Prosím o pomoc - DNS (?) Virus?
Napsal: 21 srp 2014 19:45
Zdravím.
byl jsem u kamaráda s NTB, že mu nešli otevřít nějaké stránky - pomohlo restartovat router. Ovšem když jsem se vrátil domů, volal mi, že to opět nejde... Po zapnutí mého NTB doma jsem zjistil, že jsem pravděpodobně tento virus chytl také. Projevuje se tak, že mi v IE nejdou otevřít některé stránky (vypíše chybovou hlášku, nepamatuji si přesné znění, nechci akci opakovat, neboť se bojím nakažení vlastní domácí sítě) a pokud se nějaká stránka otevře, po ukončení IE se znovu a znovu IE spouští s poslední otevřenou stránkou...
Posílám Vám proto RSIT log a zároveň prosím o pomoc s tímto problémem.
Děkuji moc za Váš čas.
Hezký den.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Miloš Zákravský at 2014-08-21 20:38:36
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (46%) free of 70 GB
Total RAM: 2038 MB (75% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1292428093-839522115-1003Core.job - C:\Documents and Settings\Miloš Zákravský\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1292428093-839522115-1003UA.job - C:\Documents and Settings\Miloš Zákravský\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Miloš Zákravský\Data aplikací\Mozilla\Firefox\Profiles\s9xtns0r.default
prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT24810 ... hSource=13"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\WinLessPlugin]
"Description"=Camera Stream Controller
"Path"=C:\Program Files\Camera Stream Controller\npWinLessRtspCtrl.dll
C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml
C:\Documents and Settings\Miloš Zákravský\Data aplikací\Mozilla\Firefox\Profiles\s9xtns0r.default\extensions\
{124d001a-bdcb-472f-aa59-bbe7e4bc3204}
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
C:\Documents and Settings\Miloš Zákravský\Data aplikací\Mozilla\Firefox\Profiles\s9xtns0r.default\searchplugins\
conduit.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
Panda Security Toolbar - C:\Program Files\pandasecuritytb\pandasecurityDx.dll [2013-10-01 91712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-10 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - Panda Security Toolbar - C:\Program Files\pandasecuritytb\pandasecurityDx.dll [2013-10-01 91712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-02-26 155648]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-02-26 131072]
"LoadFUJ02E3"=C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2009-06-16 36712]
"TRUUpdater"=C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [2009-06-26 558360]
"WatcherHelper"=C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe [2009-04-07 62744]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-09 794713]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2008-12-19 83336]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-07-02 16377344]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2011-07-02 69632]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-06-29 89541]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2005-05-18 188416]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"Panda Security URL Filtering"=C:\Documents and Settings\All Users\Data aplikací\Panda Security URL Filtering\Panda_URL_Filtering.exe [2013-09-26 235072]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Miloš Zákravský\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-07-02 136176]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
C:\Documents and Settings\Miloš Zákravský\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-02-26 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"MaxGPOScriptWait"=600
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe"="C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux"
"C:\Program Files\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe"="C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater"
"C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe"="C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux"
"F:\Adam\Install\Warcraft 3 + Frozen Throne\Warcraft III.exe"="F:\Adam\Install\Warcraft 3 + Frozen Throne\Warcraft III.exe:*:Enabled:Warcraft III"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\VideoViewer\VideoViewer.exe"="C:\Program Files\VideoViewer\VideoViewer.exe:*:Enabled:VideoViewer"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\DOCUME~1\MILOZK~1\LOCALS~1\Temp\RarSFX0\SwiApiMux.exe"="C:\DOCUME~1\MILOZK~1\LOCALS~1\Temp\RarSFX0\SwiApiMux.exe:*:Enabled:SwiApiMux"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\NUUO\NVRmini2\InstallWizard\InstallationWizard.exe"="C:\Program Files\NUUO\NVRmini2\InstallWizard\InstallationWizard.exe:*:Enabled:InstallationWizard"
"C:\Program Files\Panda Security\Panda Security Toolbar\dtuser.exe"="C:\Program Files\Panda Security\Panda Security Toolbar\dtuser.exe:*:Enabled:Panda Security Toolbar DTX Broker"
"C:\Program Files\VIVOTEK Inc\Installation Wizard 2\IW2.exe"="C:\Program Files\VIVOTEK Inc\Installation Wizard 2\IW2.exe:*:Enabled:Installation Wizard 2"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\NVR Utility\IP Utility.exe"="C:\Program Files\NVR Utility\IP Utility.exe:*:Enabled:IP Utility"
"C:\Program Files\DSC\DLS IV\Client\DLSMDIHost.exe"="C:\Program Files\DSC\DLS IV\Client\DLSMDIHost.exe:*:Enabled:Client"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\pandasecuritytb\dtUser.exe"="C:\Program Files\pandasecuritytb\dtUser.exe:*:Enabled:Panda Security Toolbar DTX Broker"
"C:\Documents and Settings\Miloš Zákravský\Local Settings\Temp\TeamViewer\Version9\TeamViewer.exe"="C:\Documents and Settings\Miloš Zákravský\Local Settings\Temp\TeamViewer\Version9\TeamViewer.exe:*:Enabled:TeamViewer 9"
"C:\Program Files\Paradox Security Systems\WinLoad\WinLoad.exe"="C:\Program Files\Paradox Security Systems\WinLoad\WinLoad.exe:*:Enabled:WinLoad"
"C:\Program Files\Network Enabler Administrator 2.7\NEADMIN.exe"="C:\Program Files\Network Enabler Administrator 2.7\NEADMIN.exe:*:Enabled:Network Enabler Administrator"
"C:\Program Files\Lantronix\DeviceInstaller4.2\DeviceInstaller.exe"="C:\Program Files\Lantronix\DeviceInstaller4.2\DeviceInstaller.exe:*:Enabled:DeviceInstaller"
"E:\AVTech - IP kamery\Software\AVTECH_IP_scan\IPScan_i.exe"="E:\AVTech - IP kamery\Software\AVTECH_IP_scan\IPScan_i.exe:*:Enabled:IP Scan Application"
"C:\Documents and Settings\Miloš Zákravský\Plocha\IPScan_i.exe"="C:\Documents and Settings\Miloš Zákravský\Plocha\IPScan_i.exe:*:Enabled:IP Scan Application"
"C:\Documents and Settings\Miloš Zákravský\Plocha\winbox.exe"="C:\Documents and Settings\Miloš Zákravský\Plocha\winbox.exe:*:Enabled:winbox"
"E:\AVTECH - IP KAMERY\SOFTWARE PRO WINDOWS\AVTECH_IP_SCAN\IPSCAN_I.EXE"="E:\AVTECH - IP KAMERY\SOFTWARE PRO WINDOWS\AVTECH_IP_SCAN\IPSCAN_I.EXE:*:Enabled:IP Scan Application"
"C:\Documents and Settings\Miloš Zákravský\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Miloš Zákravský\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2014-08-21 20:38:37 ----D---- C:\Program Files\trend micro
2014-08-21 20:38:36 ----D---- C:\rsit
2014-08-14 21:40:06 ----A---- C:\WINDOWS\system32\ptpusb.dll
2014-08-14 21:40:05 ----A---- C:\WINDOWS\system32\ptpusd.dll
======List of files/folders modified in the last 1 month======
2014-08-21 20:38:37 ----RD---- C:\Program Files
2014-08-21 19:44:30 ----D---- C:\WINDOWS\system32\CatRoot2
2014-08-21 19:03:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-08-14 21:40:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-08-14 21:40:08 ----D---- C:\WINDOWS\system32
2014-08-14 21:40:05 ----D---- C:\WINDOWS\system32\drivers
2014-07-29 11:51:46 ----D---- C:\WinloadPrivateDir
2014-07-27 13:46:34 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 O2MDRDR;O2MDRDR; C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-10-03 36640]
R0 O2SDRDR;O2SDRDR; C:\WINDOWS\system32\DRIVERS\o2sd.sys [2007-05-11 35456]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 nedrv;nedrv; C:\WINDOWS\system32\drivers\nedrv.sys [2005-04-11 54664]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-06-29 1160320]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 4864]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-02-26 5700096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-07-02 4432384]
R3 NETw4x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-02-25 2203520]
R3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2009-10-16 101848]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-09 193120]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-02 250496]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2011-03-18 61704]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2011-03-18 73096]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 silabenm;JABLOTRON serial interface Serial Port Enumerator Driver; C:\WINDOWS\system32\DRIVERS\silabenm.sys [2012-08-13 47176]
S3 silabser;JABLOTRON serial interface Driver; C:\WINDOWS\system32\DRIVERS\silabser.sys [2012-08-13 61312]
S3 SWNC8U32;Sierra Wireless MUX NDIS Driver (UMTS32); C:\WINDOWS\system32\DRIVERS\swnc8u32.sys [2009-07-22 197504]
S3 SWUMX20;Sierra Wireless USB MUX Driver (UMTS20); C:\WINDOWS\system32\DRIVERS\swumx20.sys []
S3 SWUMX32;Sierra Wireless USB MUX Driver (UMTS32); C:\WINDOWS\system32\DRIVERS\swumx32.sys [2009-07-22 148992]
S3 Tosrfcom;Tosrfcom; C:\WINDOWS\system32\drivers\Tosrfcom.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2013-02-12 12928]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-11-10 153376]
R2 MCPH;DSC MCPH Service; C:\Program Files\DSC\DLS IV\MCPH\MCPH.exe [2012-12-17 209920]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 O2Flash;O2Flash Memory Service; C:\WINDOWS\system32\o2flash.exe [2005-09-13 57344]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2008-10-10 132456]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-27 262320]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
-----------------EOF-----------------
byl jsem u kamaráda s NTB, že mu nešli otevřít nějaké stránky - pomohlo restartovat router. Ovšem když jsem se vrátil domů, volal mi, že to opět nejde... Po zapnutí mého NTB doma jsem zjistil, že jsem pravděpodobně tento virus chytl také. Projevuje se tak, že mi v IE nejdou otevřít některé stránky (vypíše chybovou hlášku, nepamatuji si přesné znění, nechci akci opakovat, neboť se bojím nakažení vlastní domácí sítě) a pokud se nějaká stránka otevře, po ukončení IE se znovu a znovu IE spouští s poslední otevřenou stránkou...
Posílám Vám proto RSIT log a zároveň prosím o pomoc s tímto problémem.
Děkuji moc za Váš čas.
Hezký den.
Logfile of random's system information tool 1.10 (written by random/random)
Run by Miloš Zákravský at 2014-08-21 20:38:36
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 32 GB (46%) free of 70 GB
Total RAM: 2038 MB (75% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1292428093-839522115-1003Core.job - C:\Documents and Settings\Miloš Zákravský\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1547161642-1292428093-839522115-1003UA.job - C:\Documents and Settings\Miloš Zákravský\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job - C:\WINDOWS\system32\xp_eos.exe -c
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Miloš Zákravský\Data aplikací\Mozilla\Firefox\Profiles\s9xtns0r.default
prefs.js - "browser.startup.homepage" - "http://search.conduit.com/?ctid=CT24810 ... hSource=13"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 14.0.0.145 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\WinLessPlugin]
"Description"=Camera Stream Controller
"Path"=C:\Program Files\Camera Stream Controller\npWinLessRtspCtrl.dll
C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml
C:\Documents and Settings\Miloš Zákravský\Data aplikací\Mozilla\Firefox\Profiles\s9xtns0r.default\extensions\
{124d001a-bdcb-472f-aa59-bbe7e4bc3204}
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
C:\Documents and Settings\Miloš Zákravský\Data aplikací\Mozilla\Firefox\Profiles\s9xtns0r.default\searchplugins\
conduit.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-06-06 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
Panda Security Toolbar - C:\Program Files\pandasecuritytb\pandasecurityDx.dll [2013-10-01 91712]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-10 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - Panda Security Toolbar - C:\Program Files\pandasecuritytb\pandasecurityDx.dll [2013-10-01 91712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-02-26 155648]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-02-26 131072]
"LoadFUJ02E3"=C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe [2009-06-16 36712]
"TRUUpdater"=C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe [2009-06-26 558360]
"WatcherHelper"=C:\Program Files\Sierra Wireless Inc\3G Watcher\WaHelper.exe [2009-04-07 62744]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-09 794713]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2008-12-19 83336]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2011-07-02 16377344]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2011-07-02 69632]
"AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2006-06-29 89541]
"LtMoh"=C:\Program Files\ltmoh\Ltmoh.exe [2005-05-18 188416]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]
"Panda Security URL Filtering"=C:\Documents and Settings\All Users\Data aplikací\Panda Security URL Filtering\Panda_URL_Filtering.exe [2013-09-26 235072]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Miloš Zákravský\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-07-02 136176]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
C:\Documents and Settings\Miloš Zákravský\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-02-26 204800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"MaxGPOScriptWait"=600
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe"="C:\Program Files\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux"
"C:\Program Files\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe"="C:\Program Files\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater"
"C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe"="C:\Program Files\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux"
"F:\Adam\Install\Warcraft 3 + Frozen Throne\Warcraft III.exe"="F:\Adam\Install\Warcraft 3 + Frozen Throne\Warcraft III.exe:*:Enabled:Warcraft III"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\VideoViewer\VideoViewer.exe"="C:\Program Files\VideoViewer\VideoViewer.exe:*:Enabled:VideoViewer"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\DOCUME~1\MILOZK~1\LOCALS~1\Temp\RarSFX0\SwiApiMux.exe"="C:\DOCUME~1\MILOZK~1\LOCALS~1\Temp\RarSFX0\SwiApiMux.exe:*:Enabled:SwiApiMux"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Program Files\NUUO\NVRmini2\InstallWizard\InstallationWizard.exe"="C:\Program Files\NUUO\NVRmini2\InstallWizard\InstallationWizard.exe:*:Enabled:InstallationWizard"
"C:\Program Files\Panda Security\Panda Security Toolbar\dtuser.exe"="C:\Program Files\Panda Security\Panda Security Toolbar\dtuser.exe:*:Enabled:Panda Security Toolbar DTX Broker"
"C:\Program Files\VIVOTEK Inc\Installation Wizard 2\IW2.exe"="C:\Program Files\VIVOTEK Inc\Installation Wizard 2\IW2.exe:*:Enabled:Installation Wizard 2"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\NVR Utility\IP Utility.exe"="C:\Program Files\NVR Utility\IP Utility.exe:*:Enabled:IP Utility"
"C:\Program Files\DSC\DLS IV\Client\DLSMDIHost.exe"="C:\Program Files\DSC\DLS IV\Client\DLSMDIHost.exe:*:Enabled:Client"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\pandasecuritytb\dtUser.exe"="C:\Program Files\pandasecuritytb\dtUser.exe:*:Enabled:Panda Security Toolbar DTX Broker"
"C:\Documents and Settings\Miloš Zákravský\Local Settings\Temp\TeamViewer\Version9\TeamViewer.exe"="C:\Documents and Settings\Miloš Zákravský\Local Settings\Temp\TeamViewer\Version9\TeamViewer.exe:*:Enabled:TeamViewer 9"
"C:\Program Files\Paradox Security Systems\WinLoad\WinLoad.exe"="C:\Program Files\Paradox Security Systems\WinLoad\WinLoad.exe:*:Enabled:WinLoad"
"C:\Program Files\Network Enabler Administrator 2.7\NEADMIN.exe"="C:\Program Files\Network Enabler Administrator 2.7\NEADMIN.exe:*:Enabled:Network Enabler Administrator"
"C:\Program Files\Lantronix\DeviceInstaller4.2\DeviceInstaller.exe"="C:\Program Files\Lantronix\DeviceInstaller4.2\DeviceInstaller.exe:*:Enabled:DeviceInstaller"
"E:\AVTech - IP kamery\Software\AVTECH_IP_scan\IPScan_i.exe"="E:\AVTech - IP kamery\Software\AVTECH_IP_scan\IPScan_i.exe:*:Enabled:IP Scan Application"
"C:\Documents and Settings\Miloš Zákravský\Plocha\IPScan_i.exe"="C:\Documents and Settings\Miloš Zákravský\Plocha\IPScan_i.exe:*:Enabled:IP Scan Application"
"C:\Documents and Settings\Miloš Zákravský\Plocha\winbox.exe"="C:\Documents and Settings\Miloš Zákravský\Plocha\winbox.exe:*:Enabled:winbox"
"E:\AVTECH - IP KAMERY\SOFTWARE PRO WINDOWS\AVTECH_IP_SCAN\IPSCAN_I.EXE"="E:\AVTECH - IP KAMERY\SOFTWARE PRO WINDOWS\AVTECH_IP_SCAN\IPSCAN_I.EXE:*:Enabled:IP Scan Application"
"C:\Documents and Settings\Miloš Zákravský\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe"="C:\Documents and Settings\Miloš Zákravský\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======List of files/folders created in the last 1 month======
2014-08-21 20:38:37 ----D---- C:\Program Files\trend micro
2014-08-21 20:38:36 ----D---- C:\rsit
2014-08-14 21:40:06 ----A---- C:\WINDOWS\system32\ptpusb.dll
2014-08-14 21:40:05 ----A---- C:\WINDOWS\system32\ptpusd.dll
======List of files/folders modified in the last 1 month======
2014-08-21 20:38:37 ----RD---- C:\Program Files
2014-08-21 19:44:30 ----D---- C:\WINDOWS\system32\CatRoot2
2014-08-21 19:03:52 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-08-14 21:40:10 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-08-14 21:40:08 ----D---- C:\WINDOWS\system32
2014-08-14 21:40:05 ----D---- C:\WINDOWS\system32\drivers
2014-07-29 11:51:46 ----D---- C:\WinloadPrivateDir
2014-07-27 13:46:34 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 O2MDRDR;O2MDRDR; C:\WINDOWS\system32\DRIVERS\o2media.sys [2006-10-03 36640]
R0 O2SDRDR;O2SDRDR; C:\WINDOWS\system32\DRIVERS\o2sd.sys [2007-05-11 35456]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R2 nedrv;nedrv; C:\WINDOWS\system32\drivers\nedrv.sys [2005-04-11 54664]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2006-06-29 1160320]
R3 FUJ02B1;Fujitsu FUJ02B1 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02B1.sys [2001-08-01 5248]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver; C:\WINDOWS\system32\DRIVERS\FUJ02E3.sys [2004-01-17 4864]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-02-26 5700096]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2011-07-02 4432384]
R3 NETw4x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-02-25 2203520]
R3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\system32\DRIVERS\ozscr.sys [2009-10-16 101848]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\system32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-09 193120]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-02 250496]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2011-03-18 61704]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2011-03-18 73096]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 sermouse;Ovladač sériové myši; C:\WINDOWS\system32\DRIVERS\sermouse.sys [2001-10-24 17664]
S3 silabenm;JABLOTRON serial interface Serial Port Enumerator Driver; C:\WINDOWS\system32\DRIVERS\silabenm.sys [2012-08-13 47176]
S3 silabser;JABLOTRON serial interface Driver; C:\WINDOWS\system32\DRIVERS\silabser.sys [2012-08-13 61312]
S3 SWNC8U32;Sierra Wireless MUX NDIS Driver (UMTS32); C:\WINDOWS\system32\DRIVERS\swnc8u32.sys [2009-07-22 197504]
S3 SWUMX20;Sierra Wireless USB MUX Driver (UMTS20); C:\WINDOWS\system32\DRIVERS\swumx20.sys []
S3 SWUMX32;Sierra Wireless USB MUX Driver (UMTS32); C:\WINDOWS\system32\DRIVERS\swumx32.sys [2009-07-22 148992]
S3 Tosrfcom;Tosrfcom; C:\WINDOWS\system32\drivers\Tosrfcom.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2013-02-12 12928]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-11-10 153376]
R2 MCPH;DSC MCPH Service; C:\Program Files\DSC\DLS IV\MCPH\MCPH.exe [2012-12-17 209920]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2008-11-24 29263712]
R2 O2Flash;O2Flash Memory Service; C:\WINDOWS\system32\o2flash.exe [2005-09-13 57344]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-11-24 87904]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2008-10-10 132456]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-27 262320]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2008-11-24 45408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-11-24 239968]
-----------------EOF-----------------
