Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%

Zpráva

novas1998 · #1 Příspěvek od **novas1998** » 09 čer 2013 07:25

Ahoj, při zapnutí PC mi po 5 minutách naskočí fyzická paměť až na 95% a drží se tam necelou hodinu... Dříve jsem v si vytvořil o tom téma ale nějak extra mi to nepomohlo: http://forum.viry.cz/viewtopic.php?f=13&t=130338
Mám RAM 2gb a 64bitový procesor win7

Log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by NoVaS at 2013-06-09 08:19:09
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 48 GB (16%) free of 305 GB
Total RAM: 2048 MB (7% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:20:05, on 9.6.2013
Platform: Windows 7 SP1 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\NoVaS.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=44444& ... 1A4D80D4EE
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6796 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
"c:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
taskeng.exe {2B87923E-F4DF-4F0D-9DCF-6F884D964B5A}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe"
"C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe"
C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
"C:\Windows\system32\schtasks.exe" /create /tn "BrowserProtect" /ru "SYSTEM" /sc minute /mo 1 /tr "C:\Windows\system32\sc.exe start BrowserProtect" /st 00:00:00
"C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" /PROTECT
\??\C:\Windows\system32\conhost.exe "-15698134873845018825966351702037001523157170498713852605721623772855301742837
C:\Windows\system32\SearchIndexer.exe /Embedding
"c:\Program Files\Microsoft Security Client\NisSrv.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2104.0.662495200\711452141" --supports-dual-gpus=false --gpu-vendor-id=0x10de --gpu-device-id=0x0193 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.1422 --ignored=" --type=renderer " /prefetch:822062411
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Group2 espv:205 use_remote_ntp_on_startup:1 channel:stable/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --channel="2104.1.529000450\1998899557" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Group2 espv:205 use_remote_ntp_on_startup:1 channel:stable/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --instant-process --enable-threaded-compositing --channel="2104.2.1460857440\1832377421" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Group2 espv:205 use_remote_ntp_on_startup:1 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --channel="2104.3.736123331\939777519" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Group2 espv:205 use_remote_ntp_on_startup:1 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --channel="2104.4.975428921\2054408775" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Group2 espv:205 use_remote_ntp_on_startup:1 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --channel="2104.5.1368848252\1888596271" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Group2 espv:205 use_remote_ntp_on_startup:1 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --channel="2104.7.1575953819\697001655" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2104.8.444637115\2077029581" --lang=cs --ignored=" --type=renderer " /prefetch:-632637702
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Group2 espv:205 use_remote_ntp_on_startup:1 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --channel="2104.9.545458943\2053423340" /prefetch:673131151
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\system32\RunDll32.exe" "C:\Windows\system32\WerConCpl.dll", LaunchErcApp -queuereporting
"C:\Windows\System32\cleanmgr.exe" /D C
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /ua /installsource core
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Group2 espv:205 use_remote_ntp_on_startup:1 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --channel="2104.15.1882384924\890250752" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Group2 espv:205 use_remote_ntp_on_startup:1 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --channel="2104.17.1373143765\1694657532" /prefetch:673131151
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_1/DefaultControl/ForceCompositingMode/thread/InfiniteCache/No/InstantDummy/DummyPadding channel:stable/InstantExtended/Group2 espv:205 use_remote_ntp_on_startup:1 channel:stable/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OmniboxSearchSuggestTrialStarted2013Q1/3/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadDisabled/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SpdyCwnd/cwndMin10/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_13/UMA-Uniformity-Trial-1-Percent/group_35/UMA-Uniformity-Trial-10-Percent/default/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --channel="2104.18.58948388\1562378157" /prefetch:673131151
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512
"C:\Users\NoVaS\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

=========Mozilla firefox=========

ProfilePath - C:\Users\NoVaS\AppData\Roaming\Mozilla\Firefox\Profiles\t3cz11yc.default

prefs.js - "browser.startup.homepage" - "http://search.babylon.com/?affID=44444& ... 1A4D80D4EE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.15.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\components\
nppl3260.xpt
nsjsrealplayerplugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
ForceProxy.dll
np-mswmp.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nprjplug.dll
nprpjplug.dll
ShockwavePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
yahoo.xml
yahoo.xml.old

C:\Users\NoVaS\AppData\Roaming\Mozilla\Firefox\Profiles\t3cz11yc.default\searchplugins\
babylon.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-03-03 461216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 1281512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2013-05-15 5622512]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare Ultimate]
C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe /AutoStart []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-03-14 3672640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVSSkypeRecorder]
C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\skyui.exe [2013-03-19 296584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
C:\Windows\KHALMNPR.EXE [2009-06-17 130576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2013-04-23 4288048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pokki]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
