prosím o kontrolu logu
Napsal: 19 úno 2011 18:02
Windows XP SP 3 (build 2600)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v6.00.2900.5512 (xpsp.080413-2105)
Log vygenerován: 19.2.2011 17:58:31
================================================================
SmallARK
================================================================
[R]NtAllocateVirtualMemory -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtClose -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtCreateKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtDeleteKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtDeleteValueKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtDuplicateObject -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtFreeVirtualMemory -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtOpenKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtOpenProcess -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtOpenThread -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtProtectVirtualMemory -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtQueryValueKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtRenameKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtRestoreKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtSetValueKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
Běžící procesy
================================================================
C:\PROGRAM FILES\CREATIVE\SBAUDIGY\SURROUND MIXER\CTSYSVOL.EXE
C:\PROGRAM FILES\CONMET\CONMET.EXE
C:\PROGRAM FILES\VIA\VIAUDIOI\SBADECK\ADECK.EXE
C:\WINDOWS\SYSTEM32\BGSVCGEN.EXE
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
C:\PROGRAM FILES\TRANSLATE CLIENT\TRANSLATECLIENT.EXE
Scanner
================================================================
[S] EXPLORER.EXE
Spouští se po startu HKLM Winlogon [Shell]
[?] CTSysVol.exe
Spouští se po startu HKLM Run [CTSysVol]
Soubor 7%
[S] RUNDLL32.EXE
Spouští se po startu HKLM Run [NvCplDaemon]
[?] ConMet.exe
Spouští se po startu HKLM Run [ConMet]
EntryPoint v sekci: CODE
|_ Celkový počet sekcí: 8
Soubor 63%
[?] ADeck.exe
Spouští se po startu HKLM Run [AudioDeck]
Soubor 7%
[R] AvastUI.exe
Spouští se po startu HKLM Run [avast5]
[R] realsched.exe
Spouští se po startu HKLM Run [TkBellExe]
[?] BGSVCGEN.EXE
Non Microsoft v System32:
Nemá okno
Soubor 7%
[?] CTSVCCDA.EXE
Non Microsoft v System32:
Nemá okno
Soubor 7%
[S] CTFMON.EXE
Spouští se po startu HKCU Run [CTFMON.EXE]
[?] Monitor.exe
Spouští se po startu HKCU Run [OM_Monitor]
Soubor 14%
[S] MSMSGS.EXE
Spouští se po startu HKCU Run [MSMSGS]
[R] PnkBstrA.exe
Podobná jména: PNKBSTRA.EXE X PNKBSTRB.EXE
[?] translateclient.exe
Spouští se po startu Po spuštění []
Soubor 7%
[R] PnkBstrB.exe
Podobná jména: PNKBSTRB.EXE X PNKBSTRA.EXE
[R] TOTALCMD.EXE
EntryPoint v sekci: CODE
|_ Celkový počet sekcí: 8
Po spuštění
================================================================
HKCU Run
|_ [?][OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
|_ [S][MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
HKLM Run
|_ [?][CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
|_ [X][P17Helper] Rundll32 P17.dll,P17Helper (Soubor nenalezen)
|_ [!][ConMet] C:\Program Files\ConMet\ConMet.exe
|_ [?][AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
|_ [?][OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
|_ [?][NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll ,NvStartup
|_ [?][nwiz] nwiz.exe /install
|_ [?][NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll ,NvTaskbarInit
|_ [R][avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui
|_ [R][TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
HKCU RunOnce
|_ [R][FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin
HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [?][{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] C:\WINDOWS\INF\msnetmtg.inf ,NetMtg.Install.PerUser.NT
|_ [?][{5945c046-1e7d-11d1-bc44-00c04fd912be}] C:\WINDOWS\INF\msmsgs.inf ,BLC.QuietInstall.PerUser
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp11.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll
Po spuštění
|_ C:\Program Files\Translate Client\translateclient.exe
Job
|_ [X][REGIST~1.JOB] C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe (Soubor nenalezen)
|_ [?][CLEANS~1.JOB] C:\WINDOWS\system32\CleanMem.exe
HKLM BHO
|_ [?][{31c7d459-9cc3-44f2-9dca-fc11795309b4}] C:\Program Files\IObitCom\tbIOb1.dll
HKCU IE WebBrowser Toolbar
|_ [?][{31C7D459-9CC3-44F2-9DCA-FC11795309B4}] C:\Program Files\IObitCom\tbIOb1.dll
Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] B's Recorder GOLD Library General Service
|_ Cesta: C:\WINDOWS\system32\bgsvcgen.exe
| |_ Výrobce: B.H.A Corporation
| |_ Popis: B's Recorder GOLD Service Library
| |_ MD5: 71489FA2C4A238F178E30AE6E4449013
|
|_ Jméno: bgsvcgen
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
[?] Creative Service for CDROM Access
|_ Cesta: C:\WINDOWS\system32\CTsvcCDA.exe
| |_ Výrobce: Creative Technology Ltd
| |_ Popis: Creative Service for CDROM Access
| |_ MD5: 3C8B6609712F4FF78E521F6DCFC4032B
|
|_ Jméno: Creative Service for CDROM Access
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
[X] Služba Google Update (gupdate1ca99f1cdfeb980)
|_ Cesta: C:\Program Files\Google\Update\GoogleUpdate.exe /svc
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: gupdate1ca99f1cdfeb980
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Own Process
|_ Dependency: RPCSS
Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] cdrbsdrv
|_ Cesta: C:\WINDOWS\system32\drivers\cdrbsdrv.sys
| |_ Výrobce: B.H.A Corporation
| |_ Popis: CD-ROM Filter Driver for Windows2000/xp
| |_ MD5: 248349293CA42EE5DB61DC1FD85A2F49
|
|_ Jméno: cdrbsdrv
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] VIA Rhine-Family Fast-Ethernet Adapter Driver Service
|_ Cesta: C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
| |_ Výrobce: VIA Technologies, Inc.
| |_ Popis: NDIS 5.0 miniport driver
| |_ MD5: 263F2507788917AB54C4AB8BC740F290
|
|_ Jméno: FET5X86V
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] StarOpen
|_ Cesta: C:\WINDOWS\system32\drivers\StarOpen.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5: 306521935042FC0A6988D528643619B3
|
|_ Jméno: StarOpen
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: File System Driver
|_ Dependency:
[?] VIA AGP Filter
|_ Cesta: C:\WINDOWS\system32\DRIVERS\viaagp1.sys
| |_ Výrobce: VIA Technologies, Inc.
| |_ Popis: VIA NT AGP Filter
| |_ MD5: 4B039BBD037B01F5DB5A144C837F283A
|
|_ Jméno: viaagp1
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] VIA AC'97 Enhanced Audio Controller (WDM)
|_ Cesta: C:\WINDOWS\system32\drivers\viaudio.sys
| |_ Výrobce: VIA Technologies, Inc.
| |_ Popis: VIA AC'97 Enhanced Audio WDM Driver
| |_ MD5: 49082508D872CDC4C8604FA970D1DC5F
|
|_ Jméno: VIAudio
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] videX32
|_ Cesta: C:\WINDOWS\system32\DRIVERS\videX32.sys
| |_ Výrobce: VIA Technologies, Inc.
