12EE71C537E21A
|_ Výrobce: SEIKO EPSON CORPORATION
|_ Procesy
|_ eEBSvc.exe (352)

[?] eebnwdev.dll
|_ Cesta: C:\Program Files\Common Files\EPSON\eEBAPI\eEBNWDev.dll
|_ MD5: 59CDF93DFA24264E6D75E1E3C00CD27F
|_ Výrobce: SEIKO EPSON CORPORATION
|_ Procesy
|_ eEBSvc.exe (352)

[?] eebmsdev.dll
|_ Cesta: C:\Program Files\Common Files\EPSON\eEBAPI\eEBMSDev.dll
|_ MD5: 2510150D2BB54115141E83F3205B6013
|_ Výrobce: SEIKO EPSON CORPORATION
|_ Procesy
|_ eEBSvc.exe (352)

[?] eebutil.dll
|_ Cesta: C:\WINDOWS\system32\EEBUtil.dll
|_ MD5: 78E3A1BE942B6CA69C01BAD7263D888C
|_ Výrobce: SEIKO EPSON CORPORATION
|_ Procesy
|_ eEBSvc.exe (352)

[?] wsfwds.dll
|_ Cesta: C:\WINDOWS\system32\wsfwDS.dll
|_ MD5: 075EA2FF30B19A365A556E5529BEBB1A
|_ Výrobce: Atheros Communications, Inc.
|_ Procesy
|_ acs.exe (2156)

[?] wsimd.dll
|_ Cesta: C:\WINDOWS\system32\wsimd.dll
|_ MD5: 38A0B747FF3A637A7EED86CEBAEFDDED
|_ Výrobce: Atheros Communications, Inc.
|_ Procesy
|_ acs.exe (2156)

[?] dsa.dll
|_ Cesta: C:\WINDOWS\system32\dsa.dll
|_ MD5: F6BF89BF86B4B27EA28AA0B5943F7F73
|_ Výrobce: Devicescape
|_ Procesy
|_ acs.exe (2156)

[?] athcfg20u.dll
|_ Cesta: C:\WINDOWS\system32\athcfg20U.dll
|_ MD5: 3D6E7DACCE4F5986ABF5B7F14C076F9D
|_ Výrobce: Atheros
|_ Procesy
|_ acs.exe (2156)

[?] avpref.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\avpref.dll
|_ MD5: 92EA86876DFDE3B9F6B4B6443C8B11FB
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (2232)

[?] avsmtp.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\avsmtp.dll
|_ MD5: DFCA644502DFA491384A53F87AE03FB6
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (2232)

[?] avgio.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\avgio.dll
|_ MD5: E1AC63748EF4D24E04060C5C61160643
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (2232)

[?] aecore.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aecore.dll
|_ MD5: 61434E8957467C93D1E2B9258E78ED17
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (2232)

[?] aevdf.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aevdf.dll
|_ MD5: 4CE4611F7003ADA2198B9E9646A00D09
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (2232)

[?] aescript.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aescript.dll
|_ MD5: C7C0BA06F457536685865509B38DA347
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (2232)

[?] aescn.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aescn.dll
|_ MD5: 79FB5A728AF28F6F6B4536CF5BE20DA8
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (2232)

[?] aesbx.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aesbx.dll
|_ MD5: F3A07C983A0EE71D150BCFF15F6B40EC
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (2232)

[?] aerdl.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aerdl.dll
|_ MD5: EAE5F4B8B274DCC719438AAC5BA08B6A
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (2232)

[?] aepack.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aepack.dll
|_ MD5: 68B89E18BE8C02F8EE6410FEF17143B1
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (2232)

[!] unacev2.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\unacev2.dll
|_ MD5: F9622B84D0050D590CE71FD882A130EE
|_ Výrobce: ACE Compression Software
|_ Procesy
|_ avguard.exe (2232)

[?] aeoffice.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll
|_ MD5: A34040C3CC4FF232DF2D88BB596A3E6F
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (2232)

[?] aeheur.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aeheur.dll
|_ MD5: 988A4ADC4D368BC3117A943120D183B2
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (2232)

[?] aehelp.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aehelp.dll
|_ MD5: 26693A1C19F012EB7F21EC54681CE0AC
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (2232)

[?] aegen.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aegen.dll
|_ MD5: 90F90795E235E28C723A57C6EF9F0659
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (2232)

[?] aeemu.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aeemu.dll
|_ MD5: 2364E3D43E8839AE6F47D4CA9AE05762
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (2232)

[?] aebb.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\aebb.dll
|_ MD5: 7E3D9E781E7D2E099BD424B188FBC9AA
|_ Výrobce: Avira GmbH
|_ Procesy
|_ avguard.exe (2232)

[?] libdb44.dll
|_ Cesta: C:\Program Files\Avira\AntiVir Desktop\libdb44.dll
|_ MD5: 020E9A91B8DA0927E8A60868D90F515A
|_ Výrobce: Sleepycat Software
|_ Procesy
|_ avguard.exe (2232)

[?] libmwumfpackv4.3.dll
|_ Cesta: C:\MATLAB701\bin\win32\libmwumfpackv4.3.dll
|_ MD5: 9DDA7D3711384F8584CC5C9B8B9BC26E
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)

[?] libeng.dll
|_ Cesta: C:\MATLAB701\bin\win32\libeng.dll
|_ MD5: 0E285133A633B3F8AF03B85EDB021ECD
|_ Výrobce: The MathWorks Inc.
|_ Procesy
|_ matlabserver.exe (2708)

[?] icudt24l.dll
|_ Cesta: C:\MATLAB701\bin\win32\icudt24l.dll
|_ MD5: 7FF245002DBA8B250E004CB1C9466979
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] icuin24.dll
|_ Cesta: C:\MATLAB701\bin\win32\icuin24.dll
|_ MD5: 3B56D5B802383FE8993C45A04AF527CB
|_ Výrobce: IBM Corporation and others
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] icuio24.dll
|_ Cesta: C:\MATLAB701\bin\win32\icuio24.dll
|_ MD5: E489C596086BEF92B0EA2C046E41FF36
|_ Výrobce: IBM Corporation and others
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] icuuc24.dll
|_ Cesta: C:\MATLAB701\bin\win32\icuuc24.dll
|_ MD5: 8994408594D97E2ED0F8C75279CD555F
|_ Výrobce: IBM Corporation and others
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] xerces-c_2_1_0.dll
|_ Cesta: C:\MATLAB701\bin\win32\xerces-c_2_1_0.dll
|_ MD5: 47BD6B36D975084013FFFF5F38FC69D4
|_ Výrobce: Apache Software Foundation
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] libz.dll
|_ Cesta: C:\MATLAB701\bin\win32\libz.dll
|_ MD5: 85E24CE48A2CB8025CE33ED425B01811
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] libut.dll
|_ Cesta: C:\MATLAB701\bin\win32\libut.dll
|_ MD5: B6ED0AF3E25F898F1E3FF3D1124E0EDB
|_ Výrobce: The MathWorks Inc.
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] libmx.dll
|_ Cesta: C:\MATLAB701\bin\win32\libmx.dll
|_ MD5: 7D7F89A41F7A4DEF8F13426FA00F79E4
|_ Výrobce: The MathWorks Inc.
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] libmex.dll
|_ Cesta: C:\MATLAB701\bin\win32\libmex.dll
|_ MD5: 52606286452E5D0E279B198B5895DA8D
|_ Výrobce: The MathWorks Inc.
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] libmat.dll
|_ Cesta: C:\MATLAB701\bin\win32\libmat.dll
|_ MD5: 08ED02CE8D0DB4A829B57F756235F939
|_ Výrobce: The MathWorks Inc.
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] mvalue.dll
|_ Cesta: C:\MATLAB701\bin\win32\mvalue.dll
|_ MD5: FA751A4B4AA32925E4B02A20EB4C3C88
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] mpath.dll
|_ Cesta: C:\MATLAB701\bin\win32\mpath.dll
|_ MD5: FFC377FB5616E8B474225035B32F6CAE
|_ Výrobce: The MathWorks Inc.
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] mcos.dll
|_ Cesta: C:\MATLAB701\bin\win32\mcos.dll
|_ MD5: 52092827E872F23F9245672C2F1459CA
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] udd.dll
|_ Cesta: C:\MATLAB701\bin\win32\udd.dll
|_ MD5: E5F43DEB57C40960F149897EBE82B2F1
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] m_dispatcher.dll
|_ Cesta: C:\MATLAB701\bin\win32\m_dispatcher.dll
|_ MD5: A31D69016B6CF2716937C561F7332FFA
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] m_interpreter.dll
|_ Cesta: C:\MATLAB701\bin\win32\m_interpreter.dll
|_ MD5: 49F37859845FFB8E6639A139799E7527
|_ Výrobce: The MathWorks Inc.
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] m_parser.dll
|_ Cesta: C:\MATLAB701\bin\win32\m_parser.dll
|_ MD5: 82EA8865368FF59781B6A7AD7B6AEA01
|_ Výrobce: The MathWorks Inc.
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] m_ir.dll
|_ Cesta: C:\MATLAB701\bin\win32\m_ir.dll
|_ MD5: 1EB8ECE9DFDD3BE3E35E29528149F2B2
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] m_pcodegen.dll
|_ Cesta: C:\MATLAB701\bin\win32\m_pcodegen.dll
|_ MD5: 0AC98B204ECC6D90ECC6C0F9C0662952
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] m_pcodeio.dll
|_ Cesta: C:\MATLAB701\bin\win32\m_pcodeio.dll
|_ MD5: 930718927A993C0A534C8154BEB7E8BD
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] ir_xfmr.dll
|_ Cesta: C:\MATLAB701\bin\win32\ir_xfmr.dll
|_ MD5: 0E5E058F2F3F04E26F6FC3B05B1378F2
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] mlib.dll
|_ Cesta: C:\MATLAB701\bin\win32\mlib.dll
|_ MD5: 8C05FC4A98F4214C3B511C63EAB4E7E3
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] datasvcs.dll
|_ Cesta: C:\MATLAB701\bin\win32\datasvcs.dll
|_ MD5: EFB9352F91494A5DBD62330F09352154
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] libmwservices.dll
|_ Cesta: C:\MATLAB701\bin\win32\libmwservices.dll
|_ MD5: 9FC428CB68F3A2E2FBF2A271660B3846
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] uiw.dll
|_ Cesta: C:\MATLAB701\bin\win32\uiw.dll
|_ MD5: 3501D94674C7CDFAD127F0A82462551C
|_ Výrobce: The MathWorks Inc.
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] libuij.dll
|_ Cesta: C:\MATLAB701\bin\win32\libuij.dll
|_ MD5: 9BC4B367784FCBF4A3CAB32BC4D31059
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] uinone.dll
|_ Cesta: C:\MATLAB701\bin\win32\uinone.dll
|_ MD5: C01C1D0D7975E5DDC74D90892396F4BA
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] libmwgui.dll
|_ Cesta: C:\MATLAB701\bin\win32\libmwgui.dll
|_ MD5: CF3775A472AC532C3923E63C0E32E3CB
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] hg.dll
|_ Cesta: C:\MATLAB701\bin\win32\hg.dll
|_ MD5: 6CCCC5B0A1F7585E41C50E3793DB7BA9
|_ Výrobce: The MathWorks Inc.
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] libmwhardcopy.dll
|_ Cesta: C:\MATLAB701\bin\win32\libmwhardcopy.dll
|_ MD5: 493C156E6DC516A5AE4D4CCAFED012F7
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] numerics.dll
|_ Cesta: C:\MATLAB701\bin\win32\numerics.dll
|_ MD5: 617188096B37334F188FDA9C1425DAF2
|_ Výrobce: The MathWorks Inc.
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] libmwlapack.dll
|_ Cesta: C:\MATLAB701\bin\win32\libmwlapack.dll
|_ MD5: 8AFB1546FBF09B23AEF5A5FF1DFC63BD
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] mkl.dll
|_ Cesta: C:\MATLAB701\bin\win32\mkl.dll
|_ MD5: DD349E7FDD30B09BB8F1567F576CC6DC
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] libfftw3.dll
|_ Cesta: C:\MATLAB701\bin\win32\libfftw3.dll
|_ MD5: 2F99F7875B532D009DDA8E9D5BFBFC53
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] libfftw3f.dll
|_ Cesta: C:\MATLAB701\bin\win32\libfftw3f.dll
|_ MD5: 68F85BF9FF3CDC287A155B2D1FF4FE31
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] lapack.dll
|_ Cesta: C:\MATLAB701\bin\win32\lapack.dll
|_ MD5: CCD86C96919D6AEF63AEC797D8AF07EC
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] mwoles05.dll
|_ Cesta: C:\MATLAB701\bin\win32\mwoles05.dll
|_ MD5: A23D56A7B6F9C931E87B380E0217353B
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] udd_mi.dll
|_ Cesta: C:\MATLAB701\bin\win32\udd_mi.dll
|_ MD5: B0AA303597B6712FC329785C3D6F750F
|_ Výrobce: The MathWorks Inc.
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] jmi.dll
|_ Cesta: C:\MATLAB701\bin\win32\jmi.dll
|_ MD5: 9D67F6B45338C184339A7F217D46C1A5
|_ Výrobce: The MathWorks Inc.
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] comcli.dll
|_ Cesta: C:\MATLAB701\bin\win32\comcli.dll
|_ MD5: 9ACCC57DACD9E0797970443F06626484
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] bridge.dll
|_ Cesta: C:\MATLAB701\bin\win32\bridge.dll
|_ MD5: CCCC46BFBB1541BF80E356D58CEE9776
|_ Výrobce:
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] dforrt.dll
|_ Cesta: C:\MATLAB701\bin\win32\dforrt.dll
|_ MD5: 323EC6E92B827AF890066B91D0DF8C4B
|_ Výrobce: Compaq Computer Corporation
|_ Procesy
|_ matlabserver.exe (2708)
|_ MATLAB.exe (2956)

