Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Jak odstranit : Bloodhound.Exploit.343

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
overcloker.cz
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 10 srp 2010 20:25

Jak odstranit : Bloodhound.Exploit.343

#1 Příspěvek od overcloker.cz »

Zdravím,

na síť se nám dostal tento virus. Je asi na 3 serverech a netuším jak na něj. Na PC je WIN2003 R2, poslední záplaty nainstalovány a nainstalován antivirus Symantec endpoint protection opět plně aktualizovaný. Pokusím se popsat chování systému. Jedná se o file server, který se tváří, že je čistý do té doby než na něj přistoupí po síti libovolný uživatel, případně uživatel přihlášení na serveru. Ve chvíli když začne procházet složkami tak Symantec začne pomocí realtime protekce hlásit že je infikovaný soubor tj. připadá mi to, že na serveru běží nějaký rezident, na kterého bohužel nevím jak vyzrát. Moc děkuji za pomoc.

Přikládám log z HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:54, on 10.8.2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\bedbg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\VMware\VMware Tools\VMwareService.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\beremote.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\DWHWizrd.exe
C:\Documents and Settings\Administrator.CEE\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VxBeMon] "C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 0348253265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0348246906
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cee.kingspan.net
O17 - HKLM\Software\..\Telephony: DomainName = cee.kingspan.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{740F9941-51BC-4BF0-920A-ED07B1CDFA1B}: NameServer = 192.168.92.17,192.168.92.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cee.kingspan.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{740F9941-51BC-4BF0-920A-ED07B1CDFA1B}: NameServer = 192.168.92.17,192.168.92.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cee.kingspan.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{740F9941-51BC-4BF0-920A-ED07B1CDFA1B}: NameServer = 192.168.92.17,192.168.92.15
O23 - Service: Backup Exec Remote Agent for Windows Systems (BackupExecAgentAccelerator) - Symantec Corporation - C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\beremote.exe
O23 - Service: Backup Exec VSS Provider (BackupExecVSSProvider) - Symantec Corporation - C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\VSS Provider\bevssprovider.exe
O23 - Service: Backup Exec Error Recording Service (bedbg) - Symantec Corporation - C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\bedbg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Backup Exec PureDisk Filesystem Service (PDVFSService) - Unknown owner - C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\PDVFSService.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: VMware Physical Disk Helper Service - Unknown owner - C:\Program Files\VMware\VMware Tools\vmacthlp.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 6701 bytes
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Jak odstranit : Bloodhound.Exploit.343

#2 Příspěvek od vyosek »

Zdravim :)

Jakou sit mate na mysli :???: Firemni ci jakou :???:
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
overcloker.cz
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 10 srp 2010 20:25

Re: Jak odstranit : Bloodhound.Exploit.343

#3 Příspěvek od overcloker.cz »

Jedná se firemní síť.
Nahoru
overcloker.cz
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 10 srp 2010 20:25

Re: Jak odstranit : Bloodhound.Exploit.343

#4 Příspěvek od overcloker.cz »

Přikládám ještě LOG z RSIT:

Logfile of random's system information tool 1.08 (written by random/random)
Run by administrator at 2010-08-10 21:37:22
Microsoft(R) Windows(R) Server 2003, Standard Edition Service Pack 2
System drive C: has 4 GB (31%) free of 12 GB
Total RAM: 1023 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:37:31, on 10.8.2010
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\VMware\VMware Tools\vmacthlp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\bedbg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\VMware\VMware Tools\VMwareService.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\TeamViewer\Version5\TeamViewer.exe
C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\beremote.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VMware\VMware Tools\VMwareTray.exe
C:\Program Files\VMware\VMware Tools\VMwareUser.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\DWHWizrd.exe
C:\Documents and Settings\Administrator.CEE\Desktop\RSIT.exe
C:\Program Files\trend micro\administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/softAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O4 - HKLM\..\Run: [VMware Tools] C:\Program Files\VMware\VMware Tools\VMwareTray.exe
O4 - HKLM\..\Run: [VMware User Process] C:\Program Files\VMware\VMware Tools\VMwareUser.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VxBeMon] "C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 0348253265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0348246906
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cee.kingspan.net
O17 - HKLM\Software\..\Telephony: DomainName = cee.kingspan.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{740F9941-51BC-4BF0-920A-ED07B1CDFA1B}: NameServer = 192.168.92.17,192.168.92.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cee.kingspan.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{740F9941-51BC-4BF0-920A-ED07B1CDFA1B}: NameServer = 192.168.92.17,192.168.92.15
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = cee.kingspan.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{740F9941-51BC-4BF0-920A-ED07B1CDFA1B}: NameServer = 192.168.92.17,192.168.92.15
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Backup Exec Remote Agent for Windows Systems (BackupExecAgentAccelerator) - Symantec Corporation - C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\beremote.exe
O23 - Service: Backup Exec VSS Provider (BackupExecVSSProvider) - Symantec Corporation - C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\VSS Provider\bevssprovider.exe
O23 - Service: Backup Exec Error Recording Service (bedbg) - Symantec Corporation - C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\bedbg.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Backup Exec PureDisk Filesystem Service (PDVFSService) - Unknown owner - C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\PDVFSService.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: VMware Tools Service (VMTools) - VMware, Inc. - C:\Program Files\VMware\VMware Tools\VMwareService.exe
O23 - Service: VMware Physical Disk Helper Service - Unknown owner - C:\Program Files\VMware\VMware Tools\vmacthlp.exe
O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe

--
End of file - 7004 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"VMware Tools"=C:\Program Files\VMware\VMware Tools\VMwareTray.exe [2008-08-13 100912]
"VMware User Process"=C:\Program Files\VMware\VMware Tools\VMwareUser.exe [2008-08-13 350768]
"WinVNC"=C:\Program Files\UltraVNC\WinVNC.exe [2006-06-18 712704]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2009-07-23 115560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2007-02-17 15360]
"VxBeMon"=C:\Program Files\Symantec\Backup Exec\RAWS\vxmon.exe [2009-12-01 1351496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
C:\WINDOWS\system32\crypt32.dll [2007-02-17 595456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
C:\WINDOWS\system32\cryptnet.dll [2007-02-17 62464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
C:\WINDOWS\system32\cscdll.dll [2007-02-17 101888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
C:\WINDOWS\system32\dimsntfy.dll [2007-02-17 19456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
C:\WINDOWS\system32\sclgntfy.dll [2005-11-30 19968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
C:\WINDOWS\system32\WlNotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
C:\WINDOWS\system32\wlnotify.dll [2007-02-17 96768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll [2010-07-27 8361984]
CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll [2010-07-27 8361984]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll [2009-03-08 236544]
SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll [2007-02-17 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll [2007-02-17 1033216]
Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll [2007-02-17 1033216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=C:\WINDOWS\system32\shell32.dll [2010-07-27 8361984]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=RASSFM
KDCSVC
WDIGEST
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Base]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Boot file system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmadmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmboot.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmio.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmload.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dmserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\DnsCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EventLog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\File system]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HelpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ip6fw.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ipnat.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\LmHosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Messenger]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NDIS Wrapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBIOSGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetBT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetDDEGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Network]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NetworkProvider]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NtLmSsp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PCI Configuration]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP Filter]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PNP_TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Primary disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpcdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpwd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdsessmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCSI Class]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sermouse.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Streams Drivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\System Bus Extender]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TDI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdpipe.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tdtcp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\termservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vga.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vgasave.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WZCSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{36FC9E60-C465-11CF-8056-444553540000}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"disablecad"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=0
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"ShowSuperHidden"=1
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\beremote.exe"="C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\beremote.exe:*:Enabled:Backup Exec Remote Agent for Windows Systems"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\beremote.exe"="C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\beremote.exe:*:Enabled:Backup Exec Remote Agent for Windows Systems"

======List of files/folders created in the last 1 months======

2010-08-10 21:37:22 ----D---- C:\rsit
2010-08-10 21:37:22 ----D---- C:\Program Files\trend micro
2010-08-10 20:11:33 ----D---- C:\Program Files\CCleaner
2010-08-10 08:35:12 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-08-10 08:34:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$
2010-08-10 08:34:00 ----HDC---- C:\WINDOWS\$NtUninstallKB979907$
2010-08-10 08:33:34 ----HDC---- C:\WINDOWS\$NtUninstallKB980195$
2010-08-10 08:32:58 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-08-10 08:25:54 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-08-10 08:25:24 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-08-10 08:24:42 ----HDC---- C:\WINDOWS\$NtUninstallKB980218$
2010-08-10 08:24:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-08-10 08:23:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978695$
2010-08-10 08:22:27 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-07-27 08:25:36 ----A---- C:\WINDOWS\system32\shell32.dll
2010-07-13 11:26:48 ----D---- C:\Documents and Settings\Administrator.CEE\Application Data\TeamViewer
2010-07-13 11:26:42 ----D---- C:\Program Files\TeamViewer

======List of files/folders modified in the last 1 months======

2010-08-10 21:37:22 ----RD---- C:\Program Files
2010-08-10 21:35:29 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-10 21:35:18 ----D---- C:\WINDOWS\Temp
2010-08-10 20:14:24 ----D---- C:\WINDOWS\Debug
2010-08-10 20:14:24 ----D---- C:\WINDOWS
2010-08-10 17:14:21 ----D---- C:\WINDOWS\security
2010-08-10 08:41:33 ----D---- C:\WINDOWS\system32
2010-08-10 08:41:33 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-10 08:37:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-10 08:35:47 ----D---- C:\WINDOWS\inf
2010-08-10 08:35:16 ----D---- C:\Program Files\Outlook Express
2010-08-10 08:33:57 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-10 08:30:05 ----SHD---- C:\Config.Msi
2010-08-10 08:21:33 ----D---- C:\Program Files\Internet Explorer
2010-08-10 08:21:20 ----D---- C:\WINDOWS\ie8updates
2010-07-26 02:13:25 ----SHD---- C:\System Volume Information
2010-07-23 19:31:14 ----D---- C:\INSTALL

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ACPI;Microsoft ACPI Driver; C:\WINDOWS\system32\DRIVERS\ACPI.sys [2007-02-17 194048]
R0 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2007-02-17 44032]
R0 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2007-02-17 96768]
R0 Compbatt;Microsoft Composite Battery Driver; C:\WINDOWS\system32\DRIVERS\compbatt.sys [2007-02-17 10624]
R0 crcdisk;CRC Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2007-02-17 17920]
R0 DfsDriver;DfsDriver; C:\WINDOWS\system32\drivers\Dfs.sys [2007-02-17 34816]
R0 Disk;Disk Driver; C:\WINDOWS\system32\DRIVERS\disk.sys [2007-02-17 39936]
R0 dmio;Logical Disk Manager Driver; C:\WINDOWS\System32\drivers\dmio.sys [2007-02-17 150528]
R0 dmload;dmload; C:\WINDOWS\System32\drivers\dmload.sys [2005-11-30 7680]
R0 FltMgr;FltMgr; C:\WINDOWS\system32\drivers\fltmgr.sys [2007-02-17 130560]
R0 Ftdisk;Volume Manager Driver; C:\WINDOWS\system32\DRIVERS\ftdisk.sys [2007-02-17 137216]
R0 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2007-02-17 7680]
R0 isapnp;PnP ISA/EISA Bus Driver; C:\WINDOWS\system32\DRIVERS\isapnp.sys [2007-02-17 38912]
R0 KSecDD;KSecDD; C:\WINDOWS\system32\drivers\KSecDD.sys [2009-06-15 134656]
R0 MountMgr;Mount Point Manager; C:\WINDOWS\system32\drivers\MountMgr.sys [2007-02-17 46592]
R0 Mup;Mup; C:\WINDOWS\system32\drivers\Mup.sys [2007-02-17 103424]
R0 NDIS;NDIS System Driver; C:\WINDOWS\system32\drivers\NDIS.sys [2007-02-17 210432]
R0 PartMgr;Partition Manager; C:\WINDOWS\system32\drivers\PartMgr.sys [2007-02-17 25088]
R0 PCI;PCI Bus Driver; C:\WINDOWS\system32\DRIVERS\pci.sys [2007-02-17 74752]
R0 symmpi;symmpi; C:\WINDOWS\system32\DRIVERS\symmpi.sys [2005-11-30 49664]
R0 VolSnap;Storage volumes; C:\WINDOWS\system32\DRIVERS\volsnap.sys [2007-02-17 153600]
R1 AFD;AFD; C:\WINDOWS\System32\drivers\afd.sys [2008-08-14 150528]
R1 Beep;Beep; C:\WINDOWS\system32\drivers\Beep.sys [2005-11-30 6144]
R1 Cdrom;CD-ROM Driver; C:\WINDOWS\system32\DRIVERS\cdrom.sys [2007-02-17 52224]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 Fips;Fips; C:\WINDOWS\system32\drivers\Fips.sys [2007-02-17 45568]
R1 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver; C:\WINDOWS\system32\DRIVERS\i8042prt.sys [2007-02-17 55808]
R1 IPSec;IPSEC driver; C:\WINDOWS\system32\DRIVERS\ipsec.sys [2007-02-17 82432]
R1 Kbdclass;Keyboard Class Driver; C:\WINDOWS\system32\DRIVERS\kbdclass.sys [2007-02-17 25600]
R1 mnmdd;mnmdd; C:\WINDOWS\system32\drivers\mnmdd.sys [2005-11-30 6144]
R1 Mouclass;Mouse Class Driver; C:\WINDOWS\system32\DRIVERS\mouclass.sys [2003-03-24 23040]
R1 MRxSmb;MRXSMB; C:\WINDOWS\system32\DRIVERS\mrxsmb.sys [2010-02-24 438784]
R1 Msfs;Msfs; C:\WINDOWS\system32\drivers\Msfs.sys [2007-02-17 21504]
R1 NetBIOS;NetBIOS Interface; C:\WINDOWS\system32\DRIVERS\netbios.sys [2007-02-17 34816]
R1 NetBT;NetBios over Tcpip; C:\WINDOWS\system32\DRIVERS\netbt.sys [2007-02-17 180224]
R1 Npfs;Npfs; C:\WINDOWS\system32\drivers\Npfs.sys [2007-02-17 32256]
R1 Null;Null; C:\WINDOWS\system32\drivers\Null.sys [2005-11-30 4608]
R1 PDVFSDriver;PDVFSDriver; C:\WINDOWS\system32\drivers\pdfsd.sys [2009-10-16 56416]
R1 RasAcd;Remote Access Auto Connection Driver; C:\WINDOWS\system32\DRIVERS\rasacd.sys [2005-11-30 10752]
R1 Rdbss;Rdbss; C:\WINDOWS\system32\DRIVERS\rdbss.sys [2010-02-24 177664]
R1 RDPCDD;RDPCDD; C:\WINDOWS\System32\DRIVERS\RDPCDD.sys [2005-11-30 6144]
R1 redbook;Digital CD Audio Playback Filter Driver; C:\WINDOWS\system32\DRIVERS\redbook.sys [2007-02-17 60928]
R1 Serial;Serial port driver; C:\WINDOWS\system32\DRIVERS\serial.sys [2007-02-17 65536]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2009-07-23 280112]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2009-07-23 43824]
R1 Tcpip;TCP/IP Protocol Driver; C:\WINDOWS\system32\DRIVERS\tcpip.sys [2009-08-15 393216]
R1 TermDD;Terminal Device Driver; C:\WINDOWS\system32\DRIVERS\termdd.sys [2007-02-17 41608]
R1 VgaSave;VGA Display Controller.; C:\WINDOWS\System32\drivers\vga.sys [2007-02-17 23552]
R2 LGTO_Sync;Sync Driver; \??\C:\WINDOWS\system32\Drivers\lgtosync.sys []
R2 Parvdm;Parvdm; C:\WINDOWS\system32\DRIVERS\parvdm.sys [2005-11-30 8704]
R2 VMMEMCTL;VMware server memory controller; \??\C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys []
R2 vnccom;vnccom; C:\WINDOWS\System32\Drivers\vnccom.SYS [2004-06-26 6016]
R2 WGX;Extend WG Protocol Driver; C:\WINDOWS\System32\Drivers\WGX.SYS [2009-07-23 38056]