| |_ Popis: VIA Generic PCI IDE Bus Driver
| |_ MD5: 4CC623591204ACD5FC89BD0DAD70E838
|
|_ Jméno: videX32
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (948) SVCHOST.EXE 0.0.0.0:135 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (4) Systém 89.103.222.249:139 LISTENING
TCP (412) ConMet.exe 89.103.222.249:1039 CLOSE_WAIT
TCP (0) 89.103.222.249:1872 TIME_WAIT
TCP (0) 89.103.222.249:1957 TIME_WAIT
TCP (0) 89.103.222.249:1960 TIME_WAIT
TCP (0) 89.103.222.249:1963 TIME_WAIT
TCP (0) 89.103.222.249:2012 TIME_WAIT
TCP (0) 89.103.222.249:2108 TIME_WAIT
TCP (0) 89.103.222.249:2117 TIME_WAIT
TCP (0) 89.103.222.249:2119 TIME_WAIT
TCP (0) 89.103.222.249:2120 TIME_WAIT
TCP (0) 89.103.222.249:2156 TIME_WAIT
TCP (1304) AvastSvc.exe 89.103.222.249:2165 <-> 209.85.148.102:80 ESTABLISHED
TCP (3696) UPM.exe 89.103.222.249:2203 <-> 109.123.209.238:80 ESTABLISHED
TCP (3696) UPM.exe 89.103.222.249:2206 <-> 92.122.213.153:80 ESTABLISHED
TCP (3696) UPM.exe 89.103.222.249:2207 <-> 207.46.170.10:80 ESTABLISHED
TCP (3696) UPM.exe 89.103.222.249:2208 <-> 199.7.52.190:80 ESTABLISHED
TCP (3696) UPM.exe 89.103.222.249:2209 <-> 199.7.48.190:80 ESTABLISHED
TCP (3696) UPM.exe 89.103.222.249:2210 <-> 199.7.48.190:80 ESTABLISHED
TCP (3696) UPM.exe 89.103.222.249:2211 <-> 92.123.68.11:80 ESTABLISHED
TCP (1452) firefox.exe 127.0.0.1:1077 <-> 127.0.0.1:1078 ESTABLISHED
TCP (1452) firefox.exe 127.0.0.1:1078 <-> 127.0.0.1:1077 ESTABLISHED
TCP (1452) firefox.exe 127.0.0.1:1081 <-> 127.0.0.1:1082 ESTABLISHED
TCP (1452) firefox.exe 127.0.0.1:1082 <-> 127.0.0.1:1081 ESTABLISHED
TCP (1452) firefox.exe 127.0.0.1:2163 <-> 127.0.0.1:12080 ESTABLISHED
TCP (0) 127.0.0.1:2192 TIME_WAIT
TCP (1304) AvastSvc.exe 127.0.0.1:12025 LISTENING
TCP (1304) AvastSvc.exe 127.0.0.1:12080 LISTENING
TCP (1304) AvastSvc.exe 127.0.0.1:12080 <-> 127.0.0.1:2163 ESTABLISHED
TCP (1304) AvastSvc.exe 127.0.0.1:12110 LISTENING
TCP (0) 127.0.0.1:12110 TIME_WAIT
TCP (0) 127.0.0.1:12110 TIME_WAIT
TCP (0) 127.0.0.1:12110 TIME_WAIT
TCP (1304) AvastSvc.exe 127.0.0.1:12119 LISTENING
TCP (1304) AvastSvc.exe 127.0.0.1:12143 LISTENING
TCP (1304) AvastSvc.exe 127.0.0.1:12465 LISTENING
TCP (1304) AvastSvc.exe 127.0.0.1:12563 LISTENING
TCP (1304) AvastSvc.exe 127.0.0.1:12993 LISTENING
UDP (4) Systém 0.0.0.0:445 LISTENING
UDP (1044) SVCHOST.EXE 89.103.222.249:123
UDP (4) Systém 89.103.222.249:137
UDP (4) Systém 89.103.222.249:138
UDP (1044) SVCHOST.EXE 127.0.0.1:123
UDP (1096) translateclient.exe 127.0.0.1:1028
UDP (616) PnkBstrA.exe 127.0.0.1:44301
UDP (836) PnkBstrB.exe 127.0.0.1:45301
Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] ctrlsrc.dll
|_ Cesta: C:\Program Files\Creative\Shared Files\CtrlSrc.dll
|_ MD5: EC046688C85011435DC8071EBA02F833
|_ Výrobce: Creative Technology Ltd.
|_ Procesy
|_ CTSysVol.exe (260)
[?] ctinif.dll
|_ Cesta: C:\Program Files\Creative\Shared Files\CTIniF.dll
|_ MD5: 8084668D40E5EB157839C5519E533541
|_ Výrobce: Creative Technology Ltd
|_ Procesy
|_ CTSysVol.exe (260)
[?] gdictrl.skc
|_ Cesta: C:\Program Files\Creative\Shared Files\GDICtrl.skc
|_ MD5: EBF4C4557FBFEA9CCF642ABD5A239471
|_ Výrobce: Creative Technology Ltd
|_ Procesy
|_ CTSysVol.exe (260)
[?] gdictrl2.skc
|_ Cesta: C:\Program Files\Creative\Shared Files\GDICtrl2.skc
|_ MD5: 36854F9057F22EE937E0820F872B0F52
|_ Výrobce: Creative Technology Ltd
|_ Procesy
|_ CTSysVol.exe (260)
[?] gdictrl3.skc
|_ Cesta: C:\Program Files\Creative\Shared Files\GDICtrl3.skc
|_ MD5: 1602EECC8B71BDA0947134871A5A1478
|_ Výrobce: Creative Technology Ltd
|_ Procesy
|_ CTSysVol.exe (260)
[?] rtxctrl.skc
|_ Cesta: C:\Program Files\Creative\Shared Files\RtxCtrl.skc
|_ MD5: 4F9F52BE3E01B724CFD15268D95D8CDF
|_ Výrobce: Creative Technology Ltd
|_ Procesy
|_ CTSysVol.exe (260)
[?] mxlib.dll
|_ Cesta: C:\Program Files\Creative\Shared Files\MxLib.dll
|_ MD5: 4DD881B1918D195682EA7E696000D342
|_ Výrobce: Creative Technology Ltd.
|_ Procesy
|_ CTSysVol.exe (260)
[?] cttheme.dll
|_ Cesta: C:\Program Files\Creative\Shared Files\CTTheme.dll
|_ MD5: EEB43B761B01F7668A466A1439E4D675
|_ Výrobce: Creative Technology Ltd
|_ Procesy
|_ CTSysVol.exe (260)
[?] olyuidrw.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OLYUIDRW.DLL
|_ MD5: B8A71BCCE88CC6A8B0D821DF18950BB3
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] olyplgmgr.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OlyPlgMgr.dll
|_ MD5: 7E6DD8A6D2619ECBE508154EA7572862
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] olycamdetect.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OlyCamDetect.dll
|_ MD5: D0B850C181B0F80540E6F6138788B518
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] olapcevent.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OlAPCEvent.dll
|_ MD5: 1C69690C5336AFC9653D2A3AF914A2F3
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] olygloss.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OlyGloss.dll
|_ MD5: A843CC6DB39CF0467337F4D65A3C71E5
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] olyexiflib.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OlyExifLib.dll
|_ MD5: FA23A0DF3A062D1648F04718368091DC
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] olilevent.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OlILEvent.dll
|_ MD5: F99212BDFC4A1ACDFE0D991C8048F78E
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] olyrum.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OlyRum.dll
|_ MD5: CE96CF296AD92E5650080FBB0D669677
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] ptp-il.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\PTP-IL.DLL
|_ MD5: C59202534D7F802C5EE10828914D12EE
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] olcamapi.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\Olcamapi.dll
|_ MD5: 79B8774EED4F86607C0AE48FDCC230EC
|_ Výrobce: OLYMPUS OPTICAL CO.,LTD.
|_ Procesy
|_ Monitor.exe (312)
[?] olyuictl.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OLYUICTL.DLL
|_ MD5: DCCCC6BEAAF866349F3D09E7FC43A530
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] mfc42.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\MFC42.DLL
|_ MD5: F92E518180CF52FB526C7A76BD9AFD7E
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ Monitor.exe (312)
[?] hash2.dll
|_ Cesta: C:\WINDOWS\System32\hash2.dll
|_ MD5: C8C73DAF8EF9BA6AB388CDC24FC319BF
|_ Výrobce: ?
|_ Procesy
|_ translateclient.exe (1096)
[?] toolbarvstar2.ocx
|_ Cesta: C:\WINDOWS\System32\ToolbarVstar2.ocx
|_ MD5: 344F5F244C4CC9C2D06519B282949170
|_ Výrobce: Seanau software
|_ Procesy
|_ translateclient.exe (1096)
[?] softokn3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\softokn3.dll
|_ MD5: 2935447938967FDD07DD9118DFB4AFB2
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (1452)
[?] nssdbm3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\nssdbm3.dll
|_ MD5: 3D07ACEEBE516A561767117C43088F2C
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (1452)
[?] freebl3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\freebl3.dll
|_ MD5: E72B70C57C4229D339FE110951932392
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (1452)
================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v6.00.2900.5512 (xpsp.080413-2105)
Log vygenerován: 19.2.2011 17:58:31
================================================================
SmallARK
================================================================
[R]NtAllocateVirtualMemory -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtClose -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtCreateKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtDeleteKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtDeleteValueKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtDuplicateObject -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtFreeVirtualMemory -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtOpenKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtOpenProcess -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtOpenThread -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtProtectVirtualMemory -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtQueryValueKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtRenameKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtRestoreKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[R]NtSetValueKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
Běžící procesy
================================================================
C:\PROGRAM FILES\CREATIVE\SBAUDIGY\SURROUND MIXER\CTSYSVOL.EXE
C:\PROGRAM FILES\CONMET\CONMET.EXE
C:\PROGRAM FILES\VIA\VIAUDIOI\SBADECK\ADECK.EXE
C:\WINDOWS\SYSTEM32\BGSVCGEN.EXE
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE
C:\PROGRAM FILES\OLYMPUS\OLYMPUS MASTER\MONITOR.EXE
C:\PROGRAM FILES\TRANSLATE CLIENT\TRANSLATECLIENT.EXE
Scanner
================================================================
[S] EXPLORER.EXE
Spouští se po startu HKLM Winlogon [Shell]
[?] CTSysVol.exe
Spouští se po startu HKLM Run [CTSysVol]
Soubor 7%
[S] RUNDLL32.EXE
Spouští se po startu HKLM Run [NvCplDaemon]
[?] ConMet.exe
Spouští se po startu HKLM Run [ConMet]
EntryPoint v sekci: CODE
|_ Celkový počet sekcí: 8
Soubor 63%
[?] ADeck.exe
Spouští se po startu HKLM Run [AudioDeck]
Soubor 7%
[R] AvastUI.exe
Spouští se po startu HKLM Run [avast5]
[R] realsched.exe
Spouští se po startu HKLM Run [TkBellExe]
[?] BGSVCGEN.EXE
Non Microsoft v System32:
Nemá okno
Soubor 7%
[?] CTSVCCDA.EXE
Non Microsoft v System32:
Nemá okno
Soubor 7%
[S] CTFMON.EXE
Spouští se po startu HKCU Run [CTFMON.EXE]
[?] Monitor.exe
Spouští se po startu HKCU Run [OM_Monitor]
Soubor 14%
[S] MSMSGS.EXE
Spouští se po startu HKCU Run [MSMSGS]
[R] PnkBstrA.exe
Podobná jména: PNKBSTRA.EXE X PNKBSTRB.EXE
[?] translateclient.exe
Spouští se po startu Po spuštění []
Soubor 7%
[R] PnkBstrB.exe
Podobná jména: PNKBSTRB.EXE X PNKBSTRA.EXE
[R] TOTALCMD.EXE
EntryPoint v sekci: CODE
|_ Celkový počet sekcí: 8
Po spuštění
================================================================
HKCU Run
|_ [?][OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
|_ [S][MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
HKLM Run
|_ [?][CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
|_ [X][P17Helper] Rundll32 P17.dll,P17Helper (Soubor nenalezen)
|_ [!][ConMet] C:\Program Files\ConMet\ConMet.exe
|_ [?][AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
|_ [?][OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
|_ [?][NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll ,NvStartup
|_ [?][nwiz] nwiz.exe /install
|_ [?][NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll ,NvTaskbarInit
|_ [R][avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe /nogui
|_ [R][TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
HKCU RunOnce
|_ [R][FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_Plugin.exe -update plugin
HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [?][{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] C:\WINDOWS\INF\msnetmtg.inf ,NetMtg.Install.PerUser.NT
|_ [?][{5945c046-1e7d-11d1-bc44-00c04fd912be}] C:\WINDOWS\INF\msmsgs.inf ,BLC.QuietInstall.PerUser
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp11.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll
Po spuštění
|_ C:\Program Files\Translate Client\translateclient.exe
Job
|_ [X][REGIST~1.JOB] C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe (Soubor nenalezen)
|_ [?][CLEANS~1.JOB] C:\WINDOWS\system32\CleanMem.exe
HKLM BHO
|_ [?][{31c7d459-9cc3-44f2-9dca-fc11795309b4}] C:\Program Files\IObitCom\tbIOb1.dll
HKCU IE WebBrowser Toolbar
|_ [?][{31C7D459-9CC3-44F2-9DCA-FC11795309B4}] C:\Program Files\IObitCom\tbIOb1.dll
Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] B's Recorder GOLD Library General Service
|_ Cesta: C:\WINDOWS\system32\bgsvcgen.exe
| |_ Výrobce: B.H.A Corporation
| |_ Popis: B's Recorder GOLD Service Library
| |_ MD5: 71489FA2C4A238F178E30AE6E4449013
|
|_ Jméno: bgsvcgen
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
[?] Creative Service for CDROM Access
|_ Cesta: C:\WINDOWS\system32\CTsvcCDA.exe
| |_ Výrobce: Creative Technology Ltd
| |_ Popis: Creative Service for CDROM Access
| |_ MD5: 3C8B6609712F4FF78E521F6DCFC4032B
|
|_ Jméno: Creative Service for CDROM Access
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:
[X] Služba Google Update (gupdate1ca99f1cdfeb980)
|_ Cesta: C:\Program Files\Google\Update\GoogleUpdate.exe /svc
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: gupdate1ca99f1cdfeb980
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Own Process
|_ Dependency: RPCSS
Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] cdrbsdrv
|_ Cesta: C:\WINDOWS\system32\drivers\cdrbsdrv.sys
| |_ Výrobce: B.H.A Corporation
| |_ Popis: CD-ROM Filter Driver for Windows2000/xp
| |_ MD5: 248349293CA42EE5DB61DC1FD85A2F49
|
|_ Jméno: cdrbsdrv
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] VIA Rhine-Family Fast-Ethernet Adapter Driver Service
|_ Cesta: C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
| |_ Výrobce: VIA Technologies, Inc.
| |_ Popis: NDIS 5.0 miniport driver
| |_ MD5: 263F2507788917AB54C4AB8BC740F290
|
|_ Jméno: FET5X86V
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] StarOpen
|_ Cesta: C:\WINDOWS\system32\drivers\StarOpen.sys
| |_ Výrobce:
| |_ Popis:
| |_ MD5: 306521935042FC0A6988D528643619B3
|
|_ Jméno: StarOpen
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: File System Driver
|_ Dependency:
[?] VIA AGP Filter
|_ Cesta: C:\WINDOWS\system32\DRIVERS\viaagp1.sys
| |_ Výrobce: VIA Technologies, Inc.
| |_ Popis: VIA NT AGP Filter
| |_ MD5: 4B039BBD037B01F5DB5A144C837F283A
|
|_ Jméno: viaagp1
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] VIA AC'97 Enhanced Audio Controller (WDM)
|_ Cesta: C:\WINDOWS\system32\drivers\viaudio.sys
| |_ Výrobce: VIA Technologies, Inc.
| |_ Popis: VIA AC'97 Enhanced Audio WDM Driver
| |_ MD5: 49082508D872CDC4C8604FA970D1DC5F
|
|_ Jméno: VIAudio
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
[?] videX32
|_ Cesta: C:\WINDOWS\system32\DRIVERS\videX32.sys
| |_ Výrobce: VIA Technologies, Inc.
| |_ Popis: VIA Generic PCI IDE Bus Driver
| |_ MD5: 4CC623591204ACD5FC89BD0DAD70E838
|
|_ Jméno: videX32
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:
lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (948) SVCHOST.EXE 0.0.0.0:135 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (4) Systém 89.103.222.249:139 LISTENING
TCP (412) ConMet.exe 89.103.222.249:1039 CLOSE_WAIT
TCP (0) 89.103.222.249:1872 TIME_WAIT
TCP (0) 89.103.222.249:1957 TIME_WAIT
TCP (0) 89.103.222.249:1960 TIME_WAIT
TCP (0) 89.103.222.249:1963 TIME_WAIT
TCP (0) 89.103.222.249:2012 TIME_WAIT
TCP (0) 89.103.222.249:2108 TIME_WAIT
TCP (0) 89.103.222.249:2117 TIME_WAIT
TCP (0) 89.103.222.249:2119 TIME_WAIT
TCP (0) 89.103.222.249:2120 TIME_WAIT
TCP (0) 89.103.222.249:2156 TIME_WAIT
TCP (1304) AvastSvc.exe 89.103.222.249:2165 <-> 209.85.148.102:80 ESTABLISHED
TCP (3696) UPM.exe 89.103.222.249:2203 <-> 109.123.209.238:80 ESTABLISHED
TCP (3696) UPM.exe 89.103.222.249:2206 <-> 92.122.213.153:80 ESTABLISHED
TCP (3696) UPM.exe 89.103.222.249:2207 <-> 207.46.170.10:80 ESTABLISHED
TCP (3696) UPM.exe 89.103.222.249:2208 <-> 199.7.52.190:80 ESTABLISHED
TCP (3696) UPM.exe 89.103.222.249:2209 <-> 199.7.48.190:80 ESTABLISHED
TCP (3696) UPM.exe 89.103.222.249:2210 <-> 199.7.48.190:80 ESTABLISHED
TCP (3696) UPM.exe 89.103.222.249:2211 <-> 92.123.68.11:80 ESTABLISHED
TCP (1452) firefox.exe 127.0.0.1:1077 <-> 127.0.0.1:1078 ESTABLISHED
TCP (1452) firefox.exe 127.0.0.1:1078 <-> 127.0.0.1:1077 ESTABLISHED
TCP (1452) firefox.exe 127.0.0.1:1081 <-> 127.0.0.1:1082 ESTABLISHED
TCP (1452) firefox.exe 127.0.0.1:1082 <-> 127.0.0.1:1081 ESTABLISHED
TCP (1452) firefox.exe 127.0.0.1:2163 <-> 127.0.0.1:12080 ESTABLISHED
TCP (0) 127.0.0.1:2192 TIME_WAIT
TCP (1304) AvastSvc.exe 127.0.0.1:12025 LISTENING
TCP (1304) AvastSvc.exe 127.0.0.1:12080 LISTENING
TCP (1304) AvastSvc.exe 127.0.0.1:12080 <-> 127.0.0.1:2163 ESTABLISHED
TCP (1304) AvastSvc.exe 127.0.0.1:12110 LISTENING
TCP (0) 127.0.0.1:12110 TIME_WAIT
TCP (0) 127.0.0.1:12110 TIME_WAIT
TCP (0) 127.0.0.1:12110 TIME_WAIT
TCP (1304) AvastSvc.exe 127.0.0.1:12119 LISTENING
TCP (1304) AvastSvc.exe 127.0.0.1:12143 LISTENING
TCP (1304) AvastSvc.exe 127.0.0.1:12465 LISTENING
TCP (1304) AvastSvc.exe 127.0.0.1:12563 LISTENING
TCP (1304) AvastSvc.exe 127.0.0.1:12993 LISTENING
UDP (4) Systém 0.0.0.0:445 LISTENING
UDP (1044) SVCHOST.EXE 89.103.222.249:123
UDP (4) Systém 89.103.222.249:137
UDP (4) Systém 89.103.222.249:138
UDP (1044) SVCHOST.EXE 127.0.0.1:123
UDP (1096) translateclient.exe 127.0.0.1:1028
UDP (616) PnkBstrA.exe 127.0.0.1:44301
UDP (836) PnkBstrB.exe 127.0.0.1:45301
Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] ctrlsrc.dll
|_ Cesta: C:\Program Files\Creative\Shared Files\CtrlSrc.dll
|_ MD5: EC046688C85011435DC8071EBA02F833
|_ Výrobce: Creative Technology Ltd.
|_ Procesy
|_ CTSysVol.exe (260)
[?] ctinif.dll
|_ Cesta: C:\Program Files\Creative\Shared Files\CTIniF.dll
|_ MD5: 8084668D40E5EB157839C5519E533541
|_ Výrobce: Creative Technology Ltd
|_ Procesy
|_ CTSysVol.exe (260)
[?] gdictrl.skc
|_ Cesta: C:\Program Files\Creative\Shared Files\GDICtrl.skc
|_ MD5: EBF4C4557FBFEA9CCF642ABD5A239471
|_ Výrobce: Creative Technology Ltd
|_ Procesy
|_ CTSysVol.exe (260)
[?] gdictrl2.skc
|_ Cesta: C:\Program Files\Creative\Shared Files\GDICtrl2.skc
|_ MD5: 36854F9057F22EE937E0820F872B0F52
|_ Výrobce: Creative Technology Ltd
|_ Procesy
|_ CTSysVol.exe (260)
[?] gdictrl3.skc
|_ Cesta: C:\Program Files\Creative\Shared Files\GDICtrl3.skc
|_ MD5: 1602EECC8B71BDA0947134871A5A1478
|_ Výrobce: Creative Technology Ltd
|_ Procesy
|_ CTSysVol.exe (260)
[?] rtxctrl.skc
|_ Cesta: C:\Program Files\Creative\Shared Files\RtxCtrl.skc
|_ MD5: 4F9F52BE3E01B724CFD15268D95D8CDF
|_ Výrobce: Creative Technology Ltd
|_ Procesy
|_ CTSysVol.exe (260)
[?] mxlib.dll
|_ Cesta: C:\Program Files\Creative\Shared Files\MxLib.dll
|_ MD5: 4DD881B1918D195682EA7E696000D342
|_ Výrobce: Creative Technology Ltd.
|_ Procesy
|_ CTSysVol.exe (260)
[?] cttheme.dll
|_ Cesta: C:\Program Files\Creative\Shared Files\CTTheme.dll
|_ MD5: EEB43B761B01F7668A466A1439E4D675
|_ Výrobce: Creative Technology Ltd
|_ Procesy
|_ CTSysVol.exe (260)
[?] olyuidrw.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OLYUIDRW.DLL
|_ MD5: B8A71BCCE88CC6A8B0D821DF18950BB3
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] olyplgmgr.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OlyPlgMgr.dll
|_ MD5: 7E6DD8A6D2619ECBE508154EA7572862
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] olycamdetect.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OlyCamDetect.dll
|_ MD5: D0B850C181B0F80540E6F6138788B518
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] olapcevent.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OlAPCEvent.dll
|_ MD5: 1C69690C5336AFC9653D2A3AF914A2F3
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] olygloss.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OlyGloss.dll
|_ MD5: A843CC6DB39CF0467337F4D65A3C71E5
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] olyexiflib.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OlyExifLib.dll
|_ MD5: FA23A0DF3A062D1648F04718368091DC
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] olilevent.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OlILEvent.dll
|_ MD5: F99212BDFC4A1ACDFE0D991C8048F78E
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] olyrum.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OlyRum.dll
|_ MD5: CE96CF296AD92E5650080FBB0D669677
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] ptp-il.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\PTP-IL.DLL
|_ MD5: C59202534D7F802C5EE10828914D12EE
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] olcamapi.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\Olcamapi.dll
|_ MD5: 79B8774EED4F86607C0AE48FDCC230EC
|_ Výrobce: OLYMPUS OPTICAL CO.,LTD.
|_ Procesy
|_ Monitor.exe (312)
[?] olyuictl.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\OLYUICTL.DLL
|_ MD5: DCCCC6BEAAF866349F3D09E7FC43A530
|_ Výrobce: OLYMPUS IMAGING CORP.
|_ Procesy
|_ Monitor.exe (312)
[?] mfc42.dll
|_ Cesta: C:\Program Files\OLYMPUS\OLYMPUS Master\MFC42.DLL
|_ MD5: F92E518180CF52FB526C7A76BD9AFD7E
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ Monitor.exe (312)
[?] hash2.dll
|_ Cesta: C:\WINDOWS\System32\hash2.dll
|_ MD5: C8C73DAF8EF9BA6AB388CDC24FC319BF
|_ Výrobce: ?
|_ Procesy
|_ translateclient.exe (1096)
[?] toolbarvstar2.ocx
|_ Cesta: C:\WINDOWS\System32\ToolbarVstar2.ocx
|_ MD5: 344F5F244C4CC9C2D06519B282949170
|_ Výrobce: Seanau software
|_ Procesy
|_ translateclient.exe (1096)
[?] softokn3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\softokn3.dll
|_ MD5: 2935447938967FDD07DD9118DFB4AFB2
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (1452)
[?] nssdbm3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\nssdbm3.dll
|_ MD5: 3D07ACEEBE516A561767117C43088F2C
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (1452)
[?] freebl3.dll
|_ Cesta: C:\Program Files\Mozilla Firefox\freebl3.dll
|_ MD5: E72B70C57C4229D339FE110951932392
|_ Výrobce: Mozilla Foundation
|_ Procesy
|_ firefox.exe (1452)
================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]