[?] jvm.dll
|_ Cesta: C:\MATLAB701\sys\java\jre\win32\jre1.4.2_04\bin\client\jvm.dll
|_ MD5: F1CB88B1354D67A684410099EEE69D5D
|_ Výrobce:
|_ Procesy
|_ MATLAB.exe (2956)

[?] hpi.dll
|_ Cesta: C:\MATLAB701\sys\java\jre\win32\jre1.4.2_04\bin\hpi.dll
|_ MD5: EADDEC84156995C4A60589E4AFA3ECC5
|_ Výrobce:
|_ Procesy
|_ MATLAB.exe (2956)

[?] verify.dll
|_ Cesta: C:\MATLAB701\sys\java\jre\win32\jre1.4.2_04\bin\verify.dll
|_ MD5: 4475C1860B03EBDFBB310FC979C0A4A5
|_ Výrobce:
|_ Procesy
|_ MATLAB.exe (2956)

Re: Problem s nabihanim PC

Napsal: 24 dub 2010 16:04
od Rudy
Dejte log z RSIT: http://www.viry.cz/forum/viewtopic.php?f=13&t=82743 .

Re: Problem s nabihanim PC

Napsal: 24 dub 2010 16:12
od tloust
Logfile of random's system information tool 1.06 (written by random/random)
Run by tloust at 2010-04-24 17:11:48
Microsoft Windows XP Professional Service Pack 3
System drive C: has 4 GB (9%) free of 41 GB
Total RAM: 2014 MB (30% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\NSSstub.job
C:\WINDOWS\tasks\WGASetup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-03-04 1194496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-02-04 1082880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-22 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-03-04 1194496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]
"TVT Scheduler Proxy"=C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [2008-03-04 487424]
"TPHOTKEY"=C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe [2008-10-01 68976]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-07-04 1323008]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2008-04-25 1036288]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2007-08-08 831488]
"nwiz"=nwiz.exe /installquiet /keeploaded /nodetect []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-12-05 86016]
""= []
"LPManager"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe [2008-09-01 165208]
"LPMailChecker"=C:\PROGRA~1\THINKV~1\PrdCtr\LPMLCHK.exe [2008-09-01 124248]
"TPFNF7"=C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe [2009-01-07 60704]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2005-08-12 249856]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2005-08-12 81920]
"SpywareTerminator"=C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2009-03-11 2233856]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-12-05 13549568]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]
"QuickTime Task"=C:\Program Files\K-Lite Codec Pack\QTTask.exe [2009-01-05 413696]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"SolidWorks_CheckForUpdates"=C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe [2008-09-15 7218472]
"EPSON PageSTM TrayIcon01"=C:\Program Files\EPSON\BSTM\PG\E_L20IC2.EXE [2007-12-11 151552]
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2008-05-07 591696]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-04-22 39408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk -

C:\Documents and Settings\tloust\Start Menu\Programs\Startup
Auto Shutdown.lnk -
SolidWorks Task Scheduler Engine.lnk -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll [2006-09-07 34344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll [2008-08-09 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
shell\AutoRun\command - gnwav.exe
shell\open\command - gnwav.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{153ee301-0944-11de-855f-001e4c394562}]
shell\AutoRun\command - D:\tt.com
shell\open\command - D:\tt.com


======File associations======

.scr - open - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1"
.scr - install -
.scr - config -
.txt - open - notepad.exe %1

======List of files/folders created in the last 1 months======

2010-04-24 17:11:51 ----D---- C:\Program Files\trend micro
2010-04-24 17:11:48 ----D---- C:\rsit
2010-04-24 16:26:11 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-24 16:25:59 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-24 16:25:34 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-24 16:25:25 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-24 16:25:18 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-24 16:24:41 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-24 02:14:13 ----A---- C:\WINDOWS\ODA.INI
2010-04-24 02:00:39 ----A---- C:\mbam-error.txt
2010-04-23 15:44:06 ----A---- C:\WINDOWS\Esa.INI
2010-04-23 15:19:20 ----D---- C:\Documents and Settings\All Users\Application Data\Macrovision
2010-04-23 15:12:41 ----D---- C:\NemExCOM
2010-04-23 14:47:08 ----D---- C:\Program Files\Common Files\CADS Shared
2010-04-23 14:46:41 ----D---- C:\Program Files\Common Files\SafeNet Sentinel
2010-04-23 14:42:11 ----D---- C:\Program Files\SCIA
2010-04-22 01:39:02 ----A---- C:\WINDOWS\StvFischer.ini
2010-04-17 23:48:54 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-17 23:48:54 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-17 23:48:54 ----A---- C:\WINDOWS\system32\java.exe
2010-04-17 23:48:54 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-04-08 20:33:01 ----D---- C:\Program Files\Common Files\Java
2010-04-06 11:17:35 ----D---- C:\Program Files\WIENERBERGER
2010-04-05 12:53:58 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-05 02:01:23 ----D---- C:\Program Files\Nexis 32
2010-04-04 21:55:22 ----D---- C:\Program Files\Common Files\Fine Shared
2010-04-04 14:03:51 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-03-28 21:33:14 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-03-28 21:33:07 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-03-28 21:32:24 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-03-28 21:31:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-03-28 21:25:45 ----D---- C:\Documents and Settings\tloust\Application Data\Avira
2010-03-28 14:16:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

======List of files/folders modified in the last 1 months======

2010-04-24 17:11:51 ----RD---- C:\Program Files
2010-04-24 17:11:29 ----D---- C:\WINDOWS\Prefetch
2010-04-24 16:48:56 ----D---- C:\WINDOWS\Internet Logs
2010-04-24 16:48:09 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-04-24 16:43:40 ----A---- C:\WINDOWS\wincmd.ini
2010-04-24 16:38:29 ----SHD---- C:\WINDOWS\Installer
2010-04-24 16:38:22 ----D---- C:\Program Files\Common Files\Svoboda Software
2010-04-24 16:37:31 ----AD---- C:\WINDOWS
2010-04-24 16:35:21 ----D---- C:\WINDOWS\Temp
2010-04-24 16:30:57 ----D---- C:\Documents and Settings\tloust\Application Data\WTablet
2010-04-24 16:30:28 ----SD---- C:\WINDOWS\Tasks
2010-04-24 16:30:08 ----D---- C:\Documents and Settings\tloust\Application Data\IM
2010-04-24 16:29:55 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-24 16:29:40 ----D---- C:\WINDOWS\system32
2010-04-24 16:26:51 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2010-04-24 16:26:18 ----HD---- C:\WINDOWS\inf
2010-04-24 16:26:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-24 16:26:06 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-24 16:26:02 ----D---- C:\WINDOWS\system32\drivers
2010-04-24 16:25:10 ----D---- C:\WINDOWS\ie8updates
2010-04-24 15:10:13 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2010-04-24 13:21:55 ----RSD---- C:\WINDOWS\assembly
2010-04-24 13:07:56 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2010-04-24 13:07:55 ----D---- C:\Program Files\Spyware Terminator
2010-04-24 13:00:35 ----D---- C:\Documents and Settings\tloust\Application Data\Spyware Terminator
2010-04-24 01:48:35 ----D---- C:\WTablet
2010-04-24 00:11:28 ----D---- C:\Temp
2010-04-23 15:58:30 ----D---- C:\Documents and Settings\tloust\Application Data\BitTorrent
2010-04-23 14:47:08 ----D---- C:\Program Files\Common Files
2010-04-23 14:47:01 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-23 14:46:55 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-04-23 14:46:49 ----D---- C:\WINDOWS\WinSxS
2010-04-21 18:47:15 ----D---- C:\Documents and Settings\tloust\Application Data\Skype
2010-04-17 23:48:47 ----D---- C:\Program Files\Java
2010-04-17 16:49:55 ----D---- C:\WINDOWS\Help
2010-04-13 19:29:03 ----D---- C:\Program Files\Google
2010-04-08 20:45:51 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-04-04 17:36:05 ----D---- C:\Documents and Settings\tloust\Application Data\Adobe
2010-04-04 14:07:56 ----SHD---- C:\System Volume Information
2010-04-04 14:07:37 ----D---- C:\WINDOWS\system32\NtmsData
2010-04-04 14:06:58 ----D---- C:\WINDOWS\repair
2010-04-04 14:06:37 ----D---- C:\WINDOWS\Registration
2010-04-04 00:56:22 ----D---- C:\Program Files\yBook
2010-04-01 21:56:31 ----D---- C:\WINDOWS\system32\Restore
2010-04-01 21:09:34 ----D---- C:\Program Files\Internet Explorer
2010-03-31 18:15:09 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-29 14:38:18 ----D---- C:\Program Files\Opera
2010-03-28 22:38:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-28 21:33:16 ----D---- C:\Program Files\Movie Maker
2010-03-28 14:28:42 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-03-28 14:14:19 ----SHD---- C:\RECYCLER
2010-03-28 13:03:20 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2008-04-14 12160]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 TPHKDRV;TPHKDRV; C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys [2008-05-13 17844]
R1 TSMAPIP;TSMAPIP; C:\WINDOWS\System32\drivers\TSMAPIP.SYS [2009-01-07 4608]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-25 308736]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2008-04-25 103424]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-10-25 549184]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 atmeltpm;atmeltpm; C:\WINDOWS\system32\DRIVERS\atmeltpm.sys [2005-05-17 15872]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-12-19 991656]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-10-12 252048]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-11-01 989696]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-11-01 211456]
R3 IBMPMDRV;IBMPMDRV; C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys [2008-09-29 23848]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-12-05 6620096]
R3 psadd;Lenovo Parties Service Access Device Driver; C:\WINDOWS\system32\DRIVERS\psadd.sys [2007-02-19 21376]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2008-11-26 1754368]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-07-04 225664]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys [2007-02-16 11312]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\WINDOWS\system32\DRIVERS\wacomvhid.sys [2008-01-15 13480]
R3 WacomVKHid;Virtual Keyboard Driver; C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys [2007-02-16 11440]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-11-01 731520]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 57344]
S2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2007-04-27 90688]
S3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-09-16 1343584]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-12-19 47272]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 PhSerUsb;PHILOG USB Serial Driver; C:\WINDOWS\system32\DRIVERS\PhSerUsb.sys [2006-06-29 48896]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 wacmoumonitor;Wacom Mode Helper; C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys [2008-03-17 15144]
S3 WINIO;WINIO; \??\C:\WINDOWS\system32\winio.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 acs;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2007-03-21 364629]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-19 267432]
R2 astcc;AST Service; C:\WINDOWS\SYSTEM32\astsrv.exe [2008-05-08 57344]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2008-12-12 346720]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe [2006-12-19 94208]
R2 IBMPMSVC;ThinkPad PM Service; C:\WINDOWS\system32\ibmpmsvc.exe [2008-09-29 38176]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 matlabserver;MATLAB Server; C:\MATLAB701\webserver\bin\win32\matlabserver.exe [2004-08-16 536576]
R2 MotoConnect Service;MotoConnect Service; C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe [2009-09-30 91392]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-12-05 168004]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-03-11 540672]
R2 SUService;System Update; C:\Program Files\Lenovo\System Update\SUService.exe [2008-10-20 28672]
R2 TabletServicePen;TabletServicePen; C:\WINDOWS\system32\Pen_Tablet.exe [2008-05-02 3032360]
R2 ThinkVantage Registry Monitor Service;ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [2007-09-27 644408]
R2 TVT Scheduler;TVT Scheduler; C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [2008-03-04 1122304]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-15 2402184]
S2 gupdate1c99dcc3cea70ba;Google Update Service (gupdate1c99dcc3cea70ba); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-05 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 183280]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-03-04 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-03-04 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service; C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2008-09-09 79144]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-04 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2009-04-26 79360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]

-----------------EOF-----------------

Re: Problem s nabihanim PC

Napsal: 24 dub 2010 16:21
od Rudy
Máte minimálně nějaké malware. Udělejte sken Combofix a dejte log.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: Problem s nabihanim PC

Napsal: 24 dub 2010 17:14
od tloust
ComboFix 10-04-21.01 - tloust 04/24/2010 17:44:24.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2014.856 [GMT 2:00]
Spuštěný z: c:\documents and settings\tloust\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\All Users.\documents\settings
c:\documents and settings\All Users\Start Menu\Windows Live Messenger .lnk
c:\documents and settings\tloust\System
c:\documents and settings\tloust\System\win_qs8.jqx

Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SSHNAS


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-24 do 2010-04-24 )))))))))))))))))))))))))))))))
.

2010-04-24 15:11 . 2010-04-24 15:11 -------- d-----w- c:\program files\trend micro
2010-04-24 15:11 . 2010-04-24 15:11 -------- d-----w- C:\rsit
2010-04-23 14:03 . 2009-02-27 09:41 862208 ----a-w- c:\temp\Sbpbibl3.dat
2010-04-23 14:03 . 2009-02-27 09:41 6178816 ----a-w- c:\temp\Sbpbibl2.dat
2010-04-23 14:03 . 2009-02-27 09:41 58368 ----a-w- c:\temp\Sbpbibl1.dat
2010-04-23 13:44 . 2010-04-23 13:44 -------- d-----w- c:\documents and settings\tloust\ESA90
2010-04-23 13:19 . 2010-04-23 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2010-04-23 13:12 . 2010-04-23 13:12 -------- d-----w- C:\NemExCOM
2010-04-23 12:47 . 2010-04-23 12:47 -------- d-----w- c:\program files\Common Files\CADS Shared
2010-04-23 12:46 . 2010-04-23 12:46 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2010-04-23 12:42 . 2010-04-23 12:42 -------- d-----w- c:\program files\SCIA
2010-04-17 21:48 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-08 18:33 . 2010-04-08 18:33 -------- d-----w- c:\program files\Common Files\Java
2010-04-06 09:17 . 2010-04-06 09:17 -------- d-----w- c:\program files\WIENERBERGER
2010-04-05 10:53 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-05 00:01 . 2010-04-05 00:01 -------- d-----w- c:\program files\Nexis 32
2010-04-04 19:55 . 2010-04-13 11:57 -------- d-----w- c:\program files\Common Files\Fine Shared
2010-04-04 11:19 . 2010-04-04 11:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2010-04-04 09:58 . 2010-04-04 09:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2010-04-04 09:56 . 2010-04-04 09:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-03-28 19:25 . 2010-03-28 19:25 -------- d-----w- c:\documents and settings\tloust\Application Data\Avira
2010-03-28 12:16 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-28 12:16 . 2010-04-24 00:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-28 12:16 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 12:01 . 2010-03-28 12:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-27 16:30 . 2010-03-27 16:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 16:02 . 2009-03-05 20:14 -------- d-----w- c:\documents and settings\tloust\Application Data\WTablet
2010-04-24 16:01 . 2009-04-26 05:09 -------- d-----w- c:\documents and settings\tloust\Application Data\IM
2010-04-24 15:56 . 2009-03-08 05:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-04-24 15:45 . 2010-04-24 14:34 18118464 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_04_24_16_34_10_full.dmp.zip
2010-04-24 14:48 . 2009-10-09 16:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-24 14:38 . 2009-12-01 20:51 -------- d-----w- c:\program files\Common Files\Svoboda Software
2010-04-24 14:34 . 2010-04-24 14:34 64273 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_04_24_16_21_08_small.dmp.zip
2010-04-24 14:26 . 2009-03-04 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-24 14:12 . 2010-04-24 14:12 54301 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_04_24_16_02_04_small.dmp.zip
2010-04-24 13:10 . 2009-04-22 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-24 11:07 . 2009-03-11 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-04-24 11:07 . 2009-03-11 20:25 -------- d-----w- c:\program files\Spyware Terminator
2010-04-24 11:00 . 2009-03-11 20:25 -------- d-----w- c:\documents and settings\tloust\Application Data\Spyware Terminator
2010-04-24 02:35 . 2010-03-19 16:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-23 23:44 . 2010-04-23 23:44 61518 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_04_24_01_35_55_small.dmp.zip
2010-04-23 13:58 . 2009-03-07 02:57 -------- d-----w- c:\documents and settings\tloust\Application Data\BitTorrent
2010-04-23 12:47 . 2009-03-04 07:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-22 11:02 . 2009-06-01 22:51 957368 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-21 16:47 . 2009-03-04 07:42 -------- d-----w- c:\documents and settings\tloust\Application Data\Skype
2010-04-20 16:07 . 2009-04-13 03:19 5669214 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-19 10:29 . 2009-03-04 07:10 153664 ----a-w- c:\documents and settings\tloust\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-17 21:48 . 2009-03-10 04:56 -------- d-----w- c:\program files\Java
2010-04-13 17:29 . 2009-03-04 20:06 -------- d-----w- c:\program files\Google
2010-04-13 06:44 . 2010-04-13 11:25 2876416 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2010-04-06 18:44 . 2010-04-06 18:44 66529 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_04_06_20_42_51_small.dmp.zip
2010-04-06 07:02 . 2010-04-06 08:13 2862592 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2010-04-04 09:30 . 2010-04-04 09:32 2832896 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2010-04-03 22:56 . 2009-07-03 11:54 -------- d-----w- c:\program files\yBook
2010-03-31 03:44 . 2010-03-31 06:20 2819072 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2010-03-31 03:44 . 2009-03-04 08:05 210230 ----a-w- c:\windows\system32\nvModes.dat
2010-03-29 12:38 . 2009-03-04 08:41 -------- d-----w- c:\program files\Opera
2010-03-19 16:40 . 2010-03-19 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-03-19 16:28 . 2010-03-19 16:28 -------- d-----w- c:\program files\ESET
2010-03-18 23:18 . 2010-03-18 23:18 -------- d-----w- c:\documents and settings\pomocny\Application Data\ArcSoft
2010-03-18 23:18 . 2010-03-18 23:18 -------- d-----w- c:\documents and settings\pomocny\Application Data\IM
2010-03-18 23:18 . 2010-03-18 23:18 -------- d-----w- c:\documents and settings\pomocny\Application Data\Epson
2010-03-18 23:18 . 2010-03-18 23:17 -------- d-----w- c:\documents and settings\pomocny\Application Data\Spyware Terminator
2010-03-18 23:17 . 2010-03-18 23:17 -------- d-----w- c:\documents and settings\pomocny\Application Data\Lenovo
2010-03-18 23:11 . 2010-03-18 23:11 -------- d-----w- c:\documents and settings\pomocny\Application Data\WTablet
2010-03-16 06:40 . 2010-03-16 06:40 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2010-03-16 06:40 . 2010-03-16 06:40 224 ----a-w- C:\windowsupdateagent30-x86.exe
2010-03-16 06:37 . 2010-03-16 06:37 3038 ----a-w- C:\fix_svchost.bat
2010-03-16 06:28 . 2010-03-16 06:28 153568 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 05:08 . 2010-03-16 06:15 199680 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-03-16 05:08 . 2010-03-16 06:15 2752512 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 22:40 . 2009-03-07 02:56 -------- d-----w- c:\program files\BitTorrent
2010-03-09 11:50 . 2009-03-05 05:24 -------- d-----w- c:\program files\CCleaner
2010-03-05 01:41 . 2010-03-05 08:56 2740224 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-03-04 08:11 . 2010-03-04 08:11 65294 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_03_04_00_50_19_small.dmp.zip
2010-03-03 23:55 . 2010-03-04 08:06 2739712 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-03-03 21:58 . 2010-03-04 08:06 3207680 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-03-03 09:34 . 2009-03-18 18:08 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-03-03 02:51 . 2010-03-03 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis
2010-03-03 02:50 . 2009-03-10 09:55 -------- d-----w- c:\documents and settings\tloust\Application Data\Corel
2010-03-03 02:40 . 2010-03-03 02:39 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-03-03 02:39 . 2010-03-03 02:39 -------- d-----w- c:\program files\Microsoft SDKs
2010-03-03 02:37 . 2009-01-15 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-03-03 02:32 . 2009-01-15 12:16 -------- d-----w- c:\program files\Corel
2010-03-03 02:25 . 2010-03-03 02:17 470794240 ----a-w- c:\documents and settings\tloust\Application Data\setup.exe
2010-03-01 07:05 . 2009-03-18 15:34 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-28 14:56 . 2010-01-21 14:46 -------- d-----w- c:\program files\MiKTeX 2.8
2010-02-25 06:24 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 23:06 . 2010-02-22 23:06 57712 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_02_22_23_59_43_small.dmp.zip
2010-02-16 14:08 . 2008-04-14 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 11:24 . 2009-03-18 15:34 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-06 15:13 . 2010-02-06 15:13 60200 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_02_06_16_06_40_small.dmp.zip
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-10-01 68976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-25 1036288]
"nwiz"="nwiz.exe" [2008-12-05 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-05 86016]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-09-01 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-09-01 124248]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-01-07 60704]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-12 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-12 81920]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-03-11 2233856]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-05 13549568]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QTTask.exe" [2009-01-05 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-09-15 7218472]
"EPSON PageSTM TrayIcon01"="c:\program files\EPSON\BSTM\PG\E_L20IC2.EXE" [2007-12-11 151552]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-07 00:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-09 03:14 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3/11/2009 10:25 PM 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/18/2009 5:34 PM 135336]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [10/4/2009 9:09 PM 91392]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [3/5/2009 10:14 PM 3032360]
S2 gupdate1c99dcc3cea70ba;Google Update Service (gupdate1c99dcc3cea70ba);c:\program files\Google\Update\GoogleUpdate.exe [3/5/2009 9:54 PM 133104]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [9/9/2008 12:01 AM 79144]
S3 PhSerUsb;PHILOG USB Serial Driver;c:\windows\system32\drivers\PhSerUsb.sys [10/4/2009 8:49 PM 48896]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [3/5/2009 10:14 PM 15144]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 1:01 AM 2799808]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 12:36]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-05 19:54]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-05 19:54]

2009-05-01 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-04-29 13:12]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://redirect.zonelabs.com/redirect/route?oem=1025&prod=0&mode=6&app=inclient&version=8.0.065.000&lang=en&locale=en-US&date=-86400&link_id=9&dest=welcome&lic=j5hvqhisiu3s4he7bhx644bu4g0
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} - file:///D:/dokumenty/Strojnicke_tabulky/script/ikcntrls.cab
FF - ProfilePath - c:\documents and settings\tloust\Application Data\Mozilla\Firefox\Profiles\j0zv8mv1.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Plugins\npqtplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-HijackThis - e:\install\-- firewalls



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-24 18:01
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1136)
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(752)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Common Files\EPSON\eEBAPI\eEBSVC.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\SYSTEM32\astsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\matlab701\webserver\bin\win32\matlabserver.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\program files\Lenovo\System Update\SUService.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\matlab701\bin\win32\matlab.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\Zoom\TpScrex.exe
c:\program files\Synaptics\SynTP\SynTPLpr.exe
c:\program files\Motorola\MotoConnectService\MotoConnect.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-04-24 18:11:51 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-24 16:11

Před spuštěním: 3,786,559,488 bytes free
Po spuštění: 4,483,362,816 bytes free

- - End Of File - - 745343305F0C6EEAF9F53CE51854AA5F

Re: Problem s nabihanim PC

Napsal: 24 dub 2010 18:13
od Rudy
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Collect::
c:\temp\Sbpbibl3.dat
c:\temp\Sbpbibl2.dat
c:\temp\Sbpbibl1.dat

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{153ee301-0944-11de-855f-001e4c394562}]
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu CombolFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Problem s nabihanim PC

Napsal: 24 dub 2010 19:02
od tloust
ComboFix 10-04-21.01 - tloust 04/24/2010 19:39:53.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.2014.781 [GMT 2:00]
Spuštěný z: c:\documents and settings\tloust\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\tloust\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

file zipped: c:\temp\Sbpbibl1.dat
file zipped: c:\temp\Sbpbibl2.dat
file zipped: c:\temp\Sbpbibl3.dat
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\temp\Sbpbibl1.dat
c:\temp\Sbpbibl2.dat
c:\temp\Sbpbibl3.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-24 do 2010-04-24 )))))))))))))))))))))))))))))))
.

2010-04-24 15:11 . 2010-04-24 15:11 -------- d-----w- c:\program files\trend micro
2010-04-24 15:11 . 2010-04-24 15:11 -------- d-----w- C:\rsit
2010-04-24 14:38 . 2010-04-24 14:38 3262 ----a-r- c:\documents and settings\tloust\Application Data\Microsoft\Installer\{9DFF89DE-5482-41D8-94E0-D7BAB1C37D73}\_3d865870.exe
2010-04-24 00:00 . 2010-04-24 00:00 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-23 13:44 . 2010-04-23 13:44 -------- d-----w- c:\documents and settings\tloust\ESA90
2010-04-23 13:19 . 2010-04-23 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision
2010-04-23 13:12 . 2010-04-23 13:12 -------- d-----w- C:\NemExCOM
2010-04-23 12:47 . 2010-04-23 12:47 -------- d-----w- c:\program files\Common Files\CADS Shared
2010-04-23 12:46 . 2010-04-23 12:46 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel
2010-04-23 12:42 . 2010-04-23 12:42 -------- d-----w- c:\program files\SCIA
2010-04-17 21:48 . 2010-04-12 15:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-08 18:33 . 2010-04-08 18:33 -------- d-----w- c:\program files\Common Files\Java
2010-04-06 09:17 . 2010-04-06 09:17 -------- d-----w- c:\program files\WIENERBERGER
2010-04-05 10:53 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-05 00:01 . 2010-04-05 00:01 -------- d-----w- c:\program files\Nexis 32
2010-04-04 19:55 . 2010-04-13 11:57 -------- d-----w- c:\program files\Common Files\Fine Shared
2010-04-04 11:19 . 2010-04-04 11:19 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avira
2010-04-04 09:58 . 2010-04-04 09:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2010-04-04 09:56 . 2010-04-04 09:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2010-03-28 19:25 . 2010-03-28 19:25 -------- d-----w- c:\documents and settings\tloust\Application Data\Avira
2010-03-28 12:16 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-28 12:16 . 2010-04-24 00:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-28 12:16 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 12:01 . 2010-03-28 12:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-28 11:31 . 2010-03-28 11:31 3262 ----a-r- c:\documents and settings\tloust\Application Data\Microsoft\Installer\{8CC58C45-1A99-445E-A05B-BD5D2E9047A3}\_69854732.exe
2010-03-27 16:30 . 2010-03-27 16:30 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-24 17:00 . 2009-10-09 16:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-24 16:48 . 2009-04-26 05:09 -------- d-----w- c:\documents and settings\tloust\Application Data\IM
2010-04-24 16:46 . 2009-03-05 20:14 -------- d-----w- c:\documents and settings\tloust\Application Data\WTablet
2010-04-24 15:56 . 2009-03-08 05:23 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-04-24 15:45 . 2010-04-24 14:34 18118464 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_04_24_16_34_10_full.dmp.zip
2010-04-24 14:38 . 2009-12-01 20:51 -------- d-----w- c:\program files\Common Files\Svoboda Software
2010-04-24 14:34 . 2010-04-24 14:34 64273 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_04_24_16_21_08_small.dmp.zip
2010-04-24 14:26 . 2009-03-04 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-24 14:12 . 2010-04-24 14:12 54301 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_04_24_16_02_04_small.dmp.zip
2010-04-24 13:10 . 2009-04-22 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-04-24 11:07 . 2009-03-11 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-04-24 11:07 . 2009-03-11 20:25 -------- d-----w- c:\program files\Spyware Terminator
2010-04-24 11:00 . 2009-03-11 20:25 -------- d-----w- c:\documents and settings\tloust\Application Data\Spyware Terminator
2010-04-24 02:35 . 2010-03-19 16:33 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-23 23:44 . 2010-04-23 23:44 61518 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_04_24_01_35_55_small.dmp.zip
2010-04-23 13:58 . 2009-03-07 02:57 -------- d-----w- c:\documents and settings\tloust\Application Data\BitTorrent
2010-04-23 12:47 . 2009-03-04 07:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-22 11:02 . 2009-06-01 22:51 957368 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-21 16:47 . 2009-03-04 07:42 -------- d-----w- c:\documents and settings\tloust\Application Data\Skype
2010-04-20 16:07 . 2009-04-13 03:19 5669214 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-19 10:29 . 2009-03-04 07:10 153664 ----a-w- c:\documents and settings\tloust\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-17 21:48 . 2009-03-10 04:56 -------- d-----w- c:\program files\Java
2010-04-13 17:29 . 2009-03-04 20:06 -------- d-----w- c:\program files\Google
2010-04-13 06:44 . 2010-04-13 11:25 2876416 ----a-w- c:\windows\Internet Logs\xDB15.tmp
2010-04-06 18:44 . 2010-04-06 18:44 66529 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_04_06_20_42_51_small.dmp.zip
2010-04-06 07:02 . 2010-04-06 08:13 2862592 ----a-w- c:\windows\Internet Logs\xDB14.tmp
2010-04-04 09:30 . 2010-04-04 09:32 2832896 ----a-w- c:\windows\Internet Logs\xDB13.tmp
2010-04-03 22:56 . 2009-07-03 11:54 -------- d-----w- c:\program files\yBook
2010-03-31 03:44 . 2010-03-31 06:20 2819072 ----a-w- c:\windows\Internet Logs\xDB12.tmp
2010-03-31 03:44 . 2009-03-04 08:05 210230 ----a-w- c:\windows\system32\nvModes.dat
2010-03-29 12:38 . 2009-03-04 08:41 -------- d-----w- c:\program files\Opera
2010-03-19 16:40 . 2010-03-19 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2010-03-19 16:28 . 2010-03-19 16:28 -------- d-----w- c:\program files\ESET
2010-03-19 07:28 . 2010-03-19 07:28 503808 ----a-w- c:\documents and settings\pomocny\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7bd3faee-n\msvcp71.dll
2010-03-19 07:28 . 2010-03-19 07:28 499712 ----a-w- c:\documents and settings\pomocny\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7bd3faee-n\jmc.dll
2010-03-19 07:28 . 2010-03-19 07:28 348160 ----a-w- c:\documents and settings\pomocny\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7bd3faee-n\msvcr71.dll
2010-03-19 07:27 . 2010-03-19 07:27 61440 ----a-w- c:\documents and settings\pomocny\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-18b0d725-n\decora-sse.dll
2010-03-19 07:27 . 2010-03-19 07:27 12800 ----a-w- c:\documents and settings\pomocny\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-18b0d725-n\decora-d3d.dll
2010-03-18 23:18 . 2010-03-18 23:18 -------- d-----w- c:\documents and settings\pomocny\Application Data\ArcSoft
2010-03-18 23:18 . 2010-03-18 23:18 -------- d-----w- c:\documents and settings\pomocny\Application Data\IM
2010-03-18 23:18 . 2010-03-18 23:18 -------- d-----w- c:\documents and settings\pomocny\Application Data\Epson
2010-03-18 23:18 . 2010-03-18 23:17 -------- d-----w- c:\documents and settings\pomocny\Application Data\Spyware Terminator
2010-03-18 23:17 . 2010-03-18 23:17 -------- d-----w- c:\documents and settings\pomocny\Application Data\Lenovo
2010-03-18 23:11 . 2010-03-18 23:11 -------- d-----w- c:\documents and settings\pomocny\Application Data\WTablet
2010-03-16 06:40 . 2010-03-16 06:40 1266056 ----a-w- C:\WindowsXP-KB927891-v3-x86-ENU.exe
2010-03-16 06:40 . 2010-03-16 06:40 224 ----a-w- C:\windowsupdateagent30-x86.exe
2010-03-16 06:37 . 2010-03-16 06:37 3038 ----a-w- C:\fix_svchost.bat
2010-03-16 06:28 . 2010-03-16 06:28 153568 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 05:08 . 2010-03-16 06:15 199680 ----a-w- c:\windows\Internet Logs\xDB10.tmp
2010-03-16 05:08 . 2010-03-16 06:15 2752512 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-03-10 06:15 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 22:40 . 2009-03-07 02:56 -------- d-----w- c:\program files\BitTorrent
2010-03-09 11:50 . 2009-03-05 05:24 -------- d-----w- c:\program files\CCleaner
2010-03-05 01:41 . 2010-03-05 08:56 2740224 ----a-w- c:\windows\Internet Logs\xDBF.tmp
2010-03-04 08:11 . 2010-03-04 08:11 65294 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_03_04_00_50_19_small.dmp.zip
2010-03-03 23:55 . 2010-03-04 08:06 2739712 ----a-w- c:\windows\Internet Logs\xDBE.tmp
2010-03-03 21:58 . 2010-03-04 08:06 3207680 ----a-w- c:\windows\Internet Logs\xDBD.tmp
2010-03-03 09:34 . 2009-03-18 18:08 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-03-03 09:34 . 2009-03-18 18:08 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-03-03 09:28 . 2010-03-03 02:50 2828 --sha-w- c:\documents and settings\All Users\Application Data\Protexis\KGyGaAvL.sys
2010-03-03 09:28 . 2010-03-03 02:51 88 --sh--r- c:\documents and settings\All Users\Application Data\Protexis\0FE8AEF37D.sys
2010-03-03 03:01 . 2010-03-03 02:46 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelPHOTOPAINT\9.0\1033\ResourceCache.dll
2010-03-03 03:00 . 2010-03-03 02:44 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\CorelDRAW\9.0\1033\ResourceCache.dll
2010-03-03 02:51 . 2010-03-03 02:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Protexis
2010-03-03 02:50 . 2009-03-10 09:55 -------- d-----w- c:\documents and settings\tloust\Application Data\Corel
2010-03-03 02:42 . 2010-03-03 02:42 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-03-03 02:40 . 2010-03-03 02:39 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-03-03 02:39 . 2010-03-03 02:39 -------- d-----w- c:\program files\Microsoft SDKs
2010-03-03 02:37 . 2009-01-15 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2010-03-03 02:32 . 2009-01-15 12:16 -------- d-----w- c:\program files\Corel
2010-03-03 02:25 . 2010-03-03 02:17 470794240 ----a-w- c:\documents and settings\tloust\Application Data\setup.exe
2010-03-03 02:25 . 2010-03-03 02:17 470794240 ----a-w- c:\documents and settings\tloust\Application Data\setup.exe
2010-03-01 07:05 . 2009-03-18 15:34 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-28 14:56 . 2010-01-21 14:46 -------- d-----w- c:\program files\MiKTeX 2.8
2010-02-25 06:24 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 23:06 . 2010-02-22 23:06 57712 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_02_22_23_59_43_small.dmp.zip
2010-02-16 14:08 . 2008-04-14 12:00 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25 . 2008-04-14 00:01 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 11:24 . 2009-03-18 15:34 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-12 04:33 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:37 . 2010-02-11 12:37 503808 ----a-w- c:\documents and settings\tloust\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7e55dfd0-n\msvcp71.dll
2010-02-11 12:37 . 2010-02-11 12:37 499712 ----a-w- c:\documents and settings\tloust\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7e55dfd0-n\jmc.dll
2010-02-11 12:37 . 2010-02-11 12:37 348160 ----a-w- c:\documents and settings\tloust\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7e55dfd0-n\msvcr71.dll
2010-02-11 12:37 . 2010-02-11 12:37 61440 ----a-w- c:\documents and settings\tloust\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4fd8ed8a-n\decora-sse.dll
2010-02-11 12:37 . 2010-02-11 12:37 12800 ----a-w- c:\documents and settings\tloust\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4fd8ed8a-n\decora-d3d.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-06 15:13 . 2010-02-06 15:13 60200 ----a-w- c:\windows\Internet Logs\zlclient_2nd_2010_02_06_16_06_40_small.dmp.zip
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-22 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 487424]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-10-01 68976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-04 1323008]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-25 1036288]
"nwiz"="nwiz.exe" [2008-12-05 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-05 86016]
"LPManager"="c:\progra~1\THINKV~1\PrdCtr\LPMGR.exe" [2008-09-01 165208]
"LPMailChecker"="c:\progra~1\THINKV~1\PrdCtr\LPMLCHK.exe" [2008-09-01 124248]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2009-01-07 60704]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-12 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-12 81920]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-03-11 2233856]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-05 13549568]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"QuickTime Task"="c:\program files\K-Lite Codec Pack\QTTask.exe" [2009-01-05 413696]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-09-15 7218472]
"EPSON PageSTM TrayIcon01"="c:\program files\EPSON\BSTM\PG\E_L20IC2.EXE" [2007-12-11 151552]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-07 00:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-08-09 03:14 28672 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\SCIA\\Engineer2009.0\\Flexlm\\Scia.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3/11/2009 10:25 PM 142592]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/18/2009 5:34 PM 135336]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [10/4/2009 9:09 PM 91392]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [3/5/2009 10:14 PM 3032360]
S2 gupdate1c99dcc3cea70ba;Google Update Service (gupdate1c99dcc3cea70ba);c:\program files\Google\Update\GoogleUpdate.exe [3/5/2009 9:54 PM 133104]
S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [9/9/2008 12:01 AM 79144]
S3 PhSerUsb;PHILOG USB Serial Driver;c:\windows\system32\drivers\PhSerUsb.sys [10/4/2009 8:49 PM 48896]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [3/5/2009 10:14 PM 15144]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [9/23/2005 1:01 AM 2799808]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-22 12:36]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-05 19:54]

