Mám havěť v počítači ?

[roomm]

Jak můžu zjistit co se mi děje v pc ? V noci jsem prošel kolem svého pc a ten vykazoval silné stránky aktivity aniž bych na něm cokoliv dělal. Standardně je spacím módu, ale dnes v noci makal jak o život. Projel jsem Ad-Ware a NOD32 a nic.

Dík za info - Roman

[motji]

Hezké odpoledne
Kukneme se, co ten Váš počítač po nocích dělá .
Začneme logem ze Rsitu, viz můj podpis

[roomm]

Logfile of random's system information tool 1.08 (written by random/random)
Run by User at 2010-08-11 07:42:39
Microsoft Windows 7 Home Premium
System drive C: has 223 GB (37%) free of 610 GB
Total RAM: 4030 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:42:46, on 11.8.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\trend micro\User.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: cashtitan browser enhancer - {353D46EE-B740-F283-438C-9FD570691DC8} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: yourprofitclub - {b740ba83-74e2-900c-68d8-e67072e6f75d} - C:\Windows\SysWow64\a032d2bf.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [sagxdlgiiug] C:\Windows\System32\regsvr32.exe /s "C:\Windows\system32\pesurogwkolecp.dll"
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DriverUpdaterPro] C:\Program Files (x86)\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: IMVU.lnk = User\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O4 - Global Startup: WDSmartWare.lnk = C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\astsrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files (x86)\Intel\AMT\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Nalpeiron X64 Service (nlscc) - Unknown owner - C:\Windows\system32\nlsInterface.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD SmartWare Drive Manager Service (WDDMService) - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD SmartWare Background Service (WDSmartWareBackgroundService) - Memeo - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13166 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe"
"taskhost.exe"
C:\Windows\SysWOW64\astsrv.exe
"C:\Windows\system32\Dwm.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files (x86)\Intel\AMT\LMS.exe"
C:\Windows\system32\nlsInterface.exe
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe"
"C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe"
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe"
"C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe" View=show_in_tray
"C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE" /tsr
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"C:\Program Files (x86)\PowerISO\PWRISOVM.EXE"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-14443d43-7bbf-4e81-9da1-8cb88b703e98 -SystemEventPortName:HostProcess-2d1b4336-d8e2-4f6e-b0ac-0ff8aaf52890 -IoCancelEventPortName:HostProcess-0ee7452c-2580-4254-b62b-eae38eb1bbb2 -NonStateChangingEventPortName:HostProcess-44787231-79ae-40d6-89fc-640280caa145 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:0f5e7574-0627-4e6c-affc-781bcf045267
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto
"C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE"
"C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_done/ --channel=3008.00602000.1709402860
"C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_done/ --channel=3008.00602A80.929562478
"C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_done/ --channel=3008.056A7900.1471556045
"C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_done/ --channel=3008.056A7780.993951649
"C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path=C:\Users\User\AppData\Local\Google\Chrome\Application\5.0.375.125\gcswf32.dll --lang=cs --plugin-data-dir="C:\Users\User\AppData\Local\Google\Chrome\User Data\Default" --channel=3008.0066F1C0.1616280063
"C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtest=CacheSize/CacheSizeGroup_6/DnsImpact/_default_enabled_prefetch/GlobalSdch/_global_enable_sdch/IPv6_Probe/_IPv6_probe_done/ --channel=3008.07A55D80.261943136
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"C:\Users\User\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Acrobat Update.job
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-250642317-2044581209-3884301123-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-250642317-2044581209-3884301123-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{353D46EE-B740-F283-438C-9FD570691DC8}]
cashtitan browser enhancer

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b740ba83-74e2-900c-68d8-e67072e6f75d}]
yourprofitclub - C:\Windows\SysWow64\a032d2bf.dll [2010-06-25 1541120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-06-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2009-12-19 500208]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-09-29 2716216]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
"DriverUpdaterPro"=C:\Program Files (x86)\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t []
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"AdobeCS4ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]
""= []
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]
"Google Desktop Search"=C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-26 30192]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2009-03-15 180224]
"UpdatePDRShortCut"=C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-17 421888]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2009-12-15 515560]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-01-08 392424]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"sagxdlgiiug"=C:\Windows\System32\regsvr32.exe [2009-07-14 19456]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
WDDMStatus.lnk - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
WDSmartWare.lnk - C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
IMVU.lnk - C:\Users\User\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-11 07:42:39 ----D---- C:\rsit
2010-08-11 07:42:39 ----D---- C:\Program Files\trend micro
2010-08-04 09:21:55 ----D---- C:\Program Files\Common Files\Topaz Labs
2010-08-03 08:07:23 ----A---- C:\Windows\SYSWOW64\cdintf400.dll
2010-08-03 04:18:55 ----A---- C:\Windows\system32\shell32.dll
2010-08-03 04:18:52 ----A---- C:\Windows\SYSWOW64\shell32.dll
2010-07-27 08:52:02 ----A---- C:\Windows\iun6002.exe
2010-07-27 08:49:07 ----D---- C:\Program Files (x86)\WYSIWYG Web Builder 7
2010-07-27 08:48:58 ----A---- C:\Windows\WYSIWYG Web Builder 7 Setup Log.txt
2010-07-22 15:54:06 ----D---- C:\Users\User\AppData\Roaming\Autodesk
2010-07-22 15:46:23 ----D---- C:\ProgramData\Autodesk
2010-07-22 15:46:23 ----D---- C:\Program Files (x86)\Autodesk
2010-07-22 15:45:13 ----D---- C:\Autodesk
2010-07-21 12:13:59 ----D---- C:\Users\User\AppData\Roaming\skypePM
2010-07-21 12:12:00 ----D---- C:\Users\User\AppData\Roaming\Skype
2010-07-21 12:09:14 ----RD---- C:\Program Files (x86)\Skype
2010-07-21 12:09:03 ----D---- C:\ProgramData\Skype
2010-07-20 07:48:31 ----D---- C:\Program Files\ESET
2010-07-14 07:35:04 ----A---- C:\Windows\system32\cdd.dll
2010-07-12 18:01:12 ----D---- C:\Program Files (x86)\Artisteer 2

======List of files/folders modified in the last 1 months======

2010-08-11 07:42:46 ----D---- C:\Windows\Prefetch
2010-08-11 07:42:44 ----D---- C:\Windows\Temp
2010-08-11 07:42:39 ----RD---- C:\Program Files
2010-08-11 07:28:23 ----D---- C:\Windows\Tasks
2010-08-11 07:27:14 ----D---- C:\Windows\system32\config
2010-08-11 07:26:00 ----A---- C:\Windows\SYSWOW64\log.txt
2010-08-10 23:57:13 ----D---- C:\Windows\SysWOW64
2010-08-10 09:47:42 ----SHD---- C:\System Volume Information
2010-08-10 07:48:58 ----D---- C:\Windows\System32
2010-08-10 07:40:05 ----D---- C:\Windows\system32\Tasks
2010-08-10 07:18:17 ----D---- C:\Windows\system32\NDF
2010-08-09 15:36:02 ----D---- C:\_FOTO
2010-08-09 12:30:40 ----D---- C:\Users\User\AppData\Roaming\PTGui
2010-08-09 10:20:43 ----SHD---- C:\Windows\Installer
2010-08-09 10:20:42 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-08-04 10:16:18 ----D---- C:\Program Files (x86)\Topaz Labs
2010-08-04 09:22:01 ----D---- C:\Windows\winsxs
2010-08-04 09:21:55 ----D---- C:\Program Files\Common Files
2010-08-04 09:20:26 ----D---- C:\Program Files (x86)\Common Files
2010-08-03 08:07:27 ----D---- C:\Users\User\AppData\Roaming\602XML
2010-08-03 04:18:02 ----D---- C:\Windows\system32\catroot
2010-07-31 18:37:19 ----D---- C:\Users\User\AppData\Roaming\onOne Software
2010-07-27 08:52:02 ----AD---- C:\Windows
2010-07-27 08:49:07 ----RD---- C:\Program Files (x86)
2010-07-23 08:27:50 ----D---- C:\Windows\system32\catroot2
2010-07-22 16:04:56 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-07-22 15:51:21 ----D---- C:\ProgramData\FLEXnet
2010-07-22 15:46:23 ----HD---- C:\ProgramData
2010-07-20 07:48:45 ----D---- C:\Windows\system32\drivers
2010-07-15 03:23:24 ----D---- C:\Windows\system32\wdi
2010-07-15 03:02:28 ----D---- C:\ProgramData\Microsoft Help
2010-07-14 10:10:14 ----D---- C:\Windows\inf
2010-07-14 10:10:14 ----A---- C:\Windows\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-06-21 69152]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-09-29 136584]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 85424]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-09-29 144824]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-09-29 123200]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032e.sys [2009-06-10 278016]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 TPM;Čip TPM; C:\Windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464]
S1 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys []
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe [2010-04-14 73728]
R2 astcc;AST Service; C:\Windows\syswow64\astsrv.exe [2009-11-20 57344]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-09-29 735960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-07-12 1352832]
R2 LMS;Intel(R) Active Management Technology Local Management Service; C:\Program Files (x86)\Intel\AMT\LMS.exe [2007-05-29 105240]
R2 nlscc;Nalpeiron X64 Service; C:\Windows\system32\nlsInterface.exe [2009-11-20 72192]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 159336]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-17 247152]
R2 ScsiAccess;ScsiAccess; C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [2010-04-02 186760]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 WDDMService;WD SmartWare Drive Manager Service; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2009-10-14 116224]
R2 WDSmartWareBackgroundService;WD SmartWare Background Service; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-11 135664]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-09-29 23296]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-02-11 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-11 655624]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-06-26 30192]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2009-12-15 515560]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-06-13 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[motji]

Omlouvám se, nebyla jsem celý den u pc . Viníka už vidím, jen zjistíme co je zač, ejslti nemá i kamoše . Já tu budu asi od 9 večer.

