VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Okno s hlášením o infiltraci "Win32/Toolbar.Widgi"

https://forum.viry.cz:443/viewtopic.php?t=123438

Stránka 1 z 1

Okno s hlášením o infiltraci "Win32/Toolbar.Widgi"

Napsal: 05 srp 2012 06:53
od zach
Dobrý den,
po spuštění počítače se mi opakovaně zobrazuje od ESET okno s informací o možné infiltraci a je tam uvedeno Win32/Toolbar.Widgi. Když kliknu na "Léčit", okno s hlášením zmizí a hned se zase objeví, takže to na mne dělá dojem, že léčení nefunguje. Ani v tom okně nelze zakliknout odeslat ke kontrole ESETu. Antivirem jsem projel počítač a nic neobjevil. Poradil by mi, prosím, někdo, může-li jít skutečně o infiltraci a jak se jí zbavit.
Pro úplnost dodám, že nejsem žádný IT specialista, běžný uživatel, který ale nenavštěvuje nebezpečné stránky, automaticky si aktualizuje antivirovou databázi apod.

Předem děkuji za jakoukoliv radu

Re: Okno s hlášením o infiltraci "Win32/Toolbar.Widgi"

Napsal: 05 srp 2012 07:24
od vyosek
Zdravim a pekny den preji :)

:arrow: Poprosim o log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895

:arrow: Zkusime jej najit a pak zjitime proc nejde odeslat ci lecit

Re: Okno s hlášením o infiltraci "Win32/Toolbar.Widgi"

Napsal: 05 srp 2012 08:43
od zach
Logfile of random's system information tool 1.09 (written by random/random)
Run by PC at 2012-08-05 09:41:20
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 159 GB (52%) free of 305 GB
Total RAM: 2047 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:41:22, on 5.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\PC\Plocha\RSIT.exe
C:\Program Files\trend micro\PC.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: EndNote Web - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EndNote Web - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Přidat do stávajícího PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 6648969562
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe

--
End of file - 10043 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, pdfforge@mybrowserbar.com:4.3, wtxpcom@mybrowserbar.com:4.3, zotero@chnm.gmu.edu:2.0.9, zoteroWinWordIntegration@zotero.org:3.0b1, {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =302398&p="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"virtualKeyboard@kaspersky.ru"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
"linkfilter@kaspersky.ru"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.270 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33]
"Description"=
"Path"=C:\WINDOWS\system32\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
linkfilter@kaspersky.ru_bak
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
NPOFFICE.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npwachk.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
yahoo.xml

C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\extensions\
nostmp
zotero@chnm.gmu.edu
zoteroWinWordIntegration@zotero.org
{20a82645-c095-46ed-80e3-08825760534b}
{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\searchplugins\
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2011-01-30 64928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-06-25 329480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82D2E569-25A7-4E4D-9FA3-C5025B4B7912}]
EndNote Web - C:\Program Files\EndNote Web\ENWIEPlug.dll [2011-06-30 268288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll [2012-07-26 1213832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-06-25 59144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-06-25 79624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-23 321120]
{945C8270-A848-11D5-A805-00B0D092F45B} - EndNote Web - C:\Program Files\EndNote Web\ENWIEPlug.dll [2011-06-30 268288]
{B922D405-6D13-4A2B-AE89-08A030DA4402} - pdfforge Toolbar - C:\Program Files\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll [2012-07-26 1213832]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-04-22 5898240]
"nwiz"=nwiz.exe /install []
"P17Helper"=Rundll32 P17.dll,P17Helper []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-01-30 35736]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-23 620152]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-03-07 3117344]
"HTC Sync Loader"=C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-17 651264]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=16895

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveTypeAutoRun"=60

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"="C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Disabled:Winamp"
"C:\Program Files\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe"="C:\Program Files\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe:*:Enabled:ASUS Device Discovery Application"
"C:\Program Files\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe"="C:\Program Files\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe:*:Enabled:ASUS Firmware Restoration Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codecp.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.dvsd"=pdvcodec.dll

======List of files/folders created in the last 1 month======

2012-08-05 09:35:22 ----D---- C:\rsit
2012-08-05 09:35:22 ----D---- C:\Program Files\trend micro
2012-08-04 07:17:59 ----D---- C:\Documents and Settings\PC\Data aplikací\Search Settings
2012-08-04 07:17:51 ----D---- C:\Program Files\Application Updater
2012-08-04 07:17:40 ----D---- C:\Program Files\pdfforge Toolbar
2012-08-04 07:17:40 ----D---- C:\Program Files\Common Files\Spigot
2012-07-28 07:23:18 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2012-07-19 08:28:50 ----D---- C:\Documents and Settings\PC\Data aplikací\PSpad
2012-07-19 08:28:35 ----D---- C:\Program Files\PSPad editor
2012-07-11 08:01:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-07-11 08:00:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2718523$
2012-07-11 08:00:46 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-07-11 08:00:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-07-11 07:59:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$

======List of files/folders modified in the last 1 month======

2012-08-05 09:37:12 ----D---- C:\WINDOWS\Prefetch
2012-08-05 09:36:55 ----A---- C:\WINDOWS\wincmd.ini
2012-08-05 09:35:22 ----RD---- C:\Program Files
2012-08-05 08:54:24 ----D---- C:\WINDOWS\Temp
2012-08-05 08:53:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-08-05 07:32:12 ----D---- C:\WINDOWS\system32\CatRoot2
2012-08-05 07:30:43 ----D---- C:\WINDOWS
2012-08-05 07:24:59 ----D---- C:\Program Files\ESET
2012-08-04 08:23:10 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-08-04 07:18:00 ----SHD---- C:\WINDOWS\Installer
2012-08-04 07:17:57 ----SHD---- C:\Config.Msi
2012-08-04 07:17:52 ----D---- C:\WINDOWS\WinSxS
2012-08-04 07:17:40 ----D---- C:\Program Files\Common Files
2012-07-28 07:23:18 ----D---- C:\WINDOWS\system32
2012-07-18 13:24:50 ----D---- C:\Program Files\Mozilla Thunderbird
2012-07-18 12:47:13 ----D---- C:\Program Files\Mozilla Firefox
2012-07-18 12:47:05 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-07-12 08:29:13 ----D---- C:\Documents and Settings\PC\Data aplikací\Vso
2012-07-12 08:28:40 ----A---- C:\WINDOWS\avisplitter.ini
2012-07-11 08:01:16 ----HD---- C:\WINDOWS\inf
2012-07-11 08:01:12 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-07-11 08:01:02 ----A---- C:\WINDOWS\imsins.BAK
2012-07-11 08:00:56 ----HD---- C:\WINDOWS\$hf_mig$
2012-07-11 08:00:18 ----A---- C:\WINDOWS\system32\MRT.exe
2012-07-06 11:22:04 ----D---- C:\Program Files\Winamp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2005-05-17 92800]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2012-03-14 160816]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2012-03-14 120152]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2012-03-14 61936]
R1 NVTCP;NVIDIA TCP/IP Protocol Driver; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [2005-04-05 100096]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2012-03-14 148504]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys [2005-01-10 138752]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2012-03-14 40336]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-03-02 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-04-22 3095680]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\DRIVERS\ctoss2k.sys [2005-01-10 106496]
R3 P17;Sound Blaster Audigy; C:\WINDOWS\system32\drivers\P17.sys [2005-07-07 1389056]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-10-09 47360]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 htcnprot;HTC NDIS Protocol Driver; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [2010-06-22 21248]
S3 PcaSp50;Rawether NDIS 5.X SPR Protocol Driver; C:\WINDOWS\system32\DRIVERS\PcaSp50.sys [2010-05-19 28160]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2012-07-26 794560]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2012-03-07 913144]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [2005-04-29 139264]
R2 ForcewareWebInterface;Forceware Web Interface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [2004-11-30 20543]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-06-25 153352]
R2 MSSQL$SONY_MEDIAMGR;MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [2002-12-17 7520337]
R2 nSvcLog;ForceWare user log service; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [2005-04-29 57412]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-04-22 127043]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-01-20 655624]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2011-01-23 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-04 250056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [2002-12-17 66112]
S3 nosGetPlusHelper;getPlus(R) Helper 3004; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SQLAgent$SONY_MEDIAMGR;SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [2002-12-17 311872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Okno s hlášením o infiltraci "Win32/Toolbar.Widgi"

Napsal: 05 srp 2012 19:13
od vyosek
:arrow: Odinstalujte: Search Settings, Application Updater, pdfforge Toolbar

:arrow: Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
  • Zaskrtnete okenko Pro vsechny uzivatele
  • Zaskrtnete okenko Kontrola na havet "LOP"
  • Zaskrtnete okenko Kontrola na havet "Purity"
  • Stari souboru zmente z 30 dnu na 7 dnu
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s
  • Kliknete na tlacitko Prohledat
  • Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

OTL.txt

Napsal: 05 srp 2012 20:46
od zach
OTL logfile created on: 5.8.2012 21:11:21 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\PC\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 62,90% Memory free
3,85 Gb Paging File | 3,04 Gb Available in Paging File | 79,03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 161,98 Gb Free Space | 54,34% Space Free | Partition Type: NTFS
Drive E: | 74,52 Gb Total Space | 12,34 Gb Free Space | 16,55% Space Free | Partition Type: NTFS
Drive F: | 955,73 Mb Total Space | 928,09 Mb Free Space | 97,11% Space Free | Partition Type: FAT

Computer Name: JI-BC721C609DBC | User Name: PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.08.05 21:10:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PC\Plocha\OTL.exe
PRC - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2012.07.18 12:47:04 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012.03.07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2012.01.20 11:20:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2011.09.15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.23 03:40:00 | 000,046,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrobat_sl.exe
PRC - [2006.10.23 01:24:00 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2005.04.29 18:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005.04.29 18:18:08 | 000,057,412 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2004.11.30 11:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2002.12.17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe


========== Modules (No Company Name) ==========

MOD - [2012.08.04 08:23:09 | 009,465,032 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012.07.18 12:47:03 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.06.17 10:10:57 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.06.17 10:10:56 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012.06.17 10:10:55 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012.06.17 10:10:47 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012.05.20 12:12:06 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.04.17 15:05:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2012.04.17 15:05:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2012.04.17 15:05:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2012.04.17 15:05:00 | 000,389,120 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2012.04.17 15:05:00 | 000,172,032 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2012.04.17 15:05:00 | 000,151,552 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2012.04.17 15:05:00 | 000,103,936 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2012.04.17 15:05:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011.09.15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
MOD - [2005.05.03 13:38:42 | 000,064,512 | R--- | M] () -- C:\WINDOWS\system32\P17.dll
MOD - [2005.04.29 18:21:06 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
MOD - [2005.04.29 17:52:32 | 000,024,691 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so
MOD - [2004.11.30 11:08:58 | 000,876,544 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\libeay32.dll
MOD - [2004.11.30 11:08:58 | 000,159,744 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\ssleay32.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.08.04 08:23:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.07.18 12:47:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.03.07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2012.01.20 11:20:09 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.09.15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.11.29 11:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper)
SRV - [2005.04.29 18:21:06 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2005.04.29 18:18:08 | 000,057,412 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2004.11.30 11:08:56 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface)
SRV - [2002.12.17 17:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002.12.17 17:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
DRV - [2012.03.14 08:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2012.03.14 08:40:04 | 000,061,936 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2012.03.14 08:40:04 | 000,040,336 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2012.03.14 08:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012.03.14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.06.22 18:01:52 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.05.19 18:32:04 | 000,028,160 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcaSp50.sys -- (PcaSp50)
DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.09.25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2005.07.07 10:14:30 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2005.05.17 11:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2005.04.05 21:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005.04.05 21:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.04.05 21:22:20 | 000,100,096 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NVTCP.SYS -- (NVTCP)
DRV - [2005.01.10 12:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005.01.10 12:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001.08.18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2645238
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\..\SearchScopes\{B7A35CC3-1C5C-4A6C-92D8-518D660BF97F}: "URL" = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.cz"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.9
FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.0b1
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=green ... =302398&p="
FF - prefs.js..network.proxy.autoconfig_url: "http://library.muni.cz/proxy/libproxy.pac"
FF - prefs.js..network.proxy.type: 2


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.18 12:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.25 07:05:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.07.07 14:19:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012.06.02 07:48:53 | 000,000,000 | ---D | M]

[2010.10.09 13:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Extensions
[2010.10.09 13:47:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.08.04 07:17:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\extensions
[2010.10.11 20:37:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.08 11:05:42 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.03.23 20:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\extensions\nostmp
[2012.07.19 07:52:52 | 000,000,000 | ---D | M] (Zotero) -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\extensions\zotero@chnm.gmu.edu
[2012.07.19 07:53:14 | 000,000,000 | ---D | M] (Zotero Word for Windows Integration) -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\extensions\zoteroWinWordIntegration@zotero.org
[2011.02.10 20:48:08 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\searchplugins\qip-search.xml
[2012.06.25 07:05:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.06.25 07:05:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2011.05.31 18:00:27 | 000,000,000 | ---D | M] (Kaspersky URL poradce) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PC\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\PRA0233D.DEFAULT\EXTENSIONS\ZOTERO@CHNM.GMU.EDU
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PC\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\PRA0233D.DEFAULT\EXTENSIONS\ZOTEROWINWORDINTEGRATION@ZOTERO.ORG
[2012.08.05 21:07:47 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.08.04 07:17:57 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2012.07.18 12:47:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012.07.02 13:31:11 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.07.02 13:31:11 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.03.07 20:07:09 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2012.07.02 13:31:11 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.07.02 13:31:11 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.07.02 13:31:11 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2006.03.02 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (EndNote Web) - {82D2E569-25A7-4E4D-9FA3-C5025B4B7912} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (EndNote Web) - {945C8270-A848-11D5-A805-00B0D092F45B} - C:\Program Files\EndNote Web\ENWIEPlug.dll (Thomson Reuters)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-1417001333-823518204-682003330-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1029-0000-7760-000000000003}\_SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 16895
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést výběr do Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést výběr do existujícího PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Přidat do stávajícího PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 6648969562 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 83.240.0.214
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B696F2A-54CC-4721-8B02-DF2257FAD096}: DhcpNameServer = 192.168.1.1 83.240.0.214
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\PC\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\PC\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010.10.09 12:41:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.04.03 15:54:29 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{b56c94df-d397-11df-afb7-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b56c94df-d397-11df-afb7-806d6172696f}\Shell\AutoRun\command - "" = D:\CTRun\Start.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (http://www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.08.05 21:10:23 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\PC\Plocha\OTL.exe
[2012.08.05 09:35:22 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.08.05 09:35:22 | 000,000,000 | ---D | C] -- C:\rsit
[2012.08.05 07:43:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Plocha\SysInspector-JI-BC721C609DBC-120805-0732
[2012.08.04 07:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Data aplikací\Search Settings
[2012.08.04 07:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.08.04 07:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.08.04 07:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2010.10.09 14:14:23 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\PC\Data aplikací\pcouffin.sys
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.08.05 21:13:36 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.08.05 21:10:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\PC\Plocha\OTL.exe
[2012.08.05 21:07:40 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Acrobat Speed Launcher.lnk
[2012.08.05 21:07:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.05 10:40:00 | 000,001,276 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012.08.05 10:36:07 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\PC\Data aplikací\vso_ts_preview.xml
[2012.08.05 10:35:56 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\PC\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.08.05 10:23:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.08.05 09:34:46 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\PC\Plocha\RSIT.exe
[2012.08.05 07:35:26 | 000,262,762 | ---- | M] () -- C:\Documents and Settings\PC\Plocha\SysInspector-JI-BC721C609DBC-120805-0732.zip
[2012.08.04 11:18:33 | 001,154,380 | ---- | M] () -- C:\Documents and Settings\PC\Plocha\vlastni_text.pdf
[2012.08.04 08:23:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.08.04 08:23:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.08.04 08:23:07 | 009,827,016 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2012.08.04 07:16:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.08.05 21:13:36 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.08.05 09:34:45 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\PC\Plocha\RSIT.exe
[2012.08.05 07:35:26 | 000,262,762 | ---- | C] () -- C:\Documents and Settings\PC\Plocha\SysInspector-JI-BC721C609DBC-120805-0732.zip
[2012.08.04 11:18:24 | 001,154,380 | ---- | C] () -- C:\Documents and Settings\PC\Plocha\vlastni_text.pdf
[2012.06.17 13:36:22 | 000,000,084 | ---- | C] () -- C:\WINDOWS\MSP60.ini
[2012.06.17 13:03:11 | 000,000,846 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2012.06.17 13:03:11 | 000,000,014 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2012.05.08 11:42:39 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\AVEQT.dll
[2012.02.19 20:08:15 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.20 09:26:33 | 000,021,784 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.07.02 15:57:03 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\.zreglib
[2011.02.12 17:26:45 | 000,001,479 | ---- | C] () -- C:\WINDOWS\SubCreator.INI
[2010.12.27 20:21:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.12.27 20:21:04 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.12.27 20:21:04 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.12.27 20:21:03 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.11.10 23:07:02 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.11.07 08:35:08 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2010.11.07 08:34:06 | 000,297,984 | ---- | C] () -- C:\WINDOWS\unin0405.exe
[2010.10.25 20:14:45 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.10.23 10:17:03 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\esfw66.bin
[2010.10.09 15:22:38 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.09 15:21:12 | 000,065,536 | ---- | C] () -- C:\Documents and Settings\PC\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.09 15:04:48 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\PC\Data aplikací\vso_ts_preview.xml
[2010.10.09 15:04:38 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\PC\Data aplikací\inst.exe
[2010.10.09 14:56:30 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010.10.09 14:32:44 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.10.09 14:31:39 | 000,168,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.09 14:14:23 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\PC\Data aplikací\ezpinst.exe
[2010.10.09 14:14:23 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\PC\Data aplikací\pcouffin.cat
[2010.10.09 14:14:23 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\PC\Data aplikací\pcouffin.inf
[2010.10.09 13:42:57 | 000,001,276 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010.10.09 13:41:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.10.09 13:17:13 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.10.09 13:11:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2010.10.09 13:08:03 | 000,005,627 | R--- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2010.10.09 13:08:03 | 000,000,039 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2010.10.09 12:58:40 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010.10.09 12:58:37 | 000,017,228 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.10.09 12:58:32 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.10.09 12:57:03 | 000,200,704 | R--- | C] () -- C:\WINDOWS\System32\sw20.exe
[2010.10.09 12:57:03 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\WinSys.exe
[2010.10.09 12:57:03 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\sw24.exe
[2010.10.09 12:57:03 | 000,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2010.10.09 12:57:03 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2010.10.09 12:42:58 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.10.09 12:38:44 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

========== LOP Check ==========

[2012.06.02 07:48:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2012.06.02 07:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET(2)
[2011.07.02 15:57:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SlySoft
[2012.06.17 13:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SmartSound Software Inc
[2011.11.27 08:53:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Thomson.ResearchSoft.Installers
[2011.02.13 17:46:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2012.06.17 13:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
[2011.02.13 17:44:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2012.06.17 13:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\avidemux
[2012.05.08 11:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Broad Intelligence
[2011.01.15 13:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\CheckPoint
[2011.11.27 08:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\EndNote
[2010.10.23 10:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\EPSON
[2012.06.02 07:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\ESET
[2012.03.25 11:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\HTC
[2012.06.10 08:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.11.20 09:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\ioffline.81FA133F75F33E2D63625F7A6A37BDA4DE3C1E7E.1
[2012.05.20 09:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Jpeg Resampler
[2011.10.29 19:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Opera
[2010.10.26 05:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\pdfforge
[2012.01.25 18:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Scribus
[2012.08.04 07:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Search Settings
[2010.11.23 20:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\SecondLife
[2010.10.09 19:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Sony
[2010.10.09 19:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Sony Setup
[2010.10.09 14:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Thunderbird
[2010.12.05 13:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Topaz Moment
[2011.02.13 17:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\TuneUp Software
[2012.06.17 13:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Ulead Systems
[2012.07.12 08:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Vso
[2012.06.23 11:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\wtxpcom
[2012.05.21 06:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\XnView
[2011.02.21 08:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\TuneUp Software

========== Purity Check ==========



========== Custom Scans ==========

< >

< >

< MD5 for: ATAPI.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.10.10 13:10:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.10.10 13:10:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2006.03.02 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe

< MD5 for: CDROM.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010.10.10 13:10:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010.10.10 13:10:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: HAL.DLL >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.10.10 13:10:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.10.10 13:10:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: SCECLI.DLL >
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< >

< %systemroot%*.* /U /s >
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[25 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[3 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\746a98e6520fe8b41327074fff338b32\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\746a98e6520fe8b41327074fff338b32\*.tmp -> ]
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[15 C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\*.tmp -> ]
[51 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.01.21 09:44:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Adobe
[2012.06.17 13:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\avidemux
[2012.06.17 14:00:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\AVS4YOU
[2012.05.08 11:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Broad Intelligence
[2011.01.15 13:00:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\CheckPoint
[2010.12.18 19:10:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\CyberLink
[2011.11.27 08:55:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\EndNote
[2010.10.23 10:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\EPSON
[2012.06.02 07:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\ESET
[2010.11.11 07:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\FastStone
[2011.07.17 21:25:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Help
[2012.03.25 11:08:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\HTC
[2012.06.10 08:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010.10.09 12:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Identities
[2012.07.02 11:32:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\InstallShield
[2011.11.20 09:26:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\ioffline.81FA133F75F33E2D63625F7A6A37BDA4DE3C1E7E.1
[2012.05.20 09:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Jpeg Resampler
[2010.10.09 13:58:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Macromedia
[2012.05.08 17:34:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Media Player Classic
[2011.07.02 16:05:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\PC\Data aplikací\Microsoft
[2010.10.09 13:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Mozilla
[2011.10.29 19:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Opera
[2010.10.26 05:36:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\pdfforge
[2012.07.19 08:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\PSpad
[2012.01.25 18:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Scribus
[2012.08.04 07:17:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Search Settings
[2010.11.23 20:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\SecondLife
[2010.10.09 19:49:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Sony
[2010.10.09 19:09:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Sony Setup
[2011.02.11 09:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Sun
[2010.10.09 14:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Thunderbird
[2010.12.05 13:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Topaz Moment
[2011.02.13 17:45:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\TuneUp Software
[2012.06.17 13:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Ulead Systems
[2012.07.12 08:29:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\Vso
[2010.10.10 06:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\WinRAR
[2012.06.23 11:07:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\wtxpcom
[2012.05.21 06:59:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PC\Data aplikací\XnView

< %APPDATA%\*.exe /s >
[2010.10.09 15:03:50 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\PC\Data aplikací\ezpinst.exe
[2010.10.09 15:04:38 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\PC\Data aplikací\inst.exe
[2012.06.10 08:05:14 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\PC\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.11.29 11:42:56 | 000,039,200 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlus_registrar.exe
[2010.11.29 11:42:56 | 000,039,200 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\extensions\nostmp\content\getPlus_registrar.exe
[2011.11.22 22:27:40 | 000,598,016 | ---- | M] () -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\pdfinfo-Win32.exe
[2011.11.22 22:27:38 | 000,593,920 | ---- | M] () -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\pdftotext-Win32.exe
[2010.10.09 19:09:14 | 023,510,720 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\PC\Data aplikací\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >
[2012.08.05 10:23:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010.10.09 14:31:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.10.09 14:31:02 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.10.09 14:31:02 | 000,471,040 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.08.04 08:23:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerApp.exe
[2012.08.04 08:23:09 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
[2012.08.04 08:23:07 | 009,827,016 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerInstaller.exe
[2012.08.05 21:12:00 | 000,001,060 | ---- | M] () -- C:\WINDOWS\system32\nmp.log
[2012.08.04 07:16:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2012.08.05 21:07:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\_nvidia_xxx_.log
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012.07.18 12:47:04 | 000,913,888 | ---- | M] (Mozilla Corporation) MD5=3F677172F23FC17283D9BCE4B42E3F65 -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.03.08 15:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.08.05 21:13:36 | 000,000,512 | ---- | M] () MD5=678CD24C284A5F9B96DD94EA3D0DE4BB -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2012.06.17 14:29:07 | 000,001,021 | ---- | M] () -- \Documents and Settings\All Users\Nabídka Start\Programy\AVS4YOU\Video\AVS Video Uploader.lnk
[2012.05.31 14:39:51 | 000,000,536 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\4FW354MR\ajax-loader-tiny.gif
[2012.05.31 14:39:51 | 000,003,208 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\4FW354MR\ajax-loader.gif
[2012.02.16 09:56:07 | 000,000,224 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\6A92RMKV\loader.js
[2012.03.22 09:27:39 | 000,005,206 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\7CMH6BDT\loader.js
[2012.02.29 10:24:11 | 000,004,487 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\7CU8PX8U\advert.advantage.reloader.js
[2012.02.23 16:24:23 | 000,000,584 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\7EWJ2TKK\mootree_loader.gif
[2012.02.20 11:10:30 | 000,000,536 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\7QFP9G4G\ajax-loader-tiny.gif
[2012.02.20 11:10:30 | 000,003,208 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\7QFP9G4G\ajax-loader.gif
[2011.11.23 18:42:09 | 000,001,282 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\9FT6T9MZ\@22ajax-loader.gif@22
[2012.05.28 17:51:22 | 000,000,211 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\A8DTA3NJ\loader.gif
[2012.02.16 09:56:05 | 000,000,224 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\B9I57HTV\loader.js
[2011.11.23 18:40:06 | 000,001,282 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\BH9XTFUP\@22ajax-loader.gif@22
[2012.03.22 09:25:57 | 000,006,111 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\E9MCFD2I\site_preloader_black.gif
[2012.02.24 13:58:50 | 000,001,849 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\G4EHS7ZH\button_loader.gif
[2011.11.22 22:13:02 | 000,001,282 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\GHS9CN9N\@22ajax-loader.gif@22
[2012.02.20 13:12:57 | 000,000,584 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\J38I4D7I\mootree_loader.gif
[2012.02.16 13:27:28 | 000,000,536 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\JCZPHKJX\ajax-loader-tiny.gif
[2012.02.16 13:27:27 | 000,003,208 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\JCZPHKJX\ajax-loader.gif
[2011.12.02 15:55:40 | 000,001,282 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\JQF8ADGS\@22ajax-loader.gif@22
[2012.01.25 20:23:50 | 000,001,282 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\NCHTBHHK\@22ajax-loader.gif@22
[2011.11.22 22:12:44 | 000,001,282 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\NSR4ND3T\@22ajax-loader.gif@22
[2012.03.02 12:04:42 | 000,000,536 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\PE9IVFJX\ajax-loader-tiny.gif
[2012.03.02 12:04:42 | 000,003,208 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\PE9IVFJX\ajax-loader.gif
[2012.02.13 10:18:31 | 000,001,849 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\S6TFAZKD\ajax-loader.gif
[2012.06.11 11:23:40 | 000,001,849 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\VV4R6XSI\ajax-loader.gif
[2011.11.18 21:31:19 | 000,001,282 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\W94IUTJE\@22ajax-loader.gif@22
[2011.11.22 23:09:44 | 000,003,208 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\ZRIDQMG4\ajax-loader.gif
[2011.11.23 18:41:07 | 000,001,282 | ---- | M] () -- \Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\zotero\storage\ZTW46CIR\@22ajax-loader.gif@22
[2012.07.10 08:09:01 | 000,000,708 | ---- | M] () -- \Documents and Settings\PC\Recent\Alois.Nebel-DVDRip.CZ.by.Zalud.of.PowerUploaders.avi.lnk
[2012.06.17 14:29:06 | 000,001,015 | ---- | M] () -- \Documents and Settings\PC\SendTo\AVS Mobile Uploader.lnk
[2012.06.17 14:29:07 | 000,001,003 | ---- | M] () -- \Documents and Settings\PC\SendTo\AVS Video Uploader.lnk
[2005.03.16 20:16:50 | 000,113,664 | ---- | M] () -- \Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2011.09.02 17:54:20 | 005,107,560 | ---- | M] () -- \Program Files\Common Files\AVSMedia\MobileUploader\AVSMobileUploader.exe
[2011.07.20 20:03:44 | 000,081,420 | ---- | M] () -- \Program Files\Common Files\AVSMedia\MobileUploader\AVSMobileUploader.sil
[2011.09.02 11:29:56 | 004,313,448 | ---- | M] () -- \Program Files\Common Files\AVSMedia\VideoUploader\AVSVideoUploader.exe
[2011.09.01 17:54:12 | 000,038,075 | ---- | M] () -- \Program Files\Common Files\AVSMedia\VideoUploader\AVSVideoUploader.sib
[2012.04.17 15:05:00 | 000,651,264 | ---- | M] () -- \Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
[2012.04.17 15:05:00 | 000,000,151 | ---- | M] () -- \Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.ini
[2008.12.06 18:13:52 | 000,001,070 | ---- | M] () -- \Program Files\MediaCoder\extensions\_include\loader.html
[2009.09.24 16:01:20 | 000,278,528 | ---- | M] () -- \Program Files\Movavi Video Converter 8\PSPUploader.exe
[2009.09.24 16:01:20 | 000,278,528 | ---- | M] () -- \Program Files\Movavi Video Converter 8\PSPUploaderde.exe
[2009.09.24 16:01:20 | 000,278,528 | ---- | M] () -- \Program Files\Movavi Video Converter 8\PSPUploaderes.exe
[2009.09.24 16:01:20 | 000,360,448 | ---- | M] () -- \Program Files\Movavi Video Converter 8\PSPUploaderfr.exe
[2009.09.24 16:01:20 | 000,278,528 | ---- | M] () -- \Program Files\Movavi Video Converter 8\PSPUploaderit.exe
[2009.09.24 16:01:20 | 000,278,528 | ---- | M] () -- \Program Files\Movavi Video Converter 8\PSPUploaderjp.exe
[2008.04.14 05:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 20:31:47 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 20:31:48 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 05:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[8 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]

< End of report >

Extras.txt

Napsal: 05 srp 2012 20:47
od zach
OTL Extras logfile created on: 5.8.2012 21:37:41 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\PC\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 64,17% Memory free
3,85 Gb Paging File | 3,13 Gb Available in Paging File | 81,26% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 161,95 Gb Free Space | 54,33% Space Free | Partition Type: NTFS
Drive E: | 74,52 Gb Total Space | 12,34 Gb Free Space | 16,55% Space Free | Partition Type: NTFS
Drive F: | 955,73 Mb Total Space | 928,09 Mb Free Space | 97,11% Space Free | Partition Type: FAT

Computer Name: JI-BC721C609DBC | User Name: PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Prozkoumat v XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\QIP\qip.exe" = C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe:*:Enabled:Kaspersky Anti-Virus
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Disabled:Winamp -- (Nullsoft, Inc.)
"C:\Program Files\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe" = C:\Program Files\ASUS\RT-N10 Wireless Router Utilities\Discovery.exe:*:Enabled:ASUS Device Discovery Application -- (ASUSTeK COMPUTER INC.)
"C:\Program Files\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe" = C:\Program Files\ASUS\RT-N10 Wireless Router Utilities\Rescue.exe:*:Enabled:ASUS Firmware Restoration Application -- (ASUSTek COMPUTER INC.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{11178BF5-D5F0-4749-ACE4-EF46ADB38D65}" = ASUS RT-N10 Wireless Router Utilities
"{150493B7-B59F-C677-F3AD-67C7E97CAAAF}" = Adobe Help Viewer 2
"{172423F9-522A-483A-AD65-03600CE4CA4F}" = Microsoft Works 6-9 Converter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1DFE388B-6FD3-4230-A47B-393AEA68C01D}" = EndNote Web
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{2511D82C-2688-41C2-ABF8-AF237795989B}" = pdfforge Toolbar v6.2
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{2B6F6771-46DA-4DEB-B738-E809A81B17F7}" = Adobe Setup
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6E93D44A-870D-823C-F0B2-09D96E8DE87B}" = Adobe Captivate Reviewer 1.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.3.4.107
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7B1AF68B-4606-4152-9991-1E9D4FF5F0FA}" = Microsoft Antimalware Service CS-CZ Language Pack
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A62392EE-03CB-4FA8-8E79-B5F95A346FB3}" = Kontrola české gramatiky pro sadu Microsoft Office 2003
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-1029-0000-7760-000000000003}" = Adobe Acrobat 8 Professional - Czech, Greek, Hungarian, Polish, Slovak
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B0AC53AC-0BE0-4E18-B2FE-0D88040AA56B}" = ESET Smart Security
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F00367CA-4E3F-4646-818A-02478313B6E6}" = Movavi Video Converter 8
"{F86B6D9F-FA9A-4164-A66A-EAFF7C067272}_is1" = Sothink Video Encoder for Adobe Flash
"Adobe Acrobat 8 Professional - Czech, Greek, Hungarian, Polish, Slovak" = Adobe Acrobat 8 Professional - Czech, Greek, Hungarian, Polish, Slovak
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe_1e92effc954e788ad49a56b24f4bcf1" = Adobe Captivate 4
"Allok MOV Converter_is1" = Allok MOV Converter 4.4.0725
"Ant Movie Catalog_is1" = Ant Movie Catalog
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"AviSynth" = AviSynth 2.5
"AVS Screen Capture_is1" = AVS Screen Capture version 2.0.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor_is1" = AVS Video Editor 6
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"DiskBase 5" = DiskBase 5
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"FastStone Capture" = FastStone Capture 5.3
"ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
"FormatFactory" = FormatFactory 2.95
"ie8" = Windows Internet Explorer 8
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"JpegResampler2010_is1" = Jpeg Resampler Vs 6+
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.6.6
"MediaCoder" = MediaCoder 2011
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 14.0.1 (x86 cs)" = Mozilla Firefox 14.0.1 (x86 cs)
"Mozilla Thunderbird 14.0 (x86 cs)" = Mozilla Thunderbird 14.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PSPad editor_is1" = PSPad editor
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"RADVideo" = RAD Video Tools
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SubRip" = SubRip 1.10 (remove only)
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Wincmd" = Windows Commander (Remove or Repair)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR 4.01 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.97.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8097
"Winamp Detect" = Winamp Detector Plug-in
"Zipeg" = Zipeg

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 3.6.2012 3:24:05 | Computer Name = JI-BC721C609DBC | Source = LoadPerf | ID = 3011
Description = Nezdařilo se uvolnění řetězců čítače výkonu pro WmiApRpl (WmiApRpl).
Kód chyby je v první hodnotě DWORD v datové oblasti.

Error - 3.6.2012 3:24:08 | Computer Name = JI-BC721C609DBC | Source = LoadPerf | ID = 3001
Description = Hodnota řetězce názvu čítače výkonu v registru je nesprávně naformátovaná.
Neplatný řetězec 13734, hodnota neplatného indexu je v prvním bajtu DWORD v datové
části. Poslední platná hodnota indexu je v druhém a třetím bajtu DWORD v datové
oblasti.

Error - 3.6.2012 5:34:52 | Computer Name = JI-BC721C609DBC | Source = Application Error | ID = 1000
Description = Chybující aplikace acrobat.exe, verze 8.0.0.456, chybující modul icuuc34.dll,
verze 3.4.0.0, adresa chyby 0x0000eba3.

Error - 9.6.2012 9:02:44 | Computer Name = JI-BC721C609DBC | Source = Application Error | ID = 1000
Description = Chybující aplikace pci_us_smartrecovery.exe, verze 7.1.100.1248, chybující
modul pci_us_smartrecovery.exe, verze 7.1.100.1248, adresa chyby 0x00002194.

Error - 9.6.2012 9:02:51 | Computer Name = JI-BC721C609DBC | Source = Application Error | ID = 1000
Description = Chybující aplikace pci_us_smartrecovery.exe, verze 7.1.100.1248, chybující
modul pci_us_smartrecovery.exe, verze 7.1.100.1248, adresa chyby 0x00002194.

Error - 17.6.2012 7:52:04 | Computer Name = JI-BC721C609DBC | Source = Application Error | ID = 1000
Description = Chybující aplikace vstudio.exe, verze 10.0.0.0, chybující modul coreaudiotoolbox.dll,
verze 7.9.2.0, adresa chyby 0x00273469.

Error - 17.6.2012 12:11:48 | Computer Name = JI-BC721C609DBC | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
unknown, verze 0.0.0.0, adresa chyby 0x0549ceb0.

Error - 3.7.2012 5:37:01 | Computer Name = JI-BC721C609DBC | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace WINWORD.EXE, verze 11.0.8345.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

[ System Events ]
Error - 2.7.2012 5:15:44 | Computer Name = JI-BC721C609DBC | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.2.101 pro síťovou kartu s adresou 0015F2416DC9
byla serverem DHCP 192.168.1.1 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 2.7.2012 5:35:22 | Computer Name = JI-BC721C609DBC | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.1.2 pro síťovou kartu s adresou 0015F2416DC9
byla serverem DHCP 192.168.1.1 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 2.7.2012 5:40:46 | Computer Name = JI-BC721C609DBC | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.1.2 pro síťovou kartu s adresou 0015F2416DC9
byla serverem DHCP 192.168.1.1 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 2.7.2012 7:30:14 | Computer Name = JI-BC721C609DBC | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.1.2 pro síťovou kartu s adresou 0015F2416DC9
byla serverem DHCP 192.168.1.1 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 3.7.2012 2:13:19 | Computer Name = JI-BC721C609DBC | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.1.3 pro síťovou kartu s adresou 0015F2416DC9
byla serverem DHCP 192.168.1.1 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 15.7.2012 6:42:12 | Computer Name = JI-BC721C609DBC | Source = Service Control Manager | ID = 7034
Description = Služba Načítání obrázků (WIA) byla neočekávaně ukončena. Tento stav
nastal již 1krát.

Error - 15.7.2012 6:42:15 | Computer Name = JI-BC721C609DBC | Source = Service Control Manager | ID = 7031
Description = Služba Spouštěč procesů serveru DCOM byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat
počítač.

Error - 15.7.2012 6:42:15 | Computer Name = JI-BC721C609DBC | Source = Service Control Manager | ID = 7034
Description = Služba Terminálová služba byla neočekávaně ukončena. Tento stav nastal
již 1krát.


< End of report >

Re: Okno s hlášením o infiltraci "Win32/Toolbar.Widgi"

Napsal: 06 srp 2012 06:13
od vyosek
:arrow: Spustte znovu OTL
  • Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

  • Kód: Vybrat vše

    :otl
SRV - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\INSTALL\GMSIPCI.SYS -- (GMSIPCI)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\..\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}: "URL" = http://search.qip.ru/search?query={searchTerms}&from=IE
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2645238
IE - HKU\S-1-5-21-1417001333-823518204-682003330-1004\..\SearchScopes\{B7A35CC3-1C5C-4A6C-92D8-518D660BF97F}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =302398&p={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.9
FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.0b1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
[2011.02.10 20:48:08 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\searchplugins\qip-search.xml
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PC\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\PRA0233D.DEFAULT\EXTENSIONS\ZOTERO@CHNM.GMU.EDU
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\PC\DATA APLIKACĂ­\MOZILLA\FIREFOX\PROFILES\PRA0233D.DEFAULT\EXTENSIONS\ZOTEROWINWORDINTEGRATION@ZOTERO.ORG
[2012.08.05 21:07:47 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.08.04 07:17:57 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O33 - MountPoints2\{b56c94df-d397-11df-afb7-806d6172696f}\Shell - "" = AutoRun
[2012.08.04 07:17:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\PC\Data aplikací\Search Settings
[2012.08.04 07:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.08.04 07:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.08.04 07:17:40 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[25 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[3 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\746a98e6520fe8b41327074fff338b32\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\746a98e6520fe8b41327074fff338b32\*.tmp -> ]
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[15 C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\*.tmp -> ]
[2012.08.05 10:23:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"P17Helper"=-
"Adobe Reader Speed Launcher"=-
"Acrobat Assistant 8.0"=-
"SunJavaUpdateSched"=-
"KernelFaultCheck"=-
""=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2511D82C-2688-41C2-ABF8-AF237795989B}"=-

:files
 C:\Program Files\pdfforge Toolbar
C:\Program Files\Application Updater
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Acrobat Speed Launcher.lnk - C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Acrobat Synchronizer.lnk
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]
  • Nasledne kliknete na Opravit
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: Okno s hlášením o infiltraci "Win32/Toolbar.Widgi"

Napsal: 06 srp 2012 16:38
od zach
Používám Win XP

All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Service lbrtfdc stopped successfully!
Service lbrtfdc deleted successfully!
Service i2omgmt stopped successfully!
Service i2omgmt deleted successfully!
Service Changer stopped successfully!
Service Changer deleted successfully!
Service GMSIPCI stopped successfully!
Service GMSIPCI deleted successfully!
File D:\INSTALL\GMSIPCI.SYS not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1417001333-823518204-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1417001333-823518204-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1417001333-823518204-682003330-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll moved successfully.
HKEY_USERS\S-1-5-21-1417001333-823518204-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1417001333-823518204-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1417001333-823518204-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ not found.
Registry key HKEY_USERS\S-1-5-21-1417001333-823518204-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-1417001333-823518204-682003330-1004\Software\Microsoft\Internet Explorer\SearchScopes\{B7A35CC3-1C5C-4A6C-92D8-518D660BF97F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7A35CC3-1C5C-4A6C-92D8-518D660BF97F}\ not found.
Prefs.js: "QIP Search" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=302398&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: zotero@chnm.gmu.edu:2.0.9 removed from extensions.enabledItems
Prefs.js: zoteroWinWordIntegration@zotero.org:3.0b1 removed from extensions.enabledItems
Prefs.js: "http://search.yahoo.com/search?fr=green ... =302398&p=" removed from keyword.URL
C:\Documents and Settings\PC\Data aplikací\Mozilla\Firefox\Profiles\pra0233d.default\searchplugins\qip-search.xml moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\chrome\content folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\chrome folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b56c94df-d397-11df-afb7-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b56c94df-d397-11df-afb7-806d6172696f}\ not found.
C:\Documents and Settings\PC\Data aplikací\Search Settings\temp folder moved successfully.
C:\Documents and Settings\PC\Data aplikací\Search Settings\res folder moved successfully.
C:\Documents and Settings\PC\Data aplikací\Search Settings folder moved successfully.
C:\Program Files\Application Updater folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings\Lang folder moved successfully.
C:\Program Files\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files\Common Files\Spigot folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE\6.2 folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files\pdfforge Toolbar folder moved successfully.
C:\WINDOWS\002789_.tmp deleted successfully.
C:\WINDOWS\SET21.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1353.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1361.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13B2.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP13D0.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1415.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP142.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP19.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP19C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1A9.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1B6.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EF.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1FE.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP239.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24D.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP26B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP28E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP291.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A0.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP37.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP411.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP44.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP55B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP622.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI10.tmp deleted successfully.
C:\WINDOWS\Installer\MSI13.tmp deleted successfully.
C:\WINDOWS\Installer\MSI19.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\746a98e6520fe8b41327074fff338b32\BIT2A.tmp deleted successfully.
C:\WINDOWS\system32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\SETDB.tmp deleted successfully.
C:\WINDOWS\system32\SETE0.tmp deleted successfully.
C:\WINDOWS\system32\SETE7.tmp deleted successfully.
C:\WINDOWS\system32\SETF0.tmp deleted successfully.
C:\WINDOWS\system32\SETF1.tmp deleted successfully.
C:\WINDOWS\system32\SETF2.tmp deleted successfully.
C:\WINDOWS\system32\SETF5.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt10.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt11.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt17.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt24.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt3B.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt5.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt6.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt9.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt90.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wtA.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wtB.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wtC.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wtD.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wtE.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wtF.tmp deleted successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\P17Helper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acrobat Assistant 8.0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{2511D82C-2688-41C2-ABF8-AF237795989B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2511D82C-2688-41C2-ABF8-AF237795989B}\ not found.
========== FILES ==========
File\Folder C:\Program Files\pdfforge Toolbar not found.
File\Folder C:\Program Files\Application Updater not found.
File\Folder C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Acrobat Speed Launcher.lnk - C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Acrobat Synchronizer.lnk not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: PC
->Temp folder emptied: 1421108263 bytes
->Temporary Internet Files folder emptied: 3765092 bytes
->Java cache emptied: 2023 bytes
->FireFox cache emptied: 102035296 bytes
->Flash cache emptied: 112498 bytes

User: LocalService
->Temp folder emptied: 2049992 bytes
->Temporary Internet Files folder emptied: 33566 bytes

User: NetworkService
->Temp folder emptied: 3100842 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 34853521 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 73486686 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 565,00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: PC
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: PC
->Java cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08062012_173142

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Re: Okno s hlášením o infiltraci "Win32/Toolbar.Widgi"

Napsal: 06 srp 2012 18:46
od vyosek
Jak se chova nas pacient, ESET stale krici?

Re: Okno s hlášením o infiltraci "Win32/Toolbar.Widgi"

Napsal: 06 srp 2012 20:38
od zach
Od spuštění uběhlo cca 10 minut a zatím je v klidu, tak snad to pomohlo. Moc děkuji za pomoc. Můžete mi, prosím, napsat, v čem byl problém /lze-li to nějak stručně a pro laika popsat, abych Vás více nezdržoval/?

Re: Okno s hlášením o infiltraci "Win32/Toolbar.Widgi"

Napsal: 07 srp 2012 07:58
od vyosek
:arrow: Nainstaloval se vam tam adware Spigot - nezadouci reklamni software, ktery se vydava za uzitecny - proto jej ESET oznacil za malware

:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|

Re: Okno s hlášením o infiltraci "Win32/Toolbar.Widgi"

Napsal: 09 srp 2012 12:59
od zach
Moc děkuji za pomoc.

Re: Okno s hlášením o infiltraci "Win32/Toolbar.Widgi"

Napsal: 09 srp 2012 14:13
od vyosek
Nemate zac, rad jsem pomohl :worship: Zase nekdy Obrázek
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz