Prosim jak sa zbavim aby sa mi pc stale nereštartoval ???? P

Zpráva

PINGWIN · #1 Příspěvek od **PINGWIN** » 24 říj 2010 16:19

Brat behal po nejakych porno strankach a mam nejaky vyrus ktory ma ani nepusti do systemu len do safe modu a stale sa kolom dokola reštartuje prosim da sa toho nejako zbavit ????

#2 Příspěvek od **vyosek** » 24 říj 2010 16:25

Zdravim, pekny podvecer preji a vitam Vas u nas na foru

Pracujte tedy v nouzovem rezimu dokud nakazu neodstranime

Zde Vam kolega dal navod co potrebujeme, postupujte dle nej tedy

Hulkee píše: Postupujte podle tohohle návodu - http://www.viry.cz/forum/viewtopic.php?t=81939.

Je to návod na diagnostický program, jehož log po Vás budou rádci chtít. Na jeho základě Vám doporučí konkrétní a pro Vás specifický postup.

PINGWIN · #3 Příspěvek od **PINGWIN** » 24 říj 2010 20:03

Logfile of random's system information tool 1.08 (written by random/random)
Run by PINGWIN at 2010-10-24 20:56:00
Microsoft Windows 7 Ultimate
System drive C: has 3 GB (7%) free of 40 GB
Total RAM: 2559 MB (81% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-10-24 20:56:01 ----D---- C:\Program Files (x86)\trend micro
2010-10-24 20:55:59 ----D---- C:\rsit
2010-10-22 19:33:28 ----D---- C:\Users\PINGWIN\AppData\Roaming\Ventrilo
2010-10-22 19:13:15 ----A---- C:\Windows\ntbtlog.txt
2010-10-14 15:25:33 ----D---- C:\Program Files (x86)\Common Files\Adobe
2010-10-14 15:25:33 ----D---- C:\Program Files (x86)\Adobe
2010-10-12 19:08:43 ----A---- C:\Windows\SysWOW64\t2embed.dll
2010-10-12 19:08:39 ----A---- C:\Windows\SysWOW64\ole32.dll
2010-10-12 19:08:35 ----A---- C:\Windows\SysWOW64\wmpmde.dll
2010-10-12 19:08:34 ----A---- C:\Windows\SysWOW64\StructuredQuery.dll
2010-10-12 19:08:33 ----A---- C:\Windows\SysWOW64\mfc40.dll
2010-10-12 19:08:32 ----A---- C:\Windows\SysWOW64\mfc40u.dll
2010-10-12 19:08:31 ----A---- C:\Windows\SysWOW64\schannel.dll
2010-10-12 19:08:29 ----A---- C:\Windows\SysWOW64\comctl32.dll
2010-10-12 19:08:19 ----A---- C:\Windows\SysWOW64\iertutil.dll
2010-10-12 19:08:17 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-10-12 19:08:14 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-10-12 19:08:13 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-10-12 19:08:13 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2010-10-12 19:08:12 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-10-12 19:08:12 ----A---- C:\Windows\SysWOW64\licmgr10.dll
2010-10-12 19:08:12 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-10-12 19:08:11 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-10-12 19:08:11 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2010-10-12 19:08:11 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-10-12 19:08:11 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-10-12 19:08:11 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-10-12 19:08:11 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-10-12 19:08:11 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-10-12 19:06:17 ----A---- C:\Windows\SysWOW64\wmp.dll
2010-10-12 19:06:16 ----A---- C:\Windows\SysWOW64\wmploc.DLL
2010-10-12 19:06:15 ----A---- C:\Windows\SysWOW64\sscore.dll
2010-09-30 14:50:46 ----A---- C:\Windows\SysWOW64\XAudio2_5.dll
2010-09-30 14:50:45 ----A---- C:\Windows\SysWOW64\xactengine3_5.dll
2010-09-30 14:50:45 ----A---- C:\Windows\SysWOW64\D3DCompiler_42.dll
2010-09-30 14:50:44 ----A---- C:\Windows\SysWOW64\d3dx11_42.dll
2010-09-30 14:50:44 ----A---- C:\Windows\SysWOW64\d3dcsx_42.dll
2010-09-30 14:50:43 ----A---- C:\Windows\SysWOW64\D3DX9_42.dll
2010-09-30 14:50:43 ----A---- C:\Windows\SysWOW64\d3dx10_42.dll
2010-09-30 14:50:36 ----A---- C:\Windows\SysWOW64\d3dx10_41.dll
2010-09-30 14:50:36 ----A---- C:\Windows\SysWOW64\D3DCompiler_41.dll
2010-09-30 14:50:35 ----A---- C:\Windows\SysWOW64\XAudio2_4.dll
2010-09-30 14:50:35 ----A---- C:\Windows\SysWOW64\XAPOFX1_3.dll
2010-09-30 14:50:35 ----A---- C:\Windows\SysWOW64\D3DX9_41.dll
2010-09-30 14:50:34 ----A---- C:\Windows\SysWOW64\xactengine3_4.dll
2010-09-30 14:50:34 ----A---- C:\Windows\SysWOW64\X3DAudio1_6.dll
2010-09-30 14:50:33 ----A---- C:\Windows\SysWOW64\d3dx10_40.dll
2010-09-30 14:50:33 ----A---- C:\Windows\SysWOW64\D3DCompiler_40.dll
2010-09-30 14:50:32 ----A---- C:\Windows\SysWOW64\XAudio2_3.dll
2010-09-30 14:50:32 ----A---- C:\Windows\SysWOW64\XAPOFX1_2.dll
2010-09-30 14:50:32 ----A---- C:\Windows\SysWOW64\D3DX9_40.dll
2010-09-30 14:50:31 ----A---- C:\Windows\SysWOW64\xactengine3_3.dll
2010-09-30 14:50:30 ----A---- C:\Windows\SysWOW64\XAudio2_2.dll
2010-09-30 14:50:30 ----A---- C:\Windows\SysWOW64\XAPOFX1_1.dll
2010-09-30 14:50:30 ----A---- C:\Windows\SysWOW64\xactengine3_2.dll
2010-09-30 14:50:30 ----A---- C:\Windows\SysWOW64\X3DAudio1_5.dll
2010-09-30 14:50:29 ----A---- C:\Windows\SysWOW64\d3dx10_39.dll
2010-09-30 14:50:29 ----A---- C:\Windows\SysWOW64\D3DCompiler_39.dll
2010-09-30 14:50:28 ----A---- C:\Windows\SysWOW64\XAudio2_1.dll
2010-09-30 14:50:28 ----A---- C:\Windows\SysWOW64\XAPOFX1_0.dll
2010-09-30 14:50:28 ----A---- C:\Windows\SysWOW64\D3DX9_39.dll
2010-09-30 14:50:27 ----A---- C:\Windows\SysWOW64\xactengine3_1.dll
2010-09-30 14:50:27 ----A---- C:\Windows\SysWOW64\X3DAudio1_4.dll
2010-09-30 14:50:26 ----A---- C:\Windows\SysWOW64\D3DX9_38.dll
2010-09-30 14:50:26 ----A---- C:\Windows\SysWOW64\d3dx10_38.dll
2010-09-30 14:50:26 ----A---- C:\Windows\SysWOW64\D3DCompiler_38.dll
2010-09-30 14:50:24 ----A---- C:\Windows\SysWOW64\XAudio2_0.dll
2010-09-30 14:50:24 ----A---- C:\Windows\SysWOW64\xactengine3_0.dll
2010-09-30 14:50:24 ----A---- C:\Windows\SysWOW64\X3DAudio1_3.dll
2010-09-30 14:50:23 ----A---- C:\Windows\SysWOW64\d3dx10_37.dll
2010-09-30 14:50:23 ----A---- C:\Windows\SysWOW64\D3DCompiler_37.dll
2010-09-30 14:50:22 ----A---- C:\Windows\SysWOW64\xactengine2_10.dll
2010-09-30 14:50:22 ----A---- C:\Windows\SysWOW64\D3DX9_37.dll
2010-09-30 14:50:21 ----A---- C:\Windows\SysWOW64\d3dx9_36.dll
2010-09-30 14:50:21 ----A---- C:\Windows\SysWOW64\d3dx10_36.dll
2010-09-30 14:50:21 ----A---- C:\Windows\SysWOW64\D3DCompiler_36.dll
2010-09-30 14:50:20 ----A---- C:\Windows\SysWOW64\xactengine2_9.dll
2010-09-30 14:50:19 ----A---- C:\Windows\SysWOW64\d3dx10_35.dll
2010-09-30 14:50:19 ----A---- C:\Windows\SysWOW64\D3DCompiler_35.dll
2010-09-30 14:50:18 ----A---- C:\Windows\SysWOW64\xactengine2_8.dll
2010-09-30 14:50:18 ----A---- C:\Windows\SysWOW64\X3DAudio1_2.dll
2010-09-30 14:50:18 ----A---- C:\Windows\SysWOW64\d3dx9_35.dll
2010-09-30 14:50:17 ----A---- C:\Windows\SysWOW64\d3dx10_34.dll
2010-09-30 14:50:17 ----A---- C:\Windows\SysWOW64\D3DCompiler_34.dll
2010-09-30 14:50:16 ----A---- C:\Windows\SysWOW64\xinput1_3.dll
2010-09-30 14:50:16 ----A---- C:\Windows\SysWOW64\d3dx9_34.dll
2010-09-30 14:50:15 ----A---- C:\Windows\SysWOW64\xactengine2_7.dll
2010-09-30 14:50:15 ----A---- C:\Windows\SysWOW64\d3dx10_33.dll
2010-09-30 14:50:15 ----A---- C:\Windows\SysWOW64\D3DCompiler_33.dll
2010-09-30 14:50:14 ----A---- C:\Windows\SysWOW64\xactengine2_6.dll
2010-09-30 14:50:14 ----A---- C:\Windows\SysWOW64\d3dx9_33.dll
2010-09-30 14:50:13 ----A---- C:\Windows\SysWOW64\xactengine2_5.dll
2010-09-30 14:50:13 ----A---- C:\Windows\SysWOW64\d3dx10.dll
2010-09-30 14:50:12 ----A---- C:\Windows\SysWOW64\xactengine2_4.dll
2010-09-30 14:50:12 ----A---- C:\Windows\SysWOW64\x3daudio1_1.dll
2010-09-30 14:50:12 ----A---- C:\Windows\SysWOW64\d3dx9_32.dll
2010-09-30 14:50:10 ----A---- C:\Windows\SysWOW64\xinput1_2.dll
2010-09-30 14:50:10 ----A---- C:\Windows\SysWOW64\xactengine2_3.dll
2010-09-30 14:50:09 ----A---- C:\Windows\SysWOW64\xinput1_1.dll
2010-09-30 14:50:09 ----A---- C:\Windows\SysWOW64\xactengine2_2.dll
2010-09-30 14:50:08 ----A---- C:\Windows\SysWOW64\xactengine2_1.dll
2010-09-30 14:50:01 ----A---- C:\Windows\SysWOW64\d3dx9_30.dll
2010-09-30 14:50:00 ----A---- C:\Windows\SysWOW64\xactengine2_0.dll
2010-09-30 14:50:00 ----A---- C:\Windows\SysWOW64\x3daudio1_0.dll
2010-09-30 14:50:00 ----A---- C:\Windows\SysWOW64\d3dx9_29.dll
2010-09-30 14:49:59 ----A---- C:\Windows\SysWOW64\d3dx9_28.dll
2010-09-30 14:49:58 ----A---- C:\Windows\SysWOW64\d3dx9_27.dll
2010-09-30 14:49:58 ----A---- C:\Windows\SysWOW64\d3dx9_26.dll
2010-09-30 14:49:57 ----A---- C:\Windows\SysWOW64\d3dx9_25.dll
2010-09-30 14:49:56 ----A---- C:\Windows\SysWOW64\d3dx9_24.dll
2010-09-29 05:50:17 ----A---- C:\Windows\SysWOW64\tzres.dll