Dejte soubor otestovat na http://www.virustotal.com

C:\Windows\system32\pesurogwkolecp.dll

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače




Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT 

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

[roomm]

pesurogwkolecp.dll tento soubor sem na svem pc bohuzel nenašel, možná to souvisí s dokončeným skenem NOD32 a myslím, že něco takového deletoval,..ale jistý si nejsem

[motji]

Nevadí, udělejte sken OTL.

[roomm]

posilam OTL


OTL logfile created on: 12.8.2010 8:37:24 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 213,96 Gb Free Space | 35,89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465,65 Gb Total Space | 22,50 Gb Free Space | 4,83% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 446,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 930,86 Gb Total Space | 881,72 Gb Free Space | 94,72% Space Free | Partition Type: NTFS

Computer Name: GRAFIKA
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.08.11 20:14:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2010.07.23 00:02:16 | 000,945,720 | ---- | M] (Google Inc.) -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010.07.12 07:28:05 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.07.12 07:28:05 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.06.26 20:34:31 | 000,030,192 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010.04.14 11:28:44 | 000,073,728 | ---- | M] (Software602 a.s.) -- C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe
PRC - [2010.04.02 13:43:55 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe
PRC - [2010.02.18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2009.11.20 15:23:40 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\ASTSRV.EXE
PRC - [2009.09.29 13:03:46 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009.03.15 12:15:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008.06.11 23:43:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007.05.29 17:14:02 | 000,105,240 | ---- | M] (Intel) -- C:\Program Files (x86)\Intel\AMT\LMS.exe


========== Modules (SafeList) ==========

MOD - [2010.08.11 20:14:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\astsrv.exe -- (astcc)
SRV:64bit: - [2010.02.11 21:07:54 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2009.11.20 15:23:40 | 000,072,192 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysNative\nlsInterface.EXE -- (nlscc)
SRV:64bit: - [2009.10.14 15:31:44 | 000,116,224 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009.09.29 13:11:14 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009.09.29 13:03:46 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010.07.12 07:28:05 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.06.26 20:34:31 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010.04.14 11:28:44 | 000,073,728 | ---- | M] (Software602 a.s.) [Auto | Running] -- C:\Program Files (x86)\Common Files\soft602\602updsvc\602updsvc.exe -- (602XML Updater)
SRV - [2010.04.02 13:43:55 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowProducer\scsiaccess.exe -- (ScsiAccess)
SRV - [2010.03.18 17:23:04 | 000,044,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010.03.18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.11 21:06:41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.12.15 00:43:20 | 000,515,560 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.11.20 15:23:40 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\ASTSRV.EXE -- (astcc)
SRV - [2009.06.16 10:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008.10.25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.05.29 17:14:02 | 000,105,240 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files (x86)\Intel\AMT\LMS.exe -- (LMS) Intel(R)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.06.21 19:44:12 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009.09.29 13:06:16 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009.09.29 13:03:00 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009.09.29 12:56:36 | 000,144,824 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.13 13:02:52 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2005.09.23 22:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-250642317-2044581209-3884301123-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-250642317-2044581209-3884301123-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-250642317-2044581209-3884301123-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-250642317-2044581209-3884301123-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
IE - HKU\S-1-5-21-250642317-2044581209-3884301123-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
IE - HKU\S-1-5-21-250642317-2044581209-3884301123-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 20 B8 C9 32 AB CA 01 [binary data]
IE - HKU\S-1-5-21-250642317-2044581209-3884301123-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-250642317-2044581209-3884301123-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-250642317-2044581209-3884301123-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.07.20 07:48:31 | 000,000,000 | ---D | M]

[2010.05.24 18:26:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Extensions
[2010.05.24 18:26:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com

O1 HOSTS File: ([2010.02.13 12:09:26 | 000,001,298 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: ::1 localhost
O2 - BHO: (cashtitan browser enhancer) - {353D46EE-B740-F283-438C-9FD570691DC8} - Reg Error: Value error. File not found
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (yourprofitclub) - {b740ba83-74e2-900c-68d8-e67072e6f75d} - C:\Windows\SysWOW64\a032d2bf.dll ()
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-250642317-2044581209-3884301123-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [sagxdlgiiug] C:\Windows\SysWow64\pesurogwkolecp.dll File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-250642317-2044581209-3884301123-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-250642317-2044581209-3884301123-1000..\Run: [DriverUpdaterPro] C:\Program Files (x86)\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\User\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-250642317-2044581209-3884301123-1000\..Trusted Domains: localhost ([]http in Místní intranet)
O15 - HKU\S-1-5-21-250642317-2044581209-3884301123-1000\..Trusted Ranges: GD ([http] in Místní intranet)
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ctivex.cab (Reg Error: Key error.)
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} https://www.mojedatovaschranka.cz/stati ... ?3,16,13,0 (Active602XMLFiller Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~2\Google\GOOGLE~2\GO36F4~1.DLL) - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.22 15:45:13 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.10.12 15:20:28 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009.06.18 23:12:18 | 000,000,088 | ---- | M] () - I:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{97dd7961-173f-11df-b988-0019d1ae65bf}\Shell - "" = AutoRun
O33 - MountPoints2\{97dd7961-173f-11df-b988-0019d1ae65bf}\Shell\AutoRun\command - "" = I:\WD SmartWare.exe -- [2009.08.17 19:53:00 | 002,770,432 | ---- | M] (Western Digital)
O33 - MountPoints2\{ac15535f-39b7-11df-b02e-0019d1ae65bf}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.ACDV - File not found
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010.08.11 20:14:24 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010.08.11 07:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.11 07:42:39 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.04 09:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topaz Labs
[2010.08.04 09:20:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Topaz Labs
[2010.08.03 08:07:23 | 004,194,304 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2010.07.27 08:52:02 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010.07.27 08:50:12 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\WYSIWYG Web Builder
[2010.07.27 08:49:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WYSIWYG Web Builder 7
[2010.07.22 15:54:06 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Autodesk
[2010.07.22 15:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2010.07.22 15:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2010.07.22 15:45:13 | 000,000,000 | ---D | C] -- C:\Autodesk
[2010.07.21 12:13:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\skypePM
[2010.07.21 12:12:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Skype
[2010.07.21 12:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.07.21 12:09:14 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010.07.21 12:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.07.20 07:48:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.07.14 07:35:04 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll

========== Files - Modified Within 30 Days ==========

[2010.08.12 08:40:04 | 006,553,600 | -HS- | M] () -- C:\Users\User\NTUSER.DAT
[2010.08.12 08:35:44 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 08:35:44 | 000,015,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 08:30:31 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.08.12 08:29:13 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.12 08:29:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.12 08:29:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.12 08:29:05 | 3169,153,024 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.11 21:52:43 | 002,311,513 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2010.08.11 21:43:00 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-250642317-2044581209-3884301123-1000UA.job
[2010.08.11 21:20:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.11 21:00:02 | 000,000,242 | -H-- | M] () -- C:\Windows\tasks\Acrobat Update.job
[2010.08.11 20:14:29 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2010.08.11 00:18:42 | 000,017,408 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.09 17:43:36 | 000,000,477 | ---- | M] () -- C:\Users\User\AppData\Roaming\Poladroid prefs.plist
[2010.08.09 07:31:57 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-250642317-2044581209-3884301123-1000Core.job
[2010.08.04 10:16:28 | 000,002,623 | ---- | M] () -- C:\Users\Public\Desktop\Detail UsersGuide.pdf.lnk
[2010.08.04 10:16:28 | 000,002,623 | ---- | M] () -- C:\Users\Public\Desktop\Detail QuickStart.pdf.lnk
[2010.08.04 10:06:39 | 000,002,621 | ---- | M] () -- C:\Users\Public\Desktop\Clean3 UsersGuide.pdf.lnk
[2010.08.04 10:06:39 | 000,002,621 | ---- | M] () -- C:\Users\Public\Desktop\Clean3 QuickStart.pdf.lnk
[2010.08.04 09:52:49 | 000,002,623 | ---- | M] () -- C:\Users\Public\Desktop\Adjust 4 UsersGuide.pdf.lnk
[2010.08.04 09:52:49 | 000,002,623 | ---- | M] () -- C:\Users\Public\Desktop\Adjust 4 QuickStart.pdf.lnk
[2010.08.04 09:20:28 | 000,002,627 | ---- | M] () -- C:\Users\Public\Desktop\Simplify3 UsersGuide.pdf.lnk
[2010.08.04 09:20:28 | 000,002,627 | ---- | M] () -- C:\Users\Public\Desktop\Simplify3 QuickStart.pdf.lnk
[2010.07.30 09:01:47 | 000,001,456 | ---- | M] () -- C:\Users\User\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010.07.30 06:38:15 | 005,154,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.07.28 10:05:42 | 000,022,643 | ---- | M] () -- C:\Users\User\Desktop\novy.html
[2010.07.27 10:13:26 | 000,155,264 | ---- | M] () -- C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.27 08:48:58 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2010.07.26 16:02:25 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2010.07.26 15:08:01 | 000,087,552 | ---- | M] () -- C:\Users\User\Documents\FORMULAR MYSTERY SHOPPING.xls
[2010.07.21 12:14:00 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.07.21 12:09:17 | 000,002,533 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.07.14 10:10:14 | 001,583,058 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.07.14 10:10:14 | 000,668,610 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.07.14 10:10:14 | 000,654,354 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.07.14 10:10:14 | 000,140,246 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.07.14 10:10:14 | 000,121,226 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