R3 audstub;Audio Stub Driver; C:\WINDOWS\system32\DRIVERS\audstub.sys [2003-03-25 5120]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2007-02-17 14080]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 Fdc;Floppy Disk Controller Driver; C:\WINDOWS\system32\DRIVERS\fdc.sys [2007-02-17 24576]
R3 Flpydisk;Floppy Disk Driver; C:\WINDOWS\system32\DRIVERS\flpydisk.sys [2005-11-30 18432]
R3 Gpc;Generic Packet Classifier; C:\WINDOWS\system32\DRIVERS\msgpc.sys [2007-02-17 39424]
R3 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2007-02-17 36864]
R3 mssmbios;Microsoft System Management BIOS Driver; C:\WINDOWS\system32\DRIVERS\mssmbios.sys [2007-02-17 19968]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100810.002\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100810.002\NAVEX15.SYS []
R3 NdisTapi;Remote Access NDIS TAPI Driver; C:\WINDOWS\system32\DRIVERS\ndistapi.sys [2007-02-17 12288]
R3 Ndisuio;NDIS Usermode I/O Protocol; C:\WINDOWS\system32\DRIVERS\ndisuio.sys [2007-02-17 16384]
R3 NdisWan;Remote Access NDIS WAN Driver; C:\WINDOWS\system32\DRIVERS\ndiswan.sys [2007-02-17 89600]
R3 NDProxy;NDIS Proxy; C:\WINDOWS\system32\drivers\NDProxy.sys [2007-02-17 40960]
R3 Parport;Parallel port driver; C:\WINDOWS\system32\DRIVERS\parport.sys [2007-02-17 81408]
R3 PptpMiniport;WAN Miniport (PPTP); C:\WINDOWS\system32\DRIVERS\raspptp.sys [2007-02-17 59904]
R3 Ptilink;Direct Parallel Link Driver; C:\WINDOWS\system32\DRIVERS\ptilink.sys [2007-02-17 20480]
R3 Rasl2tp;WAN Miniport (L2TP); C:\WINDOWS\system32\DRIVERS\rasl2tp.sys [2007-02-17 65536]
R3 RasPppoe;Remote Access PPPOE Driver; C:\WINDOWS\system32\DRIVERS\raspppoe.sys [2007-02-17 40960]
R3 Raspti;Direct Parallel; C:\WINDOWS\system32\DRIVERS\raspti.sys [2007-02-17 19968]
R3 rdpdr;Terminal Server Device Redirector Driver; C:\WINDOWS\system32\DRIVERS\rdpdr.sys [2007-02-17 200192]
R3 RDPWD;RDPWD; C:\WINDOWS\system32\drivers\RDPWD.sys [2007-02-17 152200]
R3 serenum;Serenum Filter Driver; C:\WINDOWS\system32\DRIVERS\serenum.sys [2007-02-17 17920]
R3 Srv;Srv; C:\WINDOWS\system32\DRIVERS\srv.sys [2009-12-10 376832]
R3 swenum;Software Bus Driver; C:\WINDOWS\system32\DRIVERS\swenum.sys [2007-02-17 4736]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 TDTCP;TDTCP; C:\WINDOWS\system32\drivers\TDTCP.sys [2007-02-17 24200]
R3 Update;Microcode Update Driver; C:\WINDOWS\system32\DRIVERS\update.sys [2007-05-28 365056]
R3 VirtFile;VirtFile; C:\WINDOWS\system32\DRIVERS\VirtFile.sys [2009-11-24 67376]
R3 vmmouse;VMware Pointing Device; C:\WINDOWS\system32\DRIVERS\vmmouse.sys [2008-08-13 11696]
R3 vmx_svga;vmx_svga; C:\WINDOWS\system32\DRIVERS\vmx_svga.sys [2008-08-13 63024]
R3 vmxnet;VMware Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\vmxnet.sys [2008-08-13 36016]
R3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
R3 Wanarp;Remote Access IP ARP Driver; C:\WINDOWS\system32\DRIVERS\wanarp.sys [2007-02-17 36352]
R4 Cdfs;Cdfs; C:\WINDOWS\system32\drivers\Cdfs.sys [2007-02-17 65536]
R4 Fastfat;Fastfat; C:\WINDOWS\system32\drivers\Fastfat.sys [2007-02-17 151040]
R4 Ntfs;Ntfs; C:\WINDOWS\system32\drivers\Ntfs.sys [2007-02-17 589824]
S1 Changer;Changer; C:\WINDOWS\system32\drivers\Changer.sys []
S1 i2omgmt;i2omgmt; C:\WINDOWS\system32\drivers\i2omgmt.sys []
S1 imapi;CD-Burning Filter Driver; C:\WINDOWS\system32\DRIVERS\imapi.sys [2007-02-17 43520]
S1 Sfloppy;Sfloppy; C:\WINDOWS\system32\drivers\Sfloppy.sys [2005-11-30 12288]
S3 AsyncMac;RAS Asynchronous Media Driver; C:\WINDOWS\system32\DRIVERS\asyncmac.sys [2005-11-30 16384]
S3 Atmarpc;ATM ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\atmarpc.sys [2007-02-17 59392]
S3 HTTP;HTTP; C:\WINDOWS\System32\Drivers\HTTP.sys [2009-10-20 292864]
S3 Ip6Fw;IPv6 Windows Firewall Driver; C:\WINDOWS\system32\drivers\ip6fw.sys [2007-02-17 36352]
S3 IpFilterDriver;IP Traffic Filter Driver; C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys [2007-02-17 32768]
S3 IpInIp;IP in IP Tunnel Driver; C:\WINDOWS\system32\DRIVERS\ipinip.sys []
S3 IpNat;IP Network Address Translator; C:\WINDOWS\system32\DRIVERS\ipnat.sys [2007-02-17 119296]
S3 IRENUM;IR Enumerator Service; C:\WINDOWS\system32\DRIVERS\irenum.sys [2007-02-17 12800]
S3 Modem;Modem; C:\WINDOWS\system32\drivers\Modem.sys [2007-02-17 31232]
S3 MRxDAV;WebDav Client Redirector; C:\WINDOWS\system32\DRIVERS\mrxdav.sys [2007-12-17 188928]
S3 PCnet;AMD PCNET Compatable Adapter Driver; C:\WINDOWS\system32\DRIVERS\pcntpci5.sys [2003-03-24 35328]
S3 PDCOMP;PDCOMP; C:\WINDOWS\system32\drivers\PDCOMP.sys []
S3 PDFRAME;PDFRAME; C:\WINDOWS\system32\drivers\PDFRAME.sys []
S3 PDRELI;PDRELI; C:\WINDOWS\system32\drivers\PDRELI.sys []
S3 PDRFRAME;PDRFRAME; C:\WINDOWS\system32\drivers\PDRFRAME.sys []
S3 Secdrv;Secdrv; C:\WINDOWS\system32\DRIVERS\secdrv.sys [2007-11-13 20480]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2009-07-23 319920]
S3 TDPIPE;TDPIPE; C:\WINDOWS\system32\drivers\TDPIPE.sys [2007-02-17 12936]
S3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys [2007-02-17 24064]
S3 WDICA;WDICA; C:\WINDOWS\system32\drivers\WDICA.sys []
S3 WLBS;Network Load Balancing; C:\WINDOWS\system32\DRIVERS\wlbs.sys [2007-02-17 169984]
S4 Abiosdsk;Abiosdsk; C:\WINDOWS\system32\drivers\Abiosdsk.sys []
S4 ACPIEC;ACPIEC; C:\WINDOWS\system32\drivers\ACPIEC.sys [2005-11-30 12800]
S4 adpu160m;adpu160m; C:\WINDOWS\system32\drivers\adpu160m.sys []
S4 adpu320;adpu320; C:\WINDOWS\system32\drivers\adpu320.sys []
S4 afcnt;afcnt; C:\WINDOWS\system32\drivers\afcnt.sys []
S4 aic78u2;aic78u2; C:\WINDOWS\system32\drivers\aic78u2.sys []
S4 aic78xx;aic78xx; C:\WINDOWS\system32\drivers\aic78xx.sys []
S4 AliIde;AliIde; C:\WINDOWS\system32\drivers\AliIde.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\system32\drivers\AmdIde.sys [2007-02-17 7680]
S4 arc;arc; C:\WINDOWS\system32\drivers\arc.sys [2007-02-17 43520]
S4 Atdisk;Atdisk; C:\WINDOWS\system32\drivers\Atdisk.sys []
S4 cbidf2k;cbidf2k; C:\WINDOWS\system32\drivers\cbidf2k.sys [2005-11-30 15360]
S4 cd20xrnt;cd20xrnt; C:\WINDOWS\system32\drivers\cd20xrnt.sys []
S4 ClusDisk;Cluster Disk Driver; C:\WINDOWS\system32\DRIVERS\ClusDisk.sys [2007-02-17 69120]
S4 CmdIde;CmdIde; C:\WINDOWS\system32\drivers\CmdIde.sys []
S4 Cpqarray;Cpqarray; C:\WINDOWS\system32\drivers\Cpqarray.sys []
S4 cpqarry2;cpqarry2; C:\WINDOWS\system32\drivers\cpqarry2.sys []
S4 cpqcissm;cpqcissm; C:\WINDOWS\system32\drivers\cpqcissm.sys []
S4 cpqfcalm;cpqfcalm; C:\WINDOWS\system32\drivers\cpqfcalm.sys []
S4 dac2w2k;dac2w2k; C:\WINDOWS\system32\drivers\dac2w2k.sys []
S4 dac960nt;dac960nt; C:\WINDOWS\system32\drivers\dac960nt.sys []
S4 dellcerc;dellcerc; C:\WINDOWS\system32\drivers\dellcerc.sys []
S4 dmboot;dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [2007-02-17 268288]
S4 dpti2o;dpti2o; C:\WINDOWS\system32\drivers\dpti2o.sys []
S4 elxstor;elxstor; C:\WINDOWS\system32\drivers\elxstor.sys []
S4 hpcisss;hpcisss; C:\WINDOWS\system32\drivers\hpcisss.sys [2007-02-17 23552]
S4 hpn;hpn; C:\WINDOWS\system32\drivers\hpn.sys []
S4 hpt3xx;hpt3xx; C:\WINDOWS\system32\drivers\hpt3xx.sys []
S4 i2omp;i2omp; C:\WINDOWS\system32\drivers\i2omp.sys []
S4 iirsp;iirsp; C:\WINDOWS\system32\drivers\iirsp.sys []
S4 ipsraidn;ipsraidn; C:\WINDOWS\system32\drivers\ipsraidn.sys []
S4 lp6nds35;lp6nds35; C:\WINDOWS\system32\drivers\lp6nds35.sys []
S4 mraid35x;mraid35x; C:\WINDOWS\system32\drivers\mraid35x.sys []
S4 nfrd960;nfrd960; C:\WINDOWS\system32\drivers\nfrd960.sys []
S4 PCIIde;PCIIde; C:\WINDOWS\system32\drivers\PCIIde.sys []
S4 Pcmcia;Pcmcia; C:\WINDOWS\system32\drivers\Pcmcia.sys [2007-02-17 121856]
S4 PDVFSNP;PDVFSNetworkProvider; C:\WINDOWS\system32\drivers\PDVFSNP.sys []
S4 perc2;perc2; C:\WINDOWS\system32\drivers\perc2.sys []
S4 perc2hib;perc2hib; C:\WINDOWS\system32\drivers\perc2hib.sys []
S4 ql1080;ql1080; C:\WINDOWS\system32\drivers\ql1080.sys []
S4 Ql10wnt;Ql10wnt; C:\WINDOWS\system32\drivers\Ql10wnt.sys []
S4 ql12160;ql12160; C:\WINDOWS\system32\drivers\ql12160.sys []
S4 ql1240;ql1240; C:\WINDOWS\system32\drivers\ql1240.sys []
S4 ql1280;ql1280; C:\WINDOWS\system32\drivers\ql1280.sys []
S4 ql2100;ql2100; C:\WINDOWS\system32\drivers\ql2100.sys []
S4 ql2200;ql2200; C:\WINDOWS\system32\drivers\ql2200.sys []
S4 ql2300;ql2300; C:\WINDOWS\system32\drivers\ql2300.sys []
S4 Simbad;Simbad; C:\WINDOWS\system32\drivers\Simbad.sys []
S4 sym_hi;sym_hi; C:\WINDOWS\system32\drivers\sym_hi.sys []
S4 sym_u3;sym_u3; C:\WINDOWS\system32\drivers\sym_u3.sys []
S4 symc810;symc810; C:\WINDOWS\system32\drivers\symc810.sys []
S4 symc8xx;symc8xx; C:\WINDOWS\system32\drivers\symc8xx.sys []
S4 TosIde;TosIde; C:\WINDOWS\system32\drivers\TosIde.sys []
S4 Udfs;Udfs; C:\WINDOWS\system32\drivers\Udfs.sys [2007-02-17 67584]
S4 ultra;ultra; C:\WINDOWS\system32\drivers\ultra.sys []
S4 ViaIde;ViaIde; C:\WINDOWS\system32\drivers\ViaIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;Application Experience Lookup Service; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 Alerter;Alerter; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 AudioSrv;Windows Audio; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 BackupExecAgentAccelerator;Backup Exec Remote Agent for Windows Systems; C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\beremote.exe [2009-12-03 1213256]
R2 bedbg;Backup Exec Error Recording Service; C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\bedbg.exe [2009-11-25 201032]
R2 Browser;Computer Browser; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-07-23 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-07-23 108392]
R2 CryptSvc;Cryptographic Services; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 DcomLaunch;DCOM Server Process Launcher; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 Dhcp;DHCP Client; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 dmserver;Logical Disk Manager; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Dnscache;DNS Client; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 ERSvc;Error Reporting Service; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Eventlog;Event Log; C:\WINDOWS\system32\services.exe [2009-02-03 113152]
R2 EventSystem;COM+ Event System; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 helpsvc;Help and Support; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 lanmanserver;Server; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 lanmanworkstation;Workstation; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 LmHosts;TCP/IP NetBIOS Helper; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 MSDTC;Distributed Transaction Coordinator; C:\WINDOWS\system32\msdtc.exe [2008-07-23 6144]
R2 MSSQL$PMP;SQL Server (PMP); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-09-06 29180768]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Netlogon;Net Logon; C:\WINDOWS\system32\lsass.exe [2005-11-30 13312]
R2 PlugPlay;Plug and Play; C:\WINDOWS\system32\services.exe [2009-02-03 113152]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 PolicyAgent;IPSEC Services; C:\WINDOWS\system32\lsass.exe [2005-11-30 13312]
R2 ProtectedStorage;Protected Storage; C:\WINDOWS\system32\lsass.exe [2005-11-30 13312]
R2 RemoteRegistry;Remote Registry; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 RpcSs;Remote Procedure Call (RPC); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 SamSs;Security Accounts Manager; C:\WINDOWS\system32\lsass.exe [2005-11-30 13312]
R2 seclogon;Secondary Logon; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 SENS;System Event Notification; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 ShellHWDetection;Shell Hardware Detection; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 Schedule;Task Scheduler; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R2 SmcService;Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2009-07-23 1803592]
R2 Spooler;Print Spooler; C:\WINDOWS\system32\spoolsv.exe [2007-02-17 57856]
R2 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 Symantec AntiVirus;Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-07-23 2440632]
R2 TeamViewer5;TeamViewer 5; C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R2 TrkWks;Distributed Link Tracking Client; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 VMTools;VMware Tools Service; C:\Program Files\VMware\VMware Tools\VMwareService.exe [2008-08-13 264752]
R2 VMware Physical Disk Helper Service;VMware Physical Disk Helper Service; C:\Program Files\VMware\VMware Tools\vmacthlp.exe [2008-08-13 178736]
R2 W32Time;Windows Time; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 winmgmt;Windows Management Instrumentation; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 winvnc;VNC Server; C:\Program Files\UltraVNC\WinVNC.exe [2006-06-18 712704]
R2 wuauserv;Automatic Updates; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R2 WZCSVC;Wireless Configuration; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 Netman;Network Connections; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 Nla;Network Location Awareness (NLA); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R3 RasMan;Remote Access Connection Manager; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
R3 TapiSrv;Telephony; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
R3 TermService;Terminal Services; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S2 SysmonLog;Performance Logs and Alerts; C:\WINDOWS\system32\smlogsvc.exe [2007-02-17 96256]
S3 ALG;Application Layer Gateway Service; C:\WINDOWS\System32\alg.exe [2007-02-17 45056]
S3 AppMgmt;Application Management; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 BackupExecVSSProvider;Backup Exec VSS Provider; C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\VSS Provider\bevssprovider.exe [2009-12-01 113992]
S3 BITS;Background Intelligent Transfer Service; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 COMSysApp;COM+ System Application; C:\WINDOWS\system32\dllhost.exe [2007-02-17 5632]
S3 Dfs;Distributed File System; C:\WINDOWS\system32\Dfssvc.exe [2007-02-17 164864]
S3 dmadmin;Logical Disk Manager Administrative Service; C:\WINDOWS\System32\dmadmin.exe [2007-02-17 234496]
S3 HTTPFilter;HTTP SSL; C:\WINDOWS\System32\lsass.exe [2005-11-30 13312]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2009-03-20 3093880]
S3 MSIServer;Windows Installer; C:\WINDOWS\system32\msiexec.exe [2007-02-17 78848]
S3 NtFrs;File Replication; C:\WINDOWS\system32\ntfrs.exe [2007-02-17 792064]
S3 NtLmSsp;NT LM Security Support Provider; C:\WINDOWS\system32\lsass.exe [2005-11-30 13312]
S3 NtmsSvc;Removable Storage; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 PDVFSService;Backup Exec PureDisk Filesystem Service; C:\Program Files\SYMANTEC\BACKUP EXEC\RAWS\PDVFSService.exe [2009-12-02 185688]
S3 RasAuto;Remote Access Auto Connection Manager; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 RDSessMgr;Remote Desktop Help Session Manager; C:\WINDOWS\system32\sessmgr.exe [2007-02-17 124928]
S3 RpcLocator;Remote Procedure Call (RPC) Locator; C:\WINDOWS\system32\locator.exe [2005-11-30 71680]
S3 RSoPProv;Resultant Set of Policy Provider; C:\WINDOWS\system32\RSoPProv.exe [2007-02-17 67072]
S3 sacsvr;Special Administration Console Helper; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 SCardSvr;Smart Card; C:\WINDOWS\System32\SCardSvr.exe [2007-02-17 90112]
S3 SNAC;Symantec Network Access Control; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2009-07-23 320840]
S3 swprv;Microsoft Software Shadow Copy Provider; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2007-02-17 39424]
S3 UPS;Uninterruptible Power Supply; C:\WINDOWS\System32\ups.exe [2005-11-30 16896]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe [2007-02-17 352768]
S3 VSS;Volume Shadow Copy; C:\WINDOWS\System32\vssvc.exe [2007-02-17 836096]
S3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S3 WmdmPmSN;Portable Media Serial Number Service; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 Wmi;Windows Management Instrumentation Driver Extensions; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S3 WmiApSrv;WMI Performance Adapter; C:\WINDOWS\system32\wbem\wmiapsrv.exe [2007-02-17 127488]
S3 xmlprov;Network Provisioning Service; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 CiSvc;Indexing Service; C:\WINDOWS\system32\cisvc.exe [2007-02-17 6656]
S4 ClipSrv;ClipBook; C:\WINDOWS\system32\clipsrv.exe [2005-11-30 32256]
S4 HidServ;Human Interface Device Access; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 ImapiService;IMAPI CD-Burning COM Service; C:\WINDOWS\system32\imapi.exe [2007-02-17 157184]
S4 IsmServ;Intersite Messaging; C:\WINDOWS\System32\ismserv.exe [2007-02-17 40448]
S4 kdc;Kerberos Key Distribution Center; C:\WINDOWS\System32\lsass.exe [2005-11-30 13312]
S4 LicenseService;License Logging; C:\WINDOWS\System32\llssrv.exe [2007-02-17 94720]
S4 Messenger;Messenger; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 mnmsrvc;NetMeeting Remote Desktop Sharing; C:\WINDOWS\system32\mnmsrvc.exe [2007-02-17 32768]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetDDE;Network DDE; C:\WINDOWS\system32\netdde.exe [2007-02-17 110080]
S4 NetDDEdsdm;Network DDE DSDM; C:\WINDOWS\system32\netdde.exe [2007-02-17 110080]
S4 RemoteAccess;Routing and Remote Access; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 SharedAccess;Windows Firewall/Internet Connection Sharing (ICS); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 stisvc;Windows Image Acquisition (WIA); C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 Themes;Themes; C:\WINDOWS\System32\svchost.exe [2007-02-17 14848]
S4 TlntSvr;Telnet; C:\WINDOWS\system32\tlntsvr.exe [2007-02-17 75776]
S4 TrkSvr;Distributed Link Tracking Server; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]
S4 Tssdis;Terminal Services Session Directory; C:\WINDOWS\System32\tssdis.exe [2007-02-17 71168]
S4 WebClient;WebClient; C:\WINDOWS\system32\svchost.exe [2007-02-17 14848]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Jak odstranit : Bloodhound.Exploit.343

#5 Příspěvek od vyosek »

Odpovim Vam citaci nasi site adminky
iwigirl píše:Dobrý den,
naše fórum funguje na bázi dobrovolnosti, rádci zde radí zadarmo a ve svém volném čase.
Z kapacitních a ani etických důvodů nesuplujeme práci bezpečnostních techniků ani lidí, kteří za tuto činnost jsou placeni.
S pozdravem

iwigirl
site admin
Takze doporucuji se obratit na Vaseho IT technika, pripadne ze jste jim Vy sam, tak najmout nejakeho externiho a poplatek za nej, dat do nakladu :)
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
overcloker.cz
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 10 srp 2010 20:25

Re: Jak odstranit : Bloodhound.Exploit.343

#6 Příspěvek od overcloker.cz »

Jsem IT technikem a doufal jsem, že mi na tomto fóru pomůžete. Osobně nevidím rozdíl mezi odvirováním domácího PC a jednim serverem. Myslel jsem si, že se zde vyskytuje komunita lidí, která radí lidem, kteří se dostali do virové situace, kterou nevědí jak řešit. Tím že radí jsem myslel nezjištně. Kdybych v této firmě nebyl zaměstnán a nestrávil jsem včera celý den tím, že jsem se snažil tento virus zničit, ale dělal bych externistu, který by se zde na něco zeptal na základě toho problém odstranil a pak si "svůj" zásah vyfakturoval, tak bych postoj místních adminů i chápal, ale v tomoto případě ne. Jsem stejně zoufalý, jako každý jiný člověk zde. Opravdu se zde nenajde nikdo kdo by mi zkusil s problémem poradit?
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15665
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Jak odstranit : Bloodhound.Exploit.343

#7 Příspěvek od JaRon »

skus podla http://www.tongjimba.com/antivirus/howt ... _3487.html
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Jak odstranit : Bloodhound.Exploit.343

#8 Příspěvek od vyosek »

Ja tam prave rozdil vidim v tom,ze jste zamestnan a placen prave za ono odvirovavani a prenesl jste svuj problem na nas...

Bohuzel cim dal vice ajtaku nam sem posila firemni PC :( Omlouvam se za mou ostrou reakci, ale uz je to tu opravdu cim dal castejsi...

Zkuste postup dle kolegy, pripadne na to zkusime tedy mrknout...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15665
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Jak odstranit : Bloodhound.Exploit.343

#9 Příspěvek od JaRon »

vyosek píše: Bohuzel cim dal vice ajtaku nam sem posila firemni PC ...
veru tak, a je to dost problem suplovat nieciu pracu - aj ked pomahame radi :wink:
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
overcloker.cz
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 10 srp 2010 20:25

Re: Jak odstranit : Bloodhound.Exploit.343

#10 Příspěvek od overcloker.cz »

Chápu Váš postoj, ale vy se snažte pochopit můj. Máte pravdu v tom, že jsem placen za zo že síť bude bez virů, ale ve chvíli, když nevím a jsem doopravdy zouufalý, tak na koho se mám obrátit. Jak jsem již psal, pochopil jsem funkci tohoto fora, tak že pomáháte lidem v nouzi a v nouzi doopravdy jsem. Postup co psal JaRon bohužel nepomohl. Máte někdo prosím nějaký další nápad?
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15665
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Jak odstranit : Bloodhound.Exploit.343

#11 Příspěvek od JaRon »

predpokladam, ze toto si uz pozeral http://www.symantec.com/business/securi ... 99&tabid=3
dalej prenechavam kolegovi vyosek-ovi :wink:
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
overcloker.cz
Návštěvník
Návštěvník
Příspěvky: 6
Registrován: 10 srp 2010 20:25

Re: Jak odstranit : Bloodhound.Exploit.343

#12 Příspěvek od overcloker.cz »

Ano, to jsem již také četl. Bohužel nezabralo.
Nahoru
Uživatelský avatar
JaRon
Moderátor
Moderátor
Příspěvky: 15665
Registrován: 29 bře 2005 13:39
Bydliště: BB-SK

Re: Jak odstranit : Bloodhound.Exploit.343

#13 Příspěvek od JaRon »

otestuj jeden taky zavireny subor na www.virustotal.com a vysledky vloz sem
FRST |ADWCleaner |MBAM |CCleaner |AVPTool

V prípade spokojnosti je možné podporiť fórum https://platba.viry.cz/payment/
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“