VIRY.CZ

Pouzijte tento (upraveny) skript

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a5ae8924-4036-420f-b7f6-a47e4b8f692e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}\ not found.
File C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{30421e54-3b57-4e5b-947c-9b6beea57683} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30421e54-3b57-4e5b-947c-9b6beea57683}\ not found.
Registry value HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{51a86bb3-6602-4c85-92a5-130ee4864f13} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51a86bb3-6602-4c85-92a5-130ee4864f13}\ not found.
Registry value HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a5ae8924-4036-420f-b7f6-a47e4b8f692e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}\ not found.
File C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dll not found.
Registry value HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e8de9422-3b2c-4243-bf6f-235da84d8ef8} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}\ not found.
HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
Registry key HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry key HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}\ not found.
Folder C:\Users\opopop\AppData\Roaming\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
File C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00C6482D-C502-44C8-8409-FCE54AD9C208}\ not found.
File C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}\ not found.
File C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.
File C:\Program Files (x86)\vShare\vshare_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
File C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4064EA35-578D-4073-A834-C96D82CBCF40} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4064EA35-578D-4073-A834-C96D82CBCF40}\ not found.
File C:\Program Files (x86)\Save Flash\SaveFlash.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
File C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a5ae8924-4036-420f-b7f6-a47e4b8f692e} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5ae8924-4036-420f-b7f6-a47e4b8f692e}\ not found.
File C:\Program Files (x86)\Free_Lunch_Design_TB\prxtbFree.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ not found.
File C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Block frame with Ad Muncher\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Block image with Ad Muncher\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Block link with Ad Muncher\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Don't filter page with Ad Muncher\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Report page to the Ad Muncher developers\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\WikiKomentáře Google...\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Block frame with Ad Muncher\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Block image with Ad Muncher\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Block link with Ad Muncher\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Don't filter page with Ad Muncher\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Report page to the Ad Muncher developers\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ not found.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ not found.
File Protocol\Handler\viprotocol - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome\ not found.
File Protocol\Handler\vsharechrome - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ not found.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI3C8A~1\Datamngr\x64\datamngr.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI3C8A~1\Datamngr\x64\IEBHO.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI3C8A~1\Datamngr\datamngr.dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI3C8A~1\Datamngr\IEBHO.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7688af88-46cf-11df-9fc2-00241d82b71a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7688af88-46cf-11df-9fc2-00241d82b71a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc2700dd-b79d-11dd-9de5-00241d82b71a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc2700dd-b79d-11dd-9de5-00241d82b71a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc2700df-b79d-11dd-9de5-00241d82b71a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc2700df-b79d-11dd-9de5-00241d82b71a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d38eea36-5feb-11df-ac8b-00241d82b71a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d38eea36-5feb-11df-ac8b-00241d82b71a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dd96bd2d-94c1-11de-aea9-00241d82b71a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dd96bd2d-94c1-11de-aea9-00241d82b71a}\ not found.
File C:\Windows\tasks\AutoKMS.job not found.
File C:\Windows\Tasks\AutoKMS.job not found.
File C:\Windows\Tasks\AutoKMSDaily.job not found.
File/Folder C:\Windows\*.tmp not found.
File/Folder C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp not found.
File/Folder C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp not found.
File/Folder C:\Windows\Installer\*.tmp not found.
File/Folder C:\Windows\System32\spool\drivers\x64\3\*.tmp not found.
File/Folder C:\Windows\Temp\*.tmp not found.
File/Folder C:\Windows\twain_32\*.tmp not found.
File C:\Windows\Tasks\Adobe Flash Player Updater.job not found.
Unable to delete ADS C:\ProgramData\TEMP:3440EB47 .
Unable to delete ADS C:\ProgramData\TEMP:0888F409 .
Unable to delete ADS C:\ProgramData\TEMP:66633281 .
Unable to delete ADS C:\ProgramData\TEMP:F93E1473 .
Unable to delete ADS C:\ProgramData\TEMP:888AFB86 .
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AMD64 CPU Assistant not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\OEXPRESS not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite not found.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dexpot\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\AMD64 CPU Assistant not found.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\DAEMON Tools Toolbar not found.
File\Folder C:\Program Files (x86)\facemoods.com not found.
File\Folder C:\Program Files (x86)\AskBarDis not found.
Folder c:\Users\opopop\Desktop\Programy\.123.Flash.Menu.v4.1.5.1400.Cracked-F4CG not found.
File\Folder c:\Users\opopop\Desktop\Programy\Artisteer.3.0.0.45570\Lz0\cracked.rar not found.
Folder c:\Users\opopop\Desktop\Programy\Windows 7 Genuine not found.
File\Folder c:\Users\opopop\Downloads\Adobe-Photoshop-CS5-Extended-(Crack-+-Instructions).zip not found.
File\Folder c:\Users\opopop\Downloads\Crack And Serial PS CS5.1 Extended (32-64 Bit).rar not found.
File\Folder c:\Users\opopop\Downloads\Crack-for-Photoshop-CS5.rar not found.
File\Folder c:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\configuration\Content\Reference\HTML\KEYGEN.html not found.
File\Folder c:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit.Reader.Keygen-CORE.exe not found.
File\Folder c:\Program Files (x86)\Garmin\POI\Keygen - modded for Travel Guide ONLY.exe not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Desktop

User: opopop
->Temp folder emptied: 177784199 bytes
->Temporary Internet Files folder emptied: 15303160 bytes
->Java cache emptied: 23150499 bytes
->Google Chrome cache emptied: 287980035 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 108686 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 24009905 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67978 bytes
RecycleBin emptied: 433745 bytes

Total Files Cleaned = 504,00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Desktop

User: opopop
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Desktop

User: opopop
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.54.1 log created on 07272012_060815

Files\Folders moved on Reboot...
C:\Users\opopop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\opopop\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 12-07-27.03 - opopop 27.07.2012 16:30:31.1.3 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4094.2841 [GMT 2:00]
Spuštěný z: c:\users\opopop\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\xml3368.tmp
c:\programdata\xml357C.tmp
c:\programdata\xml3657.tmp
c:\programdata\xml6A1E.tmp
c:\programdata\xml6B37.tmp
c:\programdata\xml6BC5.tmp
c:\users\opopop\AppData\Local\assembly\tmp
c:\users\opopop\AppData\Roaming\815AF6.dat
c:\users\opopop\AppData\Roaming\chrtmp
c:\users\opopop\AppData\Roaming\inst.exe
c:\users\opopop\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antivirus Protection 2012.lnk
c:\users\opopop\AppData\Roaming\vso_ts_preview.xml
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\ST6UNST.000
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\SysWow64\Nagasoft
c:\windows\SysWow64\Nagasoft\Codecs\asyncflt.ax
c:\windows\SysWow64\Nagasoft\Codecs\atrc.dll
c:\windows\SysWow64\Nagasoft\Codecs\cook.dll
c:\windows\SysWow64\Nagasoft\Codecs\drvc.dll
c:\windows\SysWow64\Nagasoft\Codecs\raac.dll
c:\windows\SysWow64\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\SysWow64\Nagasoft\Codecs\WMFDemux.dll
c:\windows\SysWow64\Nagasoft\GifShower.dll
c:\windows\SysWow64\Nagasoft\vjocx.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-27 do 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-27 14:40 . 2012-07-27 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-26 18:58 . 2012-07-26 18:58 -------- d-----w- c:\users\opopop\AppData\Roaming\.Nitrous
2012-07-25 20:51 . 2012-07-25 20:51 -------- d-----w- C:\_OTL
2012-07-25 19:02 . 2012-07-25 19:02 512 ----a-w- C:\PhysicalMBR.bin
2012-07-25 18:32 . 2012-07-25 18:34 -------- d-----w- c:\program files\trend micro
2012-07-25 18:32 . 2012-07-25 18:34 -------- d-----w- C:\rsit
2012-07-25 18:18 . 2012-07-25 18:18 -------- d-----w- c:\windows\system32\MpEngineStore
2012-07-19 12:49 . 2012-07-19 13:12 -------- d-----w- c:\program files (x86)\SecondLifeViewer
2012-07-19 10:45 . 2012-07-19 10:45 -------- d-----w- c:\users\opopop\AppData\Roaming\BANDISOFT
2012-07-19 10:45 . 2012-07-19 10:45 -------- d-----w- c:\program files (x86)\BandiMPEG1
2012-07-19 10:07 . 2012-07-19 10:11 -------- d-----w- c:\users\opopop\AppData\Roaming\.techniclauncher
2012-07-15 19:57 . 2012-07-15 19:57 -------- d-----w- c:\program files (x86)\GamePark
2012-07-09 06:23 . 2012-07-09 06:23 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-09 06:23 . 2012-07-09 06:23 -------- d-----w- c:\program files (x86)\Java
2012-07-08 18:47 . 2012-07-27 05:57 -------- d-----w- c:\users\opopop\AppData\Local\CrashDumps
2012-07-08 18:37 . 2012-07-27 14:38 -------- d-----w- c:\users\opopop\AppData\Local\assembly
2012-07-01 18:32 . 2012-07-01 18:32 -------- d-----w- c:\program files (x86)\Clownfish
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 10:13 . 2012-05-03 12:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 10:13 . 2011-05-25 03:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-09 06:23 . 2010-05-08 06:11 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2012-03-29 20:19 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 13:35 . 2012-06-17 13:35 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-05-07 06:55 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\opopop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\opopop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\opopop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\opopop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-10 1200144]
tst.ahk [2010-2-14 188]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R1 sxiszkln;sxiszkln;c:\windows\system32\drivers\sxiszkln.sys [x]
R1 VD_FileDisk;VD_FileDisk; [x]
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2009-05-05 124256]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R2 tvMobiliService;tvMobiliService;c:\program files (x86)\TVMOBiLi\bin\tvMobiliService.exe [2010-11-12 819291]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-08 1038088]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-06-17 17152]
R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2011-03-07 18456]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-09-02 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 51727736]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-09-13 82816]
R3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPEServ;soft Xpansion Print2Document;c:\program files (x86)\Common Files\WPE\wpeserv.exe [2007-05-08 323584]
R3 X6va005;X6va005;c:\users\opopop\AppData\Local\Temp\005ABC0.tmp [x]
R3 X6va006;X6va006;c:\users\opopop\AppData\Local\Temp\006C423.tmp [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2011-03-07 129304]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2010-07-22 54848]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-30 834544]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 202752]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S2 VLC-Win7_Service;VLC-Win7_Service;c:\program files (x86)\VideoLAN\VLC\vlc.exe [2011-04-12 107520]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-11 6228480]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-11 160256]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
vvdsvc REG_MULTI_SZ vvdsvc
.
Obsah adresáře 'Naplánované úlohy'
.
2012-07-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 10:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\opopop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\opopop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\opopop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\opopop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
uDefault_Search_URL =
mLocal Page =
uSearchAssistant =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: Interfaces\{AE74BE4B-2162-4B3F-865F-B6CEFCCEED22}: NameServer = 156.154.70.25,156.154.71.25
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-fsproflt
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Ask Toolbar_is1 - c:\program files (x86)\AskBarDis\unins000.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
AddRemove-facemoods - c:\program files (x86)\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-UnityWebPlayer - c:\users\opopop\AppData\Local\Unity\WebPlayer\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\opopop\AppData\Local\Temp\005ABC0.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\opopop\AppData\Local\Temp\006C423.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\AutoHotkey\AutoHotkey.exe
.
**************************************************************************
.
Celkový čas: 2012-07-27 16:52:31 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-27 14:52
.
Před spuštěním: 3 458 830 336
Po spuštění: 3 637 747 712
.
- - End Of File - - 63476BCE4A84A593B8EB5EBEAD6B1561

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  c:\windows\system32\drivers\sxiszkln.sys
  
  File::
  c:\users\opopop\AppData\Local\Temp\005ABC0.tmp 
  c:\users\opopop\AppData\Local\Temp\006C423.tmp
  c:\windows\Tasks\Adobe Flash Player Updater.job
  
  Driver::
  sxiszkln
  VD_FileDisk
  X6va005
  X6va006
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 12-07-27.03 - opopop 28.07.2012 7:03.2.3 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4094.2722 [GMT 2:00]
Spuštěný z: c:\users\opopop\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\opopop\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\users\opopop\AppData\Local\Temp\005ABC0.tmp"
"c:\users\opopop\AppData\Local\Temp\006C423.tmp"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\opopop\AppData\Local\assembly\tmp
c:\windows\Tasks\Adobe Flash Player Updater.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_X6VA005
-------\Legacy_X6VA006
-------\Service_sxiszkln
-------\Service_VD_FileDisk
-------\Service_X6va005
-------\Service_X6va006
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-06-28 do 2012-07-28 )))))))))))))))))))))))))))))))
.
.
2012-07-28 05:11 . 2012-07-28 05:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-27 21:54 . 2012-07-27 21:54 -------- d-----w- c:\program files (x86)\Yontoo
2012-07-27 21:54 . 2012-07-27 21:54 -------- d-----w- c:\programdata\Tarma Installer
2012-07-27 21:54 . 2012-07-27 21:54 -------- d-----w- c:\programdata\SweetIM
2012-07-27 21:54 . 2012-07-27 21:54 -------- d-----w- c:\program files (x86)\SweetIM
2012-07-27 21:46 . 2012-07-27 21:46 304 ----a-w- C:\user.js
2012-07-27 21:46 . 2012-07-27 21:46 -------- d-----w- c:\program files (x86)\BabylonToolbar
2012-07-27 21:46 . 2012-07-27 21:46 -------- d-----w- c:\users\opopop\AppData\Roaming\Babylon
2012-07-27 21:46 . 2012-07-27 21:46 -------- d-----w- c:\programdata\Babylon
2012-07-27 21:43 . 2012-07-27 21:43 -------- d-----w- c:\users\opopop\AppData\Roaming\TechSmith
2012-07-26 18:58 . 2012-07-26 18:58 -------- d-----w- c:\users\opopop\AppData\Roaming\.Nitrous
2012-07-25 20:51 . 2012-07-25 20:51 -------- d-----w- C:\_OTL
2012-07-25 19:02 . 2012-07-25 19:02 512 ----a-w- C:\PhysicalMBR.bin
2012-07-25 18:32 . 2012-07-25 18:34 -------- d-----w- c:\program files\trend micro
2012-07-25 18:32 . 2012-07-25 18:34 -------- d-----w- C:\rsit
2012-07-25 18:18 . 2012-07-25 18:18 -------- d-----w- c:\windows\system32\MpEngineStore
2012-07-19 12:49 . 2012-07-19 13:12 -------- d-----w- c:\program files (x86)\SecondLifeViewer
2012-07-19 10:45 . 2012-07-19 10:45 -------- d-----w- c:\users\opopop\AppData\Roaming\BANDISOFT
2012-07-19 10:45 . 2012-07-19 10:45 -------- d-----w- c:\program files (x86)\BandiMPEG1
2012-07-19 10:07 . 2012-07-19 10:11 -------- d-----w- c:\users\opopop\AppData\Roaming\.techniclauncher
2012-07-15 19:57 . 2012-07-15 19:57 -------- d-----w- c:\program files (x86)\GamePark
2012-07-09 06:23 . 2012-07-09 06:23 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-09 06:23 . 2012-07-09 06:23 -------- d-----w- c:\program files (x86)\Java
2012-07-08 18:47 . 2012-07-27 22:11 -------- d-----w- c:\users\opopop\AppData\Local\CrashDumps
2012-07-08 18:37 . 2012-07-28 05:10 -------- d-----w- c:\users\opopop\AppData\Local\assembly
2012-07-01 18:32 . 2012-07-01 18:32 -------- d-----w- c:\program files (x86)\Clownfish
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 10:13 . 2012-05-03 12:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 10:13 . 2011-05-25 03:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-09 06:23 . 2010-05-08 06:11 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-03 11:46 . 2012-03-29 20:19 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 13:35 . 2012-06-17 13:35 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-05-07 06:55 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-27_14.42.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-28 20:39 . 2012-07-28 04:58 98578 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-28 05:14 47198 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-08-28 16:56 . 2012-07-28 05:14 34044 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-177668100-1846633066-3982842387-1001_UserData.bin
- 2009-08-28 15:52 . 2012-07-27 14:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-08-28 15:52 . 2012-07-27 21:54 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-28 15:52 . 2012-07-27 14:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-28 15:52 . 2012-07-27 21:54 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-27 14:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-27 21:54 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-28 16:55 . 2012-07-28 05:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-28 16:55 . 2012-07-27 14:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-28 16:55 . 2012-07-27 14:42 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-08-28 16:55 . 2012-07-28 05:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-08-28 16:55 . 2012-07-27 14:42 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-28 16:55 . 2012-07-28 05:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-28 16:55 . 2012-07-28 05:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-28 16:55 . 2012-07-27 14:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-08-28 16:55 . 2012-07-27 14:42 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-28 16:55 . 2012-07-28 05:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-27 21:54 . 2012-07-27 21:54 10134 c:\windows\Installer\{774C0434-9948-4DEE-A14E-69CDD316E36C}\ARPPRODUCTICON.exe
+ 2012-07-27 21:54 . 2012-07-27 21:54 10134 c:\windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}\ARPPRODUCTICON.exe
+ 2012-07-28 05:12 . 2012-07-28 05:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-27 14:41 . 2012-07-27 14:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-28 05:12 . 2012-07-28 05:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-27 14:41 . 2012-07-27 14:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-07-27 22:30 491980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-27 14:05 491980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-27 15:40 . 2012-06-27 15:40 353280 c:\windows\Installer\185a13b.msi
+ 2012-07-27 21:54 . 2012-07-27 21:54 2243584 c:\windows\Installer\185a14d.msi
+ 2012-07-27 21:54 . 2012-07-27 21:54 3119104 c:\windows\Installer\185a147.msi
+ 2012-07-27 21:54 . 2012-07-27 21:54 3704832 c:\windows\Installer\185a141.msi
- 2011-07-30 22:25 . 2012-07-27 14:05 14390181 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-177668100-1846633066-3982842387-1001-8192.dat
+ 2011-07-30 22:25 . 2012-07-27 22:30 14390181 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-177668100-1846633066-3982842387-1001-8192.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2012-06-04 14:12 1310040 ----a-w- c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2012-06-04 1310040]
.
[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\opopop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\opopop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\opopop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\opopop\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SweetIM"="c:\program files (x86)\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-10 1200144]
tst.ahk [2010-2-14 188]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2009-05-05 124256]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-11-08 1038088]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2012-06-17 17152]
R3 massfilter_hs;ZTE HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2011-03-07 18456]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe [2010-09-02 227232]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 51727736]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-09-13 82816]
R3 PS3 Media Server;PS3 Media Server;c:\program files (x86)\PS3 Media Server\win32\service\wrapper.exe [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WPEServ;soft Xpansion Print2Document;c:\program files (x86)\Common Files\WPE\wpeserv.exe [2007-05-08 323584]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2011-03-07 129304]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2010-07-22 54848]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-09-30 834544]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 202752]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S2 tvMobiliService;tvMobiliService;c:\program files (x86)\TVMOBiLi\bin\tvMobiliService.exe [2010-11-12 819291]
S2 VLC-Win7_Service;VLC-Win7_Service;c:\program files (x86)\VideoLAN\VLC\vlc.exe [2011-04-12 107520]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-11 6228480]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-11 160256]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Ovladač Realtek 8167 NT;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
vvdsvc REG_MULTI_SZ vvdsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\opopop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\opopop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\opopop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\opopop\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF4350.3XE" [2009-07-14 344576]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={A8B01225-D835-11E1-97BA-00241D82B71A}
uDefault_Search_URL =
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10002&barid={A8B01225-D835-11E1-97BA-00241D82B71A}
mLocal Page =
uSearchAssistant =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Sothink SWF Catcher - c:\program files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{AE74BE4B-2162-4B3F-865F-B6CEFCCEED22}: NameServer = 156.154.70.25,156.154.71.25
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\AutoHotkey\AutoHotkey.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
.
**************************************************************************
.
Celkový čas: 2012-07-28 07:17:42 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-07-28 05:17
ComboFix2.txt 2012-07-27 14:52
.
Před spuštěním: 3 264 303 104
Po spuštění: 3 027 222 528
.
- - End Of File - - B4F9920A6B6D0CC44648984B69F42FB9

Pouzivate Babyloon a SweetIM

ne ,nepoužívám,slyším to poprvé

Obcas se chce divat co odklikavate pri instalaci - tyto programy jsou vetsinou podsunuty pri instalaci jineho SW

Zkuste je tedy odinstalovat pres Pridat nebo odebrat programy a pak si dame OTL

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
• Zaskrtnete okenko Pro vsechny uzivatele
• Zaskrtnete okenko Kontrola na havet "LOP"
• Zaskrtnete okenko Kontrola na havet "Purity"
• Stari souboru zmente z 30 dnu na 7 dnu
• Kliknete na tlacitko Prohledat
• Po dokonceni skenu (cca 10 az 15 min) se objevi log OTL.txt vlozte jej sem

OTL logfile created on: 28.7.2012 11:47:31 - Run 2
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\opopop\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,73 Gb Available Physical Memory | 68,19% Memory free
8,00 Gb Paging File | 6,61 Gb Available in Paging File | 82,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,39 Gb Total Space | 2,89 Gb Free Space | 1,98% Space Free | Partition Type: NTFS
Drive D: | 449,68 Gb Total Space | 9,51 Gb Free Space | 2,12% Space Free | Partition Type: NTFS

Computer Name: OPOPOP-PC | User Name: opopop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.07.25 20:55:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\opopop\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.02.26 16:01:44 | 000,295,728 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
PRC - [2011.04.12 02:45:30 | 000,107,520 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
PRC - [2011.03.31 17:08:14 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010.11.12 15:54:50 | 000,819,291 | ---- | M] () -- C:\Program Files (x86)\TVMOBiLi\bin\tvMobiliService.exe
PRC - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
PRC - [2009.09.25 20:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
PRC - [2008.11.07 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Modules (No Company Name) ==========

MOD - [2009.09.25 20:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
MOD - [2008.11.07 05:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.08.12 01:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009.12.11 22:44:52 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.11.08 20:07:09 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.11.07 17:49:10 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2012.07.27 12:13:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.07.03 13:19:28 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.05.23 21:36:06 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.04.12 02:45:30 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -- (VLC-Win7_Service)
SRV - [2011.03.31 17:08:14 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010.11.12 15:54:50 | 000,819,291 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\TVMOBiLi\bin\tvMobiliService.exe -- (tvMobiliService)
SRV - [2010.09.02 22:18:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.189\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.11.12 14:48:56 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.11.01 15:52:45 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.05 05:45:50 | 000,124,256 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2007.05.08 15:30:50 | 000,323,584 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\wpe\wpeserv.exe -- (WPEServ)
SRV - [2007.02.23 12:06:54 | 000,438,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.02.23 12:06:46 | 000,215,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.09.22 01:33:15 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Stopped] -- C:\Windows\SysWow64\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP3\WNt500x64\Sandra.sys -- (SANDRA)
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011.03.07 12:19:10 | 000,129,304 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsmdm.sys -- (zghsmdm)
DRV:64bit: - [2011.03.07 12:18:48 | 000,018,456 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV:64bit: - [2010.09.30 13:48:05 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.07.22 17:13:28 | 000,054,848 | ---- | M] (FSPro Labs) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\FSPFltd.sys -- (FSProFilter)
DRV:64bit: - [2010.06.25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.12.11 23:04:44 | 006,228,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.12.11 23:04:44 | 006,228,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2009.12.11 21:51:08 | 000,160,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.11.19 01:30:56 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.11.01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.09.13 15:56:01 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.04 18:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2009.04.03 06:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.09.26 10:56:00 | 000,113,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2008.09.26 10:56:00 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2008.09.26 10:56:00 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008.09.26 10:56:00 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008.09.26 10:55:00 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV - [2012.06.17 15:35:14 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)
DRV - [2006.01.10 04:47:27 | 000,031,846 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\Ckldrv.sys -- (NetworkX)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... 241D82B71A}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 241D82B71A}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000. ... 241D82B71A}
IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTer ... 241d82b71a
IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 241D82B71A}
IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\opopop\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002170-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\opopop\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\opopop\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\opopop\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\opopop\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\opopop\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.02 16:50:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files (x86)\Ad Muncher\FirefoxExtension_2.0 [2012.07.17 14:31:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.18 19:19:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey\Extensions\\{3ED591BC-7CC7-495B-A526-B2431356EDC1}: C:\Program Files (x86)\Ad Muncher\FirefoxExtension_2.0 [2012.07.17 14:31:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.02 16:50:02 | 000,000,000 | ---D | M]

[2010.05.28 21:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\opopop\AppData\Roaming\Mozilla\Extensions
[2010.05.28 21:34:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\opopop\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.25 22:52:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\opopop\AppData\Roaming\Mozilla\Firefox\extensions
[2012.07.27 23:46:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.10.26 10:13:42 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

========== Chrome ==========

CHR - homepage: https://www.google.cz/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: https://www.google.cz/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\opopop\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\opopop\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\opopop\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\opopop\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\opopop\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\opopop\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\opopop\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1002170-0-npoctoshape.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\opopop\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\opopop\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Full Screen Weather = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: Facebook Meme Chat Emoticons Bar = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\geambommijjphdlendibpfkndcmjeoml\1_0\
CHR - Extension: AdBlock = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\
CHR - Extension: Awesome Weather Widget [ANTP] = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc\2012.104.116.101_0\
CHR - Extension: Gestures for Chrome(TM) = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.12.1_0\
CHR - Extension: Marc Ecko = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk\2_0\
CHR - Extension: Gmail = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: YouTube = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Full Screen Weather = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: Facebook Meme Chat Emoticons Bar = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\geambommijjphdlendibpfkndcmjeoml\1_0\
CHR - Extension: AdBlock = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.38_0\
CHR - Extension: Awesome Weather Widget [ANTP] = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc\2012.104.116.101_0\
CHR - Extension: Gestures for Chrome(TM) = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk\1.12.1_0\
CHR - Extension: Marc Ecko = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\opjonmehjfmkejjifhhknofdnacklmjk\2_0\
CHR - Extension: Gmail = C:\Users\opopop\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.03.29 19:31:36 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 68.168.222.226 www.google-analytics.com.
O1 - Hosts: 68.168.222.226 ad-emea.doubleclick.net.
O1 - Hosts: 68.168.222.226 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll ()
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.
O3 - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files (x86)\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.3.1)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.spvod.com/soft/vjocx-ch-spvod.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE74BE4B-2162-4B3F-865F-B6CEFCCEED22}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE74BE4B-2162-4B3F-865F-B6CEFCCEED22}: NameServer = 156.154.70.25,156.154.71.25
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 7 Days ==========

[2012.07.28 07:17:44 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.07.28 07:12:51 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.07.28 00:10:24 | 000,000,000 | ---D | C] -- C:\Users\opopop\AppData\Local\{16DED84C-A67B-4E6D-9E5F-20FA200929CE}
[2012.07.27 23:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012.07.27 23:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.07.27 23:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2012.07.27 23:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
[2012.07.27 23:54:09 | 006,204,760 | ---- | C] (SweetIM Technologies Ltd.) -- C:\Users\opopop\Desktop\BundleSweetIMSetup.exe
[2012.07.27 23:46:24 | 000,000,000 | ---D | C] -- C:\Users\opopop\AppData\Roaming\Babylon
[2012.07.27 23:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.07.27 23:43:17 | 000,000,000 | ---D | C] -- C:\Users\opopop\AppData\Roaming\TechSmith
[2012.07.27 19:21:59 | 005,292,232 | ---- | C] (ParetoLogic Inc.) -- C:\Users\opopop\Desktop\ParetoLogic PC Health Advisor.exe
[2012.07.27 19:03:09 | 000,725,440 | ---- | C] (Enigma Software Group USA, LLC.) -- C:\Users\opopop\Desktop\SpyHunter-Installer.exe
[2012.07.27 16:28:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.27 16:28:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.27 16:28:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.27 16:10:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.27 16:10:05 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.27 16:00:58 | 004,719,842 | R--- | C] (Swearware) -- C:\Users\opopop\Desktop\ComboFix.exe
[2012.07.26 20:58:40 | 000,000,000 | ---D | C] -- C:\Users\opopop\AppData\Roaming\.Nitrous
[2012.07.26 20:56:03 | 000,000,000 | ---D | C] -- C:\Users\opopop\Desktop\mody
[2012.07.25 22:51:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.07.25 20:55:59 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\opopop\Desktop\OTL.exe
[2012.07.25 20:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.07.25 20:32:02 | 000,000,000 | ---D | C] -- C:\rsit
[2012.07.25 20:18:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MpEngineStore
[2012.07.25 20:00:59 | 072,854,560 | ---- | C] (Microsoft Corporation) -- C:\Users\opopop\Desktop\msert.exe
[2012.07.24 22:52:28 | 000,000,000 | -H-D | C] -- C:\Users\opopop\Desktop\.picasaoriginals
[2009.09.13 15:56:01 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\opopop\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 7 Days ==========

[2012.07.28 07:17:24 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 07:17:22 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.28 07:12:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.28 07:12:06 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.27 23:54:33 | 000,000,204 | ---- | M] () -- C:\Users\opopop\Desktop\SweetPcFix.url
[2012.07.27 23:54:21 | 006,204,760 | ---- | M] (SweetIM Technologies Ltd.) -- C:\Users\opopop\Desktop\BundleSweetIMSetup.exe
[2012.07.27 23:54:12 | 001,364,995 | ---- | M] () -- C:\Users\opopop\Desktop\CamStudio20.exe
[2012.07.27 23:46:41 | 000,000,304 | ---- | M] () -- C:\user.js
[2012.07.27 19:21:59 | 005,292,232 | ---- | M] (ParetoLogic Inc.) -- C:\Users\opopop\Desktop\ParetoLogic PC Health Advisor.exe
[2012.07.27 19:03:09 | 000,725,440 | ---- | M] (Enigma Software Group USA, LLC.) -- C:\Users\opopop\Desktop\SpyHunter-Installer.exe
[2012.07.27 16:00:58 | 004,719,842 | R--- | M] (Swearware) -- C:\Users\opopop\Desktop\ComboFix.exe
[2012.07.27 12:13:15 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.07.27 12:13:15 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.07.25 21:02:36 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.07.25 20:55:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\opopop\Desktop\OTL.exe
[2012.07.25 20:31:19 | 000,935,175 | ---- | M] () -- C:\Users\opopop\Desktop\RSITx64.exe
[2012.07.25 20:03:05 | 072,854,560 | ---- | M] (Microsoft Corporation) -- C:\Users\opopop\Desktop\msert.exe
[2012.07.25 08:52:02 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.07.25 08:52:02 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.07.24 22:52:28 | 000,351,229 | ---- | M] () -- C:\Users\opopop\Desktop\CAM_0023.jpg
[2012.07.24 16:44:29 | 000,116,962 | ---- | M] () -- C:\Users\opopop\Desktop\Zivanice_0122.jpg

========== Files Created - No Company Name ==========

[2012.07.27 23:54:33 | 000,000,204 | ---- | C] () -- C:\Users\opopop\Desktop\SweetPcFix.url
[2012.07.27 23:54:09 | 001,364,995 | ---- | C] () -- C:\Users\opopop\Desktop\CamStudio20.exe
[2012.07.27 23:46:40 | 000,000,304 | ---- | C] () -- C:\user.js
[2012.07.27 16:28:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.27 16:28:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.27 16:28:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.27 16:28:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.27 16:28:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.25 21:02:36 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.07.25 20:31:19 | 000,935,175 | ---- | C] () -- C:\Users\opopop\Desktop\RSITx64.exe
[2012.07.24 22:52:28 | 000,351,229 | ---- | C] () -- C:\Users\opopop\Desktop\CAM_0023.jpg
[2012.07.24 16:44:29 | 000,116,962 | ---- | C] () -- C:\Users\opopop\Desktop\Zivanice_0122.jpg
[2012.06.20 15:33:39 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.06.20 15:33:39 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.05.09 14:25:27 | 000,000,046 | ---- | C] () -- C:\Users\opopop\AppData\Roaming\mbam.context.scan
[2012.02.26 14:00:37 | 000,584,584 | ---- | C] () -- C:\Windows\adb.exe
[2012.02.26 14:00:37 | 000,001,623 | ---- | C] () -- C:\Windows\InnoTipLanguage.ini
[2012.02.12 10:35:57 | 000,000,132 | ---- | C] () -- C:\Users\opopop\AppData\Roaming\Adobe Formát PNG CS5 – předvolby
[2012.02.08 21:18:45 | 000,000,132 | ---- | C] () -- C:\Users\opopop\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011.12.13 12:48:38 | 000,000,000 | ---- | C] () -- C:\Users\opopop\AppData\Local\{52AA8F3D-5822-4539-BA36-5113BAD5C010}
[2011.09.19 09:07:46 | 000,015,360 | ---- | C] () -- C:\Windows\SysWow64\bdmjpeg.dll
[2011.09.19 09:07:32 | 000,058,368 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2011.08.29 22:22:17 | 000,001,497 | ---- | C] () -- C:\Users\opopop\.recently-used.xbel
[2011.08.07 15:34:27 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011.07.30 11:51:07 | 000,000,103 | ---- | C] () -- C:\Windows\pro.INI
[2011.06.25 08:48:50 | 000,000,000 | ---- | C] () -- C:\Users\opopop\AppData\Local\{47E2818C-BBAC-4CE9-87C4-03D22BB103EE}
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.08 07:27:14 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\NtDirect.dll
[2010.12.29 02:23:14 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.11.29 19:19:15 | 000,432,836 | ---- | C] () -- C:\Users\opopop\AppData\Local\SRDownloader.err
[2010.11.29 19:17:38 | 000,001,376 | ---- | C] () -- C:\Users\opopop\AppData\Local\SRDownloader.nast
[2010.10.25 17:21:58 | 000,000,129 | ---- | C] () -- C:\Users\opopop\jagex_runescape_preferences2.dat
[2010.10.25 17:20:35 | 000,000,046 | ---- | C] () -- C:\Users\opopop\jagex_runescape_preferences.dat
[2010.07.01 10:09:12 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.10 22:01:56 | 000,000,760 | ---- | C] () -- C:\Users\opopop\AppData\Roaming\setup_ldm.iss
[2010.01.26 07:20:26 | 000,007,624 | ---- | C] () -- C:\Users\opopop\AppData\Local\resmon.resmoncfg
[2009.12.28 14:30:24 | 000,000,033 | ---- | C] () -- C:\Users\opopop\AppData\Local\rssbuilder.ftpconfig
[2009.12.28 14:26:16 | 000,000,122 | ---- | C] () -- C:\Users\opopop\AppData\Local\rssbuilder.config
[2009.12.27 17:16:33 | 000,000,397 | ---- | C] () -- C:\Users\opopop\.jalbum-ftp-accounts.xml
[2009.12.01 13:18:26 | 000,024,064 | ---- | C] () -- C:\Users\opopop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.01 17:44:40 | 000,000,255 | ---- | C] () -- C:\Users\opopop\.jalbum-recent-projects.properties
[2009.11.01 17:40:26 | 000,000,907 | ---- | C] () -- C:\Users\opopop\.jalbum-defaults.jap
[2009.09.17 18:27:32 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.09.13 15:56:01 | 000,007,859 | ---- | C] () -- C:\Users\opopop\AppData\Roaming\pcouffin.cat
[2009.09.13 15:56:01 | 000,001,167 | ---- | C] () -- C:\Users\opopop\AppData\Roaming\pcouffin.inf
[2002.08.29 18:33:56 | 000,319,488 | R--- | C] () -- C:\Users\opopop\AppData\Roaming\MafiaSetup.exe

========== LOP Check ==========

[2012.07.28 10:44:06 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\.minecraft
[2012.07.26 20:58:40 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\.Nitrous
[2011.03.04 01:51:33 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\.purple
[2012.07.19 12:11:04 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\.techniclauncher
[2009.12.01 13:07:43 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Apowersoft
[2010.11.28 15:54:29 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Artisteer
[2009.09.05 16:55:16 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Ashampoo
[2012.07.27 23:46:24 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Babylon
[2012.07.19 12:45:43 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\BANDISOFT
[2011.01.16 13:37:08 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\BetdaqAssistant.389FD738CB3FAA05327C60BCB3256FB4301F5711.1
[2009.08.28 18:35:16 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Betting Assistant
[2011.07.08 16:03:05 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Blueberry
[2010.02.04 23:07:32 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Canneverbe Limited
[2012.02.06 02:50:51 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.01.16 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010.09.02 16:59:44 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\ct24crawl
[2012.06.30 12:48:44 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\DAEMON Tools Lite
[2012.02.24 01:18:50 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\DAEMON Tools Pro
[2012.02.04 00:57:21 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Dexpot
[2012.07.27 07:58:06 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Dropbox
[2012.07.28 11:37:27 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\eM Client
[2011.03.13 13:20:16 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\FileZilla
[2009.09.05 09:26:11 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Foxit
[2011.02.25 17:41:05 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Foxit Software
[2009.12.06 17:13:34 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\GARMIN
[2011.11.30 16:27:18 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\GetRightToGo
[2009.12.26 01:32:02 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\GHISLER
[2011.06.01 16:01:46 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Gruss Software
[2011.08.29 22:22:18 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\gtk-2.0
[2009.11.04 23:05:46 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\HEXelon
[2012.01.18 17:31:54 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\HLSW
[2011.04.23 19:59:05 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\ICQ
[2011.06.19 11:05:46 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Imagine
[2009.11.02 09:40:07 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Inkscape
[2009.11.08 15:53:14 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\IrfanView
[2011.06.19 10:46:27 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\JAlbum
[2011.12.28 22:10:01 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\LangSoft
[2009.10.03 21:14:33 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Leadertech
[2010.05.15 18:07:38 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\LG Electronics
[2011.09.12 13:42:50 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\LolClient
[2012.01.09 23:35:08 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\MOBILedit
[2012.05.07 12:00:37 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Mumble
[2011.02.20 17:24:48 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Notepad++
[2010.04.04 23:15:30 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Octoshape
[2012.07.25 20:18:56 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\OpenCandy
[2012.06.09 05:57:03 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Opera
[2011.02.12 11:15:02 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\PMS
[2011.12.14 08:56:45 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Publish Providers
[2011.09.10 02:45:35 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Samsung
[2012.07.19 14:51:50 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\SecondLife
[2011.07.21 14:08:51 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\SFBot
[2012.05.06 10:55:49 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Sony
[2010.02.21 18:15:16 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Stardock
[2012.02.08 14:57:06 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\TeamViewer
[2012.07.27 23:43:17 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\TechSmith
[2009.12.20 22:19:07 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\TennisNavigator
[2010.05.28 21:34:37 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Thunderbird
[2012.06.30 12:48:44 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\TS3Client
[2011.01.15 12:02:09 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Unity
[2011.01.28 19:17:35 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\uTorrent
[2011.07.19 01:25:40 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\VideoReDo-TVSuite4
[2009.09.29 18:44:44 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\VitySoft
[2012.02.24 01:18:50 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Vso
[2011.01.29 22:20:10 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\Win7codecs
[2011.02.19 01:59:27 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\WinAVI
[2010.06.13 13:40:38 | 000,000,000 | ---D | M] -- C:\Users\opopop\AppData\Roaming\XnView
[2012.05.19 09:18:27 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

jinak mi ztrpčuje život yieldmanager.com,vkládá reklamu do prohlížečů .když to v cookies smažu ,za chvíli je to zpátky....nemůžu najít zdroj

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :otl
  IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10002&barid={A8B01225-D835-11E1-97BA-00241D82B71A}
  IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
  IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={A8B01225-D835-11E1-97BA-00241D82B71A}
  IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
  IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000.10002&barid={A8B01225-D835-11E1-97BA-00241D82B71A}
  IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
  IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
  IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
  IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
  IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
  IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111434&tt=3012_2&babsrc=SP_ss&mntrId=8cc54bfb00000000000000241d82b71a
  IE - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10002&barid={A8B01225-D835-11E1-97BA-00241D82B71A}
  O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll (TechSmith Corporation)
  O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
  O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
  O3 - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\..\Toolbar\WebBrowser: (no name) - {4064EA35-578D-4073-A834-C96D82CBCF40} - No CLSID value found.
  O3 - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
  O3 - HKU\S-1-5-21-177668100-1846633066-3982842387-1001\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
  O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  [2012.07.28 00:10:24 | 000,000,000 | ---D | C] -- C:\Users\opopop\AppData\Local\{16DED84C-A67B-4E6D-9E5F-20FA200929CE}
  [2012.07.27 23:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
  [2012.07.27 23:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
  [2012.07.27 23:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
  [2012.07.27 23:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SweetIM
  [2012.07.27 23:54:09 | 006,204,760 | ---- | C] (SweetIM Technologies Ltd.) -- C:\Users\opopop\Desktop\BundleSweetIMSetup.exe
  [2012.07.27 23:46:24 | 000,000,000 | ---D | C] -- C:\Users\opopop\AppData\Roaming\Babylon
  [2012.07.27 23:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
  [2012.07.27 23:54:33 | 000,000,204 | ---- | C] () -- C:\Users\opopop\Desktop\SweetPcFix.url
  
  :reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "SweetIM"=-
  "Sweetpacks Communicator"=-
  
  :files
  c:\program files (x86)\BabylonToolbar
  C:\Program Files (x86)\SweetIM
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-177668100-1846633066-3982842387-1001\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll moved successfully.
HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00C6482D-C502-44C8-8409-FCE54AD9C208}\ deleted successfully.
C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4064EA35-578D-4073-A834-C96D82CBCF40} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4064EA35-578D-4073-A834-C96D82CBCF40}\ not found.
Registry value HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-177668100-1846633066-3982842387-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator deleted successfully.
C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
C:\Users\opopop\AppData\Local\{16DED84C-A67B-4E6D-9E5F-20FA200929CE} folder moved successfully.
C:\Program Files (x86)\Yontoo folder moved successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache folder moved successfully.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} folder moved successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache folder moved successfully.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} folder moved successfully.
C:\ProgramData\Tarma Installer folder moved successfully.
C:\ProgramData\SweetIM\Communicator\Logs folder moved successfully.
C:\ProgramData\SweetIM\Communicator\conf folder moved successfully.
C:\ProgramData\SweetIM\Communicator folder moved successfully.
C:\ProgramData\SweetIM folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\resources\sqlite folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\SweetIM\Communicator folder moved successfully.
C:\Program Files (x86)\SweetIM folder moved successfully.
C:\Users\opopop\Desktop\BundleSweetIMSetup.exe moved successfully.
C:\Users\opopop\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\opopop\Desktop\SweetPcFix.url moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\SweetIM not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\Sweetpacks Communicator not found.
========== FILES ==========
File\Folder c:\program files (x86)\BabylonToolbar not found.
File\Folder C:\Program Files (x86)\SweetIM not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Desktop
->Temp folder emptied: 0 bytes

User: opopop
->Temp folder emptied: 233630 bytes
->Temporary Internet Files folder emptied: 1200703 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 229023830 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3037 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10166 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 2023673314 bytes

Total Files Cleaned = 2 150,00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Desktop

User: opopop
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: Desktop

User: opopop
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.54.1 log created on 07282012_175235

Files\Folders moved on Reboot...
File\Folder C:\Users\opopop\AppData\Local\Temp\hsperfdata_opopop\2964 not found!
C:\Users\opopop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\opopop\AppData\Local\Temp\hsperfdata_opopop\2964 not found!
File C:\Users\opopop\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Muzete mi prosim dat screen tohoto problemu "inak mi ztrpčuje život yieldmanager.com,vkládá reklamu do prohlížečů"

http://imgupload.sk/images/0/c/0ccqevbzo11sjvx9m7ak.png

je to třeba tady ,...ten čterec vpravo dole