========== Files Created - No Company Name ==========

[2010.08.10 23:58:17 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.08.04 10:16:28 | 000,002,623 | ---- | C] () -- C:\Users\Public\Desktop\Detail UsersGuide.pdf.lnk
[2010.08.04 10:16:28 | 000,002,623 | ---- | C] () -- C:\Users\Public\Desktop\Detail QuickStart.pdf.lnk
[2010.08.04 10:06:39 | 000,002,621 | ---- | C] () -- C:\Users\Public\Desktop\Clean3 UsersGuide.pdf.lnk
[2010.08.04 10:06:39 | 000,002,621 | ---- | C] () -- C:\Users\Public\Desktop\Clean3 QuickStart.pdf.lnk
[2010.08.04 09:52:49 | 000,002,623 | ---- | C] () -- C:\Users\Public\Desktop\Adjust 4 UsersGuide.pdf.lnk
[2010.08.04 09:52:49 | 000,002,623 | ---- | C] () -- C:\Users\Public\Desktop\Adjust 4 QuickStart.pdf.lnk
[2010.08.04 09:20:28 | 000,002,627 | ---- | C] () -- C:\Users\Public\Desktop\Simplify3 UsersGuide.pdf.lnk
[2010.08.04 09:20:28 | 000,002,627 | ---- | C] () -- C:\Users\Public\Desktop\Simplify3 QuickStart.pdf.lnk
[2010.08.02 11:23:49 | 023,445,781 | R--- | C] () -- C:\Users\User\Desktop\IMG_0184okokok.CR2
[2010.07.30 07:54:20 | 000,001,456 | ---- | C] () -- C:\Users\User\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010.07.28 10:05:41 | 000,022,643 | ---- | C] () -- C:\Users\User\Desktop\novy.html
[2010.07.21 12:14:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.07.21 12:09:17 | 000,002,533 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.06.25 11:41:04 | 001,541,120 | ---- | C] () -- C:\Windows\SysWow64\a032d2bf.dll
[2010.06.01 16:44:52 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\glut32.dll
[2010.06.01 16:44:52 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\glut.dll
[2010.06.01 16:44:52 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\PW6ContextMenu.dll
[2010.03.29 09:38:22 | 001,561,520 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.03.06 16:03:21 | 000,000,000 | ---- | C] () -- C:\Windows\binxz.INI
[2009.09.30 14:52:56 | 009,916,928 | ---- | C] () -- C:\Windows\SysWow64\tliadjust34.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2005.02.03 01:50:28 | 000,004,224 | ---- | C] () -- C:\Windows\SysWow64\StarOpen.sys

========== LOP Check ==========

[2010.08.03 08:07:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\602XML
[2010.02.12 11:04:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ACD Systems
[2010.05.11 18:40:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Artisteer
[2010.07.22 15:54:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Autodesk
[2010.03.23 15:58:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Axara
[2010.05.18 13:32:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canon
[2010.06.04 14:16:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.bridge.PublishPanel
[2010.07.08 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DeepBurner Pro
[2010.05.13 09:21:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GardenGnomeSoftware
[2010.06.08 08:13:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo
[2010.02.11 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER
[2010.02.12 16:36:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Jalbum
[2010.06.03 09:54:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\krpano
[2010.04.30 13:37:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LogoMaker
[2010.07.08 08:11:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mask Pro 4.0
[2010.04.02 13:43:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Netscape
[2010.07.31 18:37:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\onOne Software
[2010.02.11 15:23:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2010.04.02 13:36:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Photodex
[2010.08.09 12:30:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PTGui
[2010.06.04 14:57:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\StageManager
[2010.06.08 12:38:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2010.05.31 11:03:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Viewer2
[2010.05.24 18:29:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vivox
[2010.02.12 09:50:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Western Digital
[2010.08.11 21:00:02 | 000,000,242 | -H-- | M] () -- C:\Windows\Tasks\Acrobat Update.job
[2010.08.12 08:30:31 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009.07.14 07:08:49 | 000,029,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Google Update" = "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2010.02.11 18:04:05 | 000,135,664 | ---- | M] (Google Inc.)
"DriverUpdaterPro" = C:\Program Files (x86)\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t -- File not found
"AdobeBridge" =
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.08.03 08:07:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\602XML
[2010.02.12 11:04:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ACD Systems
[2010.06.18 13:28:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Adobe
[2010.04.02 16:44:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Apple Computer
[2010.05.11 18:40:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Artisteer
[2010.07.22 15:54:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Autodesk
[2010.03.23 15:58:26 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Axara
[2010.05.18 13:32:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canon
[2010.06.04 14:16:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.adobe.bridge.PublishPanel
[2010.03.06 14:47:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\CyberLink
[2010.07.08 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DeepBurner Pro
[2010.05.13 09:21:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GardenGnomeSoftware
[2010.06.08 08:13:06 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GetRightToGo
[2010.02.11 22:16:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER
[2010.02.11 14:58:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Identities
[2010.02.12 16:36:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Jalbum
[2010.06.03 09:54:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\krpano
[2010.04.30 13:37:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\LogoMaker
[2010.02.11 18:05:13 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Macromedia
[2010.07.08 08:11:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mask Pro 4.0
[2009.07.14 17:36:31 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Media Center Programs
[2010.04.02 19:31:03 | 000,000,000 | --SD | M] -- C:\Users\User\AppData\Roaming\Microsoft
[2010.05.24 18:26:16 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Mozilla
[2010.04.02 13:43:58 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Netscape
[2010.07.31 18:37:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\onOne Software
[2010.02.11 15:23:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org
[2010.04.02 13:36:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Photodex
[2010.02.18 11:16:25 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PSpad
[2010.08.09 12:30:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PTGui
[2010.08.02 09:16:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Skype
[2010.08.02 08:28:20 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\skypePM
[2010.06.04 14:57:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\StageManager
[2010.06.08 12:38:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\uTorrent
[2010.05.31 11:03:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Viewer2
[2010.05.24 18:29:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vivox
[2010.02.12 09:50:51 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Western Digital
[2010.02.13 10:05:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >
[2009.11.20 15:19:00 | 000,548,352 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe\Lightroom\Modules\FocalPoint 2.lrplugin\win32\FocalPointPalette.exe
[2009.11.20 15:19:00 | 000,750,080 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe\Lightroom\Modules\FocalPoint 2.lrplugin\win64\FocalPointPalette.exe
[2009.11.20 15:19:06 | 000,454,656 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe\Lightroom\Modules\GenuineFractals6.lrplugin\win32\GFPalette.exe
[2009.11.20 15:19:06 | 000,642,048 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe\Lightroom\Modules\GenuineFractals6.lrplugin\win64\GFPalette.exe
[2009.11.20 15:22:26 | 000,935,424 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe\Lightroom\Modules\PhotoFrame 4.5.lrplugin\win32\PhotoFramePalette.exe
[2009.11.20 15:22:28 | 001,269,248 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe\Lightroom\Modules\PhotoFrame 4.5.lrplugin\win64\PhotoFramePalette.exe
[2009.11.20 15:23:22 | 000,965,632 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe\Lightroom\Modules\PhotoTools 2.5.lrplugin\win32\PTPalette.exe
[2009.11.20 15:23:22 | 001,287,168 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe\Lightroom\Modules\PhotoTools 2.5.lrplugin\win64\PTPalette.exe
[2009.11.20 15:23:34 | 000,546,304 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe\Lightroom\Modules\PhotoTune 3.lrplugin\win32\PhotoTunePalette.exe
[2009.11.20 15:23:36 | 000,748,032 | ---- | M] () -- C:\Users\User\AppData\Roaming\Adobe\Lightroom\Modules\PhotoTune 3.lrplugin\win64\PhotoTunePalette.exe
[2010.04.02 19:31:03 | 000,029,926 | R--- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe


< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CDROM.SYS >
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\SysWow64\DriverStore\FileRepository\cdrom.inf_amd64_neutral_8363d00ecae4322d\cdrom.sys
[2009.07.14 01:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation) MD5=83D2D75E1EFB81B3450C18131443F7DB -- C:\Windows\winsxs\amd64_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_bb9e4d89bd7870f1\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:40:24 | 000,175,104 | ---- | M] (Microsoft Corporation) MD5=8C57411B66282C01533CB776F98AD384 -- C:\Windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_d1f48b0bb4805490\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\SysWOW64\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.06.06 15:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:47:48 | 000,263,232 | ---- | M] (Microsoft Corporation) MD5=C0A6F6E05E14FBCAEDE7796C8590B7AC -- C:\Windows\winsxs\amd64_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_071de44b735b3dfc\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\isapnp.sys
[2009.07.14 03:48:04 | 000,020,544 | ---- | M] (Microsoft Corporation) MD5=2F7B28DC3E1183E5EB418DF55C204F38 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:48:27 | 000,947,776 | ---- | M] (Microsoft Corporation) MD5=CAD515DBD07D082BB317D9928CE8962C -- C:\Windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:48:27 | 000,149,056 | ---- | M] (NVIDIA Corporation) MD5=3E38712941E9BB4DDBEE00AFFE3FED3D -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:39:41 | 000,112,640 | ---- | M] (Microsoft Corporation) MD5=1911A3356FA3F77CCC825CCBAC038C2A -- C:\Windows\winsxs\amd64_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_082f99a432e2a661\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.07.14 03:45:55 | 001,898,576 | ---- | M] (Microsoft Corporation) MD5=912107716BAB424C7870E8E6AF5E07E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 03:41:58 | 000,296,448 | ---- | M] (Microsoft Corporation) MD5=7083F463788CB34FCC42F565D56F89E8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_4eaca269e8070c6b\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.08.12 08:29:12 | 000,000,018 | ---- | M] () -- C:\Windows\SysWOW64\log.txt

========== Alternate Data Streams ==========

@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:0A8E2C33
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:D0F286CA
< End of report >

[roomm]

EXTRAS


OTL Extras logfile created on: 12.8.2010 8:37:24 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596,07 Gb Total Space | 213,96 Gb Free Space | 35,89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 465,65 Gb Total Space | 22,50 Gb Free Space | 4,83% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 446,77 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 930,86 Gb Total Space | 881,72 Gb Free Space | 94,72% Space Free | Partition Type: NTFS

Computer Name: GRAFIKA
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-250642317-2044581209-3884301123-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
.js [@ = jsfile] -- Reg Error: Key error. File not found
.txt [@ = txtfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 3.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\3.0\ACDSeeQVPro3.exe" "%1" (ACD Systems International Inc.)
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{056B9C5B-2E8D-4EBC-941C-06C78A30ABB3}" = Microsoft_VC80_ATL_x86_x64
"{1387BA33-3FAC-49E9-B545-0E8D3BBC550B}" = Adobe Photoshop Lightroom 3 64-bit
"{138D2BE4-7981-4F34-BA23-81B6B99D0DE6}" = Microsoft_VC80_MFCLOC_x86_x64
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{37EA4EB5-2C4D-40CC-9EB1-762F1711ECDE}" = Adobe Photoshop Lightroom 2.2 64-bit
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D46855F-7B71-4CF7-A270-62E0E4F05037}" = Microsoft_VC80_CRT_x86_x64
"{4183655A-5FC6-4A23-A804-7764145EC57C}" = ESET NOD32 Antivirus
"{47A70BC0-BB3E-468B-9E01-56CCD6F2A911}" = Microsoft_VC80_MFC_x86_x64
"{624DEC4B-C864-4B33-AF6C-D1C290F23C7C}" = The Panorama Factory V5 x64 Edition
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centrum zařízení Windows Mobile
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Ovladače videa společnosti Pinnacle
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8D93BD99-EECF-4812-B3BA-B8A2E7FEEA11}" = Topaz Simplify 3 (64-bit)
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A8BB73DB-199D-4917-B7CB-32FAAC4B820D}" = Topaz Adjust 3 (64-bit)
"{A981E64B-0F10-45D9-BD5C-A4DF7B87E218}" = Topaz Detail 2 (64-bit)
"{B36AB323-9849-4486-AB8F-93E64A06E716}" = WD SmartWare
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA85C599-2569-4C48-9AA6-2B8D8F029FA7}" = Topaz Clean 3 (64-bit)
"{FB237A35-F491-4AC1-95E0-85118D6751D9}" = Topaz Adjust 4 (64-bit)
"Autopano Giga" = Autopano Giga
"MESOL" = Intel(R) Active Management Technology Device Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1AD22277-7A1E-71EC-B27D-EB7A22BED143}" = DeepBurner Pro v1.9.0.228
"{1B280FAF-AE10-4E31-A41A-DB3917D651DC}" = ACDSee Pro 3
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{359FC4B0-29ED-4CA8-AD66-CF436931F492}" = Adobe Flash Player 10 Plugin
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{46181E57-7362-4FCC-A30E-6E31429E160F}_is1" = NaviComputer V0.93
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{59679381-3F22-4A40-A7AD-890242D74DF4}" = Plug-in Suite 5
"{5E684419-44E3-46EE-A43C-A60082CBF4EC}" = Topaz Adjust 3
"{61A64EFD-2CEC-4C6E-91DE-5EDE74C25ED9}" = Jalbum
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7596C248-4816-4C6F-8AAC-D8C81F2B4B49}" = HD View
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7FF0ACFE-4346-4D9D-B822-C69B99AAE1FC}" = Microsoft_VC80_MFCLOC_x86
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85E00941-FDFF-4796-A3B8-3ACC766FFCA5}" = Topaz Clean 3
"{875F9A42-D47B-43E6-BA68-29D1895188D5}_is1" = Dynamic Auto-Painter 2.5.1
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A1EBF29-7CF8-471E-B90B-95FF36AC8248}" = Topaz Simplify 3
"{8AE28FB8-B8AE-4B58-A5FE-77F45E462BAE}" = Microsoft_VC80_MFC_x86
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{952D88D2-3E6F-4E40-8553-8070FEFCE5CD}" = Adobe Creative Suite 5 Master Collection
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FDC7042-CB9F-4336-A14C-DF10F53762E2}" = Topaz Adjust 4
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1029-7B44-A90000000001}" = Adobe Reader 9 - Czech
"{AF890091-2603-C1C6-DCD6-B8799D4FB464}" = Adobe Community Help
"{AFC02C27-473F-4EC5-9372-30771EFFB35F}" = VC80_CRT_x86
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C921D7C4-24D7-4210-AEE9-DFC5DDC78428}" = Topaz Detail 2
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB07E706-5DD7-4093-83A1-1430D5B6FA75}" = Microsoft_VC80_ATL_x86
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E5C8C4ED-A76A-49F3-BDB8-56DEEE92F19B}" = 602XML Filler
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid
"{EFB786FD-D916-416B-A23A-1EBEAF4A9DDC}" = Adobe Flash Player 10 ActiveX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"602XMLFiller_CAB" = 602XML Filler rozšíření pro Internet Explorer
"a646b882" = Contextual Tool Yourprofitclub
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Amara - Flash Intro and Banner Builder" = Amara - Flash Intro and Banner Builder
"Amara - Flash Photo Animation Software" = Amara - Flash Photo Animation Software
"Artisteer 2" = Artisteer 2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Creative Photos" = Creative Photos 1.7.3.1
"DesetiPrsty5" = DesetiPrsty5 5.2
"DevalVR for Netscape" = DevalVR plugin for Netscape and compatible browsers
"DPP" = Canon Utilities Digital Photo Professional 3.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Google Desktop" = Google Desktop
"GreenBox_is1" = GreenBox 1.0
"Hugin_release_is1" = Hugin 2009.4.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"LogoMaker_is1" = LogoMaker 3.0
"ocllxljyesvznp" = Tagging System Cashtitan
"Pano2VR" = Pano2VR - Garden Gnome Software
"Panoweaver600_pro_is1" = Panoweaver Professional Edition
"Photodex Presenter" = Photodex Presenter
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PowerISO" = PowerISO
"ProShow Producer" = ProShow Producer
"PSPad editor_is1" = PSPad editor
"PTGui" = PTGui Pro 8.3.7
"Totalcmd" = Total Commander (Remove or Repair)
"Viewer2" = Viewer2
"winscp3_is1" = WinSCP 4.2.7
"WYSIWYG_Web_Builder_7" = WYSIWYG Web Builder 7

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-250642317-2044581209-3884301123-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11.8.2010 8:13:33 | Computer Name = GRAFIKA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 11.8.2010 9:04:01 | Computer Name = GRAFIKA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 11.8.2010 11:16:46 | Computer Name = GRAFIKA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 11.8.2010 12:01:53 | Computer Name = GRAFIKA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 11.8.2010 12:58:47 | Computer Name = GRAFIKA | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro C:\Program Files (x86)\Common Files\Adobe
AIR\Versions\1.0\Adobe AIR.dll se nezdařilo. Chyba v souboru manifestu nebo zásady
C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll na řádku
3. Hodnota MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR atributu
version v prvku assemblyIdentity je neplatná.

Error - 11.8.2010 13:13:48 | Computer Name = GRAFIKA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 11.8.2010 14:17:15 | Computer Name = GRAFIKA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 11.8.2010 15:13:46 | Computer Name = GRAFIKA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

Error - 12.8.2010 2:29:11 | Computer Name = GRAFIKA | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 12.8.2010 2:38:11 | Computer Name = GRAFIKA | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Selhala extrakce kořenového seznamu jiného výrobce ze souboru CAB
pro automatickou aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>.
Došlo k chybě: Při ověření se systémovými hodinami nebo časovým razítkem podepsaného
souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti. .

[ OSession Events ]
Error - 10.3.2010 13:19:41 | Computer Name = GRAFIKA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5454
seconds with 3780 seconds of active time. This session ended with a crash.

Error - 12.3.2010 8:29:12 | Computer Name = GRAFIKA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1961
seconds with 480 seconds of active time. This session ended with a crash.

Error - 26.4.2010 3:35:24 | Computer Name = GRAFIKA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3115
seconds with 360 seconds of active time. This session ended with a crash.

Error - 10.5.2010 3:00:58 | Computer Name = GRAFIKA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10.5.2010 3:01:29 | Computer Name = GRAFIKA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10.5.2010 3:01:55 | Computer Name = GRAFIKA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10.5.2010 3:02:13 | Computer Name = GRAFIKA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 29.7.2010 11:18:08 | Computer Name = GRAFIKA | Source = Schannel | ID = 36888
Description = Byla vygenerována následující výstraha o závažné chybě: 10. Stav interní
chyby: 10

Error - 30.7.2010 12:39:13 | Computer Name = GRAFIKA | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby Netman bylo dosaženo časového
limitu (30000 ms).

Error - 1.8.2010 11:35:04 | Computer Name = GRAFIKA | Source = DCOM | ID = 10010
Description =

Error - 3.8.2010 1:26:58 | Computer Name = GRAFIKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk5\DR5.

Error - 3.8.2010 1:27:00 | Computer Name = GRAFIKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk5\DR5.

Error - 5.8.2010 11:53:10 | Computer Name = GRAFIKA | Source = DCOM | ID = 10010
Description =

Error - 6.8.2010 1:41:17 | Computer Name = GRAFIKA | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby lmhosts bylo dosaženo časového
limitu (30000 ms).

Error - 8.8.2010 5:10:06 | Computer Name = GRAFIKA | Source = Service Control Manager | ID = 7011
Description = Při čekání na odezvu transakce služby lmhosts bylo dosaženo časového
limitu (30000 ms).

Error - 10.8.2010 8:38:08 | Computer Name = GRAFIKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk5\DR5.

Error - 10.8.2010 8:38:09 | Computer Name = GRAFIKA | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk5\DR5.


< End of report >

[motji]

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:0A8E2C33
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:D0F286CA
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O4 - HKU\S-1-5-21-250642317-2044581209-3884301123-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-250642317-2044581209-3884301123-1000..\Run: [DriverUpdaterPro] C:\Program Files (x86)\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\User\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe File not found
O4 - HKLM..\Run: [sagxdlgiiug] C:\Windows\SysWow64\pesurogwkolecp.dll File not found
O4 - HKLM..\Run: [] File not found
O2 - BHO: (yourprofitclub) - {b740ba83-74e2-900c-68d8-e67072e6f75d} - C:\Windows\SysWOW64\a032d2bf.dll ()
O2 - BHO: (cashtitan browser enhancer) - {353D46EE-B740-F283-438C-9FD570691DC8} - Reg Error: Value error. File not found

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde


Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.


Co máte jako Harddisk5\DR5.?

[roomm]

pri spuštění OTL jsem nezašktával žádné jiné možnosti jak při skenování - tady je výsledek


All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\ProgramData\Temp:0A8E2C33 deleted successfully.
ADS C:\ProgramData\Temp:D0F286CA deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ not found.
File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-250642317-2044581209-3884301123-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-250642317-2044581209-3884301123-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DriverUpdaterPro deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sagxdlgiiug deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b740ba83-74e2-900c-68d8-e67072e6f75d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b740ba83-74e2-900c-68d8-e67072e6f75d}\ deleted successfully.
C:\Windows\SysWOW64\a032d2bf.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{353D46EE-B740-F283-438C-9FD570691DC8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{353D46EE-B740-F283-438C-9FD570691DC8}\ deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPAF98.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI3374.tmp moved successfully.
C:\WINDOWS\System32\config\systemprofile\AppData\Roaming\CyberLink\RVInfo\RV9199.tmp moved successfully.
C:\WINDOWS\Temp\DMID26E.tmp moved successfully.
C:\WINDOWS\Temp\DMIF509.tmp moved successfully.
C:\WINDOWS\Temp\gd307.tmp moved successfully.
C:\WINDOWS\Temp\gdBDA2.tmp moved successfully.
C:\WINDOWS\Temp\HTT10C3.tmp moved successfully.
C:\WINDOWS\Temp\HTT10C6.tmp moved successfully.
C:\WINDOWS\Temp\HTT11F5.tmp moved successfully.
C:\WINDOWS\Temp\HTT11F7.tmp moved successfully.
C:\WINDOWS\Temp\HTT1210.tmp moved successfully.
C:\WINDOWS\Temp\HTT12FE.tmp moved successfully.
C:\WINDOWS\Temp\HTT131C.tmp moved successfully.
C:\WINDOWS\Temp\HTT1361.tmp moved successfully.
C:\WINDOWS\Temp\HTT1396.tmp moved successfully.
C:\WINDOWS\Temp\HTT13B0.tmp moved successfully.
C:\WINDOWS\Temp\HTT13D4.tmp moved successfully.
C:\WINDOWS\Temp\HTT13DD.tmp moved successfully.
C:\WINDOWS\Temp\HTT13FD.tmp moved successfully.
C:\WINDOWS\Temp\HTT146E.tmp moved successfully.
C:\WINDOWS\Temp\HTT14CF.tmp moved successfully.
C:\WINDOWS\Temp\HTT14E9.tmp moved successfully.
C:\WINDOWS\Temp\HTT14EA.tmp moved successfully.
C:\WINDOWS\Temp\HTT1514.tmp moved successfully.
C:\WINDOWS\Temp\HTT1580.tmp moved successfully.
C:\WINDOWS\Temp\HTT15E8.tmp moved successfully.
C:\WINDOWS\Temp\HTT16C5.tmp moved successfully.
C:\WINDOWS\Temp\HTT16E2.tmp moved successfully.
C:\WINDOWS\Temp\HTT1770.tmp moved successfully.
C:\WINDOWS\Temp\HTT1799.tmp moved successfully.
C:\WINDOWS\Temp\HTT17DC.tmp moved successfully.
C:\WINDOWS\Temp\HTT181C.tmp moved successfully.
C:\WINDOWS\Temp\HTT184B.tmp moved successfully.
C:\WINDOWS\Temp\HTT194F.tmp moved successfully.
C:\WINDOWS\Temp\HTT19D9.tmp moved successfully.
C:\WINDOWS\Temp\HTT19F3.tmp moved successfully.
C:\WINDOWS\Temp\HTT1A97.tmp moved successfully.
C:\WINDOWS\Temp\HTT1B68.tmp moved successfully.
C:\WINDOWS\Temp\HTT1BEA.tmp moved successfully.
C:\WINDOWS\Temp\HTT1D77.tmp moved successfully.
C:\WINDOWS\Temp\HTT1E0C.tmp moved successfully.
C:\WINDOWS\Temp\HTT1E6.tmp moved successfully.
C:\WINDOWS\Temp\HTT1EC1.tmp moved successfully.
C:\WINDOWS\Temp\HTT1F37.tmp moved successfully.
C:\WINDOWS\Temp\HTT1F6D.tmp moved successfully.
C:\WINDOWS\Temp\HTT1F96.tmp moved successfully.
C:\WINDOWS\Temp\HTT1FDC.tmp moved successfully.
C:\WINDOWS\Temp\HTT2070.tmp moved successfully.
C:\WINDOWS\Temp\HTT21F8.tmp moved successfully.
C:\WINDOWS\Temp\HTT22B.tmp moved successfully.
C:\WINDOWS\Temp\HTT2316.tmp moved successfully.
C:\WINDOWS\Temp\HTT2388.tmp moved successfully.
C:\WINDOWS\Temp\HTT2407.tmp moved successfully.
C:\WINDOWS\Temp\HTT2408.tmp moved successfully.
C:\WINDOWS\Temp\HTT24EA.tmp moved successfully.
C:\WINDOWS\Temp\HTT250.tmp moved successfully.
C:\WINDOWS\Temp\HTT251F.tmp moved successfully.
C:\WINDOWS\Temp\HTT2520.tmp moved successfully.
C:\WINDOWS\Temp\HTT255B.tmp moved successfully.
C:\WINDOWS\Temp\HTT2667.tmp moved successfully.
C:\WINDOWS\Temp\HTT2747.tmp moved successfully.
C:\WINDOWS\Temp\HTT2988.tmp moved successfully.
C:\WINDOWS\Temp\HTT2999.tmp moved successfully.
C:\WINDOWS\Temp\HTT29E7.tmp moved successfully.
C:\WINDOWS\Temp\HTT29F8.tmp moved successfully.
C:\WINDOWS\Temp\HTT2A15.tmp moved successfully.
C:\WINDOWS\Temp\HTT2A45.tmp moved successfully.
C:\WINDOWS\Temp\HTT2B1C.tmp moved successfully.
C:\WINDOWS\Temp\HTT2B42.tmp moved successfully.
C:\WINDOWS\Temp\HTT2B61.tmp moved successfully.
C:\WINDOWS\Temp\HTT2C13.tmp moved successfully.
C:\WINDOWS\Temp\HTT2C61.tmp moved successfully.
C:\WINDOWS\Temp\HTT2D37.tmp moved successfully.
C:\WINDOWS\Temp\HTT2DC4.tmp moved successfully.
C:\WINDOWS\Temp\HTT2F30.tmp moved successfully.
C:\WINDOWS\Temp\HTT2FE.tmp moved successfully.
C:\WINDOWS\Temp\HTT308E.tmp moved successfully.
C:\WINDOWS\Temp\HTT30C5.tmp moved successfully.
C:\WINDOWS\Temp\HTT30DA.tmp moved successfully.
C:\WINDOWS\Temp\HTT311.tmp moved successfully.
C:\WINDOWS\Temp\HTT3124.tmp moved successfully.
C:\WINDOWS\Temp\HTT32C2.tmp moved successfully.
C:\WINDOWS\Temp\HTT3400.tmp moved successfully.
C:\WINDOWS\Temp\HTT3461.tmp moved successfully.
C:\WINDOWS\Temp\HTT3462.tmp moved successfully.
C:\WINDOWS\Temp\HTT35AA.tmp moved successfully.
C:\WINDOWS\Temp\HTT35DE.tmp moved successfully.
C:\WINDOWS\Temp\HTT36CA.tmp moved successfully.
C:\WINDOWS\Temp\HTT36DB.tmp moved successfully.
C:\WINDOWS\Temp\HTT3860.tmp moved successfully.
C:\WINDOWS\Temp\HTT39EE.tmp moved successfully.
C:\WINDOWS\Temp\HTT3A0F.tmp moved successfully.
C:\WINDOWS\Temp\HTT3A8B.tmp moved successfully.
C:\WINDOWS\Temp\HTT3AA4.tmp moved successfully.
C:\WINDOWS\Temp\HTT3BA1.tmp moved successfully.
C:\WINDOWS\Temp\HTT3BFA.tmp moved successfully.
C:\WINDOWS\Temp\HTT3C15.tmp moved successfully.
C:\WINDOWS\Temp\HTT3C53.tmp moved successfully.
C:\WINDOWS\Temp\HTT3CD2.tmp moved successfully.
C:\WINDOWS\Temp\HTT3DB1.tmp moved successfully.
C:\WINDOWS\Temp\HTT3E07.tmp moved successfully.
C:\WINDOWS\Temp\HTT3ED.tmp moved successfully.
C:\WINDOWS\Temp\HTT3EF9.tmp moved successfully.
C:\WINDOWS\Temp\HTT4062.tmp moved successfully.
C:\WINDOWS\Temp\HTT4063.tmp moved successfully.
C:\WINDOWS\Temp\HTT40C8.tmp moved successfully.
C:\WINDOWS\Temp\HTT4252.tmp moved successfully.
C:\WINDOWS\Temp\HTT42A4.tmp moved successfully.
C:\WINDOWS\Temp\HTT42AE.tmp moved successfully.
C:\WINDOWS\Temp\HTT4351.tmp moved successfully.
C:\WINDOWS\Temp\HTT4358.tmp moved successfully.
C:\WINDOWS\Temp\HTT43D8.tmp moved successfully.
C:\WINDOWS\Temp\HTT4550.tmp moved successfully.
C:\WINDOWS\Temp\HTT4595.tmp moved successfully.
C:\WINDOWS\Temp\HTT46B1.tmp moved successfully.
C:\WINDOWS\Temp\HTT47F4.tmp moved successfully.
C:\WINDOWS\Temp\HTT485C.tmp moved successfully.
C:\WINDOWS\Temp\HTT4887.tmp moved successfully.
C:\WINDOWS\Temp\HTT497E.tmp moved successfully.
C:\WINDOWS\Temp\HTT49EA.tmp moved successfully.
C:\WINDOWS\Temp\HTT4A71.tmp moved successfully.
C:\WINDOWS\Temp\HTT4C17.tmp moved successfully.
C:\WINDOWS\Temp\HTT4C9F.tmp moved successfully.
C:\WINDOWS\Temp\HTT4CF9.tmp moved successfully.
C:\WINDOWS\Temp\HTT4D6B.tmp moved successfully.
C:\WINDOWS\Temp\HTT4D7.tmp moved successfully.
C:\WINDOWS\Temp\HTT4DC2.tmp moved successfully.
C:\WINDOWS\Temp\HTT4DF8.tmp moved successfully.
C:\WINDOWS\Temp\HTT4E87.tmp moved successfully.
C:\WINDOWS\Temp\HTT4EDF.tmp moved successfully.
C:\WINDOWS\Temp\HTT4F9D.tmp moved successfully.
C:\WINDOWS\Temp\HTT50A8.tmp moved successfully.
C:\WINDOWS\Temp\HTT5110.tmp moved successfully.
C:\WINDOWS\Temp\HTT5112.tmp moved successfully.
C:\WINDOWS\Temp\HTT5277.tmp moved successfully.
C:\WINDOWS\Temp\HTT5288.tmp moved successfully.
C:\WINDOWS\Temp\HTT52B6.tmp moved successfully.
C:\WINDOWS\Temp\HTT54F1.tmp moved successfully.
C:\WINDOWS\Temp\HTT55A3.tmp moved successfully.
C:\WINDOWS\Temp\HTT55CA.tmp moved successfully.
C:\WINDOWS\Temp\HTT5697.tmp moved successfully.
C:\WINDOWS\Temp\HTT5727.tmp moved successfully.
C:\WINDOWS\Temp\HTT57FA.tmp moved successfully.
C:\WINDOWS\Temp\HTT58C1.tmp moved successfully.
C:\WINDOWS\Temp\HTT5994.tmp moved successfully.
C:\WINDOWS\Temp\HTT59D0.tmp moved successfully.
C:\WINDOWS\Temp\HTT5B40.tmp moved successfully.
C:\WINDOWS\Temp\HTT5B50.tmp moved successfully.
C:\WINDOWS\Temp\HTT5C71.tmp moved successfully.
C:\WINDOWS\Temp\HTT5DAB.tmp moved successfully.
C:\WINDOWS\Temp\HTT5EE8.tmp moved successfully.
C:\WINDOWS\Temp\HTT5EF9.tmp moved successfully.
C:\WINDOWS\Temp\HTT6053.tmp moved successfully.
C:\WINDOWS\Temp\HTT6076.tmp moved successfully.
C:\WINDOWS\Temp\HTT60C1.tmp moved successfully.
C:\WINDOWS\Temp\HTT60D2.tmp moved successfully.
C:\WINDOWS\Temp\HTT60F4.tmp moved successfully.
C:\WINDOWS\Temp\HTT6168.tmp moved successfully.
C:\WINDOWS\Temp\HTT61EC.tmp moved successfully.
C:\WINDOWS\Temp\HTT61F2.tmp moved successfully.
C:\WINDOWS\Temp\HTT625B.tmp moved successfully.
C:\WINDOWS\Temp\HTT6345.tmp moved successfully.
C:\WINDOWS\Temp\HTT6363.tmp moved successfully.
C:\WINDOWS\Temp\HTT6557.tmp moved successfully.
C:\WINDOWS\Temp\HTT6588.tmp moved successfully.
C:\WINDOWS\Temp\HTT66CF.tmp moved successfully.
C:\WINDOWS\Temp\HTT6768.tmp moved successfully.
C:\WINDOWS\Temp\HTT687.tmp moved successfully.
C:\WINDOWS\Temp\HTT6901.tmp moved successfully.
C:\WINDOWS\Temp\HTT6986.tmp moved successfully.
C:\WINDOWS\Temp\HTT6B04.tmp moved successfully.
C:\WINDOWS\Temp\HTT6B0F.tmp moved successfully.
C:\WINDOWS\Temp\HTT6C3B.tmp moved successfully.
C:\WINDOWS\Temp\HTT6C4.tmp moved successfully.
C:\WINDOWS\Temp\HTT6CC9.tmp moved successfully.
C:\WINDOWS\Temp\HTT6D17.tmp moved successfully.
C:\WINDOWS\Temp\HTT6D2A.tmp moved successfully.
C:\WINDOWS\Temp\HTT6D86.tmp moved successfully.
C:\WINDOWS\Temp\HTT6F5F.tmp moved successfully.
C:\WINDOWS\Temp\HTT7094.tmp moved successfully.
C:\WINDOWS\Temp\HTT718.tmp moved successfully.
C:\WINDOWS\Temp\HTT734.tmp moved successfully.
C:\WINDOWS\Temp\HTT73B.tmp moved successfully.
C:\WINDOWS\Temp\HTT7690.tmp moved successfully.
C:\WINDOWS\Temp\HTT7713.tmp moved successfully.
C:\WINDOWS\Temp\HTT7730.tmp moved successfully.
C:\WINDOWS\Temp\HTT77CA.tmp moved successfully.
C:\WINDOWS\Temp\HTT78D0.tmp moved successfully.
C:\WINDOWS\Temp\HTT78E2.tmp moved successfully.
C:\WINDOWS\Temp\HTT7926.tmp moved successfully.
C:\WINDOWS\Temp\HTT7930.tmp moved successfully.
C:\WINDOWS\Temp\HTT799D.tmp moved successfully.
C:\WINDOWS\Temp\HTT7C0E.tmp moved successfully.
C:\WINDOWS\Temp\HTT7C90.tmp moved successfully.
C:\WINDOWS\Temp\HTT7DFC.tmp moved successfully.
C:\WINDOWS\Temp\HTT7F82.tmp moved successfully.
C:\WINDOWS\Temp\HTT80C8.tmp moved successfully.
C:\WINDOWS\Temp\HTT811A.tmp moved successfully.
C:\WINDOWS\Temp\HTT8258.tmp moved successfully.
C:\WINDOWS\Temp\HTT831.tmp moved successfully.
C:\WINDOWS\Temp\HTT83AA.tmp moved successfully.
C:\WINDOWS\Temp\HTT83B7.tmp moved successfully.
C:\WINDOWS\Temp\HTT83D.tmp moved successfully.
C:\WINDOWS\Temp\HTT8423.tmp moved successfully.
C:\WINDOWS\Temp\HTT8492.tmp moved successfully.
C:\WINDOWS\Temp\HTT8649.tmp moved successfully.
C:\WINDOWS\Temp\HTT8667.tmp moved successfully.
C:\WINDOWS\Temp\HTT86A4.tmp moved successfully.
C:\WINDOWS\Temp\HTT8711.tmp moved successfully.
C:\WINDOWS\Temp\HTT8727.tmp moved successfully.
C:\WINDOWS\Temp\HTT8863.tmp moved successfully.
C:\WINDOWS\Temp\HTT88E2.tmp moved successfully.
C:\WINDOWS\Temp\HTT894C.tmp moved successfully.
C:\WINDOWS\Temp\HTT89D3.tmp moved successfully.
C:\WINDOWS\Temp\HTT8B1E.tmp moved successfully.
C:\WINDOWS\Temp\HTT8BFE.tmp moved successfully.
C:\WINDOWS\Temp\HTT8C16.tmp moved successfully.
C:\WINDOWS\Temp\HTT8C30.tmp moved successfully.
C:\WINDOWS\Temp\HTT8D03.tmp moved successfully.
C:\WINDOWS\Temp\HTT8E1C.tmp moved successfully.
C:\WINDOWS\Temp\HTT8E8E.tmp moved successfully.
C:\WINDOWS\Temp\HTT8EE1.tmp moved successfully.
C:\WINDOWS\Temp\HTT8F06.tmp moved successfully.
C:\WINDOWS\Temp\HTT904D.tmp moved successfully.
C:\WINDOWS\Temp\HTT9083.tmp moved successfully.
C:\WINDOWS\Temp\HTT90EF.tmp moved successfully.
C:\WINDOWS\Temp\HTT910C.tmp moved successfully.
C:\WINDOWS\Temp\HTT920.tmp moved successfully.
C:\WINDOWS\Temp\HTT93B1.tmp moved successfully.
C:\WINDOWS\Temp\HTT940E.tmp moved successfully.
C:\WINDOWS\Temp\HTT94AB.tmp moved successfully.
C:\WINDOWS\Temp\HTT964F.tmp moved successfully.
C:\WINDOWS\Temp\HTT96CD.tmp moved successfully.
C:\WINDOWS\Temp\HTT9723.tmp moved successfully.
C:\WINDOWS\Temp\HTT97B6.tmp moved successfully.
C:\WINDOWS\Temp\HTT9819.tmp moved successfully.
C:\WINDOWS\Temp\HTT9897.tmp moved successfully.
C:\WINDOWS\Temp\HTT98EF.tmp moved successfully.
C:\WINDOWS\Temp\HTT992B.tmp moved successfully.
C:\WINDOWS\Temp\HTT9984.tmp moved successfully.
C:\WINDOWS\Temp\HTT99CE.tmp moved successfully.
C:\WINDOWS\Temp\HTT9A5B.tmp moved successfully.
C:\WINDOWS\Temp\HTT9A7.tmp moved successfully.
C:\WINDOWS\Temp\HTT9B89.tmp moved successfully.
C:\WINDOWS\Temp\HTT9B9D.tmp moved successfully.
C:\WINDOWS\Temp\HTT9C3.tmp moved successfully.
C:\WINDOWS\Temp\HTT9D95.tmp moved successfully.
C:\WINDOWS\Temp\HTT9E0F.tmp moved successfully.
C:\WINDOWS\Temp\HTT9E3.tmp moved successfully.
C:\WINDOWS\Temp\HTT9E88.tmp moved successfully.
C:\WINDOWS\Temp\HTT9F3B.tmp moved successfully.
C:\WINDOWS\Temp\HTT9F4F.tmp moved successfully.
C:\WINDOWS\Temp\HTT9F51.tmp moved successfully.
C:\WINDOWS\Temp\HTT9F93.tmp moved successfully.
C:\WINDOWS\Temp\HTTA03.tmp moved successfully.
C:\WINDOWS\Temp\HTTA05B.tmp moved successfully.
C:\WINDOWS\Temp\HTTA1AB.tmp moved successfully.
C:\WINDOWS\Temp\HTTA1BB.tmp moved successfully.
C:\WINDOWS\Temp\HTTA21D.tmp moved successfully.
C:\WINDOWS\Temp\HTTA3E.tmp moved successfully.
C:\WINDOWS\Temp\HTTA52.tmp moved successfully.
C:\WINDOWS\Temp\HTTA520.tmp moved successfully.
C:\WINDOWS\Temp\HTTA583.tmp moved successfully.
C:\WINDOWS\Temp\HTTA63D.tmp moved successfully.
C:\WINDOWS\Temp\HTTA81A.tmp moved successfully.
C:\WINDOWS\Temp\HTTA883.tmp moved successfully.
C:\WINDOWS\Temp\HTTA8CA.tmp moved successfully.
C:\WINDOWS\Temp\HTTA8DB.tmp moved successfully.
C:\WINDOWS\Temp\HTTA9FC.tmp moved successfully.
C:\WINDOWS\Temp\HTTAA4F.tmp moved successfully.
C:\WINDOWS\Temp\HTTAAB9.tmp moved successfully.
C:\WINDOWS\Temp\HTTAB6C.tmp moved successfully.
C:\WINDOWS\Temp\HTTABD4.tmp moved successfully.
C:\WINDOWS\Temp\HTTABDB.tmp moved successfully.
C:\WINDOWS\Temp\HTTAE2E.tmp moved successfully.
C:\WINDOWS\Temp\HTTAE6.tmp moved successfully.
C:\WINDOWS\Temp\HTTAF31.tmp moved successfully.
C:\WINDOWS\Temp\HTTAFBC.tmp moved successfully.
C:\WINDOWS\Temp\HTTAFFA.tmp moved successfully.
C:\WINDOWS\Temp\HTTB08F.tmp moved successfully.
C:\WINDOWS\Temp\HTTB103.tmp moved successfully.
C:\WINDOWS\Temp\HTTB104.tmp moved successfully.
C:\WINDOWS\Temp\HTTB16.tmp moved successfully.
C:\WINDOWS\Temp\HTTB23.tmp moved successfully.
C:\WINDOWS\Temp\HTTB3AB.tmp moved successfully.
C:\WINDOWS\Temp\HTTB3AC.tmp moved successfully.
C:\WINDOWS\Temp\HTTB3AD.tmp moved successfully.
C:\WINDOWS\Temp\HTTB4D0.tmp moved successfully.
C:\WINDOWS\Temp\HTTB81.tmp moved successfully.
C:\WINDOWS\Temp\HTTB827.tmp moved successfully.
C:\WINDOWS\Temp\HTTB897.tmp moved successfully.
C:\WINDOWS\Temp\HTTBA0D.tmp moved successfully.
C:\WINDOWS\Temp\HTTBA43.tmp moved successfully.
C:\WINDOWS\Temp\HTTBA97.tmp moved successfully.
C:\WINDOWS\Temp\HTTBB31.tmp moved successfully.
C:\WINDOWS\Temp\HTTBC63.tmp moved successfully.
C:\WINDOWS\Temp\HTTBCD0.tmp moved successfully.
C:\WINDOWS\Temp\HTTBCF8.tmp moved successfully.
C:\WINDOWS\Temp\HTTBD1F.tmp moved successfully.
C:\WINDOWS\Temp\HTTBE21.tmp moved successfully.
C:\WINDOWS\Temp\HTTBE68.tmp moved successfully.
C:\WINDOWS\Temp\HTTBF54.tmp moved successfully.
C:\WINDOWS\Temp\HTTBFDD.tmp moved successfully.
C:\WINDOWS\Temp\HTTC038.tmp moved successfully.
C:\WINDOWS\Temp\HTTC0F9.tmp moved successfully.
C:\WINDOWS\Temp\HTTC109.tmp moved successfully.
C:\WINDOWS\Temp\HTTC26A.tmp moved successfully.
C:\WINDOWS\Temp\HTTC300.tmp moved successfully.
C:\WINDOWS\Temp\HTTC398.tmp moved successfully.
C:\WINDOWS\Temp\HTTC39B.tmp moved successfully.
C:\WINDOWS\Temp\HTTC3DF.tmp moved successfully.
C:\WINDOWS\Temp\HTTC49A.tmp moved successfully.
C:\WINDOWS\Temp\HTTC50.tmp moved successfully.
C:\WINDOWS\Temp\HTTC58B.tmp moved successfully.
C:\WINDOWS\Temp\HTTC5D3.tmp moved successfully.
C:\WINDOWS\Temp\HTTC66D.tmp moved successfully.
C:\WINDOWS\Temp\HTTC85B.tmp moved successfully.
C:\WINDOWS\Temp\HTTC8BE.tmp moved successfully.
C:\WINDOWS\Temp\HTTC910.tmp moved successfully.
C:\WINDOWS\Temp\HTTC98.tmp moved successfully.
C:\WINDOWS\Temp\HTTC9EE.tmp moved successfully.
C:\WINDOWS\Temp\HTTCA47.tmp moved successfully.
C:\WINDOWS\Temp\HTTCAAC.tmp moved successfully.
C:\WINDOWS\Temp\HTTCB83.tmp moved successfully.
C:\WINDOWS\Temp\HTTCBD1.tmp moved successfully.
C:\WINDOWS\Temp\HTTCBD6.tmp moved successfully.
C:\WINDOWS\Temp\HTTCC18.tmp moved successfully.
C:\WINDOWS\Temp\HTTCC1B.tmp moved successfully.
C:\WINDOWS\Temp\HTTCD49.tmp moved successfully.
C:\WINDOWS\Temp\HTTCE55.tmp moved successfully.
C:\WINDOWS\Temp\HTTCE5B.tmp moved successfully.
C:\WINDOWS\Temp\HTTCF2B.tmp moved successfully.
C:\WINDOWS\Temp\HTTCF33.tmp moved successfully.
C:\WINDOWS\Temp\HTTCF5E.tmp moved successfully.
C:\WINDOWS\Temp\HTTCF81.tmp moved successfully.
C:\WINDOWS\Temp\HTTCF96.tmp moved successfully.
C:\WINDOWS\Temp\HTTCF9B.tmp moved successfully.
C:\WINDOWS\Temp\HTTD04D.tmp moved successfully.
C:\WINDOWS\Temp\HTTD10F.tmp moved successfully.
C:\WINDOWS\Temp\HTTD1DA.tmp moved successfully.
C:\WINDOWS\Temp\HTTD20B.tmp moved successfully.
C:\WINDOWS\Temp\HTTD2DC.tmp moved successfully.
C:\WINDOWS\Temp\HTTD2DD.tmp moved successfully.
C:\WINDOWS\Temp\HTTD3F3.tmp moved successfully.
C:\WINDOWS\Temp\HTTD406.tmp moved successfully.
C:\WINDOWS\Temp\HTTD413.tmp moved successfully.
C:\WINDOWS\Temp\HTTD41B.tmp moved successfully.
C:\WINDOWS\Temp\HTTD4AD.tmp moved successfully.
C:\WINDOWS\Temp\HTTD679.tmp moved successfully.
C:\WINDOWS\Temp\HTTD6DB.tmp moved successfully.
C:\WINDOWS\Temp\HTTD74F.tmp moved successfully.
C:\WINDOWS\Temp\HTTD776.tmp moved successfully.
C:\WINDOWS\Temp\HTTD81C.tmp moved successfully.
C:\WINDOWS\Temp\HTTD860.tmp moved successfully.
C:\WINDOWS\Temp\HTTD8E0.tmp moved successfully.
C:\WINDOWS\Temp\HTTD912.tmp moved successfully.
C:\WINDOWS\Temp\HTTD961.tmp moved successfully.
C:\WINDOWS\Temp\HTTD97F.tmp moved successfully.
C:\WINDOWS\Temp\HTTD9F8.tmp moved successfully.
C:\WINDOWS\Temp\HTTDA13.tmp moved successfully.
C:\WINDOWS\Temp\HTTDA53.tmp moved successfully.
C:\WINDOWS\Temp\HTTDB6B.tmp moved successfully.
C:\WINDOWS\Temp\HTTDBA3.tmp moved successfully.
C:\WINDOWS\Temp\HTTDBB9.tmp moved successfully.
C:\WINDOWS\Temp\HTTDC22.tmp moved successfully.
C:\WINDOWS\Temp\HTTDCF6.tmp moved successfully.
C:\WINDOWS\Temp\HTTDF5A.tmp moved successfully.
C:\WINDOWS\Temp\HTTE02D.tmp moved successfully.
C:\WINDOWS\Temp\HTTE0A3.tmp moved successfully.
C:\WINDOWS\Temp\HTTE1D9.tmp moved successfully.
C:\WINDOWS\Temp\HTTE27E.tmp moved successfully.
C:\WINDOWS\Temp\HTTE3A3.tmp moved successfully.
C:\WINDOWS\Temp\HTTE41E.tmp moved successfully.
C:\WINDOWS\Temp\HTTE4E4.tmp moved successfully.
C:\WINDOWS\Temp\HTTE57B.tmp moved successfully.
C:\WINDOWS\Temp\HTTE5AF.tmp moved successfully.
C:\WINDOWS\Temp\HTTE78E.tmp moved successfully.
C:\WINDOWS\Temp\HTTE7AE.tmp moved successfully.
C:\WINDOWS\Temp\HTTE7EE.tmp moved successfully.
C:\WINDOWS\Temp\HTTE82.tmp moved successfully.
C:\WINDOWS\Temp\HTTE8C8.tmp moved successfully.
C:\WINDOWS\Temp\HTTE972.tmp moved successfully.
C:\WINDOWS\Temp\HTTEB4A.tmp moved successfully.
C:\WINDOWS\Temp\HTTEBE8.tmp moved successfully.
C:\WINDOWS\Temp\HTTECC2.tmp moved successfully.
C:\WINDOWS\Temp\HTTED02.tmp moved successfully.
C:\WINDOWS\Temp\HTTEDBA.tmp moved successfully.
C:\WINDOWS\Temp\HTTEE03.tmp moved successfully.
C:\WINDOWS\Temp\HTTEEA8.tmp moved successfully.
C:\WINDOWS\Temp\HTTEEF2.tmp moved successfully.
C:\WINDOWS\Temp\HTTEF48.tmp moved successfully.
C:\WINDOWS\Temp\HTTF14D.tmp moved successfully.
C:\WINDOWS\Temp\HTTF216.tmp moved successfully.
C:\WINDOWS\Temp\HTTF241.tmp moved successfully.
C:\WINDOWS\Temp\HTTF24C.tmp moved successfully.
C:\WINDOWS\Temp\HTTF2A6.tmp moved successfully.
C:\WINDOWS\Temp\HTTF350.tmp moved successfully.
C:\WINDOWS\Temp\HTTF3C9.tmp moved successfully.
C:\WINDOWS\Temp\HTTF4E4.tmp moved successfully.
C:\WINDOWS\Temp\HTTF5A0.tmp moved successfully.
C:\WINDOWS\Temp\HTTF5D8.tmp moved successfully.
C:\WINDOWS\Temp\HTTF659.tmp moved successfully.
C:\WINDOWS\Temp\HTTF6E.tmp moved successfully.
C:\WINDOWS\Temp\HTTF7CD.tmp moved successfully.
C:\WINDOWS\Temp\HTTF7D2.tmp moved successfully.
C:\WINDOWS\Temp\HTTF84F.tmp moved successfully.
C:\WINDOWS\Temp\HTTF86F.tmp moved successfully.
C:\WINDOWS\Temp\HTTF8AE.tmp moved successfully.
C:\WINDOWS\Temp\HTTF8AF.tmp moved successfully.
C:\WINDOWS\Temp\HTTF908.tmp moved successfully.
C:\WINDOWS\Temp\HTTF95C.tmp moved successfully.
C:\WINDOWS\Temp\HTTF9DB.tmp moved successfully.
C:\WINDOWS\Temp\HTTF9FE.tmp moved successfully.
C:\WINDOWS\Temp\HTTFACC.tmp moved successfully.
C:\WINDOWS\Temp\HTTFAF7.tmp moved successfully.
C:\WINDOWS\Temp\HTTFBA2.tmp moved successfully.
C:\WINDOWS\Temp\HTTFC8A.tmp moved successfully.
C:\WINDOWS\Temp\HTTFCCE.tmp moved successfully.
C:\WINDOWS\Temp\HTTFD49.tmp moved successfully.
C:\WINDOWS\Temp\HTTFE0.tmp moved successfully.
C:\WINDOWS\Temp\HTTFECE.tmp moved successfully.
C:\WINDOWS\Temp\is260A.tmp moved successfully.
C:\WINDOWS\Temp\is9313.tmp moved successfully.
C:\WINDOWS\Temp\isD77C.tmp moved successfully.
C:\WINDOWS\Temp\isE379.tmp moved successfully.
C:\WINDOWS\Temp\Tag60A5.tmp moved successfully.
C:\WINDOWS\Temp\Tag9123.tmp moved successfully.
C:\WINDOWS\Temp\Tag9124.tmp moved successfully.
C:\WINDOWS\Temp\Tag9125.tmp moved successfully.
C:\WINDOWS\Temp\Tag9135.tmp moved successfully.
C:\WINDOWS\Temp\Tag9136.tmp moved successfully.
C:\WINDOWS\Temp\Tag9137.tmp moved successfully.
C:\WINDOWS\Temp\Tag9148.tmp moved successfully.
C:\WINDOWS\Temp\Tag9149.tmp moved successfully.
C:\WINDOWS\Temp\Tag914A.tmp moved successfully.
C:\WINDOWS\Temp\TagB82D.tmp moved successfully.
C:\WINDOWS\Temp\TagB82E.tmp moved successfully.
C:\WINDOWS\Temp\TagB83F.tmp moved successfully.
C:\WINDOWS\Temp\TagB840.tmp moved successfully.
C:\WINDOWS\Temp\TagB841.tmp moved successfully.
C:\WINDOWS\Temp\TagB842.tmp moved successfully.
C:\WINDOWS\Temp\TagB843.tmp moved successfully.
C:\WINDOWS\Temp\TagB854.tmp moved successfully.
C:\WINDOWS\Temp\TagB855.tmp moved successfully.
C:\WINDOWS\Temp\TagD0DA.tmp moved successfully.
C:\WINDOWS\Temp\TagD0DB.tmp moved successfully.
C:\WINDOWS\Temp\TagD0EC.tmp moved successfully.
C:\WINDOWS\Temp\TagD0ED.tmp moved successfully.
C:\WINDOWS\Temp\TagD0EE.tmp moved successfully.
C:\WINDOWS\Temp\TagD0EF.tmp moved successfully.
C:\WINDOWS\Temp\TagD0FF.tmp moved successfully.
C:\WINDOWS\Temp\TagD100.tmp moved successfully.
C:\WINDOWS\Temp\TagD101.tmp moved successfully.
C:\WINDOWS\Temp\TagF3A9.tmp moved successfully.
C:\WINDOWS\Temp\TagF3AA.tmp moved successfully.
C:\WINDOWS\Temp\TagF3AB.tmp moved successfully.
C:\WINDOWS\Temp\TagF3AC.tmp moved successfully.
C:\WINDOWS\Temp\TagF3AD.tmp moved successfully.
C:\WINDOWS\Temp\TagF3AE.tmp moved successfully.
C:\WINDOWS\Temp\TagF3AF.tmp moved successfully.
C:\WINDOWS\Temp\TagF3B0.tmp moved successfully.
C:\WINDOWS\Temp\TagF3B1.tmp moved successfully.
C:\WINDOWS\Temp\TS_38F4.tmp moved successfully.
C:\WINDOWS\Temp\TS_3CCD.tmp moved successfully.
C:\WINDOWS\Temp\TS_43C4.tmp moved successfully.
C:\WINDOWS\Temp\TS_45A9.tmp moved successfully.
C:\WINDOWS\Temp\TS_4CED.tmp moved successfully.
C:\WINDOWS\Temp\TS_5386.tmp moved successfully.
C:\WINDOWS\Temp\TS_55D9.tmp moved successfully.
C:\WINDOWS\Temp\TS_622E.tmp moved successfully.
C:\WINDOWS\Temp\TS_FC64.tmp moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 6370260137 bytes
->Temporary Internet Files folder emptied: 214528600 bytes
->Java cache emptied: 23392381 bytes
->Google Chrome cache emptied: 579963440 bytes
->Flash cache emptied: 130157 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 83331802 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67978 bytes
RecycleBin emptied: 41817852318 bytes

Total Files Cleaned = 46 815,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: User
->Flash cache emptied: 343 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 08122010_160249

Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

[roomm]

MBAM



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4422

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.8.2010 19:06:16
mbam-log-2010-08-12 (19-06-16).txt

Typ skenu: Úplný sken (C:\|E:\|J:\|)
Skenované objekty: 746576
Uplynulý čas: 2 hodina(y), 9 minuta(y), 39 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 9

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\a646b882 (Adware.Adrotator) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Users\User\Documents\Downloads\WEB\aRTESTEER\Adobe CS5 Activator [2010] - www.GuruFuel.com\Adobe CS5 Activator [2010] - www.GuruFuel.com\Adobe CS5 Activator.exe (RiskWare.Tool.CK) -> No action taken.
C:\Windows\System32\a646b882.exe (Adware.Adrotator) -> No action taken.
C:\Windows\SysWOW64\a646b882.exe (Adware.Adrotator) -> No action taken.
E:\Programy\Photoshop\crack\Adobe.Photoshop.CS4.Extended.v11.0.Incl.Keymaker-CORE.zip\Adobe.Photoshop.CS4.Extended.v11.0.Incl.Keymaker-CORE\keygen.exe (Hacktool.Keygen) -> No action taken.
E:\Programy\Nero v9.4.26.0 Ultra Edition + Nero 9 Keymaker [h33t] [th3h33ter]\Keymaker (Updated).exe (Trojan.Agent.CK) -> No action taken.
E:\Programy\Adobe Lightroom v2.2+Keygen+E-books[h33t][MAMBO04]\keygen.exe (Malware.Packer.Gen) -> No action taken.
E:\System Volume Information\_restore{7FCFF501-1922-42CC-A235-D23C3B80EBAA}\RP116\A0018935.exe (Rogue.Multiple) -> No action taken.
E:\System Volume Information\_restore{7FCFF501-1922-42CC-A235-D23C3B80EBAA}\RP116\A0018936.exe (Rogue.Installer) -> No action taken.
C:\Windows\Tasks\Acrobat Update.job (Malware.Trace) -> No action taken.

[roomm]

Vůbec netuším co by mohlo být Harddisk5\DR5.? !!!

[motji]

Co našel mbam, smažte.

mrkněte do správce disků, měl by jste je tam mít očíslované.

Jak to vypadá s počítačem?

[roomm]

Disk č. 5 je externi 500GB HD. Počítač se zdá být stabilní, ale zatím ho pořád vypínám. Uvidíme jestli bude vykazovat nejaké anomálie. Myslíte, že je už vše v pořádku ?

[motji]

Poprosím o nový log ze rsitu .
Tak ho už nevypínejte a vyzkoušejte, jestli bude zase v noci broudat někde, kde nemá