VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Prosím o kontrolu logu

https://forum.viry.cz:443/viewtopic.php?t=113085

Stránka 1 z 1

Prosím o kontrolu logu

Napsal: 10 črc 2011 19:10
od clifo
Predom ďakujem

Windows Vista SP 1 (build 7601)
Boot Mode: Normal
Overení sůborů Microsoftu: Nie
Whitelist: Nie
Internet Explorer v9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
Log vygenerovaný:10. 7. 2011 20:04:41
================================================================

Bežiace procesy
================================================================

C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WININIT.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\LSM.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\MSMPENG.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES\WIDCOMM\BLUETOOTH SOFTWARE\BTWDINS.EXE
C:\PROGRAM FILES (X86)\LAUNCH MANAGER\DSIWMIS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\PROGRAM FILES (X86)\ACER\REGISTRATION\GREGHSRW.EXE
C:\PROGRAM FILES (X86)\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
C:\PROGRAM FILES (X86)\NEWTECH INFOSYSTEMS\ACER BACKUP MANAGER\ISCHEDULESVC.EXE
C:\PROGRAM FILES (X86)\ACER\ACER VCM\RS_SERVICE.EXE
C:\PROGRAM FILES (X86)\SPYWARE TERMINATOR\SP_RSSER.EXE
C:\PROGRAM FILES (X86)\TEAMVIEWER\VERSION5\TEAMVIEWER_SERVICE.EXE
C:\PROGRAM FILES (X86)\TEAMVIEWER\VERSION6\TEAMVIEWER_SERVICE.EXE
C:\PROGRAM FILES (X86)\COMMON FILES\ULEAD SYSTEMS\DVD\ULCDRSVR.EXE
C:\PROGRAM FILES\ACER\ACER UPDATER\UPDATERSERVICE.EXE
C:\WINDOWS\SYSWOW64\UTSCSI.EXE
C:\PROGRAM FILES (X86)\COMMON FILES\VMWARE\USB\VMWARE-USBARBITRATOR.EXE
C:\WINDOWS\SYSWOW64\VMNAT.EXE
C:\WINDOWS\SYSWOW64\VMNETDHCP.EXE
C:\PROGRAM FILES (X86)\INTEL\INTEL MATRIX STORAGE MANAGER\IAANTMON.EXE
C:\PROGRAM FILES (X86)\VMWARE\VMWARE PLAYER\VMWARE-AUTHD.EXE
C:\PROGRAM FILES (X86)\SPYBOT - SEARCH & DESTROY\SDWINSEC.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\ANTIMALWARE\NISSRV.EXE
C:\WINDOWS\SYSTEM32\TASKHOST.EXE
C:\WINDOWS\SYSTEM32\DWM.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
C:\WINDOWS\PLFSETI.EXE
C:\WINDOWS\SYSTEM32\IGFXTRAY.EXE
C:\WINDOWS\SYSTEM32\HKCMD.EXE
C:\WINDOWS\SYSTEM32\IGFXPERS.EXE
C:\PROGRAM FILES\MICROSOFT SECURITY CLIENT\MSSECES.EXE
C:\PROGRAM FILES (X86)\NEWTECH INFOSYSTEMS\ACER BACKUP MANAGER\BACKUPMANAGERTRAY.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\PROGRAM FILES (X86)\LAUNCH MANAGER\LMANAGER.EXE
C:\WINDOWS\SYSTEM32\IGFXSRVC.EXE
C:\PROGRAM FILES (X86)\COMMON FILES\JAVA\JAVA UPDATE\JUSCHED.EXE
C:\PROGRAM FILES (X86)\VMWARE\VMWARE PLAYER\HQTRAY.EXE
C:\WINDOWS\SYSTEM32\SEARCHINDEXER.EXE
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE
C:\TOTALCMD\TOTALCMD.EXE
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\FIREFOX.EXE
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGIN-CONTAINER.EXE
C:\PROGRAM FILES (X86)\ULTIMATE PROCESS MANAGER\UPM.EXE

Scanner
================================================================
[S, novf!] smss.exe
Non Microsoft v System32:
Overený Microsoft: Nie
Iná ImageBase 00000000h
EntryPoint v sekcii:
|_ Celkový počet sekcií: 5
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (47950000) C:\Windows\System32\smss.exe
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Nemá okno

[S, novf!] csrss.exe
Non Microsoft v System32:
Overený Microsoft: Nie
Iná ImageBase 00000000h
EntryPoint v sekcii:
|_ Celkový počet sekcií: 5
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (4A350000) C:\Windows\System32\csrss.exe
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Nemá okno

