Prosím o preventivní kontrolu

[Márty84]

Vyborne, MBAM odinstalujte.


Dejte novy log z RSIT

a k tomu

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*AntiWPA* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).


A budeme mazat

[Indypetr]

Zdravím Omlouvám se, ale teprve dnes jsem se dostal k manželčinu pc. Jdu to provést.

[Indypetr]

Log z RSIT:

Logfile of random's system information tool 1.10 (written by random/random)
Run by Kristinka at 2014-11-18 19:23:34
Microsoft(R) Windows(R) XP Professional x64 Edition Service Pack 2
System drive C: has 122 GB (80%) free of 153 GB
Total RAM: 4094 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:23:38, on 18.11.2014
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Java\jre7\bin\jqs.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Kristinka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\SysWOW64\dvmurl.dll
F2 - REG:system.ini: UserInit=userinit,
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DuckCapture] "C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe" /autorun
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://runonce.msn.com
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\SysWOW64\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\SysWOW64\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: Cobian Backup 11 Volume Shadow Copy Requester (cbVSCService11) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files (x86)\Java\jre7\bin\jqs.exe
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 7081 bytes

======Listing Processes======



\SystemRoot\System32\smss.exe

winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch

C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup


C:\WINDOWS\system32\spoolsv.exe

Ati2evxx.exe -Client
"C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\WINDOWS\System32\svchost.exe -k WinErr
"C:\Program Files (x86)\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files (x86)\Java\jre7\lib\deploy\jqs\jqs.conf"

"C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe"
C:\WINDOWS\Explorer.EXE

"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\WINDOWS\RTHDCPL.EXE"
"C:\WINDOWS\system32\ctfmon.exe"
"C:\WINDOWS\system32\ctfmon.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\ccc.exe" 0
"C:\Program Files (x86)\TotalCmd\TOTALCMD64.EXE"

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/None/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_20/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-gpu-compositing --channel="1000.11.1431012979\227000337" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutoReloadExperiment/Enabled/AutoReloadVisibleOnlyExperiment/Enabled/BrowserBlacklist/Enabled/DomRel-Enable/enable/EmbeddedSearch/Group7 pct:10g stable:pp2 prefetch_results:1 reuse_instant_search_base_page:1/ExtensionContentVerification/None/ExtensionInstallVerification/Enforce/GoogleNow/Enable/OmniboxBundledExperimentV1/NewSuggestType_A10_Stable_R2/PasswordGeneration/Disabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/QUIC/Disabled/RapporRollout/Enabled/RememberCertificateErrorDecisions/Default/SDCH/EnabledAll/SafeBrowsingIncidentReportingService/Default/SettingsEnforcement/enforce_always_with_extensions_and_dse/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-1-Percent/group_20/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_17/UMA-Uniformity-Trial-50-Percent/default/VoiceTrigger/Install/" --renderer-print-preview --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --enable-delegated-renderer --disable-gpu-compositing --channel="1000.12.1437448437\1069622847" /prefetch:673131151
"C:\Documents and Settings\Kristinka\Desktop\RSITx64.exe"


======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\WINDOWS\tasks\Opera scheduled Autoupdate 1383476416.job - C:\Program Files (x86)\Opera\launcher.exe --scheduledautoupdate

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2013-09-05 176224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-10-29 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-10-29 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2013-09-05 4374104]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-09-12 5618456]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-01-13 18084864]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2007-11-20 1826816]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2008-08-19 77824]
"AlcWzrd"=C:\WINDOWS\ALCWZRD.EXE [2008-06-19 2808832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2007-02-18 20992]
"DuckCapture"=C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe [2011-11-03 436736]
"GarminExpressTrayApp"=C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [2014-07-23 688984]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-11-16 98304]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-09-26 271744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2012-11-16 262656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 154112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.i420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iv50"=ir50_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2014-11-12 19:39:11 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerInstaller.exe
2014-11-02 12:05:30 ----D---- C:\Documents and Settings\Kristinka\Application Data\Malwarebytes
2014-11-02 12:04:40 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-10-29 17:26:13 ----A---- C:\WINDOWS\SYSWOW64\javaws.exe
2014-10-29 17:26:05 ----A---- C:\WINDOWS\SYSWOW64\WindowsAccessBridge-32.dll
2014-10-29 17:26:05 ----A---- C:\WINDOWS\SYSWOW64\javaw.exe
2014-10-29 17:26:05 ----A---- C:\WINDOWS\SYSWOW64\java.exe
2014-10-28 19:43:43 ----D---- C:\AdwCleaner
2014-10-26 17:35:07 ----D---- C:\Program Files\CCleaner
2014-10-26 17:20:43 ----D---- C:\FRST
2014-10-26 17:15:18 ----D---- C:\rsit
2014-10-26 17:15:18 ----D---- C:\Program Files\trend micro
2014-10-19 11:36:21 ----D---- C:\GameTeamPokeCraft

======List of files/folders modified in the last 1 month======

2014-11-18 19:18:39 ----RD---- C:\Program Files (x86)
2014-11-18 19:18:39 ----D---- C:\WINDOWS\system32\drivers
2014-11-18 19:11:46 ----D---- C:\WINDOWS\Temp
2014-11-18 19:10:14 ----D---- C:\Program Files (x86)\Opera
2014-11-18 19:10:12 ----SD---- C:\WINDOWS\Tasks
2014-11-17 18:44:00 ----D---- C:\WINDOWS\Prefetch
2014-11-17 13:05:01 ----D---- C:\WINDOWS\SysWOW64
2014-11-16 19:19:37 ----D---- C:\Documents and Settings\Kristinka\Application Data\vlc
2014-11-16 18:44:05 ----SHD---- C:\WINDOWS\Installer
2014-11-16 18:20:56 ----D---- C:\WINDOWS\system32
2014-11-16 16:17:59 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2014-11-16 16:17:53 ----D---- C:\WINDOWS\system32\drivers\UMDF
2014-11-16 16:17:40 ----D---- C:\WINDOWS
2014-11-16 16:17:38 ----D---- C:\WINDOWS\system32\CatRoot2
2014-11-12 19:39:20 ----A---- C:\WINDOWS\SYSWOW64\FlashPlayerApp.exe
2014-11-12 13:35:36 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-11-12 13:30:07 ----D---- C:\WINDOWS\Debug
2014-11-12 13:30:03 ----A---- C:\WINDOWS\system32\MRT.exe
2014-11-08 16:03:34 ----SD---- C:\Documents and Settings\Kristinka\Application Data\Microsoft
2014-11-08 16:01:08 ----SHD---- C:\System Volume Information
2014-11-08 16:01:08 ----D---- C:\WINDOWS\system32\Restore
2014-11-02 11:59:33 ----D---- C:\WINDOWS\system32\config
2014-10-29 17:26:17 ----D---- C:\Program Files (x86)\Common Files
2014-10-29 07:58:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-26 17:35:07 ----RD---- C:\Program Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 crcdisk;CRC Disk Filter Driver; C:\WINDOWS\system32\DRIVERS\crcdisk.sys [2005-03-24 19968]
R0 ohci1394;Texas Instruments OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2007-02-18 93440]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 95744]
R1 AmdPPM64;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM64.sys [2007-04-16 44544]
R1 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2013-09-17 232568]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2013-09-17 168256]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2013-09-17 79640]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2005-03-24 15872]
R2 CdaC15BA;CdaC15BA; C:\WINDOWS\system32\DRIVERS\CdaC15BA.sys [2007-02-18 13312]
R2 CdaD10BA;CdaD10BA; C:\WINDOWS\system32\DRIVERS\CdaD10BA.sys [2007-02-18 13312]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2013-09-17 220232]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2007-02-17 111104]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2012-11-16 9291264]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2013-09-17 45656]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-07-13 239616]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2007-02-18 18944]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RTKHDA64.SYS [2009-01-20 5111296]
R3 ksthunk;Kernel Streaming WOW64 Thunk Service; C:\WINDOWS\system32\drivers\ksthunk.sys [2007-02-18 24192]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-02-18 19456]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2005-03-24 92160]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMIX.sys [2008-12-25 3006080]
R3 RTLE8023x64;Realtek 10/100/1000 PCI-E NIC Family NDIS XP(x64) Driver; C:\WINDOWS\system32\DRIVERS\Rtenic64.sys [2008-10-30 141312]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2007-02-18 48128]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\WINDOWS\system32\drivers\AtihdXP6.sys [2012-05-14 151168]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-07-22 42752]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2007-02-17 29696]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-08-07 27648]
S3 vga;vga; C:\WINDOWS\system32\DRIVERS\vgapnp.sys [2005-03-24 33792]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 46080]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 108032]
S4 adpu320;adpu320; C:\WINDOWS\system32\drivers\adpu320.sys []
S4 AmdIde;AmdIde; C:\WINDOWS\system32\drivers\AmdIde.sys []
S4 arc;arc; C:\WINDOWS\system32\drivers\arc.sys []
S4 iirsp;iirsp; C:\WINDOWS\system32\drivers\iirsp.sys []
S4 symmpi;symmpi; C:\WINDOWS\system32\drivers\symmpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AeLookupSvc;Application Experience Lookup Service; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2012-11-16 923648]
R2 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-05-25 67584]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-09-12 1337752]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files (x86)\Java\jre7\bin\jqs.exe [2014-10-29 182696]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2014-06-05 93040]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service; C:\WINDOWS\system32\svchost.exe [2007-02-18 25600]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 1022632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Garmin Core Update Service;Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-07-23 438616]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-03 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-04-03 315008]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-12 267440]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe [2008-07-25 46088]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-03 116648]
S3 IASJet;IAS Jet Database Access; C:\WINDOWS\SysWOW64\svchost.exe [2007-02-18 14848]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 859648]
S3 NBService;NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 vds;Virtual Disk Service; C:\WINDOWS\System32\vds.exe [2007-02-18 613376]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 clr_optimization_v2.0.50727_64;.NET Runtime Optimization Service v2.0.50727_x64; C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-07-25 93184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 119808]

-----------------EOF-----------------

[Indypetr]

OTL.Txt

OTL logfile created on: 18.11.2014 19:26:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kristinka\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,02 Gb Available Physical Memory | 75,44% Memory free
7,74 Gb Paging File | 6,90 Gb Available in Paging File | 89,09% Paging File free
Paging file location(s): e:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 119,13 Gb Free Space | 79,93% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 277,46 Gb Free Space | 59,57% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 128,73 Gb Free Space | 55,28% Space Free | Partition Type: NTFS

Computer Name: VESELI | User Name: Kristinka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.11.18 19:25:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kristinka\Desktop\OTL.exe
PRC - [2014.10.29 17:25:52 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe
PRC - [2014.10.22 05:05:02 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014.06.05 03:19:38 | 000,093,040 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2013.09.12 12:06:22 | 001,337,752 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe


========== Modules (No Company Name) ==========

MOD - [2014.10.22 05:04:57 | 008,910,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014.10.22 05:04:48 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2007.02.18 13:00:00 | 000,061,440 | ---- | M] () -- C:\WINDOWS\SysWOW64\devenum.dll
MOD - [2007.02.18 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\SysWOW64\msdmo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013.09.12 12:06:22 | 001,337,752 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV - [2014.11.12 19:39:21 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.10.29 17:25:52 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files (x86)\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2014.07.23 07:44:16 | 000,438,616 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Stopped] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014.06.05 03:19:38 | 000,093,040 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2014.04.03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.25 09:32:50 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)
SRV - [2010.08.18 01:31:42 | 000,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\spoolsv.exe -- (Spooler)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2008.07.25 11:17:02 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.02.18 13:00:00 | 000,077,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc)
SRV - [2006.10.18 19:05:24 | 000,913,408 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)


========== Driver Services (SafeList) ==========

DRV - [2013.11.07 18:46:29 | 000,024,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2007.02.18 13:00:00 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysWow64\mnmdd.dll -- (mnmdd)
DRV - [2007.02.18 13:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) [Adapter | On_Demand | Unknown] -- C:\WINDOWS\SysWow64\winsock.dll -- (Winsock)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-902231566-1358511475-2049901558-1002\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - HKU\S-1-5-21-902231566-1358511475-2049901558-1002\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-902231566-1358511475-2049901558-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-902231566-1358511475-2049901558-1002\..\SearchScopes\{FD63BF63-BFFF-4B8F-9D26-4267DF7F17DD}: "URL" = http://www.google.com/custom?q={searchT ... BFORID%3A1
IE - HKU\S-1-5-21-902231566-1358511475-2049901558-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.0-git-20131101-0403: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2013.11.03 10:26:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013.11.03 10:26:05 | 000,000,000 | ---D | M]

[2014.08.23 15:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kristinka\Application Data\Mozilla\Extensions
[2014.08.23 15:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Kristinka\Application Data\Mozilla\Extensions\home2@tomtom.com

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_1\
CHR - Extension: No name found = C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip\1.3.4_0\
CHR - Extension: No name found = C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pficdecjkdlnacnnbkociacmdbpmhdoc\1.0.0.7_0\
CHR - Extension: No name found = C:\Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

Hosts file not found
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3:64bit: - HKU\S-1-5-21-902231566-1358511475-2049901558-1002\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O3 - HKU\S-1-5-21-902231566-1358511475-2049901558-1002\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-902231566-1358511475-2049901558-1002..\Run: [DuckCapture] C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe (DuckLink Software)
O4 - HKU\S-1-5-21-902231566-1358511475-2049901558-1002..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-902231566-1358511475-2049901558-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - %SystemRoot%\System32\winrnr.dll File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - %SystemRoot%\System32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - %SystemRoot%\system32\mswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - %SystemRoot%\system32\mswsock.dll File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{16C4CAFF-34EF-43A1-B178-92C97EAAE932}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\http\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\https\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\https\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\system32\inetcomm.dll File not found
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll File not found
O18:64bit: - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll File not found
O18:64bit: - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - File not found
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20 - HKLM Winlogon: UserInit - (userinit) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - (crypt32.dll) - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - (cryptnet.dll) - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - (cscdll.dll) - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - (dimsntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - (wlnotify.dll) - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SensLogn: DllName - (WlNotify.dll) - File not found
O20 - Winlogon\Notify\Schedule: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\wlballoon: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - %SystemRoot%\system32\SHELL32.dll File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll File not found
O22:64bit: - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - %SystemRoot%\system32\browseui.dll File not found
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - %SystemRoot%\system32\browseui.dll File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.11.02 20:51:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point


Drivers32:64bit: aux - File not found
Drivers32:64bit: aux1 - File not found
Drivers32:64bit: midi - File not found
Drivers32:64bit: midi1 - File not found
Drivers32:64bit: midimapper - File not found
Drivers32:64bit: mixer - File not found
Drivers32:64bit: mixer1 - File not found
Drivers32:64bit: msacm.imaadpcm - File not found
Drivers32:64bit: msacm.msadpcm - File not found
Drivers32:64bit: msacm.msg711 - File not found
Drivers32:64bit: msacm.msgsm610 - File not found
Drivers32:64bit: msacm.trspch - File not found
Drivers32:64bit: vidc.i420 - File not found
Drivers32:64bit: vidc.iv31 - File not found
Drivers32:64bit: vidc.iv32 - File not found
Drivers32:64bit: vidc.iv41 - File not found
Drivers32:64bit: vidc.iv50 - File not found
Drivers32:64bit: vidc.iyuv - File not found
Drivers32:64bit: vidc.mrle - File not found
Drivers32:64bit: vidc.msvc - File not found
Drivers32:64bit: vidc.uyvy - File not found
Drivers32:64bit: vidc.yuy2 - File not found
Drivers32:64bit: vidc.yvu9 - File not found
Drivers32:64bit: vidc.yvyu - File not found
Drivers32:64bit: wave - File not found
Drivers32:64bit: wave1 - File not found
Drivers32:64bit: wavemapper - File not found
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\SysWow64\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\SysWow64\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\SysWow64\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\SysWow64\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\SysWOW64\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2014.11.18 19:25:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Kristinka\Desktop\OTL.exe
[2014.11.16 19:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristinka\My Documents\NeroVision
[2014.11.12 19:39:11 | 004,918,960 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
[2014.11.02 12:05:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Kristinka\Application Data\Malwarebytes
[2014.11.02 12:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014.10.29 17:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2014.10.29 17:26:13 | 000,272,808 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2014.10.29 17:26:05 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2014.10.29 17:26:05 | 000,175,528 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2014.10.29 17:26:05 | 000,098,216 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2014.10.29 17:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2014.10.28 19:43:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014.10.26 17:41:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Kristinka\Recent
[2014.10.26 17:35:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2014.10.26 17:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014.10.26 17:20:43 | 000,000,000 | ---D | C] -- C:\FRST
[2014.10.26 17:20:16 | 002,113,024 | ---- | C] (Farbar) -- C:\Documents and Settings\Kristinka\Desktop\FRST64.exe
[2014.10.26 17:20:16 | 000,112,640 | ---- | C] (forum.viry.cz) -- C:\Documents and Settings\Kristinka\Desktop\FRSTLauncher.exe
[2014.10.26 17:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2014.10.26 17:15:18 | 000,000,000 | ---D | C] -- C:\rsit
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.11.18 19:27:16 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2014.11.18 19:25:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kristinka\Desktop\OTL.exe
[2014.11.18 19:23:24 | 001,222,144 | ---- | M] () -- C:\Documents and Settings\Kristinka\Desktop\RSITx64.exe
[2014.11.18 19:10:17 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Opera scheduled Autoupdate 1383476416.job
[2014.11.18 19:09:26 | 000,000,948 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014.11.18 19:09:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.11.17 20:44:48 | 000,000,952 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014.11.17 20:39:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2014.11.17 13:05:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2014.11.12 19:39:20 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2014.11.12 19:39:20 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2014.11.12 19:39:11 | 004,918,960 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerInstaller.exe
[2014.11.06 21:31:35 | 000,008,826 | ---- | M] () -- C:\Documents and Settings\Kristinka\Desktop\Snap 2014-11-06 at 21.31.35.png
[2014.11.06 21:29:50 | 000,008,481 | ---- | M] () -- C:\Documents and Settings\Kristinka\Desktop\Snap 2014-11-06 at 21.29.50.png
[2014.10.31 16:06:08 | 000,002,319 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2014.10.29 17:27:37 | 001,998,336 | ---- | M] () -- C:\Documents and Settings\Kristinka\Desktop\adwcleaner_4.002 (1).exe
[2014.10.29 17:25:53 | 000,098,216 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\WindowsAccessBridge-32.dll
[2014.10.29 17:25:51 | 000,272,808 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaws.exe
[2014.10.29 17:25:51 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javaw.exe
[2014.10.29 17:25:51 | 000,175,528 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\java.exe
[2014.10.29 17:25:51 | 000,145,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\SysWow64\javacpl.cpl
[2014.10.29 08:01:04 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2014.10.26 17:52:23 | 000,275,814 | ---- | M] () -- C:\Documents and Settings\Kristinka\My Documents\cc_20141026_174835.reg
[2014.10.26 17:18:06 | 000,112,640 | ---- | M] (forum.viry.cz) -- C:\Documents and Settings\Kristinka\Desktop\FRSTLauncher.exe
[2014.10.26 17:17:41 | 002,113,024 | ---- | M] (Farbar) -- C:\Documents and Settings\Kristinka\Desktop\FRST64.exe
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.11.18 19:27:16 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2014.11.18 19:23:23 | 001,222,144 | ---- | C] () -- C:\Documents and Settings\Kristinka\Desktop\RSITx64.exe
[2014.11.16 18:39:58 | 000,000,952 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014.11.16 18:39:58 | 000,000,948 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014.11.06 21:31:35 | 000,008,826 | ---- | C] () -- C:\Documents and Settings\Kristinka\Desktop\Snap 2014-11-06 at 21.31.35.png
[2014.11.06 21:29:50 | 000,008,481 | ---- | C] () -- C:\Documents and Settings\Kristinka\Desktop\Snap 2014-11-06 at 21.29.50.png
[2014.10.29 17:27:36 | 001,998,336 | ---- | C] () -- C:\Documents and Settings\Kristinka\Desktop\adwcleaner_4.002 (1).exe
[2014.10.29 08:26:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\tasks\Opera scheduled Autoupdate 1383476416.job
[2014.10.26 17:48:44 | 000,275,814 | ---- | C] () -- C:\Documents and Settings\Kristinka\My Documents\cc_20141026_174835.reg
[2014.08.23 15:34:59 | 000,138,862 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-902231566-1358511475-2049901558-1004-0.dat
[2014.07.27 05:57:25 | 000,081,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2014.07.27 05:57:23 | 002,232,126 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-902231566-1358511475-2049901558-1002-0.dat
[2014.07.27 05:57:23 | 000,138,862 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013.12.02 18:28:52 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Kristinka\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.11.18 18:08:55 | 000,000,664 | ---- | C] () -- C:\WINDOWS\SysWow64\d3d9caps.dat
[2013.11.14 20:05:09 | 000,000,171 | ---- | C] () -- C:\Documents and Settings\Kristinka\default.pls
[2013.11.14 20:04:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2013.11.03 11:26:02 | 000,216,064 | ---- | C] () -- C:\WINDOWS\SysWow64\gcapi_dll.dll
[2013.11.02 21:37:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2013.11.02 21:15:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013.11.02 21:11:03 | 000,542,818 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2013.11.02 21:00:48 | 000,037,376 | ---- | C] () -- C:\WINDOWS\CPLUTL64.EXE
[2013.11.02 20:55:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

========== ZeroAccess Check ==========

[2013.11.02 21:10:34 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = %SystemRoot%\system32\shdocvw.dll
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\SysWOW64\shdocvw.dll -- [2013.09.24 08:07:10 | 001,520,128 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\fastprox.dll
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\SysWOW64\wbem\fastprox.dll -- [2009.03.19 19:51:22 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\WINDOWS\system32\wbem\wbemess.dll
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.11.03 10:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ESET
[2013.11.03 11:25:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Foxit Software
[2013.11.02 21:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GHISLER
[2013.11.09 14:40:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Canon Easy-WebPrint EX
[2013.11.07 19:05:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013.11.07 19:05:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2013.11.03 10:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2014.07.27 05:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2014.07.27 05:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2014.08.23 15:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2013.12.01 17:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bohouš\Application Data\Canon Easy-WebPrint EX
[2013.11.03 11:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bohouš\Application Data\ESET
[2014.02.26 21:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bohouš\Application Data\Foxit Software
[2014.08.23 12:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bohouš\Application Data\Garmin
[2014.02.09 18:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Bohouš\Application Data\GHISLER
[2013.11.03 11:26:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Foxit Software
[2014.07.27 05:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Garmin
[2014.11.17 12:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanička\Application Data\.minecraft
[2014.08.15 16:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanička\Application Data\.mnaucraft
[2013.12.09 15:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanička\Application Data\Canon
[2013.11.11 19:32:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanička\Application Data\Canon Easy-WebPrint EX
[2013.11.03 11:50:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanička\Application Data\ESET
[2014.08.22 18:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanička\Application Data\Foxit Software
[2013.11.03 18:18:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanička\Application Data\GHISLER
[2013.11.03 12:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanička\Application Data\Opera Software
[2014.03.31 13:28:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hanička\Application Data\Unity
[2013.11.07 19:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Canon
[2013.11.09 14:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Canon Easy-WebPrint EX
[2014.02.08 19:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\DuckLink
[2013.11.03 11:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\ESET
[2013.11.16 11:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Foxit Software
[2014.07.27 05:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Garmin
[2013.11.03 13:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\GHISLER
[2013.11.23 16:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Opera Software
[2014.08.23 15:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\TomTom
[2014.10.26 19:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Application Data\.minecraft
[2013.12.20 09:01:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Application Data\Canon
[2013.11.03 11:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Application Data\ESET
[2014.03.25 10:25:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Application Data\Foxit Software
[2013.11.03 12:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Application Data\GHISLER
[2013.11.03 11:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Application Data\Jpeg Resampler
[2013.11.03 12:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Application Data\Opera Software

========== Purity Check ==========



========== Custom Scans ==========

< >
[2013.11.02 20:48:32 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2013.11.02 20:57:04 | 000,032,648 | ---- | C] () -- C:\WINDOWS\Tasks\SchedLgU.Txt
[2013.11.02 20:57:05 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2013.11.11 19:32:09 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
[2014.10.29 08:26:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1383476416.job
[2014.11.16 18:39:58 | 000,000,948 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2014.11.16 18:39:58 | 000,000,952 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

< >

< MD5 for: AGP440.SYS >
[2007.02.18 13:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2007.02.18 13:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:atapi.sys

< MD5 for: AUTOCHK.EXE >
[2007.02.18 13:00:00 | 000,594,944 | ---- | M] (Microsoft Corporation) MD5=39ECC326D3F5531A13A1C0F0B43A8EDD -- C:\WINDOWS\SysWOW64\autochk.exe

< MD5 for: CRYPTSVC.DLL >
[2007.02.18 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=FEB85DA744DD3F41A427CF6D2BC04FE4 -- C:\WINDOWS\SysWOW64\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2007.02.18 13:00:00 | 001,053,184 | ---- | M] (Microsoft Corporation) MD5=A26C39540F8BE3729846E360E2C57344 -- C:\WINDOWS\SysWOW64\explorer.exe
[2007.02.18 13:00:00 | 001,364,480 | ---- | M] (Microsoft Corporation) MD5=AE7A08C05F72A9242734C03230A5CD7F -- C:\WINDOWS\explorer.exe

< MD5 for: HAL.DLL >
[2007.02.18 13:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:hal.dll
[2010.11.09 00:41:22 | 000,280,064 | ---- | M] (Microsoft Corporation) MD5=82F4104C2D9774B58A9244FC3B0EE07C -- C:\WINDOWS\$hf_mig$\KB2393802\SP2QFE\hal.dll
[2012.04.11 21:31:20 | 000,280,064 | ---- | M] (Microsoft Corporation) MD5=82F4104C2D9774B58A9244FC3B0EE07C -- C:\WINDOWS\$hf_mig$\KB2676562\SP2QFE\hal.dll
[2013.03.08 16:24:30 | 000,280,064 | ---- | M] (Microsoft Corporation) MD5=82F4104C2D9774B58A9244FC3B0EE07C -- C:\WINDOWS\$hf_mig$\KB2813170\SP2QFE\hal.dll
[2009.03.19 19:41:44 | 000,280,064 | ---- | M] (Microsoft Corporation) MD5=82F4104C2D9774B58A9244FC3B0EE07C -- C:\WINDOWS\$hf_mig$\KB956572\SP2QFE\hal.dll

< MD5 for: ISAPNP.SYS >
[2007.02.18 13:00:00 | 011,678,589 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\amd64\sp2.cab:isapnp.sys

< MD5 for: NETLOGON.DLL >
[2007.02.18 13:00:00 | 000,430,592 | ---- | M] (Microsoft Corporation) MD5=451564B8F22461D90CF8ED3945637845 -- C:\WINDOWS\SysWOW64\netlogon.dll

< MD5 for: SCECLI.DLL >
[2007.02.18 13:00:00 | 000,188,928 | ---- | M] (Microsoft Corporation) MD5=E7B7FD7D8907DADED4928E922608887F -- C:\WINDOWS\SysWOW64\scecli.dll

< MD5 for: SMSS.EXE >
[2007.02.18 13:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=97E9B4A202E645E7826BE7597B335C47 -- C:\WINDOWS\SysWOW64\smss.exe

< MD5 for: SVCHOST.EXE >
[2007.02.18 13:00:00 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=C09CCFE81DEC9B162533D7184D705682 -- C:\WINDOWS\SysWOW64\svchost.exe

< MD5 for: TCPIP.SYS >
[2007.02.18 13:00:00 | 000,768,000 | ---- | M] (Microsoft Corporation) MD5=C013E7F14FD378A16F5B7A4B5A7050E9 -- C:\WINDOWS\$NtUninstallKB2509553$\tcpip.sys
[2011.03.03 12:47:32 | 000,784,896 | ---- | M] (Microsoft Corporation) MD5=CE9A7AC526636585A126FACE243F4574 -- C:\WINDOWS\$hf_mig$\KB2509553\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2007.02.18 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=B5FEB3B971A8B8C81CE9DE65031A87E5 -- C:\WINDOWS\SysWOW64\userinit.exe

< MD5 for: WS2_32.DLL >
[2007.02.18 13:00:00 | 000,083,456 | ---- | M] (Microsoft Corporation) MD5=5C34F97D87B2A8C9CB4422E67F2DAB61 -- C:\WINDOWS\SysWOW64\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[21 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[21 C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[3 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[2 C:\WINDOWS\SysWOW64\*.tmp files -> C:\WINDOWS\SysWOW64\*.tmp -> ]
[1 C:\WINDOWS\SysWOW64\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\SysWOW64\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[38 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2013.11.02 21:18:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ATI
[2013.11.09 14:40:21 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Canon Easy-WebPrint EX
[2013.11.07 19:05:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2013.11.07 19:05:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2013.11.03 10:26:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2014.07.27 05:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2014.11.02 12:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2014.11.16 16:17:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2014.11.12 13:35:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2014.07.27 05:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2014.10.15 15:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2013.11.03 12:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2014.08.23 15:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2014.10.23 18:47:58 | 036,281,408 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Documents and Settings\All Users\Application Data\Garmin\Core Update Service\APP-express-windows-3.2.21.0\GarminExpressInstaller.exe
[2014.11.02 12:05:52 | 019,828,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2014.07.27 05:04:50 | 000,887,896 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Documents and Settings\All Users\Application Data\Package Cache\{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}\GarminExpressInstaller.exe
[2014.07.27 05:18:48 | 000,455,592 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe
[2014.07.23 07:44:36 | 000,194,560 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Documents and Settings\All Users\Application Data\Package Cache\8F5483FC98168EE3021845147749691550F70B6D\LifetimeUninstaller.exe
[2014.07.27 05:04:59 | 000,887,896 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\Package Cache\E15AD80FC74277EF2048312E9A71AF56B2EBA622\redist\dotNetFx40_Client_setup.exe

< %APPDATA%\*. >
[2013.11.23 16:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Adobe
[2013.11.14 20:05:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Ahead
[2013.11.03 11:42:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\ATI
[2013.11.07 19:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Canon
[2013.11.09 14:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Canon Easy-WebPrint EX
[2014.02.08 19:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\DuckLink
[2014.08.18 21:19:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\dvdcss
[2013.11.03 11:42:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\ESET
[2013.12.04 21:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\FastStone
[2013.11.16 11:17:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Foxit Software
[2014.07.27 05:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Garmin
[2013.11.03 13:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\GHISLER
[2013.11.03 11:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Identities
[2013.11.07 18:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\InstallShield
[2013.11.23 16:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Macromedia
[2014.11.02 12:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Malwarebytes
[2014.11.08 16:03:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Kristinka\Application Data\Microsoft
[2014.08.23 15:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Mozilla
[2013.11.23 16:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Opera Software
[2013.11.03 14:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\Sun
[2014.08.23 15:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\TomTom
[2014.11.16 19:19:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kristinka\Application Data\vlc

< %APPDATA%\*.exe /s >
[2014.10.29 17:23:52 | 000,145,408 | ---- | M] () -- C:\Documents and Settings\Kristinka\Application Data\Sun\Java\jre1.7.0_71\lzma.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2014.11.17 13:05:01 | 000,000,664 | ---- | M] () -- C:\WINDOWS\system32\d3d9caps.dat
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2007.02.18 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"DuckCapture" = "C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe" /autorun -- [2011.11.03 21:21:28 | 000,436,736 | ---- | M] (DuckLink Software)
"GarminExpressTrayApp" = "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" -- [2014.07.23 07:44:36 | 000,688,984 | ---- | M] (Garmin Ltd or its subsidiaries)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_SZ C:\WINDOWS\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_SZ C:\WINDOWS\system32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=1
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Professional x64 Edition" /noexecute=optin /fastdetect /usepmtimer

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2014.11.18 19:27:16 | 000,000,512 | ---- | M] () MD5=3BB843F4E1CA1522F5478ECA82877739 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *AntiWPA* /s >

< *loader* /s >
[2013.11.03 11:00:05 | 000,002,435 | ---- | M] () -- \Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\G9QFSTIV\39-1-deferred-loader[1].js
[2013.11.03 11:00:03 | 000,000,940 | ---- | M] () -- \Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\G9QFSTIV\39-1-loader[1].js
[2013.11.03 11:00:06 | 000,007,806 | ---- | M] () -- \Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CHEVOHAR\product-image-loader[1].gif
[2014.03.10 16:56:16 | 000,010,762 | ---- | M] () -- \Documents and Settings\Bohouš\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip\1.3.3_0\img\hdpi\misc\loader.gif
[2014.03.10 16:56:16 | 000,006,142 | ---- | M] () -- \Documents and Settings\Bohouš\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip\1.3.3_0\img\mdpi\misc\loader.gif
[2014.09.10 09:20:48 | 000,010,762 | ---- | M] () -- \Documents and Settings\Bohouš\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip\1.3.4_0\img\hdpi\misc\loader.gif
[2014.09.10 09:20:48 | 000,006,142 | ---- | M] () -- \Documents and Settings\Bohouš\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip\1.3.4_0\img\mdpi\misc\loader.gif
[2014.03.15 10:32:32 | 000,003,061 | ---- | M] () -- \Documents and Settings\Bohouš\Local Settings\Temporary Internet Files\Content.IE5\0AXLW1Y0\rmsloaderdelayeddiv[1].js
[2014.01.11 10:17:49 | 000,003,061 | ---- | M] () -- \Documents and Settings\Bohouš\Local Settings\Temporary Internet Files\Content.IE5\0BTRTWLJ\rmsloaderdelayeddiv[1].js
[2014.02.15 12:42:06 | 000,003,061 | ---- | M] () -- \Documents and Settings\Bohouš\Local Settings\Temporary Internet Files\Content.IE5\76YLBX71\rmsloaderdelayeddiv[1].js
[2014.03.12 14:27:22 | 000,007,813 | ---- | M] () -- \Documents and Settings\Bohouš\Local Settings\Temporary Internet Files\Content.IE5\84L4PY2T\ajax-loader1[1].gif
[2014.03.08 09:43:27 | 000,003,061 | ---- | M] () -- \Documents and Settings\Bohouš\Local Settings\Temporary Internet Files\Content.IE5\84L4PY2T\rmsloaderdelayeddiv[1].js
[2014.03.29 23:36:20 | 000,019,105 | ---- | M] () -- \Documents and Settings\Bohouš\Local Settings\Temporary Internet Files\Content.IE5\EN7LI86W\loader[1].js
[2014.08.02 07:29:54 | 000,005,727 | ---- | M] () -- \Documents and Settings\Bohouš\Local Settings\Temporary Internet Files\Content.IE5\FQLK1IL4\loader[1].js
[2014.08.02 07:30:49 | 000,010,120 | ---- | M] () -- \Documents and Settings\Bohouš\Local Settings\Temporary Internet Files\Content.IE5\G5I7KD27\loader-global[1].gif
[2014.08.02 07:30:53 | 000,005,727 | ---- | M] () -- \Documents and Settings\Bohouš\Local Settings\Temporary Internet Files\Content.IE5\G5I7KD27\loader[1].js
[2014.03.12 07:54:58 | 000,008,288 | ---- | M] () -- \Documents and Settings\Bohouš\Local Settings\Temporary Internet Files\Content.IE5\O1GHTNQZ\loader[1].gif
[2014.03.08 09:28:02 | 000,013,138 | ---- | M] () -- \Documents and Settings\Bohouš\Local Settings\Temporary Internet Files\Content.IE5\Y4FKLYPA\loader_black[1].gif
[2014.10.05 11:51:12 | 000,051,570 | ---- | M] () -- \Documents and Settings\Hanička\Application Data\.mnaucraft\.minecraft\ForgeModLoader-client-0.log
[2014.09.10 15:06:55 | 000,043,872 | ---- | M] () -- \Documents and Settings\Hanička\Application Data\.mnaucraft\.minecraft\ForgeModLoader-client-0.log.1
[2014.09.10 15:01:05 | 000,000,000 | ---- | M] () -- \Documents and Settings\Hanička\Application Data\.mnaucraft\.minecraft\ForgeModLoader-client-0.log.1.lck
[2014.10.05 11:44:25 | 000,000,000 | ---- | M] () -- \Documents and Settings\Hanička\Application Data\.mnaucraft\.minecraft\ForgeModLoader-client-0.log.lck
[2014.10.05 08:18:20 | 000,044,672 | ---- | M] () -- \Documents and Settings\Hanička\Application Data\.mnaucraft\.minecraft\ForgeModLoader-client-1.log
[2014.10.05 07:41:50 | 000,089,925 | ---- | M] () -- \Documents and Settings\Hanička\Application Data\.mnaucraft\.minecraft\ForgeModLoader-client-2.log
[2014.09.30 10:01:04 | 000,000,273 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gafhhbahpojnjfhpepjjfjojbphnogmn\11.73.5.91_0\js\URILoaderContentScript.js
[2014.07.24 14:53:16 | 000,072,638 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Application Data\Skype\Apps\login\images\loader.gif
[2014.07.24 14:53:16 | 000,003,032 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Application Data\Skype\Apps\login\images\loader.png
[2014.07.24 14:53:16 | 000,006,012 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Application Data\Skype\Apps\login\images\normal\loader_15fps.gif
[2014.07.24 14:53:16 | 000,021,956 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Application Data\Skype\Apps\login\images\normal\loader_30fps.gif
[2014.07.24 14:53:16 | 000,009,772 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Application Data\Skype\Apps\login\images\retina\loader@2x.png
[2014.10.19 12:17:06 | 000,001,980 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Temporary Internet Files\Content.IE5\G5I7KD27\AdLoader[1].htm
[2013.11.11 19:31:38 | 000,000,723 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Temporary Internet Files\Content.IE5\G5I7KD27\downloaderror[1].js
[2013.11.11 19:31:38 | 000,001,174 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Temporary Internet Files\Content.IE5\G5I7KD27\downloader[1].js
[2014.09.30 13:36:01 | 000,001,980 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Temporary Internet Files\Content.IE5\G9QFSTIV\AdLoader[1].htm
[2014.10.31 16:06:31 | 000,001,980 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Temporary Internet Files\Content.IE5\G9QFSTIV\AdLoader[3].htm
[2014.03.31 13:30:06 | 000,001,737 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Temporary Internet Files\Content.IE5\G9QFSTIV\ajax-loader[1].gif
[2014.06.12 16:46:08 | 000,009,427 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Temporary Internet Files\Content.IE5\G9QFSTIV\ajax-loader[2].gif
[2014.01.28 07:12:43 | 000,000,723 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Temporary Internet Files\Content.IE5\G9QFSTIV\downloaderror[1].js
[2013.11.29 15:00:28 | 000,003,061 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Temporary Internet Files\Content.IE5\G9QFSTIV\rmsloaderdelayeddiv[1].js
[2014.04.03 11:36:22 | 000,003,061 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Temporary Internet Files\Content.IE5\G9QFSTIV\rmsloaderdelayeddiv[2].js
[2014.09.14 14:00:16 | 000,018,715 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Temporary Internet Files\Content.IE5\SD2RC1Y7\AdLoader-a5fa12058ddb9a8919d6906ba95d7c57.min[1].js
[2014.01.28 07:12:43 | 000,001,174 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Temporary Internet Files\Content.IE5\SD2RC1Y7\downloader[1].js
[2014.09.14 13:53:07 | 000,010,520 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Temporary Internet Files\Content.IE5\SD2RC1Y7\loader-grey-on-transparent[1].gif
[2014.09.10 12:04:02 | 000,005,727 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Temporary Internet Files\Content.IE5\SD2RC1Y7\loader[1].js
[2014.03.06 13:03:28 | 000,003,061 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Temporary Internet Files\Content.IE5\SD2RC1Y7\rmsloaderdelayeddiv[1].js
[2014.03.31 13:22:25 | 000,003,061 | ---- | M] () -- \Documents and Settings\Hanička\Local Settings\Temporary Internet Files\Content.IE5\SD2RC1Y7\rmsloaderdelayeddiv[2].js
[2014.09.10 09:20:48 | 000,010,762 | ---- | M] () -- \Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip\1.3.4_0\img\hdpi\misc\loader.gif
[2014.09.10 09:20:48 | 000,006,142 | ---- | M] () -- \Documents and Settings\Kristinka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip\1.3.4_0\img\mdpi\misc\loader.gif
[2014.09.30 22:48:09 | 000,000,200 | ---- | M] () -- \GameTeamPokeCraft\config\TConPreloader.cfg
[2002.09.25 21:05:38 | 000,113,664 | ---- | M] () -- \Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[2006.07.14 10:39:46 | 000,106,496 | ---- | M] () -- \Program Files (x86)\Common Files\Ahead\Lib\NeGuideStoreLoader.dll
[2014.07.23 07:43:16 | 000,042,496 | ---- | M] () -- \Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MyDownloader.Core.dll
[2014.03.22 23:48:50 | 000,001,234 | ---- | M] () -- \RECYCLER\S-1-5-21-902231566-1358511475-2049901558-1003\Dc6\client\models\smd\ValveStudioModelLoader.class
[2014.03.22 23:48:52 | 000,001,038 | ---- | M] () -- \RECYCLER\S-1-5-21-902231566-1358511475-2049901558-1003\Dc6\migration\MigrationLoader.class
[2007.02.18 13:00:00 | 000,036,352 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2007.02.18 13:00:00 | 000,036,352 | ---- | M] () -- \WINDOWS\SysWOW64\dmloader.dll
[2 \WINDOWS\SysWOW64\*.tmp files -> \WINDOWS\SysWOW64\*.tmp -> ]

< *minodlogin* /s >

< *tnod* /s >
[2013.11.03 10:07:30 | 000,000,846 | ---- | M] () -- \Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SD2RC1Y7\lastnode[1].gif

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2012.09.26 23:20:14 | 000,847,872 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2014.02.12 21:46:18 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2013.11.03 11:11:01 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.02.15 09:30:14 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\6c29ee2bedfe88dcd66993f1af135ad8\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.14 06:17:30 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9860da66bf0219612908e7412b0a6e2e\System.Runtime.Serialization.ni.dll
[2014.02.15 09:27:08 | 003,070,976 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\a6de627d236a7f6764a0ad03183ec712\System.Runtime.Serialization.ni.dll
[2014.02.15 09:26:53 | 000,396,288 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\c1476ee10f122c21f8f98aece892becb\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.02.15 09:24:16 | 002,981,888 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_64\System.Runtime.Seri#\dc3d0dfe2285ccf6d0f7ab9b3d61fd6d\System.Runtime.Serialization.ni.dll
[2014.07.29 05:07:39 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\a2f2c4c0abfbc3e4ce9aecbd147b1906\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.07.29 05:07:32 | 002,658,304 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d6b8ab1088fcd3734582c0fa6b52bdda\System.Runtime.Serialization.ni.dll
[2014.07.29 05:09:24 | 000,009,216 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Serializ#\ffc5006a9b8e647e0ad89e68e0bfa40e\System.Xml.Serialization.ni.dll
[2014.07.29 05:11:17 | 003,424,768 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\53dddb365bca7203f49b7d2f0dc9c935\System.Runtime.Serialization.ni.dll
[2014.07.29 05:11:25 | 000,376,832 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Runtime.Seri#\a6d5113221e92b37937dfa2725f37bf4\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2014.07.29 05:14:19 | 000,010,240 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_64\System.Xml.Serializ#\3881cbbdff38b7af9f20eb48565dcf41\System.Xml.Serialization.ni.dll
[2010.03.18 12:16:28 | 001,026,936 | R--- | M] () -- \WINDOWS\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.Serialization.dll.amd64
[2010.03.18 12:16:28 | 001,026,936 | R--- | M] () -- \WINDOWS\Installer\$PatchCache$\Managed\DFC90B5F2B0FFA63D84FD16F6BF37C4B\4.0.30319\System.Runtime.Serialization.dll.x86
[2014.07.28 20:14:47 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2014.07.28 20:14:45 | 001,039,040 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2014.07.28 20:14:55 | 000,012,080 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2012.09.27 00:12:26 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 05:06:54 | 001,039,040 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 12:16:28 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2012.01.21 16:40:04 | 000,012,080 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Xml.Serialization.dll
[2008.07.25 10:59:50 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework64\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2012.09.26 23:20:14 | 000,847,872 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2013.09.11 05:06:54 | 001,039,040 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 12:16:28 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework64\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2012.01.21 16:40:04 | 000,012,080 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework64\v4.0.30319\System.Xml.Serialization.dll
[2007.02.18 13:00:00 | 000,016,896 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2007.02.18 13:00:00 | 000,016,896 | ---- | M] () -- \WINDOWS\SysWOW64\serialui.dll
[2 \WINDOWS\SysWOW64\*.tmp files -> \WINDOWS\SysWOW64\*.tmp -> ]

< *w7lxe* /s >

< End of report >

[Indypetr]

Extras.Txt

OTL Extras logfile created on: 18.11.2014 19:26:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Kristinka\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,02 Gb Available Physical Memory | 75,44% Memory free
7,74 Gb Paging File | 6,90 Gb Available in Paging File | 89,09% Paging File free
Paging file location(s): e:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,05 Gb Total Space | 119,13 Gb Free Space | 79,93% Space Free | Partition Type: NTFS
Drive D: | 465,75 Gb Total Space | 277,46 Gb Free Space | 59,57% Space Free | Partition Type: NTFS
Drive E: | 232,88 Gb Total Space | 128,73 Gb Free Space | 55,28% Space Free | Partition Type: NTFS

Computer Name: VESELI | User Name: Kristinka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.inf [@ = inffile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.ini [@ = inifile] -- %SystemRoot%\System32\NOTEPAD.EXE %1
.js [@ = JSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.jse [@ = JSEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.txt [@ = txtfile] -- %SystemRoot%\system32\NOTEPAD.EXE %1
.vbe [@ = VBEFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.vbs [@ = VBSFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsf [@ = WSFFile] -- %SystemRoot%\System32\WScript.exe "%1" %*
.wsh [@ = WSHFile] -- %SystemRoot%\System32\WScript.exe "%1" %*

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-902231566-1358511475-2049901558-1002\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1"
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %*
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with FastStone] -- "C:\Program Files (x86)\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C9B669D-7A37-611C-FF42-C2FF87A1A397}" = AMD Catalyst Install Manager
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{70A381F1-C161-4D61-A20C-BE12FC6777DF}" = Garmin Communicator Plugin x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{A02609EB-395E-4638-8DD7-30CE043014E5}" = ANT Drivers Installer x64
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{B1920A83-25A3-4DBB-B1F5-2395BD05370E}" = ESET Smart Security
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FD19BB59-439B-A7AF-6F63-AE7D91E141E8}" = ccc-utility64
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"CCleaner" = CCleaner
"D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2" = Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1)
"F9D2A789F9CFF8CEC36B544F53877C80F1F73C46" = Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201)
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"Totalcmd64" = Total Commander 64-bit (Remove or Repair)
"VLC media player" = VLC media player 2.2.0-git-20131101-0403
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11-64" = Windows Media Format 11 runtime
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{13F7898A-F39E-F19C-BF0A-3A2422C4579F}" = CCC Help Dutch
"{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.21
"{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71
"{2FD94FBC-07AE-475C-B522-BFE899B9048E}" = WebUpdater
"{38AB97EF-3D06-194B-6407-6D4ACE925738}" = CCC Help Russian
"{3B244431-0C71-8044-F336-FA2280604BB7}" = Catalyst Control Center Localization All
"{3CE9BA35-F974-595D-CD27-3480976B8791}" = CCC Help Chinese Traditional
"{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}" = Garmin USB Drivers
"{3F4417E8-D9BB-2552-986D-232EDC2A8CC0}" = CCC Help Czech
"{4625C99C-A9F8-D444-6352-092AD46734BD}" = CCC Help Italian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6F5F7F-85C1-0397-57C4-E9F8CAD4F7FF}" = CCC Help French
"{560D64A9-BDFD-44B7-90D1-8FBBED7F4A19}" = Garmin Express
"{5635429F-0E24-476F-6011-C87CB0CEEBEF}" = CCC Help Turkish
"{579EDD1B-20D0-0D10-D1FA-C519ED99A6AC}" = Catalyst Control Center Graphics Previews Common
"{5A2A1EDC-925A-D527-04B5-73F3F1FDBE24}" = Catalyst Control Center InstallProxy
"{6D181996-F404-4639-9B95-15012541CB7C}" = Garmin Express Tray
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71DBFBF2-F7EB-4268-8485-9471D83C4E66}" = Garmin Communicator Plugin
"{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}" = TomTom HOME
"{7D3C830F-83DA-62EF-D144-B14050D2F257}" = CCC Help Chinese Standard
"{7E24775F-4A1A-8C37-AA6E-C4F0D9CE6B3F}" = CCC Help German
"{817c6bb8-ea2d-4e12-abbc-e33c3de43f64}" = Garmin Express
"{86197EF8-3D51-E4B6-7323-09986A560470}" = CCC Help Portuguese
"{88B2ABCF-9C00-47C1-8FC4-369B98845DD7}" = Catalyst Control Center - Branding
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FB88B36-A320-6325-8DBE-0C4B8DBAB286}" = CCC Help Norwegian
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_EXCEL_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_POWERPOINT_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_WORD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_EXCEL_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_POWERPOINT_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_WORD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_EXCEL_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_POWERPOINT_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_WORD_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_EXCEL_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_POWERPOINT_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_EXCEL_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_POWERPOINT_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_EXCEL_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_POWERPOINT_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_EXCEL_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_POWERPOINT_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_WORD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{934F70BF-37F9-3C35-4D22-DD8AB0146EFF}" = CCC Help Greek
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AAD06DFF-E96F-942E-8145-7FD3BEC9326B}" = CCC Help Polish
"{B3CD98E8-DA7A-CDC4-8367-E5FE201E6611}" = CCC Help Japanese
"{B4AD27A4-886B-CB7B-F929-2ABD9AF8E2CA}" = CCC Help English
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C3D5225A-5794-702D-41EB-37069A5B23C8}" = CCC Help Spanish
"{C468065B-7A72-FDD9-B16C-398F596886E8}" = CCC Help Swedish
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CCAB3C20-F0BC-14C5-2CC5-09F1B35A28EC}" = CCC Help Thai
"{ce085a78-074e-4823-8dc1-8a721b94b76d}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
"{D680339B-4B93-2BAD-1A56-B647E77D8909}" = CCC Help Korean
"{D968FBF3-E4A6-4D82-981D-D7FF9B7BFC30}" = Elevated Installer
"{DA033D67-F1DA-EAF9-8C16-F4C434E4F238}" = Catalyst Control Center
"{DC31C62B-4845-E020-DF6F-0F1E4F479E04}" = CCC Help Danish
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F14B8ECC-BDA0-4987-9201-D7B7DBE11029}" = Nero 7 Ultra Edition
"{F6A761AF-107F-B8B8-B6BC-4CE8758C247D}" = CCC Help Hungarian
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"{FE422A03-5747-271C-68EB-4BFE2C604FA0}" = CCC Help Finnish
"7-Zip" = 7-Zip 9.20
"adidas miCoach Manager_is1" = miCoach Manager
"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin
"Adobe Photoshop 7.0 CE" = Adobe Photoshop 7.0 CE
"CobBackup11" = Cobian Backup 11 Gravity
"DuckCapture_is1" = DuckCapture Standard 2.7
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"EXCEL" = Microsoft Office Excel 2007
"FastStone Image Viewer" = FastStone Image Viewer 4.8
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"JpegResampler2010_is1" = Jpeg Resampler Vs 6+
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Opera 25.0.1614.71" = Opera Stable 25.0.1614.71
"POWERPOINT" = Microsoft Office PowerPoint 2007
"WORD" = Microsoft Office Word 2007

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27.7.2014 0:22:53 | Computer Name = VESELI | Source = .NET Runtime | ID = 1026
Description = Application: Express.exe Framework Version: v4.0.30319 Description:
The process was terminated due to an unhandled exception. Exception Info: exception
code 80000003, exception address 102B35E0

Error - 27.7.2014 0:23:26 | Computer Name = VESELI | Source = .NET Runtime | ID = 1026
Description = Application: Express.exe Framework Version: v4.0.30319 Description:
The process was terminated due to an unhandled exception. Exception Info: exception
code 80000003, exception address 102B35E0

Error - 1.9.2014 15:21:33 | Computer Name = VESELI | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 6.18.60.106, faulting module
unknown, version 0.0.0.0, fault address 0x04c58f9a.

Error - 1.9.2014 15:22:33 | Computer Name = VESELI | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 6.18.60.106, faulting module
unknown, version 0.0.0.0, fault address 0x04d1910d.

Error - 1.9.2014 15:25:55 | Computer Name = VESELI | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 6.18.60.106, faulting module
unknown, version 0.0.0.0, fault address 0x04c58fa2.

Error - 1.9.2014 15:30:21 | Computer Name = VESELI | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 6.18.60.106, faulting module
unknown, version 0.0.0.0, fault address 0x04d19135.

Error - 1.9.2014 15:37:34 | Computer Name = VESELI | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 6.18.60.106, faulting module
unknown, version 0.0.0.0, fault address 0x04d1915a.

Error - 3.9.2014 13:35:11 | Computer Name = VESELI | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 6.18.60.106, faulting module
unknown, version 0.0.0.0, fault address 0x04d19123.

Error - 18.10.2014 9:16:00 | Computer Name = VESELI | Source = Application Hang | ID = 1002
Description = Hanging application javaw.exe, version 7.0.670.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 18.10.2014 9:16:11 | Computer Name = VESELI | Source = Application Hang | ID = 1001
Description = Fault bucket 417852470.

[ System Events ]
Error - 17.11.2014 4:48:26 | Computer Name = VESELI | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 17.11.2014 13:44:00 | Computer Name = VESELI | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.Windows.Common-Controls could not be
found and Last Error was The referenced assembly is not installed on your system.


Error - 17.11.2014 13:44:00 | Computer Name = VESELI | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 17.11.2014 13:44:00 | Computer Name = VESELI | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 18.11.2014 14:09:23 | Computer Name = VESELI | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.Windows.Common-Controls could not be
found and Last Error was The referenced assembly is not installed on your system.


Error - 18.11.2014 14:09:23 | Computer Name = VESELI | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 18.11.2014 14:09:23 | Computer Name = VESELI | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 18.11.2014 14:09:26 | Computer Name = VESELI | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.Windows.Common-Controls could not be
found and Last Error was The referenced assembly is not installed on your system.


Error - 18.11.2014 14:09:26 | Computer Name = VESELI | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls.
Reference
error message: The referenced assembly is not installed on your system. .

Error - 18.11.2014 14:09:26 | Computer Name = VESELI | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe.
Reference
error message: The referenced assembly is not installed on your system. .


< End of report >

[Indypetr]

Tak jsem to projel podle navodu. K PC bych se mel zase kdyz tak dostat o vikendu. Dekuji za trpelivost

[Márty84]

Stahnete crystal disk info http://sourceforge.jp/projects/crystald ... 5_0_0.zip/
Spustte ho. Za chvili se zobrazi vysledek.
Kliknete nahore na napis Úpravy a pak na napis Kopírovat. To co se zkopiruje (ulozi se to do pameti) mi sem vlozte (ctrl + V)



Napiste mi velikost adresare plochy (C:\Documents and Settings\Kristinka\Desktop)




Vypnete antivir, at nebrani programu v praci.
Znovu spustte OTL
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
[CreateRestorePoint]

:services
JavaQuickStarterService
gupdate
SkypeUpdate
AdobeFlashPlayerUpdateSvc
gupdatem
NBService

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Opera scheduled Autoupdate 1383476416.job
C:\Documents and Settings\Kristinka\Application Data\Malwarebytes
C:\Documents and Settings\All Users\Application Data\Malwarebytes

:otl
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-902231566-1358511475-2049901558-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
O3:64bit: - HKU\S-1-5-21-902231566-1358511475-2049901558-1002\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - %SystemRoot%\system32\browseui.dll File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
[21 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[21 C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[3 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[2 C:\WINDOWS\SysWOW64\*.tmp files -> C:\WINDOWS\SysWOW64\*.tmp -> ]
[1 C:\WINDOWS\SysWOW64\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\SysWOW64\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[38 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
[2014.11.02 12:05:52 | 019,828,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

:reg
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[Indypetr]

Zdravim, to jste rychlik Zitra bych se mel jeste na pc dostat, tak to provedu.

[Márty84]

Zdravim, to jste rychlik Zitra bych se mel jeste na pc dostat, tak to provedu.

No kdyz zrovna nejsem v praci, tak to jde celkem rychle

[Indypetr]

Z CrystalInfo

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Professional SP2 [5.2 Build 3790] (x64)
Date : 2014/11/19 19:12:30

-- Controller Map ----------------------------------------------------------
+ Standard Dual Channel PCI IDE Controller [ATA]
+ Primary IDE Channel (0)
- ST3250410AS
- SAMSUNG HD502HJ
+ Secondary IDE Channel (1)
- HL-DT-ST DVDRAM GH22NS50
+ Standard Dual Channel PCI IDE Controller [ATA]
+ Primary IDE Channel (0)
- ST3160815A
- Secondary IDE Channel (1)

-- Disk List ---------------------------------------------------------------
(1) SAMSUNG HD502HJ : 500,1 GB [0/0/0, pd1]
(2) ST3250410AS : 250,0 GB [1/0/1, pd1] - st
(3) ST3160815A : 160,0 GB [2/3/1, pd1] - st

----------------------------------------------------------------------------
(1) SAMSUNG HD502HJ
----------------------------------------------------------------------------
Model : SAMSUNG HD502HJ
Firmware : 1AJ100E4
Serial Number : S20BJ9BS801454
Disk Size : 500,1 GB (8,4/137,4/500,1)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 976773168
Rotation Rate : 7200 RPM
Interface : Serial ATA
Major Version : ATA8-ACS
Minor Version : ATA8-ACS version 6
Transfer Mode : SATA/300
Power On Hours : 8523 hod.
Power On Count : 3174 krát
Temparature : 27 C (80 F)
Health Status : Dobrý
Features : S.M.A.R.T., APM, AAM, 48bit LBA, NCQ
APM Level : 0000h [OFF]
AAM Level : FE00h [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 100 100 _51 000000000000 Počet chyb čtení
02 252 252 __0 000000000000 Průchodnost disku
03 _83 _82 _25 000000001540 Čas na roztočení ploten
04 _97 _97 __0 000000000C5B Počet spuštění/zastavení
05 252 252 _10 000000000000 Počet přemapovaných sektorů
07 252 252 _51 000000000000 Počet chybných hledání
08 252 252 _15 000000000000 Čas potřebný na vyhledání
09 100 100 __0 00000000214B Hodin v činnosti
0A 252 252 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 252 252 __0 000000000000 Počet pokusů o překalibrování
0C _97 _97 __0 000000000C66 Počet cyklů zapnutí zařízení
BF 100 100 __0 000000000001 Počet udalostí zaznamenaných otřesovým senzorem
C0 252 252 __0 000000000000 Počet vypnutí disku
C2 _64 _59 __0 00290010001B Teplota
C3 100 100 __0 000000000000 Počet oprav chybného čtení
C4 252 252 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 252 252 __0 000000000000 Počet podezřelých sektorů
C6 252 252 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 100 __0 000000000000 Počet chyb při zápisu sektorů
DF 252 252 __0 000000000000 Zatížení budiče magnetických hlav způsobené opakovanými úkony
E1 100 100 __0 000000000C66 Počet cyklů načítání/vymazání

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0040 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 5332 3042 4A39 4253 3830 3534 3534 2020 2020 2020
020: 0000 8000 0004 3141 4A31 4534 4534 5341 4D53 554E
030: 4720 4844 3530 3248 4A20 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 4000 2F00
050: 4000 0200 0200 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 1706 1706 0000 004C 0040
080: 01FF 0028 746B 7F69 4123 BC41 BC41 4123 407F 0027
090: 0027 0000 FFFE 0000 FE00 0000 0000 0000 0000 0000
100: 6030 3A38 0000 0000 0000 4000 4000 0000 5002 4E92
110: 00E7 AC42 0000 0000 0000 0000 0000 0000 0000 401C
120: 401C 0000 0000 0000 0000 0000 0000 0000 0029 0000
130: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
160: 0000 0000 0000 0000 0000 0000 0000 0000 0002 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 003F 003F 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 1C20 0000 0000
220: 0000 0000 101F 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0001 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 0CA5

----------------------------------------------------------------------------
(2) ST3250410AS
----------------------------------------------------------------------------
Model : ST3250410AS
Firmware : 3.AAC
Serial Number : 9RY0FN1T
Disk Size : 250,0 GB (8,4/137,4/250,0)
Buffer Size : 16384 KB
Queue Depth : 32
# of Sectors : 488397168
Rotation Rate : Neznámy údaj
Interface : Serial ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : SATA/150
Power On Hours : 11025 hod.
Power On Count : 4272 krát
Temparature : 33 C (91 F)
Health Status : Dobrý
Features : S.M.A.R.T., 48bit LBA, NCQ
APM Level : ----
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 118 _97 __6 00000BE56547 Počet chyb čtení
03 _97 _97 __0 000000000000 Čas na roztočení ploten
04 _96 _96 _20 0000000010AD Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _84 _60 _30 00000F025D20 Počet chybných hledání
09 _88 _88 __0 000000002B11 Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _96 _96 _20 0000000010B0 Počet cyklů zapnutí zařízení
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _67 _50 _45 000021190021 Teplota toku vzduchu
C2 _33 _50 __0 001300000021 Teplota
C3 102 _55 __0 00000744563D Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů
CA 100 253 __0 000000000000 Počet chyb při směrování údajů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 3952 3952 5930 464E 3154
020: 0000 8000 0004 332E 4141 2020 2020 5354 3332 3530
030: 3431 3041 5320 2020 2020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0502 0502 0000 0048 0040
080: 00FE 0000 346B 7D01 4023 BC01 BC01 4023 407F 0000
090: 0000 FEFE FFFE 0000 D000 0000 0000 0000 0000 0000
100: 5970 1D1C 0000 0000 0000 4000 4000 0000 0000 0000
110: 0000 0000 0000 0000 0000 0000 0000 0000 0000 401E
120: 401C 0000 0000 0000 0000 0000 0000 0000 0009 5970
130: 1D1C 5970 1D1C 2020 0002 0002 0002 008A 3C06 3C0A
140: 0000 07C6 0100 0800 1314 0002 0002 0080 0000 0000
150: 0080 0202 0000 0404 0000 0000 0000 0000 1D00 000B
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0001 0001 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 E8A5

----------------------------------------------------------------------------
(3) ST3160815A
----------------------------------------------------------------------------
Model : ST3160815A
Firmware : 3.AAD
Serial Number : 9RA2KA05
Disk Size : 160,0 GB (8,4/137,4/160,0)
Buffer Size : 8192 KB
Queue Depth : 1
# of Sectors : 312581808
Rotation Rate : Neznámy údaj
Interface : Parallel ATA
Major Version : ATA/ATAPI-7
Minor Version : ----
Transfer Mode : Ultra DMA/100
Power On Hours : 11595 hod.
Power On Count : 4247 krát
Temparature : 34 C (93 F)
Health Status : Dobrý
Features : S.M.A.R.T., 48bit LBA
APM Level : ----
AAM Level : ----

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 111 _99 __6 000001F7B9FE Počet chyb čtení
03 _97 _97 __0 000000000000 Čas na roztočení ploten
04 _96 _96 _20 000000001093 Počet spuštění/zastavení
05 100 100 _36 000000000000 Počet přemapovaných sektorů
07 _85 _60 _30 00001505D1AC Počet chybných hledání
09 _87 _87 __0 000000002D4B Hodin v činnosti
0A 100 100 _97 000000000000 Počet opakovaných pokusů o roztočení ploten
0C _96 _96 _20 000000001097 Počet cyklů zapnutí zařízení
BB 100 100 __0 000000000000 Ohlášeno neopravitelných chyb
BD 100 100 __0 000000000000 Vysoká rychlost zápisu
BE _66 _51 _45 000022190022 Teplota toku vzduchu
C2 _34 _49 __0 001400000022 Teplota
C3 _89 _68 __0 00000B40DD37 Počet oprav chybného čtení
C5 100 100 __0 000000000000 Počet podezřelých sektorů
C6 100 100 __0 000000000000 Počet neopravitelných sektorů
C7 200 200 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 100 253 __0 000000000000 Počet chyb při zápisu sektorů
CA 100 253 __0 000000000000 Počet chyb při směrování údajů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 0C5A 3FFF C837 0010 0000 003F 003F 0000 0000 0000
010: 2020 2020 2020 2020 2020 3952 3952 4132 4B41 3035
020: 0000 4000 0004 332E 4141 2020 2020 5354 3331 3630
030: 3831 3541 2020 2020 2020 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4000 0200 0200 0007 3FFF 003F 003F FC10 00FB 0110
060: FFFF 0FFF 0000 0007 0003 0078 0078 00F0 0078 0000
070: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
080: 00FE 0000 346B 7D01 4023 3C01 3C01 4023 203F 0000
090: 0000 FEFE FFFE 6D00 D000 0000 0000 0000 0000 0000
100: 9EB0 12A1 0000 0000 0000 4000 4000 0000 0000 0000
110: 0000 0000 0000 0000 0000 0000 0000 0100 0000 0002
120: 0000 0000 0000 0000 0000 0000 0000 0000 0009 9EB0
130: 12A1 9EB0 12A1 2020 0002 0000 0000 008A 3C06 3C0A
140: 0000 07C6 0100 0800 0F14 0002 0002 0080 0000 0000
150: 00A0 0202 0000 0404 0000 0000 0000 0000 1B00 000B
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 F9A5

[Indypetr]

Kristinka : Desctop : 13 721 494 (pocital to TotalCommander)

[Márty84]

Plocha je OK..

Druhy a treti disk hlasi chyby, i to muze delat potize. Uvidime po docisteni.

[Indypetr]

Log z OTL:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 453702261 bytes
->Temporary Internet Files folder emptied: 10429237 bytes

User: All Users

User: Bohouš
->Temp folder emptied: 9446473 bytes
->Temporary Internet Files folder emptied: 273462400 bytes
->Google Chrome cache emptied: 414539419 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Hanička
->Temp folder emptied: 169772300 bytes
->Temporary Internet Files folder emptied: 1031801169 bytes
->Google Chrome cache emptied: 10284161 bytes
->Flash cache emptied: 22505 bytes

User: Kristinka
->Temp folder emptied: 19397614 bytes
->Temporary Internet Files folder emptied: 7657622 bytes
->Google Chrome cache emptied: 447015497 bytes
->Flash cache emptied: 604 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Petr
->Temp folder emptied: 657148 bytes
->Temporary Internet Files folder emptied: 426010 bytes
->Google Chrome cache emptied: 150152961 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 4265 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 205257545 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 29029583 bytes
RecycleBin emptied: 651141 bytes

Total Files Cleaned = 3 084,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Bohouš

User: Default User

User: Hanička
->Flash cache emptied: 0 bytes

User: Kristinka
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Petr

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
========== SERVICES/DRIVERS ==========
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service NBService stopped successfully!
Service NBService deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\Adobe Flash Player Updater.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\Opera scheduled Autoupdate 1383476416.job moved successfully.
C:\Documents and Settings\Kristinka\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
C:\Documents and Settings\Kristinka\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\Documents and Settings\Kristinka\Application Data\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\Documents and Settings\Kristinka\Application Data\Malwarebytes folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Quarantine folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Configuration folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Malwarebytes folder moved successfully.
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-902231566-1358511475-2049901558-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry value HKEY_USERS\S-1-5-21-902231566-1358511475-2049901558-1002\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\tscuninstall deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10F5.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1116.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D8.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP24C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3E7.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3FC.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP434.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4E3.tmp\PresentationUI.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4E3.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP58B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5AF.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6D1.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8FE.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP90.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP945.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPADD.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPB21.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCBF.tmp\PresentationCFFRasterizer.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCBF.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCEE.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE9A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF1F.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP10A8.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP10EF.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP1112.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP122.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP123.tmp\Accessibility.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP123.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP12FC.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP148E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP1D2.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP20B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP240.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP322.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3E5.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3E6.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP419.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP446.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5AE.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP754.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAP942.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPAC5.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPCB6.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE8D.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI537.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI53E.tmp- folder deleted successfully.
C:\WINDOWS\Installer\MSI53F.tmp- folder deleted successfully.
File C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 11192014_192338

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Indypetr]

No, jo, neni nejmladsi to pc, cca 5 - 6 let.

Dobry vecer

[Márty84]

Nedavejte pri pripadne pristi kontrole logy do Quete, ani niceho jineho, spatne se to cte

T-Cleaner http://tharifas.sweb.cz/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete Ccleaner http://www.filehippo.com/download_ccleaner a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
(Pokud je v pc vice uzivatelskych uctu, pouzijte program i v nich)

Defragmentujte disk(y) (SSD Disky ne!)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak je na tom pc.