UMP

Chtěl bych se zeptat jestli je tenhle log v pořádku ?

Windows XP SP 3 (build 2600)
Internet Explorer v7.00.5730.13 (longhorn(wmbla).070711-1130)
Log vygenerován:26.7.2008 17:57:33
================================================================

Test UPM
Testuji funkce... OK

Běžící procesy
================================================================
C:\WINDOWS\SYSTEM32\SMSS.EXE
C:\WINDOWS\SYSTEM32\CSRSS.EXE
C:\WINDOWS\SYSTEM32\WINLOGON.EXE
C:\WINDOWS\SYSTEM32\SERVICES.EXE
C:\WINDOWS\SYSTEM32\LSASS.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\SCHED.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE12\GROOVEMONITOR.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGNT.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\WINDOWS\MHOTKEY.EXE
C:\PROGRAM FILES\SPYBOT - SEARCH & DESTROY\TEATIMER.EXE
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\PROGRAM FILES\BITLORD\BITLORD.EXE
C:\PROGRAM FILES\AVIRA\ANTIVIR PERSONALEDITION CLASSIC\AVGUARD.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\PROGRAM FILES\SPYWARE TERMINATOR\SP_RSSER.EXE
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\WDFMGR.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\WINDOWS\SYSTEM32\ALG.EXE
C:\PROGRAM FILES\SKYPE\PHONE\SKYPE.EXE
C:\WINDOWS\SYSTEM32\CMD.EXE
C:\DOCUMENTS AND SETTINGS\VLASTÍK\PLOCHA\UPM\UPM.EXE

Scanner
================================================================
[?] smss.exe
Nemá okno

[?] csrss.exe
Nemá okno

[?] winlogon.exe
Nemá okno

[?] services.exe
Nemá okno

[?] lsass.exe
Nemá okno

[?] svchost.exe
Nemá okno

[?] svchost.exe
Nemá okno

[?] svchost.exe
Nemá okno

[?] svchost.exe
Nemá okno

[?] svchost.exe
Nemá okno

[?] spoolsv.exe
Nemá okno

[?] sched.exe
Skrytý modul: 00CB0000h C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll
Nemá okno

[?] explorer.exe
Skrytý modul: 10000000h C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[?] GrooveMonitor.exe
Spouští se po startu HKLM Run ["C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"]
Skrytý modul: 68EF0000h C:\PROGRA~1\MICROS~2\Office12\GrooveUtil.dll
Skrytý modul: 68FF0000h C:\PROGRA~1\MICROS~2\Office12\GrooveNew.dll

[?] avgnt.exe
Spouští se po startu HKLM Run ["C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min]

[?] soundman.exe

[?] rundll32.exe

[?] mHotkey.exe

[?] TeaTimer.exe
Spouští se po startu HKCU Run [C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe]
EntryPoint v sekci: .ITEXT
|_ Celkový počet sekcí: 10
Skrytý modul: 031B0000h C:\Program Files\Spybot - Search & Destroy\advcheck.dll

[?] ctfmon.exe
Spouští se po startu HKCU Run [C:\WINDOWS\system32\ctfmon.exe]

[?] BitLord.exe
Spouští se po startu HKCU Run ["C:\Program Files\BitLord\BitLord.exe"]

[?] avguard.exe
Skrytý modul: 01CD0000h C:\Program Files\Avira\AntiVir PersonalEdition Classic\avipc.dll
Nemá okno

[?] nvsvc32.exe
Non Microsoft v System32: NVIDIA Corporation

[?] sp_rsser.exe
EntryPoint v sekci: .ITEXT
|_ Celkový počet sekcí: 9
Nemá okno

[?] svchost.exe
Nemá okno

[?] wdfmgr.exe
Nemá okno

[?] wscntfy.exe

[?] alg.exe
Nemá okno

[?] Skype.exe
EntryPoint v sekci: CODE
|_ Celkový počet sekcí: 8

[?] cmd.exe

[R] upm.exe

Po spuštění
================================================================

HKCU Run
|_ [?][SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
|_ [S][ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
|_ [?][BitComet] C:\Program Files\BitLord\BitLord.exe

HKLM Run
|_ [X][nwiz] nwiz.exe /install (Soubor nenalezen)
|_ [?][NvCplDaemon] C:\WINDOWS\system32\NvCpl.dll
|_ [S][GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
|_ [?][avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
|_ [?][SoundMan] C:\WINDOWS\SOUNDMAN.EXE
|_ [?][NvMediaCenter] C:\WINDOWS\system32\NvMcTray.dll
|_ [?][CHotkey] C:\WINDOWS\mHotkey.exe
|_ [?][HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
|_ [?][Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
|_ [?][QuickTime Task] C:\Program Files\QuickTime\QTTask.exe

HKLM ShellServiceObjectDelayLoad
|_ [S][PostBootReminder] C:\WINDOWS\system32\SHELL32.dll
|_ [S][CDBurn] C:\WINDOWS\system32\SHELL32.dll
|_ [S][WebCheck] C:\WINDOWS\system32\webcheck.dll
|_ [S][SysTray] C:\WINDOWS\system32\stobject.dll

HKU Run
|_ [S][CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

HKLM Winlogon
|_ [S][Shell] C:\WINDOWS\Explorer.exe

HKLM Winlogon Notify
|_ [S][crypt32chain] C:\WINDOWS\system32\crypt32.dll
|_ [S][cryptnet] C:\WINDOWS\system32\cryptnet.dll
|_ [S][cscdll] C:\WINDOWS\system32\cscdll.dll
|_ [S][dimsntfy] C:\WINDOWS\System32\dimsntfy.dll
|_ [S][ScCertProp] C:\WINDOWS\system32\wlnotify.dll
|_ [S][Schedule] C:\WINDOWS\system32\wlnotify.dll
|_ [S][sclgntfy] C:\WINDOWS\system32\sclgntfy.dll
|_ [S][SensLogn] C:\WINDOWS\system32\WlNotify.dll
|_ [S][termsrv] C:\WINDOWS\system32\wlnotify.dll
|_ [S][wlballoon] C:\WINDOWS\system32\wlnotify.dll

Po spuštění
|_ LDE.dll
|_ MSCOMCTL.OCX
|_ prjXTab.ocx
|_ proc.db
|_ upm.dll
|_ upm.exe
|_ upm.exe.manifest
|_ upm_logfile.txt
|_ _MAKE_LOG_CZ.bat
|_ _MAKE_LOG_EN.bat
|_ _reg.bat
|_ [!][LDE.dll] LDE.dll
|_ [S][MSCOMCTL.OCX] MSCOMCTL.OCX
|_ [?][prjXTab.ocx] prjXTab.ocx
|_ [!][proc.db] proc.db
|_ [?][upm.dll] upm.dll
|_ [R][upm.exe] upm.exe
|_ [!][upm.exe.manifest] upm.exe.manifest
|_ [!][upm_logfile.txt] upm_logfile.txt
|_ [!][_MAKE_LOG_CZ.bat] _MAKE_LOG_CZ.bat
|_ [!][_MAKE_LOG_EN.bat] _MAKE_LOG_EN.bat
|_ [!][_reg.bat] _reg.bat

HKLM BHO
|_ [X][{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] (Soubor nenalezen)
|_ [?][{53707962-6F74-2D53-2644-206D7942484F}] C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
|_ [S][{72853161-30C5-4D22-B7F9-0BBC1D38A37E}] C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
|_ [?][{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

HKCU IE WebBrowser Toolbar
|_ [S][{01E04581-4EEE-11D0-BFE9-00AA005B4383}] C:\WINDOWS\System32\browseui.dll
|_ [S][{0E5CBF21-D15F-11D0-8301-00AA005B4383}] C:\WINDOWS\system32\SHELL32.dll
|_ [X][{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] (Soubor nenalezen)

Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i služby Microsoftu: False)
================================================================
[?] Avira AntiVir Personal – Free Antivirus Scheduler
|_ Cesta: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
| |_ Výrobce: Avira GmbH
| |_ Popis: Antivirus Scheduler
| |_ MD5: 9773E0650E0BAB7AE161D2A0ECC7678A
|
|_ Jméno: AntiVirScheduler
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:

[?] Avira AntiVir Personal – Free Antivirus Guard
|_ Cesta: C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
| |_ Výrobce: Avira GmbH
| |_ Popis: Antivirus On-Access Service
| |_ MD5: C17761C7381E028EBCA071944A97EB3E
|
|_ Jméno: AntiVirService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:

[?] NVIDIA Display Driver Service
|_ Cesta: C:\WINDOWS\system32\nvsvc32.exe
| |_ Výrobce: NVIDIA Corporation
| |_ Popis: NVIDIA Driver Helper Service, Version 169.21
| |_ MD5: 472A00D2183C9E5EDB3E076272741812
|
|_ Jméno: NVSvc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Spyware Terminator Realtime Shield Service
|_ Cesta: C:\Program Files\Spyware Terminator\sp_rsser.exe
| |_ Výrobce: Crawler.com
| |_ Popis: Spyware Terminator Realtime Shield Service
| |_ MD5: 20CC04B6DC942027B294415CC7689204
|
|_ Jméno: sp_rssrv
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

Moduly (Zobraz i DLL Microsoftu: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[!] ogg.dll
|_ Cesta: C:\WINDOWS\system32\ogg.dll
|_ MD5: F976B69E1FA2C49F7756F0E50D0134AD
|_ Výrobce:
|_ Procesy
|_ winlogon.exe (688)
|_ lsass.exe (744)
|_ svchost.exe (908)
|_ svchost.exe (964)
|_ svchost.exe (1060)
|_ svchost.exe (1104)
|_ svchost.exe (1160)
|_ spoolsv.exe (1432)
|_ explorer.exe (1708)
|_ rundll32.exe (1876)
|_ mHotkey.exe (1884)
|_ ctfmon.exe (1940)
|_ svchost.exe (376)
|_ alg.exe (2452)
|_ Skype.exe (1832)

[!] vorbis.dll
|_ Cesta: C:\WINDOWS\system32\vorbis.dll
|_ MD5: 91893A79006DD7DEDC0123756A3C2868
|_ Výrobce:
|_ Procesy
|_ winlogon.exe (688)
|_ lsass.exe (744)
|_ svchost.exe (908)
|_ svchost.exe (964)
|_ svchost.exe (1060)
|_ svchost.exe (1104)
|_ svchost.exe (1160)
|_ spoolsv.exe (1432)
|_ explorer.exe (1708)
|_ rundll32.exe (1876)
|_ mHotkey.exe (1884)
|_ ctfmon.exe (1940)
|_ svchost.exe (376)
|_ alg.exe (2452)
|_ Skype.exe (1832)

[!] hpzsnt09.dll
|_ Cesta: C:\WINDOWS\system32\hpzsnt09.dll
|_ MD5: ECCDE2AE64EE1AD0C58F76DB4177A938
|_ Výrobce: HP
|_ Procesy
|_ spoolsv.exe (1432)

[!] sqlite3.dll
|_ Cesta: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sqlite3.dll
|_ MD5: A467ACDA6C73AE3F8DBC6B94602921B5
|_ Výrobce: ?
|_ Procesy
|_ sched.exe (1480)
|_ avguard.exe (1980)

[!] hkntdll.dll
|_ Cesta: C:\WINDOWS\HKNTDLL.dll
|_ MD5: 9D711D318BE62AC3245AFD4A7D555FBF
|_ Výrobce:
|_ Procesy
|_ explorer.exe (1708)
|_ mHotkey.exe (1884)
|_ Skype.exe (1832)

[!] unacev2.dll
|_ Cesta: C:\Program Files\Avira\AntiVir PersonalEdition Classic\unacev2.dll
|_ MD5: DE02C4D04088B69E64ECC30A3D9E22E5
|_ Výrobce:
|_ Procesy
|_ avguard.exe (1980)

[!] msdmo.dll
|_ Cesta: C:\WINDOWS\system32\msdmo.dll
|_ MD5: D3064968439A555CE8069552BDF1FF0C
|_ Výrobce: ?
|_ Procesy
|_ Skype.exe (1832)

[!] lde.dll
|_ Cesta: C:\Documents and Settings\Vlastík\Plocha\upm\LDE.dll
|_ MD5: 0F13A4173A599AAA15E3B270E5E27A7F
|_ Výrobce:
|_ Procesy
|_ upm.exe (2856)

================================================================
Ultimate Process Manager v4.0.0 - [ Lodus Software ]