[S] wininit.exe
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[S, novf!] csrss.exe
Non Microsoft v System32:
Overený Microsoft: Nie
Iná ImageBase 00000000h
EntryPoint v sekcii:
|_ Celkový počet sekcií: 5
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (4A350000) C:\Windows\System32\csrss.exe
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Nemá okno

[S, novf!] winlogon.exe
Non Microsoft v System32:
Overený Microsoft: Nie
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Nemá okno

[S, novf!] services.exe
Non Microsoft v System32:
Overený Microsoft: Nie
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Nemá okno

[S, novf!] lsass.exe
Non Microsoft v System32:
Overený Microsoft: Nie
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (74710000) C:\Windows\System32\msprivs.dll
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Nemá okno

[S, novf!] lsm.exe
Non Microsoft v System32:
Overený Microsoft: Nie
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Nemá okno

[S] svchost.exe
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[S] svchost.exe
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] MsMpEng.exe
Overený Microsoft: Nie
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76780000) C:\Windows\System32\iertutil.dll
Podvrhnutá cesta modulu: (76990000) C:\Windows\System32\urlmon.dll
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76BE0000) C:\Windows\System32\wininet.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Podvrhnutá cesta modulu: (77020000) C:\Windows\System32\psapi.dll
Podvrhnutá cesta modulu: (77030000) C:\Windows\System32\normaliz.dll

[S] svchost.exe
Iná ImageBase 00000000h
EntryPoint v sekcii:
|_ Celkový počet sekcií: 6
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (013D0000) C:\Windows\System32\winlogon.exe
Podvrhnutá cesta modulu: (71DE0000) C:\Windows\System32\wbem\WinMgmtR.dll
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[S] svchost.exe
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (72690000) C:\Windows\System32\sfc.dll
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Podvrhnutá cesta modulu: (77020000) C:\Windows\System32\psapi.dll

[S] svchost.exe
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Podvrhnutá cesta modulu: (77020000) C:\Windows\System32\psapi.dll

[S] svchost.exe
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (72690000) C:\Windows\System32\sfc.dll
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[S] svchost.exe
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Podvrhnutá cesta modulu: (77020000) C:\Windows\System32\psapi.dll

[S, novf!] spoolsv.exe
Non Microsoft v System32:
Overený Microsoft: Nie
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Nemá okno

[S] svchost.exe
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] btwdins.exe
Iná ImageBase 00000000h
EntryPoint v sekcii:
|_ Celkový počet sekcií: 5
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] dsiwmis.exe
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[S] svchost.exe
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] GregHSRW.exe
EntryPoint v sekcii: CODE
|_ Celkový počet sekcií: 8
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] MDM.EXE
Overený Microsoft: Nie
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] IScheduleSvc.exe
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[?] RS_Service.exe
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Nemá okno
Súbor 7%

[?] sp_rsser.exe
Iná ImageBase 00000000h
EntryPoint v sekcii:
|_ Celkový počet sekcií: 6
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Podvrhnutá cesta modulu: (77020000) C:\Windows\System32\psapi.dll
Nemá okno
Súbor 63%

[R] TeamViewer_Service.exe
Rovnaké mená, iná cesta: TEAMVIEWER_SERVICE.EXE X TEAMVIEWER_SERVICE.EXE
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] TeamViewer_Service.exe
Rovnaké mená, iná cesta: TEAMVIEWER_SERVICE.EXE X TEAMVIEWER_SERVICE.EXE
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[?] ULCDRSvr.exe
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Nemá okno
Súbor 7%

[R] UpdaterService.exe
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[?] UTSCSI.EXE
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Nemá okno
Súbor 7%

[R] vmware-usbarbitrator.exe
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] vmnat.exe
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] vmnetdhcp.exe
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] IAANTmon.exe
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] vmware-authd.exe
Podvrhnutá cesta modulu: (72750000) C:\Windows\SysWOW64\atl.dll
Podvrhnutá cesta modulu: (72D50000) C:\Windows\SysWOW64\ktmw32.dll
Podvrhnutá cesta modulu: (740B0000) C:\Windows\SysWOW64\wtsapi32.dll
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] SDWinSec.exe
EntryPoint v sekcii: .ITEXT
|_ Celkový počet sekcií: 9
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] NisSrv.exe
Overený Microsoft: Nie
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[S, novf!] taskhost.exe
Non Microsoft v System32:
Overený Microsoft: Nie
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (74460000) C:\Windows\System32\ksuser.dll
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[S, novf!] dwm.exe
Non Microsoft v System32:
Overený Microsoft: Nie
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Podvrhnutá cesta modulu: (77020000) C:\Windows\System32\psapi.dll