======List of files/folders modified in the last 1 months======

2010-10-24 20:56:02 ----D---- C:\Windows\Temp
2010-10-24 20:56:01 ----RD---- C:\Program Files (x86)
2010-10-24 20:55:42 ----D---- C:\Windows
2010-10-24 20:38:52 ----D---- C:\Windows\System32
2010-10-24 20:38:52 ----D---- C:\Windows\inf
2010-10-24 20:34:46 ----D---- C:\Windows\Minidump
2010-10-22 19:14:59 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-10-22 15:32:36 ----D---- C:\Windows\LiveKernelReports
2010-10-22 15:27:06 ----D---- C:\Users\PINGWIN\AppData\Roaming\Skype
2010-10-22 10:07:03 ----D---- C:\Windows\Prefetch
2010-10-21 23:54:58 ----D---- C:\Users\PINGWIN\AppData\Roaming\Azureus
2010-10-21 23:43:22 ----SHD---- C:\System Volume Information
2010-10-21 23:43:21 ----D---- C:\Windows\Logs
2010-10-16 12:27:20 ----SHD---- C:\Windows\Installer
2010-10-16 12:27:19 ----SHD---- C:\Config.Msi
2010-10-16 12:26:57 ----D---- C:\Program Files (x86)\Google
2010-10-14 15:25:38 ----D---- C:\ProgramData\Adobe
2010-10-14 15:25:33 ----D---- C:\Program Files (x86)\Common Files
2010-10-14 15:24:41 ----D---- C:\Windows\SysWOW64
2010-10-13 08:30:30 ----D---- C:\Windows\winsxs
2010-10-13 08:29:24 ----D---- C:\Windows\SysWOW64\migration
2010-10-13 08:29:24 ----D---- C:\Program Files (x86)\Internet Explorer
2010-10-13 08:29:22 ----D---- C:\Program Files (x86)\Windows Media Player
2010-10-08 16:36:20 ----D---- C:\Windows\Microsoft.NET
2010-10-08 16:36:05 ----RSD---- C:\Windows\assembly
2010-10-08 15:01:59 ----D---- C:\Program Files (x86)\Common Files\Steam
2010-10-03 16:58:01 ----SD---- C:\Users\PINGWIN\AppData\Roaming\Microsoft
2010-10-03 16:57:26 ----RSD---- C:\Windows\Fonts
2010-10-03 16:57:24 ----RD---- C:\Program Files
2010-10-01 00:23:43 ----D---- C:\Windows\rescache
2010-09-29 23:49:03 ----D---- C:\Windows\SysWOW64\en-US

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys []
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
S0x02000000 OMSCAN;OMSCAN; \Sys []
S1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
S1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
S2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys []
S2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys []
S2 windrvNT;windrvNT; \??\C:\Windows\system32\windrvNT.sys [2010-02-25 35363]
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
S3 dc3d;MS Hardware Device Detection Driver (USB); C:\Windows\system32\DRIVERS\dc3d.sys []
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys []
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys []
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys []
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam_x64.sys []
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys []
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys []
S3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys []
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys []
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys []
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys []
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-29 735960]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-03 136176]
S2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-09-29 23296]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-01-29 357456]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-10-07 411432]

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 24 říj 2010 20:04

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 5 az 10 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

PINGWIN · #5 Příspěvek od **PINGWIN** » 24 říj 2010 21:41

OTL logfile created on: 24. 10. 2010 22:24:11 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\PINGWIN\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,06 Gb Total Space | 2,69 Gb Free Space | 6,89% Space Free | Partition Type: NTFS
Drive D: | 193,82 Gb Total Space | 2,93 Gb Free Space | 1,51% Space Free | Partition Type: NTFS
Drive L: | 1000,98 Mb Total Space | 787,75 Mb Free Space | 78,70% Space Free | Partition Type: FAT

Computer Name: PINGWINKO | User Name: PINGWIN | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2010/10/25 21:20:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\PINGWIN\Desktop\OTL.exe

========== Modules (SafeList) ==========

MOD - [2010/10/25 21:20:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\PINGWIN\Desktop\OTL.exe
MOD - [2010/08/21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/01/29 23:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009/09/29 14:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009/09/29 14:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010/10/07 21:51:04 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\windrvNT.sys -- (windrvNT)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/07 18:18:58 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2010/04/02 15:01:07 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/10 13:53:40 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/11/10 13:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/11/10 13:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/09/29 14:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009/09/29 14:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009/09/29 13:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009/07/30 20:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/05/02 11:59:08 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2008/05/02 11:58:50 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2008/05/02 11:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/05/02 11:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2008/03/13 09:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007/04/03 13:57:34 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM)
DRV:64bit: - [2007/01/16 14:51:32 | 000,413,184 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2005/03/29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/02/25 20:29:56 | 000,035,363 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\windrvNT.sys -- (windrvNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-413051821-667024510-3497398708-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-413051821-667024510-3497398708-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 AD D6 0E 99 D9 CA 01 [binary data]
IE - HKU\S-1-5-21-413051821-667024510-3497398708-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/12 16:27:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/14 15:25:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/02/25 18:33:16 | 000,000,000 | ---D | M]

[2010/02/25 16:31:34 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Mozilla\Extensions
[2010/10/21 20:02:51 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Mozilla\Firefox\Profiles\p8f77d77.default\extensions
[2010/10/09 17:03:25 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\PINGWIN\AppData\Roaming\Mozilla\Firefox\Profiles\p8f77d77.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/08/02 15:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PINGWIN\AppData\Roaming\Mozilla\Firefox\Profiles\p8f77d77.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010/04/02 15:01:40 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Mozilla\Firefox\Profiles\p8f77d77.default\extensions\DTToolbar@toolbarnet.com
[2010/08/16 08:52:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/21 12:42:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/16 08:52:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/04/17 01:09:28 | 000,249,856 | ---- | M] ( ) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npff_gdm.dll
[2006/09/26 14:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2009/06/23 07:35:04 | 000,001,619 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\FFToolbar.xml
[2010/08/12 16:27:40 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010/08/12 16:27:40 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2010/08/12 16:27:40 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010/08/12 16:27:40 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010/08/12 16:27:40 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKU\S-1-5-21-413051821-667024510-3497398708-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-413051821-667024510-3497398708-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.110.186.240 195.12.128.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/11/03 18:57:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/10/25 22:34:30 | 000,000,104 | RHS- | M] () - L:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.tscc - C:\Windows\SysWow64\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 7 Days ==========

[2010/10/24 21:09:28 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\PINGWIN\Desktop\OTL.exe
[2010/10/24 20:56:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010/10/24 20:55:59 | 000,000,000 | ---D | C] -- C:\rsit
[2010/10/22 19:33:28 | 000,000,000 | ---D | C] -- C:\Users\PINGWIN\AppData\Roaming\Ventrilo
[2010/07/01 14:12:18 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\PINGWIN\AppData\Roaming\REX Shared Library.dll
[2010/07/01 14:12:18 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\PINGWIN\AppData\Roaming\Rewire.dll

========== Files - Modified Within 7 Days ==========

[2010/10/25 21:20:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\PINGWIN\Desktop\OTL.exe
[2010/10/25 21:05:32 | 000,339,991 | ---- | M] () -- C:\Users\PINGWIN\Desktop\RSIT.exe
[2010/10/24 20:57:20 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/24 20:57:20 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/24 20:57:20 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/24 20:34:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/24 20:34:37 | 2012,667,904 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/22 15:24:17 | 000,001,010 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/22 10:13:45 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/22 10:13:45 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/21 23:53:00 | 000,001,014 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/18 18:09:39 | 004,925,440 | ---- | M] () -- C:\Users\PINGWIN\Desktop\Amanda Lear - Give A Bit Of Hmm To Me (1).mp3

========== Files Created - No Company Name ==========

[2010/10/24 20:55:54 | 000,339,991 | ---- | C] () -- C:\Users\PINGWIN\Desktop\RSIT.exe
[2010/10/18 18:09:04 | 004,925,440 | ---- | C] () -- C:\Users\PINGWIN\Desktop\Amanda Lear - Give A Bit Of Hmm To Me (1).mp3
[2010/05/17 14:37:26 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/05/17 14:37:24 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/05/17 14:37:10 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/05/17 14:37:10 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/05/17 14:37:02 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/02/26 17:11:07 | 000,000,045 | ---- | C] () -- C:\Windows\Twacker.ini
[2010/02/26 17:11:03 | 000,000,036 | ---- | C] () -- C:\Windows\lifeview.ini
[2010/02/26 16:31:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/02/25 20:29:47 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\suppdll.dll
[2010/02/25 20:29:47 | 000,035,363 | ---- | C] () -- C:\Windows\SysWow64\windrvNT.sys
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/30 21:52:00 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Ashampoo
[2010/10/21 23:54:58 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Azureus
[2010/05/06 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\DAEMON Tools Lite
[2010/06/02 16:35:45 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\devede
[2010/08/02 15:29:42 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/03/28 12:55:35 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\enchant
[2010/06/15 20:39:20 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Facebook
[2010/03/08 16:23:57 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Foxit
[2010/08/16 09:42:04 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\GARMIN
[2010/08/07 22:35:57 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\gtk-2.0
[2010/02/28 14:51:27 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Leadertech
[2010/02/26 17:32:25 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\ManyCam
[2010/07/01 14:22:42 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Propellerhead Software
[2010/09/15 12:43:16 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\runic games
[2010/06/02 17:01:54 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\WinAVI
[2010/03/10 21:43:10 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\WindSolutions
[2010/09/14 19:28:22 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010/03/06 21:47:11 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Adobe
[2010/03/08 20:14:29 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Apple Computer
[2010/08/30 21:52:00 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Ashampoo
[2010/10/21 23:54:58 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Azureus
[2010/05/06 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\DAEMON Tools Lite
[2010/06/02 16:35:45 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\devede
[2010/08/02 15:29:42 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\DVDVideoSoftIEHelpers
[2010/03/28 12:55:35 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\enchant
[2010/06/15 20:39:20 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Facebook
[2010/03/08 16:23:57 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Foxit
[2010/08/16 09:42:04 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\GARMIN
[2010/08/07 22:35:57 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\gtk-2.0
[2010/02/25 16:20:26 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Identities
[2010/02/25 17:25:09 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\InstallShield
[2010/02/28 14:51:27 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Leadertech
[2010/02/28 14:49:33 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Logishrd
[2010/02/28 14:52:32 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Logitech
[2010/02/25 17:07:57 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Macromedia
[2010/02/26 17:32:25 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\ManyCam
[2009/07/14 09:45:14 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Media Center Programs
[2010/05/17 14:40:17 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Media Player Classic
[2010/10/03 16:58:01 | 000,000,000 | --SD | M] -- C:\Users\PINGWIN\AppData\Roaming\Microsoft
[2010/02/25 16:31:34 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Mozilla
[2010/03/06 21:03:56 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Nero
[2010/07/01 14:22:42 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Propellerhead Software
[2010/09/15 12:43:16 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\runic games
[2010/10/22 15:27:06 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Skype
[2010/09/16 03:00:11 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\skypePM
[2010/10/22 19:33:32 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Ventrilo
[2010/05/09 23:01:05 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\vlc
[2010/02/25 21:25:45 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Winamp
[2010/06/02 17:01:54 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\WinAVI
[2010/03/10 21:43:10 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\WindSolutions
[2010/02/25 20:14:47 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2010/08/02 15:03:05 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\PINGWIN\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2010/10/21 08:41:58 | 009,038,776 | ---- | M] (Vuze Inc.) -- C:\Users\PINGWIN\AppData\Roaming\Azureus\tmp\AZU8216085434605909079.tmp\Vuze_4.5.1.0a_win32.exe
[2010/06/15 20:39:20 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Users\PINGWIN\AppData\Roaming\Facebook\uninstall.exe
[2010/02/28 14:51:27 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\PINGWIN\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2010/09/05 14:36:11 | 000,010,134 | R--- | M] () -- C:\Users\PINGWIN\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe

< MD5 for: AGP440.SYS >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\SysWOW64\autochk.exe
[2009/07/14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2009/07/14 03:38:56 | 000,777,728 | ---- | M] (Microsoft Corporation) MD5=8B7F8E882A649D81CEA1EDE9BBB68FFF -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_3de8def0db722996\autochk.exe

< MD5 for: CDROM.SYS >
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009/07/14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009/07/14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009/07/14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009/07/14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009/10/31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009/08/03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009/10/31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009/10/31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009/08/03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009/07/14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTORV.SYS >
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009/07/14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009/07/14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009/07/14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009/07/14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2010/06/14 08:39:16 | 001,889,152 | ---- | M] (Microsoft Corporation) MD5=542C6767C68C9D6AAACA59436B0D15C2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_0fd0b57e990e2079\tcpip.sys
[2010/06/14 08:37:36 | 001,896,832 | ---- | M] (Microsoft Corporation) MD5=90A2D722CF64D911879D6C4A4F802A4D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_0f59b7ad7fe2fcc8\tcpip.sys
[2009/07/14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009/07/14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009/07/14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

< End of report >

PINGWIN · #6 Příspěvek od **PINGWIN** » 24 říj 2010 21:42

OTL Extras logfile created on: 24. 10. 2010 22:24:11 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\PINGWIN\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000041b | Country: Slovenská republika | Language: SKY | Date Format: d. M. yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39,06 Gb Total Space | 2,69 Gb Free Space | 6,89% Space Free | Partition Type: NTFS
Drive D: | 193,82 Gb Total Space | 2,93 Gb Free Space | 1,51% Space Free | Partition Type: NTFS
Drive L: | 1000,98 Mb Total Space | 787,75 Mb Free Space | 78,70% Space Free | Partition Type: FAT

Computer Name: PINGWINKO | User Name: PINGWIN | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-413051821-667024510-3497398708-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\PINGWIN\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lock folder with Folder Lock] -- d:\Program Files\Folder Lock\Folder Lock.exe %1 (NewSoftwares.net Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lock folder with Folder Lock] -- d:\Program Files\Folder Lock\Folder Lock.exe %1 (NewSoftwares.net Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4183655A-5FC6-4A23-A804-7764145EC57C}" = ESET NOD32 Antivirus
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"SP6" = Logitech SetPoint 6.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90850405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.0 - Czech
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C7DD94A8-F775-426C-B56C-8E555A59F9E2}" = Garmin Communicator Plugin
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3D1D696-84A8-465A-BC61-CDAC852B24CD}_is1" = Pod to PC, v1.5
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.4
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"BSPlayer1" = BSPlayer
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"EADM" = EA Download Manager
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"HijackThis" = HijackThis 1.99.1
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.9.0 (Full)
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"R4" = R4
"Runic Games Torchlight" = Torchlight
"StarCraft II" = StarCraft II
"The Treasures of Montezuma 2 1.00" = The Treasures of Montezuma 2 1.00
"Uninstall_is1" = Uninstall 1.0.0.1
"Ve stínu havrana_is1" = Ve stínu havrana
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"WinAVI Video Converter 10.5_is1" = WinAVI Video Converter
"Windows Mobile Device Handbook" = Príručka zariadenia Windows Mobile®

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-413051821-667024510-3497398708-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Folder Lock" = Folder Lock
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18. 10. 2010 9:36:54 | Computer Name = PINGWINKO | Source = Application Hang | ID = 1002
Description = The program winamp.exe version 5.5.5.2419 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 6dc Start
Time: 01cb6ec9769f0ce1 Termination Time: 41 Application Path: C:\Program Files (x86)\Winamp\winamp.exe

Report
Id: c0890347-dabc-11df-83e0-00173189d40d

Error - 18. 10. 2010 9:37:18 | Computer Name = PINGWINKO | Source = Application Hang | ID = 1002
Description = The program winamp.exe version 5.5.5.2419 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 8cc Start
Time: 01cb6ec988d1bfd5 Termination Time: 15 Application Path: C:\Program Files (x86)\Winamp\winamp.exe

Report
Id: d17703fa-dabc-11df-83e0-00173189d40d

Error - 21. 10. 2010 17:40:10 | Computer Name = PINGWINKO | Source = Application Error | ID = 1000
Description = Faulting application name: Floola.exe, version: 5.7.0.0, time stamp:
0x4b6afb1e Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time
stamp: 0x4afa620b Exception code: 0xc0000005 Fault offset: 0x6bedbe79 Faulting process
id: 0xe48 Faulting application start time: 0x01cb716792b7dfa4 Faulting application
path: D:\Programi\Floola-win\Floola.exe Faulting module path: QuickTime.qts Report
Id: c6da2beb-dd5b-11df-9251-00173189d40d

Error - 21. 10. 2010 17:52:19 | Computer Name = PINGWINKO | Source = Application Error | ID = 1000
Description = Faulting application name: Floola.exe, version: 5.7.0.0, time stamp:
0x4b6afb1e Faulting module name: QuickTime.qts_unloaded, version: 0.0.0.0, time
stamp: 0x4afa620b Exception code: 0xc0000005 Fault offset: 0x6a1bbe79 Faulting process
id: 0x1094 Faulting application start time: 0x01cb7169839b7cb3 Faulting application
path: D:\Programi\Floola-win\Floola.exe Faulting module path: QuickTime.qts Report
Id: 79ccdd08-dd5d-11df-9251-00173189d40d

Error - 21. 10. 2010 17:55:07 | Computer Name = PINGWINKO | Source = Application Error | ID = 1000
Description = Faulting application name: YamiPod.exe, version: 32768.0.0.0, time
stamp: 0x43c03437 Faulting module name: QTCF.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4afa620c Exception code: 0xc0000005 Fault offset: 0x72a31040 Faulting process
id: 0x118c Faulting application start time: 0x01cb716a9fb96561 Faulting application
path: D:\Filmy\Rar$EX00.531\YamiPod.exe Faulting module path: QTCF.dll Report Id:
ddea43be-dd5d-11df-9251-00173189d40d

Error - 21. 10. 2010 17:56:35 | Computer Name = PINGWINKO | Source = Application Error | ID = 1000
Description = Faulting application name: YamiPod.exe, version: 32768.0.0.0, time
stamp: 0x43c03437 Faulting module name: QTCF.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4afa620c Exception code: 0xc0000005 Fault offset: 0x72a31040 Faulting process
id: 0x1294 Faulting application start time: 0x01cb716ad46e1975 Faulting application
path: D:\Programi\ipo\YamiPod.exe Faulting module path: QTCF.dll Report Id: 12416386-dd5e-11df-9251-00173189d40d

Error - 21. 10. 2010 17:56:53 | Computer Name = PINGWINKO | Source = Application Error | ID = 1000
Description = Faulting application name: YamiPod.exe, version: 32768.0.0.0, time
stamp: 0x43c03437 Faulting module name: QTCF.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4afa620c Exception code: 0xc0000005 Fault offset: 0x72a51040 Faulting process
id: 0x13a4 Faulting application start time: 0x01cb716adf19ede8 Faulting application
path: D:\Programi\ipo\YamiPod.exe Faulting module path: QTCF.dll Report Id: 1cf07f34-dd5e-11df-9251-00173189d40d

Error - 21. 10. 2010 17:57:04 | Computer Name = PINGWINKO | Source = Application Error | ID = 1000
Description = Faulting application name: YamiPod.exe, version: 32768.0.0.0, time
stamp: 0x43c03437 Faulting module name: QTCF.dll_unloaded, version: 0.0.0.0, time
stamp: 0x4afa620c Exception code: 0xc0000005 Fault offset: 0x72a31040 Faulting process
id: 0x8c4 Faulting application start time: 0x01cb716ae563b3a7 Faulting application
path: D:\Programi\ipo\YamiPod.exe Faulting module path: QTCF.dll Report Id: 233e9736-dd5e-11df-9251-00173189d40d

Error - 22. 10. 2010 13:37:32 | Computer Name = PINGWINKO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/m ... ootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 22. 10. 2010 13:37:32 | Computer Name = PINGWINKO | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/m ... ootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

[ Media Center Events ]
Error - 30. 5. 2010 10:13:14 | Computer Name = PINGWINKO | Source = MCUpdate | ID = 0
Description = 16:13:09 - Error connecting to the internet. 16:13:09 - Unable
to contact server..

Error - 30. 5. 2010 11:13:57 | Computer Name = PINGWINKO | Source = MCUpdate | ID = 0
Description = 17:13:57 - Error connecting to the internet. 17:13:57 - Unable
to contact server..

Error - 30. 5. 2010 11:14:27 | Computer Name = PINGWINKO | Source = MCUpdate | ID = 0
Description = 17:14:26 - Error connecting to the internet. 17:14:26 - Unable
to contact server..

Error - 30. 5. 2010 12:16:42 | Computer Name = PINGWINKO | Source = MCUpdate | ID = 0
Description = 18:16:42 - Error connecting to the internet. 18:16:42 - Unable
to contact server..

Error - 30. 5. 2010 12:17:13 | Computer Name = PINGWINKO | Source = MCUpdate | ID = 0
Description = 18:17:12 - Error connecting to the internet. 18:17:12 - Unable
to contact server..

Error - 30. 5. 2010 13:18:02 | Computer Name = PINGWINKO | Source = MCUpdate | ID = 0
Description = 19:18:02 - Failed to retrieve Directory (Error: Unable to connect
to the remote server)

Error - 30. 5. 2010 13:19:06 | Computer Name = PINGWINKO | Source = MCUpdate | ID = 0
Description = 19:18:45 - Failed to retrieve MCEClientUX (Error: Unable to connect
to the remote server)

Error - 30. 5. 2010 13:19:31 | Computer Name = PINGWINKO | Source = MCUpdate | ID = 0
Description = 19:19:27 - Failed to retrieve Broadband (Error: Unable to connect
to the remote server)

Error - 20. 9. 2010 10:18:56 | Computer Name = PINGWINKO | Source = MCUpdate | ID = 0
Description = 16:18:56 - Error connecting to the internet. 16:18:56 - Unable
to contact server..

Error - 20. 9. 2010 10:19:14 | Computer Name = PINGWINKO | Source = MCUpdate | ID = 0
Description = 16:19:01 - Error connecting to the internet. 16:19:01 - Unable
to contact server..

[ System Events ]
Error - 29. 8. 2010 2:30:47 | Computer Name = PINGWINKO | Source = Service Control Manager | ID = 7000
Description = The OMSCAN service failed to start due to the following error: %%2

Error - 29. 8. 2010 2:30:54 | Computer Name = PINGWINKO | Source = Service Control Manager | ID = 7000
Description = The windrvNT service failed to start due to the following error: %%2

Error - 29. 8. 2010 2:52:25 | Computer Name = PINGWINKO | Source = volsnap | ID = 393252
Description = The shadow copies of volume C: were aborted because the shadow copy
storage could not grow due to a user imposed limit.

Error - 29. 8. 2010 4:02:02 | Computer Name = PINGWINKO | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 29. 8. 2010 4:02:09 | Computer Name = PINGWINKO | Source = Service Control Manager | ID = 7000
Description = The OMSCAN service failed to start due to the following error: %%2

Error - 29. 8. 2010 4:02:16 | Computer Name = PINGWINKO | Source = Service Control Manager | ID = 7000
Description = The windrvNT service failed to start due to the following error: %%2

Error - 29. 8. 2010 4:04:49 | Computer Name = PINGWINKO | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WerSvc service.

Error - 29. 8. 2010 4:06:04 | Computer Name = PINGWINKO | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Some processor performance power management features have been disabled
due to a known firmware problem. Check with the computer manufacturer for updated
firmware.

Error - 29. 8. 2010 4:06:10 | Computer Name = PINGWINKO | Source = Service Control Manager | ID = 7000
Description = The OMSCAN service failed to start due to the following error: %%2

Error - 29. 8. 2010 4:06:18 | Computer Name = PINGWINKO | Source = Service Control Manager | ID = 7000
Description = The windrvNT service failed to start due to the following error: %%2

< End of report >

#7 Příspěvek od **vyosek** » 24 říj 2010 21:53

Uvolnete volne misto alespon na 5 giga, jinak se Vam Visty zacnou dusit

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Windows\SysNative\windrvNT.sys -- (windrvNT)
IE - HKU\S-1-5-21-413051821-667024510-3497398708-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 99 AD D6 0E 99 D9 CA 01 [binary data]
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
[2010/04/02 15:01:40 | 000,000,000 | ---D | M] -- C:\Users\PINGWIN\AppData\Roaming\Mozilla\Firefox\Profiles\p8f77d77.default\extensions\DTToolbar@toolbarnet.com
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKU\S-1-5-21-413051821-667024510-3497398708-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-413051821-667024510-3497398708-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O13 - gopher Prefix: missing
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL File not found
 
:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

PINGWIN · #8 Příspěvek od **PINGWIN** » 24 říj 2010 22:17

a ked ten pc nemam pripojeny na internet a neaktualizuje sa mi ten program da sa to aj tak ? a ten log po tej oprave mi nevyhodilo

#9 Příspěvek od **vyosek** » 24 říj 2010 22:18

Jak tedy z toho PC pisete

Bez aktualizace databaze je to zbytecne, jelikoz tam nebudou aktualni hrozby..

PINGWIN · #10 Příspěvek od **PINGWIN** » 24 říj 2010 22:20

pisem s druheho pc lebo sa mi na tom druhem nechce rozbehnut internet

#11 Příspěvek od **vyosek** » 24 říj 2010 22:22

Log z OTL bude ulozen v c:\_OTL\MovedFiles

Udelejte tedy sken pomoci AVPTool http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 - log pak sem

PINGWIN · #12 Příspěvek od **PINGWIN** » 24 říj 2010 22:25

All processes killed
========== OTL ==========
Service windrvNT stopped successfully!
Service windrvNT deleted successfully!
File C:\Windows\SysNative\windrvNT.sys not found.
HKU\S-1-5-21-413051821-667024510-3497398708-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Prefs.js: "DAEMON Search" removed from browser.search.selectedEngine
Prefs.js: DTToolbar@toolbarnet.com:1.1.2.0185 removed from extensions.enabledItems
C:\Users\PINGWIN\AppData\Roaming\Mozilla\Firefox\Profiles\p8f77d77.default\extensions\DTToolbar@toolbarnet.com\components\Resources folder moved successfully.
C:\Users\PINGWIN\AppData\Roaming\Mozilla\Firefox\Profiles\p8f77d77.default\extensions\DTToolbar@toolbarnet.com\components folder moved successfully.
C:\Users\PINGWIN\AppData\Roaming\Mozilla\Firefox\Profiles\p8f77d77.default\extensions\DTToolbar@toolbarnet.com\chrome folder moved successfully.
C:\Users\PINGWIN\AppData\Roaming\Mozilla\Firefox\Profiles\p8f77d77.default\extensions\DTToolbar@toolbarnet.com folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
64bit-Registry value HKEY_USERS\S-1-5-21-413051821-667024510-3497398708-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-413051821-667024510-3497398708-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD}\ deleted successfully.
========== FILES ==========
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F50.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6923.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPAA51.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPC181.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\Windows\Temp\DMIC936.tmp moved successfully.
C:\Windows\Temp\DMICFCE.tmp moved successfully.
C:\Windows\Temp\DMIEDB6.tmp moved successfully.
C:\Windows\Temp\HTT103B.tmp moved successfully.
C:\Windows\Temp\HTT1047.tmp moved successfully.
C:\Windows\Temp\HTT1116.tmp moved successfully.
C:\Windows\Temp\HTT116F.tmp moved successfully.
C:\Windows\Temp\HTT11AC.tmp moved successfully.
C:\Windows\Temp\HTT1585.tmp moved successfully.
C:\Windows\Temp\HTT16.tmp moved successfully.
C:\Windows\Temp\HTT1615.tmp moved successfully.
C:\Windows\Temp\HTT167C.tmp moved successfully.
C:\Windows\Temp\HTT16CF.tmp moved successfully.
C:\Windows\Temp\HTT1761.tmp moved successfully.
C:\Windows\Temp\HTT1778.tmp moved successfully.
C:\Windows\Temp\HTT1858.tmp moved successfully.
C:\Windows\Temp\HTT1920.tmp moved successfully.
C:\Windows\Temp\HTT1922.tmp moved successfully.
C:\Windows\Temp\HTT1978.tmp moved successfully.
C:\Windows\Temp\HTT1A22.tmp moved successfully.
C:\Windows\Temp\HTT1AB9.tmp moved successfully.
C:\Windows\Temp\HTT1AC7.tmp moved successfully.
C:\Windows\Temp\HTT1AD5.tmp moved successfully.
C:\Windows\Temp\HTT1B10.tmp moved successfully.
C:\Windows\Temp\HTT1B17.tmp moved successfully.
C:\Windows\Temp\HTT1B51.tmp moved successfully.
C:\Windows\Temp\HTT1B65.tmp moved successfully.
C:\Windows\Temp\HTT1BB3.tmp moved successfully.
C:\Windows\Temp\HTT1BD.tmp moved successfully.
C:\Windows\Temp\HTT1C2.tmp moved successfully.
C:\Windows\Temp\HTT1C7A.tmp moved successfully.
C:\Windows\Temp\HTT1CE9.tmp moved successfully.
C:\Windows\Temp\HTT1DD1.tmp moved successfully.
C:\Windows\Temp\HTT1FBE.tmp moved successfully.
C:\Windows\Temp\HTT1FE3.tmp moved successfully.
C:\Windows\Temp\HTT2003.tmp moved successfully.
C:\Windows\Temp\HTT215B.tmp moved successfully.
C:\Windows\Temp\HTT222D.tmp moved successfully.
C:\Windows\Temp\HTT2234.tmp moved successfully.
C:\Windows\Temp\HTT2260.tmp moved successfully.
C:\Windows\Temp\HTT22E5.tmp moved successfully.
C:\Windows\Temp\HTT2401.tmp moved successfully.
C:\Windows\Temp\HTT2535.tmp moved successfully.
C:\Windows\Temp\HTT25A0.tmp moved successfully.
C:\Windows\Temp\HTT260D.tmp moved successfully.
C:\Windows\Temp\HTT2673.tmp moved successfully.
C:\Windows\Temp\HTT26D4.tmp moved successfully.
C:\Windows\Temp\HTT2759.tmp moved successfully.
C:\Windows\Temp\HTT27B0.tmp moved successfully.
C:\Windows\Temp\HTT27B2.tmp moved successfully.
C:\Windows\Temp\HTT2803.tmp moved successfully.
C:\Windows\Temp\HTT2854.tmp moved successfully.
C:\Windows\Temp\HTT29B6.tmp moved successfully.
C:\Windows\Temp\HTT2A4E.tmp moved successfully.
C:\Windows\Temp\HTT2AD5.tmp moved successfully.
C:\Windows\Temp\HTT2AEF.tmp moved successfully.
C:\Windows\Temp\HTT2B0A.tmp moved successfully.
C:\Windows\Temp\HTT2B35.tmp moved successfully.
C:\Windows\Temp\HTT2B48.tmp moved successfully.
C:\Windows\Temp\HTT2B84.tmp moved successfully.
C:\Windows\Temp\HTT2BC5.tmp moved successfully.
C:\Windows\Temp\HTT2C92.tmp moved successfully.
C:\Windows\Temp\HTT2CCD.tmp moved successfully.
C:\Windows\Temp\HTT2D0F.tmp moved successfully.
C:\Windows\Temp\HTT2EFB.tmp moved successfully.
C:\Windows\Temp\HTT2F3E.tmp moved successfully.
C:\Windows\Temp\HTT2FED.tmp moved successfully.
C:\Windows\Temp\HTT3054.tmp moved successfully.
C:\Windows\Temp\HTT313.tmp moved successfully.
C:\Windows\Temp\HTT34A6.tmp moved successfully.
C:\Windows\Temp\HTT367.tmp moved successfully.
C:\Windows\Temp\HTT369D.tmp moved successfully.
C:\Windows\Temp\HTT37CE.tmp moved successfully.
C:\Windows\Temp\HTT37ED.tmp moved successfully.
C:\Windows\Temp\HTT3879.tmp moved successfully.
C:\Windows\Temp\HTT38B3.tmp moved successfully.
C:\Windows\Temp\HTT38E5.tmp moved successfully.
C:\Windows\Temp\HTT3924.tmp moved successfully.
C:\Windows\Temp\HTT392C.tmp moved successfully.
C:\Windows\Temp\HTT3A17.tmp moved successfully.
C:\Windows\Temp\HTT3A50.tmp moved successfully.
C:\Windows\Temp\HTT3B32.tmp moved successfully.
C:\Windows\Temp\HTT3B36.tmp moved successfully.
C:\Windows\Temp\HTT3BB7.tmp moved successfully.
C:\Windows\Temp\HTT3C37.tmp moved successfully.
C:\Windows\Temp\HTT3CE0.tmp moved successfully.
C:\Windows\Temp\HTT3D04.tmp moved successfully.
C:\Windows\Temp\HTT3D69.tmp moved successfully.
C:\Windows\Temp\HTT3DCC.tmp moved successfully.
C:\Windows\Temp\HTT4139.tmp moved successfully.
C:\Windows\Temp\HTT413C.tmp moved successfully.
C:\Windows\Temp\HTT426E.tmp moved successfully.
C:\Windows\Temp\HTT4271.tmp moved successfully.
C:\Windows\Temp\HTT42C4.tmp moved successfully.
C:\Windows\Temp\HTT43AD.tmp moved successfully.
C:\Windows\Temp\HTT4433.tmp moved successfully.
C:\Windows\Temp\HTT4478.tmp moved successfully.
C:\Windows\Temp\HTT458B.tmp moved successfully.
C:\Windows\Temp\HTT4668.tmp moved successfully.
C:\Windows\Temp\HTT4751.tmp moved successfully.
C:\Windows\Temp\HTT47FB.tmp moved successfully.
C:\Windows\Temp\HTT487D.tmp moved successfully.
C:\Windows\Temp\HTT4926.tmp moved successfully.
C:\Windows\Temp\HTT4BB3.tmp moved successfully.
C:\Windows\Temp\HTT4CAB.tmp moved successfully.
C:\Windows\Temp\HTT4D28.tmp moved successfully.
C:\Windows\Temp\HTT4D9F.tmp moved successfully.
C:\Windows\Temp\HTT4DB2.tmp moved successfully.
C:\Windows\Temp\HTT4DE4.tmp moved successfully.
C:\Windows\Temp\HTT538E.tmp moved successfully.
C:\Windows\Temp\HTT5454.tmp moved successfully.
C:\Windows\Temp\HTT5527.tmp moved successfully.
C:\Windows\Temp\HTT5573.tmp moved successfully.
C:\Windows\Temp\HTT561C.tmp moved successfully.
C:\Windows\Temp\HTT5668.tmp moved successfully.
C:\Windows\Temp\HTT56B2.tmp moved successfully.
C:\Windows\Temp\HTT582F.tmp moved successfully.
C:\Windows\Temp\HTT5940.tmp moved successfully.
C:\Windows\Temp\HTT5955.tmp moved successfully.
C:\Windows\Temp\HTT5A64.tmp moved successfully.
C:\Windows\Temp\HTT5A6E.tmp moved successfully.
C:\Windows\Temp\HTT5AD5.tmp moved successfully.
C:\Windows\Temp\HTT5B17.tmp moved successfully.
C:\Windows\Temp\HTT5CA3.tmp moved successfully.
C:\Windows\Temp\HTT5D00.tmp moved successfully.
C:\Windows\Temp\HTT5E22.tmp moved successfully.
C:\Windows\Temp\HTT5E40.tmp moved successfully.
C:\Windows\Temp\HTT5EED.tmp moved successfully.
C:\Windows\Temp\HTT605C.tmp moved successfully.
C:\Windows\Temp\HTT6122.tmp moved successfully.
C:\Windows\Temp\HTT615C.tmp moved successfully.
C:\Windows\Temp\HTT623F.tmp moved successfully.
C:\Windows\Temp\HTT62AE.tmp moved successfully.
C:\Windows\Temp\HTT62CB.tmp moved successfully.
C:\Windows\Temp\HTT62D4.tmp moved successfully.
C:\Windows\Temp\HTT6362.tmp moved successfully.
C:\Windows\Temp\HTT641F.tmp moved successfully.
C:\Windows\Temp\HTT6691.tmp moved successfully.
C:\Windows\Temp\HTT66B8.tmp moved successfully.
C:\Windows\Temp\HTT66D7.tmp moved successfully.
C:\Windows\Temp\HTT681C.tmp moved successfully.
C:\Windows\Temp\HTT6835.tmp moved successfully.
C:\Windows\Temp\HTT6872.tmp moved successfully.
C:\Windows\Temp\HTT6890.tmp moved successfully.
C:\Windows\Temp\HTT68A.tmp moved successfully.
C:\Windows\Temp\HTT68EC.tmp moved successfully.
C:\Windows\Temp\HTT6A2D.tmp moved successfully.
C:\Windows\Temp\HTT6A3F.tmp moved successfully.
C:\Windows\Temp\HTT6A41.tmp moved successfully.
C:\Windows\Temp\HTT6A6F.tmp moved successfully.
C:\Windows\Temp\HTT6A9A.tmp moved successfully.
C:\Windows\Temp\HTT6AB.tmp moved successfully.
C:\Windows\Temp\HTT6AC5.tmp moved successfully.
C:\Windows\Temp\HTT6BAC.tmp moved successfully.
C:\Windows\Temp\HTT6C17.tmp moved successfully.
C:\Windows\Temp\HTT6F17.tmp moved successfully.
C:\Windows\Temp\HTT70EF.tmp moved successfully.
C:\Windows\Temp\HTT712C.tmp moved successfully.
C:\Windows\Temp\HTT7249.tmp moved successfully.
C:\Windows\Temp\HTT72E.tmp moved successfully.
C:\Windows\Temp\HTT7302.tmp moved successfully.
C:\Windows\Temp\HTT73F9.tmp moved successfully.
C:\Windows\Temp\HTT73FA.tmp moved successfully.
C:\Windows\Temp\HTT7530.tmp moved successfully.
C:\Windows\Temp\HTT7554.tmp moved successfully.
C:\Windows\Temp\HTT75F9.tmp moved successfully.
C:\Windows\Temp\HTT763C.tmp moved successfully.
C:\Windows\Temp\HTT764B.tmp moved successfully.
C:\Windows\Temp\HTT768E.tmp moved successfully.
C:\Windows\Temp\HTT777B.tmp moved successfully.
C:\Windows\Temp\HTT7783.tmp moved successfully.
C:\Windows\Temp\HTT77A7.tmp moved successfully.
C:\Windows\Temp\HTT77C6.tmp moved successfully.
C:\Windows\Temp\HTT785C.tmp moved successfully.
C:\Windows\Temp\HTT789E.tmp moved successfully.
C:\Windows\Temp\HTT7B8B.tmp moved successfully.
C:\Windows\Temp\HTT7BED.tmp moved successfully.
C:\Windows\Temp\HTT7D61.tmp moved successfully.
C:\Windows\Temp\HTT7E74.tmp moved successfully.
C:\Windows\Temp\HTT7EDE.tmp moved successfully.
C:\Windows\Temp\HTT80C3.tmp moved successfully.
C:\Windows\Temp\HTT80CC.tmp moved successfully.
C:\Windows\Temp\HTT812A.tmp moved successfully.
C:\Windows\Temp\HTT82E6.tmp moved successfully.
C:\Windows\Temp\HTT83C5.tmp moved successfully.
C:\Windows\Temp\HTT8469.tmp moved successfully.
C:\Windows\Temp\HTT8703.tmp moved successfully.
C:\Windows\Temp\HTT872E.tmp moved successfully.
C:\Windows\Temp\HTT87C6.tmp moved successfully.
C:\Windows\Temp\HTT8903.tmp moved successfully.
C:\Windows\Temp\HTT8A57.tmp moved successfully.
C:\Windows\Temp\HTT8AA0.tmp moved successfully.
C:\Windows\Temp\HTT8F16.tmp moved successfully.
C:\Windows\Temp\HTT8FBA.tmp moved successfully.
C:\Windows\Temp\HTT908.tmp moved successfully.
C:\Windows\Temp\HTT90DC.tmp moved successfully.
C:\Windows\Temp\HTT9153.tmp moved successfully.
C:\Windows\Temp\HTT919B.tmp moved successfully.
C:\Windows\Temp\HTT91DB.tmp moved successfully.
C:\Windows\Temp\HTT9276.tmp moved successfully.
C:\Windows\Temp\HTT9285.tmp moved successfully.
C:\Windows\Temp\HTT962E.tmp moved successfully.
C:\Windows\Temp\HTT9637.tmp moved successfully.
C:\Windows\Temp\HTT9689.tmp moved successfully.
C:\Windows\Temp\HTT981F.tmp moved successfully.
C:\Windows\Temp\HTT984B.tmp moved successfully.
C:\Windows\Temp\HTT989F.tmp moved successfully.
C:\Windows\Temp\HTT9BCA.tmp moved successfully.
C:\Windows\Temp\HTT9BF7.tmp moved successfully.
C:\Windows\Temp\HTT9C4A.tmp moved successfully.
C:\Windows\Temp\HTT9C8E.tmp moved successfully.
C:\Windows\Temp\HTT9DA7.tmp moved successfully.
C:\Windows\Temp\HTT9E4.tmp moved successfully.
C:\Windows\Temp\HTT9E6B.tmp moved successfully.
C:\Windows\Temp\HTT9FC.tmp moved successfully.
C:\Windows\Temp\HTTA09A.tmp moved successfully.
C:\Windows\Temp\HTTA0A9.tmp moved successfully.
C:\Windows\Temp\HTTA129.tmp moved successfully.
C:\Windows\Temp\HTTA2FD.tmp moved successfully.
C:\Windows\Temp\HTTA32.tmp moved successfully.
C:\Windows\Temp\HTTA41C.tmp moved successfully.
C:\Windows\Temp\HTTA4A5.tmp moved successfully.
C:\Windows\Temp\HTTA54C.tmp moved successfully.
C:\Windows\Temp\HTTA5E7.tmp moved successfully.
C:\Windows\Temp\HTTA613.tmp moved successfully.
C:\Windows\Temp\HTTA662.tmp moved successfully.
C:\Windows\Temp\HTTA70D.tmp moved successfully.
C:\Windows\Temp\HTTA73B.tmp moved successfully.
C:\Windows\Temp\HTTA766.tmp moved successfully.
C:\Windows\Temp\HTTA929.tmp moved successfully.
C:\Windows\Temp\HTTA93F.tmp moved successfully.
C:\Windows\Temp\HTTA987.tmp moved successfully.
C:\Windows\Temp\HTTA9A.tmp moved successfully.
C:\Windows\Temp\HTTAB23.tmp moved successfully.
C:\Windows\Temp\HTTABB4.tmp moved successfully.
C:\Windows\Temp\HTTAD33.tmp moved successfully.
C:\Windows\Temp\HTTAD95.tmp moved successfully.
C:\Windows\Temp\HTTADA7.tmp moved successfully.
C:\Windows\Temp\HTTAEBE.tmp moved successfully.
C:\Windows\Temp\HTTAEDD.tmp moved successfully.
C:\Windows\Temp\HTTAF1D.tmp moved successfully.
C:\Windows\Temp\HTTAFD.tmp moved successfully.
C:\Windows\Temp\HTTB341.tmp moved successfully.
C:\Windows\Temp\HTTB394.tmp moved successfully.
C:\Windows\Temp\HTTB3BD.tmp moved successfully.
C:\Windows\Temp\HTTB40E.tmp moved successfully.
C:\Windows\Temp\HTTB41F.tmp moved successfully.
C:\Windows\Temp\HTTB527.tmp moved successfully.
C:\Windows\Temp\HTTB70D.tmp moved successfully.
C:\Windows\Temp\HTTB7C6.tmp moved successfully.
C:\Windows\Temp\HTTB86.tmp moved successfully.
C:\Windows\Temp\HTTB8DB.tmp moved successfully.
C:\Windows\Temp\HTTB8F9.tmp moved successfully.
C:\Windows\Temp\HTTB94F.tmp moved successfully.
C:\Windows\Temp\HTTB968.tmp moved successfully.
C:\Windows\Temp\HTTB9B5.tmp moved successfully.
C:\Windows\Temp\HTTBB57.tmp moved successfully.
C:\Windows\Temp\HTTBBBA.tmp moved successfully.
C:\Windows\Temp\HTTBDA2.tmp moved successfully.
C:\Windows\Temp\HTTBE3D.tmp moved successfully.
C:\Windows\Temp\HTTBF14.tmp moved successfully.
C:\Windows\Temp\HTTC1F2.tmp moved successfully.
C:\Windows\Temp\HTTC39E.tmp moved successfully.
C:\Windows\Temp\HTTC3B4.tmp moved successfully.
C:\Windows\Temp\HTTC3E2.tmp moved successfully.
C:\Windows\Temp\HTTC3EB.tmp moved successfully.
C:\Windows\Temp\HTTC418.tmp moved successfully.
C:\Windows\Temp\HTTC474.tmp moved successfully.
C:\Windows\Temp\HTTC535.tmp moved successfully.
C:\Windows\Temp\HTTC549.tmp moved successfully.
C:\Windows\Temp\HTTC66.tmp moved successfully.
C:\Windows\Temp\HTTC667.tmp moved successfully.
C:\Windows\Temp\HTTC66E.tmp moved successfully.
C:\Windows\Temp\HTTC67D.tmp moved successfully.
C:\Windows\Temp\HTTC92B.tmp moved successfully.
C:\Windows\Temp\HTTCA27.tmp moved successfully.
C:\Windows\Temp\HTTCA8F.tmp moved successfully.
C:\Windows\Temp\HTTCAA2.tmp moved successfully.
C:\Windows\Temp\HTTCB5D.tmp moved successfully.
C:\Windows\Temp\HTTCBE7.tmp moved successfully.
C:\Windows\Temp\HTTCC48.tmp moved successfully.
C:\Windows\Temp\HTTCCA4.tmp moved successfully.
C:\Windows\Temp\HTTCD03.tmp moved successfully.
C:\Windows\Temp\HTTCD12.tmp moved successfully.
C:\Windows\Temp\HTTCD23.tmp moved successfully.
C:\Windows\Temp\HTTCD6.tmp moved successfully.
C:\Windows\Temp\HTTCD65.tmp moved successfully.
C:\Windows\Temp\HTTCDDE.tmp moved successfully.
C:\Windows\Temp\HTTCEA0.tmp moved successfully.
C:\Windows\Temp\HTTCEAE.tmp moved successfully.
C:\Windows\Temp\HTTCFA9.tmp moved successfully.
C:\Windows\Temp\HTTD0B7.tmp moved successfully.
C:\Windows\Temp\HTTD10F.tmp moved successfully.
C:\Windows\Temp\HTTD185.tmp moved successfully.
C:\Windows\Temp\HTTD1EF.tmp moved successfully.
C:\Windows\Temp\HTTD387.tmp moved successfully.
C:\Windows\Temp\HTTD4F9.tmp moved successfully.
C:\Windows\Temp\HTTD546.tmp moved successfully.
C:\Windows\Temp\HTTD5B6.tmp moved successfully.
C:\Windows\Temp\HTTD69C.tmp moved successfully.
C:\Windows\Temp\HTTD6C0.tmp moved successfully.
C:\Windows\Temp\HTTD6D9.tmp moved successfully.
C:\Windows\Temp\HTTD82B.tmp moved successfully.
C:\Windows\Temp\HTTD8E1.tmp moved successfully.
C:\Windows\Temp\HTTD9D3.tmp moved successfully.
C:\Windows\Temp\HTTDA05.tmp moved successfully.
C:\Windows\Temp\HTTDA72.tmp moved successfully.
C:\Windows\Temp\HTTDA91.tmp moved successfully.
C:\Windows\Temp\HTTDC6E.tmp moved successfully.
C:\Windows\Temp\HTTDD83.tmp moved successfully.
C:\Windows\Temp\HTTDF8C.tmp moved successfully.
C:\Windows\Temp\HTTDF8D.tmp moved successfully.
C:\Windows\Temp\HTTE04C.tmp moved successfully.
C:\Windows\Temp\HTTE113.tmp moved successfully.
C:\Windows\Temp\HTTE19F.tmp moved successfully.
C:\Windows\Temp\HTTE233.tmp moved successfully.
C:\Windows\Temp\HTTE236.tmp moved successfully.
C:\Windows\Temp\HTTE265.tmp moved successfully.
C:\Windows\Temp\HTTE46A.tmp moved successfully.
C:\Windows\Temp\HTTE510.tmp moved successfully.
C:\Windows\Temp\HTTE511.tmp moved successfully.
C:\Windows\Temp\HTTE6E.tmp moved successfully.
C:\Windows\Temp\HTTE7FD.tmp moved successfully.
C:\Windows\Temp\HTTE8B1.tmp moved successfully.
C:\Windows\Temp\HTTE8C8.tmp moved successfully.
C:\Windows\Temp\HTTE8DD.tmp moved successfully.
C:\Windows\Temp\HTTE945.tmp moved successfully.
C:\Windows\Temp\HTTE993.tmp moved successfully.
C:\Windows\Temp\HTTE997.tmp moved successfully.
C:\Windows\Temp\HTTEA13.tmp moved successfully.
C:\Windows\Temp\HTTEA6B.tmp moved successfully.
C:\Windows\Temp\HTTEA81.tmp moved successfully.
C:\Windows\Temp\HTTEAA2.tmp moved successfully.
C:\Windows\Temp\HTTEBCA.tmp moved successfully.
C:\Windows\Temp\HTTEC29.tmp moved successfully.
C:\Windows\Temp\HTTED68.tmp moved successfully.
C:\Windows\Temp\HTTED82.tmp moved successfully.
C:\Windows\Temp\HTTED9B.tmp moved successfully.
C:\Windows\Temp\HTTEE1B.tmp moved successfully.
C:\Windows\Temp\HTTEE26.tmp moved successfully.
C:\Windows\Temp\HTTEE75.tmp moved successfully.
C:\Windows\Temp\HTTF003.tmp moved successfully.
C:\Windows\Temp\HTTF14C.tmp moved successfully.
C:\Windows\Temp\HTTF179.tmp moved successfully.
C:\Windows\Temp\HTTF1B2.tmp moved successfully.
C:\Windows\Temp\HTTF1E4.tmp moved successfully.
C:\Windows\Temp\HTTF235.tmp moved successfully.
C:\Windows\Temp\HTTF332.tmp moved successfully.
C:\Windows\Temp\HTTF40E.tmp moved successfully.
C:\Windows\Temp\HTTF4CE.tmp moved successfully.
C:\Windows\Temp\HTTF5D.tmp moved successfully.
C:\Windows\Temp\HTTF64D.tmp moved successfully.
C:\Windows\Temp\HTTF82F.tmp moved successfully.
C:\Windows\Temp\HTTF83E.tmp moved successfully.
C:\Windows\Temp\HTTF87E.tmp moved successfully.
C:\Windows\Temp\HTTF8C0.tmp moved successfully.
C:\Windows\Temp\HTTF99.tmp moved successfully.
C:\Windows\Temp\HTTF9E8.tmp moved successfully.
C:\Windows\Temp\HTTF9F1.tmp moved successfully.
C:\Windows\Temp\HTTF9F2.tmp moved successfully.
C:\Windows\Temp\HTTFA35.tmp moved successfully.
C:\Windows\Temp\HTTFA50.tmp moved successfully.
C:\Windows\Temp\HTTFA7C.tmp moved successfully.
C:\Windows\Temp\HTTFB2B.tmp moved successfully.
C:\Windows\Temp\HTTFB37.tmp moved successfully.
C:\Windows\Temp\HTTFCA5.tmp moved successfully.
C:\Windows\Temp\HTTFCC6.tmp moved successfully.
C:\Windows\Temp\HTTFD06.tmp moved successfully.
C:\Windows\Temp\HTTFE32.tmp moved successfully.
C:\Windows\Temp\HTTFE37.tmp moved successfully.
C:\Windows\Temp\HTTFF6A.tmp moved successfully.
C:\Windows\Temp\is115C.tmp moved successfully.
C:\Windows\Temp\is21FA.tmp moved successfully.
C:\Windows\Temp\is570B.tmp moved successfully.
C:\Windows\Temp\is58CB.tmp moved successfully.
C:\Windows\Temp\isAFC3.tmp moved successfully.
C:\Windows\Temp\isB19F.tmp moved successfully.
C:\Windows\Temp\NSFBF4B.tmp moved successfully.
C:\Windows\Temp\NUPBDD3.tmp moved successfully.
C:\Windows\Temp\NUPBF5C.tmp moved successfully.
C:\Windows\Temp\TS_A6E4.tmp moved successfully.
C:\Windows\Temp\TS_BACB.tmp moved successfully.
C:\Windows\Temp\TS_C0A8.tmp moved successfully.
C:\Windows\Temp\TS_C339.tmp moved successfully.
C:\Windows\Temp\TS_CA10.tmp moved successfully.
C:\Windows\Temp\TS_D220.tmp moved successfully.
C:\Windows\Temp\TS_D398.tmp moved successfully.
C:\Windows\Temp\TS_D520.tmp moved successfully.
C:\Windows\Temp\TS_DDEB.tmp moved successfully.
C:\Windows\Temp\TS_EF22.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: PINGWIN
->Temp folder emptied: 526198161 bytes
->Temporary Internet Files folder emptied: 110063215 bytes
->Java cache emptied: 979887 bytes
->FireFox cache emptied: 99004535 bytes
->Google Chrome cache emptied: 244425803 bytes
->Flash cache emptied: 142514 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 121322301 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 051,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: PINGWIN
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.17.1 log created on 10242010_230159

#13 Příspěvek od **vyosek** » 24 říj 2010 22:30

Fajn, ted to projedte AVPToolem, log pak sem...

PINGWIN · #14 Příspěvek od **PINGWIN** » 24 říj 2010 22:39

uz pracuje to asi potrva trosku ale

#15 Příspěvek od **vyosek** » 24 říj 2010 22:40

No to je velice pravdepodobne...muze i par hodin...

VIRY.CZ

Prosim jak sa zbavim aby sa mi pc stale nereštartoval ???? P

Prosim jak sa zbavim aby sa mi pc stale nereštartoval ???? P

Re: Prosim jak sa zbavim aby sa mi pc stale nereštartoval ??

Re: Prosim jak sa zbavim aby sa mi pc stale nereštartoval ??

Re: Prosim jak sa zbavim aby sa mi pc stale nereštartoval ??

Re: Prosim jak sa zbavim aby sa mi pc stale nereštartoval ??

Re: Prosim jak sa zbavim aby sa mi pc stale nereštartoval ??

Re: Prosim jak sa zbavim aby sa mi pc stale nereštartoval ??

Re: Prosim jak sa zbavim aby sa mi pc stale nereštartoval ??

Re: Prosim jak sa zbavim aby sa mi pc stale nereštartoval ??

Re: Prosim jak sa zbavim aby sa mi pc stale nereštartoval ??

Re: Prosim jak sa zbavim aby sa mi pc stale nereštartoval ??

Re: Prosim jak sa zbavim aby sa mi pc stale nereštartoval ??

Re: Prosim jak sa zbavim aby sa mi pc stale nereštartoval ??

Re: Prosim jak sa zbavim aby sa mi pc stale nereštartoval ??

Re: Prosim jak sa zbavim aby sa mi pc stale nereštartoval ??