Velmi zpomalený PC

Zpráva

novas1998 · #1 Příspěvek od **novas1998** » 19 kvě 2013 08:25

Zdravím, můj PC je hodně zpomalený zasekáva se, ikdyž chci třeba jen přesouvat složky na ploše...Prosím o radu...
Log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by NoVaS at 2013-05-19 09:23:02
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 105 GB (35%) free of 305 GB
Total RAM: 2048 MB (5% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:24:23, on 19.5.2013
Platform: Windows 7 SP1 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASC.exe
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\NoVaS.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: MagniPiiC - {20D6E8BC-CCB3-3D63-E799-CD1D066FB518} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKUS\S-1-5-21-2235947728-872269853-3953581352-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2235947728-872269853-3953581352-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6645 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
taskeng.exe {5FE6C0B5-A3B4-423B-8B53-88D92CA5B46F}
"C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3372.0.678108862\1695027852" --supports-dual-gpus=false --gpu-vendor-id=0x10de --gpu-device-id=0x0193 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.1422 --ignored=" --type=renderer " /prefetch:12
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/ --extension-process --renderer-print-preview --enable-threaded-compositing --channel="3372.1.1313753764\144182647" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3372.2.1331366298\1108961868" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3372.6.241177372\1457850970" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="3372.7.2055462126\1730530976" --lang=cs --ignored=" --type=renderer " /prefetch:13
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin16/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3372.9.873577040\680400424" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin16/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3372.19.271777671\990753260" /prefetch:3
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASC.exe"
"C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin16/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3372.31.185459094\2128422535" /prefetch:3
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ForceCompositingMode/thread/InfiniteCache/No/NewMenuStyle/NewStyle/NewTabButton/default/OmniboxHQPNewScoringMax1400/Standard/OmniboxHQPOnlyCountMatchesAtWordBoundaries/Standard/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxHQPUseCursorPosition/Standard/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin16/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/ --renderer-print-preview --enable-threaded-compositing --channel="3372.33.1181079969\415832497" /prefetch:3
"C:\Windows\system32\wuauclt.exe"
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
taskeng.exe {4846D6C2-B562-4FD1-A4E0-2A684BE48C02}
"C:\Users\NoVaS\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe21_ Global\UsGthrCtrlFltPipeMssGthrPipe21 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Windows\system32\pkgmgr.exe" /ip /norestart /m:"C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\SecurityHole_Backup\KB2656411.cab" /s:"C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\KB2656411.cab_Temp"
"C:\Windows\system32\dism.exe" /online /scratchdir:"C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\KB2656411.cab_Temp" /norestart /add-package /packagepath:"C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\SecurityHole_Backup\KB2656411.cab" /ignorecheck
\??\C:\Windows\system32\conhost.exe "-587195048-21316156701351292200433514685568740975-1132213775643911665761149847
"C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\KB2656411.cab_Temp\1EB5498A-03A7-468D-9DBD-6EAD4CD9C5E4\dismhost.exe" {29D97565-2FC4-4CC0-9F1C-534C099B60EB}
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a469999d-72a1-4bf1-a002-6b2ae23929ee.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b38150d1-7ac9-48c1-b38e-5c9a19b2286d.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{20D6E8BC-CCB3-3D63-E799-CD1D066FB518}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-03 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 1281512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare Ultimate]
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe [2012-11-07 512384]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\Windows\KHALMNPR.EXE [2009-06-17 130576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2013-04-23 4288048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pokki]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
c:\program files (x86)\skype\phone\skype.exe [2013-04-19 18678376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files (x86)\steam\steam.exe [2013-05-04 1635752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\temp]
c:\users\novas\appdata\roaming\temp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Service]
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe /s []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2013-05-19 09:23:14 ----D---- C:\Program Files\trend micro
2013-05-19 09:23:02 ----D---- C:\rsit
2013-05-18 13:28:56 ----SHD---- C:\$RECYCLE.BIN
2013-05-18 12:20:46 ----A---- C:\ComboFix.txt
2013-05-18 11:46:22 ----D---- C:\ComboFix
2013-05-17 21:03:02 ----D---- C:\Users\NoVaS\AppData\Roaming\Sony Creative Software Inc
2013-05-16 17:50:38 ----D---- C:\found.001
2013-05-16 12:32:30 ----D---- C:\Program Files (x86)\Microsoft Security Client
2013-05-16 12:32:02 ----D---- C:\Program Files\Microsoft Security Client
2013-05-16 12:30:55 ----D---- C:\Users\NoVaS\AppData\Roaming\SUPERAntiSpyware.com
2013-05-16 12:30:38 ----D---- C:\Users\NoVaS\AppData\Roaming\Malwarebytes
2013-05-16 12:30:30 ----D---- C:\ProgramData\Malwarebytes
2013-05-16 12:30:29 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-16 12:30:29 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-05-16 12:30:14 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2013-05-16 12:30:14 ----D---- C:\Program Files\SUPERAntiSpyware
2013-05-16 12:16:37 ----D---- C:\Windows\temp
2013-05-16 11:55:03 ----AD---- C:\Kaspersky Rescue Disk 10.0
2013-05-09 08:37:57 ----D---- C:\Users\NoVaS\AppData\Roaming\Origin
2013-05-09 08:36:11 ----D---- C:\ProgramData\Origin
2013-05-06 19:13:00 ----D---- C:\Users\NoVaS\AppData\Roaming\Jpeg Resampler
2013-05-06 19:12:46 ----D---- C:\Program Files (x86)\JpegResampler2010
2013-05-06 19:07:01 ----D---- C:\Users\NoVaS\AppData\Roaming\IrfanView
2013-05-02 13:48:50 ----A---- C:\Windows\zip.exe
2013-05-02 13:48:50 ----A---- C:\Windows\SWSC.exe
2013-05-02 13:48:50 ----A---- C:\Windows\SWREG.exe
2013-05-02 13:48:50 ----A---- C:\Windows\sed.exe
2013-05-02 13:48:50 ----A---- C:\Windows\PEV.exe
2013-05-02 13:48:50 ----A---- C:\Windows\NIRCMD.exe
2013-05-02 13:48:50 ----A---- C:\Windows\MBR.exe
2013-05-02 13:48:50 ----A---- C:\Windows\grep.exe
2013-05-02 13:47:33 ----D---- C:\Windows\erdnt
2013-05-02 12:29:57 ----D---- C:\Windows\ERUNT
2013-05-02 12:29:30 ----D---- C:\JRT
2013-05-01 03:10:20 ----D---- C:\Windows\system32\SPReview
2013-04-28 14:35:58 ----D---- C:\Users\NoVaS\AppData\Roaming\Mozilla
2013-04-28 14:35:46 ----D---- C:\ProgramData\Mozilla
2013-04-28 14:35:46 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-24 03:57:11 ----A---- C:\Windows\system32\drivers\ntfs.sys
2013-04-24 03:50:21 ----D---- C:\cbcdda51c4fce738a516bb17
2013-04-23 12:04:03 ----D---- C:\Users\NoVaS\AppData\Roaming\LolClient
2013-04-23 11:40:52 ----A---- C:\Windows\SYSWOW64\D3DX9_39.dll
2013-04-23 11:40:52 ----A---- C:\Windows\SYSWOW64\d3dx10_39.dll
2013-04-23 11:40:52 ----A---- C:\Windows\SYSWOW64\D3DCompiler_39.dll
2013-04-23 11:34:12 ----D---- C:\Riot Games
2013-04-23 10:13:32 ----D---- C:\ProgramData\PMB Files
2013-04-23 10:13:25 ----D---- C:\Program Files (x86)\Pando Networks

======List of files/folders modified in the last 1 months======

2013-05-19 09:23:15 ----D---- C:\Windows\winsxs
2013-05-19 09:23:14 ----RD---- C:\Program Files
2013-05-19 09:21:28 ----D---- C:\Windows\system32\catroot
2013-05-19 09:21:26 ----D---- C:\Windows\system32\catroot2
2013-05-19 09:18:29 ----SHD---- C:\System Volume Information
2013-05-19 09:13:19 ----D---- C:\Windows
2013-05-19 08:52:25 ----D---- C:\Windows\system32\config
2013-05-19 08:52:19 ----D---- C:\Boot
2013-05-19 07:52:43 ----D---- C:\ProgramData\NVIDIA
2013-05-19 04:07:32 ----D---- C:\Windows\debug
2013-05-18 19:53:52 ----D---- C:\Program Files (x86)\Metin2
2013-05-18 17:24:03 ----D---- C:\Program Files (x86)\Steam
2013-05-18 15:18:20 ----D---- C:\Windows\system32\drivers
2013-05-18 14:18:52 ----A---- C:\Windows\system32\MRT.exe
2013-05-18 13:35:09 ----D---- C:\Windows\System32
2013-05-18 13:35:08 ----D---- C:\Windows\inf
2013-05-18 13:35:08 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-05-18 12:20:58 ----AD---- C:\Qoobox
2013-05-18 12:13:31 ----A---- C:\Windows\system.ini
2013-05-18 12:13:04 ----D---- C:\Windows\system32\drivers\etc
2013-05-18 12:03:44 ----D---- C:\Windows\SysWOW64
2013-05-18 12:03:43 ----D---- C:\Windows\SYSWOW64\drivers
2013-05-18 12:03:43 ----D---- C:\Windows\AppPatch
2013-05-18 12:03:41 ----D---- C:\Program Files (x86)\Common Files
2013-05-18 03:03:50 ----D---- C:\Users\NoVaS\AppData\Roaming\Skype
2013-05-17 20:03:47 ----SHD---- C:\Windows\Installer
2013-05-17 20:03:47 ----D---- C:\ProgramData\Skype
2013-05-16 21:24:13 ----D---- C:\Program Files (x86)\Attomey
2013-05-16 20:22:59 ----D---- C:\Windows\ModemLogs
2013-05-16 20:20:50 ----D---- C:\Windows\Tasks
2013-05-16 20:20:50 ----D---- C:\Windows\system32\Tasks
2013-05-16 20:17:08 ----D---- C:\Windows\DigitalLocker
2013-05-16 20:14:37 ----D---- C:\Windows\AppCompat
2013-05-16 19:47:48 ----D---- C:\Program Files (x86)\Recuva
2013-05-16 12:32:30 ----RD---- C:\Program Files (x86)
2013-05-16 12:31:52 ----SD---- C:\Users\NoVaS\AppData\Roaming\Microsoft
2013-05-16 12:30:55 ----D---- C:\ProgramData
2013-05-16 03:28:15 ----D---- C:\Windows\Prefetch
2013-05-14 23:50:22 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-05-13 17:04:16 ----D---- C:\Users\NoVaS\AppData\Roaming\uTorrent
2013-05-13 17:04:16 ----D---- C:\Users\NoVaS\AppData\Roaming\DAEMON Tools Lite
2013-05-12 10:52:46 ----D---- C:\Users\NoVaS\AppData\Roaming\.minecraft
2013-05-10 14:48:28 ----D---- C:\Windows\system32\NDF
2013-05-10 08:15:15 ----RSD---- C:\Windows\Fonts
2013-05-09 08:46:15 ----D---- C:\Program Files (x86)\EA Sports
2013-05-05 15:49:02 ----RSD---- C:\Windows\assembly
2013-05-02 15:48:38 ----D---- C:\Program Files (x86)\Windows Sidebar
2013-05-02 13:54:39 ----D---- C:\Windows\registration
2013-05-02 13:52:08 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-05-02 13:47:07 ----D---- C:\Windows\system32\wdi
2013-05-02 12:31:27 ----SD---- C:\ProgramData\Microsoft
2013-05-02 02:06:08 ----N---- C:\Windows\system32\MpSigStub.exe
2013-05-01 18:57:50 ----D---- C:\Program Files\Windows Sidebar
2013-05-01 18:57:50 ----D---- C:\Program Files\Windows Portable Devices
2013-05-01 18:57:50 ----D---- C:\Program Files\Windows Photo Viewer
2013-05-01 18:57:50 ----D---- C:\Program Files\Windows Media Player
2013-05-01 18:57:50 ----D---- C:\Program Files\Windows Mail
2013-05-01 18:57:50 ----D---- C:\Program Files\Windows Journal
2013-05-01 18:57:50 ----D---- C:\Program Files\Windows Defender
2013-05-01 18:57:50 ----D---- C:\Program Files\DVD Maker
2013-05-01 18:57:50 ----D---- C:\Program Files\Common Files\System
2013-05-01 18:57:50 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2013-05-01 18:57:50 ----D---- C:\Program Files (x86)\Windows Media Player
2013-05-01 18:57:50 ----D---- C:\Program Files (x86)\Windows Mail
2013-05-01 18:57:49 ----D---- C:\Users\NoVaS\AppData\Roaming\IObit
2013-05-01 18:57:46 ----D---- C:\Windows\ehome
2013-05-01 18:57:45 ----D---- C:\Windows\system32\AdvancedInstallers
2013-05-01 18:57:45 ----D---- C:\Windows\schemas
2013-05-01 18:57:45 ----D---- C:\Windows\servicing
2013-05-01 18:57:45 ----D---- C:\Windows\security
2013-05-01 18:57:44 ----D---- C:\Windows\system32\DriverStore
2013-05-01 18:57:44 ----D---- C:\Windows\system32\drivers\cs-CZ
2013-05-01 18:57:44 ----D---- C:\Windows\system32\Dism
2013-05-01 18:57:44 ----D---- C:\Windows\system32\da-DK
2013-05-01 18:57:44 ----D---- C:\Windows\system32\cs-CZ
2013-05-01 18:57:44 ----D---- C:\Windows\system32\cs
2013-05-01 18:57:44 ----D---- C:\Windows\system32\CodeIntegrity
2013-05-01 18:57:44 ----D---- C:\Windows\system32\Boot
2013-05-01 18:57:43 ----D---- C:\Windows\system32\MUI
2013-05-01 18:57:43 ----D---- C:\Windows\system32\migwiz
2013-05-01 18:57:43 ----D---- C:\Windows\system32\migration
2013-05-01 18:57:43 ----D---- C:\Windows\system32\manifeststore
2013-05-01 18:57:43 ----D---- C:\Windows\system32\es-ES
2013-05-01 18:57:42 ----D---- C:\Windows\SYSWOW64\AdvancedInstallers
2013-05-01 18:57:42 ----D---- C:\Windows\system32\wfp
2013-05-01 18:57:42 ----D---- C:\Windows\system32\wbem
2013-05-01 18:57:42 ----D---- C:\Windows\system32\sppui
2013-05-01 18:57:42 ----D---- C:\Windows\system32\spp
2013-05-01 18:57:42 ----D---- C:\Windows\system32\Speech
2013-05-01 18:57:42 ----D---- C:\Windows\system32\Setup
2013-05-01 18:57:42 ----D---- C:\Windows\system32\oobe
2013-05-01 18:57:41 ----D---- C:\Windows\TAPI
2013-05-01 18:57:41 ----D---- C:\Windows\SYSWOW64\XPSViewer
2013-05-01 18:57:41 ----D---- C:\Windows\SYSWOW64\wbem
2013-05-01 18:57:41 ----D---- C:\Windows\SYSWOW64\sppui
2013-05-01 18:57:41 ----D---- C:\Windows\SYSWOW64\Speech
2013-05-01 18:57:41 ----D---- C:\Windows\SYSWOW64\Setup
2013-05-01 18:57:41 ----D---- C:\Windows\SYSWOW64\oobe
2013-05-01 18:57:41 ----D---- C:\Windows\SYSWOW64\MUI
2013-05-01 18:57:41 ----D---- C:\Windows\SYSWOW64\migwiz
2013-05-01 18:57:41 ----D---- C:\Windows\SYSWOW64\migration
2013-05-01 18:57:41 ----D---- C:\Windows\SYSWOW64\manifeststore
2013-05-01 18:57:41 ----D---- C:\Windows\SYSWOW64\es-ES
2013-05-01 18:57:41 ----D---- C:\Windows\SYSWOW64\Dism
2013-05-01 18:57:41 ----D---- C:\Windows\SYSWOW64\da-DK
2013-05-01 18:57:41 ----D---- C:\Windows\SYSWOW64\cs-CZ
2013-05-01 18:57:41 ----D---- C:\Windows\SYSWOW64\cs
2013-05-01 14:16:08 ----D---- C:\Program Files (x86)\Windows Portable Devices
2013-05-01 14:04:48 ----D---- C:\Windows\Microsoft.NET
2013-05-01 13:57:22 ----D---- C:\Windows\system32\LogFiles
2013-05-01 04:09:30 ----A---- C:\Windows\system32\msclmd.dll
2013-04-28 14:35:44 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-04-21 16:40:06 ----D---- C:\ProgramData\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 230320]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-04 283200]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 55312]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 57872]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [2012-10-03 66360]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-05-08 143088]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 22056]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-03-15 877856]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-15 1266464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02 116648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-14 256904]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-10 115608]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-05-04 543656]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-02 1255736]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 19 kvě 2013 09:38

Zdravim

Co se tyce ComboFixu, ktery jste pouzil, tak na zaklade licence a pravidel fora ptam, umite s nim pracovat (spusteni, rozlusteni logu, napsani skriptu)?

licencni podminky hovori jasne "Nikdy by nemel byt pouzit v prostredi bez dozoru zkusene osoby"
Obrázek

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

novas1998 · #3 Příspěvek od **novas1998** » 19 kvě 2013 09:46

Ne, ComboFix mi tam dal muj ucitel na inf. A dalsi programy...Ze zvedavosti jsem ho zapnul ...

#4 Příspěvek od **vyosek** » 19 kvě 2013 09:53

Sikulove oba dva

Zvedavy mate byt na jaro a slecny a ne ucinky ComboFixu

Koukam, ze jste opravdu vyzkousel co se dalo

Dejte mi sem log c:\combofix.txt

novas1998 · #5 Příspěvek od **novas1998** » 19 kvě 2013 09:56

No myslim ze on se vyzna doporucil mi tuto stranku a odstranil mi vir Policie CR

Tady je:
ComboFix 13-05-16.02 - NoVaS 18.05.2013 11:53:23.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.1.1250.420.1029.18.2048.254 [GMT 2:00]
Spuštěný z: c:\users\NoVaS\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\NoVaS\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\NoVaS\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-18 do 2013-05-18 )))))))))))))))))))))))))))))))
.
.
2013-05-18 10:12 . 2013-05-18 10:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-05-18 10:12 . 2013-05-18 10:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-18 04:58 . 2013-05-18 04:58 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6CEEA7B-D65D-44B4-9427-C6107FDF7362}\offreg.dll
2013-05-17 19:03 . 2013-05-17 19:03 -------- d-----w- c:\users\NoVaS\AppData\Roaming\Sony Creative Software Inc
2013-05-17 17:46 . 2013-05-12 21:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E6CEEA7B-D65D-44B4-9427-C6107FDF7362}\mpengine.dll
2013-05-16 15:50 . 2013-05-16 15:50 -------- d-----w- C:\found.001
2013-05-16 10:36 . 2013-05-16 10:36 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D84298AB-8F89-4F92-AC0C-F311529DA82F}\gapaengine.dll
2013-05-16 10:36 . 2013-05-12 21:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-16 10:32 . 2013-05-16 10:32 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2013-05-16 10:32 . 2013-05-16 10:33 -------- d-----w- c:\program files\Microsoft Security Client
2013-05-16 10:30 . 2013-05-16 10:30 -------- d-----w- c:\users\NoVaS\AppData\Roaming\SUPERAntiSpyware.com
2013-05-16 10:30 . 2013-05-16 10:30 -------- d-----w- c:\users\NoVaS\AppData\Roaming\Malwarebytes
2013-05-16 10:30 . 2013-05-16 10:30 -------- d-----w- c:\programdata\Malwarebytes
2013-05-16 10:30 . 2013-05-16 10:30 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-05-16 10:30 . 2013-04-04 12:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-16 10:30 . 2013-05-16 10:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-05-16 10:30 . 2013-05-16 10:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-05-16 10:26 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDE203AB-7312-4064-90CF-C2166E1DB9E9}\mpengine.dll
2013-05-16 10:19 . 2013-05-18 10:13 -------- d-----w- c:\users\NoVaS\AppData\Local\temp
2013-05-16 09:55 . 2013-05-16 11:38 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-05-09 06:37 . 2013-05-09 06:51 -------- d-----w- c:\users\NoVaS\AppData\Roaming\Origin
2013-05-09 06:36 . 2013-05-09 06:51 -------- d-----w- c:\programdata\Origin
2013-05-06 17:13 . 2013-05-06 17:13 -------- d-----w- c:\users\NoVaS\AppData\Roaming\Jpeg Resampler
2013-05-06 17:12 . 2013-05-06 17:12 -------- d-----w- c:\program files (x86)\JpegResampler2010
2013-05-06 17:07 . 2013-05-09 06:45 -------- d-----w- c:\users\NoVaS\AppData\Roaming\IrfanView
2013-05-05 13:50 . 2013-05-05 13:50 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2013-05-02 10:29 . 2013-05-02 10:29 -------- d-----w- c:\windows\ERUNT
2013-05-02 10:29 . 2013-05-16 10:23 -------- d-----w- C:\JRT
2013-05-01 01:10 . 2013-05-01 16:57 -------- d-----w- c:\windows\system32\SPReview
2013-04-28 12:36 . 2013-04-28 12:36 -------- d-----w- c:\users\NoVaS\AppData\Local\Macromedia
2013-04-28 12:35 . 2013-04-28 12:35 -------- d-----w- c:\users\NoVaS\AppData\Local\Mozilla
2013-04-28 12:35 . 2013-04-28 12:35 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-04-28 12:35 . 2013-04-10 06:57 26520 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-04-24 01:57 . 2013-04-12 14:36 1653096 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-24 01:50 . 2013-04-24 01:50 -------- d-----w- C:\cbcdda51c4fce738a516bb17
2013-04-23 10:04 . 2013-04-23 10:04 -------- d-----w- c:\users\NoVaS\AppData\Roaming\LolClient
2013-04-23 09:40 . 2008-07-12 06:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2013-04-23 09:40 . 2008-07-12 06:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2013-04-23 09:40 . 2008-07-12 06:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2013-04-23 09:34 . 2013-04-23 09:34 -------- d-----w- C:\Riot Games
2013-04-23 08:13 . 2013-05-16 09:44 -------- d-----w- c:\users\NoVaS\AppData\Local\PMB Files
2013-04-23 08:13 . 2013-05-01 16:57 -------- d-----w- c:\programdata\PMB Files
2013-04-23 08:13 . 2013-04-23 08:13 -------- d-----w- c:\program files (x86)\Pando Networks
2013-04-23 08:13 . 2013-04-23 08:13 -------- d-----w- c:\users\NoVaS\.swt
2013-04-19 15:05 . 2013-04-19 15:05 -------- d-----w- c:\users\NoVaS\AppData\Local\SKIDROW
2013-04-19 14:55 . 2013-04-19 14:55 -------- d-----w- c:\program files (x86)\Activision
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-14 21:50 . 2013-03-02 01:47 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 21:50 . 2013-03-02 01:47 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-02 00:06 . 2013-03-01 22:59 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 02:09 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-04-11 04:58 . 2013-03-03 13:45 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-03-19 06:19 . 2013-04-10 05:27 5497688 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:54 . 2013-04-10 05:27 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:06 . 2013-04-10 05:27 3958120 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:06 . 2013-04-10 05:27 3902312 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:53 . 2013-04-10 05:27 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:19 . 2013-04-10 05:27 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-17 14:56 . 2013-03-17 14:56 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-15 05:53 . 2013-04-13 13:34 6271872 ----a-w- c:\windows\SysWow64\nvopencl.dll
2013-03-15 05:53 . 2013-04-13 13:34 13088000 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2013-03-15 05:53 . 2013-04-13 13:34 7573816 ----a-w- c:\windows\system32\nvopencl.dll
2013-03-15 05:53 . 2013-04-13 13:34 26956576 ----a-w- c:\windows\system32\nvoglv64.dll
2013-03-15 05:53 . 2013-04-13 13:34 20542752 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2013-03-15 05:53 . 2013-04-13 13:34 1510176 ----a-w- c:\windows\system32\nvdispgenco6431422.dll
2013-03-15 05:53 . 2013-04-13 13:34 11048736 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2013-03-15 05:53 . 2013-04-13 13:34 9414456 ----a-w- c:\windows\system32\nvcuda.dll
2013-03-15 05:53 . 2013-04-13 13:34 7959000 ----a-w- c:\windows\SysWow64\nvcuda.dll
2013-03-15 05:53 . 2013-04-13 13:34 2913056 ----a-w- c:\windows\system32\nvcuvid.dll
2013-03-15 05:53 . 2013-04-13 13:34 2728736 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2013-03-15 05:53 . 2013-04-13 13:34 2355488 ----a-w- c:\windows\system32\nvcuvenc.dll
2013-03-15 05:53 . 2013-04-13 13:34 1995552 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2013-03-15 05:53 . 2013-04-13 13:34 1807136 ----a-w- c:\windows\system32\nvdispco6431422.dll
2013-03-15 05:53 . 2013-04-13 13:34 17990800 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-03-15 05:53 . 2013-04-13 13:34 2864144 ----a-w- c:\windows\system32\nvapi64.dll
2013-03-15 05:53 . 2013-04-13 13:34 25256736 ----a-w- c:\windows\system32\nvcompiler.dll
2013-03-15 05:53 . 2013-04-13 13:34 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2013-03-15 05:53 . 2013-02-25 23:32 2539128 ----a-w- c:\windows\SysWow64\nvapi.dll
2013-03-15 05:53 . 2013-02-25 23:32 15042928 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-03-15 05:53 . 2009-07-13 21:59 15508512 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-03-15 04:16 . 2013-03-05 19:43 3477280 ----a-w- c:\windows\system32\nvsvc64.dll
2013-03-15 04:16 . 2013-03-05 19:43 6398240 ----a-w- c:\windows\system32\nvcpl.dll
2013-03-15 04:16 . 2013-03-05 19:43 877856 ----a-w- c:\windows\system32\nvvsvc.exe
2013-03-15 04:16 . 2013-03-05 19:43 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-03-15 04:16 . 2013-03-05 19:43 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-03-14 20:07 . 2013-03-14 20:07 559904 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-03-04 14:53 . 2013-03-04 14:53 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-03-03 13:27 . 2013-03-03 13:27 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-03-03 13:27 . 2013-03-03 13:27 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-03 13:27 . 2013-03-03 13:27 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-03-03 13:27 . 2013-03-03 13:27 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-03 13:27 . 2013-03-03 13:27 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-03 13:27 . 2013-03-03 13:27 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-03 13:27 . 2013-03-03 13:27 367104 ----a-w- c:\windows\SysWow64\html.iec
2013-03-03 13:27 . 2013-03-03 13:27 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-03 13:27 . 2013-03-03 13:27 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-03-03 13:27 . 2013-03-03 13:27 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-03 13:27 . 2013-03-03 13:27 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-03 13:27 . 2013-03-03 13:27 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-03 13:27 . 2013-03-03 13:27 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-03 13:27 . 2013-03-03 13:27 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-03 13:27 . 2013-03-03 13:27 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2013-03-03 13:27 . 2013-03-03 13:27 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-03-03 13:27 . 2013-03-03 13:27 222208 ----a-w- c:\windows\system32\msls31.dll
2013-03-03 13:27 . 2013-03-03 13:27 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-03 13:26 . 2013-03-03 13:26 65024 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-03 13:26 . 2013-03-03 13:26 267776 ----a-w- c:\windows\system32\ieaksie.dll
2013-03-03 13:26 . 2013-03-03 13:26 163840 ----a-w- c:\windows\system32\ieakui.dll
2013-03-03 13:26 . 2013-03-03 13:26 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-03 13:26 . 2013-03-03 13:26 12288 ----a-w- c:\windows\system32\mshta.exe
2013-03-03 13:26 . 2013-03-03 13:26 114176 ----a-w- c:\windows\system32\admparse.dll
2013-03-03 13:26 . 2013-03-03 13:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-03 13:26 . 2013-03-03 13:26 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-03 13:26 . 2013-03-03 13:26 49664 ----a-w- c:\windows\system32\imgutil.dll
2013-03-03 13:26 . 2013-03-03 13:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-03 13:26 . 2013-03-03 13:26 160256 ----a-w- c:\windows\system32\ieakeng.dll
2013-03-03 13:26 . 2013-03-03 13:26 145920 ----a-w- c:\windows\system32\iepeers.dll
2013-03-03 13:26 . 2013-03-03 13:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-03 13:26 . 2013-03-03 13:26 111616 ----a-w- c:\windows\system32\iesysprep.dll
2013-03-03 13:26 . 2013-03-03 13:26 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-03 13:26 . 2013-03-03 13:26 76800 ----a-w- c:\windows\system32\tdc.ocx
2013-03-03 13:26 . 2013-03-03 13:26 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-03 13:26 . 2013-03-03 13:26 448512 ----a-w- c:\windows\system32\html.iec
2013-03-03 13:26 . 2013-03-03 13:26 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-03 13:26 . 2013-03-03 13:26 282112 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-03 13:26 . 2013-03-03 13:26 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-03 13:26 . 2013-03-03 13:26 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2013-03-03 13:26 . 2013-03-03 13:26 85504 ----a-w- c:\windows\system32\iesetup.dll
2013-03-03 13:26 . 2013-03-03 13:26 82432 ----a-w- c:\windows\system32\icardie.dll
2013-03-03 13:26 . 2013-03-03 13:26 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-03 13:26 . 2013-03-03 13:26 39936 ----a-w- c:\windows\system32\iernonce.dll
2013-03-03 13:26 . 2013-03-03 13:26 30720 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-03 13:26 . 2013-03-03 13:26 249344 ----a-w- c:\windows\system32\webcheck.dll
2013-03-03 13:26 . 2013-03-03 13:26 165888 ----a-w- c:\windows\system32\iexpress.exe
2013-03-03 13:26 . 2013-03-03 13:26 160256 ----a-w- c:\windows\system32\wextract.exe
2013-03-03 13:26 . 2013-03-03 13:26 103936 ----a-w- c:\windows\system32\inseng.dll
2013-03-03 13:00 . 2013-03-03 13:01 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-03 13:00 . 2013-03-03 13:01 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-03 13:00 . 2013-03-03 13:01 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-02 13:30 . 2013-03-02 13:30 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-03-02 09:52 . 2013-03-02 09:52 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2013-03-02 09:52 . 2013-03-02 09:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-03-02 09:52 . 2013-03-02 09:52 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-03-02 09:52 . 2013-03-02 09:52 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-03-02 09:52 . 2013-03-02 09:52 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-03-02 09:52 . 2013-03-02 09:52 100864 ----a-w- c:\windows\system32\fontsub.dll
2013-03-02 09:52 . 2013-03-02 09:52 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
R3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys [2012-10-02 66360]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2013-03-02 1255736]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-04 283200]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2013-05-07 143088]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
S3 NisSrv;Kontrola sítě Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 11:17 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-02 21:50]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-01 22:09]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-01 22:09]
.
2013-05-17 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task a469999d-72a1-4bf1-a002-6b2ae23929ee.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-07 22:37]
.
2013-05-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task b38150d1-7ac9-48c1-b38e-5c9a19b2286d.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-05-07 22:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
FF - ProfilePath - c:\users\NoVaS\AppData\Roaming\Mozilla\Firefox\Profiles\t3cz11yc.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{20D6E8BC-CCB3-3D63-E799-CD1D066FB518} - (no file)
AddRemove-SP_008a99b9 - c:\program files (x86)\MagniPic\uninstall.exe
AddRemove-{EB03EF39-C655-D560-FA95-79182B837D64} - c:\programdata\MagniPiiC\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2013-05-18 12:20:44
ComboFix-quarantined-files.txt 2013-05-18 10:20
ComboFix2.txt 2013-05-16 10:19
.
Před spuštěním: Volných bajtů: 111 705 079 808
Po spuštění: Volných bajtů: 111 655 538 688
.
- - End Of File - - 44F7DE537180D051F4CD18A6AB73A9C0

#6 Příspěvek od **vyosek** » 19 kvě 2013 10:00

Tak proc potrebujete nasi stranku kdyz se on vyzna

A uprimne, moc nevyzna, kdyz tam jeste pozustaky vidim a dalsi brebery a ze jich neni malo

Jakou skolu studujete?

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Prohledat
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

novas1998 · #7 Příspěvek od **novas1998** » 19 kvě 2013 10:09

Zatim zkladka ted vychazim

Ted uz to neni tak hrozny stim zpomalenim ale rano to bylo fakt silene

# AdwCleaner v2.301 - Log vytvooen 19/05/2013 v 11:07:28
# Aktualizováno 16/05/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : NoVaS - NOVAS-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\NoVaS\Desktop\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Nalezeno : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

***** [Registry] *****

Klíe Nalezeno : HKCU\Software\BI
Klíe Nalezeno : HKCU\Software\DataMngr_Toolbar
Klíe Nalezeno : HKCU\Software\PrivitizeVPNInstallDates
Klíe Nalezeno : HKCU\Software\5a68bdae23eb913
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Klíe Nalezeno : HKLM\Software\DataMngr
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_008a99b9

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v20.0.1 (cs)

Soubor : C:\Users\NoVaS\AppData\Roaming\Mozilla\Firefox\Profiles\t3cz11yc.default\prefs.js

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [1774 octets] - [19/05/2013 11:07:28]

########## EOF - C:\AdwCleaner[R1].txt - [1834 octets] ##########

#8 Příspěvek od **vyosek** » 19 kvě 2013 21:50

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Smazat
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

novas1998 · #9 Příspěvek od **novas1998** » 20 kvě 2013 06:25

# AdwCleaner v2.301 - Log vytvooen 20/05/2013 v 07:07:29
# Aktualizováno 16/05/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : NoVaS - NOVAS-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\NoVaS\Desktop\adwcleaner.exe
# Volba [Vymazat]

***** [Služby] *****

***** [Soubory / Složky] *****

Složka Vymazáno : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB

***** [Registry] *****

Klíe Vymazáno : HKCU\Software\BI
Klíe Vymazáno : HKCU\Software\DataMngr_Toolbar
Klíe Vymazáno : HKCU\Software\PrivitizeVPNInstallDates
Klíe Vymazáno : HKCU\Software\5a68bdae23eb913
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Klíe Vymazáno : HKLM\Software\DataMngr
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SP_008a99b9

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v20.0.1 (cs)

Soubor : C:\Users\NoVaS\AppData\Roaming\Mozilla\Firefox\Profiles\t3cz11yc.default\prefs.js

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [1901 octets] - [19/05/2013 11:07:28]
AdwCleaner[R2].txt - [1961 octets] - [20/05/2013 07:05:54]
AdwCleaner[S1].txt - [1892 octets] - [20/05/2013 07:07:29]

########## EOF - C:\AdwCleaner[S1].txt - [1952 octets] ##########

#10 Příspěvek od **vyosek** » 20 kvě 2013 12:53

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

novas1998 · #11 Příspěvek od **novas1998** » 20 kvě 2013 17:24

OTL.txt ZDE:
OTL logfile created on: 20.5.2013 18:08:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NoVaS\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,60% Memory free
5,11 Gb Paging File | 2,52 Gb Available in Paging File | 49,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 87,71 Gb Free Space | 29,42% Space Free | Partition Type: NTFS

Computer Name: NOVAS-PC | User Name: NoVaS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.05.20 16:31:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NoVaS\Desktop\OTL.exe
PRC - [2013.05.05 03:15:46 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.12.25 16:11:24 | 001,611,216 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe
PRC - [2012.12.14 14:21:14 | 000,701,392 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\Monitor.exe
PRC - [2012.08.13 12:04:16 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:04:16 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.08.13 12:04:16 | 000,103,936 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
PRC - [2010.09.01 06:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

========== Modules (No Company Name) ==========

MOD - [2013.05.14 20:00:14 | 013,136,776 | ---- | M] () -- C:\Users\NoVaS\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2012.11.01 11:21:10 | 000,350,592 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madexcept_.bpl
MOD - [2012.11.01 11:21:08 | 000,050,048 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\maddisAsm_.bpl
MOD - [2012.11.01 11:21:06 | 000,182,656 | ---- | M] () -- C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\madbasic_.bpl
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.08.10 17:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2011.08.19 17:33:28 | 000,047,960 | ---- | M] () -- C:\Program Files (x86)\IObit\Smart Defrag 2\NtfsData.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013.05.08 00:37:15 | 000,143,088 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.05.14 23:50:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.04 16:53:11 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.03.02 11:49:05 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.10.03 00:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2235947728-872269853-3953581352-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2235947728-872269853-3953581352-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2235947728-872269853-3953581352-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2235947728-872269853-3953581352-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2235947728-872269853-3953581352-1003\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{17E113E6-CD0E-4045-B154-65F0E57959EF}: C:\Program Files\IMPI\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.28 14:35:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.02 00:27:57 | 000,000,000 | ---D | M]

[2013.04.28 14:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NoVaS\AppData\Roaming\Mozilla\Extensions
[2013.05.02 12:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NoVaS\AppData\Roaming\Mozilla\Firefox\Profiles\t3cz11yc.default\extensions
[2013.04.30 20:47:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.03 17:57:38 | 000,308,736 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ForceProxy.dll
[2013.04.10 12:37:04 | 000,002,421 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\heureka-cz.xml
[2013.04.10 12:37:04 | 000,000,851 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\jyxo-cz.xml
[2013.04.10 12:37:04 | 000,001,580 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\seznam-cz.xml
[2013.04.10 12:37:04 | 000,000,867 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\slunecnice-cz.xml
[2013.04.10 12:37:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2013.05.18 12:13:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {20D6E8BC-CCB3-3D63-E799-CD1D066FB518} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2235947728-872269853-3953581352-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2235947728-872269853-3953581352-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2235947728-872269853-3953581352-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2235947728-872269853-3953581352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-2235947728-872269853-3953581352-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD5AC7B1-CE31-4E5D-A3AC-2B40DC3C4B13}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 7 Days ==========

[2013.05.20 16:31:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\NoVaS\Desktop\OTL.exe
[2013.05.19 09:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2013.05.19 09:23:02 | 000,000,000 | ---D | C] -- C:\rsit
[2013.05.18 13:28:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.18 11:46:22 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.17 21:03:02 | 000,000,000 | ---D | C] -- C:\Users\NoVaS\AppData\Roaming\Sony Creative Software Inc
[2013.05.16 17:50:38 | 000,000,000 | ---D | C] -- C:\found.001
[2013.05.16 12:32:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013.05.16 12:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013.05.16 12:30:55 | 000,000,000 | ---D | C] -- C:\Users\NoVaS\AppData\Roaming\SUPERAntiSpyware.com
[2013.05.16 12:30:38 | 000,000,000 | ---D | C] -- C:\Users\NoVaS\AppData\Roaming\Malwarebytes
[2013.05.16 12:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.16 12:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.16 12:30:29 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.16 12:30:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.05.16 12:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.05.16 12:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.05.16 12:30:14 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.05.16 12:19:35 | 000,000,000 | ---D | C] -- C:\Users\NoVaS\AppData\Local\temp
[2013.05.16 12:16:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.16 11:55:03 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.03.03 14:15:11 | 001,230,848 | ---- | C] (Alexander Roshal) -- C:\Program Files (x86)\WinRAR.exe
[2013.03.03 14:15:11 | 000,426,496 | ---- | C] (Alexander Roshal) -- C:\Program Files (x86)\Rar.exe
[2013.03.03 14:15:11 | 000,287,744 | ---- | C] (Alexander Roshal) -- C:\Program Files (x86)\UnRAR.exe
[2013.03.03 14:15:11 | 000,196,096 | ---- | C] (Alexander Roshal) -- C:\Program Files (x86)\RarExt.dll
[2013.03.03 14:15:11 | 000,167,936 | ---- | C] (Alexander Roshal) -- C:\Program Files (x86)\RarExt32.dll
[2013.02.17 05:27:32 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll

========== Files - Modified Within 7 Days ==========

[2013.05.20 17:50:57 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.20 17:46:01 | 000,000,098 | -H-- | M] () -- C:\Users\NoVaS\Desktop\.~lock.PCHerní příslušenství.odt#
[2013.05.20 17:27:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.05.20 17:23:33 | 000,000,950 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.20 17:15:32 | 000,014,920 | ---- | M] () -- C:\Users\NoVaS\Desktop\PCHerní příslušenství.odt
[2013.05.20 16:31:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NoVaS\Desktop\OTL.exe
[2013.05.20 12:51:51 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.20 12:51:51 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.20 12:44:09 | 000,000,946 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.20 12:43:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.20 12:43:33 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.19 20:20:00 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a469999d-72a1-4bf1-a002-6b2ae23929ee.job
[2013.05.19 11:05:23 | 000,632,031 | ---- | M] () -- C:\Users\NoVaS\Desktop\adwcleaner.exe
[2013.05.19 02:00:12 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b38150d1-7ac9-48c1-b38e-5c9a19b2286d.job
[2013.05.18 14:39:59 | 003,557,146 | ---- | M] () -- C:\Users\NoVaS\Desktop\MMA Highlight - My Name (HD).mp3
[2013.05.18 13:35:09 | 000,666,194 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2013.05.18 13:35:09 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.18 13:35:09 | 000,139,890 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2013.05.18 13:35:09 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.18 13:35:08 | 001,576,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.18 12:13:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.16 12:34:07 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.05.16 12:30:30 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.16 12:30:18 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2013.05.14 23:50:22 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.14 23:50:22 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

========== Files Created - No Company Name ==========

[2013.05.20 17:46:01 | 000,000,098 | -H-- | C] () -- C:\Users\NoVaS\Desktop\.~lock.PCHerní příslušenství.odt#
[2013.05.20 16:37:27 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2013.05.19 11:05:09 | 000,632,031 | ---- | C] () -- C:\Users\NoVaS\Desktop\adwcleaner.exe
[2013.05.19 10:02:33 | 000,014,920 | ---- | C] () -- C:\Users\NoVaS\Desktop\PCHerní příslušenství.odt
[2013.05.18 14:39:44 | 003,557,146 | ---- | C] () -- C:\Users\NoVaS\Desktop\MMA Highlight - My Name (HD).mp3
[2013.05.16 20:20:50 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task b38150d1-7ac9-48c1-b38e-5c9a19b2286d.job
[2013.05.16 20:20:45 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a469999d-72a1-4bf1-a002-6b2ae23929ee.job
[2013.05.16 12:33:10 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013.05.16 12:30:30 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.16 12:30:18 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk
[2013.05.02 13:48:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.02 13:48:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.02 13:48:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.02 13:48:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.02 13:48:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.12 22:08:42 | 001,554,840 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.09 20:37:23 | 000,003,584 | ---- | C] () -- C:\Users\NoVaS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.04 13:25:50 | 000,007,602 | ---- | C] () -- C:\Users\NoVaS\AppData\Local\Resmon.ResmonCfg
[2013.03.03 14:15:14 | 000,000,022 | ---- | C] () -- C:\Program Files (x86)\zipnew.dat
[2013.03.03 14:15:14 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\rarnew.dat
[2013.03.03 14:15:11 | 000,345,754 | ---- | C] () -- C:\Program Files (x86)\winrar.chm
[2013.03.03 14:15:11 | 000,344,064 | ---- | C] () -- C:\Program Files (x86)\rarlng.dll
[2013.03.03 14:15:11 | 000,132,608 | ---- | C] () -- C:\Program Files (x86)\Default64.SFX
[2013.03.03 14:15:11 | 000,102,400 | ---- | C] () -- C:\Program Files (x86)\Zip64.SFX
[2013.03.03 14:15:11 | 000,101,888 | ---- | C] () -- C:\Program Files (x86)\Default.SFX
[2013.03.03 14:15:11 | 000,098,304 | ---- | C] () -- C:\Program Files (x86)\WinCon64.SFX
[2013.03.03 14:15:11 | 000,082,432 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX
[2013.03.03 14:15:11 | 000,074,240 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX
[2013.03.03 14:15:10 | 000,003,753 | ---- | C] () -- C:\Program Files (x86)\Order.htm
[2013.03.03 14:15:10 | 000,001,698 | ---- | C] () -- C:\Program Files (x86)\Descript.ion
[2013.03.03 14:15:10 | 000,001,307 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst
[2013.03.03 14:15:10 | 000,000,733 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst
[2013.03.03 14:15:10 | 000,000,563 | ---- | C] () -- C:\Program Files (x86)\File_Id.diz

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.05.12 10:52:46 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\.minecraft
[2013.05.13 17:04:16 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\DAEMON Tools Lite
[2013.04.12 22:12:56 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\DarkOrbitRemix
[2013.03.31 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\DVDVideoSoft
[2013.03.15 15:38:38 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\GameRanger
[2013.04.09 20:33:41 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\HyperCam
[2013.05.01 18:57:49 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\IObit
[2013.05.09 08:45:23 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\IrfanView
[2013.05.06 19:13:01 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Jpeg Resampler
[2013.03.02 15:31:28 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Leadertech
[2013.04.23 12:04:03 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\LolClient
[2013.03.14 17:38:18 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\OpenOffice.org
[2013.05.09 08:51:35 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Origin
[2013.04.07 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Publish Providers
[2013.03.03 14:30:31 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\SFBot
[2013.04.09 20:37:22 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Solveig Multimedia
[2013.04.07 16:52:03 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Sony
[2013.05.17 21:03:02 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Sony Creative Software Inc
[2013.05.19 18:01:54 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\uTorrent
[2013.03.04 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Xilisoft

========== Purity Check ==========

< End of report >

novas1998 · #12 Příspěvek od **novas1998** » 20 kvě 2013 17:24

EXTRAS.txt ZDE:
OTL Extras logfile created on: 20.5.2013 18:08:47 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NoVaS\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,75 Gb Available Physical Memory | 37,60% Memory free
5,11 Gb Paging File | 2,52 Gb Available in Paging File | 49,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 87,71 Gb Free Space | 29,42% Space Free | Partition Type: NTFS

Computer Name: NOVAS-PC | User Name: NoVaS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2235947728-872269853-3953581352-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09CAB5F3-A6A0-4E37-BAF8-5CB738C2F77B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{12369EDA-23AD-4C1C-A25C-1CCF0E6420A8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{14EE1693-E624-4F27-9497-77BC307E8D66}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22476EC4-C3DA-412A-99F5-6943C745759B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{235F8AF2-1E17-43E3-AFE8-62C537835EA0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{273D1D7E-9A90-4AB8-A22E-A4999F4BB934}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2A08ABBD-9726-4EF7-8F6A-3E89B831B8B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{302E22D3-D0CE-4B63-A331-3262CADC41D3}" = rport=139 | protocol=6 | dir=out | app=system |
"{39D28F3D-F9B9-4329-B7EC-47FA711972CF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{4A350146-6F3A-4C4F-B406-AB45C5E5895E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{50F8269D-8A0D-415B-998B-58EA207449D4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5150F6DD-8AD9-4B92-9F2F-9EE0640634A7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{517E8246-59BA-4FBE-A90B-0006C29B1560}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{55D59E90-C55C-4241-9C51-842AA405AAB7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{57AE6269-C95B-4DED-AE2C-8DA5C15274D7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5A6C650A-D539-4831-8598-5A863F03CB75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6165FC52-8A12-4D11-8C8D-017435D1B1D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{62C66CB7-AADE-4674-9C6D-7D583D1BCF42}" = lport=137 | protocol=17 | dir=in | app=system |
"{6D0FD3F7-BF5F-447A-AF5B-5F14DE59FEE9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B486424-DB6C-4936-8E31-3746FEA2B8F5}" = lport=139 | protocol=6 | dir=in | app=system |
"{7E78A813-48D6-4608-B0B8-ED996B74129A}" = rport=445 | protocol=6 | dir=out | app=system |
"{85B12254-CB9F-484B-9355-22C06C5644FB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{8DAC25CC-C7B3-42F9-9D58-315BA8F20686}" = rport=137 | protocol=17 | dir=out | app=system |
"{9065CD94-86E0-42CF-AA82-273875513418}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9B5694D5-D5F9-4565-BB47-CF8651D45350}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FAF43DA-404B-49A7-907C-277AF8AEAD30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A30D2261-9D6F-41B4-A14E-548087BF3C92}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C1DDA434-1439-4876-A52B-28EE54876BAD}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{CD467244-5C8E-402A-90EF-6D4743BD1C65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE442EF2-4247-4E5E-A6C2-346EC1DBE30A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D10C84F5-E6BE-45EB-B053-5499EC7FAFFE}" = lport=445 | protocol=6 | dir=in | app=system |
"{DA027494-F694-4690-9BD8-EE35DD33E032}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E0A7B3F6-1DCD-457F-AB1B-94CBDC083F91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E149F4EF-B9FA-4456-B962-262B13295EF4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E3C20FFB-13D6-4537-83CD-E73470BAFC8F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F0ADE4AB-5CC1-49F2-92B8-DAB1EBA07E16}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F2B290E3-B1EC-49BA-8455-F542CCD88BA7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F6F8B75C-415B-4E7D-9F95-B142D6502F12}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F7A07566-16DA-4F68-A9FC-629630DE7326}" = rport=138 | protocol=17 | dir=out | app=system |
"{F8E6817C-E866-4FCA-AF5D-818832649195}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1002B7EB-0D3C-4822-BB7E-2725144DFE8D}" = protocol=6 | dir=out | app=system |
"{1B1262F7-B37C-49F6-BCC9-A97F323F59C5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{29834AF6-C44B-41FB-9009-3B95BC14BFA1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{37834323-43D1-4B5B-A26D-51EE792B0E0A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{37E80922-5903-49C9-9CE1-4965C5CE2A12}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{421A709B-7635-454A-9B62-70CD8514F772}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{46E98CF0-CE20-4A34-BB25-05C71FA90276}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49F3BE2F-CDD8-4F9D-85F5-33D41D421A58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4A74E4D9-1A4F-4679-994E-8758F89B71AE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4A8385C1-2E58-4591-889E-76C750A0543C}" = protocol=6 | dir=in | app=c:\users\novas\appdata\roaming\utorrent\utorrent.exe |
"{4B973228-FE75-4BC2-9430-61E3659CA517}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CDDD219-3D81-4A0F-BD54-D7902893108D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7AC93313-6FA3-45A6-A7FE-2F3A1DAFD0DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82E00A5A-B5BC-4EBC-A2D5-B2805F268FC0}" = protocol=58 | dir=in | app=system |
"{84326BE1-D824-4972-9205-58A331C5C331}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96BF2149-EFB3-4753-B7B8-302C3FEF57A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A1954CC1-94DF-4CEE-A06E-F5CE562C1EF8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{A765724D-8D57-4971-88CC-ACE794C2E8E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A84C8EAC-CAEF-4C8C-AD76-E87569F24D1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{AB64AC76-F9B2-4797-9012-A788459AEBE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ABC6CD0D-378C-49E9-9BB4-F2BBB5D8BA8C}" = protocol=17 | dir=in | app=c:\users\novas\appdata\roaming\utorrent\utorrent.exe |
"{AE5291E1-5CFF-4A98-8467-695CB8B84AC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8B2E563-0699-4CCA-86FB-21615CA4B915}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C58A6939-EB88-4E87-A86A-E62B61342D1E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C6D1F70D-6CD1-45C0-8307-25B0AA5BE098}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{C9913E66-F1B7-475E-A376-A41475BF0854}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CB273F05-AD5A-4C7D-B4AB-63E6F03E8517}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CED521F2-F135-4D6F-9805-B9840ACCC409}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D57BFBCD-EC90-4D8C-A997-BC93D8E4239B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E04DD914-7D3A-4F72-A159-65B93AC6F07C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E1DD5413-E971-49D1-A569-58595F78AE0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E674DDBF-147A-4124-B433-FDC32C71AA8E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EE342B7F-122B-4CBA-82F0-8DCB26C93D9B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{F5C40ED0-6480-47F1-9AFD-59553D43D189}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5CC00A3-EBE5-43D4-A0D6-273A9340D2D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"TCP Query User{1E0CCA45-8C42-4604-9329-37621D252367}C:\program files (x86)\kbot\kbot 7.07\kbotc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kbot\kbot 7.07\kbotc.exe |
"TCP Query User{2965939F-D810-462E-98EC-2AF510BB3893}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"TCP Query User{46C432D6-7838-4A3D-8FC5-0B06F3D81C67}C:\users\novas\desktop\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\novas\desktop\left 4 dead 2\left4dead2.exe |
"TCP Query User{4F991E6D-23E6-4B47-BC04-7930647D4A20}C:\program files (x86)\ea sports\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 10\fifa10.exe |
"TCP Query User{588D9896-1DF4-4D48-92F0-C0F348689F3F}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{85E17578-C831-4B7B-8173-B1037EFD6AFE}C:\program files (x86)\attomey\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\attomey\metin2client.bin |
"TCP Query User{8EF2861D-1200-447F-9808-146B87C930FC}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{9B6F6B9D-4E68-4D28-8BD8-2E6D21C2CD0D}C:\users\novas\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\novas\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{A81D9BA0-229E-418D-A631-CBF5001A42C6}C:\program files (x86)\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin |
"TCP Query User{D86A5B7A-EFDF-47DA-A093-616949BA5EB3}C:\program files (x86)\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin |
"TCP Query User{DFDACE19-840B-483E-B05C-5E360D25CA1D}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{EA97C174-8A42-4268-AEAC-AC914421176E}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{08B31187-39A0-4A53-AB62-82CD3B8F5A75}C:\users\novas\desktop\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\novas\desktop\left 4 dead 2\left4dead2.exe |
"UDP Query User{1BEB8F2B-26C4-4C25-ABD9-603946D09273}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{1EFFA80C-D075-45BF-87CD-BD8051F11898}C:\program files (x86)\attomey\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\attomey\metin2client.bin |
"UDP Query User{4C939F55-E63C-4772-A953-F5D8855CDC7E}C:\program files (x86)\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin |
"UDP Query User{5EC62FAF-42F7-47E8-B8C1-07F7474D969A}C:\users\novas\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\novas\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{62E0F786-7866-4CB0-993F-11FC62E1E55A}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{639F89FD-93A2-4FCD-A125-8D09E274C4DB}C:\program files (x86)\kbot\kbot 7.07\kbotc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kbot\kbot 7.07\kbotc.exe |
"UDP Query User{9417F3EE-EA57-4863-AA23-11AD9E3C4DF4}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{9B64B0B7-EBC8-44FC-88F7-67A21537549F}C:\program files (x86)\ea sports\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 10\fifa10.exe |
"UDP Query User{A571F820-46B2-4532-8219-24FC75F33D88}C:\program files (x86)\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin |
"UDP Query User{C73A2B96-5A7B-4D6A-AB2D-3F55B5418277}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{DA7ED631-AA3C-469E-96E0-BDA0535836F0}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EDB29CF-5FFC-4824-9F13-3D1C4286CA98}_is1" = Audio Transcoder
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A324DC11-FF02-3CE8-9D6F-67EBC006D970}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D64CF6AA-23E7-4DE0-AF0B-6BC50DAFD45C}" = MagniPic
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"MagniPic" =
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Speccy" = Speccy
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{1E0AF527-0B8E-4F8A-BA27-CB3C359998C6}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{827B97A9-B347-4110-9F89-37AF2B758F94}" = NHL™ 09
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{E0363CCC-3535-4BAA-9F2C-200F548675D6}" = TuneUp Utilities Language Pack (cs-CZ)
"{EB03EF39-C655-D560-FA95-79182B837D64}" =
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fraps" = Fraps (remove only)
"Free Video Call Recorder for Skype_is1" = Free Video Call Recorder for Skype version 1.1.0.319
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.23.320
"Google Chrome" = Google Chrome
"HyperCam 3 3.5.1211.29" = HyperCam 3
"JpegResampler2010_is1" = Jpeg Resampler Vs 6+
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.75.0.1300
"Metin2_is1" = Metin2
"Mozilla Firefox 20.0.1 (x86 cs)" = Mozilla Firefox 20.0.1 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Postal 2" = Postal 2
"privitize" = toolbar on IE and Chrome
"Steam App 10" = Counter-Strike
"Steam App 570" = Dota 2
"Tony Hawks Pro Skater HD_is1" = Tony Hawks Pro Skater HD
"uTorrent" = µTorrent
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2235947728-872269853-3953581352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20.5.2013 11:22:48 | Computer Name = NoVaS-PC | Source = Application Hang | ID = 1002
Description = Program OTL.exe verze 3.2.69.0 přestal spolupracovat se systémem Windows
a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto problému,
vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu: b60 Čas
spuštění: 01ce5566d86095a0 Čas ukončení: 0 Cesta k aplikaci: C:\Users\NoVaS\Desktop\OTL.exe

ID
hlášení: a2bab7d6-c160-11e2-af9e-001a4d80d4ee

[ System Events ]
Error - 19.5.2013 2:04:43 | Computer Name = NoVaS-PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby Služba Zasílání zpráv o chybách systému
Windows bylo dosaženo časového limitu (30000 ms).

Error - 19.5.2013 2:04:55 | Computer Name = NoVaS-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 1.151.335.0 Zdroj aktualizace: %%859 Fáze aktualizace: %%854

Zdrojová
cesta: http://www.microsoft.com Typ podpisu: %%800 Typ aktualizace: %%803 Uživatel:
NT AUTHORITY\SYSTEM Aktuální verze modulu: Předchozí verze modulu: 1.1.9506.0 Kód
chyby: 0x80240016 Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím.
Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a
podpoře.

Error - 19.5.2013 2:04:55 | Computer Name = NoVaS-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 1.151.335.0 Zdroj aktualizace: %%859 Fáze aktualizace: %%854

Zdrojová
cesta: http://www.microsoft.com Typ podpisu: %%800 Typ aktualizace: %%803 Uživatel:
NT AUTHORITY\SYSTEM Aktuální verze modulu: Předchozí verze modulu: 1.1.9506.0 Kód
chyby: 0x80240016 Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím.
Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a
podpoře.

Error - 19.5.2013 2:04:55 | Computer Name = NoVaS-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 zjistil chybu při pokusu o aktualizaci podpisů. Nová verze podpisu:
Předchozí verze podpisu: 1.151.335.0 Zdroj aktualizace: %%859 Fáze aktualizace: %%853

Zdrojová
cesta: http://www.microsoft.com Typ podpisu: %%800 Typ aktualizace: %%803 Uživatel:
NT AUTHORITY\SYSTEM Aktuální verze modulu: Předchozí verze modulu: 1.1.9506.0 Kód
chyby: 0x80240016 Popis chyby: Při zjišťování aktualizací došlo k neočekávaným potížím.
Informace o instalaci nebo řešení potíží s aktualizacemi naleznete v nápovědě a
podpoře.

Error - 19.5.2013 3:07:34 | Computer Name = NoVaS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x80073712): Aktualizace Windows 7 Service Pack 1 pro systémy pro
platformu x64 (KB976932).

Error - 19.5.2013 8:50:44 | Computer Name = NoVaS-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (14:48:35, ?19.?5.?2013) bylo neočekávané.

Error - 19.5.2013 14:15:26 | Computer Name = NoVaS-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (20:13:30, ?19.?5.?2013) bylo neočekávané.

Error - 20.5.2013 0:54:10 | Computer Name = NoVaS-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (1:33:13, ?20.?5.?2013) bylo neočekávané.

Error - 20.5.2013 1:22:29 | Computer Name = NoVaS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x80073712): Aktualizace Windows 7 Service Pack 1 pro systémy pro
platformu x64 (KB976932).

Error - 20.5.2013 1:39:01 | Computer Name = NoVaS-PC | Source = Service Control Manager | ID = 7043
Description = Služba Windows Update se po přijetí pokynu pro vypnutí neukončila
správně.

< End of report >

#13 Příspěvek od **vyosek** » 21 kvě 2013 15:09

Nedelate co mate, do OTL nebyl vlozen ten zeleny skript, takze prosim projdete si navod jeste jednou a zopakujte postup dle pokynu

novas1998 · #14 Příspěvek od **novas1998** » 21 kvě 2013 15:13

Byl vložen ale co udělám znovu !

#15 Příspěvek od **vyosek** » 21 kvě 2013 15:16

Nebyl, jelikoz v logu neni videt cast Custom Scan, ktera zobrazuje vysledky toho doplnkoveho skriptu...

VIRY.CZ

Velmi zpomalený PC

Velmi zpomalený PC

Re: Velmi zpomalený PC

Re: Velmi zpomalený PC

Re: Velmi zpomalený PC

Re: Velmi zpomalený PC

Re: Velmi zpomalený PC

Re: Velmi zpomalený PC

Re: Velmi zpomalený PC

Re: Velmi zpomalený PC

Re: Velmi zpomalený PC

Re: Velmi zpomalený PC

Re: Velmi zpomalený PC

Re: Velmi zpomalený PC

Re: Velmi zpomalený PC

Re: Velmi zpomalený PC