2010-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-05 19:54]

2009-05-01 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-04-29 13:12]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://redirect.zonelabs.com/redirect/route?oem=1025&prod=0&mode=6&app=inclient&version=8.0.065.000&lang=en&locale=en-US&date=-86400&link_id=9&dest=welcome&lic=j5hvqhisiu3s4he7bhx644bu4g0
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: {B10CBD8D-F9B6-11CF-9B38-0080AD11B667} - file:///D:/dokumenty/Strojnicke_tabulky/script/ikcntrls.cab
FF - ProfilePath - c:\documents and settings\tloust\Application Data\Mozilla\Firefox\Profiles\j0zv8mv1.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(1136)
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Celkový čas: 2010-04-24 19:48:16
ComboFix-quarantined-files.txt 2010-04-24 17:48
ComboFix2.txt 2010-04-24 16:11

Před spuštěním: 4,461,707,264 bytes free
Po spuštění: 4,410,179,584 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 87783F35372428AF170F9C74C3CA395B
Nahr nˇ probŘhlo ŁspŘçnŘ

Re: Problem s nabihanim PC

Napsal: 24 dub 2010 19:04
od tloust
Pc se zda byt sviznejsi ale nvsvc.exe, ktere zere polovinu pameti tu strasi porad... :(

Re: Problem s nabihanim PC

Napsal: 24 dub 2010 19:28
od Rudy
nvsvc.exe patří ovladači nVidia gr. karty. Zkuste driver reinstalovat.

Re: Problem s nabihanim PC

Napsal: 24 dub 2010 19:48
od tloust
ok, zkusim, dekuji moc za pomoc a preji pekny vecer

Re: Problem s nabihanim PC

Napsal: 24 dub 2010 20:13
od Rudy
Pěkný večer i vám a nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz