VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

kontrola log..díky

https://forum.viry.cz:443/viewtopic.php?t=103590

Stránka 1 z 1

kontrola log..díky

Napsal: 11 srp 2010 16:29
od MikeD79
zdravím,
prosím zkušené o kontrolu logu z Gmer.
Děkuji.
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-11 17:26:07
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Mira\AppData\Local\Temp\kxldypow.sys


---- System - GMER 1.0.15 ----

SSDT 86640940 ZwAlertResumeThread
SSDT 86640C98 ZwAlertThread
SSDT 86715D20 ZwAllocateVirtualMemory
SSDT 85ED71E0 ZwAlpcConnectPort
SSDT 864E4870 ZwAssignProcessToJobObject
SSDT 866405D0 ZwCreateMutant
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x898D9CDC]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x898D9ECE]
SSDT 86640440 ZwCreateSymbolicLinkObject
SSDT 86626510 ZwCreateThread
SSDT 864E4080 ZwCreateThreadEx
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x898DA0D6]
SSDT 86640E18 ZwDebugActiveProcess
SSDT 86715EF0 ZwDuplicateObject
SSDT 86715B40 ZwFreeVirtualMemory
SSDT 866406C0 ZwImpersonateAnonymousToken
SSDT 866407A0 ZwImpersonateThread
SSDT 85E5F540 ZwLoadDriver
SSDT 86715A40 ZwMapViewOfSection
SSDT 863FA508 ZwOpenEvent
SSDT 866263B8 ZwOpenProcess
SSDT 86715E10 ZwOpenProcessToken
SSDT 85DDFE80 ZwOpenSection
SSDT 86715FC0 ZwOpenThread
SSDT 864E4188 ZwProtectVirtualMemory
SSDT 86640D78 ZwResumeThread
SSDT 86715790 ZwSetContextThread
SSDT 86715870 ZwSetInformationProcess
SSDT 86715510 ZwSetSystemInformation
SSDT 8662C698 ZwSuspendProcess
SSDT 867153A8 ZwSuspendThread
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x898D9982]
SSDT 867155F0 ZwTerminateThread
SSDT 86715960 ZwUnmapViewOfSection
SSDT 86715C30 ZwWriteVirtualMemory

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C283F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C10FB4
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C281DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C286F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C28F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C291A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C7A8E9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C9A3D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 139B 82CA1668 8 Bytes [40, 09, 64, 86, 98, 0C, 64, ...]
.text ntoskrnl.exe!KeRemoveQueueEx + 13B3 82CA1680 4 Bytes [20, 5D, 71, 86]
.text ntoskrnl.exe!KeRemoveQueueEx + 13BF 82CA168C 4 Bytes [E0, 71, ED, 85]
.text ntoskrnl.exe!KeRemoveQueueEx + 1413 82CA16E0 4 Bytes [70, 48, 4E, 86]
.text ntoskrnl.exe!KeRemoveQueueEx + 148F 82CA175C 1 Byte [D0]
.text ...
.text peauth.sys A14F3C9D 28 Bytes [C4, AA, 95, 23, 4D, 98, 95, ...]
.text peauth.sys A14F3CC1 28 Bytes [C4, AA, 95, 23, 4D, 98, 95, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[4528] ntdll.dll!LdrLoadDll 7726F625 5 Bytes JMP 0066003A
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[4540] USER32.dll!TrackPopupMenu 76F94B3B 5 Bytes JMP 64FA721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Winamp\winamp.exe[5876] USER32.dll!SetScrollRange 76F6AE3C 5 Bytes JMP 0341C759 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[5876] USER32.dll!GetScrollInfo 76F75151 7 Bytes JMP 0341C68B C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[5876] USER32.dll!SetScrollInfo 76F76632 7 Bytes JMP 0341C703 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[5876] USER32.dll!GetScrollRange 76F91B6C 5 Bytes JMP 0341C6D8 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[5876] USER32.dll!SetScrollPos 76F91BD0 5 Bytes JMP 0341C72E C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[5876] USER32.dll!GetScrollPos 76F9252B 5 Bytes JMP 0341C6B3 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[5876] USER32.dll!EnableScrollBar 76F9386D 7 Bytes JMP 0341C663 C:\Program Files\Winamp\Plugins\gen_jumpex.dll
.text C:\Program Files\Winamp\winamp.exe[5876] USER32.dll!ShowScrollBar 76F95785 5 Bytes JMP 0341C787 C:\Program Files\Winamp\Plugins\gen_jumpex.dll

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\a-squared Free\a2service.exe[1588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [00454D58] C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
IAT C:\Program Files\a-squared Free\a2service.exe[1588] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [00454F5C] C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
IAT C:\Program Files\a-squared Free\a2service.exe[1588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00454D58] C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
IAT C:\Program Files\a-squared Free\a2service.exe[1588] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [00454F5C] C:\Program Files\a-squared Free\a2service.exe (a-squared Service/Emsi Software GmbH)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1684] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1684] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1684] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1684] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[1684] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75285E25] C:\Windows\system32\apphelp.dll (Application Compatibility client library/Microsoft Corporation)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[1956] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [0044BB58] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[1956] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BD5C] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[1956] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0044BB58] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsSvc.exe[1956] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BD5C] C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [0044B82C] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2084] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BA30] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0044B82C] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
IAT C:\Program Files\Spyware Doctor\pctsTray.exe[2084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BA30] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 VMkbd.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 VMkbd.sys

Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys
Device \Driver\usbehci \Device\USBPDO-4 hcmon.sys

AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbhub \Device\USBPDO-6 hcmon.sys

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbhub \Device\USBPDO-7 hcmon.sys

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbhub \Device\00000075 hcmon.sys

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbhub \Device\00000076 hcmon.sys
Device \Driver\usbhub \Device\00000077 hcmon.sys
Device \Driver\usbhub \Device\00000078 hcmon.sys
Device \Driver\usbhub \Device\00000079 hcmon.sys

AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\ACPI_HAL \Device\0000005e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys
Device \Driver\usbehci \Device\USBFDO-4 hcmon.sys

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111@00233988bd3d 0x51 0xA2 0x0F 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111@00233988bd3d 0x51 0xA2 0x0F 0x0C ...

---- EOF - GMER 1.0.15 ----

Re: kontrola log..díky

Napsal: 11 srp 2010 18:07
od Rudy
Nic nebezpečného nevidím.

Re: kontrola log..díky

Napsal: 11 srp 2010 20:28
od MikeD79
ještě posílám log z RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by Mira at 2010-08-11 21:19:40
Microsoft Windows 7 Ultimate
System drive C: has 2 GB (9%) free of 25 GB
Total RAM: 2047 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:19:55, on 11.8.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
D:\Downloads\RSIT.exe
C:\Program Files\trend micro\Mira.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 cmicnfg3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [vmware-tray] "D:\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: d:\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: d:\vmware\vmware workstation\vsocklib.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - D:\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 11020 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-10-08 395216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
Symantec NCO BHO - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll [2010-05-13 394608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\IPSBHO.DLL [2010-05-14 79224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-06-19 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-06-19 349640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2010-06-19 349640]
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - Norton Toolbar - C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\coIEPlg.dll [2010-05-13 394608]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-10-08 395216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"=RunDll32 cmicnfg3.cpl,CMICtrlWnd []
"MSSE"=C:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2010-06-19 640440]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"vmware-tray"=D:\VMware\VMware Workstation\vmware-tray.exe [2009-10-22 129584]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-18 421888]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-09-22 1243088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"RocketDock"=C:\Program Files\RocketDock\RocketDock.exe [2007-09-02 495616]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"CursorFX"=C:\Program Files\Stardock\CursorFX\CursorFX.exe [2008-07-07 416768]

C:\Users\Mira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files\Stardock\Object Desktop\IconPackager\iprepair.dll [2009-11-18 70960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-11 17:33:12 ----D---- C:\Program Files\trend micro
2010-08-11 17:33:01 ----D---- C:\rsit
2010-08-11 16:23:59 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-08-11 16:23:54 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-08-03 12:06:27 ----A---- C:\Windows\system32\shell32.dll
2010-08-02 12:37:47 ----A---- C:\Windows\system32\javaws.exe
2010-08-02 12:37:47 ----A---- C:\Windows\system32\javaw.exe
2010-08-02 12:37:47 ----A---- C:\Windows\system32\java.exe
2010-08-01 12:36:27 ----A---- C:\Windows\system32\imageres.dll
2010-08-01 12:35:41 ----HDC---- C:\ProgramData\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}
2010-08-01 12:14:52 ----HDC---- C:\ProgramData\{7D93B3B9-36B7-4383-9666-CFAD7F2AC87E}
2010-08-01 12:14:40 ----D---- C:\Program Files\Stardock
2010-07-30 09:52:44 ----D---- C:\Program Files\Image-Line
2010-07-29 20:52:07 ----D---- C:\Users\Mira\AppData\Roaming\Ace
2010-07-28 11:05:59 ----A---- C:\Windows\BDTSupport.dll
2010-07-28 11:05:58 ----A---- C:\Windows\SGDetectionTool.dll
2010-07-28 11:05:56 ----A---- C:\Windows\PCTBDRes.dll
2010-07-28 11:05:56 ----A---- C:\Windows\PCTBDCore.dll
2010-07-28 11:04:03 ----A---- C:\Windows\system32\drivers\pctwfpfilter.sys
2010-07-28 11:04:03 ----A---- C:\Windows\system32\drivers\pctgntdi.sys
2010-07-28 11:03:50 ----A---- C:\Windows\system32\drivers\PCTCore.sys
2010-07-28 11:03:50 ----A---- C:\Windows\system32\drivers\PCTAppEvent.sys
2010-07-28 10:57:30 ----A---- C:\Windows\system32\drivers\pctplsg.sys
2010-07-28 10:56:46 ----D---- C:\Program Files\Spyware Doctor
2010-07-28 10:56:46 ----D---- C:\Program Files\Common Files\PC Tools
2010-07-26 15:17:16 ----D---- C:\Users\Mira\AppData\Roaming\Real
2010-07-16 20:52:53 ----ASH---- C:\pagefile.sys
2010-07-16 20:44:51 ----A---- C:\Windows\system32\drivers\hotcore3.sys
2010-07-16 20:37:30 ----D---- C:\Program Files\Paragon Software
2010-07-16 19:57:55 ----D---- C:\Program Files\Common Files\InstallShield
2010-07-13 09:57:33 ----A---- C:\Windows\system32\kernel32.dll
2010-07-13 09:57:33 ----A---- C:\Windows\system32\apphelp.dll
2010-07-12 11:18:47 ----RA---- C:\Windows\system32\AdobePDFUI.dll

======List of files/folders modified in the last 1 months======

2010-08-12 06:40:39 ----D---- C:\Windows\System32
2010-08-11 21:19:50 ----D---- C:\Windows\Temp
2010-08-11 21:19:05 ----AD---- C:\ProgramData\TEMP
2010-08-11 21:10:32 ----D---- C:\ProgramData\VMware
2010-08-11 21:10:15 ----D---- C:\Windows\Minidump
2010-08-11 21:10:15 ----D---- C:\Windows
2010-08-11 20:05:59 ----SHD---- C:\System Volume Information
2010-08-11 17:33:12 ----RD---- C:\Program Files
2010-08-11 16:24:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-08-11 16:23:59 ----D---- C:\Windows\system32\drivers
2010-08-11 16:14:44 ----D---- C:\Program Files\a-squared Free
2010-08-11 13:22:54 ----D---- C:\Windows\system32\config
2010-08-11 11:49:12 ----D---- C:\Windows\system32\catroot
2010-08-11 11:49:10 ----D---- C:\Windows\winsxs
2010-08-11 11:48:59 ----D---- C:\Windows\system32\catroot2
2010-08-10 17:17:51 ----D---- C:\Windows\Prefetch
2010-08-09 12:16:16 ----D---- C:\Users\Mira\AppData\Roaming\Media Player Classic
2010-08-09 12:14:33 ----D---- C:\Program Files\CCleaner
2010-08-07 22:32:50 ----D---- C:\Windows\inf
2010-08-07 22:32:50 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-08-06 21:10:49 ----D---- C:\Users\Mira\AppData\Roaming\ICQ
2010-08-05 13:49:38 ----SD---- C:\Users\Mira\AppData\Roaming\Microsoft
2010-08-04 21:06:13 ----D---- C:\Users\Mira\AppData\Roaming\VMware
2010-08-04 12:35:38 ----D---- C:\Program Files\JDownloader
2010-08-03 15:18:39 ----D---- C:\Users\Mira\AppData\Roaming\Vso
2010-08-02 12:38:12 ----SHD---- C:\Windows\Installer
2010-08-02 12:38:12 ----SHD---- C:\Config.Msi
2010-08-02 12:37:36 ----D---- C:\Program Files\Java
2010-08-01 22:24:08 ----D---- C:\Users\Mira\AppData\Roaming\BitTorrent
2010-08-01 12:35:41 ----HD---- C:\ProgramData
2010-07-30 09:52:53 ----D---- C:\Program Files\VST
2010-07-28 10:56:57 ----D---- C:\Program Files\Common Files\microsoft shared
2010-07-28 10:56:46 ----D---- C:\Program Files\Common Files
2010-07-26 10:47:18 ----D---- C:\Program Files\Mozilla Firefox
2010-07-17 05:00:04 ----A---- C:\Windows\system32\deployJava1.dll
2010-07-16 22:02:55 ----D---- C:\Windows\debug
2010-07-16 22:00:24 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-16 21:52:05 ----DC---- C:\Windows\system32\DRVSTORE
2010-07-16 20:44:15 ----D---- C:\Windows\system32\DriverStore
2010-07-15 16:24:53 ----D---- C:\ProgramData\Microsoft Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore.sys [2009-09-23 207280]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 SymDS;Symantec Data Store; C:\Windows\system32\drivers\NIS\1107000.00C\SYMDS.SYS [2010-02-04 328752]
R0 SymEFA;Symantec Extended File Attributes; C:\Windows\system32\drivers\NIS\1107000.00C\SYMEFA.SYS [2010-04-22 173104]
R1 BHDrvx86;BHDrvx86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\BASHDefs\20100719.001\BHDrvx86.sys [2010-07-20 692272]
R1 ccHP;Symantec Hash Provider; C:\Windows\system32\drivers\NIS\1107000.00C\ccHPx86.sys [2010-02-26 501888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [2010-06-29 371248]
R1 IDSVix86;IDSVix86; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\IPSDefs\20100805.004\IDSvix86.sys [2010-05-28 344112]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R1 SRTSP;Symantec Real Time Storage Protection; C:\Windows\System32\Drivers\NIS\1107000.00C\SRTSP.SYS [2010-04-22 325680]
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); C:\Windows\system32\drivers\NIS\1107000.00C\SRTSPX.SYS [2010-04-22 43696]
R1 SymIRON;Symantec Iron Driver; C:\Windows\system32\drivers\NIS\1107000.00C\Ironx86.SYS [2010-04-29 116784]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver; C:\Windows\System32\Drivers\NIS\1107000.00C\SYMTDIV.SYS [2010-05-06 339504]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\Windows\System32\Drivers\Uim_IM.sys [2008-09-26 129824]
R1 UimBus;Universal Image Mounter Controller; C:\Windows\system32\DRIVERS\UimBus.sys [2008-09-26 32048]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2009-10-22 32304]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 vmci;VMware vmci; \??\C:\Windows\system32\Drivers\vmci.sys [2009-10-22 70704]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2009-10-22 26288]
R2 VMparport;VMware VMparport; \??\C:\Windows\system32\Drivers\VMparport.sys [2009-10-22 14896]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2009-10-22 853936]
R2 vstor2-ws60;Vstor2 WS60 Virtual Storage Driver; \??\D:\VMware\VMware Workstation\vstor2-ws60.sys [2009-10-12 22448]
R3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmudax3.sys [2008-10-08 1879168]
R3 FETNDIS;VIA Rhine-Family Fast Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\fetnd6.sys [2009-07-14 44032]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 NAVENG;NAVENG; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100810.049\NAVENG.SYS [2010-07-14 85424]
R3 NAVEX15;NAVEX15; \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.6.0.32\Definitions\VirusDefs\20100810.049\NAVEX15.SYS [2010-07-14 1362608]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2010-04-18 47360]
R3 SymEvent;SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [2010-06-29 124976]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2009-10-22 23216]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2009-10-22 16560]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2009-10-22 31280]
S3 WINUSB;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUSB.SYS [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2010-05-24 1872320]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NIS;Norton Internet Security; C:\Program Files\Norton Internet Security\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe [2010-02-26 126392]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-09-23 1141200]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 VMAuthdService;VMware Authorization Service; D:\VMware\VMware Workstation\vmware-authd.exe [2009-10-22 113200]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2009-10-22 334384]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2009-10-22 563760]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2009-10-22 395824]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-04-17 651720]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TuneUp.Defrag;@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-04-21 435016]
S3 ufad-ws60;VMware Agent Service; D:\VMware\VMware Workstation\vmware-ufad.exe [2009-10-12 191024]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-02 1343400]

-----------------EOF-----------------

Re: kontrola log..díky

Napsal: 11 srp 2010 20:58
od Rudy
V PC vidím nějaké zbytky po NIS. Odinstalujte je pomocí Symnrt: http://www.symantec.com/norton/support/ ... N&ln=en_US . Jinak čisto.

Re: kontrola log..díky

Napsal: 11 srp 2010 21:19
od MikeD79
ok,díky... :D

Re: kontrola log..díky

Napsal: 11 srp 2010 21:20
od Rudy
Nemáte zač!
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz