VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Norton IS2010 mi nahlásil rootkit, pomůžete mi? Dík

https://forum.viry.cz:443/viewtopic.php?t=102127

Stránka 1 z 1

Norton IS2010 mi nahlásil rootkit, pomůžete mi? Dík

Napsal: 22 čer 2010 08:54
od multi
Logfile of random's system information tool 1.07 (written by random/random)
Run by pavel1 at 2010-06-22 09:52:05
Microsoft Windows XP Home Edition Service Pack 3
System drive H: has 13 GB (7%) free of 187 GB
Total RAM: 2047 MB (74% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:52:06, on 22.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\ICQ6Toolbar\ICQ Service.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\WINDOWS\runservice.exe
H:\WINDOWS\RTHDCPL.EXE
H:\WINDOWS\system32\PuXpMan2.exe
H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\Program Files\Java\jre6\bin\jusched.exe
H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
H:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
H:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
H:\Program Files\Labtec\Desktop\6.0\KbdAp32A.exe
H:\Program Files\Labtec\Desktop\6.0\MOffice.exe
H:\WINDOWS\system32\ctfmon.exe
H:\WINDOWS\system32\lxddcoms.exe
H:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
H:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
H:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
H:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Labtec\Desktop\6.0\Mouse32V.exe
H:\WINDOWS\system32\wscntfy.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Program Files\Internet Explorer\iexplore.exe
H:\Documents and Settings\pavel1\Plocha\RSIT.exe
H:\Program Files\trend micro\pavel1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://atlas.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - H:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - H:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - H:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - H:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Lexmark Panel nástrojů - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - H:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - H:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LXDDCATS] rundll32 H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [mspwr] H:\WINDOWS\system32\PuXpMan2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "H:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ISUSPM] "H:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "H:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [UIWatcher] H:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
O4 - HKCU\..\Run: [LWBKEYBOARD] "H:\Program Files\Labtec\Desktop\6.0\KbdAp32A.exe"
O4 - HKCU\..\Run: [LWBMOUSE] "H:\Program Files\Labtec\Desktop\6.0\MOffice.exe"
O4 - HKCU\..\Run: [ctfmon.exe] H:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Easy-WebPrint - Náhled - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Přidat na seznam k tisku - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint - Tisk - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Vysokorychlostní tisk - res://H:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Send to &Bluetooth Device... - H:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - H:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - H:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - H:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ICQ Service - Unknown owner - H:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - H:\WINDOWS\runservice.exe
O23 - Service: lxdd_device - - H:\WINDOWS\system32\lxddcoms.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - H:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - H:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - H:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - H:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
O23 - Service: PnkBstrB - Unknown owner - H:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Faces of War Drivers Auto Removal (pr2akrnb) (pr2akrnb) - Cenega Czech - H:\WINDOWS\system32\pr2akrnb.exe

--
End of file - 8918 bytes

======Scheduled tasks folder======

H:\WINDOWS\tasks\AppleSoftwareUpdate.job
H:\WINDOWS\tasks\User_Feed_Synchronization-{79F5167B-5097-44B5-B2A2-D92DCDC9CD85}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - H:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Panel nástrojů - H:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-10 184320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - H:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll [2010-03-26 394608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - H:\Program Files\Norton Internet Security\Engine\17.6.0.32\IPSBHO.DLL [2010-02-04 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - H:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - H:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Panel nástrojů - H:\Program Files\Lexmark Toolbar\toolband.dll [2006-08-10 184320]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - H:\Program Files\Norton Internet Security\Engine\17.6.0.32\coIEPlg.dll [2010-03-26 394608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2006-09-06 16262656]
"NvCplDaemon"=H:\WINDOWS\system32\NvCpl.dll [2008-11-12 13672448]
"nwiz"=nwiz.exe /install []
"LXDDCATS"=rundll32 H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16 []
"mspwr"=H:\WINDOWS\system32\PuXpMan2.exe [2005-09-29 110592]
"Adobe Photo Downloader"=H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
"QuickTime Task"=H:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]
"NvMediaCenter"=H:\WINDOWS\system32\NvMcTray.dll [2008-11-12 86016]
"SunJavaUpdateSched"=H:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"Adobe Reader Speed Launcher"=H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=H:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=H:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-10 218032]
"Sony Ericsson PC Suite"=H:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]
"UIWatcher"=H:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe [2008-07-28 1741184]
"LWBKEYBOARD"=H:\Program Files\Labtec\Desktop\6.0\KbdAp32A.exe [2007-03-26 395264]
"LWBMOUSE"=H:\Program Files\Labtec\Desktop\6.0\MOffice.exe [2007-04-11 457728]
"ctfmon.exe"=H:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
H:\Program Files\Lexmark Fax Solutions\fm3032.exe [2007-02-13 312240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
H:\Program Files\Lexmark 2500 Series\lxddamon.exe [2007-02-06 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
H:\Program Files\Lexmark 2500 Series\lxddmon.exe [2007-02-13 291760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
H:\Program Files\QuickTime\qttask.exe [2007-06-29 286720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
H:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Exif Launcher S.lnk]
H:\PROGRA~1\FINEPI~1\QUICKD~1.EXE [2007-01-30 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^pavel1^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
H:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE [2006-09-28 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\H:^Documents and Settings^pavel1^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
H:\PROGRA~1\Xfire\Xfire.exe [2005-09-09 2737288]

H:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - H:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveTrack"=
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\GameSpy Arcade\Aphex.exe"="H:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"H:\Program Files\Panzer Elite Action\Panzer Elite Action\pea.exe"="H:\Program Files\Panzer Elite Action\Panzer Elite Action\pea.exe:*:Enabled:Panzer Elite Action"
"H:\WINDOWS\system32\lxddcoms.exe"="H:\WINDOWS\system32\lxddcoms.exe:*:Enabled:Lexmark Communications System"
"H:\Program Files\Lexmark 2500 Series\lxddamon.exe"="H:\Program Files\Lexmark 2500 Series\lxddamon.exe:*:Enabled:Lexmark Device Monitor"
"H:\Program Files\Lexmark 2500 Series\app4r.exe"="H:\Program Files\Lexmark 2500 Series\app4r.exe:*:Enabled:Lexmark Imaging Studio"
"H:\WINDOWS\system32\PnkBstrA.exe"="H:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"H:\WINDOWS\system32\PnkBstrB.exe"="H:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"H:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="H:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
"H:\Program Files\Midway Games\Hour of Victory\Binaries\LTCG-HOVGame.exe"="H:\Program Files\Midway Games\Hour of Victory\Binaries\LTCG-HOVGame.exe:*:Enabled:Hour of Victory"
"C:\Program Files\SEGA\Beijing 2008\Beijing.exe"="C:\Program Files\SEGA\Beijing 2008\Beijing.exe:*:Enabled:Beijing 2008™"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"H:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe"="H:\Program Files\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"H:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe"="H:\Program Files\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"H:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe"="H:\Program Files\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"C:\Program Files\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe"="C:\Program Files\S.T.A.L.K.E.R. - Clear Sky\bin\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (CLI)"
"C:\Program Files\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe"="C:\Program Files\S.T.A.L.K.E.R. - Clear Sky\bin\dedicated\xrEngine.exe:*:Enabled:S.T.A.L.K.E.R. - Clear Sky (SRV)"
"C:\Program Files\BlackSite Area 51\Binaries\BlackSite.exe"="C:\Program Files\BlackSite Area 51\Binaries\BlackSite.exe:*:Enabled:Blacksite Area 51"
"C:\Program Files\Dead Space\Dead Space.exe"="C:\Program Files\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe"="C:\Program Files\Activision\Call of Duty - World at War\CoDWaW.exe:*:Enabled:Call of Duty(R) - World at War(TM)"
"H:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="H:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"H:\Program Files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe"="H:\Program Files\THQ\Frontlines-Fuel of War\Binaries\FFOW.exe:*:Enabled:Frontlines Game"
"C:\Program FilesTHQCompany of Heroes\RelicCOH.exe"="C:\Program FilesTHQCompany of Heroes\RelicCOH.exe:*:Enabled:Company of Heroes"
"C:\Program FilesTHQCompany of Heroes\RelicDownloader\RelicDownloader.exe"="C:\Program FilesTHQCompany of Heroes\RelicDownloader\RelicDownloader.exe:*:Enabled:Relic Downloader"
"H:\Program Files\Atari\Codename Panzers Cold War\Home\Game\CPCW.exe"="H:\Program Files\Atari\Codename Panzers Cold War\Home\Game\CPCW.exe:*:Enabled:Codename Panzers Cold War"
"H:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe"="H:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"
"H:\Program Files\Java\jre6\launch4j-tmp\frd.exe"="H:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary"
"H:\Program Files\ICQ6.5\ICQ.exe"="H:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"H:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat"="H:\Program Files\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II"
"H:\Program Files\order of war\oow_final_dx9.exe"="H:\Program Files\order of war\oow_final_dx9.exe:*:Enabled:ORDER OF WAR"
"H:\Program Files\Grand Master Chess Online\server.exe"="H:\Program Files\Grand Master Chess Online\server.exe:*:Enabled:server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\Lexmark 2500 Series\app4r.exe"="H:\Program Files\Lexmark 2500 Series\App4R.exe:*:Enabled:BorgListener"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-06-22 09:48:35 ----D---- H:\Program Files\trend micro
2010-06-22 09:48:33 ----D---- H:\rsit
2010-06-21 17:30:11 ----D---- H:\Documents and Settings\pavel1\Data aplikací\Tific
2010-06-21 16:56:13 ----D---- H:\Program Files\Symantec
2010-06-21 16:56:13 ----D---- H:\Program Files\Common Files\Symantec Shared
2010-06-21 16:56:13 ----A---- H:\WINDOWS\system32\S32EVNT1.DLL
2010-06-21 16:55:54 ----D---- H:\Program Files\Norton Internet Security
2010-06-21 16:55:53 ----D---- H:\Documents and Settings\All Users\Data aplikací\Norton
2010-06-21 16:45:02 ----D---- H:\Program Files\NortonInstaller
2010-06-21 16:45:02 ----D---- H:\Documents and Settings\All Users\Data aplikací\NortonInstaller
2010-06-21 11:15:05 ----D---- H:\WINDOWS\ERDNT
2010-06-11 22:56:41 ----HDC---- H:\WINDOWS\$NtUninstallKB980218$
2010-06-11 22:56:34 ----HDC---- H:\WINDOWS\$NtUninstallKB980195$
2010-06-11 22:55:28 ----HDC---- H:\WINDOWS\$NtUninstallKB979559$
2010-06-11 22:50:01 ----HDC---- H:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-11 22:49:54 ----HDC---- H:\WINDOWS\$NtUninstallKB979482$
2010-06-11 22:49:50 ----A---- H:\WINDOWS\imsins.BAK
2010-06-11 22:49:44 ----HDC---- H:\WINDOWS\$NtUninstallKB975562$
2010-06-09 18:38:57 ----D---- H:\Program Files\Common Files\ChessBase
2010-06-08 15:27:18 ----D---- H:\Program Files\Western Digital Corp
2010-06-07 20:15:22 ----D---- H:\Program Files\Western Digital
2010-05-28 20:38:37 ----D---- H:\Documents and Settings\All Users\Data aplikací\DivX
2010-05-28 20:30:26 ----D---- H:\Program Files\World War One Gold
2010-05-27 19:45:23 ----D---- H:\Program Files\War Chess
2010-05-27 19:45:05 ----D---- H:\Program Files\ReflexiveArcade
2010-05-26 19:13:34 ----HDC---- H:\WINDOWS\$NtUninstallKB981793$
2010-05-25 18:16:32 ----A---- H:\WINDOWS\ODBC.INI
2010-05-25 18:12:05 ----D---- H:\Program Files\Grand Master Chess Online

======List of files/folders modified in the last 1 months======

2010-06-22 09:48:45 ----D---- H:\WINDOWS\Prefetch
2010-06-22 09:48:35 ----RD---- H:\Program Files
2010-06-22 09:48:28 ----D---- H:\WINDOWS\Temp
2010-06-22 09:28:05 ----D---- H:\WINDOWS\system32\drivers
2010-06-22 09:20:08 ----SHD---- H:\System Volume Information
2010-06-21 17:30:46 ----A---- H:\WINDOWS\SchedLgU.Txt
2010-06-21 16:56:13 ----D---- H:\WINDOWS\system32
2010-06-21 16:56:13 ----D---- H:\Program Files\Common Files
2010-06-21 16:38:01 ----D---- H:\WINDOWS
2010-06-21 16:37:51 ----D---- H:\WINDOWS\system32\Restore
2010-06-21 16:36:01 ----A---- H:\WINDOWS\system.ini
2010-06-21 16:34:49 ----D---- H:\WINDOWS\AppPatch
2010-06-21 16:31:17 ----D---- H:\WINDOWS\system32\CatRoot2
2010-06-21 14:51:31 ----RSHDC---- H:\WINDOWS\system32\dllcache
2010-06-21 11:39:36 ----D---- H:\Program Files\Spybot - Search & Destroy
2010-06-21 11:38:36 ----D---- H:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-06-21 11:35:25 ----D---- H:\Program Files\F-Secure
2010-06-21 11:33:23 ----SHD---- H:\WINDOWS\Installer
2010-06-21 11:33:23 ----D---- H:\Config.Msi
2010-06-21 11:32:54 ----D---- H:\Documents and Settings\All Users\Data aplikací\f-secure
2010-06-21 11:32:44 ----SD---- H:\WINDOWS\Tasks
2010-06-17 17:07:25 ----HD---- H:\WINDOWS\inf
2010-06-14 17:28:32 ----D---- H:\Program Files\Lx_cats
2010-06-12 08:48:01 ----D---- H:\Documents and Settings\pavel1\Data aplikací\Vso
2010-06-12 08:42:08 ----D---- H:\Program Files\Electronic Arts
2010-06-11 22:56:33 ----HD---- H:\WINDOWS\$hf_mig$
2010-06-11 22:55:28 ----D---- H:\WINDOWS\Microsoft.NET
2010-06-11 22:55:25 ----RSD---- H:\WINDOWS\assembly
2010-06-11 22:55:10 ----D---- H:\Program Files\Internet Explorer
2010-06-11 22:50:18 ----D---- H:\WINDOWS\Debug
2010-06-11 22:48:38 ----A---- H:\WINDOWS\system32\PerfStringBackup.INI
2010-06-11 22:48:16 ----D---- H:\WINDOWS\WinSxS
2010-06-11 22:43:29 ----D---- H:\Documents and Settings\pavel1\Data aplikací\ICQ
2010-06-11 14:00:20 ----D---- H:\Program Files\ICQ6.5
2010-06-09 18:55:00 ----D---- H:\Documents and Settings\pavel1\Data aplikací\ChessBase
2010-06-09 18:46:23 ----D---- H:\WINDOWS\system32\DirectX
2010-06-09 18:45:18 ----A---- H:\WINDOWS\win.ini
2010-06-09 18:27:48 ----RSD---- H:\WINDOWS\Fonts
2010-06-09 18:25:44 ----HD---- H:\Program Files\InstallShield Installation Information
2010-06-09 18:22:44 ----D---- H:\Program Files\ChessBase
2010-06-07 20:29:39 ----A---- H:\WINDOWS\wincmd.ini
2010-06-06 15:56:07 ----D---- H:\Program Files\Activision Value
2010-06-05 18:16:47 ----D---- H:\Program Files\Microsoft Silverlight
2010-06-03 19:54:06 ----D---- H:\Documents and Settings\pavel1\Data aplikací\OpenOffice.org2
2010-05-29 00:30:06 ----D---- H:\Program Files\Sparta II
2010-05-28 21:37:34 ----A---- H:\WINDOWS\system32\MRT.exe
2010-05-28 18:53:45 ----D---- H:\Program Files\Hellshare toolbar
2010-05-28 17:45:43 ----D---- H:\Documents and Settings\All Users\Data aplikací\fssg
2010-05-25 18:07:32 ----D---- H:\Program Files\Eidos

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; H:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 BHDrvx86;BHDrvx86; \??\H:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100522.001\BHDrvx86.sys []
R1 ccHP;Symantec Hash Provider; H:\WINDOWS\system32\drivers\NIS\1106000.020\ccHPx86.sys [2010-02-26 501888]
R1 eeCtrl;Symantec Eraser Control driver; \??\H:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 prodrv06;StarForce Protection Environment Driver v6; H:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); H:\WINDOWS\system32\drivers\NIS\1106000.020\SRTSPX.SYS [2010-02-27 43696]
R1 SymIRON;Symantec Iron Driver; H:\WINDOWS\system32\drivers\NIS\1106000.020\Ironx86.SYS [2010-02-27 116784]
R1 SYMTDI;Symantec Network Dispatch Driver; H:\WINDOWS\system32\drivers\NIS\1106000.020\SYMTDI.SYS [2010-02-04 362032]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; H:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 atksgt;atksgt; H:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-05-27 279712]
R2 CDRPDACC;Quinnware CDDA Driver (by InfinaDyne); \??\H:\Program Files\Quintessential Player\cdrpdacc.sys []
R2 lirsgt;lirsgt; H:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-11-20 25888]
R3 btaudio;Bluetooth Audio Device; H:\WINDOWS\system32\drivers\btaudio.sys [2007-03-23 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; H:\WINDOWS\system32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; H:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\H:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IDSxpx86;IDSxpx86; \??\H:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100617.005\IDSxpx86.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-06 4377600]
R3 nv;nv; H:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-11-12 6188320]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; H:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-07-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; H:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-07-11 20480]
R3 pcouffin;VSO Software pcouffin; H:\WINDOWS\System32\Drivers\pcouffin.sys [2009-05-19 47360]
R3 seehcri;Sony Ericsson seehcri Device Driver; H:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 SymEvent;SymEvent; \??\H:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; H:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; H:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; H:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 ADILOADER;General Purpose USB Driver (adildr.sys); H:\WINDOWS\System32\Drivers\adildr.sys []
S3 adiusbaw;USB ADSL WAN Adapter; H:\WINDOWS\system32\DRIVERS\adiusbaw.sys []
S3 BTWDNDIS;Bluetooth LAN Access Server; H:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-23 149123]
S3 btwhid;btwhid; H:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 btwmodem;Bluetooth Modem; H:\WINDOWS\system32\DRIVERS\btwmodem.sys [2007-03-23 37280]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; H:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
S3 catchme;catchme; \??\H:\DOCUME~1\pavel1\LOCALS~1\Temp\catchme.sys []
S3 ENTECH;ENTECH; \??\H:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\I:\INSTALL\GMSIPCI.SYS []
S3 HidUsb;Ovladač třídy standardu HID; H:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ivusb;Initio Driver for USB Default Controller; H:\WINDOWS\system32\DRIVERS\ivusb.sys [2010-03-10 24216]
S3 mouhid;Ovladač myši standardu HID; H:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 NAVENG;NAVENG; \??\H:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100621.002\NAVENG.SYS []
S3 NAVEX15;NAVEX15; \??\H:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100621.002\NAVEX15.SYS []
S3 PnkBstrK;PnkBstrK; \??\H:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 rootrepeal;rootrepeal; \??\H:\WINDOWS\system32\drivers\rootrepeal.sys []
S3 s117bus;Sony Ericsson Device 117 driver (WDM); H:\WINDOWS\system32\DRIVERS\s117bus.sys [2007-06-25 82984]
S3 s117mdfl;Sony Ericsson Device 117 USB WMC Modem Filter; H:\WINDOWS\system32\DRIVERS\s117mdfl.sys [2007-06-25 14888]
S3 s117mdm;Sony Ericsson Device 117 USB WMC Modem Driver; H:\WINDOWS\system32\DRIVERS\s117mdm.sys [2007-06-25 108456]
S3 s117mgmt;Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM); H:\WINDOWS\system32\DRIVERS\s117mgmt.sys [2007-06-25 100264]
S3 s117nd5;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS); H:\WINDOWS\system32\DRIVERS\s117nd5.sys [2007-06-25 22952]
S3 s117obex;Sony Ericsson Device 117 USB WMC OBEX Interface; H:\WINDOWS\system32\DRIVERS\s117obex.sys [2007-06-25 98344]
S3 s117unic;Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM); H:\WINDOWS\system32\DRIVERS\s117unic.sys [2007-06-25 98856]
S3 se46bus;Sony Ericsson Device 070 driver (WDM); H:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter; H:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver; H:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM); H:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS); H:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface; H:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM); H:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 90800]
S3 SRTSP;Symantec Real Time Storage Protection; H:\WINDOWS\system32\drivers\NIS\1106000.020\SRTSP.SYS [2010-02-27 325680]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WpdUsb;WpdUsb; H:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; H:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 xnacc;Microsoft Common Controller For Windows Driver Service; H:\WINDOWS\system32\DRIVERS\xnacc.sys [2005-09-15 476672]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; H:\WINDOWS\System32\Drivers\sptd.sys [2008-11-21 717296]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; H:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 ICQ Service;ICQ Service; H:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 JavaQuickStarterService;Java Quick Starter; H:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 LicCtrlService;LicCtrl Service; H:\WINDOWS\runservice.exe [2010-03-13 16384]
R2 lxdd_device;lxdd_device; H:\WINDOWS\system32\lxddcoms.exe [2007-02-13 537520]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; H:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
R2 NIS;Norton Internet Security; H:\Program Files\Norton Internet Security\Engine\17.6.0.32\ccSvcHst.exe [2010-02-26 126392]
R2 NVSvc;NVIDIA Display Driver Service; H:\WINDOWS\system32\nvsvc32.exe [2008-11-12 163908]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; H:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe [2008-12-05 81920]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; H:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 OMSI download service;Sony Ericsson OMSI download service; H:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 pr2akrnb;Faces of War Drivers Auto Removal (pr2akrnb); H:\WINDOWS\system32\pr2akrnb.exe [2007-04-19 407168]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; H:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; H:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 PnkBstrB;PnkBstrB; H:\WINDOWS\system32\PnkBstrB.exe [2008-11-23 183112]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; H:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; H:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Norton IS2010 mi nahlásil rootkit, pomůžete mi? Dík

Napsal: 22 čer 2010 11:11
od earl
Zdravim,

:arrow: Stahnete GMER , rozbalte a spustte

probehne sken, po jehoz ukonceni na vas vyskoci vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

pote dle tohoto navodu

absolvujte druhy sken a opet obsah logu sem.

Re: Norton IS2010 mi nahlásil rootkit, pomůžete mi? Dík

Napsal: 22 čer 2010 14:03
od multi
mezi 1. a 2. spuštěním se strašně zpomalil PC. Musel jsem ho restartovat, abych to mohl poslat.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-22 12:50:50
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: H:\DOCUME~1\pavel1\LOCALS~1\Temp\pgtdapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----
------------------------------------------------------------------------------------------

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-06-22 14:29:37
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: H:\DOCUME~1\pavel1\LOCALS~1\Temp\pgtdapow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior; copy of MBR

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

Re: Norton IS2010 mi nahlásil rootkit, pomůžete mi? Dík

Napsal: 22 čer 2010 14:19
od earl
:arrow: Stahnete MBR

ulozte ho na plochu - spustte - vytvori se log mbr.log, vlozte ho cely sem.

:arrow: CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!

Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.

Budte prihlasen na pc s administratorskymi pravy.

stahnete a ulozte nejlepe na plochu ComboFix

v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.

hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:

Obrázek

pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120

Obrázek

odklepnout OK

Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet :!:

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

Re: Norton IS2010 mi nahlásil rootkit, pomůžete mi? Dík

Napsal: 22 čer 2010 14:21
od multi
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Re: Norton IS2010 mi nahlásil rootkit, pomůžete mi? Dík

Napsal: 22 čer 2010 15:13
od multi
při spuštěni CF mi zahlásil:Combofix detekoval přítomnost aktivity rootkitu a vyžaduje restart.

ComboFix 10-06-21.01 - pavel1 22.06.2010 16:02:45.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1663 [GMT 2:00]
Spuštěný z: h:\documents and settings\pavel1\Plocha\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-05-22 do 2010-06-22 )))))))))))))))))))))))))))))))
.

2010-06-22 07:59 . 2010-05-06 04:01 361904 ----a-w- h:\windows\system32\drivers\symtdi.sys
2010-06-22 07:59 . 2010-04-22 03:02 173104 ----a-w- h:\windows\system32\drivers\symefa.sys
2010-06-22 07:59 . 2010-04-22 02:29 43696 ----a-w- h:\windows\system32\drivers\srtspx.sys
2010-06-22 07:59 . 2010-02-04 01:40 328752 ----a-r- h:\windows\system32\drivers\symds.sys
2010-06-22 07:59 . 2010-04-29 05:03 116784 ----a-w- h:\windows\system32\drivers\ironx86.sys
2010-06-22 07:59 . 2010-02-26 00:22 501888 ----a-w- h:\windows\system32\drivers\cchpx86.sys
2010-06-22 07:48 . 2010-06-22 07:52 -------- d-----w- h:\program files\trend micro
2010-06-22 07:48 . 2010-06-22 07:48 -------- d-----w- H:\rsit
2010-06-21 14:56 . 2010-06-21 15:11 -------- d-----w- h:\program files\Common Files\Symantec Shared
2010-06-21 14:56 . 2010-06-21 14:56 -------- d-----w- h:\program files\Symantec
2010-06-21 14:56 . 2010-06-21 14:56 60808 ----a-w- h:\windows\system32\S32EVNT1.DLL
2010-06-21 14:56 . 2010-06-21 14:56 124976 ----a-w- h:\windows\system32\drivers\SYMEVENT.SYS
2010-06-21 14:55 . 2010-06-22 12:57 -------- d-----w- h:\windows\system32\drivers\NIS
2010-06-21 14:55 . 2010-06-21 14:55 -------- d-----w- h:\program files\Norton Internet Security
2010-06-21 14:45 . 2010-06-21 14:45 -------- d-----w- h:\program files\NortonInstaller
2010-06-21 13:12 . 2010-06-22 13:33 2553 --sha-w- h:\windows\system32\mmf.sys
2010-06-09 16:38 . 2010-06-09 16:38 -------- d-----w- h:\program files\Common Files\ChessBase
2010-06-08 13:27 . 2010-06-08 13:27 -------- d-----w- h:\program files\Western Digital Corp
2010-06-07 18:15 . 2010-06-07 18:15 -------- d-----w- h:\program files\Western Digital
2010-06-04 23:14 . 2010-06-04 23:14 -------- d-sh--w- h:\documents and settings\Default User\IETldCache
2010-05-28 18:30 . 2010-05-28 18:36 -------- d-----w- h:\program files\World War One Gold
2010-05-27 17:45 . 2010-06-12 17:24 -------- d-----w- h:\program files\War Chess
2010-05-27 17:45 . 2010-05-27 18:30 -------- d-----w- h:\program files\ReflexiveArcade
2010-05-25 16:12 . 2010-05-25 18:09 -------- d-----w- h:\program files\Grand Master Chess Online

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-21 14:56 . 2010-06-21 14:56 805 ----a-w- h:\windows\system32\drivers\SYMEVENT.INF
2010-06-21 14:56 . 2010-06-21 14:56 7443 ----a-w- h:\windows\system32\drivers\SYMEVENT.CAT
2010-06-21 09:39 . 2007-08-23 20:27 -------- d-----w- h:\program files\Spybot - Search & Destroy
2010-06-21 09:35 . 2009-04-29 08:10 -------- d-----w- h:\program files\F-Secure
2010-06-21 09:32 . 2006-03-02 12:00 83676 ----a-w- h:\windows\system32\perfc005.dat
2010-06-21 09:32 . 2006-03-02 12:00 439678 ----a-w- h:\windows\system32\perfh005.dat
2010-06-14 15:28 . 2008-01-04 15:36 -------- d-----w- h:\program files\Lx_cats
2010-06-12 06:42 . 2008-08-28 20:11 -------- d-----w- h:\program files\Electronic Arts
2010-06-11 12:00 . 2010-01-05 09:50 -------- d-----w- h:\program files\ICQ6.5
2010-06-09 16:38 . 2010-06-09 16:38 -------- d-----w- h:\program files\Common Files\ChessBase
2010-06-09 16:25 . 2007-08-12 14:35 -------- d--h--w- h:\program files\InstallShield Installation Information
2010-06-09 16:22 . 2007-08-16 17:10 -------- d-----w- h:\program files\ChessBase
2010-06-06 13:56 . 2008-03-18 15:50 -------- d-----w- h:\program files\Activision Value
2010-06-05 16:16 . 2008-12-28 16:54 -------- d-----w- h:\program files\Microsoft Silverlight
2010-05-28 22:30 . 2010-04-16 13:34 -------- d-----w- h:\program files\Sparta II
2010-05-28 16:53 . 2009-12-28 14:45 -------- d-----w- h:\program files\Hellshare toolbar
2010-05-25 16:07 . 2008-07-11 10:21 -------- d-----w- h:\program files\Eidos
2010-05-06 10:35 . 2006-03-02 12:00 916480 ----a-w- h:\windows\system32\wininet.dll
2010-05-02 08:09 . 2006-03-02 12:00 1851264 ----a-w- h:\windows\system32\win32k.sys
2010-04-28 15:31 . 2010-04-28 15:31 -------- d-----w- h:\program files\Sierra Entertainment
2010-04-20 05:32 . 2006-03-02 12:00 285696 ----a-w- h:\windows\system32\atmfd.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="h:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 218032]
"Sony Ericsson PC Suite"="h:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-09-24 434176]
"UIWatcher"="h:\program files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe" [2008-07-28 1741184]
"LWBKEYBOARD"="h:\program files\Labtec\Desktop\6.0\KbdAp32A.exe" [2007-03-26 395264]
"LWBMOUSE"="h:\program files\Labtec\Desktop\6.0\MOffice.exe" [2007-04-11 457728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-06 16262656]
"NvCplDaemon"="h:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"nwiz"="nwiz.exe" [2008-11-12 1630208]
"LXDDCATS"="h:\windows\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 102400]
"mspwr"="h:\windows\system32\PuXpMan2.exe" [2005-09-29 110592]
"Adobe Photo Downloader"="h:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="h:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"NvMediaCenter"="h:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"SunJavaUpdateSched"="h:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"Adobe Reader Speed Launcher"="h:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="h:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

h:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth.lnk - h:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKLM\~\startupfolder\H:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Exif Launcher S.lnk]
path=h:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Exif Launcher S.lnk
backup=h:\windows\pss\Exif Launcher S.lnkCommon Startup

[HKLM\~\startupfolder\H:^Documents and Settings^pavel1^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=h:\documents and settings\pavel1\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=h:\windows\pss\OpenOffice.org 2.0.lnkStartup

[HKLM\~\startupfolder\H:^Documents and Settings^pavel1^Nabídka Start^Programy^Po spuštění^Xfire.lnk]
path=h:\documents and settings\pavel1\Nabídka Start\Programy\Po spuštění\Xfire.lnk
backup=h:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-02-13 00:00 312240 ----a-w- h:\program files\Lexmark Fax Solutions\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2007-02-05 23:32 20480 ----a-w- h:\program files\Lexmark 2500 Series\lxddamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2007-02-12 23:58 291760 ----a-w- h:\program files\Lexmark 2500 Series\lxddmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-06-29 04:24 286720 ----a-w- h:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- h:\windows\SkyTel.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"h:\\Program Files\\Panzer Elite Action\\Panzer Elite Action\\pea.exe"=
"h:\\WINDOWS\\system32\\lxddcoms.exe"=
"h:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"h:\\Program Files\\Lexmark 2500 Series\\app4r.exe"=
"h:\\WINDOWS\\system32\\PnkBstrA.exe"=
"h:\\WINDOWS\\system32\\PnkBstrB.exe"=
"h:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"h:\\Program Files\\Midway Games\\Hour of Victory\\Binaries\\LTCG-HOVGame.exe"=
"c:\\Program Files\\SEGA\\Beijing 2008\\Beijing.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"h:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"h:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"h:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"c:\\Program Files\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
"c:\\Program Files\\BlackSite Area 51\\Binaries\\BlackSite.exe"=
"c:\\Program Files\\Dead Space\\Dead Space.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"h:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"h:\\Program Files\\THQ\\Frontlines-Fuel of War\\Binaries\\FFOW.exe"=
"c:\\Program FilesTHQCompany of Heroes\\RelicCOH.exe"=
"c:\\Program FilesTHQCompany of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"h:\\Program Files\\Atari\\Codename Panzers Cold War\\Home\\Game\\CPCW.exe"=
"h:\\Program Files\\THQ\\Gas Powered Games\\Supreme Commander - Forged Alliance\\bin\\ForgedAlliance.exe"=
"h:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"h:\\Program Files\\ICQ6.5\\ICQ.exe"=
"h:\\Program Files\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat"=
"h:\\Program Files\\order of war\\oow_final_dx9.exe"=
"h:\\Program Files\\Grand Master Chess Online\\server.exe"=

R0 pe3akrnb;Faces of War Environment Driver (pe3akrnb);h:\windows\system32\drivers\pe3akrnb.sys [19.4.2007 17:04 64896]
R0 ps6akrnb;Faces of War Synchronization Driver (ps6akrnb);h:\windows\system32\drivers\ps6akrnb.sys [19.4.2007 17:03 53128]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);h:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R0 SymDS;Symantec Data Store;h:\windows\system32\drivers\NIS\1107000.00C\symds.sys [22.6.2010 9:59 328752]
R0 SymEFA;Symantec Extended File Attributes;h:\windows\system32\drivers\NIS\1107000.00C\symefa.sys [22.6.2010 9:59 173104]
R1 BHDrvx86;BHDrvx86;h:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100522.001\BHDrvx86.sys [22.5.2010 20:16 691248]
R1 ccHP;Symantec Hash Provider;h:\windows\system32\drivers\NIS\1107000.00C\cchpx86.sys [22.6.2010 9:59 501888]
R1 SymIRON;Symantec Iron Driver;h:\windows\system32\drivers\NIS\1107000.00C\ironx86.sys [22.6.2010 9:59 116784]
R2 ICQ Service;ICQ Service;h:\program files\ICQ6Toolbar\ICQ Service.exe [26.6.2009 15:16 222968]
R2 lxdd_device;lxdd_device;h:\windows\system32\lxddcoms.exe -service --> h:\windows\system32\lxddcoms.exe -service [?]
R2 NIS;Norton Internet Security;h:\program files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe [22.6.2010 9:59 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;h:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [21.6.2010 17:01 102448]
R3 IDSxpx86;IDSxpx86;h:\documents and settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100617.005\IDSXpx86.sys [21.6.2010 17:01 331640]
R3 seehcri;Sony Ericsson seehcri Device Driver;h:\windows\system32\drivers\seehcri.sys [28.11.2009 1:00 27632]
S2 LicCtrlService;LicCtrl Service;h:\windows\Runservice.exe [19.10.2009 18:31 16384]
S2 OMSI download service;Sony Ericsson OMSI download service;h:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [28.11.2009 1:00 90112]
S2 pr2akrnb;Faces of War Drivers Auto Removal (pr2akrnb);h:\windows\system32\pr2akrnb.exe svc --> h:\windows\system32\pr2akrnb.exe svc [?]
S3 ivusb;Initio Driver for USB Default Controller;h:\windows\system32\drivers\ivusb.sys [10.3.2010 8:18 24216]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);h:\windows\system32\drivers\se46bus.sys [4.9.2008 8:21 61536]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;h:\windows\system32\drivers\se46mdfl.sys [4.9.2008 8:21 9360]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;h:\windows\system32\drivers\se46mdm.sys [4.9.2008 8:21 97088]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);h:\windows\system32\drivers\se46mgmt.sys [4.9.2008 8:21 88624]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);h:\windows\system32\drivers\se46nd5.sys [4.9.2008 8:21 18704]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;h:\windows\system32\drivers\se46obex.sys [4.9.2008 8:21 86432]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);h:\windows\system32\drivers\se46unic.sys [4.9.2008 8:21 90800]
S4 sptd;sptd;h:\windows\system32\drivers\sptd.sys [30.4.2008 7:28 717296]
.
Obsah adresáře 'Naplánované úlohy'

2010-06-17 h:\windows\Tasks\AppleSoftwareUpdate.job
- h:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 11:42]

2010-06-22 h:\windows\Tasks\User_Feed_Synchronization-{79F5167B-5097-44B5-B2A2-D92DCDC9CD85}.job
- h:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://atlas.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: Easy-WebPrint - Náhled - h:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - h:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - h:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - h:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Send to &Bluetooth Device... - h:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-22 16:06
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDDCATS = rundll32 h:\windows\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys >>UNKNOWN [0x8A5A0150]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f7fcb8
\Driver\atapi -> sfsync02.sys @ 0xba338d60
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: NVIDIA nForce Networking Controller -> SendCompleteHandler -> NDIS.sys @ 0xb9d6fbb0
PacketIndicateHandler -> NDIS.sys @ 0xb9d7ca21
SendHandler -> NDIS.sys @ 0xb9d5a87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"h:\program files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"h:\program files\Norton Internet Security\Engine\17.7.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1482476501-57989841-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1482476501-57989841-725345543-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e0,8d,31,a1,16,ff,86,13,5c,98,e1,d8,be,e1,81,b1,53,26,20,99,43,7e,09,
85,77,7a,4d,13,65,65,9a,b7,c5,ae,b6,9e,8a,dd,91,f1,01,76,04,d1,ac,6b,9c,bb,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d

[HKEY_USERS\S-1-5-21-1482476501-57989841-725345543-1004\Software\SecuROM\License information*]
"datasecu"=hex:5c,a1,a2,77,52,08,40,c7,9e,a8,1e,47,57,8a,cf,03,6c,45,48,c8,e6,
e2,88,19,80,32,e4,55,cc,f1,11,9c,05,54,72,ed,b2,d8,1f,42,47,b3,e2,bd,af,f0,\
"rkeysecu"=hex:88,88,ce,5e,fb,ec,b0,ca,bc,d7,9f,2e,3d,89,29,ee

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\0BB4AB33ED50D261F5C8A2C244CF5435]
"1"=hex:df,c7,3a,96,ab,66,13,d2,36,78,6c,b8,10,1c,c4,b0,41,14,92,53,8b,f4,9f,
53,ff,8f,6c,08,d5,ab,f1,06
"2"=hex:7d,73,4a,d4,1d,ee,c7,5a
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:97,e4,84,cd,95,83,bf,82,bd,04,75,27,c9,a8,72,b1,55,38,49,8a,a6,16,a2,
28,28,eb,ee,eb,0f,d6,d6,b8,f4,df,4a,8d,b5,18,4f,2a,0d,c4,ee,cf,81,df,fe,df,\
"8"=hex:7f,f4,ed,d0,9d,a5,13,3e,cc,db,d4,26,3a,7f,39,a0,1f,27,80,f1,91,2b,31,
f3,93,74,66,04,aa,fe,a9,3b,85,40,08,f9,21,e6,6e,32,5d,62,f2,b7,44,17,09,96,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\B7F5EA513569EA3E98352E3A3D1D6A3D]
"1"=hex:df,c7,3a,96,ab,66,13,d2,36,78,6c,b8,10,1c,c4,b0,a6,93,a9,25,23,fb,66,
2c,77,d8,5d,6a,fe,59,6e,ef
"2"=hex:14,ce,87,8d,79,74,ee,b2
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:58,eb,3b,8d,af,31,32,62,22,1b,23,79,6d,f4,12,c1,db,b4,20,3e,7f,80,2a,
0f,6a,a6,22,9f,10,4c,a5,77,df,44,a4,37,10,4b,bc,75,d7,98,0e,82,a4,8d,85,b3,\
"8"=hex:7e,a2,6e,16,ab,32,c1,33,ed,e5,e0,81,84,46,6a,69,df,24,89,e7,31,6c,62,
f8,e6,87,2b,c5,f2,29,f0,96,6e,84,e5,58,ad,44,cb,a8
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
Celkový čas: 2010-06-22 16:08:21
ComboFix-quarantined-files.txt 2010-06-22 14:08

Před spuštěním: Volných bajtů: 13 836 656 640
Po spuštění: Volných bajtů: 13 831 839 744

- - End Of File - - A3D77D11505189AE5EA2135089E26A77

Re: Norton IS2010 mi nahlásil rootkit, pomůžete mi? Dík

Napsal: 22 čer 2010 15:50
od earl
:arrow: Odinstalujte Spybot a nahradte jej napr. Spyware Terminatorem,ma zastaraly skenovaci engine.

:arrow: stahnete MBR a presunte mbr.exe do adresare C:\Windows

Start - Spustit - cmd a stisknete Enter.

vlozte do vybehnuvsiho konzoloveho okna tento prikaz:

mbr.exe -f

a stisknete Enter

Po provedeni operace restartujte pc a spustte mbr jeste jednou, jiz normalne a vlozte sem log

:arrow: Vlozte mi sem log z RootRepealu - viz muj podpis.

Re: Norton IS2010 mi nahlásil rootkit, pomůžete mi? Dík

Napsal: 23 čer 2010 10:06
od multi
rootrepeal při testu files, hidden a shadow se sekne.

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
---------------------------------------
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/06/22 17:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: ACPI.sys
Image Path: ACPI.sys
Address: 0xB9F79000 Size: 188288 File Visible: - Signed: -
Status: -

Name: ACPI_HAL
Image Path: \Driver\ACPI_HAL
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: afd.sys
Image Path: H:\WINDOWS\System32\drivers\afd.sys
Address: 0xB539B000 Size: 138496 File Visible: - Signed: -
Status: -

Name: AmdK8.sys
Image Path: H:\WINDOWS\system32\DRIVERS\AmdK8.sys
Address: 0xBA278000 Size: 57344 File Visible: - Signed: -
Status: -

Name: atapi.sys
Image Path: atapi.sys
Address: 0xB9F0D000 Size: 96512 File Visible: - Signed: -
Status: -

Name: atksgt.sys
Image Path: H:\WINDOWS\system32\DRIVERS\atksgt.sys
Address: 0xB49B1000 Size: 272384 File Visible: - Signed: -
Status: -

Name: ATMFD.DLL
Image Path: H:\WINDOWS\System32\ATMFD.DLL
Address: 0xBFFA0000 Size: 286720 File Visible: - Signed: -
Status: -

Name: audstub.sys
Image Path: H:\WINDOWS\system32\DRIVERS\audstub.sys
Address: 0xBA7FB000 Size: 3072 File Visible: - Signed: -
Status: -

Name: Beep.SYS
Image Path: H:\WINDOWS\System32\Drivers\Beep.SYS
Address: 0xBA5F4000 Size: 4224 File Visible: - Signed: -
Status: -

Name: BHDrvx86.sys
Image Path: H:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100522.001\BHDrvx86.sys
Address: 0xB509B000 Size: 704512 File Visible: - Signed: -
Status: -

Name: BOOTVID.dll
Image Path: H:\WINDOWS\system32\BOOTVID.dll
Address: 0xBA4B8000 Size: 12288 File Visible: - Signed: -
Status: -

Name: btaudio.sys
Image Path: H:\WINDOWS\system32\drivers\btaudio.sys
Address: 0xB67A3000 Size: 522432 File Visible: - Signed: -
Status: -

Name: btkrnl.sys
Image Path: H:\WINDOWS\system32\DRIVERS\btkrnl.sys
Address: 0xB8A10000 Size: 852288 File Visible: - Signed: -
Status: -

Name: btport.sys
Image Path: H:\WINDOWS\system32\DRIVERS\btport.sys
Address: 0xBA3A0000 Size: 28256 File Visible: - Signed: -
Status: -

Name: ccHPx86.sys
Image Path: H:\WINDOWS\system32\drivers\NIS\1107000.00C\ccHPx86.sys
Address: 0xB5147000 Size: 520192 File Visible: - Signed: -
Status: -

Name: Cdfs.SYS
Image Path: H:\WINDOWS\System32\Drivers\Cdfs.SYS
Address: 0xBA238000 Size: 63744 File Visible: - Signed: -
Status: -

Name: cdrom.sys
Image Path: H:\WINDOWS\system32\DRIVERS\cdrom.sys
Address: 0xBA2B8000 Size: 62976 File Visible: - Signed: -
Status: -

Name: cdrpdacc.sys
Image Path: H:\Program Files\Quintessential Player\cdrpdacc.sys
Address: 0xBA626000 Size: 4800 File Visible: - Signed: -
Status: -

Name: CLASSPNP.SYS
Image Path: H:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS
Address: 0xBA0E8000 Size: 53248 File Visible: - Signed: -
Status: -

Name: disk.sys
Image Path: disk.sys
Address: 0xBA0D8000 Size: 36352 File Visible: - Signed: -
Status: -

Name: drmk.sys
Image Path: H:\WINDOWS\system32\drivers\drmk.sys
Address: 0xB92DB000 Size: 61440 File Visible: - Signed: -
Status: -

Name: dump_nvata.sys
Image Path: H:\WINDOWS\System32\Drivers\dump_nvata.sys
Address: 0xB5059000 Size: 106496 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: H:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA606000 Size: 8192 File Visible: No Signed: -
Status: -

Name: Dxapi.sys
Image Path: H:\WINDOWS\System32\drivers\Dxapi.sys
Address: 0xB6285000 Size: 12288 File Visible: - Signed: -
Status: -

Name: dxg.sys
Image Path: H:\WINDOWS\System32\drivers\dxg.sys
Address: 0xBF000000 Size: 73728 File Visible: - Signed: -
Status: -

Name: dxgthk.sys
Image Path: H:\WINDOWS\System32\drivers\dxgthk.sys
Address: 0xBA745000 Size: 4096 File Visible: - Signed: -
Status: -

Name: eeCtrl.sys
Image Path: H:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
Address: 0xB51E3000 Size: 385024 File Visible: - Signed: -
Status: -

Name: EraserUtilRebootDrv.sys
Image Path: H:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
Address: 0xB51C6000 Size: 118784 File Visible: - Signed: -
Status: -

Name: Fips.SYS
Image Path: H:\WINDOWS\System32\Drivers\Fips.SYS
Address: 0xBA168000 Size: 44544 File Visible: - Signed: -
Status: -

Name: fltmgr.sys
Image Path: fltmgr.sys
Address: 0xB9ED3000 Size: 129792 File Visible: - Signed: -
Status: -

Name: Fs_Rec.SYS
Image Path: H:\WINDOWS\System32\Drivers\Fs_Rec.SYS
Address: 0xBA5F2000 Size: 7936 File Visible: - Signed: -
Status: -

Name: ftdisk.sys
Image Path: ftdisk.sys
Address: 0xB9F25000 Size: 125184 File Visible: - Signed: -
Status: -

Name: hal.dll
Image Path: H:\WINDOWS\system32\hal.dll
Address: 0x806E4000 Size: 134400 File Visible: - Signed: -
Status: -

Name: HDAudBus.sys
Image Path: H:\WINDOWS\system32\DRIVERS\HDAudBus.sys
Address: 0xB921B000 Size: 163840 File Visible: - Signed: -
Status: -

Name: HIDCLASS.SYS
Image Path: H:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS
Address: 0xBA138000 Size: 36864 File Visible: - Signed: -
Status: -

Name: HIDPARSE.SYS
Image Path: H:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS
Address: 0xBA3C8000 Size: 28672 File Visible: - Signed: -
Status: -

Name: hidusb.sys
Image Path: H:\WINDOWS\system32\DRIVERS\hidusb.sys
Address: 0xB9C9E000 Size: 10368 File Visible: - Signed: -
Status: -

Name: HTTP.sys
Image Path: H:\WINDOWS\System32\Drivers\HTTP.sys
Address: 0xB410C000 Size: 265728 File Visible: - Signed: -
Status: -

Name: i8042prt.sys
Image Path: H:\WINDOWS\system32\DRIVERS\i8042prt.sys
Address: 0xBA298000 Size: 52096 File Visible: - Signed: -
Status: -

Name: IDSxpx86.sys
Image Path: H:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100617.005\IDSxpx86.sys
Address: 0xB53E5000 Size: 348160 File Visible: - Signed: -
Status: -

Name: imapi.sys
Image Path: H:\WINDOWS\system32\DRIVERS\imapi.sys
Address: 0xBA2A8000 Size: 42112 File Visible: - Signed: -
Status: -

Name: ipnat.sys
Image Path: H:\WINDOWS\system32\DRIVERS\ipnat.sys
Address: 0xB543A000 Size: 152832 File Visible: - Signed: -
Status: -

Name: ipsec.sys
Image Path: H:\WINDOWS\system32\DRIVERS\ipsec.sys
Address: 0xB5535000 Size: 75264 File Visible: - Signed: -
Status: -

Name: Ironx86.SYS
Image Path: H:\WINDOWS\system32\drivers\NIS\1107000.00C\Ironx86.SYS
Address: 0xB537C000 Size: 126976 File Visible: - Signed: -
Status: -

Name: isapnp.sys
Image Path: isapnp.sys
Address: 0xBA0A8000 Size: 37248 File Visible: - Signed: -
Status: -

Name: kbdclass.sys
Image Path: H:\WINDOWS\system32\DRIVERS\kbdclass.sys
Address: 0xBA4A8000 Size: 24576 File Visible: - Signed: -
Status: -

Name: KDCOM.DLL
Image Path: H:\WINDOWS\system32\KDCOM.DLL
Address: 0xBA5A8000 Size: 8192 File Visible: - Signed: -
Status: -

Name: ks.sys
Image Path: H:\WINDOWS\system32\DRIVERS\ks.sys
Address: 0xB91F8000 Size: 143360 File Visible: - Signed: -
Status: -

Name: KSecDD.sys
Image Path: KSecDD.sys
Address: 0xB9E27000 Size: 92928 File Visible: - Signed: -
Status: -

Name: lirsgt.sys
Image Path: H:\WINDOWS\system32\DRIVERS\lirsgt.sys
Address: 0xBA448000 Size: 18560 File Visible: - Signed: -
Status: -

Name: mbr.sys
Image Path: H:\DOCUME~1\pavel1\LOCALS~1\Temp\mbr.sys
Address: 0xBA408000 Size: 20864 File Visible: No Signed: -
Status: -

Name: mnmdd.SYS
Image Path: H:\WINDOWS\System32\Drivers\mnmdd.SYS
Address: 0xBA5F6000 Size: 4224 File Visible: - Signed: -
Status: -

Name: mouclass.sys
Image Path: H:\WINDOWS\system32\DRIVERS\mouclass.sys
Address: 0xBA4B0000 Size: 23040 File Visible: - Signed: -
Status: -

Name: mouhid.sys
Image Path: H:\WINDOWS\system32\DRIVERS\mouhid.sys
Address: 0xB6700000 Size: 12160 File Visible: - Signed: -
Status: -

Name: MountMgr.sys
Image Path: MountMgr.sys
Address: 0xBA0B8000 Size: 42368 File Visible: - Signed: -
Status: -

Name: mrxdav.sys
Image Path: H:\WINDOWS\system32\DRIVERS\mrxdav.sys
Address: 0xB4A1C000 Size: 180608 File Visible: - Signed: -
Status: -

Name: mrxsmb.sys
Image Path: H:\WINDOWS\system32\DRIVERS\mrxsmb.sys
Address: 0xB52E1000 Size: 455680 File Visible: - Signed: -
Status: -

Name: Msfs.SYS
Image Path: H:\WINDOWS\System32\Drivers\Msfs.SYS
Address: 0xBA3D8000 Size: 19072 File Visible: - Signed: -
Status: -

Name: msgpc.sys
Image Path: H:\WINDOWS\system32\DRIVERS\msgpc.sys
Address: 0xBA318000 Size: 35072 File Visible: - Signed: -
Status: -

Name: mssmbios.sys
Image Path: H:\WINDOWS\system32\DRIVERS\mssmbios.sys
Address: 0xBA54C000 Size: 15488 File Visible: - Signed: -
Status: -

Name: Mup.sys
Image Path: Mup.sys
Address: 0xB9CD2000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NDIS.sys
Image Path: NDIS.sys
Address: 0xB9D5A000 Size: 182656 File Visible: - Signed: -
Status: -

Name: ndistapi.sys
Image Path: H:\WINDOWS\system32\DRIVERS\ndistapi.sys
Address: 0xB9C96000 Size: 10112 File Visible: - Signed: -
Status: -

Name: ndisuio.sys
Image Path: H:\WINDOWS\system32\DRIVERS\ndisuio.sys
Address: 0xB4D3D000 Size: 14592 File Visible: - Signed: -
Status: -

Name: ndiswan.sys
Image Path: H:\WINDOWS\system32\DRIVERS\ndiswan.sys
Address: 0xB89F9000 Size: 91520 File Visible: - Signed: -
Status: -

Name: NDProxy.SYS
Image Path: H:\WINDOWS\System32\Drivers\NDProxy.SYS
Address: 0xB92CB000 Size: 40576 File Visible: - Signed: -
Status: -

Name: netbios.sys
Image Path: H:\WINDOWS\system32\DRIVERS\netbios.sys
Address: 0xBA118000 Size: 34688 File Visible: - Signed: -
Status: -

Name: netbt.sys
Image Path: H:\WINDOWS\system32\DRIVERS\netbt.sys
Address: 0xB53BD000 Size: 162816 File Visible: - Signed: -
Status: -

Name: Npfs.SYS
Image Path: H:\WINDOWS\System32\Drivers\Npfs.SYS
Address: 0xBA3E0000 Size: 30848 File Visible: - Signed: -
Status: -

Name: Ntfs.sys
Image Path: Ntfs.sys
Address: 0xB9D87000 Size: 574976 File Visible: - Signed: -
Status: -

Name: ntkrnlpa.exe
Image Path: H:\WINDOWS\system32\ntkrnlpa.exe
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: Null.SYS
Image Path: H:\WINDOWS\System32\Drivers\Null.SYS
Address: 0xBA71C000 Size: 2944 File Visible: - Signed: -
Status: -

Name: nv4_disp.dll
Image Path: H:\WINDOWS\System32\nv4_disp.dll
Address: 0xBF012000 Size: 6152192 File Visible: - Signed: -
Status: -

Name: nv4_mini.sys
Image Path: H:\WINDOWS\system32\DRIVERS\nv4_mini.sys
Address: 0xB8AF5000 Size: 6188320 File Visible: - Signed: -
Status: -

Name: nvata.sys
Image Path: nvata.sys
Address: 0xB9EF3000 Size: 105344 File Visible: - Signed: -
Status: -

Name: NVENETFD.sys
Image Path: H:\WINDOWS\system32\DRIVERS\NVENETFD.sys
Address: 0xB92AB000 Size: 57856 File Visible: - Signed: -
Status: -

Name: nvnetbus.sys
Image Path: H:\WINDOWS\system32\DRIVERS\nvnetbus.sys
Address: 0xBA2D8000 Size: 40960 File Visible: - Signed: -
Status: -

Name: NVNRM.SYS
Image Path: H:\WINDOWS\system32\DRIVERS\NVNRM.SYS
Address: 0xB90DC000 Size: 1163264 File Visible: - Signed: -
Status: -

Name: parport.sys
Image Path: H:\WINDOWS\system32\DRIVERS\parport.sys
Address: 0xB9267000 Size: 80000 File Visible: - Signed: -
Status: -

Name: PartMgr.sys
Image Path: PartMgr.sys
Address: 0xBA330000 Size: 19712 File Visible: - Signed: -
Status: -

Name: ParVdm.SYS
Image Path: H:\WINDOWS\System32\Drivers\ParVdm.SYS
Address: 0xBA624000 Size: 6784 File Visible: - Signed: -
Status: -

Name: pci.sys
Image Path: pci.sys
Address: 0xB9F68000 Size: 68736 File Visible: - Signed: -
Status: -

Name: pciide.sys
Image Path: pciide.sys
Address: 0xBA670000 Size: 3328 File Visible: - Signed: -
Status: -

Name: PCIIDEX.SYS
Image Path: H:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS
Address: 0xBA328000 Size: 28672 File Visible: - Signed: -
Status: -

Name: pcouffin.sys
Image Path: H:\WINDOWS\System32\Drivers\pcouffin.sys
Address: 0xB930B000 Size: 47360 File Visible: - Signed: -
Status: -

Name: pe3akrnb.sys
Image Path: pe3akrnb.sys
Address: 0xB9CEC000 Size: 77824 File Visible: - Signed: -
Status: -

Name: PnpManager
Image Path: \Driver\PnpManager
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: portcls.sys
Image Path: H:\WINDOWS\system32\drivers\portcls.sys
Address: 0xB677F000 Size: 147456 File Visible: - Signed: -
Status: -

Name: prodrv06.sys
Image Path: H:\WINDOWS\System32\drivers\prodrv06.sys
Address: 0xBA158000 Size: 54368 File Visible: - Signed: -
Status: -

Name: prohlp02.sys
Image Path: prohlp02.sys
Address: 0xB9CFF000 Size: 115680 File Visible: - Signed: -
Status: -

Name: prosync1.sys
Image Path: prosync1.sys
Address: 0xBA5AE000 Size: 7040 File Visible: - Signed: -
Status: -

Name: ps6akrnb.sys
Image Path: ps6akrnb.sys
Address: 0xB9F57000 Size: 69632 File Visible: - Signed: -
Status: -

Name: psched.sys
Image Path: H:\WINDOWS\system32\DRIVERS\psched.sys
Address: 0xB89E8000 Size: 69120 File Visible: - Signed: -
Status: -

Name: ptilink.sys
Image Path: H:\WINDOWS\system32\DRIVERS\ptilink.sys
Address: 0xBA388000 Size: 17792 File Visible: - Signed: -
Status: -

Name: rasacd.sys
Image Path: H:\WINDOWS\system32\DRIVERS\rasacd.sys
Address: 0xBA5A0000 Size: 8832 File Visible: - Signed: -
Status: -

Name: rasl2tp.sys
Image Path: H:\WINDOWS\system32\DRIVERS\rasl2tp.sys
Address: 0xBA2E8000 Size: 51328 File Visible: - Signed: -
Status: -

Name: raspppoe.sys
Image Path: H:\WINDOWS\system32\DRIVERS\raspppoe.sys
Address: 0xBA2F8000 Size: 41472 File Visible: - Signed: -
Status: -

Name: raspptp.sys
Image Path: H:\WINDOWS\system32\DRIVERS\raspptp.sys
Address: 0xBA308000 Size: 48384 File Visible: - Signed: -
Status: -

Name: raspti.sys
Image Path: H:\WINDOWS\system32\DRIVERS\raspti.sys
Address: 0xBA390000 Size: 16512 File Visible: - Signed: -
Status: -

Name: RAW
Image Path: \FileSystem\RAW
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: rdbss.sys
Image Path: H:\WINDOWS\system32\DRIVERS\rdbss.sys
Address: 0xB5351000 Size: 175744 File Visible: - Signed: -
Status: -

Name: RDPCDD.sys
Image Path: H:\WINDOWS\System32\DRIVERS\RDPCDD.sys
Address: 0xBA5F8000 Size: 4224 File Visible: - Signed: -
Status: -

Name: redbook.sys
Image Path: H:\WINDOWS\system32\DRIVERS\redbook.sys
Address: 0xBA2C8000 Size: 58496 File Visible: - Signed: -
Status: -

Name: rootrepeal.sys
Image Path: H:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB31F3000 Size: 49152 File Visible: No Signed: -
Status: -

Name: RtkHDAud.sys
Image Path: H:\WINDOWS\system32\drivers\RtkHDAud.sys
Address: 0xB628D000 Size: 4534272 File Visible: - Signed: -
Status: -

Name: SCSIPORT.SYS
Image Path: H:\WINDOWS\System32\drivers\SCSIPORT.SYS
Address: 0xB9D1C000 Size: 98304 File Visible: - Signed: -
Status: -

Name: seehcri.sys
Image Path: H:\WINDOWS\system32\DRIVERS\seehcri.sys
Address: 0xBA398000 Size: 24320 File Visible: - Signed: -
Status: -

Name: serenum.sys
Image Path: H:\WINDOWS\system32\DRIVERS\serenum.sys
Address: 0xB9C9A000 Size: 15744 File Visible: - Signed: -
Status: -

Name: serial.sys
Image Path: H:\WINDOWS\system32\DRIVERS\serial.sys
Address: 0xBA288000 Size: 64256 File Visible: - Signed: -
Status: -

Name: sfdrv01.sys
Image Path: sfdrv01.sys
Address: 0xB9D34000 Size: 73728 File Visible: - Signed: -
Status: -

Name: sfdrv01a.sys
Image Path: sfdrv01a.sys
Address: 0xB9D46000 Size: 81920 File Visible: - Signed: -
Status: -

Name: sfhlp01.sys
Image Path: sfhlp01.sys
Address: 0xBA5AC000 Size: 4832 File Visible: - Signed: -
Status: -

Name: sfhlp02.sys
Image Path: sfhlp02.sys
Address: 0xBA340000 Size: 32768 File Visible: - Signed: -
Status: -

Name: sfsync02.sys
Image Path: sfsync02.sys
Address: 0xBA338000 Size: 20544 File Visible: - Signed: -
Status: -

Name: sfsync04.sys
Image Path: sfsync04.sys
Address: 0xB9F44000 Size: 77824 File Visible: - Signed: -
Status: -

Name: sr.sys
Image Path: sr.sys
Address: 0xB9E6B000 Size: 73344 File Visible: - Signed: -
Status: -

Name: SRTSPX.SYS
Image Path: H:\WINDOWS\system32\drivers\NIS\1107000.00C\SRTSPX.SYS
Address: 0xBA148000 Size: 36992 File Visible: - Signed: -
Status: -

Name: srv.sys
Image Path: H:\WINDOWS\system32\DRIVERS\srv.sys
Address: 0xB4932000 Size: 353792 File Visible: - Signed: -
Status: -

Name: swenum.sys
Image Path: H:\WINDOWS\system32\DRIVERS\swenum.sys
Address: 0xBA5EC000 Size: 4352 File Visible: - Signed: -
Status: -

Name: SYMDS.SYS
Image Path: SYMDS.SYS
Address: 0xB9E7D000 Size: 352256 File Visible: - Signed: -
Status: -

Name: SYMEFA.SYS
Image Path: SYMEFA.SYS
Address: 0xB9E3E000 Size: 184320 File Visible: - Signed: -
Status: -

Name: SYMEVENT.SYS
Image Path: H:\WINDOWS\system32\Drivers\SYMEVENT.SYS
Address: 0xB5460000 Size: 151552 File Visible: - Signed: -
Status: -

Name: SYMTDI.SYS
Image Path: H:\WINDOWS\System32\Drivers\NIS\1107000.00C\SYMTDI.SYS
Address: 0xB5485000 Size: 355200 File Visible: - Signed: -
Status: -

Name: sysaudio.sys
Image Path: H:\WINDOWS\system32\drivers\sysaudio.sys
Address: 0xB4A89000 Size: 60800 File Visible: - Signed: -
Status: -

Name: tcpip.sys
Image Path: H:\WINDOWS\system32\DRIVERS\tcpip.sys
Address: 0xB54DC000 Size: 361600 File Visible: - Signed: -
Status: -

Name: TDI.SYS
Image Path: H:\WINDOWS\system32\DRIVERS\TDI.SYS
Address: 0xBA380000 Size: 20480 File Visible: - Signed: -
Status: -

Name: termdd.sys
Image Path: H:\WINDOWS\system32\DRIVERS\termdd.sys
Address: 0xB92FB000 Size: 40704 File Visible: - Signed: -
Status: -

Name: update.sys
Image Path: H:\WINDOWS\system32\DRIVERS\update.sys
Address: 0xB898A000 Size: 384768 File Visible: - Signed: -
Status: -

Name: USBD.SYS
Image Path: H:\WINDOWS\system32\DRIVERS\USBD.SYS
Address: 0xBA5EE000 Size: 8192 File Visible: - Signed: -
Status: -

Name: usbehci.sys
Image Path: H:\WINDOWS\system32\DRIVERS\usbehci.sys
Address: 0xBA370000 Size: 30208 File Visible: - Signed: -
Status: -

Name: usbhub.sys
Image Path: H:\WINDOWS\system32\DRIVERS\usbhub.sys
Address: 0xB92BB000 Size: 59520 File Visible: - Signed: -
Status: -

Name: usbohci.sys
Image Path: H:\WINDOWS\system32\DRIVERS\usbohci.sys
Address: 0xBA350000 Size: 17152 File Visible: - Signed: -
Status: -

Name: USBPORT.SYS
Image Path: H:\WINDOWS\system32\DRIVERS\USBPORT.SYS
Address: 0xB9243000 Size: 147456 File Visible: - Signed: -
Status: -

Name: USBSTOR.SYS
Image Path: H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
Address: 0xBA3F8000 Size: 26368 File Visible: - Signed: -
Status: -

Name: usbuhci.sys
Image Path: H:\WINDOWS\system32\DRIVERS\usbuhci.sys
Address: 0xBA378000 Size: 20608 File Visible: - Signed: -
Status: -

Name: vga.sys
Image Path: H:\WINDOWS\System32\drivers\vga.sys
Address: 0xBA3D0000 Size: 20992 File Visible: - Signed: -
Status: -

Name: VIDEOPRT.SYS
Image Path: H:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS
Address: 0xB8AE1000 Size: 81920 File Visible: - Signed: -
Status: -

Name: VolSnap.sys
Image Path: VolSnap.sys
Address: 0xBA0C8000 Size: 52480 File Visible: - Signed: -
Status: -

Name: wanarp.sys
Image Path: H:\WINDOWS\system32\DRIVERS\wanarp.sys
Address: 0xB927B000 Size: 34560 File Visible: - Signed: -
Status: -

Name: watchdog.sys
Image Path: H:\WINDOWS\System32\watchdog.sys
Address: 0xBA420000 Size: 20480 File Visible: - Signed: -
Status: -

Name: wdmaud.sys
Image Path: H:\WINDOWS\system32\drivers\wdmaud.sys
Address: 0xB482D000 Size: 83072 File Visible: - Signed: -
Status: -

Name: Win32k
Image Path: \Driver\Win32k
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: win32k.sys
Image Path: H:\WINDOWS\System32\win32k.sys
Address: 0xBF800000 Size: 1851392 File Visible: - Signed: -
Status: -

Name: WMILIB.SYS
Image Path: H:\WINDOWS\system32\DRIVERS\WMILIB.SYS
Address: 0xBA5AA000 Size: 8192 File Visible: - Signed: -
Status: -

Name: WMIxWDM
Image Path: \Driver\WMIxWDM
Address: 0x804D7000 Size: 2150400 File Visible: - Signed: -
Status: -

Name: ws2ifsl.sys
Image Path: H:\WINDOWS\System32\drivers\ws2ifsl.sys
Address: 0xB9CA2000 Size: 12032 File Visible: - Signed: -
Status: -

Name: WudfPf.sys
Image Path: WudfPf.sys
Address: 0xB9E14000 Size: 77568 File Visible: - Signed: -
Status: -

-----------------------------------------------------------------------------------
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/06/22 17:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Processes
-------------------
Path: System
PID: 4 Status: -

Path: H:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
PID: 108 Status: -

Path: H:\WINDOWS\system32\alg.exe
PID: 236 Status: -

Path: H:\WINDOWS\explorer.exe
PID: 312 Status: -

Path: H:\WINDOWS\system32\svchost.exe
PID: 568 Status: -

Path: H:\WINDOWS\system32\smss.exe
PID: 644 Status: -

Path: H:\WINDOWS\system32\csrss.exe
PID: 692 Status: -

Path: H:\WINDOWS\system32\winlogon.exe
PID: 716 Status: -

Path: H:\WINDOWS\system32\services.exe
PID: 760 Status: -

Path: H:\WINDOWS\system32\lsass.exe
PID: 772 Status: -

Path: H:\WINDOWS\system32\svchost.exe
PID: 944 Status: -

Path: H:\WINDOWS\system32\svchost.exe
PID: 992 Status: -

Path: H:\WINDOWS\system32\svchost.exe
PID: 1088 Status: -

Path: H:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
PID: 1116 Status: -

Path: H:\WINDOWS\system32\svchost.exe
PID: 1144 Status: -

Path: H:\WINDOWS\system32\svchost.exe
PID: 1200 Status: -

Path: H:\WINDOWS\system32\svchost.exe
PID: 1312 Status: -

Path: H:\WINDOWS\system32\spoolsv.exe
PID: 1508 Status: -

Path: H:\WINDOWS\system32\svchost.exe
PID: 1600 Status: -

Path: H:\Program Files\ICQ6Toolbar\ICQ Service.exe
PID: 1664 Status: -

Path: H:\Program Files\Java\jre6\bin\jqs.exe
PID: 1684 Status: -

Path: H:\WINDOWS\Runservice.exe
PID: 1712 Status: -

Path: H:\WINDOWS\system32\lxddcoms.exe
PID: 1736 Status: -

Path: H:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PID: 1764 Status: -

Path: H:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PID: 1912 Status: -

Path: H:\WINDOWS\system32\nvsvc32.exe
PID: 1996 Status: -

Path: H:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PID: 2020 Status: -

Path: H:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccsvchst.exe
PID: 2152 Status: -

Path: H:\WINDOWS\system32\wscntfy.exe
PID: 2264 Status: -

Path: H:\WINDOWS\RTHDCPL.exe
PID: 2636 Status: -

Path: H:\WINDOWS\system32\puxpman2.exe
PID: 2712 Status: -

Path: H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PID: 2720 Status: -

Path: H:\Program Files\Internet Explorer\iexplore.exe
PID: 2764 Status: -

Path: H:\WINDOWS\system32\rundll32.exe
PID: 2812 Status: -

Path: H:\Program Files\Java\jre6\bin\jusched.exe
PID: 2860 Status: -

Path: H:\Program Files\Internet Explorer\iexplore.exe
PID: 2896 Status: -

Path: H:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PID: 2916 Status: -

Path: H:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PID: 2924 Status: -

Path: H:\WINDOWS\system32\wbem\wmiprvse.exe
PID: 3096 Status: -

Path: H:\Program Files\Labtec\Desktop\6.0\KbdAp32A.exe
PID: 3416 Status: -

Path: H:\Program Files\Labtec\Desktop\6.0\Mouse32V.exe
PID: 3476 Status: -

Path: H:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PID: 3568 Status: -

Path: H:\Documents and Settings\pavel1\Plocha\RootRepeal.exe
PID: 3824 Status: -

Path: H:\WINDOWS\system32\ctfmon.exe
PID: 3888 Status: -

Path: H:\Program Files\Labtec\Desktop\6.0\MOffice.exe
PID: 3912 Status: -

-----------------------------------------------------------------------------
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/06/22 17:15
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

SSDT
-------------------
#: 000 Function Name: NtAcceptConnectPort
Status: Not hooked

#: 001 Function Name: NtAccessCheck
Status: Not hooked

#: 002 Function Name: NtAccessCheckAndAuditAlarm
Status: Not hooked

#: 003 Function Name: NtAccessCheckByType
Status: Not hooked

#: 004 Function Name: NtAccessCheckByTypeAndAuditAlarm
Status: Not hooked

#: 005 Function Name: NtAccessCheckByTypeResultList
Status: Not hooked

#: 006 Function Name: NtAccessCheckByTypeResultListAndAuditAlarm
Status: Not hooked

#: 007 Function Name: NtAccessCheckByTypeResultListAndAuditAlarmByHandle
Status: Not hooked

#: 008 Function Name: NtAddAtom
Status: Not hooked

#: 009 Function Name: NtAddBootEntry
Status: Not hooked

#: 010 Function Name: NtAdjustGroupsToken
Status: Not hooked

#: 011 Function Name: NtAdjustPrivilegesToken
Status: Not hooked

#: 012 Function Name: NtAlertResumeThread
Status: Hooked by "<unknown>" at address 0x8a2b58d8

#: 013 Function Name: NtAlertThread
Status: Hooked by "<unknown>" at address 0x8a32d2c8

#: 014 Function Name: NtAllocateLocallyUniqueId
Status: Not hooked

#: 015 Function Name: NtAllocateUserPhysicalPages
Status: Not hooked

#: 016 Function Name: NtAllocateUuids
Status: Not hooked

#: 017 Function Name: NtAllocateVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a320c70

#: 018 Function Name: NtAreMappedFilesTheSame
Status: Not hooked

#: 019 Function Name: NtAssignProcessToJobObject
Status: Hooked by "<unknown>" at address 0x8a29fc10

#: 020 Function Name: NtCallbackReturn
Status: Not hooked

#: 021 Function Name: NtCancelDeviceWakeupRequest
Status: Not hooked

#: 022 Function Name: NtCancelIoFile
Status: Not hooked

#: 023 Function Name: NtCancelTimer
Status: Not hooked

#: 024 Function Name: NtClearEvent
Status: Not hooked

#: 025 Function Name: NtClose
Status: Not hooked

#: 026 Function Name: NtCloseObjectAuditAlarm
Status: Not hooked

#: 027 Function Name: NtCompactKeys
Status: Not hooked

#: 028 Function Name: NtCompareTokens
Status: Not hooked

#: 029 Function Name: NtCompleteConnectPort
Status: Not hooked

#: 030 Function Name: NtCompressKey
Status: Not hooked

#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x89c7e6f0

#: 032 Function Name: NtContinue
Status: Not hooked

#: 033 Function Name: NtCreateDebugObject
Status: Not hooked

#: 034 Function Name: NtCreateDirectoryObject
Status: Not hooked

#: 035 Function Name: NtCreateEvent
Status: Not hooked

#: 036 Function Name: NtCreateEventPair
Status: Not hooked

#: 037 Function Name: NtCreateFile
Status: Not hooked

#: 038 Function Name: NtCreateIoCompletion
Status: Not hooked

#: 039 Function Name: NtCreateJobObject
Status: Not hooked

#: 040 Function Name: NtCreateJobSet
Status: Not hooked

#: 041 Function Name: NtCreateKey
Status: Hooked by "H:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb5476210

#: 042 Function Name: NtCreateMailslotFile
Status: Not hooked

#: 043 Function Name: NtCreateMutant
Status: Hooked by "<unknown>" at address 0x8a3240a8

#: 044 Function Name: NtCreateNamedPipeFile
Status: Not hooked

#: 045 Function Name: NtCreatePagingFile
Status: Not hooked

#: 046 Function Name: NtCreatePort
Status: Not hooked

#: 047 Function Name: NtCreateProcess
Status: Not hooked

#: 048 Function Name: NtCreateProcessEx
Status: Not hooked

#: 049 Function Name: NtCreateProfile
Status: Not hooked

#: 050 Function Name: NtCreateSection
Status: Not hooked

#: 051 Function Name: NtCreateSemaphore
Status: Not hooked

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "<unknown>" at address 0x8a470f48

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0x88868180

#: 054 Function Name: NtCreateTimer
Status: Not hooked

#: 055 Function Name: NtCreateToken
Status: Not hooked

#: 056 Function Name: NtCreateWaitablePort
Status: Not hooked

#: 057 Function Name: NtDebugActiveProcess
Status: Hooked by "<unknown>" at address 0x8a2a2008

#: 058 Function Name: NtDebugContinue
Status: Not hooked

#: 059 Function Name: NtDelayExecution
Status: Not hooked

#: 060 Function Name: NtDeleteAtom
Status: Not hooked

#: 061 Function Name: NtDeleteBootEntry
Status: Not hooked

#: 062 Function Name: NtDeleteFile
Status: Not hooked

#: 063 Function Name: NtDeleteKey
Status: Hooked by "H:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb5476490

#: 064 Function Name: NtDeleteObjectAuditAlarm
Status: Not hooked

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "H:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb54769f0

#: 066 Function Name: NtDeviceIoControlFile
Status: Not hooked

#: 067 Function Name: NtDisplayString
Status: Not hooked

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "<unknown>" at address 0x8a346a20

#: 069 Function Name: NtDuplicateToken
Status: Not hooked

#: 070 Function Name: NtEnumerateBootEntries
Status: Not hooked

#: 071 Function Name: NtEnumerateKey
Status: Not hooked

#: 072 Function Name: NtEnumerateSystemEnvironmentValuesEx
Status: Not hooked

#: 073 Function Name: NtEnumerateValueKey
Status: Not hooked

#: 074 Function Name: NtExtendSection
Status: Not hooked

#: 075 Function Name: NtFilterToken
Status: Not hooked

#: 076 Function Name: NtFindAtom
Status: Not hooked

#: 077 Function Name: NtFlushBuffersFile
Status: Not hooked

#: 078 Function Name: NtFlushInstructionCache
Status: Not hooked

#: 079 Function Name: NtFlushKey
Status: Not hooked

#: 080 Function Name: NtFlushVirtualMemory
Status: Not hooked

#: 081 Function Name: NtFlushWriteBuffer
Status: Not hooked

#: 082 Function Name: NtFreeUserPhysicalPages
Status: Not hooked

#: 083 Function Name: NtFreeVirtualMemory
Status: Hooked by "<unknown>" at address 0x8886e9b0

#: 084 Function Name: NtFsControlFile
Status: Not hooked

#: 085 Function Name: NtGetContextThread
Status: Not hooked

#: 086 Function Name: NtGetDevicePowerState
Status: Not hooked

#: 087 Function Name: NtGetPlugPlayEvent
Status: Not hooked

#: 088 Function Name: NtGetWriteWatch
Status: Not hooked

#: 089 Function Name: NtImpersonateAnonymousToken
Status: Hooked by "<unknown>" at address 0x8a306f30

#: 090 Function Name: NtImpersonateClientOfPort
Status: Not hooked

#: 091 Function Name: NtImpersonateThread
Status: Hooked by "<unknown>" at address 0x8a2f7fd0

#: 092 Function Name: NtInitializeRegistry
Status: Not hooked

#: 093 Function Name: NtInitiatePowerAction
Status: Not hooked

#: 094 Function Name: NtIsProcessInJob
Status: Not hooked

#: 095 Function Name: NtIsSystemResumeAutomatic
Status: Not hooked

#: 096 Function Name: NtListenPort
Status: Not hooked

#: 097 Function Name: NtLoadDriver
Status: Hooked by "<unknown>" at address 0x89b556d0

#: 098 Function Name: NtLoadKey
Status: Not hooked

#: 099 Function Name: NtLoadKey2
Status: Not hooked

#: 100 Function Name: NtLockFile
Status: Not hooked

#: 101 Function Name: NtLockProductActivationKeys
Status: Not hooked

#: 102 Function Name: NtLockRegistryKey
Status: Not hooked

#: 103 Function Name: NtLockVirtualMemory
Status: Not hooked

#: 104 Function Name: NtMakePermanentObject
Status: Not hooked

#: 105 Function Name: NtMakeTemporaryObject
Status: Not hooked

#: 106 Function Name: NtMapUserPhysicalPages
Status: Not hooked

#: 107 Function Name: NtMapUserPhysicalPagesScatter
Status: Not hooked

#: 108 Function Name: NtMapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a2763f0

#: 109 Function Name: NtModifyBootEntry
Status: Not hooked

#: 110 Function Name: NtNotifyChangeDirectoryFile
Status: Not hooked

#: 111 Function Name: NtNotifyChangeKey
Status: Not hooked

#: 112 Function Name: NtNotifyChangeMultipleKeys
Status: Not hooked

#: 113 Function Name: NtOpenDirectoryObject
Status: Not hooked

#: 114 Function Name: NtOpenEvent
Status: Hooked by "<unknown>" at address 0x8a2ae518

#: 115 Function Name: NtOpenEventPair
Status: Not hooked

#: 116 Function Name: NtOpenFile
Status: Not hooked

#: 117 Function Name: NtOpenIoCompletion
Status: Not hooked

#: 118 Function Name: NtOpenJobObject
Status: Not hooked

#: 119 Function Name: NtOpenKey
Status: Not hooked

#: 120 Function Name: NtOpenMutant
Status: Not hooked

#: 121 Function Name: NtOpenObjectAuditAlarm
Status: Not hooked

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0x8a35fc50

#: 123 Function Name: NtOpenProcessToken
Status: Hooked by "<unknown>" at address 0x8a3a9b90

#: 124 Function Name: NtOpenProcessTokenEx
Status: Not hooked

#: 125 Function Name: NtOpenSection
Status: Hooked by "<unknown>" at address 0x8a2aba90

#: 126 Function Name: NtOpenSemaphore
Status: Not hooked

#: 127 Function Name: NtOpenSymbolicLinkObject
Status: Not hooked

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0x8a3452a0

#: 129 Function Name: NtOpenThreadToken
Status: Not hooked

#: 130 Function Name: NtOpenThreadTokenEx
Status: Not hooked

#: 131 Function Name: NtOpenTimer
Status: Not hooked

#: 132 Function Name: NtPlugPlayControl
Status: Not hooked

#: 133 Function Name: NtPowerInformation
Status: Not hooked

#: 134 Function Name: NtPrivilegeCheck
Status: Not hooked

#: 135 Function Name: NtPrivilegeObjectAuditAlarm
Status: Not hooked

#: 136 Function Name: NtPrivilegedServiceAuditAlarm
Status: Not hooked

#: 137 Function Name: NtProtectVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a4594a8

#: 138 Function Name: NtPulseEvent
Status: Not hooked

#: 139 Function Name: NtQueryAttributesFile
Status: Not hooked

#: 140 Function Name: NtQueryBootEntryOrder
Status: Not hooked

#: 141 Function Name: NtQueryBootOptions
Status: Not hooked

#: 142 Function Name: NtQueryDebugFilterState
Status: Not hooked

#: 143 Function Name: NtQueryDefaultLocale
Status: Not hooked

#: 144 Function Name: NtQueryDefaultUILanguage
Status: Not hooked

#: 145 Function Name: NtQueryDirectoryFile
Status: Not hooked

#: 146 Function Name: NtQueryDirectoryObject
Status: Not hooked

#: 147 Function Name: NtQueryEaFile
Status: Not hooked

#: 148 Function Name: NtQueryEvent
Status: Not hooked

#: 149 Function Name: NtQueryFullAttributesFile
Status: Not hooked

#: 150 Function Name: NtQueryInformationAtom
Status: Not hooked

#: 151 Function Name: NtQueryInformationFile
Status: Not hooked

#: 152 Function Name: NtQueryInformationJobObject
Status: Not hooked

#: 153 Function Name: NtQueryInformationPort
Status: Not hooked

#: 154 Function Name: NtQueryInformationProcess
Status: Not hooked

#: 155 Function Name: NtQueryInformationThread
Status: Not hooked

#: 156 Function Name: NtQueryInformationToken
Status: Not hooked

#: 157 Function Name: NtQueryInstallUILanguage
Status: Not hooked

#: 158 Function Name: NtQueryIntervalProfile
Status: Not hooked

#: 159 Function Name: NtQueryIoCompletion
Status: Not hooked

#: 160 Function Name: NtQueryKey
Status: Not hooked

#: 161 Function Name: NtQueryMultipleValueKey
Status: Not hooked

#: 162 Function Name: NtQueryMutant
Status: Not hooked

#: 163 Function Name: NtQueryObject
Status: Not hooked

#: 164 Function Name: NtQueryOpenSubKeys
Status: Not hooked

#: 165 Function Name: NtQueryPerformanceCounter
Status: Not hooked

#: 166 Function Name: NtQueryQuotaInformationFile
Status: Not hooked

#: 167 Function Name: NtQuerySection
Status: Not hooked

#: 168 Function Name: NtQuerySecurityObject
Status: Not hooked

#: 169 Function Name: NtQuerySemaphore
Status: Not hooked

#: 170 Function Name: NtQuerySymbolicLinkObject
Status: Not hooked

#: 171 Function Name: NtQuerySystemEnvironmentValue
Status: Not hooked

#: 172 Function Name: NtQuerySystemEnvironmentValueEx
Status: Not hooked

#: 173 Function Name: NtQuerySystemInformation
Status: Not hooked

#: 174 Function Name: NtQuerySystemTime
Status: Not hooked

#: 175 Function Name: NtQueryTimer
Status: Not hooked

#: 176 Function Name: NtQueryTimerResolution
Status: Not hooked

#: 177 Function Name: NtQueryValueKey
Status: Not hooked

#: 178 Function Name: NtQueryVirtualMemory
Status: Not hooked

#: 179 Function Name: NtQueryVolumeInformationFile
Status: Not hooked

#: 180 Function Name: NtQueueApcThread
Status: Not hooked

#: 181 Function Name: NtRaiseException
Status: Not hooked

#: 182 Function Name: NtRaiseHardError
Status: Not hooked

#: 183 Function Name: NtReadFile
Status: Not hooked

#: 184 Function Name: NtReadFileScatter
Status: Not hooked

#: 185 Function Name: NtReadRequestData
Status: Not hooked

#: 186 Function Name: NtReadVirtualMemory
Status: Not hooked

#: 187 Function Name: NtRegisterThreadTerminatePort
Status: Not hooked

#: 188 Function Name: NtReleaseMutant
Status: Not hooked

#: 189 Function Name: NtReleaseSemaphore
Status: Not hooked

#: 190 Function Name: NtRemoveIoCompletion
Status: Not hooked

#: 191 Function Name: NtRemoveProcessDebug
Status: Not hooked

#: 192 Function Name: NtRenameKey
Status: Not hooked

#: 193 Function Name: NtReplaceKey
Status: Not hooked

#: 194 Function Name: NtReplyPort
Status: Not hooked

#: 195 Function Name: NtReplyWaitReceivePort
Status: Not hooked

#: 196 Function Name: NtReplyWaitReceivePortEx
Status: Not hooked

#: 197 Function Name: NtReplyWaitReplyPort
Status: Not hooked

#: 198 Function Name: NtRequestDeviceWakeup
Status: Not hooked

#: 199 Function Name: NtRequestPort
Status: Not hooked

#: 200 Function Name: NtRequestWaitReplyPort
Status: Not hooked

#: 201 Function Name: NtRequestWakeupLatency
Status: Not hooked

#: 202 Function Name: NtResetEvent
Status: Not hooked

#: 203 Function Name: NtResetWriteWatch
Status: Not hooked

#: 204 Function Name: NtRestoreKey
Status: Not hooked

#: 205 Function Name: NtResumeProcess
Status: Not hooked

#: 206 Function Name: NtResumeThread
Status: Hooked by "<unknown>" at address 0x8a33af58

#: 207 Function Name: NtSaveKey
Status: Not hooked

#: 208 Function Name: NtSaveKeyEx
Status: Not hooked

#: 209 Function Name: NtSaveMergedKeys
Status: Not hooked

#: 210 Function Name: NtSecureConnectPort
Status: Not hooked

#: 211 Function Name: NtSetBootEntryOrder
Status: Not hooked

#: 212 Function Name: NtSetBootOptions
Status: Not hooked

#: 213 Function Name: NtSetContextThread
Status: Hooked by "<unknown>" at address 0x8a354058

#: 214 Function Name: NtSetDebugFilterState
Status: Not hooked

#: 215 Function Name: NtSetDefaultHardErrorPort
Status: Not hooked

#: 216 Function Name: NtSetDefaultLocale
Status: Not hooked

#: 217 Function Name: NtSetDefaultUILanguage
Status: Not hooked

#: 218 Function Name: NtSetEaFile
Status: Not hooked

#: 219 Function Name: NtSetEvent
Status: Not hooked

#: 220 Function Name: NtSetEventBoostPriority
Status: Not hooked

#: 221 Function Name: NtSetHighEventPair
Status: Not hooked

#: 222 Function Name: NtSetHighWaitLowEventPair
Status: Not hooked

#: 223 Function Name: NtSetInformationDebugObject
Status: Not hooked

#: 224 Function Name: NtSetInformationFile
Status: Not hooked

#: 225 Function Name: NtSetInformationJobObject
Status: Not hooked

#: 226 Function Name: NtSetInformationKey
Status: Not hooked

#: 227 Function Name: NtSetInformationObject
Status: Not hooked

#: 228 Function Name: NtSetInformationProcess
Status: Hooked by "<unknown>" at address 0x8a2ee8b0

#: 229 Function Name: NtSetInformationThread
Status: Not hooked

#: 230 Function Name: NtSetInformationToken
Status: Not hooked

#: 231 Function Name: NtSetIntervalProfile
Status: Not hooked

#: 232 Function Name: NtSetIoCompletion
Status: Not hooked

#: 233 Function Name: NtSetLdtEntries
Status: Not hooked

#: 234 Function Name: NtSetLowEventPair
Status: Not hooked

#: 235 Function Name: NtSetLowWaitHighEventPair
Status: Not hooked

#: 236 Function Name: NtSetQuotaInformationFile
Status: Not hooked

#: 237 Function Name: NtSetSecurityObject
Status: Not hooked

#: 238 Function Name: NtSetSystemEnvironmentValue
Status: Not hooked

#: 239 Function Name: NtSetSystemEnvironmentValueEx
Status: Not hooked

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "<unknown>" at address 0x8a2ab378

#: 241 Function Name: NtSetSystemPowerState
Status: Not hooked

#: 242 Function Name: NtSetSystemTime
Status: Not hooked

#: 243 Function Name: NtSetThreadExecutionState
Status: Not hooked

#: 244 Function Name: NtSetTimer
Status: Not hooked

#: 245 Function Name: NtSetTimerResolution
Status: Not hooked

#: 246 Function Name: NtSetUuidSeed
Status: Not hooked

#: 247 Function Name: NtSetValueKey
Status: Hooked by "H:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb5476c40

#: 248 Function Name: NtSetVolumeInformationFile
Status: Not hooked

#: 249 Function Name: NtShutdownSystem
Status: Not hooked

#: 250 Function Name: NtSignalAndWaitForSingleObject
Status: Not hooked

#: 251 Function Name: NtStartProfile
Status: Not hooked

#: 252 Function Name: NtStopProfile
Status: Not hooked

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "<unknown>" at address 0x8a2abcd0

#: 254 Function Name: NtSuspendThread
Status: Hooked by "<unknown>" at address 0x8a379008

#: 255 Function Name: NtSystemDebugControl
Status: Not hooked

#: 256 Function Name: NtTerminateJobObject
Status: Not hooked

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0x8a43ca78

#: 258 Function Name: NtTerminateThread
Status: Hooked by "<unknown>" at address 0x8a350770

#: 259 Function Name: NtTestAlert
Status: Not hooked

#: 260 Function Name: NtTraceEvent
Status: Not hooked

#: 261 Function Name: NtTranslateFilePath
Status: Not hooked

#: 262 Function Name: NtUnloadDriver
Status: Not hooked

#: 263 Function Name: NtUnloadKey
Status: Not hooked

#: 264 Function Name: NtUnloadKeyEx
Status: Not hooked

#: 265 Function Name: NtUnlockFile
Status: Not hooked

#: 266 Function Name: NtUnlockVirtualMemory
Status: Not hooked

#: 267 Function Name: NtUnmapViewOfSection
Status: Hooked by "<unknown>" at address 0x8a369580

#: 268 Function Name: NtVdmControl
Status: Not hooked

#: 269 Function Name: NtWaitForDebugEvent
Status: Not hooked

#: 270 Function Name: NtWaitForMultipleObjects
Status: Not hooked

#: 271 Function Name: NtWaitForSingleObject
Status: Not hooked

#: 272 Function Name: NtWaitHighEventPair
Status: Not hooked

#: 273 Function Name: NtWaitLowEventPair
Status: Not hooked

#: 274 Function Name: NtWriteFile
Status: Not hooked

#: 275 Function Name: NtWriteFileGather
Status: Not hooked

#: 276 Function Name: NtWriteRequestData
Status: Not hooked

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0x8a2f3670

#: 278 Function Name: NtYieldExecution
Status: Not hooked

#: 279 Function Name: NtCreateKeyedEvent
Status: Not hooked

#: 280 Function Name: NtOpenKeyedEvent
Status: Not hooked

#: 281 Function Name: NtReleaseKeyedEvent
Status: Not hooked

#: 282 Function Name: NtWaitForKeyedEvent
Status: Not hooked

#: 283 Function Name: NtQueryPortInformationProcess
Status: Not hooked

-----------------------------------------------------------------------------
stealth je prázdný

Re: Norton IS2010 mi nahlásil rootkit, pomůžete mi? Dík

Napsal: 23 čer 2010 18:52
od earl
:arrow:Otestujte na VIRUSTOTALu a JOTTISCANu

H:\WINDOWS\Runservice.exe

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet , najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor; dejte skenerum nejakych deset minut; vysledky sem vlozte)

Pokud skener napíše, že soubor již byl testován, dejte otestovat znovu.

:arrow: Pouzijte HitmanPro viz muj podpis a log z nej vlozte sem.

:arrow: Stahnete Rootkit Revealer

Rozbalte ZIP archiv a spustte aplikaci.

Kliknete na tlacitko Scan a po dokonceni scanu kliknete na File - Save a ulozeny log vlozte sem.

Re: Norton IS2010 mi nahlásil rootkit, pomůžete mi? Dík

Napsal: 23 čer 2010 23:32
od multi
Soubor Runservice.exe přijatý 2010.06.23 21:37:57 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/41 (0%)

a-squared 5.0.0.30 2010.06.22 -
AhnLab-V3 2010.06.22.00 2010.06.22 -
AntiVir 8.2.2.6 2010.06.21 -
Antiy-AVL 2.0.3.7 2010.06.22 -
Authentium 5.2.0.5 2010.06.22 -
Avast 4.8.1351.0 2010.06.21 -
Avast5 5.0.332.0 2010.06.21 -
AVG 9.0.0.787 2010.06.21 -
BitDefender 7.2 2010.06.22 -
CAT-QuickHeal 10.00 2010.06.22 -
ClamAV 0.96.0.3-git 2010.06.22 -
Comodo 5180 2010.06.22 -
DrWeb 5.0.2.03300 2010.06.22 -
eSafe 7.0.17.0 2010.06.20 -
eTrust-Vet 36.1.7657 2010.06.22 -
F-Prot 4.6.1.107 2010.06.21 -
F-Secure 9.0.15370.0 2010.06.22 -
Fortinet 4.1.133.0 2010.06.21 -
GData 21 2010.06.22 -
Ikarus T3.1.1.84.0 2010.06.22 -
Jiangmin 13.0.900 2010.06.15 -
Kaspersky 7.0.0.125 2010.06.22 -
McAfee 5.400.0.1158 2010.06.22 -
McAfee-GW-Edition 2010.1 2010.06.22 -
Microsoft 1.5902 2010.06.22 -
NOD32 5216 2010.06.21 -
Norman 6.05.06 2010.06.21 -
nProtect 2010-06-21.01 2010.06.21 -
Panda 10.0.2.7 2010.06.21 -
PCTools 7.0.3.5 2010.06.22 -
Prevx 3.0 2010.06.23 -
Rising 22.53.01.04 2010.06.22 -
Sophos 4.54.0 2010.06.22 -
Sunbelt 6483 2010.06.21 -
Symantec 20101.1.0.89 2010.06.22 -
TheHacker 6.5.2.0.302 2010.06.22 -
TrendMicro 9.120.0.1004 2010.06.22 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.22 -
VBA32 3.12.12.5 2010.06.22 -
ViRobot 2010.6.21.3896 2010.06.22 -
VirusBuster 5.0.27.0 2010.06.21 -
Rozšiřující informace
File size: 16384 bytes
MD5...: 47901eadca0971a997ed926f0ec316c4
SHA1..: 1a2491812bd8f04a44462c2f217d3d4fd9ea7d35
SHA256: 727654bdcd2d2911cef14c9c1ba161309a2e3d260bf58c77a406e218be886e26
ssdeep: 12:eFGSGnH3+fw9We5gTSMC7qTTdKtAJdLXQ1yd+XeoEi5sIdD6Z5XDRp0:eFGSR
w955gYWndIQTJd+VZlDE5XDRp

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x107c
timedatestamp.....: 0x40d79bda (Tue Jun 22 02:39:22 2004)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0xef 0x1000 0.57 14beb77744599f028acc3eb0855999db
.rdata 0x2000 0x15e 0x1000 0.57 547487a754634140c35a86838d4e97ec
.data 0x3000 0xf0 0x1000 0.21 1fd40be92741a3d0b5d3523817ed6f14

( 3 imports )
> KERNEL32.dll: GetLastError, LoadLibraryA, GetProcAddress, GetVersionExA
> USER32.dll: wsprintfA
> ADVAPI32.dll: DeregisterEventSource, RegisterEventSourceA, ReportEventA

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

---------------------------------------------------------------------------------

Jottiho malware test
Název souboru: Runservice.exe
Stav: Test dokončen. 0 z 19 programů nalezlo škodlivý kód.
Test proveden: St 23 čen 2010 23:44:17 (CET) Trvalý odkaz

Podrobné informace
Velikost souboru: 16384 bajtů
Typ souboru: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5: 47901eadca0971a997ed926f0ec316c4
SHA1: 1a2491812bd8f04a44462c2f217d3d4fd9ea7d35

-------------------------------------------------------------------------------------
hitman

- <Log computer="PAVEL" scan="Normal" version="3.5.6.105" date="2010-06-23T23:54:45" timeSpentInSecs="1008" filesProcessed="21015">
- <Item type="Suspicious" score="31.0" status="None">
<File path="C:\Program FilesTHQCompany of Heroes\RelicCOH.exe" hash="313BBBAEBB278F2948B02D20F1DAD39B8AF71B650CC3DF567F95E54678160761" />
- <Startup>
<Key path="HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program FilesTHQCompany of Heroes\RelicCOH.exe" />
</Startup>
- <References>
<File path="H:\Documents and Settings\All Users\Data aplikací\Microsoft\Windows\GameExplorer\{F9B727CB-E5D5-403d-BDA4-82E8D07C06AF}\PlayTasks\0\Hrát.lnk" />
<File path="H:\Documents and Settings\All Users\Nabídka Start\Programy\THQ\Company of Heroes\Company of Heroes.lnk" />
<File path="H:\Documents and Settings\pavel1\Plocha\Company of Heroes.lnk" />
<File path="H:\Documents and Settings\pavel1\Plocha\Hry\Company of Heroes.lnk" />
</References>
</Item>
- <Item type="Repair" score="0.0" status="None">
<File path="H:\Documents and Settings\pavel1\Cookies\pavel1@ads.gamesbannernet[1].txt" />
</Item>
- <Item type="Repair" score="0.0" status="None">
<File path="H:\Documents and Settings\pavel1\Cookies\pavel1@ar.atwola[1].txt" />
</Item>
- <Item type="Repair" score="0.0" status="None">
<File path="H:\Documents and Settings\pavel1\Cookies\pavel1@at.atwola[2].txt" />
</Item>
- <Item type="Repair" score="0.0" status="None">
<File path="H:\Documents and Settings\pavel1\Cookies\pavel1@atdmt[1].txt" />
</Item>
- <Item type="Repair" score="0.0" status="None">
<File path="H:\Documents and Settings\pavel1\Cookies\pavel1@atwola[2].txt" />
</Item>
- <Item type="Repair" score="0.0" status="None">
<File path="H:\Documents and Settings\pavel1\Cookies\pavel1@cdn.at.atwola[1].txt" />
</Item>
- <Item type="Repair" score="0.0" status="None">
<File path="H:\Documents and Settings\pavel1\Cookies\pavel1@content.yieldmanager[2].txt" />
</Item>
- <Item type="Repair" score="0.0" status="None">
<File path="H:\Documents and Settings\pavel1\Cookies\pavel1@server.cpmstar[1].txt" />
</Item>
- <Item type="Repair" score="0.0" status="None">
<File path="H:\Documents and Settings\pavel1\Cookies\pavel1@tacoda[2].txt" />
</Item>
- <Item type="Suspicious" score="29.0" status="None">
<File path="H:\Documents and Settings\pavel1\Plocha\Warhammer Dawn of War 2\Platform.dll" hash="F4FD6BB5649A4ED31F432D1DC852B33335ED933CE04D19E36DD946477ED5058F" />
</Item>
- <Item type="Malware" malwareName="Malware" score="103.0" status="None">
- <Scanners>
<Scanner id="Prevx" name="High Risk Worm" />
</Scanners>
<File path="H:\Program Files\War Chess\WarChess.exe" hash="4CB2F11A5F6CA6044231841F6D21DF894B94FD763CB8F6043113E2C7AAB1DEC5" />
- <References>
<File path="H:\Documents and Settings\All Users\Nabídka Start\Programy\War Chess\War Chess.lnk" />
<File path="H:\Documents and Settings\pavel1\Plocha\War Chess.lnk" />
</References>
</Item>
</Log>

------------------------------------------------------------------------------
Rootkitrevealer

HKU\S-1-5-21-1482476501-57989841-725345543-1004\Console 22.6.2010 16:08 0 bytes Security mismatch.
HKU\S-1-5-21-1482476501-57989841-725345543-1004\RemoteAccess\InternetProfile 13.1.2008 16:18 13 bytes Data mismatch between Windows API and raw hive data.
HKU\S-1-5-21-1482476501-57989841-725345543-1004\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY* 14.6.2010 18:32 0 bytes Key name contains embedded nulls (*)
HKU\S-1-5-21-1482476501-57989841-725345543-1004\Software\SecuROM\License information* 16.8.2009 13:42 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAC* 12.8.2007 15:32 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 12.8.2007 15:32 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o 19.10.2009 18:32 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Swearware\backup\winsock2 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000015 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000016 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000017 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000018 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000020 21.6.2010 11:15 0 bytes Security mismatch.
HKLM\SOFTWARE\Swearware\backup\winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000021 21.6.2010 11:15 0 bytes Security mismatch.
H:\Documents and Settings\pavel1\Dokumenty\CA496RC1.:Zone.Identifier 14.1.2008 15:50 26 bytes Hidden from Windows API.
H:\Documents and Settings\pavel1\Dokumenty\CAGLIZKX.:Zone.Identifier 14.1.2008 16:25 26 bytes Hidden from Windows API.
H:\Documents and Settings\pavel1\Plocha\CAIN63QP.:Zone.Identifier 26.1.2009 17:52 26 bytes Hidden from Windows API.

Re: Norton IS2010 mi nahlásil rootkit, pomůžete mi? Dík

Napsal: 24 čer 2010 13:32
od earl
Ok.

Jeste docistime po procesu odvirovani:

:arrow: Start - spustit - napiste ComboFix /Uninstall - a klepnout na OK,

pokud to takto nepujde,tak přejmenovat ComboFix.exe na Uninstall.exe a spustit ho.
-----------------------------------------------------------------------------------------------------------------

:arrow: Pouzijte T-Cleaner na vycisteni pc po utilitach pouzitych pri odvirovani.

Postupujte dle instrukci na obrazovce.Pri detekci antivirem se jedna o falesny poplach. :!:
-----------------------------------------------------------------------------------------------------------------

:arrow: Vycistete pc Ccleanerem.

Vzdy nejprve Analyzovat a pak Spustit Cleaner.2x po sobe.

Windows-odskrtnout historii a historii automatickeho vyplnovani formularu - prisel byste o historii navstivenych stranek a o ulozena hesla ve formularich

(je to sice z pohledu zabezpeceni spatne,ale aspon pak uzivatel nenadava,kam ze mu to zmizelo :D )

Aplikace-u prohlizecu internetu odskrtnout Historii internetu.

Registry-nechat vse zaskrtle,Hledej problemy,Opravit vybrane problemy

(nechat ho udelat zalohu-ta je ulozena v Dokumentech-DULEZITE).

Taktez 2x-3x po sobe.

A hotovo.

Re: Norton IS2010 mi nahlásil rootkit, pomůžete mi? Dík

Napsal: 29 čer 2010 17:17
od multi
Díky, je to v pořádku.

Re: Norton IS2010 mi nahlásil rootkit, pomůžete mi? Dík

Napsal: 29 čer 2010 19:09
od earl
Ok,nemate zac.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz