FB vir + jiná havět
Napsal: 08 srp 2011 18:16
Zdravím,
kamarádka mě poprosila o řešení problému s FB virem, podařilo se jí zavšivit jak její tak sestřin NTB, teď je mám oba doma
Aktuální Kaspersky rescue disk na prvním PC našel hromadu havěti (nejen FB vir), vymazal, avšak problém trvá. Jde o starší NTB s XP, stroj na první pohled funguje normálně, nejde otevřít stránku FB a odpálilo to antivir.
Druhý je novější stroj, jsou zde win7, jdou spustit pouze v nouzovém režimu.
Dále přikládám RSIT logy z obou PC:
První PC (s XP):
Logfile of random's system information tool 1.09 (written by random/random)
Run by Marcelka at 2011-08-08 18:58:34
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 2 GB (4%) free of 56 GB
Total RAM: 503 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:58:40, on 8.8.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\WINDOWS\system32\ASWLSVC.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\D-Tools\daemon.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\ASUS\WLAN Card Utilities\Center.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Winamp3\winampa.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Marcelka\Plocha\RSIT.exe
D:\Program Files\trend micro\Marcelka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mojebanka.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Marcelka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Marcelka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Norton Safe Web Lite BHO - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - (no file)
O3 - Toolbar: (no name) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - (no file)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Control Center] D:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "D:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přeložit Britanikem - res://D:\Documents and Settings\Marcelka\Data aplikací\Britanik\BritanikIE8.dll/203
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Britanik - {005B5B90-640B-474c-9C7E-1C6C6F5621C2} - D:\Documents and Settings\Marcelka\Data aplikací\Britanik\BritanikIE8.dll (HKCU)
O9 - Extra 'Tools' menuitem: Přeložit Britanikem - {005B5B90-640B-474c-9C7E-1C6C6F5621C2} - D:\Documents and Settings\Marcelka\Data aplikací\Britanik\BritanikIE8.dll (HKCU)
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASWLSVC - Unknown owner - D:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 8591 bytes
======Scheduled tasks folder======
D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\Norton Security Scan for Marcelka.job
D:\WINDOWS\tasks\WGASetup.job
=========Mozilla firefox=========
ProfilePath - D:\Documents and Settings\Marcelka\Data aplikací\Mozilla\Firefox\Profiles\c54wixgh.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94, {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
"jqs@sun.com"=D:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=D:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
"{6904342A-8307-11DF-A508-4AE2DFD72085}"=D:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
"{203FB6B2-2E1E-4474-863B-4C483ECCE78E}"=D:\Documents and Settings\All Users\Data aplikací\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.7\coFFNST\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=D:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=D:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
D:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
D:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat
D:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
D:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
D:\Documents and Settings\Marcelka\Data aplikací\Mozilla\Firefox\Profiles\c54wixgh.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - D:\Documents and Settings\Marcelka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"=D:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2006-05-04 16206848]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-10-21 761945]
"igfxtray"=D:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=D:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=D:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"Control Center"=D:\Program Files\ASUS\WLAN Card Utilities\Center.exe [2005-09-13 1668096]
"IntelZeroConfig"=D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-08-02 802816]
"IntelWireless"=D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-08-02 696320]
"SunJavaUpdateSched"=D:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"WinampAgent"=D:\Program Files\Winamp3\winampa.exe [2002-07-23 12288]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2010-08-10 421888]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"DivXUpdate"=D:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-02-15 1230704]
"tray_ico"= []
"tray_ico3"= []
"tray_ico4"= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan Plus.lnk - D:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - D:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Documents and Settings\Marcelka\Dokumenty\Stažené soubory\Flash-Player(2).exe"="D:\Documents and Settings\Marcelka\Dokumenty\Stažené soubory\Flash-Player(2).exe:*:Enabled:D:\Documents and Settings\Marcelka\Dokumenty\Stažené soubory\Flash-Player(2).exe"
"D:\WINDOWS\update.1\svchost.exe"="D:\WINDOWS\update.1\svchost.exe:*:Enabled:D:\WINDOWS\update.1\svchost.exe"
"D:\WINDOWS\update.tray-9-0\svchost.exe"="D:\WINDOWS\update.tray-9-0\svchost.exe:*:Enabled:D:\WINDOWS\update.tray-9-0\svchost.exe"
"D:\WINDOWS\update.tray-7-0\svchost.exe"="D:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:D:\WINDOWS\update.tray-7-0\svchost.exe"
"D:\WINDOWS\update.tray-10-0\svchost.exe"="D:\WINDOWS\update.tray-10-0\svchost.exe:*:Enabled:D:\WINDOWS\update.tray-10-0\svchost.exe"
"D:\WINDOWS\update.2\svchost.exe"="D:\WINDOWS\update.2\svchost.exe:*:Enabled:D:\WINDOWS\update.2\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=D:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=D:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.asv2"=asusasv2.dll
"MSVideo8"=VfWWDM32.dll
"msacm.divxa32"=msaud32_divx.acm
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
======List of files/folders created in the last 1 month======
2011-08-08 18:48:09 ----D---- D:\Program Files\CCleaner
2011-07-31 21:26:02 ----ASH---- D:\pagefile.sys
2011-07-29 07:39:24 ----D---- D:\Documents and Settings\Marcelka\Data aplikací\dvdcss
2011-07-27 18:11:35 ----D---- D:\WINDOWS\Minidump
2011-07-26 18:52:10 ----D---- D:\Program Files\trend micro
2011-07-26 18:52:08 ----D---- D:\rsit
2011-07-26 18:12:30 ----D---- D:\WINDOWS\ufa
2011-07-26 18:12:30 ----D---- D:\WINDOWS\rpcminer
2011-07-26 18:12:30 ----D---- D:\WINDOWS\phoenix
2011-07-26 18:11:28 ----A---- D:\WINDOWS\iecheck_iplist.txt
2011-07-26 18:09:49 ----HD---- D:\WINDOWS\update.2
2011-07-26 18:09:44 ----A---- D:\WINDOWS\btc_client_iplist.txt
2011-07-26 18:09:23 ----A---- D:\WINDOWS\unrar.exe
2011-07-26 18:09:19 ----HD---- D:\WINDOWS\update.5.0
2011-07-26 18:07:44 ----A---- D:\WINDOWS\iplist.txt
2011-07-26 18:06:14 ----A---- D:\WINDOWS\front_ip_list.txt
2011-07-26 18:05:52 ----D---- D:\WINDOWS\av_ico
2011-07-26 18:05:27 ----ASH---- D:\hiberfil.sys
2011-07-26 18:03:50 ----HD---- D:\WINDOWS\update.1
2011-07-26 18:03:17 ----HD---- D:\WINDOWS\update.tray-9-0-lnk
2011-07-26 18:03:17 ----HD---- D:\WINDOWS\update.tray-9-0
2011-07-26 18:03:17 ----HD---- D:\WINDOWS\update.tray-10-0-lnk
2011-07-26 18:03:17 ----HD---- D:\WINDOWS\update.tray-10-0
2011-07-26 18:03:15 ----HD---- D:\WINDOWS\update.tray-7-0-lnk
2011-07-26 18:03:15 ----HD---- D:\WINDOWS\update.tray-7-0
2011-07-26 17:50:20 ----A---- D:\WINDOWS\winlog-ids.txt
2011-07-26 17:50:20 ----A---- D:\WINDOWS\winlog-dirs.txt
======List of files/folders modified in the last 1 month======
2011-08-08 18:58:41 ----D---- D:\WINDOWS\Prefetch
2011-08-08 18:55:31 ----D---- D:\WINDOWS\Temp
2011-08-08 18:55:03 ----D---- D:\WINDOWS\system32\CatRoot2
2011-08-08 18:54:59 ----D---- D:\WINDOWS
2011-08-08 18:53:46 ----A---- D:\WINDOWS\SchedLgU.Txt
2011-08-08 18:51:12 ----D---- D:\WINDOWS\Debug
2011-08-08 18:48:09 ----RD---- D:\Program Files
2011-07-29 08:21:20 ----D---- D:\Documents and Settings\Marcelka\Data aplikací\vlc
2011-07-26 18:10:30 ----SHD---- D:\System Volume Information
2011-07-26 18:10:30 ----D---- D:\WINDOWS\system32\Restore
2011-07-26 18:10:17 ----D---- D:\WINDOWS\system32\drivers\etc
2011-07-14 23:15:47 ----D---- D:\Program Files\Common Files\Symantec Shared
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 d347bus;d347bus; D:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; D:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; D:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; D:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 risdptsk;risdptsk; D:\WINDOWS\system32\DRIVERS\risdptsk.sys [2005-07-14 27904]
R1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; D:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-05-27 21419]
R2 irda;Protokol IrDA; D:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; D:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2010-05-27 15781]
R2 s24trans;WLAN Transport; D:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-08-02 12544]
R3 Cam5603D;BisonCam, NB Pro; D:\WINDOWS\System32\Drivers\BisonCam.sys [2005-12-19 649088]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-04 4271616]
R3 irsir;Microsoft Serial Infrared Driver; D:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 NETw3x32;Ovladač adaptéru Intel(R) PRO/Wireless 3945ABG pro Windows XP 32 Bit; D:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-07-26 1707776]
R3 Rasirda;WAN Miniport (IrDA); D:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rimsptsk;rimsptsk; D:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 SynTP;Synaptics TouchPad Driver; D:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-10-21 191936]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
S3 Arp1394;Protokol 1394 ARP Client; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 aswRdr;aswRdr; D:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
S3 b57w2k;BCM5701 Gigabit Ethernet; D:\WINDOWS\system32\DRIVERS\b57xp32.sys [2001-10-24 97120]
S3 CCDECODE;Dekodér Closed Caption; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; D:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sdbus;sdbus; D:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbbus;LGE Mobile Composite USB Device; D:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-19 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; D:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-19 19968]
S3 USBModem;LGE Mobile USB Modem; D:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-19 24832]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 ASWLSVC;ASWLSVC; D:\WINDOWS\system32\ASWLSVC.exe [2004-05-06 496640]
R2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; D:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-08-02 434176]
R2 Irmon;Sledování infračerveného přenosu; D:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 MDM;Machine Debug Manager; D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-08-02 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-08-02 937984]
R3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-20 136176]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-20 136176]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
druhý log přidám v zápětí
kamarádka mě poprosila o řešení problému s FB virem, podařilo se jí zavšivit jak její tak sestřin NTB, teď je mám oba doma
Aktuální Kaspersky rescue disk na prvním PC našel hromadu havěti (nejen FB vir), vymazal, avšak problém trvá. Jde o starší NTB s XP, stroj na první pohled funguje normálně, nejde otevřít stránku FB a odpálilo to antivir.Druhý je novější stroj, jsou zde win7, jdou spustit pouze v nouzovém režimu.
Dále přikládám RSIT logy z obou PC:
První PC (s XP):
Logfile of random's system information tool 1.09 (written by random/random)
Run by Marcelka at 2011-08-08 18:58:34
Systém Microsoft Windows XP Professional Service Pack 2
System drive D: has 2 GB (4%) free of 56 GB
Total RAM: 503 MB (39% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:58:40, on 8.8.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\WINDOWS\system32\ASWLSVC.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\D-Tools\daemon.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\ASUS\WLAN Card Utilities\Center.exe
D:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\Winamp3\winampa.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Documents and Settings\Marcelka\Plocha\RSIT.exe
D:\Program Files\trend micro\Marcelka.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mojebanka.cz/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Marcelka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - D:\Documents and Settings\Marcelka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Norton Safe Web Lite BHO - {F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3} - (no file)
O3 - Toolbar: (no name) - {30CEEEA2-3742-40e4-85DD-812BF1CBB83D} - (no file)
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [igfxtray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Control Center] D:\Program Files\ASUS\WLAN Card Utilities\Center.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "D:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přeložit Britanikem - res://D:\Documents and Settings\Marcelka\Data aplikací\Britanik\BritanikIE8.dll/203
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Britanik - {005B5B90-640B-474c-9C7E-1C6C6F5621C2} - D:\Documents and Settings\Marcelka\Data aplikací\Britanik\BritanikIE8.dll (HKCU)
O9 - Extra 'Tools' menuitem: Přeložit Britanikem - {005B5B90-640B-474c-9C7E-1C6C6F5621C2} - D:\Documents and Settings\Marcelka\Data aplikací\Britanik\BritanikIE8.dll (HKCU)
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASWLSVC - Unknown owner - D:\WINDOWS\system32\ASWLSVC.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
--
End of file - 8591 bytes
======Scheduled tasks folder======
D:\WINDOWS\tasks\AppleSoftwareUpdate.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
D:\WINDOWS\tasks\Norton Security Scan for Marcelka.job
D:\WINDOWS\tasks\WGASetup.job
=========Mozilla firefox=========
ProfilePath - D:\Documents and Settings\Marcelka\Data aplikací\Mozilla\Firefox\Profiles\c54wixgh.default
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94, {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
"jqs@sun.com"=D:\Program Files\Java\jre6\lib\deploy\jqs\ff
"{20a82645-c095-46ed-80e3-08825760534b}"=D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=D:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
"{6904342A-8307-11DF-A508-4AE2DFD72085}"=D:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
"{203FB6B2-2E1E-4474-863B-4C483ECCE78E}"=D:\Documents and Settings\All Users\Data aplikací\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_1.2.0.7\coFFNST\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=D:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=D:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=D:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=D:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
D:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
D:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat
D:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
D:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
D:\Documents and Settings\Marcelka\Data aplikací\Mozilla\Firefox\Profiles\c54wixgh.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}]
DivX HiQ - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll [2011-02-08 3118976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - D:\Documents and Settings\Marcelka\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-07-14 150768]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0DA78E9-6B60-42fb-BC26-EF2CFB8C8FF3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{30CEEEA2-3742-40e4-85DD-812BF1CBB83D}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools-1033"=D:\Program Files\D-Tools\daemon.exe [2004-08-22 81920]
"RTHDCPL"=D:\WINDOWS\RTHDCPL.EXE [2006-05-04 16206848]
"Alcmtr"=D:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-10-21 761945]
"igfxtray"=D:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=D:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=D:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"Control Center"=D:\Program Files\ASUS\WLAN Card Utilities\Center.exe [2005-09-13 1668096]
"IntelZeroConfig"=D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2006-08-02 802816]
"IntelWireless"=D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2006-08-02 696320]
"SunJavaUpdateSched"=D:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"WinampAgent"=D:\Program Files\Winamp3\winampa.exe [2002-07-23 12288]
"iTunesHelper"=D:\Program Files\iTunes\iTunesHelper.exe [2010-07-21 141608]
"QuickTime Task"=D:\Program Files\QuickTime\qttask.exe [2010-08-10 421888]
"Adobe Reader Speed Launcher"=D:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 35736]
"Adobe ARM"=D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"DivXUpdate"=D:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-02-15 1230704]
"tray_ico"= []
"tray_ico3"= []
"tray_ico4"= []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=D:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
D:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan Plus.lnk - D:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
D:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - D:\WINDOWS\system32\upnpui.dll [2004-08-17 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\Skype\Phone\Skype.exe"="D:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Program Files\Bonjour\mDNSResponder.exe"="D:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"D:\Program Files\iTunes\iTunes.exe"="D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Documents and Settings\Marcelka\Dokumenty\Stažené soubory\Flash-Player(2).exe"="D:\Documents and Settings\Marcelka\Dokumenty\Stažené soubory\Flash-Player(2).exe:*:Enabled:D:\Documents and Settings\Marcelka\Dokumenty\Stažené soubory\Flash-Player(2).exe"
"D:\WINDOWS\update.1\svchost.exe"="D:\WINDOWS\update.1\svchost.exe:*:Enabled:D:\WINDOWS\update.1\svchost.exe"
"D:\WINDOWS\update.tray-9-0\svchost.exe"="D:\WINDOWS\update.tray-9-0\svchost.exe:*:Enabled:D:\WINDOWS\update.tray-9-0\svchost.exe"
"D:\WINDOWS\update.tray-7-0\svchost.exe"="D:\WINDOWS\update.tray-7-0\svchost.exe:*:Enabled:D:\WINDOWS\update.tray-7-0\svchost.exe"
"D:\WINDOWS\update.tray-10-0\svchost.exe"="D:\WINDOWS\update.tray-10-0\svchost.exe:*:Enabled:D:\WINDOWS\update.tray-10-0\svchost.exe"
"D:\WINDOWS\update.2\svchost.exe"="D:\WINDOWS\update.2\svchost.exe:*:Enabled:D:\WINDOWS\update.2\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=D:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=D:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.asv2"=asusasv2.dll
"MSVideo8"=VfWWDM32.dll
"msacm.divxa32"=msaud32_divx.acm
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
======List of files/folders created in the last 1 month======
2011-08-08 18:48:09 ----D---- D:\Program Files\CCleaner
2011-07-31 21:26:02 ----ASH---- D:\pagefile.sys
2011-07-29 07:39:24 ----D---- D:\Documents and Settings\Marcelka\Data aplikací\dvdcss
2011-07-27 18:11:35 ----D---- D:\WINDOWS\Minidump
2011-07-26 18:52:10 ----D---- D:\Program Files\trend micro
2011-07-26 18:52:08 ----D---- D:\rsit
2011-07-26 18:12:30 ----D---- D:\WINDOWS\ufa
2011-07-26 18:12:30 ----D---- D:\WINDOWS\rpcminer
2011-07-26 18:12:30 ----D---- D:\WINDOWS\phoenix
2011-07-26 18:11:28 ----A---- D:\WINDOWS\iecheck_iplist.txt
2011-07-26 18:09:49 ----HD---- D:\WINDOWS\update.2
2011-07-26 18:09:44 ----A---- D:\WINDOWS\btc_client_iplist.txt
2011-07-26 18:09:23 ----A---- D:\WINDOWS\unrar.exe
2011-07-26 18:09:19 ----HD---- D:\WINDOWS\update.5.0
2011-07-26 18:07:44 ----A---- D:\WINDOWS\iplist.txt
2011-07-26 18:06:14 ----A---- D:\WINDOWS\front_ip_list.txt
2011-07-26 18:05:52 ----D---- D:\WINDOWS\av_ico
2011-07-26 18:05:27 ----ASH---- D:\hiberfil.sys
2011-07-26 18:03:50 ----HD---- D:\WINDOWS\update.1
2011-07-26 18:03:17 ----HD---- D:\WINDOWS\update.tray-9-0-lnk
2011-07-26 18:03:17 ----HD---- D:\WINDOWS\update.tray-9-0
2011-07-26 18:03:17 ----HD---- D:\WINDOWS\update.tray-10-0-lnk
2011-07-26 18:03:17 ----HD---- D:\WINDOWS\update.tray-10-0
2011-07-26 18:03:15 ----HD---- D:\WINDOWS\update.tray-7-0-lnk
2011-07-26 18:03:15 ----HD---- D:\WINDOWS\update.tray-7-0
2011-07-26 17:50:20 ----A---- D:\WINDOWS\winlog-ids.txt
2011-07-26 17:50:20 ----A---- D:\WINDOWS\winlog-dirs.txt
======List of files/folders modified in the last 1 month======
2011-08-08 18:58:41 ----D---- D:\WINDOWS\Prefetch
2011-08-08 18:55:31 ----D---- D:\WINDOWS\Temp
2011-08-08 18:55:03 ----D---- D:\WINDOWS\system32\CatRoot2
2011-08-08 18:54:59 ----D---- D:\WINDOWS
2011-08-08 18:53:46 ----A---- D:\WINDOWS\SchedLgU.Txt
2011-08-08 18:51:12 ----D---- D:\WINDOWS\Debug
2011-08-08 18:48:09 ----RD---- D:\Program Files
2011-07-29 08:21:20 ----D---- D:\Documents and Settings\Marcelka\Data aplikací\vlc
2011-07-26 18:10:30 ----SHD---- D:\System Volume Information
2011-07-26 18:10:30 ----D---- D:\WINDOWS\system32\Restore
2011-07-26 18:10:17 ----D---- D:\WINDOWS\system32\drivers\etc
2011-07-14 23:15:47 ----D---- D:\Program Files\Common Files\Symantec Shared
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 d347bus;d347bus; D:\WINDOWS\system32\DRIVERS\d347bus.sys [2004-08-22 155136]
R0 d347prt;d347prt; D:\WINDOWS\System32\Drivers\d347prt.sys [2004-08-22 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; D:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; D:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 risdptsk;risdptsk; D:\WINDOWS\system32\DRIVERS\risdptsk.sys [2005-07-14 27904]
R1 intelppm;Řadič procesoru Intel; D:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-17 39936]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; D:\WINDOWS\system32\DRIVERS\AegisP.sys [2010-05-27 21419]
R2 irda;Protokol IrDA; D:\WINDOWS\system32\DRIVERS\irda.sys [2004-08-04 87424]
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; D:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2010-05-27 15781]
R2 s24trans;WLAN Transport; D:\WINDOWS\system32\DRIVERS\s24trans.sys [2006-08-02 12544]
R3 Cam5603D;BisonCam, NB Pro; D:\WINDOWS\System32\Drivers\BisonCam.sys [2005-12-19 649088]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; D:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; D:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; D:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); D:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-04 4271616]
R3 irsir;Microsoft Serial Infrared Driver; D:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 NETw3x32;Ovladač adaptéru Intel(R) PRO/Wireless 3945ABG pro Windows XP 32 Bit; D:\WINDOWS\system32\DRIVERS\NETw3x32.sys [2006-07-26 1707776]
R3 Rasirda;WAN Miniport (IrDA); D:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 rimsptsk;rimsptsk; D:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 SynTP;Synaptics TouchPad Driver; D:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-10-21 191936]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; D:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-04-19 20608]
S3 Arp1394;Protokol 1394 ARP Client; D:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-17 60800]
S3 aswRdr;aswRdr; D:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
S3 b57w2k;BCM5701 Gigabit Ethernet; D:\WINDOWS\system32\DRIVERS\b57xp32.sys [2001-10-24 97120]
S3 CCDECODE;Dekodér Closed Caption; D:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 HidUsb;Ovladač třídy standardu HID; D:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Ovladač myši standardu HID; D:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; D:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; D:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; D:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; D:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-17 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; D:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sdbus;sdbus; D:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-03 67584]
S3 SLIP;BDA Slip De-Framer; D:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; D:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 USBAAPL;Apple Mobile USB Driver; D:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbbus;LGE Mobile Composite USB Device; D:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2008-11-19 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; D:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2008-11-19 19968]
S3 USBModem;LGE Mobile USB Modem; D:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2008-11-19 24832]
S3 usbscan;Ovladač skeneru USB; D:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; D:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; D:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 ASWLSVC;ASWLSVC; D:\WINDOWS\system32\ASWLSVC.exe [2004-05-06 496640]
R2 Bonjour Service;Bonjour Service; D:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; D:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2006-08-02 434176]
R2 Irmon;Sledování infračerveného přenosu; D:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
R2 JavaQuickStarterService;Java Quick Starter; D:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 MDM;Machine Debug Manager; D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2006-08-02 327680]
R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2006-08-02 937984]
R3 iPod Service;iPod Service; D:\Program Files\iPod\bin\iPodService.exe [2010-07-21 540968]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-20 136176]
S3 aspnet_state;ASP.NET State Service; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); D:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-20 136176]
S3 idsvc;Windows CardSpace; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
druhý log přidám v zápětí