[S] explorer.exe
Spúšťa sa po štarte HKLM Winlogon [Shell]
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (73BF0000) C:\Windows\System32\FXSRESM.dll
Podvrhnutá cesta modulu: (74460000) C:\Windows\System32\ksuser.dll
Podvrhnutá cesta modulu: (76780000) C:\Windows\System32\iertutil.dll
Podvrhnutá cesta modulu: (76990000) C:\Windows\System32\urlmon.dll
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76BE0000) C:\Windows\System32\wininet.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Podvrhnutá cesta modulu: (77020000) C:\Windows\System32\psapi.dll
Podvrhnutá cesta modulu: (77030000) C:\Windows\System32\normaliz.dll

[R] SynTPEnh.exe
Iná ImageBase 00000000h
EntryPoint v sekcii:
|_ Celkový počet sekcií: 5
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (10000000) C:\Windows\System32\SynCOM.dll
Podvrhnutá cesta modulu: (63010000) C:\Windows\System32\SynTPAPI.dll
Podvrhnutá cesta modulu: (76780000) C:\Windows\System32\iertutil.dll
Podvrhnutá cesta modulu: (76990000) C:\Windows\System32\urlmon.dll
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76BE0000) C:\Windows\System32\wininet.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Podvrhnutá cesta modulu: (77020000) C:\Windows\System32\psapi.dll
Podvrhnutá cesta modulu: (77030000) C:\Windows\System32\normaliz.dll

[R] PLFSetI.exe
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[?] igfxtray.exe
Non Microsoft v System32:
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (01B80000) C:\Windows\System32\igfxrsky.lrc
Podvrhnutá cesta modulu: (028D0000) C:\Windows\System32\igfxress.dll
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[?] hkcmd.exe
Non Microsoft v System32:
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (02A00000) C:\Windows\System32\igfxrsky.lrc
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[?] igfxpers.exe
Non Microsoft v System32:
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] msseces.exe
Overený Microsoft: Nie
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76780000) C:\Windows\System32\iertutil.dll
Podvrhnutá cesta modulu: (76990000) C:\Windows\System32\urlmon.dll
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76BE0000) C:\Windows\System32\wininet.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Podvrhnutá cesta modulu: (77020000) C:\Windows\System32\psapi.dll
Podvrhnutá cesta modulu: (77030000) C:\Windows\System32\normaliz.dll

[R] BackupManagerTray.exe
Spúšťa sa po štarte HKLM Run [BackupManagerTray]
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] SynTPHelper.exe
Iná ImageBase 00000000h
EntryPoint v sekcii:
|_ Celkový počet sekcií: 5
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Podvrhnutá cesta modulu: (77020000) C:\Windows\System32\psapi.dll

[R] LManager.exe
Spúšťa sa po štarte HKLM Run [LManager]
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[?] igfxsrvc.exe
Non Microsoft v System32:
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (00320000) C:\Windows\System32\igfxdev.dll
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Nemá okno

[R] jusched.exe
Spúšťa sa po štarte HKLM Run [SunJavaUpdateSched]
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] hqtray.exe
Spúšťa sa po štarte HKLM Run [VMware hqtray]
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[S] SearchIndexer.exe
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Podvrhnutá cesta modulu: (77020000) C:\Windows\System32\psapi.dll

[S] wmpnetwk.exe
Iná ImageBase 00000000h
BaseAddress
Skrytá cesta EXE:
Podvrhnutá cesta modulu: (6FE60000) C:\Windows\System32\wmploc.DLL
Podvrhnutá cesta modulu: (73150000) [DLL] ?
Podvrhnutá cesta modulu: (76780000) C:\Windows\System32\iertutil.dll
Podvrhnutá cesta modulu: (76990000) C:\Windows\System32\urlmon.dll
Podvrhnutá cesta modulu: (76AE0000) C:\Windows\System32\user32.dll
Podvrhnutá cesta modulu: (76BE0000) C:\Windows\System32\wininet.dll
Podvrhnutá cesta modulu: (76D40000) C:\Windows\System32\kernel32.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Podvrhnutá cesta modulu: (77030000) C:\Windows\System32\normaliz.dll

[R] TOTALCMD.EXE
EntryPoint v sekcii: CODE
|_ Celkový počet sekcií: 8
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] firefox.exe
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[R] plugin-container.exe
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll

[?] UPM.exe
Podvrhnutá cesta modulu: (74140000) C:\Windows\System32\wow64cpu.dll
Podvrhnutá cesta modulu: (74150000) C:\Windows\System32\wow64win.dll
Podvrhnutá cesta modulu: (741B0000) C:\Windows\System32\wow64.dll
Podvrhnutá cesta modulu: (76E60000) C:\Windows\System32\ntdll.dll
Súbor 7%


Po spustení
================================================================

Služby (Zobraz bežiace: True, Zobraz zastavené: False, Zobraz i bezpečné: False)
================================================================
[X] Application Experience
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\aelupsvc.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Application Experience Service
| |_ MD5:
|
|_ Meno: AeLookupSvc
|_ StartName: localSystem
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency:

[X] Windows Audio Endpoint Builder
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\Audiosrv.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Windows Audio Service
| |_ MD5:
|
|_ Meno: AudioEndpointBuilder
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: PlugPlay

[X] Windows Audio
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\Audiosrv.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Windows Audio Service
| |_ MD5:
|
|_ Meno: AudioSrv
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: AudioEndpointBuilder

[X] Base Filtering Engine
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\bfe.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Base Filtering Engine
| |_ MD5:
|
|_ Meno: BFE
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: RpcSs

[X] Computer Browser
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\browser.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Computer Browser Service DLL
| |_ MD5:
|
|_ Meno: Browser
|_ StartName: LocalSystem
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: LanmanWorkstation

[X] DNS Client
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\dnsrslvr.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: DNS Caching Resolver Service
| |_ MD5:
|
|_ Meno: Dnscache
|_ StartName: NT AUTHORITY\NetworkService
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: Tdx

[X] Function Discovery Provider Host
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\fdPHost.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Function Discovery Provider host service
| |_ MD5:
|
|_ Meno: fdPHost
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: RpcSs

[X] Function Discovery Resource Publication
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\fdrespub.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Function Discovery Resource Publication Service
| |_ MD5:
|
|_ Meno: FDResPub
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: RpcSs

[X] Windows Font Cache Service
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\FntCache.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Windows Font Cache Service
| |_ MD5:
|
|_ Meno: FontCache
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency:

[X] IKE and AuthIP IPsec Keying Modules
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\ikeext.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: IKE extension
| |_ MD5:
|
|_ Meno: IKEEXT
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: BFE

[X] IP Helper
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\iphlpsvc.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Service that offers IPv6 connectivity over an IPv4 network.
| |_ MD5:
|
|_ Meno: iphlpsvc
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: RpcSS

[X] CNG Key Isolation
|_ Cesta: C:\Windows\system32\lsass.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Local Security Authority Process
| |_ MD5:
|
|_ Meno: KeyIso
|_ StartName: LocalSystem
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: RpcSs

[X] Server
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\srvsvc.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Server Service DLL
| |_ MD5:
|
|_ Meno: LanmanServer
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: SamSS

[X] Workstation
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\wkssvc.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Workstation Service DLL
| |_ MD5:
|
|_ Meno: LanmanWorkstation
|_ StartName: NT AUTHORITY\NetworkService
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: Bowser

[X] TCP/IP NetBIOS Helper
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\lmhsvc.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: TCPIP NetBios Transport Services DLL
| |_ MD5:
|
|_ Meno: lmhosts
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: NetBT

[X] Multimedia Class Scheduler
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\mmcss.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Multimedia Class Scheduler Service
| |_ MD5:
|
|_ Meno: MMCSS
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Zastavené
|_ Typ: Win32 Share Process
|_ Dependency:

[X] Brána Windows Firewall
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\mpssvc.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Služba MPS (Microsoft Protection Service)
| |_ MD5:
|
|_ Meno: MpsSvc
|_ StartName: NT Authority\LocalService
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: mpsdrv

[X] Sieťové pripojenia
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\netman.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Network Connections Manager
| |_ MD5:
|
|_ Meno: Netman
|_ StartName: LocalSystem
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: RpcSs

[X] Network Location Awareness
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\nlasvc.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Network Location Awareness 2
| |_ MD5:
|
|_ Meno: NlaSvc
|_ StartName: NT AUTHORITY\NetworkService
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: NSI

[X] Network Store Interface Service
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\nsisvc.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Network Store Interface RPC server
| |_ MD5:
|
|_ Meno: nsi
|_ StartName: NT Authority\LocalService
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: nsiproxy

[X] Program Compatibility Assistant Service
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\pcasvc.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Program Compatibility Assistant Service
| |_ MD5:
|
|_ Meno: PcaSvc
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: RpcSs

[X] Plug and Play
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\umpnpmgr.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: User-mode Plug-and-Play Service
| |_ MD5:
|
|_ Meno: PlugPlay
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency:

[X] Power
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\umpo.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: User-mode Power Service
| |_ MD5:
|
|_ Meno: Power
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency:

[X] User Profile Service
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\profsvc.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: ProfSvc
| |_ MD5:
|
|_ Meno: ProfSvc
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: RpcSs

[X] Remote Access Connection Manager
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\rasmans.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Remote Access Connection Manager
| |_ MD5:
|
|_ Meno: RasMan
|_ StartName: localSystem
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: Tapisrv

[X] RPC Endpoint Mapper
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\RpcEpMap.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: RPC Endpoint Mapper
| |_ MD5:
|
|_ Meno: RpcEptMapper
|_ StartName: NT AUTHORITY\NetworkService
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency:

[?] Raw Socket Service
|_ Cesta: C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
| |_ Výrobca: Acer Incorporated
| |_ Popis: Raw Socket Service
| |_ MD5: B5A4B7D779CF4070DF408DE18BD33B02
|
|_ Meno: RS_Service
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Own Process
|_ Dependency:

[X] Security Accounts Manager
|_ Cesta: C:\Windows\system32\lsass.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Local Security Authority Process
| |_ MD5:
|
|_ Meno: SamSs
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: RPCSS

[X] Plánovač úloh
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\schedsvc.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Task Scheduler Service
| |_ MD5:
|
|_ Meno: Schedule
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: RPCSS

[X] Print Spooler
|_ Cesta: C:\Windows\System32\spoolsv.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Spooler SubSystem App
| |_ MD5:
|
|_ Meno: Spooler
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ:
|_ Dependency: RPCSS

[X] Software Protection
|_ Cesta: C:\Windows\system32\sppsvc.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Microsoft Software Protection Platform Service
| |_ MD5:
|
|_ Meno: sppsvc
|_ StartName: NT AUTHORITY\NetworkService
|_ Typ spúšťania: Auto Start
|_ Status: Zastavené
|_ Typ: Win32 Own Process
|_ Dependency: RpcSs

[!] Spyware Terminator Realtime Shield Service
|_ Cesta: C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
| |_ Výrobca: Xacti LLC
| |_ Popis:
| |_ MD5: C7F6DBE915AF3A17772690135A9DD5E0
|
|_ Meno: sp_rssrv
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Own Process
|_ Dependency:

[X] SSDP Discovery
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\ssdpsrv.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: SSDP Service DLL
| |_ MD5:
|
|_ Meno: SSDPSRV
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: HTTP

[X] Secure Socket Tunneling Protocol Service
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\sstpsvc.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Provides the facility of using Secure Socket Tunneling Protocol (SSTP) to connect to remote computers (using VPN).
| |_ MD5:
|
|_ Meno: SstpSvc
|_ StartName: NT Authority\LocalService
|_ Typ spúšťania: Ručné spustenie
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency:

[X] Rýchle načítanie
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\sysmain.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Hostiteľ služby rýchleho načítania
| |_ MD5:
|
|_ Meno: SysMain
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: rpcss

[X] Themes
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\themeservice.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Windows Shell Theme Service Dll
| |_ MD5:
|
|_ Meno: Themes
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency:

[?] Ulead Burning Helper
|_ Cesta: C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
| |_ Výrobca: Ulead Systems, Inc.
| |_ Popis: ULCDRSvr
| |_ MD5: 332D341D92B933600D41953B08360DFB
|
|_ Meno: UleadBurningHelper
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Own Process
|_ Dependency:

[?] CLCV0
|_ Cesta: C:\Windows\system32\UTSCSI.EXE
| |_ Výrobca:
| |_ Popis: UTSCSI Application
| |_ MD5: 8AFFFDA081CFF3057391FEDBBB483601
|
|_ Meno: UTSCSI
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Own Process
|_ Dependency:

[X] Správca relácie Správcu okien na pracovnej ploche
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\uxsms.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Microsoft User Experience Session Management Service
| |_ MD5:
|
|_ Meno: UxSms
|_ StartName: localSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency:

[X] Windows Management Instrumentation
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\wbem\WMIsvc.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: WMI
| |_ MD5:
|
|_ Meno: Winmgmt
|_ StartName: localSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: RPCSS

[X] WLAN AutoConfig
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\wlansvc.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Windows WLAN AutoConfig Service DLL
| |_ MD5:
|
|_ Meno: Wlansvc
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: nativewifip

[X] Security Center
|_ Cesta: C:\Windows\System32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\wscsvc.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Windows Security Center Service
| |_ MD5:
|
|_ Meno: wscsvc
|_ StartName: NT AUTHORITY\LocalService
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: RpcSs

[X] Windows Update
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\system32\wuaueng.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Windows Update Agent
| |_ MD5:
|
|_ Meno: wuauserv
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: rpcss

[X] Windows Driver Foundation - User-mode Driver Framework
|_ Cesta: C:\Windows\system32\svchost.exe
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Host Process for Windows Services
| |_ MD5: 54A47F6B5E09A77E61649109C6A08866
|
|_ ServiceDLL: C:\Windows\System32\WUDFSvc.dll
| |_ Výrobca: Microsoft Corporation
| |_ Popis: Windows Driver Foundation - User-mode Driver Framework Service
| |_ MD5:
|
|_ Meno: wudfsvc
|_ StartName: LocalSystem
|_ Typ spúšťania: Auto Start
|_ Status: Spustené
|_ Typ: Win32 Share Process
|_ Dependency: PlugPlay


Moduly (Zobraz i bezpečné: False, Len bez výrobcu: True, Zobraz registrované: False)
================================================================
[?] msdbg2.dll
|_ Cesta: C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MSDBG2.DLL
|_ MD5: 39DCDEF85186EEB902AF449D0C6CB6E4
|_ Výrobca: Microsoft Corporation
|_ Procesy
|_ MDM.EXE (1676)

[?] vssagent.dll
|_ Cesta: C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\VssAgent.dll
|_ MD5: F672257134F8045A7B0D66A0833D472F
|_ Výrobca: NewTech Infosystems, Inc.
|_ Procesy
|_ IScheduleSvc.exe (1712)

[?] ishadows3.dll
|_ Cesta: C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IShadowS3.dll
|_ MD5: 14810D7E49716579D1EDC8497CFB1971
|_ Výrobca: NewTech Infosystems, Inc.
|_ Procesy
|_ IScheduleSvc.exe (1712)

[?] pehook.dll
|_ Cesta: C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\Pehook.dll
|_ MD5: 7E6C97FB645C2925DF60228959E10551
|_ Výrobca: NewTech Infosystems, Inc.
|_ Procesy
|_ IScheduleSvc.exe (1712)

[?] ace.dll
|_ Cesta: C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll
|_ MD5: 484B0D16F7D2A1BF51E84D6A9636E0B1
|_ Výrobca: ?
|_ Procesy
|_ IScheduleSvc.exe (1712)

[?] ischedule.dll
|_ Cesta: C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ISchedule.dll
|_ MD5: B3C57558A2FFB99BD5FFD0941B8B4115
|_ Výrobca: NewTech Infosystems, Inc.
|_ Procesy
|_ IScheduleSvc.exe (1712)

[?] sqlite3.dll
|_ Cesta: C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
|_ MD5: BD8146312FFE5F51DA66E7725E989E36
|_ Výrobca:
|_ Procesy
|_ IScheduleSvc.exe (1712)
|_ BackupManagerTray.exe (2676)

[?] wirelessdll.dll
|_ Cesta: C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\WirelessDll.dll
|_ MD5: C2F7BDB29D6399593A7DD0E91FAC818A
|_ Výrobca: NewTech Infosystems, Inc.
|_ Procesy
|_ IScheduleSvc.exe (1712)

[?] agent_stub.dll
|_ Cesta: C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\agent_stub.dll
|_ MD5: 9CFCFE18966B3D9F4682FC6990F96F55
|_ Výrobca: NewTech Infosystems, Inc.
|_ Procesy
|_ IScheduleSvc.exe (1712)

[?] pluginraid_enu.dll
|_ Cesta: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\PlugInRAID_ENU.dll
|_ MD5: 15C42334805B711FBF0C788A1D751528
|_ Výrobca: Intel Corporation
|_ Procesy
|_ IAANTmon.exe (1108)

[?] isdi.dll
|_ Cesta: C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll
|_ MD5: 984BDAC9F4FC9993CE8D3A7D7DA3E9A5
|_ Výrobca: Intel Corporation
|_ Procesy
|_ IAANTmon.exe (1108)

[?] upm.dll
|_ Cesta: C:\Program Files (x86)\Ultimate Process Manager\upm.dll
|_ MD5: 9D9AA74910EE283E95214ABEADC779BD
|_ Výrobca: Lodus Software
|_ Procesy
|_ UPM.exe (2648)

[!] prjxtab.ocx
|_ Cesta: C:\Program Files (x86)\Ultimate Process Manager\prjXTab.ocx
|_ MD5: DE745F09FC7C607841519AD559C33AC3
|_ Výrobca: xyz
|_ Procesy
|_ UPM.exe (2648)



================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]

Re: Prosím o kontrolu logu

Napsal: 10 črc 2011 19:22
od Rudy
Log vypadá OK. Nějaký problém?

Re: Prosím o kontrolu logu

Napsal: 10 črc 2011 19:33
od clifo
Dlhé spúšťanie WIN7 - po spustení a prihlásení točí diskom ešte asi tak cca 2 min a systém je veľmi pomalý.
To krútenie disku nastáva aj počas bežnej práce s PC (internet, word,exel)

Re: Prosím o kontrolu logu

Napsal: 10 črc 2011 19:46
od Rudy
OK. Dejte ještě log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: Prosím o kontrolu logu

Napsal: 10 črc 2011 20:34
od clifo
ComboFix 11-07-10.03 - clifo . 07. 2011 21:11:58.1.1 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3003.300 [GMT 2:00]
Running from: c:\program files (x86)\combofix\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\clifo\Documents\cc_20110703_213527.reg
c:\windows\12.jpg
.
.
((((((((((((((((((((((((( Files Created from 2011-06-10 to 2011-07-10 )))))))))))))))))))))))))))))))
.
.
2011-07-10 19:28 . 2011-07-10 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-10 19:01 . 2011-07-10 19:02 -------- d-----w- C:\32788R22FWJFW
2011-07-10 19:00 . 2011-07-10 19:00 -------- d-----w- c:\program files (x86)\combofix
2011-07-10 18:25 . 2011-07-10 18:25 -------- d-----w- c:\users\clifo\AppData\Roaming\SUPERAntiSpyware.com
2011-07-10 18:25 . 2011-07-10 18:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-07-10 18:25 . 2011-07-10 18:25 -------- d-----w- c:\programdata\!SASCORE
2011-07-10 18:25 . 2011-07-10 18:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-07-10 17:22 . 2011-07-10 18:04 -------- d-----w- c:\program files (x86)\Ultimate Process Manager
2011-07-10 14:22 . 2011-07-10 14:22 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-10 14:22 . 2011-07-10 14:22 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-10 14:13 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1BA603B8-750B-4438-B1DC-15C79D956C94}\mpengine.dll
2011-07-02 13:16 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2011-07-02 13:16 . 2011-03-19 19:00 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2011-07-02 13:16 . 2008-09-24 18:41 839680 ----a-w- c:\windows\SysWow64\lameACM.acm
2011-07-02 13:16 . 2011-06-02 00:15 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2011-07-02 13:16 . 2011-06-02 00:10 644608 ----a-w- c:\windows\SysWow64\xvidcore.dll
2011-07-02 13:16 . 2010-11-03 18:08 237568 ----a-w- c:\windows\SysWow64\yv12vfw.dll
2011-07-02 13:16 . 2011-06-16 08:00 73216 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2011-07-02 13:16 . 2011-07-02 13:17 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2011-07-02 09:38 . 2011-07-02 09:38 -------- d-----w- c:\users\clifo\AppData\Local\ArcSoft
2011-07-02 09:38 . 2011-07-02 09:38 -------- d-----w- C:\WinFast WorkArea
2011-07-02 09:33 . 2011-07-02 09:38 -------- d-----w- c:\users\clifo\AppData\Roaming\ArcSoft
2011-07-02 09:33 . 2011-07-02 09:35 -------- d-----w- c:\programdata\ArcSoft
2011-07-02 09:33 . 2011-07-02 09:33 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems
2011-07-02 09:32 . 2002-12-05 12:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-07-02 09:32 . 2002-12-02 11:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-07-02 09:32 . 2011-07-02 09:32 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-07-02 09:32 . 2011-07-02 09:32 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-07-02 09:32 . 2003-02-27 14:12 696320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-07-02 09:32 . 2002-12-02 13:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-07-02 09:32 . 2002-12-02 11:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-07-02 09:32 . 2008-08-13 07:35 20480 ----a-w- c:\program files\Windows Sidebar\Gadgets\PVR2Remote.Gadget\ClassLibrary1.dll
2011-07-02 09:31 . 2011-07-02 10:50 -------- d-----w- c:\program files\WinFast
2011-07-02 09:31 . 2011-07-02 09:31 -------- d-----w- c:\users\clifo\AppData\Roaming\InstallShield Installation Information
2011-07-02 07:54 . 2011-07-02 07:54 -------- d-----w- c:\windows\SysWow64\WinFast
2011-07-02 07:54 . 2011-07-02 07:54 -------- d-----w- c:\users\clifo\AppData\Roaming\InstallShield
2011-06-21 10:42 . 2011-06-21 10:42 -------- d-----w- c:\users\clifo\AppData\Roaming\Ashampoo
2011-06-21 10:28 . 2011-06-21 10:28 -------- d-----w- c:\users\clifo\AppData\Local\ashampoo
2011-06-21 10:28 . 2011-06-21 10:28 -------- d-----w- c:\programdata\ashampoo
2011-06-21 10:28 . 2011-06-21 10:28 -------- d-----w- c:\program files (x86)\Ashampoo
2011-06-17 10:11 . 2011-06-17 10:11 -------- d-----w- C:\_Oscam
2011-06-15 08:09 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 08:09 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-06-15 08:09 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 08:09 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 08:09 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 08:09 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 08:09 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 08:09 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 08:09 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 08:09 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-15 08:09 . 2011-05-28 03:06 3135488 ----a-w- c:\windows\system32\win32k.sys
2011-06-15 08:09 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 08:09 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 07:55 . 2011-07-02 10:30 -------- d-----w- c:\program files (x86)\SAMSUNG
2011-06-15 07:48 . 2009-11-19 18:35 1531392 ----a-w- c:\temp\TSDNWIN.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-06 06:52 . 2010-09-16 16:40 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-07-06 06:52 . 2010-09-16 16:40 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-06-26 14:54 . 2010-08-28 15:25 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-06-15 08:03 . 2011-05-27 04:46 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-14 05:22 . 2010-08-28 15:25 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-07 17:10 . 2011-05-15 10:11 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-15 10:07 . 2011-05-15 10:07 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-11 08:14 . 2011-05-21 04:24 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-05-11 08:14 . 2011-05-21 04:24 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{25A0E4E6-BA44-41E7-A78E-DCB16BE305F8}\gapaengine.dll
2011-04-22 22:15 . 2011-05-25 07:22 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 15:21 . 2011-04-22 15:21 22 --sha-w- c:\users\clifo\AppData\Roaming\Sys6925.Config Collection.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-30 2988928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1091152]
"PDVD8LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-15 50472]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2011-03-25 64112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux4"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola siete od spoloŔnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 PCANDIS4_RETWIFI;PCANDIS4_RETWIFI Protocol Driver;c:\progra~2\EEYEDI~1\RETINA~1\PCANDIS4_RETWIFI.SYS [x]
R3 PCANDIS5_WIFISCAN.SYS;PCANDIS5_WIFISCAN.SYS;c:\program files (x86)\eEye Digital Security\Retina Wireless Scanner\PCANDIS5_WIFISCAN.SYS [2004-06-03 22131]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Slu×ba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-05-04 128384]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2009-08-24 107016]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-24 1960744]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-01 2296696]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-03-25 539248]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASKUTIL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-08-11 206208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041b&m=aspire_3810t&r=27360810x706l0431z1k5t5471t465
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041b&m=aspire_3810t&r=27360810x706l0431z1k5t5471t465
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 10.44.244.100:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xportovaŁ do programu Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WebIE.dll
LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
TCP: DhcpNameServer = 195.146.132.58 195.146.128.62
TCP: Interfaces\{40488FB7-C443-467F-9E4A-B3905333493D}: NameServer = 10.44.1.200
FF - ProfilePath - c:\users\clifo\AppData\Roaming\Mozilla\Firefox\Profiles\2nsxbpwu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.ftp - 10.44.244.100
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 10.44.244.100
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 10.44.244.100
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 10.44.244.100
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 10.44.244.100
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Wow6432Node-HKCU-Run-Nektra OEAPI - (no file)
Wow6432Node-HKCU-Run-OEXPRESS - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-IAAnotif - c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-10 21:32:25
ComboFix-quarantined-files.txt 2011-07-10 19:32
.
Pre-Run: 116á310á573á056 bytes free
Post-Run: 115á940á134á912 bytes free
.
- - End Of File - - BF246D985CC7AFB62D02362B5C9C5CB6

Re: Prosím o kontrolu logu

Napsal: 10 črc 2011 20:38
od Rudy
Několik položek CF smazal, zbytek logu vypadá čistý. Nastala nějaká změna?

Re: Prosím o kontrolu logu

Napsal: 10 črc 2011 22:52
od clifo
Odozva systému sa zlepšila -disk sa točí stále.

V ďaka - asi to preinštalujem.

Re: Prosím o kontrolu logu

Napsal: 11 črc 2011 16:36
od Rudy
Udělejte ještě sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz