Prosím o kontrolu logu a radu s odstraněním Babylonu, atd.

Zpráva

Kurtik21 · #1 Příspěvek od **Kurtik21** » 27 lis 2012 10:51

Dobrý den,
dostal se mi do rukou PC, kde nejde ani IE (po spuštění hned zamrzá).
Můžete zkontrolovat log a poradit, kde začít? Díky!

Logfile of random's system information tool 1.09 (written by random/random)
Run by Peckovi at 2012-11-27 10:43:18
Microsoft Windows 7 Home Premium
System drive C: has 184 GB (77%) free of 238 GB
Total RAM: 2038 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:43:25, on 27.11.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Windows\system32\taskeng.exe
C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
C:\Program Files\YourFileDownloader\YourFileUpdater.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Zwinky_5q\bar\1.bin\5qbrmon.exe
C:\Program Files\SiteRanker\SiteRankTray.exe
C:\Program Files\PCPowerSpeed\PCPowerTray.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\RebateInformer\RebateInf.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
E:\RSIT.exe
C:\Program Files\trend micro\Peckovi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www2.inbox.com/search/dispatcher ... &%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=116775 ... 2421aadebc
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... 546&lng=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80546
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... 546&lng=cs
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80546
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
R3 - URLSearchHook: (no name) - {cc2e2b99-14d3-4516-883c-9ea147f594ef} - C:\Program Files\Zwinky_5q\bar\1.bin\5qSrcAs.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Toolbar BHO - {27488090-768a-4d20-a938-f223f71c344c} - C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbar.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Search Assistant BHO - {bd3ea7c2-3af8-4463-9a9c-6eb8e136cb02} - C:\Program Files\Zwinky_5q\bar\1.bin\5qSrcAs.dll
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~1\REBATE~1\RebateI.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Skinner - {d6451db9-67e1-4ca3-bfba-4d77fface17f} - C:\Program Files\FBSkiny.com\adxloader.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O3 - Toolbar: Zwinky - {3033124f-06bf-4829-873a-310a125b4d4c} - C:\Program Files\Zwinky_5q\bar\1.bin\5qbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Zwinky Search Scope Monitor] "C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [Zwinky_5q Browser Plugin Loader] C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbrmon.exe
O4 - HKLM\..\Run: [SiteRanker] "C:\Program Files\SiteRanker\SiteRankTray.exe"
O4 - HKLM\..\Run: [PCPowerSpeed] "C:\Program Files\PCPowerSpeed\PCPowerTray.exe" /startup
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [RMAlert] "C:\Program Files\PC Tools Registry Mechanic\Alert.exe" /PRODUCT=RM /R
O4 - HKCU\..\Run: [RebateInformer] C:\PROGRA~1\REBATE~1\REBATE~1.EXE /STARTUP
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Peckovi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: rebinfo - {AF808758-C780-404C-A4EE-4526323FD9B6} - C:\PROGRA~1\REBATE~1\RebateI.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SkinnerUpdater (SkinnerUpdateService) - Unknown owner - C:\Program Files\FBSkiny.com\SkinnerService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: ZwinkyService (Zwinky_5qService) - COMPANYVERS_NAME - C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbarsvc.exe

--
End of file - 11661 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4240907446-1380477899-2191812811-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4240907446-1380477899-2191812811-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for Peckovi.job
C:\Windows\tasks\RMAutoUpdate.job
C:\Windows\tasks\RMSchedule.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
C:\PROGRA~1\SITERA~1\SiteRank.dll [2012-05-15 342272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27488090-768a-4d20-a938-f223f71c344c}]
Toolbar BHO - C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbar.dll [2012-05-11 693648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll [2011-08-14 270960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
AppGraffiti - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL [2012-10-26 271080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-22 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02 4296864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll [2012-08-11 1002992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bd3ea7c2-3af8-4463-9a9c-6eb8e136cb02}]
Search Assistant BHO - C:\Program Files\Zwinky_5q\bar\1.bin\5qSrcAs.dll [2012-05-11 66960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
C:\PROGRA~1\REBATE~1\RebateI.dll [2012-05-04 832680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11 1307728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d6451db9-67e1-4ca3-bfba-4d77fface17f}]
Skinner - C:\Program Files\FBSkiny.com\adxloader.dll [2012-04-20 479232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D0F4A166-B8D4-48b8-9D63-80849FE137CB}
{3033124f-06bf-4829-873a-310a125b4d4c} - Zwinky - C:\Program Files\Zwinky_5q\bar\1.bin\5qbar.dll [2012-05-11 693648]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11 1307728]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-22 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-12-02 74752]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
"Zwinky Search Scope Monitor"=C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe [2012-05-11 42552]
"Zwinky_5q Browser Plugin Loader"=C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbrmon.exe [2012-05-11 30096]
"SiteRanker"=C:\Program Files\SiteRanker\SiteRankTray.exe [2012-05-15 320000]
"PCPowerSpeed"=C:\Program Files\PCPowerSpeed\PCPowerTray.exe [2012-03-28 385664]
"SSDMonitor"=C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2012-04-26 103896]
"RMAlert"=C:\Program Files\PC Tools Registry Mechanic\Alert.exe [2012-04-26 1318872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RebateInformer"=C:\PROGRA~1\REBATE~1\REBATE~1.EXE [2012-08-02 1333760]
"Facebook Update"=C:\Users\Peckovi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-28 138096]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=yv12vfw.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-11-27 10:43:19 ----D---- C:\Program Files\trend micro
2012-11-27 10:43:18 ----D---- C:\rsit

======List of files/folders modified in the last 1 month======

2012-11-27 10:43:19 ----RD---- C:\Program Files
2012-11-27 10:42:45 ----D---- C:\Windows\Temp
2012-11-27 10:42:09 ----AD---- C:\ProgramData\TEMP
2012-11-27 10:42:05 ----D---- C:\Program Files\PC Tools Registry Mechanic
2012-11-27 10:42:00 ----D---- C:\Windows\system32\Tasks
2012-11-27 10:41:06 ----SHD---- C:\Windows\Installer
2012-11-27 10:34:34 ----HD---- C:\Config.Msi
2012-11-27 10:34:33 ----D---- C:\Program Files\Ask.com
2012-11-27 10:33:59 ----D---- C:\Program Files\RebateInformer
2012-11-27 10:16:16 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-11-27 10:10:30 ----D---- C:\Program Files\SiteRanker
2012-11-27 10:08:41 ----D---- C:\Windows\inf
2012-11-26 19:00:05 ----D---- C:\Windows\System32
2012-11-24 22:26:35 ----D---- C:\Program Files\AppGraffiti
2012-11-24 22:24:42 ----D---- C:\Windows\Tasks
2012-11-24 22:24:42 ----D---- C:\Windows\system32\wfp
2012-11-24 22:24:40 ----D---- C:\Windows\system32\wbem
2012-11-24 22:24:40 ----D---- C:\Windows
2012-11-24 22:24:12 ----D---- C:\Windows\system32\config
2012-11-24 22:24:08 ----D---- C:\Windows\system32\DriverStore
2012-11-24 22:24:08 ----D---- C:\Windows\system32\catroot2
2012-11-24 22:24:00 ----D---- C:\Windows\registration
2012-11-20 07:32:49 ----D---- C:\Windows\Prefetch
2012-11-18 19:00:22 ----SHD---- C:\System Volume Information
2012-11-18 18:47:39 ----D---- C:\Users\Peckovi\AppData\Roaming\Skype
2012-11-17 20:12:20 ----D---- C:\Program Files\Google
2012-11-17 17:52:10 ----SD---- C:\Users\Peckovi\AppData\Roaming\Microsoft
2012-11-17 16:48:27 ----D---- C:\Windows\Logs
2012-11-17 15:47:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-10-30 23:50:59 ----A---- C:\Windows\system32\aswBoot.exe
2012-10-29 19:15:37 ----D---- C:\Users\Peckovi\AppData\Roaming\ICQ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-10-15 44784]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-10-30 54232]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 Browser Manager;Browser Manager; C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-10-11 2312216]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2; C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2012-06-25 184848]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-04-26 793048]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SkinnerUpdateService;SkinnerUpdater; C:\Program Files\FBSkiny.com\SkinnerService.exe [2012-04-20 9216]
R2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-05-03 158856]
R2 Zwinky_5qService;ZwinkyService; C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbarsvc.exe [2012-05-11 42528]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-29 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-29 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-11 194032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 27 lis 2012 10:55

Zdravim

Nedavejte logy do code, spatne se to cte.

Kurtik21 píše:dostal se mi do rukou PC

Ci je to tedy pc?

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner a ulozte ho na plochu.
Ukoncete vsechny programy, jinak to AdwCleaner udela za vas.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Kliknete na Search a program zacne pracovat.
Az skonci, vyplivne na vas log (pokud ne, najdete ho zde C:\AdwCleaner[R?].txt ), ten mi sem zkopirujte.

Kurtik21 · #3 Příspěvek od **Kurtik21** » 27 lis 2012 11:46

Pardon, já věděl, že zas udělám něco špatně.

Tak bez tagů:

# AdwCleaner v2.009 - Logfile created 11/27/2012 at 11:44:07
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : Peckovi - PECKOVI-PC
# Boot Mode : Normal
# Running from : C:\Users\Peckovi\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

Found : Browser Manager

***** [Files / Folders] *****

Folder Found : C:\Program Files\AppGraffiti
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\BabylonToolbar
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Inbox.com
Folder Found : C:\Program Files\RebateInformer
Folder Found : C:\Program Files\yourfiledownloader
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer
Folder Found : C:\Users\Peckovi\AppData\Local\APN
Folder Found : C:\Users\Peckovi\AppData\Local\Conduit
Folder Found : C:\Users\Peckovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fibbpolejomdcpiahkgcmdmaliooeien
Folder Found : C:\Users\Peckovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Found : C:\Users\Peckovi\AppData\Local\Temp\AskSearch
Folder Found : C:\Users\Peckovi\AppData\Local\Temp\BabylonToolbar
Folder Found : C:\Users\Peckovi\AppData\LocalLow\AppGraffiti
Folder Found : C:\Users\Peckovi\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Peckovi\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Peckovi\AppData\LocalLow\Conduit
Folder Found : C:\Users\Peckovi\AppData\LocalLow\RebateInformer
Folder Found : C:\Users\Peckovi\AppData\Roaming\Babylon
Folder Found : C:\Users\Peckovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Found : C:\Users\Peckovi\AppData\Roaming\OpenCandy
Folder Found : C:\Users\Peckovi\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppGraffiti
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\CToolbar
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKLM\Software\AppGraffiti
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Key Found : HKLM\SOFTWARE\Classes\CShared.TB4Client
Key Found : HKLM\SOFTWARE\Classes\CShared.TB4Script
Key Found : HKLM\SOFTWARE\Classes\CShared.TB4Server
Key Found : HKLM\SOFTWARE\Classes\CShared.TB4Server2
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\rebinfo
Key Found : HKLM\SOFTWARE\Classes\RebateI.Rebate Informer BHO
Key Found : HKLM\SOFTWARE\Classes\RebateI.RebateInformImageGen
Key Found : HKLM\SOFTWARE\Classes\RebateInf.RebateInfObj
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\CToolbar
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [RebateInformer]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=116775&tt=4312_2&babsrc=HP_ss&mntrId=80f089f6000000000000002421aadebc
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.babylon.com/?affID=116775&tt=4312_2&babsrc=HP_ss&mntrId=80f089f6000000000000002421aadebc
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=116775&tt=4312_2&babsrc=NT_ss&mntrId=80f089f6000000000000002421aadebc
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80546&lng=cs
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80546
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80546&lng=cs
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80546

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Peckovi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7638 octets] - [27/11/2012 11:44:07]

########## EOF - C:\AdwCleaner[R1].txt - [7698 octets] ##########

#4 Příspěvek od **Márty84** » 27 lis 2012 12:25

A ci je tedy ten pocitac? Nemate doufam servis, nebo tak neco

Znovu ukoncete vsechny programy a spustte AdwCleaner jako spravce.
Tentokrat kliknete na Delete
Program zacne pracovat (muze dojit k restartu pc) a vyplivne dalsi log (pripadne bude zde C:\AdwCleaner [S1].txt ). Ten mi sem zase zkopirujte.

Udelejte !!!uplnou!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Kurtik21 · #5 Příspěvek od **Kurtik21** » 27 lis 2012 12:50

Není to moje PC - je přítulkyně.

LOG z AdwCleaner, teď běží MBAM.

# AdwCleaner v2.009 - Logfile created 11/27/2012 at 12:36:48
# Updated 24/11/2012 by Xplode
# Operating system : Windows 7 Home Premium (32 bits)
# User : Peckovi - PECKOVI-PC
# Boot Mode : Normal
# Running from : C:\Users\Peckovi\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

Stopped & Deleted : Browser Manager

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager
Folder Deleted : C:\Program Files\AppGraffiti
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Inbox.com
Folder Deleted : C:\Program Files\RebateInformer
Folder Deleted : C:\Program Files\yourfiledownloader
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AppGraffiti
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer
Folder Deleted : C:\Users\Peckovi\AppData\Local\APN
Folder Deleted : C:\Users\Peckovi\AppData\Local\Conduit
Folder Deleted : C:\Users\Peckovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fibbpolejomdcpiahkgcmdmaliooeien
Folder Deleted : C:\Users\Peckovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Deleted : C:\Users\Peckovi\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Peckovi\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Peckovi\AppData\LocalLow\AppGraffiti
Folder Deleted : C:\Users\Peckovi\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Peckovi\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Peckovi\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Peckovi\AppData\LocalLow\RebateInformer
Folder Deleted : C:\Users\Peckovi\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Peckovi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\Peckovi\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Peckovi\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppGraffiti
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\Software\AppGraffiti
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppGraffiti.AppGraffitiJS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{183643C8-EE67-4574-9A38-927852E34163}
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Client
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Script
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server
Key Deleted : HKLM\SOFTWARE\Classes\CShared.TB4Server2
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01C78433-6FDF-4E5A-A82D-B535C32E03DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{022C9F90-2E96-47D6-A971-107650154563}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\rebinfo
Key Deleted : HKLM\SOFTWARE\Classes\RebateI.Rebate Informer BHO
Key Deleted : HKLM\SOFTWARE\Classes\RebateI.RebateInformImageGen
Key Deleted : HKLM\SOFTWARE\Classes\RebateInf.RebateInfObj
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\CToolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4EF645BD-65B0-4F98-AD56-D0437B7045F6}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [RebateInformer]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7600.16385

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=116775&tt=4312_2&babsrc=HP_ss&mntrId=80f089f6000000000000002421aadebc --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www2.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language --> hxxp://www.google.com
Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=116775&tt=4312_2&babsrc=NT_ss&mntrId=80f089f6000000000000002421aadebc --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80546&lng=cs --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80546 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - SearchAssistant] = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80546&lng=cs --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - CustomizeSearch] = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80546 --> hxxp://www.google.com

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Peckovi\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [7767 octets] - [27/11/2012 11:44:07]
AdwCleaner[S1].txt - [7785 octets] - [27/11/2012 12:36:48]

########## EOF - C:\AdwCleaner[S1].txt - [7845 octets] ##########

Kurtik21 · #6 Příspěvek od **Kurtik21** » 27 lis 2012 13:26

Log z MBAM:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.11.27.02

Windows 7 x86 FAT32
Internet Explorer 8.0.7600.16385
Peckovi :: PECKOVI-PC [administrátor]

Ochrana: Povolena

27.11.2012 12:49:31
mbam-log-2012-11-27 (13-25-07).txt

Typ: Úplná kontrola (C:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 297324
Uplynulý čas: 25 minut, 39 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 31
HKCR\CLSID\{148dcaec-c91d-441d-a0e7-519a0673e7f5} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\TypeLib\{4a8ae59a-2f19-4777-b0b4-177188ab839b} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\Interface\{76745572-7E46-4795-9BFF-38EEDB8ADE5A} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\Zwinky_5q.SettingsPlugin.1 (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\Zwinky_5q.SettingsPlugin (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{148DCAEC-C91D-441D-A0E7-519A0673E7F5} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{148DCAEC-C91D-441D-A0E7-519A0673E7F5} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Zwinky_5qbar Uninstall (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{27488090-768a-4d20-a938-f223f71c344c} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27488090-768A-4D20-A938-F223F71C344C} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{27488090-768A-4D20-A938-F223F71C344C} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{27488090-768A-4D20-A938-F223F71C344C} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{bd3ea7c2-3af8-4463-9a9c-6eb8e136cb02} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{7e0ae9c4-366b-43f2-91ff-329d170bc335} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\TypeLib\{b2828f8b-edaf-4a77-974e-78ae784a9aa3} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\Interface\{D71C4580-C7B1-47CD-8A9C-4C575BE02790} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{076a9b45-de24-4cdf-89be-716c279b3b55} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\TypeLib\{15496d19-91ea-4930-9150-b24a27fe3de1} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\Interface\{30884828-9192-4B42-956C-75717FF8766D} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\Zwinky_5q.HTMLPanel.1 (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\Zwinky_5q.HTMLPanel (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{076A9B45-DE24-4CDF-89BE-716C279B3B55} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\CLSID\{70658616-d7ae-4f31-bd19-4f1775792e9b} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\TypeLib\{a283a85f-ed85-43ce-9199-952a2d106802} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\Interface\{AA01DD23-7B56-483E-9655-0613D0FC7479} (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\Zwinky_5q.RadioSettings.1 (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKCR\Zwinky_5q.RadioSettings (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GotClip (PUP.Adware.Gotclip.ScamLotto) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Zwinky Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qsrchmn.exe" /m=2 /w /h -> Žádná instrukce nebyla provedena.

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 18
C:\Program Files\Zwinky_5q\bar\1.bin\5qSrchMn.exe (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\Zwinky_5q\bar\1.bin\5qbar.dll (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\Zwinky_5q\bar\1.bin\5qSrcAs.dll (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\$Recycle.Bin\S-1-5-21-4240907446-1380477899-2191812811-1000\$R7KSWEX.exe (PUP.Adbundler) -> Žádná instrukce nebyla provedena.
C:\Program Files\Zwinky_5q\bar\1.bin\5qauxstb.dll (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\Zwinky_5q\bar\1.bin\5qdlghk.dll (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\Zwinky_5q\bar\1.bin\5qhighin.exe (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\Zwinky_5q\bar\1.bin\5qhkstub.dll (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\Zwinky_5q\bar\1.bin\5qhtml.dll (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\Zwinky_5q\bar\1.bin\5qieovr.dll (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\Zwinky_5q\bar\1.bin\5qmedint.exe (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\Zwinky_5q\bar\1.bin\5qPlugin.dll (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\Zwinky_5q\bar\1.bin\5qradio.dll (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\Zwinky_5q\bar\1.bin\5qregfft.dll (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\Zwinky_5q\bar\1.bin\5qreghk.dll (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\Zwinky_5q\bar\1.bin\5qregiet.dll (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\Zwinky_5q\bar\1.bin\NP5qStub.dll (PUP.MyWebSearch) -> Žádná instrukce nebyla provedena.
C:\Program Files\GotClip\Uninstall.exe (PUP.Adware.Gotclip.ScamLotto) -> Žádná instrukce nebyla provedena.

(konec)

#7 Příspěvek od **Márty84** » 27 lis 2012 18:57

Kurtik21 píše:Není to moje PC - je přítulkyně.

Tak to je v poradku

Nalezy MBAM nechte odstranit. Pak sem dejte novy log z RSIT.

Kurtik21 · #8 Příspěvek od **Kurtik21** » 28 lis 2012 08:18

Co našel MBAM jsem označil a nechal odstranit, tady je nový log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Peckovi at 2012-11-28 08:14:56
Microsoft Windows 7 Home Premium
System drive C: has 181 GB (76%) free of 238 GB
Total RAM: 2038 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:15:02, on 28.11.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Zwinky_5q\bar\1.bin\5qbrmon.exe
C:\Program Files\SiteRanker\SiteRankTray.exe
C:\Program Files\PCPowerSpeed\PCPowerTray.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
E:\RSIT.exe
C:\Program Files\trend micro\Peckovi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
R3 - URLSearchHook: (no name) - {cc2e2b99-14d3-4516-883c-9ea147f594ef} - C:\Program Files\Zwinky_5q\bar\1.bin\5qSrcAs.dll (file missing)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\PROGRA~1\SITERA~1\SiteRank.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (file missing)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~1\REBATE~1\RebateI.dll (file missing)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Skinner - {d6451db9-67e1-4ca3-bfba-4d77fface17f} - C:\Program Files\FBSkiny.com\adxloader.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (file missing)
O3 - Toolbar: Zwinky - {3033124f-06bf-4829-873a-310a125b4d4c} - C:\Program Files\Zwinky_5q\bar\1.bin\5qbar.dll (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Zwinky_5q Browser Plugin Loader] C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbrmon.exe
O4 - HKLM\..\Run: [SiteRanker] "C:\Program Files\SiteRanker\SiteRankTray.exe"
O4 - HKLM\..\Run: [PCPowerSpeed] "C:\Program Files\PCPowerSpeed\PCPowerTray.exe" /startup
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [RMAlert] "C:\Program Files\PC Tools Registry Mechanic\Alert.exe" /PRODUCT=RM /R
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Peckovi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SkinnerUpdater (SkinnerUpdateService) - Unknown owner - C:\Program Files\FBSkiny.com\SkinnerService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: ZwinkyService (Zwinky_5qService) - COMPANYVERS_NAME - C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbarsvc.exe

--
End of file - 10459 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4240907446-1380477899-2191812811-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4240907446-1380477899-2191812811-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for Peckovi.job
C:\Windows\tasks\RMAutoUpdate.job
C:\Windows\tasks\RMSchedule.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
C:\PROGRA~1\SITERA~1\SiteRank.dll [2012-05-15 342272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
AppGraffiti - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-22 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02 4296864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll [2012-08-11 1002992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
C:\PROGRA~1\REBATE~1\RebateI.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11 1307728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d6451db9-67e1-4ca3-bfba-4d77fface17f}]
Skinner - C:\Program Files\FBSkiny.com\adxloader.dll [2012-04-20 479232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll []
{3033124f-06bf-4829-873a-310a125b4d4c} - Zwinky - C:\Program Files\Zwinky_5q\bar\1.bin\5qbar.dll []
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11 1307728]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2012-09-22 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2003-10-31 32768]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2010-12-02 74752]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
"Zwinky_5q Browser Plugin Loader"=C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbrmon.exe [2012-05-11 30096]
"SiteRanker"=C:\Program Files\SiteRanker\SiteRankTray.exe [2012-05-15 320000]
"PCPowerSpeed"=C:\Program Files\PCPowerSpeed\PCPowerTray.exe [2012-03-28 385664]
"SSDMonitor"=C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2012-04-26 103896]
"RMAlert"=C:\Program Files\PC Tools Registry Mechanic\Alert.exe [2012-04-26 1318872]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=C:\Users\Peckovi\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-28 138096]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=yv12vfw.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-11-27 12:48:21 ----D---- C:\Users\Peckovi\AppData\Roaming\Malwarebytes
2012-11-27 12:48:13 ----D---- C:\ProgramData\Malwarebytes
2012-11-27 12:48:12 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-11-27 12:48:12 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-11-27 12:36:48 ----A---- C:\AdwCleaner[S1].txt
2012-11-27 11:44:07 ----A---- C:\AdwCleaner[R1].txt
2012-11-27 10:43:19 ----D---- C:\Program Files\trend micro
2012-11-27 10:43:18 ----D---- C:\rsit

======List of files/folders modified in the last 1 month======

2012-11-28 08:15:02 ----D---- C:\Windows\Prefetch
2012-11-28 08:13:59 ----D---- C:\Windows\Temp
2012-11-28 08:12:28 ----D---- C:\Program Files\SiteRanker
2012-11-28 08:12:10 ----AD---- C:\ProgramData\TEMP
2012-11-28 08:12:04 ----D---- C:\Program Files\PC Tools Registry Mechanic
2012-11-28 08:11:41 ----D---- C:\Windows\system32\drivers
2012-11-28 08:10:37 ----D---- C:\Windows\Msagent
2012-11-28 08:10:37 ----D---- C:\Program Files\GotClip
2012-11-27 19:00:02 ----D---- C:\Windows\System32
2012-11-27 12:48:13 ----HD---- C:\ProgramData
2012-11-27 12:48:12 ----RD---- C:\Program Files
2012-11-27 12:38:31 ----D---- C:\Windows
2012-11-27 11:53:29 ----D---- C:\Windows\system32\config
2012-11-27 11:41:27 ----SHD---- C:\System Volume Information
2012-11-27 10:44:37 ----D---- C:\Windows\inf
2012-11-27 10:44:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-11-27 10:42:00 ----D---- C:\Windows\system32\Tasks
2012-11-27 10:41:06 ----SHD---- C:\Windows\Installer
2012-11-27 10:34:34 ----HD---- C:\Config.Msi
2012-11-27 10:16:16 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-11-24 22:24:42 ----D---- C:\Windows\Tasks
2012-11-24 22:24:42 ----D---- C:\Windows\system32\wfp
2012-11-24 22:24:40 ----D---- C:\Windows\system32\wbem
2012-11-24 22:24:08 ----D---- C:\Windows\system32\DriverStore
2012-11-24 22:24:08 ----D---- C:\Windows\system32\catroot2
2012-11-24 22:24:00 ----D---- C:\Windows\registration
2012-11-18 18:47:39 ----D---- C:\Users\Peckovi\AppData\Roaming\Skype
2012-11-17 20:12:20 ----D---- C:\Program Files\Google
2012-11-17 17:52:10 ----SD---- C:\Users\Peckovi\AppData\Roaming\Microsoft
2012-11-17 16:48:27 ----D---- C:\Windows\Logs
2012-10-30 23:50:59 ----A---- C:\Windows\system32\aswBoot.exe
2012-10-29 19:15:37 ----D---- C:\Users\Peckovi\AppData\Roaming\ICQ

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-10-15 44784]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-10-30 54232]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-09-29 22856]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 BBSvc;BingBar Service; C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2; C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2012-06-25 184848]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-04-26 793048]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SkinnerUpdateService;SkinnerUpdater; C:\Program Files\FBSkiny.com\SkinnerService.exe [2012-04-20 9216]
R2 Zwinky_5qService;ZwinkyService; C:\PROGRA~1\ZWINKY~2\bar\1.bin\5qbarsvc.exe [2012-05-11 42528]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-29 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-05-03 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S3 BBUpdate;BBUpdate; C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-01-29 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-11 194032]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

#9 Příspěvek od **Márty84** » 28 lis 2012 11:57

Jeste jeden sken a budem mazat. Ale jsem doma jen na skok, pak zas valim do prace. Takze se na to kouknu az vecer.

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

Kurtik21 · #10 Příspěvek od **Kurtik21** » 28 lis 2012 13:42

Márty84 píše:Ale jsem doma jen na skok, pak zas valim do prace. Takze se na to kouknu az vecer.

To je samozřejmě úplně v pohodě, já jsem se zaviroval, takže ležím, piju čaj a občas sem nakouknu - čili to vůbec nespěchá.
Ten OTL mi v průběhu skenování zamrzl, takže jsem jej spustil v Nouzovém režimu, snad to ničemu nevadí.

otl.txt:

OTL logfile created on: 28.11.2012 13:10:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peckovi\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,25% Memory free
3,98 Gb Paging File | 3,39 Gb Available in Paging File | 85,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 181,73 Gb Free Space | 78,03% Space Free | Partition Type: NTFS
Drive E: | 3,72 Gb Total Space | 3,04 Gb Free Space | 81,75% Space Free | Partition Type: FAT32

Computer Name: PECKOVI-PC | User Name: Peckovi | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.11.28 12:06:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peckovi\Desktop\OTL.exe
PRC - [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

========== Services (SafeList) ==========

SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.10.09 21:32:51 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.25 13:59:00 | 000,184,848 | ---- | M] (Nitro PDF Software) [Auto | Stopped] -- C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012.05.11 19:37:16 | 000,042,528 | ---- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\Zwinky_5q\bar\1.bin\5qbarsvc.exe -- (Zwinky_5qService)
SRV - [2012.05.03 07:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.26 13:08:24 | 000,793,048 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012.04.20 08:36:31 | 000,009,216 | ---- | M] () [Auto | Stopped] -- C:\Program Files\FBSkiny.com\SkinnerService.exe -- (SkinnerUpdateService)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.10.15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}: "URL" = http://search.mywebsearch.com/mywebsear ... earchTerms}

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\URLSearchHook: {cc2e2b99-14d3-4516-883c-9ea147f594ef} - No CLSID value found
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\SearchScopes\{4CA837ED-E9D3-4887-8EF5-72DEBFA7DE82}: "URL" = http://websearch.ask.com/redirect?clien ... A38E2D8E18
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}: "URL" = http://search.mywebsearch.com/mywebsear ... earchTerms}
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher ... 546&lng=cs
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com//?search ... ex6HqkdBtd
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@Zwinky_5q.com/Plugin: C:\Program Files\Zwinky_5q\bar\1.bin\NP5qStub.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Peckovi\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.26 13:14:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.14 16:17:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5qffxtbr@Zwinky_5q.com: C:\Program Files\Zwinky_5q\bar\1.bin [2012.11.28 08:10:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\siteranker@siteranker.com: C:\Program Files\SiteRanker\firefox\ [2012.06.08 20:29:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.26 13:14:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\fbskiny@firefox: C:\Program Files\FBSkiny.com\fbskiny@firefox [2012.04.20 08:36:31 | 000,000,000 | ---D | M]

[2012.03.10 21:49:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Peckovi\AppData\Roaming\Mozilla\Firefox\extensions
[2012.03.18 19:43:31 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Users\Peckovi\AppData\Roaming\Mozilla\Firefox\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

========== Chrome ==========

CHR - homepage: http://seznam.cz/
CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://seznam.cz/
CHR - Extension: No name found = C:\Users\Peckovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: No name found = C:\Users\Peckovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: No name found = C:\Users\Peckovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfliiflijiommaakkpeogmedeklnjgnj\1.0_0\
CHR - Extension: No name found = C:\Users\Peckovi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5} - C:\Program Files\SiteRanker\SiteRank.dll (Crawler, LLC)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AppGraffiti) - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (no name) - {CCB69577-088B-4004-9ED8-FF5BCC83A039} - C:\PROGRA~1\REBATE~1\RebateI.dll File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Skinner) - {d6451db9-67e1-4ca3-bfba-4d77fface17f} - C:\Program Files\FBSkiny.com\adxloader.dll ()
O3 - HKLM\..\Toolbar: (Zwinky) - {3033124f-06bf-4829-873a-310a125b4d4c} - C:\Program Files\Zwinky_5q\bar\1.bin\5qbar.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O3 - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\Toolbar\WebBrowser: (Zwinky) - {3033124F-06BF-4829-873A-310A125B4D4C} - C:\Program Files\Zwinky_5q\bar\1.bin\5qbar.dll File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [PCPowerSpeed] C:\Program Files\PCPowerSpeed\PCPowerTray.exe (Crawler.com)
O4 - HKLM..\Run: [RMAlert] C:\Program Files\PC Tools Registry Mechanic\Alert.exe (PC Tools)
O4 - HKLM..\Run: [SiteRanker] C:\Program Files\SiteRanker\SiteRankTray.exe (Crawler, LLC)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Zwinky_5q Browser Plugin Loader] C:\Program Files\Zwinky_5q\bar\1.bin\5qbrmon.exe (VER_COMPANY_NAME)
O4 - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000..\Run: [Facebook Update] C:\Users\Peckovi\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.92.146.5 81.92.155.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F37076BF-83CB-4CAD-B6FB-D0F5D7B7D2BF}: DhcpNameServer = 81.92.146.5 81.92.155.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012.11.28 12:06:50 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Peckovi\Desktop\OTL.exe
[2012.11.27 12:48:21 | 000,000,000 | ---D | C] -- C:\Users\Peckovi\AppData\Roaming\Malwarebytes
[2012.11.27 12:48:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.27 12:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.27 12:48:12 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.27 12:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.27 10:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.11.27 10:43:18 | 000,000,000 | ---D | C] -- C:\rsit
[2012.11.18 14:16:43 | 000,000,000 | -H-D | C] -- C:\Users\Peckovi\Desktop\.picasaoriginals
[2012.11.17 20:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3

========== Files - Modified Within 30 Days ==========

[2012.11.28 13:11:20 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.11.28 13:09:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.28 13:09:26 | 1602,936,832 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.28 13:08:43 | 006,291,456 | -HS- | M] () -- C:\Users\Peckovi\ntuser.dat
[2012.11.28 13:08:39 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2012.11.28 13:08:27 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.11.28 13:08:23 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012.11.28 13:07:31 | 001,489,286 | -H-- | M] () -- C:\Users\Peckovi\AppData\Local\IconCache.db
[2012.11.28 12:32:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.11.28 12:20:06 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 12:20:06 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 12:16:05 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.11.28 12:06:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Peckovi\Desktop\OTL.exe
[2012.11.28 11:55:56 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4240907446-1380477899-2191812811-1000UA.job
[2012.11.28 08:31:40 | 000,000,440 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Peckovi.job
[2012.11.28 08:11:00 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012.11.27 20:29:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4240907446-1380477899-2191812811-1000Core.job
[2012.11.27 12:48:14 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.27 11:42:58 | 000,480,125 | ---- | M] () -- C:\Users\Peckovi\Desktop\adwcleaner.exe
[2012.11.27 10:44:37 | 001,445,734 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2012.11.27 10:44:37 | 000,622,422 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.11.27 10:44:37 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.11.27 10:44:37 | 000,118,604 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.11.27 10:44:37 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.11.24 22:28:51 | 000,524,288 | -HS- | M] () -- C:\Users\Peckovi\ntuser.dat{45768b2c-3678-11e2-b18e-002421aadebc}.TMContainer00000000000000000002.regtrans-ms
[2012.11.24 22:28:51 | 000,524,288 | -HS- | M] () -- C:\Users\Peckovi\ntuser.dat{45768b2c-3678-11e2-b18e-002421aadebc}.TMContainer00000000000000000001.regtrans-ms
[2012.11.24 22:28:51 | 000,065,536 | -HS- | M] () -- C:\Users\Peckovi\ntuser.dat{45768b2c-3678-11e2-b18e-002421aadebc}.TM.blf
[2012.11.24 22:25:17 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.11.24 22:25:17 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.11.17 20:12:46 | 000,001,068 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.10.30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

========== Files Created - No Company Name ==========

[2012.11.28 12:11:17 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.11.27 12:48:14 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.27 11:43:29 | 000,480,125 | ---- | C] () -- C:\Users\Peckovi\Desktop\adwcleaner.exe
[2012.11.24 22:25:17 | 000,002,039 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.11.24 22:24:47 | 000,524,288 | -HS- | C] () -- C:\Users\Peckovi\ntuser.dat{45768b2c-3678-11e2-b18e-002421aadebc}.TMContainer00000000000000000002.regtrans-ms
[2012.11.24 22:24:47 | 000,524,288 | -HS- | C] () -- C:\Users\Peckovi\ntuser.dat{45768b2c-3678-11e2-b18e-002421aadebc}.TMContainer00000000000000000001.regtrans-ms
[2012.11.24 22:24:47 | 000,065,536 | -HS- | C] () -- C:\Users\Peckovi\ntuser.dat{45768b2c-3678-11e2-b18e-002421aadebc}.TM.blf
[2012.11.17 20:12:46 | 000,001,068 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2012.07.10 20:46:30 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012.05.15 16:36:30 | 001,048,576 | -HS- | C] () -- C:\Users\Peckovi\ntuser.dat{cf05a6b4-7122-11e1-a029-002421aadebc}.TxR.2.regtrans-ms
[2012.05.15 16:36:30 | 001,048,576 | -HS- | C] () -- C:\Users\Peckovi\ntuser.dat{cf05a6b4-7122-11e1-a029-002421aadebc}.TxR.1.regtrans-ms
[2012.05.15 16:36:30 | 001,048,576 | -HS- | C] () -- C:\Users\Peckovi\ntuser.dat{cf05a6b4-7122-11e1-a029-002421aadebc}.TxR.0.regtrans-ms
[2012.05.15 16:36:30 | 000,065,536 | -HS- | C] () -- C:\Users\Peckovi\ntuser.dat{cf05a6b4-7122-11e1-a029-002421aadebc}.TxR.blf
[2012.04.14 16:18:11 | 000,003,584 | ---- | C] () -- C:\Users\Peckovi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.14 16:17:34 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2012.04.14 16:17:19 | 000,790,528 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.04.14 16:17:19 | 000,134,144 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.04.14 16:17:19 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2012.04.14 16:17:18 | 000,108,032 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2012.03.18 19:44:25 | 000,524,288 | -HS- | C] () -- C:\Users\Peckovi\ntuser.dat{cf05a6b5-7122-11e1-a029-002421aadebc}.TMContainer00000000000000000002.regtrans-ms
[2012.03.18 19:44:25 | 000,524,288 | -HS- | C] () -- C:\Users\Peckovi\ntuser.dat{cf05a6b5-7122-11e1-a029-002421aadebc}.TMContainer00000000000000000001.regtrans-ms
[2012.03.18 19:44:25 | 000,065,536 | -HS- | C] () -- C:\Users\Peckovi\ntuser.dat{cf05a6b5-7122-11e1-a029-002421aadebc}.TM.blf
[2012.03.04 11:18:49 | 000,524,288 | -HS- | C] () -- C:\Users\Peckovi\ntuser.dat{747830b1-65e1-11e1-b3a6-002421aadebc}.TMContainer00000000000000000002.regtrans-ms
[2012.03.04 11:18:49 | 000,524,288 | -HS- | C] () -- C:\Users\Peckovi\ntuser.dat{747830b1-65e1-11e1-b3a6-002421aadebc}.TMContainer00000000000000000001.regtrans-ms
[2012.03.04 11:18:49 | 000,065,536 | -HS- | C] () -- C:\Users\Peckovi\ntuser.dat{747830b1-65e1-11e1-b3a6-002421aadebc}.TM.blf
[2012.02.12 19:59:51 | 000,019,153 | ---- | C] () -- C:\Windows\hpqins13.dat.temp
[2012.02.12 19:58:48 | 000,019,550 | ---- | C] () -- C:\Windows\hpqins13.dat
[2012.01.26 13:10:43 | 000,223,590 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012.01.26 13:10:43 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012.01.24 20:55:00 | 000,109,208 | ---- | C] () -- C:\Users\Peckovi\AppData\Local\GDIPFONTCACHEV1.DAT
[2012.01.24 20:46:03 | 001,445,734 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2012.01.24 20:45:24 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.01.24 20:39:44 | 001,489,286 | -H-- | C] () -- C:\Users\Peckovi\AppData\Local\IconCache.db
[2012.01.24 20:38:27 | 006,291,456 | -HS- | C] () -- C:\Users\Peckovi\ntuser.dat
[2012.01.24 20:38:27 | 000,524,288 | -HS- | C] () -- C:\Users\Peckovi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.01.24 20:38:27 | 000,524,288 | -HS- | C] () -- C:\Users\Peckovi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012.01.24 20:38:27 | 000,065,536 | -HS- | C] () -- C:\Users\Peckovi\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012.01.24 20:38:27 | 000,000,020 | -HS- | C] () -- C:\Users\Peckovi\ntuser.ini

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012.10.20 12:52:52 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Anthropics
[2012.02.01 17:19:50 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\BSplayer
[2012.01.25 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\BSplayer Pro
[2012.07.06 21:22:19 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Downloaded Installations
[2012.10.29 19:15:37 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\ICQ
[2012.03.11 13:36:48 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Nitro PDF
[2012.10.14 21:59:16 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\PCPowerSpeed
[2012.03.18 19:43:31 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\PhotoScape
[2012.07.21 18:02:51 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Registry Mechanic

========== Purity Check ==========

========== Custom Scans ==========

< >
[2009.07.14 05:53:46 | 000,032,584 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2012.01.29 17:29:49 | 000,000,938 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012.01.29 17:29:50 | 000,000,942 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.04.14 19:14:21 | 000,000,440 | -H-- | C] () -- C:\Windows\Tasks\Norton Security Scan for Peckovi.job
[2012.04.16 17:19:13 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
[2012.07.10 20:46:37 | 000,000,276 | ---- | C] () -- C:\Windows\Tasks\RMAutoUpdate.job
[2012.07.10 20:46:39 | 000,000,278 | ---- | C] () -- C:\Windows\Tasks\RMSchedule.job
[2012.08.28 19:24:53 | 000,000,914 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4240907446-1380477899-2191812811-1000Core.job
[2012.08.28 19:24:54 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4240907446-1380477899-2191812811-1000UA.job

< >

< MD5 for: AGP440.SYS >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 02:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 00:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009.07.14 02:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 02:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009.07.14 02:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.14 02:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009.07.14 02:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.14 02:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009.07.14 02:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\twain_32\*.tmp files -> C:\Windows\twain_32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.01.24 21:34:21 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Adobe
[2012.10.20 12:52:52 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Anthropics
[2012.02.01 17:19:50 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\BSplayer
[2012.01.25 21:49:03 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\BSplayer Pro
[2012.07.21 15:34:10 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\DivX
[2012.07.06 21:22:19 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Downloaded Installations
[2012.01.30 19:07:56 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Google
[2012.02.06 17:43:16 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\HP
[2012.10.29 19:15:37 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\ICQ
[2012.01.24 20:38:38 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Identities
[2012.01.26 13:17:15 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Macromedia
[2012.11.27 12:48:21 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Malwarebytes
[2009.07.14 10:19:24 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Media Center Programs
[2012.07.21 15:34:15 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Media Player Classic
[2012.11.17 17:52:10 | 000,000,000 | --SD | M] -- C:\Users\Peckovi\AppData\Roaming\Microsoft
[2012.03.10 21:49:29 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Mozilla
[2012.01.27 22:19:10 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Nero
[2012.03.11 13:36:48 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Nitro PDF
[2012.10.14 21:59:16 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\PCPowerSpeed
[2012.03.18 19:43:31 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\PhotoScape
[2012.07.21 18:02:51 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Registry Mechanic
[2012.11.18 18:47:39 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Skype
[2012.03.18 19:43:26 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\vlc
[2012.04.14 16:12:20 | 000,000,000 | ---D | M] -- C:\Users\Peckovi\AppData\Roaming\Winamp

< %APPDATA%\*.exe /s >
[2009.08.11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Users\Peckovi\AppData\Roaming\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Users\Peckovi\AppData\Roaming\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Users\Peckovi\AppData\Roaming\BSplayer\AC3 Filter\unins000.exe
[2010.02.23 17:01:52 | 001,185,871 | ---- | M] () -- C:\Users\Peckovi\AppData\Roaming\BSplayer\FFDShow\unins000.exe
[2010.08.14 10:42:54 | 000,113,152 | ---- | M] () -- C:\Users\Peckovi\AppData\Roaming\BSplayer\Haali media splitter\dsmux.exe
[2010.08.14 10:45:10 | 000,358,400 | ---- | M] () -- C:\Users\Peckovi\AppData\Roaming\BSplayer\Haali media splitter\gdsmux.exe
[2010.08.14 10:42:06 | 000,137,728 | ---- | M] () -- C:\Users\Peckovi\AppData\Roaming\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.09.30 15:30:22 | 000,042,305 | ---- | M] () -- C:\Users\Peckovi\AppData\Roaming\BSplayer\Haali media splitter\uninstall.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.11.28 12:20:06 | 000,014,016 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.28 12:20:06 | 000,014,016 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.27 19:01:14 | 000,006,430 | ---- | M] () -- C:\Windows\system32\AppLog.log
[2012.11.27 10:44:37 | 000,118,604 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2012.11.27 10:44:37 | 000,103,370 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2012.11.27 10:44:37 | 000,622,422 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2012.11.27 10:44:37 | 000,606,992 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2012.11.27 10:44:37 | 001,445,734 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Facebook Update" = "C:\Users\Peckovi\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver -- [2012.08.28 19:24:43 | 000,138,096 | ---- | M] (Facebook Inc.)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.11.28 13:11:20 | 000,000,512 | ---- | M] () MD5=D436A3DEA3D0A64FBF0343B9E6C56A0A -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2012.05.05 14:38:42 | 000,062,238 | ---- | M] () -- \Program Files\GIMP 2\share\gimp\2.0\patterns\cracked.pat

< *keygen* /s >

< *loader* /s >
[2006.10.26 13:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 13:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2008.05.02 08:25:50 | 000,111,912 | ---- | M] () -- \Program Files\Common Files\Nero\Shared\NSCLoader.dll
[2012.04.20 08:36:31 | 000,479,232 | ---- | M] () -- \Program Files\FBSkiny.com\adxloader.dll
[2012.04.20 08:36:31 | 000,000,281 | ---- | M] () -- \Program Files\FBSkiny.com\adxloader.dll.manifest
[2012.06.06 17:48:32 | 000,063,296 | ---- | M] () -- \Program Files\FBSkiny.com\adxloader.exe
[2012.04.20 08:36:31 | 000,678,400 | ---- | M] () -- \Program Files\FBSkiny.com\adxloader64.dll
[2012.05.04 22:42:40 | 000,043,889 | ---- | M] () -- \Program Files\GIMP 2\lib\gdk-pixbuf-2.0\2.10.0\loaders\libpixbufloader-svg.dll
[2011.03.08 08:43:28 | 000,013,734 | ---- | M] () -- \Program Files\GIMP 2\Python\Lib\unittest\loader.py
[2012.02.22 22:04:28 | 000,002,713 | ---- | M] () -- \Program Files\Graboid\GraboidVideo\3.0.1\xulrunner-1.9.1.4\components\uriloader.xpt
[2009.05.21 20:21:18 | 000,007,507 | ---- | M] () -- \Program Files\HP\Digital Imaging\HelpViewer\Resources\Loader.swf
[2009.09.20 12:15:26 | 000,030,776 | ---- | M] () -- \Program Files\HP\Digital Imaging\smart web printing\RsrcLoaderLib.dll
[2009.09.20 12:15:26 | 000,002,713 | ---- | M] () -- \Program Files\HP\Digital Imaging\smart web printing\MozillaAddOn3\xre\components\uriloader.xpt
[2012.01.24 21:38:36 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7.7\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2012.01.24 21:38:36 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7.7\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2012.01.24 21:38:36 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7.7\imApp\theme\MUICoreLib\xtraLoader.swf
[2012.02.06 13:07:20 | 000,002,886 | ---- | M] () -- \Program Files\ICQ7.7\Xtraz\icq\content\babylon_feed\preloader01_b.swf
[2012.01.27 16:10:07 | 000,000,402 | ---- | M] () -- \Program Files\ICQ7.7\Xtraz\icq\content\profile_lightboxs\preloader.html
[2011.10.12 14:04:18 | 000,006,643 | ---- | M] () -- \Program Files\Microsoft\BingBar\7.1.391.0\apps\facebook\7.1.391\js\downloader.js
[2011.10.12 14:04:18 | 000,006,643 | ---- | M] () -- \Program Files\Microsoft\BingBar\7.1.391.0\apps\facebooklike\7.1.391\js\downloader.js
[2011.10.12 14:04:18 | 000,006,643 | ---- | M] () -- \Program Files\Microsoft\BingBar\7.1.391.0\apps\fbsharedservices\7.1.391\js\downloader.js
[2011.10.12 14:04:18 | 000,006,643 | ---- | M] () -- \Program Files\Microsoft\BingBar\7.1.391.0\apps\featured\7.1.391\js\downloader.js
[2011.10.12 14:04:18 | 000,006,643 | ---- | M] () -- \Program Files\Microsoft\BingBar\7.1.391.0\apps\games\7.1.391\js\shared\downloader.js
[2011.10.12 14:04:18 | 000,006,643 | ---- | M] () -- \Program Files\Microsoft\BingBar\7.1.391.0\apps\chat\7.1.391\js\downloader.js
[2011.10.12 14:04:18 | 000,006,643 | ---- | M] () -- \Program Files\Microsoft\BingBar\7.1.391.0\scripts\io\downloader.js
[2012.01.16 19:13:36 | 000,917,736 | ---- | M] () -- \Program Files\Portrait Professional Studio 10 Trial\ZRawLoader.exe
[2012.10.25 21:07:18 | 000,001,937 | ---- | M] () -- \ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader\YourFile Downloader.lnk
[2008.02.04 12:32:50 | 000,000,232 | ---- | M] () -- \ProgramData\Nero\Nero8\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.04.27 16:14:26 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.04.27 16:14:26 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2012.10.25 21:07:18 | 000,001,937 | ---- | M] () -- \Users\All Users\Microsoft\Windows\Start Menu\YourFileDownloader\YourFile Downloader.lnk
[2008.02.04 12:32:50 | 000,000,232 | ---- | M] () -- \Users\All Users\Nero\Nero8\OnlineServices\NOSWebConfig\MySpace\uploadError.xml
[2012.04.27 16:14:26 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.04.27 16:14:26 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.10.22 16:01:14 | 000,003,072 | ---- | M] () -- \Users\Peckovi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_step.yourfiledownloader.com_0.localstorage
[2012.10.22 16:01:14 | 000,003,608 | ---- | M] () -- \Users\Peckovi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_step.yourfiledownloader.com_0.localstorage-journal
[2012.01.31 15:16:24 | 000,006,643 | ---- | M] () -- \Users\Peckovi\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.1.361\js\downloader.js
[2012.01.31 15:16:24 | 000,006,643 | ---- | M] () -- \Users\Peckovi\AppData\Local\Microsoft\BingBar\Apps\Facebook_76c7b5062c4e4be69d843ace834517ec\7.1.362\js\downloader.js
[2012.01.31 15:16:24 | 000,006,643 | ---- | M] () -- \Users\Peckovi\AppData\Local\Microsoft\BingBar\Apps\FacebookLike_08e57417866d4faa981702780b0d36c4\7.1.362\js\downloader.js
[2012.01.31 15:16:24 | 000,006,643 | ---- | M] () -- \Users\Peckovi\AppData\Local\Microsoft\BingBar\Apps\fbsharedservices_bb9c6e8b961d477e9ec95f9698bde610\7.1.362\js\downloader.js
[2012.01.31 15:16:24 | 000,006,643 | ---- | M] () -- \Users\Peckovi\AppData\Local\Microsoft\BingBar\Apps\Featured_ce53daa069a4a3ad2e3d7d81081f340d\7.1.362\js\downloader.js
[2012.01.31 15:16:24 | 000,006,643 | ---- | M] () -- \Users\Peckovi\AppData\Local\Microsoft\BingBar\Apps\Chat_cf57b0088a3b4f61a0bfaad0ba784240\7.1.361\js\downloader.js
[2012.11.28 13:06:57 | 000,002,820 | ---- | M] () -- \Users\Peckovi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Add-in Express\adxloader.log
[2012.07.12 20:23:20 | 000,003,638 | ---- | M] () -- \Users\Peckovi\AppData\Roaming\Microsoft\Windows\Recent\adxloader.lnk
[2011.11.22 11:53:46 | 000,010,144 | ---- | M] () -- \Users\Peckovi\AppData\Roaming\Mozilla\Firefox\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\modules\ExternalLibraryLoader.jsm
[2012.11.27 10:31:54 | 000,008,365 | ---- | M] () -- \Users\Peckovi\Documents\Add-in Express\adxloader.log
[2012.01.24 20:51:09 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2012.11.28 13:06:55 | 000,018,184 | ---- | M] () -- \Windows\Prefetch\ADXLOADER.EXE-F34ABEC4.pf
[2009.07.14 13:25:34 | 002,202,645 | R--- | M] () -- \Windows\Setup\SCRIPTS\Windows7Loader.exe
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.07.14 05:54:01 | 000,003,532 | ---- | M] () -- \Windows\System32\Tasks\Microsoft\Windows\WindowsColorSystem\Calibration Loader
[2009.07.14 09:43:57 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 09:43:57 | 000,034,896 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winload.exe.mui_3bc5b827
[2009.07.14 09:43:57 | 000,030,272 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86_winresume.exe.mui_ff8b5358
[2009.07.14 03:17:55 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 03:17:55 | 000,507,568 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winload.exe_75835076
[2009.07.14 03:17:55 | 000,442,920 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9_winresume.exe_85cd1215
[2009.07.14 03:17:38 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 03:17:38 | 000,017,472 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23_spldr.sys_98bd87a0
[2009.07.14 09:42:11 | 000,002,883 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_3318c4cd5e5d0f86.manifest
[2009.07.14 02:47:46 | 000,004,225 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.1.7600.16385_none_5afd1055cdfa75b9.manifest
[2009.07.14 02:52:31 | 000,002,894 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.1.7600.16385_none_6b097e5cb26f7a23.manifest
[2009.07.14 02:15:12 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.1.7600.16385_none_45ca7214f0f664cb\dmloader.dll
[2009.07.14 02:03:49 | 000,003,584 | -H-- | M] () -- \Windows\winsxs\x86_microsoft-windows-minkernelapinamespace_31bf3856ad364e35_6.1.7600.16385_none_0a884619dd2388ad\api-ms-win-core-libraryloader-l1-1-0.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2009.07.14 09:43:37 | 000,090,112 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\cs\System.RunTime.Serialization.Resources.dll
[2009.09.20 10:53:30 | 000,004,185 | ---- | M] () -- \ProgramData\HP\LGT\Data\Models\Images\identifying_serial.jpg
[2009.09.20 10:53:30 | 000,004,185 | ---- | M] () -- \Users\All Users\HP\LGT\Data\Models\Images\identifying_serial.jpg
[2012.09.30 11:28:18 | 000,003,072 | ---- | M] () -- \Users\Peckovi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_tv-serialky.blog.cz_0.localstorage
[2012.09.30 11:28:18 | 000,003,608 | ---- | M] () -- \Users\Peckovi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_tv-serialky.blog.cz_0.localstorage-journal
[2012.09.30 11:30:43 | 000,003,072 | ---- | M] () -- \Users\Peckovi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.serialycz.cz_0.localstorage
[2012.09.30 11:30:43 | 000,003,608 | ---- | M] () -- \Users\Peckovi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.serialycz.cz_0.localstorage-journal
[2012.11.18 14:33:48 | 000,000,024 | ---- | M] () -- \Users\Peckovi\AppData\Local\Google\Picasa2\cache\cacheindex_serial.pmp
[2012.02.18 17:17:53 | 000,000,527 | ---- | M] () -- \Users\Peckovi\AppData\Roaming\Microsoft\Windows\Cookies\Low\peckovi@filmy-serialy.cz[1].txt
[2012.02.18 17:13:16 | 000,000,405 | ---- | M] () -- \Users\Peckovi\AppData\Roaming\Microsoft\Windows\Cookies\Low\peckovi@online.serialstv[2].txt
[2012.03.01 18:09:48 | 000,000,083 | ---- | M] () -- \Users\Peckovi\AppData\Roaming\Microsoft\Windows\Cookies\Low\peckovi@rs-seriale.bloog[1].txt
[2012.02.18 17:20:29 | 000,000,452 | ---- | M] () -- \Users\Peckovi\AppData\Roaming\Microsoft\Windows\Cookies\Low\peckovi@serial-online[1].txt
[2012.02.18 17:12:44 | 000,000,386 | ---- | M] () -- \Users\Peckovi\AppData\Roaming\Microsoft\Windows\Cookies\Low\peckovi@serialpark[2].txt
[2012.04.14 16:54:22 | 000,000,293 | ---- | M] () -- \Users\Peckovi\AppData\Roaming\Microsoft\Windows\Cookies\Low\peckovi@serialy.herni[3].txt
[2009.07.14 09:43:23 | 000,011,776 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 09:43:37 | 000,090,112 | ---- | M] () -- \Windows\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2009.07.14 05:43:53 | 002,347,008 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\39e53f507d9cbc5c10a2f47c4b0d09dd\System.Runtime.Serialization.ni.dll
[2009.07.14 05:43:05 | 000,310,784 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d57d865568209a71d63739fa448ed6df\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 09:43:15 | 000,011,776 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 22:14:06 | 000,970,752 | ---- | M] () -- \Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\System32\serialui.dll
[2009.07.14 09:43:17 | 000,005,120 | ---- | M] () -- \Windows\System32\cs-CZ\serialui.dll.mui
[2009.07.14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\drivers\serial.sys
[2009.07.14 09:43:30 | 000,009,728 | ---- | M] () -- \Windows\System32\drivers\cs-CZ\serial.sys.mui
[2009.07.13 23:13:45 | 001,068,032 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\mdmmotsm.inf_x86_neutral_c1415d9789c54b89\smserial.sys
[2009.07.14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\msports.inf_x86_neutral_c1a802e06677f73f\serial.sys
[2009.07.13 23:09:18 | 000,031,232 | ---- | M] () -- \Windows\System32\DriverStore\FileRepository\smartcrd.inf_x86_neutral_63e72c669d043f14\grserial.sys
[2009.07.14 03:18:03 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 03:18:03 | 000,015,952 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486_kdcom.dll_db5e7744
[2009.07.14 09:43:55 | 000,005,120 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed_serialui.dll.mui_7d29d2a3
[2009.07.14 03:18:51 | 000,015,360 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a_serialui.dll_bea29328
[2009.07.14 02:52:33 | 000,002,226 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896.manifest
[2009.07.14 09:42:43 | 000,001,626 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0.manifest
[2009.07.14 02:51:52 | 000,001,985 | ---- | M] () -- \Windows\winsxs\Manifests\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9.manifest
[2009.07.14 02:49:26 | 000,002,762 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..gertransport-serial_31bf3856ad364e35_6.1.7600.16385_none_118be3420dfe8486.manifest
[2009.07.14 02:45:27 | 000,000,866 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft.windows.h..tserial-driverclass_31bf3856ad364e35_6.1.7600.16385_none_2c93290b67c98d09.manifest
[2009.07.14 02:57:53 | 000,002,260 | ---- | M] () -- \Windows\winsxs\Manifests\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b.manifest
[2009.06.10 22:23:19 | 000,131,072 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ion.formatters.soap_b03f5f7f11d50a3a_6.1.7600.16385_none_1c9a3ec1e01c684b\System.Runtime.Serialization.Formatters.Soap.dll
[2009.07.14 09:43:23 | 000,011,776 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.seri..ters.soap.resources_b03f5f7f11d50a3a_6.1.7600.16385_cs-cz_d5c3552dd9b47144\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.06.10 22:14:06 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.ref_b77a5c561934e089_6.1.7600.16385_none_a6aa149474833896\System.Runtime.Serialization.dll
[2009.07.14 09:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization.resources_b77a5c561934e089_6.1.7600.16385_cs-cz_34555b4d83cf58b0\System.RunTime.Serialization.Resources.dll
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\msil_system.runtime.serialization_b77a5c561934e089_6.1.7600.16385_none_d6ed4a2e9c2a39c9\System.Runtime.Serialization.dll
[2009.07.13 23:13:45 | 001,068,032 | ---- | M] () -- \Windows\winsxs\x86_mdmmotsm.inf_31bf3856ad364e35_6.1.7600.16385_none_7a97936f8a972896\smserial.sys
[2009.07.14 09:43:15 | 000,011,776 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-n..xcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c002c1170ca9a88f\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.07.14 09:43:17 | 000,005,120 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-u..em-config.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_4e4137b544fe59ed\serialui.dll.mui
[2009.07.14 02:16:13 | 000,015,360 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-unimodem-config_31bf3856ad364e35_6.1.7600.16385_none_f4d7f7b17ffe522a\serialui.dll
[2009.07.14 09:43:37 | 000,090,112 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-wcfcorecomp.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_5d4a68b4b3d26ecc\System.RunTime.Serialization.Resources.dll
[2009.07.14 09:43:30 | 000,009,728 | ---- | M] () -- \Windows\winsxs\x86_msports.inf.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_c48c78a9ad8ff996\serial.sys.mui
[2009.07.14 00:45:33 | 000,083,456 | ---- | M] () -- \Windows\winsxs\x86_msports.inf_31bf3856ad364e35_6.1.7600.16385_none_f86e06d519b1d9a4\serial.sys
[2009.07.13 23:09:18 | 000,031,232 | ---- | M] () -- \Windows\winsxs\x86_smartcrd.inf_31bf3856ad364e35_6.1.7600.16385_none_7280378295916274\grserial.sys
[2009.06.10 22:13:54 | 000,970,752 | ---- | M] () -- \Windows\winsxs\x86_wcf-system.runtime.serialization_b03f5f7f11d50a3a_6.1.7600.16385_none_dbc7f5fbdd00d40b\System.Runtime.Serialization.dll

< *w7lxe* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:9FA5EC55

< End of report >

Kurtik21 · #11 Příspěvek od **Kurtik21** » 28 lis 2012 13:42

OTL Extras logfile created on: 28.11.2012 13:10:25 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Peckovi\Desktop
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 1,38 Gb Available Physical Memory | 69,25% Memory free
3,98 Gb Paging File | 3,39 Gb Available in Paging File | 85,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 181,73 Gb Free Space | 78,03% Space Free | Partition Type: NTFS
Drive E: | 3,72 Gb Total Space | 3,04 Gb Free Space | 81,75% Space Free | Partition Type: FAT32

Computer Name: PECKOVI-PC | User Name: Peckovi | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\.DEFAULT\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AD620F80-EA04-4D43-A6E6-A4097969F01B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D55370-D5A1-4180-A04E-5DB26CD4F7DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{0427394E-D8C6-4B83-92D7-D0678B065D45}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0CCC8E7F-606F-4BC9-B565-00D950721AB9}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{12CB3F55-A785-4DBF-8D87-1C63CF62FD03}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{1BC03E6A-FD10-4137-8A9C-DDDF3448703F}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{2115408D-C463-4767-8037-44756D3A37D1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3765D965-D678-47D6-B8CF-B6BC44945A1E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{428C74F0-B630-4B58-A35A-EADE1CFD0F2D}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{445F3DF5-1FD4-4C67-A90C-59B40B43C06B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{4ADE5546-3043-46B6-A9D5-66FEF312C8B4}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{4CB0C267-E687-43E5-9A2E-AF8407CCA8F6}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{53F176D2-CD86-4E3E-BF9C-7DD122B32E7B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{5E4833CC-8034-4544-A3EA-5D0C70D66F77}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{5F7A8CB4-BC5E-4C4A-BE7E-914F5E89E4E9}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{6A80CE00-FC1B-44E8-9A4D-7F4AB168368F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{6A8BF628-37E6-4326-AC14-26F4EC0959AF}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{72B6FDCA-BA5B-498C-A664-AE8E27B4C212}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{7307412C-D252-486C-B649-2346F849AFD1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{751985BA-1F8C-4104-AE95-663C77594761}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{7C0D60E7-3920-404C-8D2F-69D128B7CF1B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{8414F056-2EC3-4954-9229-A422491AF5CA}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{8463B5E0-59F1-4B95-9E0D-DEB8B7D6EABB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqnrs08.exe |
"{90023E1D-7EEC-457C-B314-71B52C64E183}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{96612F83-AD90-497B-B2BB-B8B3DCF2B91D}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{98609E0D-B6ED-4AC7-92D7-B3F370C8D16B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{990AF327-1611-4888-BE64-1C8594545B85}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{9DF780BC-06A9-4479-8BB0-6C05CE40FC1E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{A512EA54-8112-4790-B7C3-192BF38FD661}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{A93CD0BA-DF04-456C-B050-3AE7E21A96A2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{AAFC75E3-3667-434F-BEE1-083953A5BB81}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{B4D1456F-1EE2-4D89-99FE-1F6DE24708F3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{B6757D6B-889D-4206-B7F7-B94A1460F202}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{BCA143CB-7214-4FB1-9FAD-7046AA04CC6B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{D39B5204-5C0C-40AB-8860-8ABB2139AB69}" = protocol=17 | dir=in | app=c:\program files\icq7.7\icq.exe |
"{D627E9A2-C460-4866-BB8A-F6BBF607C4EE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{EDB2B785-9C02-4C7B-A2DD-B45EB7EDB09B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{EF05A766-CF87-450C-B9D7-09F52F001AEE}" = dir=in | app=c:\users\peckovi\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{F64D99F5-C83D-4700-93D5-EF9F488443F1}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{FB71B63D-1DE4-4A31-93B5-72E9F6131351}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{FD79597D-DBE2-4393-B17D-74EF88545BD9}" = protocol=6 | dir=in | app=c:\program files\icq7.7\icq.exe |
"TCP Query User{3ED6686D-EFD0-4293-830B-49EF1C353198}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{07630972-7E24-4332-9590-DC52D92A5DE7}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}_is1" = SiteRanker
"{17016DA1-F040-4032-BD36-34DD317BC9D5}" = HP Photosmart All-In-One Driver Software 13.0 Rel. A
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A7EF808-14F3-4E93-BE3A-1675EE5332A4}" = AIO_CDA_ProductContext
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{354038F6-0A35-4C55-A80B-F86C4C1A6D38}" = C3100
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{413DACDB-1E8D-4C16-896F-5DDC393C7F31}" = Nitro Reader 2
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{470C8EFE-AEB0-402E-B05A-91E08C201029}" = Nero 8 Essentials
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{A7AEE29F-839E-46B5-B347-6D430618129F}" = AIO_CDA_Software
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Czech
"{B0C56FD7-493D-44DD-B007-BBB5117D6E6F}_is1" = PC Power Speed 1.0.0.26
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D86B0E2E-DF9A-441C-AF77-8D1A0FF00FA6}" = AIO_Scan
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"avast" = avast! Free Antivirus
"BSPlayerf" = BS.Player FREE
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"csch_is1" = csch verze 6.1
"DivX Setup" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FBSkiny.com" = FBSkiny.com
"FormatFactory" = FormatFactory 2.95
"GIMP-2_is1" = GIMP 2.8.0
"Google Chrome" = Google Chrome
"Graboid Video" = Graboid Video 3.0.1
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.5.0
"KMediaPlayer_is1" = KMedia Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.65.1.1000
"NSS" = Norton Security Scan
"Picasa 3" = Picasa 3
"PortraitProfessionalStudio10Trial_is1" = Portrait Professional Studio 10.8 Trial
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"save2pc Light_is1" = save2pc Light 4.16
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 1.0.1
"Winamp" = Winamp
"YouTube Video Grabber_is1" = YouTube Video Grabber 1.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4240907446-1380477899-2191812811-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in
"YourFileDownloader" = YourFileDownloader

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24.11.2012 17:16:33 | Computer Name = Peckovi-PC | Source = Application Hang | ID = 1002
Description = Program iexplore.exe verze 8.0.7600.16385 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID
procesu: 5bc Čas spuštění: 01cdca88258b25aa Čas ukončení: 156 Cesta k aplikaci: C:\Program
Files\Internet Explorer\iexplore.exe ID hlášení: 32238889-367c-11e2-b18e-002421aadebc

Error - 24.11.2012 17:27:32 | Computer Name = Peckovi-PC | Source = Application Hang | ID = 1002
Description = Program iexplore.exe verze 8.0.7600.16385 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID
procesu: 134c Čas spuštění: 01cdca8a52b3926c Čas ukončení: 31 Cesta k aplikaci: C:\Program
Files\Internet Explorer\iexplore.exe ID hlášení: bdb8b809-367d-11e2-bbc4-002421aadebc

Error - 25.11.2012 15:38:57 | Computer Name = Peckovi-PC | Source = Application Hang | ID = 1002
Description = Program iexplore.exe verze 8.0.7600.16385 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID
procesu: 15e8 Čas spuštění: 01cdcb447384427f Čas ukončení: 32 Cesta k aplikaci: C:\Program
Files\Internet Explorer\iexplore.exe ID hlášení: be907f32-3737-11e2-bc3e-002421aadebc

Error - 25.11.2012 15:47:38 | Computer Name = Peckovi-PC | Source = Application Hang | ID = 1002
Description = Program iexplore.exe verze 8.0.7600.16385 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID
procesu: 12ac Čas spuštění: 01cdcb4590b6dbb1 Čas ukončení: 32 Cesta k aplikaci: C:\Program
Files\Internet Explorer\iexplore.exe ID hlášení: e0fa3d44-3738-11e2-a87a-002421aadebc

Error - 25.11.2012 15:48:50 | Computer Name = Peckovi-PC | Source = Application Hang | ID = 1002
Description = Program iexplore.exe verze 8.0.7600.16385 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID
procesu: 127c Čas spuštění: 01cdcb459078de8d Čas ukončení: 0 Cesta k aplikaci: C:\Program
Files\Internet Explorer\iexplore.exe ID hlášení: 1c4b1e5e-3739-11e2-a87a-002421aadebc

Error - 25.11.2012 15:50:01 | Computer Name = Peckovi-PC | Source = Application Hang | ID = 1002
Description = Program App24x7Help.exe verze 2.0.0.9 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
b30 Čas spuštění: 01cdcb45708a8a13 Čas ukončení: 47 Cesta k aplikaci: C:\Program Files\24x7Help\App24x7Help.exe

ID
hlášení: 44418c8b-3739-11e2-a87a-002421aadebc

Error - 25.11.2012 15:50:45 | Computer Name = Peckovi-PC | Source = Application Hang | ID = 1002
Description = Program iexplore.exe verze 8.0.7600.16385 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID
procesu: b08 Čas spuštění: 01cdcb45e4a523f9 Čas ukončení: 0 Cesta k aplikaci: C:\Program
Files\Internet Explorer\iexplore.exe ID hlášení: 3671e98e-3739-11e2-a87a-002421aadebc

Error - 26.11.2012 12:39:35 | Computer Name = Peckovi-PC | Source = Application Hang | ID = 1002
Description = Program iexplore.exe verze 8.0.7600.16385 přestal spolupracovat se
systémem Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací
o tomto problému, vyhledejte historii problému v ovládacím panelu Centrum akcí.

ID
procesu: 137c Čas spuštění: 01cdcbf00383f7b9 Čas ukončení: 188 Cesta k aplikaci: C:\Program
Files\Internet Explorer\iexplore.exe ID hlášení: d5863ebd-37e7-11e2-96c5-002421aadebc

Error - 27.11.2012 6:08:54 | Computer Name = Peckovi-PC | Source = SideBySide | ID = 16842761
Description = Generování kontextu aktivace pro c:\program files\FBSkiny.com\adxloader.dll.Manifest
se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files\FBSkiny.com\adxloader.dll.Manifest
na řádku 2. Kořenový prvek souboru manifestu musí být symbolická adresa.

Error - 27.11.2012 6:10:12 | Computer Name = Peckovi-PC | Source = SideBySide | ID = 16842761
Description = Generování kontextu aktivace pro c:\program files\fbskiny.com\adxloader.dll.Manifest
se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program files\fbskiny.com\adxloader.dll.Manifest
na řádku 2. Kořenový prvek souboru manifestu musí být symbolická adresa.

[ System Events ]
Error - 28.11.2012 8:09:41 | Computer Name = Peckovi-PC | Source = DCOM | ID = 10005
Description =

Error - 28.11.2012 8:09:41 | Computer Name = Peckovi-PC | Source = DCOM | ID = 10005
Description =

Error - 28.11.2012 8:09:41 | Computer Name = Peckovi-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 28.11.2012 8:09:41 | Computer Name = Peckovi-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 28.11.2012 8:09:42 | Computer Name = Peckovi-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 28.11.2012 8:09:42 | Computer Name = Peckovi-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 28.11.2012 8:09:42 | Computer Name = Peckovi-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 28.11.2012 8:09:42 | Computer Name = Peckovi-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 28.11.2012 8:09:42 | Computer Name = Peckovi-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

Error - 28.11.2012 8:09:42 | Computer Name = Peckovi-PC | Source = Service Control Manager | ID = 7001
Description = Služba Služba seznamu sítí závisí na službě Sledování umístění v síti
(NLA), která neuspěla při spuštění v důsledku následující chyby: %%1068

< End of report >

#12 Příspěvek od **Márty84** » 28 lis 2012 21:47

Odinstalujte zase MBAM, at se tam neplete

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[CreateRestorePoint]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]

:services
AdobeARMservice
BBSvc
Nero BackItUp Scheduler 3
Zwinky_5qService
SkinnerUpdateService
gupdate
SkypeUpdate
AdobeFlashPlayerUpdateSvc
BBUpdate
gupdatem
gusvc

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4240907446-1380477899-2191812811-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4240907446-1380477899-2191812811-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for Peckovi.job
C:\Windows\tasks\RMAutoUpdate.job
C:\Windows\tasks\RMSchedule.job
C:\Program Files\Zwinky_5q
C:\Program Files\BabylonToolbar

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\URLSearchHook: {cc2e2b99-14d3-4516-883c-9ea147f594ef} - No CLSID value found
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - No CLSID value found
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\SearchScopes\{4CA837ED-E9D3-4887-8EF5-72DEBFA7DE82}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=FV&apn_dtid=YYYYYYYYCZ&apn_uid=cb8022c5-c8f2-4e07-9b0b-4b2444a5d49d&apn_sauid=2D73819D-2772-49E2-A4D6-AFA38E2D8E18
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}: "URL" = http://search.mywebsearch.com/mywebsear ... searchfor={searchTerms}
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://www2.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80546&lng=cs
IE - HKU\S-1-5-21-4240907446-1380477899-2191812811-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com//?search={searchTerms}&loc=search_box&a=1ex6HqkdBtd
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@Zwinky_5q.com/Plugin: C:\Program Files\Zwinky_5q\bar\1.bin\NP5qStub.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5qffxtbr@Zwinky_5q.com: C:\Program Files\Zwinky_5q\bar\1.bin [2012.11.28 08:10:37 | 000,000,000 | ---D | M]
[2012.03.18 19:43:31 | 000,000,000 | ---D | M] (BS Player Community Toolbar) -- C:\Users\Peckovi\AppData\Roaming\Mozilla\Firefox\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}
[2 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]
[1 C:\Windows\twain_32\*.tmp files -> C:\Windows\twain_32\*.tmp -> ]
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 6144 bytes -> C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:9FA5EC55

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d6451db9-67e1-4ca3-bfba-4d77fface17f}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
"{3033124f-06bf-4829-873a-310a125b4d4c}"=-
"{8dcb7100-df86-4384-8842-8fa844297b3f}"=-
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=-
"Adobe ARM"=-
"RemoteControl"=-
"NBKeyScan"=-
"HP Software Update"=-
"WinampAgent"=-
"DivXUpdate"=-
"Zwinky_5q Browser Plugin Loader"=-
"SiteRanker"=-
"PCPowerSpeed"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

Kurtik21 · #13 Příspěvek od **Kurtik21** » 29 lis 2012 08:33

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Peckovi
->Temp folder emptied: 104944520 bytes
->Temporary Internet Files folder emptied: 398321 bytes
->Google Chrome cache emptied: 6748608 bytes
->Flash cache emptied: 592238 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14931 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 107,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Peckovi
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service AdobeARMservice stopped successfully!
Service AdobeARMservice deleted successfully!
Service BBSvc stopped successfully!
Service BBSvc deleted successfully!
Service Nero BackItUp Scheduler 3 stopped successfully!
Service Nero BackItUp Scheduler 3 deleted successfully!
Service Zwinky_5qService stopped successfully!
Service Zwinky_5qService deleted successfully!
Service SkinnerUpdateService stopped successfully!
Service SkinnerUpdateService deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service BBUpdate stopped successfully!
Service BBUpdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4240907446-1380477899-2191812811-1000Core.job moved successfully.
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4240907446-1380477899-2191812811-1000UA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\Norton Security Scan for Peckovi.job moved successfully.
C:\Windows\tasks\RMAutoUpdate.job moved successfully.
C:\Windows\tasks\RMSchedule.job moved successfully.
C:\Program Files\Zwinky_5q\bar\Settings folder moved successfully.
C:\Program Files\Zwinky_5q\bar\Message folder moved successfully.
C:\Program Files\Zwinky_5q\bar\IE9Mesg folder moved successfully.
C:\Program Files\Zwinky_5q\bar\gen1 folder moved successfully.
C:\Program Files\Zwinky_5q\bar\1.bin\ThirdPartyInstallers folder moved successfully.
C:\Program Files\Zwinky_5q\bar\1.bin\chrome folder moved successfully.
C:\Program Files\Zwinky_5q\bar\1.bin folder moved successfully.
C:\Program Files\Zwinky_5q\bar folder moved successfully.
C:\Program Files\Zwinky_5q folder moved successfully.
File\Folder C:\Program Files\BabylonToolbar not found.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}\ not found.
Registry value HKEY_USERS\S-1-5-21-4240907446-1380477899-2191812811-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc2e2b99-14d3-4516-883c-9ea147f594ef} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc2e2b99-14d3-4516-883c-9ea147f594ef}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{cc2e2b99-14d3-4516-883c-9ea147f594ef}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4240907446-1380477899-2191812811-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ not found.
HKEY_USERS\S-1-5-21-4240907446-1380477899-2191812811-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4240907446-1380477899-2191812811-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-4240907446-1380477899-2191812811-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4CA837ED-E9D3-4887-8EF5-72DEBFA7DE82}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4CA837ED-E9D3-4887-8EF5-72DEBFA7DE82}\ not found.
Registry key HKEY_USERS\S-1-5-21-4240907446-1380477899-2191812811-1000\Software\Microsoft\Internet Explorer\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95}\ not found.
Registry key HKEY_USERS\S-1-5-21-4240907446-1380477899-2191812811-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Registry key HKEY_USERS\S-1-5-21-4240907446-1380477899-2191812811-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Zwinky_5q.com/Plugin\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\5qffxtbr@Zwinky_5q.com deleted successfully.
File C:\Program Files\Zwinky_5q\bar\1.bin not found.
C:\Users\Peckovi\AppData\Roaming\Mozilla\Firefox\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin folder moved successfully.
C:\Users\Peckovi\AppData\Roaming\Mozilla\Firefox\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\modules folder moved successfully.
C:\Users\Peckovi\AppData\Roaming\Mozilla\Firefox\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF folder moved successfully.
C:\Users\Peckovi\AppData\Roaming\Mozilla\Firefox\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults folder moved successfully.
C:\Users\Peckovi\AppData\Roaming\Mozilla\Firefox\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components folder moved successfully.
C:\Users\Peckovi\AppData\Roaming\Mozilla\Firefox\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\chrome folder moved successfully.
C:\Users\Peckovi\AppData\Roaming\Mozilla\Firefox\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\Windows\Installer\MSI7C7D.tmp deleted successfully.
C:\Windows\twain_32\hpqgnds2.tmp deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT deleted successfully.
ADS C:\ProgramData\TEMP:9FA5EC55 deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0347C33E-8762-4905-BF09-768834316C61}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CCB69577-088B-4004-9ED8-FF5BCC83A039}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCB69577-088B-4004-9ED8-FF5BCC83A039}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d6451db9-67e1-4ca3-bfba-4d77fface17f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6451db9-67e1-4ca3-bfba-4d77fface17f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{3033124f-06bf-4829-873a-310a125b4d4c} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3033124f-06bf-4829-873a-310a125b4d4c}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RemoteControl deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NBKeyScan deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Zwinky_5q Browser Plugin Loader deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SiteRanker deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PCPowerSpeed deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\"AppInit_DLLs"|"" /E : value set successfully!

OTL by OldTimer - Version 3.2.69.0 log created on 11292012_080928

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#14 Příspěvek od **Márty84** » 29 lis 2012 08:55

Dejte mi sem novy log z RSIT.

Jak je na tom pc?

Kurtik21 · #15 Příspěvek od **Kurtik21** » 29 lis 2012 12:14

Log z RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Peckovi at 2012-11-29 12:10:05
Microsoft Windows 7 Home Premium
System drive C: has 185 GB (78%) free of 238 GB
Total RAM: 2038 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:10:08, on 29.11.2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
E:\RSIT.exe
C:\Program Files\trend micro\Peckovi.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [RMAlert] "C:\Program Files\PC Tools Registry Mechanic\Alert.exe" /PRODUCT=RM /R
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GRA32A~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool2 (NitroReaderDriverReadSpool2) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

--
End of file - 5321 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for Peckovi.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-08-20 150016]
"SSDMonitor"=C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2012-04-26 103896]
"RMAlert"=C:\Program Files\PC Tools Registry Mechanic\Alert.exe [2012-04-26 1318872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=yv12vfw.dll
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-11-29 08:09:28 ----D---- C:\_OTL
2012-11-28 13:33:39 ----A---- C:\OTL.Txt
2012-11-28 13:33:39 ----A---- C:\Extras.Txt
2012-11-28 13:09:26 ----A---- C:\Windows\ntbtlog.txt
2012-11-27 12:48:21 ----D---- C:\Users\Peckovi\AppData\Roaming\Malwarebytes
2012-11-27 12:48:13 ----D---- C:\ProgramData\Malwarebytes
2012-11-27 12:36:48 ----A---- C:\AdwCleaner[S1].txt
2012-11-27 11:44:07 ----A---- C:\AdwCleaner[R1].txt
2012-11-27 10:43:19 ----D---- C:\Program Files\trend micro
2012-11-27 10:43:18 ----D---- C:\rsit

======List of files/folders modified in the last 1 month======

2012-11-29 12:10:07 ----D---- C:\Windows\Temp
2012-11-29 12:10:01 ----D---- C:\Windows\Prefetch
2012-11-29 08:44:07 ----D---- C:\Windows\system32\config
2012-11-29 08:34:40 ----D---- C:\Windows\Tasks
2012-11-29 08:12:09 ----AD---- C:\ProgramData\TEMP
2012-11-29 08:12:03 ----D---- C:\Program Files\PC Tools Registry Mechanic
2012-11-29 08:10:50 ----SHD---- C:\Windows\Installer
2012-11-29 08:10:50 ----D---- C:\Windows\twain_32
2012-11-29 08:10:49 ----RD---- C:\Program Files
2012-11-29 08:10:17 ----D---- C:\Windows\system32\drivers\etc
2012-11-29 08:09:49 ----SHD---- C:\System Volume Information
2012-11-29 08:07:02 ----D---- C:\Windows\system32\drivers
2012-11-29 08:05:56 ----D---- C:\Program Files\SiteRanker
2012-11-29 03:31:42 ----D---- C:\Windows\System32
2012-11-29 03:31:35 ----D---- C:\Windows\inf
2012-11-28 16:53:17 ----D---- C:\Windows\system32\Tasks
2012-11-28 16:48:39 ----SD---- C:\Users\Peckovi\AppData\Roaming\Microsoft
2012-11-28 13:09:26 ----D---- C:\Windows
2012-11-28 08:11:41 ----D---- C:\Windows\Msagent
2012-11-28 08:10:37 ----D---- C:\Program Files\GotClip
2012-11-27 12:48:13 ----HD---- C:\ProgramData
2012-11-27 10:44:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-11-27 10:34:34 ----HD---- C:\Config.Msi
2012-11-27 10:16:16 ----D---- C:\Program Files\Common Files\Symantec Shared
2012-11-24 22:24:42 ----D---- C:\Windows\system32\wfp
2012-11-24 22:24:40 ----D---- C:\Windows\system32\wbem
2012-11-24 22:24:08 ----D---- C:\Windows\system32\DriverStore
2012-11-24 22:24:08 ----D---- C:\Windows\system32\catroot2
2012-11-24 22:24:00 ----D---- C:\Windows\registration
2012-11-18 18:47:39 ----D---- C:\Users\Peckovi\AppData\Roaming\Skype
2012-11-17 20:12:20 ----D---- C:\Program Files\Google
2012-11-17 16:48:27 ----D---- C:\Windows\Logs
2012-10-30 23:50:59 ----A---- C:\Windows\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-10-15 44784]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-10-30 738504]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-10-30 361032]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-10-30 54232]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-10-30 21256]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-10-30 58680]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 Dot4;MS IEEE-1284.4 Driver; C:\Windows\system32\DRIVERS\Dot4.sys [2009-07-14 131072]
S3 Dot4Print;Print Class Driver for IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2009-07-14 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2009-07-14 36864]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HPSLPSVC;HP Network Devices Support; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2; C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2012-06-25 184848]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-04-26 793048]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

PC je určitě rychlejší a Internet Explorer už funguje, jak má.

VIRY.CZ

Prosím o kontrolu logu a radu s odstraněním Babylonu, atd.

Prosím o kontrolu logu a radu s odstraněním Babylonu, atd.

Re: Prosím o kontrolu logu a radu s odstraněním Babylonu, at

Re: Prosím o kontrolu logu a radu s odstraněním Babylonu, at

Re: Prosím o kontrolu logu a radu s odstraněním Babylonu, at

Re: Prosím o kontrolu logu a radu s odstraněním Babylonu, at

Re: Prosím o kontrolu logu a radu s odstraněním Babylonu, at

Re: Prosím o kontrolu logu a radu s odstraněním Babylonu, at

Re: Prosím o kontrolu logu a radu s odstraněním Babylonu, at

Re: Prosím o kontrolu logu a radu s odstraněním Babylonu, at

Re: Prosím o kontrolu logu a radu s odstraněním Babylonu, at

Re: Prosím o kontrolu logu a radu s odstraněním Babylonu, at

Re: Prosím o kontrolu logu a radu s odstraněním Babylonu, at

Re: Prosím o kontrolu logu a radu s odstraněním Babylonu, at

Re: Prosím o kontrolu logu a radu s odstraněním Babylonu, at

Re: Prosím o kontrolu logu a radu s odstraněním Babylonu, at