c:\program files (x86)\skype\phone\skype.exe [2013-04-19 18678376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files (x86)\steam\steam.exe [2013-06-07 1641896]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\temp]
c:\users\novas\appdata\roaming\temp.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Service]
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe /s []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-06-09 08:19:09 ----D---- C:\rsit
2013-06-09 01:27:26 ----A---- C:\Windows\SYSWOW64\CmdLineExt_x64.dll
2013-06-09 01:20:40 ----D---- C:\Windows\SYSWOW64\xlive
2013-06-09 01:20:33 ----D---- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-06-09 00:46:56 ----D---- C:\Program Files (x86)\Rockstar Games
2013-06-08 22:36:21 ----HD---- C:\Windows\msdownld.tmp
2013-06-08 22:36:19 ----D---- C:\Windows\SYSWOW64\directx
2013-06-03 15:47:59 ----D---- C:\Program Files (x86)\HT Fireman CDDVD Burner 1.3
2013-06-02 09:34:39 ----D---- C:\Program Files\Defraggler
2013-05-31 21:04:40 ----D---- C:\Users\NoVaS\AppData\Roaming\BSplayer Pro
2013-05-31 21:04:40 ----D---- C:\Users\NoVaS\AppData\Roaming\BSplayer
2013-05-31 21:04:32 ----D---- C:\Program Files (x86)\Webteh
2013-05-31 07:52:26 ----D---- C:\Users\NoVaS\AppData\Roaming\SUPERAntiSpyware.com
2013-05-31 07:52:06 ----D---- C:\Program Files\SUPERAntiSpyware
2013-05-31 07:44:25 ----A---- C:\Windows\SYSWOW64\setupx.dll
2013-05-31 07:30:26 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2013-05-25 11:51:03 ----D---- C:\ProgramData\Astroburn Lite
2013-05-25 11:25:04 ----D---- C:\ProgramData\BrowserProtect
2013-05-25 11:24:53 ----D---- C:\Users\NoVaS\AppData\Roaming\BabSolution
2013-05-25 11:24:13 ----D---- C:\Users\NoVaS\AppData\Roaming\Babylon
2013-05-25 11:24:13 ----D---- C:\ProgramData\Babylon
2013-05-25 11:18:00 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2013-05-25 11:17:46 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2013-05-23 11:20:13 ----D---- C:\Program Files (x86)\CCleaner
2013-05-23 10:51:42 ----D---- C:\ProgramData\Martau
2013-05-23 10:39:50 ----D---- C:\Users\NoVaS\AppData\Roaming\Apple Computer
2013-05-23 10:39:35 ----D---- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
2013-05-20 07:07:29 ----A---- C:\AdwCleaner[S1].txt
2013-05-20 07:05:54 ----A---- C:\AdwCleaner[R2].txt
2013-05-19 11:07:28 ----A---- C:\AdwCleaner[R1].txt
2013-05-19 09:23:14 ----D---- C:\Program Files\trend micro
2013-05-18 13:28:56 ----SHD---- C:\$RECYCLE.BIN
2013-05-17 21:03:02 ----D---- C:\Users\NoVaS\AppData\Roaming\Sony Creative Software Inc
2013-05-16 12:32:30 ----D---- C:\Program Files (x86)\Microsoft Security Client
2013-05-16 12:32:02 ----D---- C:\Program Files\Microsoft Security Client
2013-05-16 12:30:38 ----D---- C:\Users\NoVaS\AppData\Roaming\Malwarebytes
2013-05-16 12:30:30 ----D---- C:\ProgramData\Malwarebytes
2013-05-16 12:30:29 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-16 12:30:29 ----A---- C:\Windows\system32\drivers\mbam.sys
2013-05-16 12:16:37 ----D---- C:\Windows\temp
2013-05-16 11:55:03 ----AD---- C:\Kaspersky Rescue Disk 10.0

======List of files/folders modified in the last 1 month======

2013-06-09 08:03:52 ----D---- C:\Windows\system32\config
2013-06-09 07:58:55 ----D---- C:\Windows\system32\Tasks
2013-06-09 07:55:39 ----D---- C:\ProgramData\NVIDIA
2013-06-09 01:32:12 ----SHD---- C:\System Volume Information
2013-06-09 01:28:03 ----D---- C:\ProgramData
2013-06-09 01:27:26 ----D---- C:\Windows\SysWOW64
2013-06-09 01:25:42 ----SHD---- C:\Windows\Installer
2013-06-09 01:25:36 ----D---- C:\Windows\winsxs
2013-06-09 01:22:51 ----RSD---- C:\Windows\assembly
2013-06-09 01:21:01 ----D---- C:\Windows
2013-06-09 01:20:33 ----RD---- C:\Program Files (x86)
2013-06-09 00:50:19 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-06-09 00:16:52 ----D---- C:\Windows\Prefetch
2013-06-08 22:56:16 ----D---- C:\Users\NoVaS\AppData\Roaming\Skype
2013-06-08 22:52:25 ----D---- C:\Users\NoVaS\AppData\Roaming\uTorrent
2013-06-08 22:35:12 ----D---- C:\Games
2013-06-08 10:15:17 ----D---- C:\Windows\system32\drivers
2013-06-07 15:23:28 ----D---- C:\Program Files (x86)\Steam
2013-06-07 07:59:48 ----D---- C:\Windows\system32\catroot2
2013-06-06 08:26:11 ----D---- C:\Program Files (x86)\KBot
2013-06-03 21:42:08 ----D---- C:\JRT
2013-06-02 09:34:39 ----RD---- C:\Program Files
2013-05-31 07:51:24 ----D---- C:\Program Files (x86)\Common Files
2013-05-31 07:46:22 ----D---- C:\Windows\Tasks
2013-05-30 17:15:47 ----D---- C:\Program Files (x86)\Metin2
2013-05-30 12:56:52 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-05-30 12:56:18 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-28 09:32:01 ----D---- C:\Windows\System32
2013-05-28 09:32:01 ----D---- C:\Windows\inf
2013-05-28 09:32:01 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-05-25 17:49:19 ----D---- C:\Program Files (x86)\Activision
2013-05-25 14:55:14 ----D---- C:\Windows\system32\catroot
2013-05-25 13:13:07 ----D---- C:\Program Files (x86)\AudioTranscoder
2013-05-25 11:28:55 ----D---- C:\Users\NoVaS\AppData\Roaming\DAEMON Tools Lite
2013-05-25 11:19:19 ----D---- C:\Windows\system32\DriverStore
2013-05-23 11:13:23 ----AD---- C:\Qoobox
2013-05-23 11:00:40 ----D---- C:\Windows\system32\drivers\etc
2013-05-23 10:51:41 ----D---- C:\Windows\system
2013-05-23 10:40:00 ----D---- C:\ProgramData\IObit
2013-05-22 20:04:58 ----D---- C:\Windows\debug
2013-05-22 09:51:49 ----D---- C:\Windows\rescache
2013-05-19 08:52:19 ----D---- C:\Boot
2013-05-18 14:18:52 ----A---- C:\Windows\system32\MRT.exe
2013-05-18 12:13:31 ----A---- C:\Windows\system.ini
2013-05-18 12:03:43 ----D---- C:\Windows\SYSWOW64\drivers
2013-05-18 12:03:43 ----D---- C:\Windows\AppPatch
2013-05-17 20:03:47 ----D---- C:\ProgramData\Skype
2013-05-16 21:24:13 ----D---- C:\Program Files (x86)\Attomey
2013-05-16 20:22:59 ----D---- C:\Windows\ModemLogs
2013-05-16 20:17:08 ----D---- C:\Windows\DigitalLocker
2013-05-16 20:14:37 ----D---- C:\Windows\AppCompat
2013-05-16 19:47:48 ----D---- C:\Program Files (x86)\Recuva
2013-05-16 12:31:52 ----SD---- C:\Users\NoVaS\AppData\Roaming\Microsoft
2013-05-16 12:17:36 ----D---- C:\Windows\erdnt
2013-05-14 23:50:22 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-05-12 10:52:46 ----D---- C:\Users\NoVaS\AppData\Roaming\.minecraft
2013-05-10 14:48:28 ----D---- C:\Windows\system32\NDF
2013-05-10 08:15:15 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 230320]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-05-25 283200]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 55312]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 57872]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [2012-10-03 66360]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver; C:\Windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2013-05-23 143120]
R2 BrowserProtect;BrowserProtect; C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-06-03 3085264]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 22056]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-03-15 877856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02 116648]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-15 1266464]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-14 256904]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-30 117144]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-06-07 543656]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-02 1255736]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 09 čer 2013 10:04

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Prohledat
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

novas1998 · #3 Příspěvek od **novas1998** » 09 čer 2013 11:04

Log z JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.3 (04.29.2013:2)
OS: Windows 7 Home Premium x64
Ran by NoVaS on ne 09.06.2013 at 11:26:47,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2235947728-872269853-3953581352-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\datamngr_toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\datamngr
Failed to delete: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Failed to delete: [Folder] "C:\ProgramData\browserprotect"
Successfully deleted: [Folder] "C:\Users\NoVaS\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\NoVaS\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\NoVaS\AppData\Roaming\microsoft\windows\start menu\programs\BrowserProtect"

~~~ FireFox

Successfully deleted: [File] C:\Users\NoVaS\AppData\Roaming\mozilla\firefox\profiles\t3cz11yc.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\NoVaS\AppData\Roaming\mozilla\firefox\profiles\t3cz11yc.default\bprotector_prefs.js
Failed to delete: [File] C:\Users\NoVaS\AppData\Roaming\mozilla\firefox\profiles\t3cz11yc.default\searchplugins\babylon.xml
Successfully deleted the following from C:\Users\NoVaS\AppData\Roaming\mozilla\firefox\profiles\t3cz11yc.default\prefs.js

user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=44444&tt=gc ... 1A4D80D4EE");
user_pref("browser.search.order.1", "Delta Search");
user_pref("browser.search.selectedEngine", "Delta Search");
user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=44444&tt=gc_&babsrc=HP_ss_din2g&mntrId=10E3001A4D80D4EE");
Emptied folder: C:\Users\NoVaS\AppData\Roaming\mozilla\firefox\profiles\t3cz11yc.default\minidumps [1 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 09.06.2013 at 11:57:02,15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

novas1998 · #4 Příspěvek od **novas1998** » 09 čer 2013 11:14

a adwc:
# AdwCleaner v2.303 - Log vytvooen 09/06/2013 v 12:12:21
# Aktualizováno 08/06/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : NoVaS - NOVAS-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\NoVaS\Desktop\adwcleaner.exe
# Volba [Prohledat]

***** [Služby] *****

Nalezeno : BrowserProtect

***** [Soubory / Složky] *****

Složka Nalezeno : C:\ProgramData\BrowserProtect
Soubor Nalezeno : C:\Users\NoVaS\AppData\Roaming\Mozilla\Firefox\Profiles\t3cz11yc.default\searchplugins\Babylon.xml

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Klíe Nalezeno : HKCU\Software\BabSolution
Klíe Nalezeno : HKCU\Software\DataMngr
Klíe Nalezeno : HKCU\Software\DataMngr_Toolbar
Klíe Nalezeno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Klíe Nalezeno : HKCU\Software\5a68bdae23eb913
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klíe Nalezeno : HKLM\Software\DataMngr
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\5a68bdae23eb913
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Klíe Nalezeno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Klíe Nalezeno : HKU\S-1-5-21-2235947728-872269853-3953581352-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16476

[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://search.babylon.com/?affID=44444&tt=gc_&babsrc=HP_ss_din2g&mntrId=10E3001A4D80D4EE

-\\ Mozilla Firefox v21.0 (cs)

Soubor : C:\Users\NoVaS\AppData\Roaming\Mozilla\Firefox\Profiles\t3cz11yc.default\prefs.js

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [1901 octets] - [19/05/2013 11:07:28]
AdwCleaner[R2].txt - [1961 octets] - [20/05/2013 07:05:54]
AdwCleaner[R3].txt - [2376 octets] - [09/06/2013 12:12:21]
AdwCleaner[S1].txt - [2019 octets] - [20/05/2013 07:07:29]

########## EOF - C:\AdwCleaner[R3].txt - [2496 octets] ##########

#5 Příspěvek od **vyosek** » 09 čer 2013 11:41

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Smazat
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

novas1998 · #6 Příspěvek od **novas1998** » 09 čer 2013 12:00

# AdwCleaner v2.303 - Log vytvooen 09/06/2013 v 12:53:04
# Aktualizováno 08/06/2013 Xplode
# Operaení systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživatel : NoVaS - NOVAS-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\NoVaS\Desktop\adwcleaner.exe
# Volba [Vymazat]

***** [Služby] *****

Zastaveno & vymazáno : BrowserProtect

***** [Soubory / Složky] *****

Soubor Vymazáno : C:\Users\NoVaS\AppData\Roaming\Mozilla\Firefox\Profiles\t3cz11yc.default\searchplugins\Babylon.xml
Vymazáno poi restartu : C:\ProgramData\BrowserProtect

***** [Registry] *****

Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Klíe Vymazáno : HKCU\Software\BabSolution
Klíe Vymazáno : HKCU\Software\DataMngr
Klíe Vymazáno : HKCU\Software\DataMngr_Toolbar
Klíe Vymazáno : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Klíe Vymazáno : HKCU\Software\5a68bdae23eb913
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Klíe Vymazáno : HKLM\Software\DataMngr
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\5a68bdae23eb913
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Klíe Vymazáno : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar
Klíe Vymazáno : HKU\S-1-5-21-2235947728-872269853-3953581352-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry jsou eisté.

-\\ Mozilla Firefox v21.0 (cs)

Soubor : C:\Users\NoVaS\AppData\Roaming\Mozilla\Firefox\Profiles\t3cz11yc.default\prefs.js

[OK] Soubor je eistý.

*************************

AdwCleaner[R1].txt - [1901 octets] - [19/05/2013 11:07:28]
AdwCleaner[R2].txt - [1961 octets] - [20/05/2013 07:05:54]
AdwCleaner[R3].txt - [2561 octets] - [09/06/2013 12:12:21]
AdwCleaner[S1].txt - [2019 octets] - [20/05/2013 07:07:29]
AdwCleaner[S2].txt - [2374 octets] - [09/06/2013 12:53:04]

########## EOF - C:\AdwCleaner[S2].txt - [2434 octets] ##########

#7 Příspěvek od **vyosek** » 09 čer 2013 12:10

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

novas1998 · #8 Příspěvek od **novas1998** » 09 čer 2013 12:52

Jak jsem si myslel... OTL, když vše přeskenuje napíše Getting folder structure tak se mi začne zvyšovat paměť v procesech akdyž vystoupá skoro na maximum, což já mám ramku tak napíše out of memory :/...

#9 Příspěvek od **vyosek** » 09 čer 2013 17:53

Spustte jej tedy znovu ale bez toho skriptu, ostatni nastaveni stejne jako minule

novas1998 · #10 Příspěvek od **novas1998** » 10 čer 2013 08:41

OTL logfile created on: 10.6.2013 8:14:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NoVaS\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,15 Gb Available Physical Memory | 7,62% Memory free
4,00 Gb Paging File | 1,39 Gb Available in Paging File | 34,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 40,97 Gb Free Space | 13,74% Space Free | Partition Type: NTFS
Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: NOVAS-PC | User Name: NoVaS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013.06.09 13:12:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NoVaS\Desktop\OTL.exe
PRC - [2013.05.29 07:27:40 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.05.05 03:15:46 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

========== Modules (No Company Name) ==========

MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ppgooglenaclpluginchrome.dll
MOD - [2013.05.29 07:27:37 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\libegl.dll
MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013.05.23 22:12:02 | 000,143,120 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.05.30 11:11:01 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.14 23:50:22 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.15 07:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.03.14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.05.25 11:18:00 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.02 11:49:05 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.10.03 00:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.26 19:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2235947728-872269853-3953581352-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-2235947728-872269853-3953581352-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2235947728-872269853-3953581352-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{17E113E6-CD0E-4045-B154-65F0E57959EF}: C:\Program Files\IMPI\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.30 11:11:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.02 00:27:57 | 000,000,000 | ---D | M]

[2013.04.28 14:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NoVaS\AppData\Roaming\Mozilla\Extensions
[2013.05.23 10:50:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NoVaS\AppData\Roaming\Mozilla\Firefox\Profiles\t3cz11yc.default\extensions
[2013.05.25 11:24:34 | 000,006,502 | ---- | M] () -- C:\Users\NoVaS\AppData\Roaming\Mozilla\Firefox\Profiles\t3cz11yc.default\searchplugins\babylon.xml
[2013.05.30 12:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\Extensions
[2013.05.30 11:11:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013.05.30 11:11:02 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011.09.03 17:57:38 | 000,308,736 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\ForceProxy.dll

O1 HOSTS File: ([2013.05.24 19:11:21 | 000,000,418 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: ਍㈱⸷⸰⸰ऱ楬散獮⹥畳数慲瑮獩祰慷敲挮浯਍㈱⸷⸰⸰ऱ楬散獮⹥畳数慲瑮獩祰慷敲挮浯਍㈱⸷⸰⸰ऱ楬散獮⹥畳数慲瑮獩祰慷敲挮浯਍㈱⸷⸰⸰ऱ楬散獮⹥畳数慲瑮獩祰慷敲挮浯਍㈱⸷⸰⸰ऱ楬散獮⹥畳数慲瑮獩祰慷敲挮浯਍㈱⸷⸰⸰ऱ楬散獮⹥畳数慲瑮獩祰慷敲挮浯਍㈱⸷⸰⸰ऱ楬散獮⹥畳数慲瑮獩祰慷敲挮浯਍㈱⸷⸰⸰ऱ楬散獮⹥畳数慲瑮獩祰慷敲挮浯
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2235947728-872269853-3953581352-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-2235947728-872269853-3953581352-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2235947728-872269853-3953581352-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2235947728-872269853-3953581352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD5AC7B1-CE31-4E5D-A3AC-2B40DC3C4B13}: DhcpNameServer = 213.46.172.36 213.46.172.37
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.11 19:03:48 | 000,000,054 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (SmartDefragBootTime.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 7 Days ==========

[2013.06.09 15:40:19 | 000,000,000 | ---D | C] -- C:\Users\NoVaS\AppData\Roaming\Wargaming.net
[2013.06.09 13:12:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\NoVaS\Desktop\OTL.exe
[2013.06.09 10:51:29 | 000,000,000 | ---D | C] -- C:\Users\NoVaS\AppData\Local\Rockstar Games
[2013.06.09 08:19:09 | 000,000,000 | ---D | C] -- C:\rsit
[2013.06.09 01:27:26 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013.06.09 01:20:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013.06.09 01:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013.06.09 00:47:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2013.06.09 00:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2013.06.08 22:36:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2013.06.03 15:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HT Fireman CDDVD Burner 1.3
[2013.06.03 15:47:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HT Fireman CDDVD Burner 1.3
[2013.03.03 14:15:11 | 001,230,848 | ---- | C] (Alexander Roshal) -- C:\Program Files (x86)\WinRAR.exe
[2013.03.03 14:15:11 | 000,426,496 | ---- | C] (Alexander Roshal) -- C:\Program Files (x86)\Rar.exe
[2013.03.03 14:15:11 | 000,287,744 | ---- | C] (Alexander Roshal) -- C:\Program Files (x86)\UnRAR.exe
[2013.03.03 14:15:11 | 000,196,096 | ---- | C] (Alexander Roshal) -- C:\Program Files (x86)\RarExt.dll
[2013.03.03 14:15:11 | 000,167,936 | ---- | C] (Alexander Roshal) -- C:\Program Files (x86)\RarExt32.dll
[2013.02.17 05:27:32 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2013.06.10 08:07:45 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.10 08:07:45 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.10 07:56:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.10 07:56:55 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.09 13:16:46 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.06.09 13:12:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\NoVaS\Desktop\OTL.exe
[2013.06.09 12:53:55 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.09 11:30:08 | 000,648,201 | ---- | M] () -- C:\Users\NoVaS\Desktop\adwcleaner.exe
[2013.06.09 10:31:00 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2013.06.09 01:27:26 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013.06.09 00:48:49 | 000,002,278 | ---- | M] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk
[2013.06.08 22:35:34 | 000,000,769 | ---- | M] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013.06.08 16:24:43 | 002,850,513 | ---- | M] () -- C:\Users\NoVaS\Desktop\Nightcore - Sugar.mp3
[2013.06.07 15:14:18 | 000,140,305 | ---- | M] () -- C:\Users\NoVaS\Desktop\973759_531988420170660_654472944_n.jpg
[2013.06.07 15:07:02 | 003,985,554 | ---- | M] () -- C:\Users\NoVaS\Desktop\KDrew - Bullseye [100BPM Dubstep].mp3
[2013.06.06 23:21:00 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.06.06 15:47:41 | 000,020,900 | ---- | M] () -- C:\Users\NoVaS\Desktop\PCHerní příslušenství.odt
[2013.06.06 15:18:08 | 003,577,888 | ---- | M] () -- C:\Users\NoVaS\Desktop\ViralBrothers ft. Evgeny Kuzmin - KALBA.mp3
[2013.06.06 12:40:29 | 000,059,923 | ---- | M] () -- C:\Users\NoVaS\Desktop\PCHerní příslušenství.xml
[2013.06.04 10:36:09 | 000,021,560 | ---- | M] () -- C:\Users\NoVaS\Desktop\946742_665326803484004_1975555099_n.jpg
[2013.06.04 08:18:43 | 000,027,664 | ---- | M] () -- C:\Users\NoVaS\Desktop\obrázky.odt
[2013.06.03 15:48:32 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\HT Fireman CDDVD Burner 1.3.lnk
[2013.06.03 15:19:08 | 004,971,734 | ---- | M] () -- C:\Users\NoVaS\Desktop\07 Křídla andělů.wma
[2013.06.03 15:19:07 | 003,131,138 | ---- | M] () -- C:\Users\NoVaS\Desktop\06 Halíře dělaj talíře.wma
[2013.06.03 15:18:45 | 004,792,442 | ---- | M] () -- C:\Users\NoVaS\Desktop\05 Popelka.wma
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.06.09 12:53:17 | 000,000,097 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.09 11:29:14 | 000,648,201 | ---- | C] () -- C:\Users\NoVaS\Desktop\adwcleaner.exe
[2013.06.09 10:31:00 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\Grand Theft Auto IV.lnk
[2013.06.09 00:46:56 | 000,002,278 | ---- | C] () -- C:\Users\Public\Desktop\Rockstar Games Social Club.lnk
[2013.06.08 22:35:34 | 000,000,769 | ---- | C] () -- C:\Users\Public\Desktop\World of Tanks.lnk
[2013.06.08 16:24:08 | 002,850,513 | ---- | C] () -- C:\Users\NoVaS\Desktop\Nightcore - Sugar.mp3
[2013.06.07 15:14:17 | 000,140,305 | ---- | C] () -- C:\Users\NoVaS\Desktop\973759_531988420170660_654472944_n.jpg
[2013.06.07 15:06:22 | 003,985,554 | ---- | C] () -- C:\Users\NoVaS\Desktop\KDrew - Bullseye [100BPM Dubstep].mp3
[2013.06.06 15:17:44 | 003,577,888 | ---- | C] () -- C:\Users\NoVaS\Desktop\ViralBrothers ft. Evgeny Kuzmin - KALBA.mp3
[2013.06.06 12:40:29 | 000,059,923 | ---- | C] () -- C:\Users\NoVaS\Desktop\PCHerní příslušenství.xml
[2013.06.04 10:35:25 | 000,021,560 | ---- | C] () -- C:\Users\NoVaS\Desktop\946742_665326803484004_1975555099_n.jpg
[2013.06.04 07:08:00 | 000,027,664 | ---- | C] () -- C:\Users\NoVaS\Desktop\obrázky.odt
[2013.06.03 15:48:32 | 000,002,065 | ---- | C] () -- C:\Users\Public\Desktop\HT Fireman CDDVD Burner 1.3.lnk
[2013.06.03 15:27:42 | 004,792,442 | ---- | C] () -- C:\Users\NoVaS\Desktop\05 Popelka.wma
[2013.06.03 15:27:41 | 004,971,734 | ---- | C] () -- C:\Users\NoVaS\Desktop\07 Křídla andělů.wma
[2013.06.03 15:27:40 | 003,131,138 | ---- | C] () -- C:\Users\NoVaS\Desktop\06 Halíře dělaj talíře.wma
[2013.04.12 22:08:42 | 001,554,840 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.09 20:37:23 | 000,003,584 | ---- | C] () -- C:\Users\NoVaS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.04 13:25:50 | 000,007,602 | ---- | C] () -- C:\Users\NoVaS\AppData\Local\Resmon.ResmonCfg
[2013.03.03 14:15:14 | 000,000,022 | ---- | C] () -- C:\Program Files (x86)\zipnew.dat
[2013.03.03 14:15:14 | 000,000,020 | ---- | C] () -- C:\Program Files (x86)\rarnew.dat
[2013.03.03 14:15:11 | 000,345,754 | ---- | C] () -- C:\Program Files (x86)\winrar.chm
[2013.03.03 14:15:11 | 000,344,064 | ---- | C] () -- C:\Program Files (x86)\rarlng.dll
[2013.03.03 14:15:11 | 000,132,608 | ---- | C] () -- C:\Program Files (x86)\Default64.SFX
[2013.03.03 14:15:11 | 000,102,400 | ---- | C] () -- C:\Program Files (x86)\Zip64.SFX
[2013.03.03 14:15:11 | 000,101,888 | ---- | C] () -- C:\Program Files (x86)\Default.SFX
[2013.03.03 14:15:11 | 000,098,304 | ---- | C] () -- C:\Program Files (x86)\WinCon64.SFX
[2013.03.03 14:15:11 | 000,082,432 | ---- | C] () -- C:\Program Files (x86)\Zip.SFX
[2013.03.03 14:15:11 | 000,074,240 | ---- | C] () -- C:\Program Files (x86)\WinCon.SFX
[2013.03.03 14:15:10 | 000,003,753 | ---- | C] () -- C:\Program Files (x86)\Order.htm
[2013.03.03 14:15:10 | 000,001,698 | ---- | C] () -- C:\Program Files (x86)\Descript.ion
[2013.03.03 14:15:10 | 000,001,307 | ---- | C] () -- C:\Program Files (x86)\RarFiles.lst
[2013.03.03 14:15:10 | 000,000,733 | ---- | C] () -- C:\Program Files (x86)\Uninstall.lst
[2013.03.03 14:15:10 | 000,000,563 | ---- | C] () -- C:\Program Files (x86)\File_Id.diz

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.05.12 10:52:46 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\.minecraft
[2013.05.31 21:13:56 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\BSplayer
[2013.05.31 21:04:40 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\BSplayer Pro
[2013.05.25 11:28:55 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\DAEMON Tools Lite
[2013.04.12 22:12:56 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\DarkOrbitRemix
[2013.03.31 17:56:48 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\DVDVideoSoft
[2013.03.15 15:38:38 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\GameRanger
[2013.04.09 20:33:41 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\HyperCam
[2013.05.09 08:45:23 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\IrfanView
[2013.05.06 19:13:01 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Jpeg Resampler
[2013.03.02 15:31:28 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Leadertech
[2013.04.23 12:04:03 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\LolClient
[2013.03.14 17:38:18 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\OpenOffice.org
[2013.05.09 08:51:35 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Origin
[2013.04.07 14:38:07 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Publish Providers
[2013.03.03 14:30:31 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\SFBot
[2013.04.09 20:37:22 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Solveig Multimedia
[2013.04.07 16:52:03 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Sony
[2013.05.17 21:03:02 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Sony Creative Software Inc
[2013.06.10 09:38:29 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\uTorrent
[2013.06.09 15:40:19 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Wargaming.net
[2013.03.04 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\NoVaS\AppData\Roaming\Xilisoft

========== Purity Check ==========

< End of report >

novas1998 · #11 Příspěvek od **novas1998** » 10 čer 2013 08:41

OTL Extras logfile created on: 10.6.2013 8:14:20 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\NoVaS\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 0,15 Gb Available Physical Memory | 7,62% Memory free
4,00 Gb Paging File | 1,39 Gb Available in Paging File | 34,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 40,97 Gb Free Space | 13,74% Space Free | Partition Type: NTFS
Drive E: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: NOVAS-PC | User Name: NoVaS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2235947728-872269853-3953581352-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09CAB5F3-A6A0-4E37-BAF8-5CB738C2F77B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{12369EDA-23AD-4C1C-A25C-1CCF0E6420A8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{14EE1693-E624-4F27-9497-77BC307E8D66}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22476EC4-C3DA-412A-99F5-6943C745759B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{235F8AF2-1E17-43E3-AFE8-62C537835EA0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{273D1D7E-9A90-4AB8-A22E-A4999F4BB934}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2A08ABBD-9726-4EF7-8F6A-3E89B831B8B0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{302E22D3-D0CE-4B63-A331-3262CADC41D3}" = rport=139 | protocol=6 | dir=out | app=system |
"{39D28F3D-F9B9-4329-B7EC-47FA711972CF}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{4A350146-6F3A-4C4F-B406-AB45C5E5895E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{50F8269D-8A0D-415B-998B-58EA207449D4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5150F6DD-8AD9-4B92-9F2F-9EE0640634A7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{517E8246-59BA-4FBE-A90B-0006C29B1560}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{55D59E90-C55C-4241-9C51-842AA405AAB7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{57AE6269-C95B-4DED-AE2C-8DA5C15274D7}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5A6C650A-D539-4831-8598-5A863F03CB75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6165FC52-8A12-4D11-8C8D-017435D1B1D1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{62C66CB7-AADE-4674-9C6D-7D583D1BCF42}" = lport=137 | protocol=17 | dir=in | app=system |
"{6D0FD3F7-BF5F-447A-AF5B-5F14DE59FEE9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7B486424-DB6C-4936-8E31-3746FEA2B8F5}" = lport=139 | protocol=6 | dir=in | app=system |
"{7E78A813-48D6-4608-B0B8-ED996B74129A}" = rport=445 | protocol=6 | dir=out | app=system |
"{85B12254-CB9F-484B-9355-22C06C5644FB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{8DAC25CC-C7B3-42F9-9D58-315BA8F20686}" = rport=137 | protocol=17 | dir=out | app=system |
"{9065CD94-86E0-42CF-AA82-273875513418}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9B5694D5-D5F9-4565-BB47-CF8651D45350}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FAF43DA-404B-49A7-907C-277AF8AEAD30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A30D2261-9D6F-41B4-A14E-548087BF3C92}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C1DDA434-1439-4876-A52B-28EE54876BAD}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{C49F9514-BFC4-4521-8DBB-F94EC76E4BA8}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{CD467244-5C8E-402A-90EF-6D4743BD1C65}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE442EF2-4247-4E5E-A6C2-346EC1DBE30A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D10C84F5-E6BE-45EB-B053-5499EC7FAFFE}" = lport=445 | protocol=6 | dir=in | app=system |
"{DA027494-F694-4690-9BD8-EE35DD33E032}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E0A7B3F6-1DCD-457F-AB1B-94CBDC083F91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E149F4EF-B9FA-4456-B962-262B13295EF4}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E3C20FFB-13D6-4537-83CD-E73470BAFC8F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F0ADE4AB-5CC1-49F2-92B8-DAB1EBA07E16}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F2B290E3-B1EC-49BA-8455-F542CCD88BA7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F6F8B75C-415B-4E7D-9F95-B142D6502F12}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{F7A07566-16DA-4F68-A9FC-629630DE7326}" = rport=138 | protocol=17 | dir=out | app=system |
"{F8E6817C-E866-4FCA-AF5D-818832649195}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1002B7EB-0D3C-4822-BB7E-2725144DFE8D}" = protocol=6 | dir=out | app=system |
"{1B1262F7-B37C-49F6-BCC9-A97F323F59C5}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{22063F98-6A02-43CF-8E5B-66674D3A9B27}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"{29834AF6-C44B-41FB-9009-3B95BC14BFA1}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{37834323-43D1-4B5B-A26D-51EE792B0E0A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{37E80922-5903-49C9-9CE1-4965C5CE2A12}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{421A709B-7635-454A-9B62-70CD8514F772}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{46E98CF0-CE20-4A34-BB25-05C71FA90276}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{49F3BE2F-CDD8-4F9D-85F5-33D41D421A58}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4A74E4D9-1A4F-4679-994E-8758F89B71AE}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4A8385C1-2E58-4591-889E-76C750A0543C}" = protocol=6 | dir=in | app=c:\users\novas\appdata\roaming\utorrent\utorrent.exe |
"{4B973228-FE75-4BC2-9430-61E3659CA517}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4CDDD219-3D81-4A0F-BD54-D7902893108D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{77EC3B97-80F0-46DF-87CD-568A464C833F}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{7AC93313-6FA3-45A6-A7FE-2F3A1DAFD0DE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82E00A5A-B5BC-4EBC-A2D5-B2805F268FC0}" = protocol=58 | dir=in | app=system |
"{84326BE1-D824-4972-9205-58A331C5C331}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96BF2149-EFB3-4753-B7B8-302C3FEF57A8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9A5E79E3-A37A-4425-9626-05B24005FF4C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{A765724D-8D57-4971-88CC-ACE794C2E8E8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A84C8EAC-CAEF-4C8C-AD76-E87569F24D1B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{AB64AC76-F9B2-4797-9012-A788459AEBE7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ABC6CD0D-378C-49E9-9BB4-F2BBB5D8BA8C}" = protocol=17 | dir=in | app=c:\users\novas\appdata\roaming\utorrent\utorrent.exe |
"{AE5291E1-5CFF-4A98-8467-695CB8B84AC0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B8B2E563-0699-4CCA-86FB-21615CA4B915}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C4CB45E0-0314-48CE-98F6-7C778BBF367B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{C58A6939-EB88-4E87-A86A-E62B61342D1E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C6D1F70D-6CD1-45C0-8307-25B0AA5BE098}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\half-life\hl.exe |
"{C9913E66-F1B7-475E-A376-A41475BF0854}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{CB273F05-AD5A-4C7D-B4AB-63E6F03E8517}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{CED521F2-F135-4D6F-9805-B9840ACCC409}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF14C5D0-A852-4212-AADE-0BB76296B6AF}" = protocol=17 | dir=in | app=c:\program files (x86)\rockstar games\rockstar games social club\rgsclauncher.exe |
"{D57BFBCD-EC90-4D8C-A997-BC93D8E4239B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E04DD914-7D3A-4F72-A159-65B93AC6F07C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E1DD5413-E971-49D1-A569-58595F78AE0A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E674DDBF-147A-4124-B433-FDC32C71AA8E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F5C40ED0-6480-47F1-9AFD-59553D43D189}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F5CC00A3-EBE5-43D4-A0D6-273A9340D2D3}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FBFFA1F0-3368-46C8-A30C-EE25996F815F}" = protocol=6 | dir=in | app=c:\program files (x86)\rockstar games\grand theft auto iv\launchgtaiv.exe |
"TCP Query User{1E0CCA45-8C42-4604-9329-37621D252367}C:\program files (x86)\kbot\kbot 7.07\kbotc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kbot\kbot 7.07\kbotc.exe |
"TCP Query User{2965939F-D810-462E-98EC-2AF510BB3893}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"TCP Query User{46C432D6-7838-4A3D-8FC5-0B06F3D81C67}C:\users\novas\desktop\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\novas\desktop\left 4 dead 2\left4dead2.exe |
"TCP Query User{4B6A749B-9DE1-4EF6-B81A-21F209598AB6}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{4F991E6D-23E6-4B47-BC04-7930647D4A20}C:\program files (x86)\ea sports\fifa 10\fifa10.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 10\fifa10.exe |
"TCP Query User{588D9896-1DF4-4D48-92F0-C0F348689F3F}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{85E17578-C831-4B7B-8173-B1037EFD6AFE}C:\program files (x86)\attomey\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\attomey\metin2client.bin |
"TCP Query User{8EF2861D-1200-447F-9808-146B87C930FC}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"TCP Query User{9B6F6B9D-4E68-4D28-8BD8-2E6D21C2CD0D}C:\users\novas\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\novas\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{A81D9BA0-229E-418D-A631-CBF5001A42C6}C:\program files (x86)\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin |
"TCP Query User{D86A5B7A-EFDF-47DA-A093-616949BA5EB3}C:\program files (x86)\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin |
"TCP Query User{D90770D2-D091-4322-A23D-C433E7C6D8B5}C:\program files (x86)\kbot\kbot 7.29\kbotc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\kbot\kbot 7.29\kbotc.exe |
"TCP Query User{DFDACE19-840B-483E-B05C-5E360D25CA1D}C:\program files (x86)\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"TCP Query User{EA97C174-8A42-4268-AEAC-AC914421176E}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"TCP Query User{F46B4BBC-17B4-4E86-A5B9-1097789E3FDF}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{07A79618-A7E8-4822-A4D0-A632C1055AB9}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{08B31187-39A0-4A53-AB62-82CD3B8F5A75}C:\users\novas\desktop\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\novas\desktop\left 4 dead 2\left4dead2.exe |
"UDP Query User{1BEB8F2B-26C4-4C25-ABD9-603946D09273}C:\program files (x86)\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\java.exe |
"UDP Query User{1EFFA80C-D075-45BF-87CD-BD8051F11898}C:\program files (x86)\attomey\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\attomey\metin2client.bin |
"UDP Query User{4C939F55-E63C-4772-A953-F5D8855CDC7E}C:\program files (x86)\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin |
"UDP Query User{5EC62FAF-42F7-47E8-B8C1-07F7474D969A}C:\users\novas\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\novas\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{62E0F786-7866-4CB0-993F-11FC62E1E55A}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
"UDP Query User{639F89FD-93A2-4FCD-A125-8D09E274C4DB}C:\program files (x86)\kbot\kbot 7.07\kbotc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kbot\kbot 7.07\kbotc.exe |
"UDP Query User{9417F3EE-EA57-4863-AA23-11AD9E3C4DF4}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{9AB5B497-B904-4348-BCA0-E03E247F606B}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{9B64B0B7-EBC8-44FC-88F7-67A21537549F}C:\program files (x86)\ea sports\fifa 10\fifa10.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 10\fifa10.exe |
"UDP Query User{A571F820-46B2-4532-8219-24FC75F33D88}C:\program files (x86)\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin |
"UDP Query User{C73A2B96-5A7B-4D6A-AB2D-3F55B5418277}C:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold crusader\stronghold crusader.exe |
"UDP Query User{D03170B0-88E1-4B63-A794-D8B3F0B487F5}C:\program files (x86)\kbot\kbot 7.29\kbotc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\kbot\kbot 7.29\kbotc.exe |
"UDP Query User{DA7ED631-AA3C-469E-96E0-BDA0535836F0}C:\program files (x86)\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0EDB29CF-5FFC-4824-9F13-3D1C4286CA98}_is1" = Audio Transcoder
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{790E02A1-145A-3843-8C13-A4F41C9B48B7}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{87CEB7C0-1D35-11E2-8F19-F04DA23A5C58}" = Vegas Pro 12.0 (64-bit)
"{8AAA8780-1D35-11E2-A3A6-F04DA23A5C58}" = MSVCRT Redists
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A324DC11-FF02-3CE8-9D6F-67EBC006D970}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Ovladač řídící jednotky 3D Vision 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizace NVIDIA 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D64CF6AA-23E7-4DE0-AF0B-6BC50DAFD45C}" = MagniPic
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Speccy" = Speccy

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
"{1E0AF527-0B8E-4F8A-BA27-CB3C359998C6}" = OpenOffice.org 3.4.1
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{827B97A9-B347-4110-9F89-37AF2B758F94}" = NHL™ 09
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ADEBB98C-DCD0-4369-BC4A-71B342CF55B2}" = HT Fireman CD/DVD Burner
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{E0363CCC-3535-4BAA-9F2C-200F548675D6}" = TuneUp Utilities Language Pack (cs-CZ)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"Fraps" = Fraps (remove only)
"Free Video Call Recorder for Skype_is1" = Free Video Call Recorder for Skype version 1.1.0.319
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.23.320
"Google Chrome" = Google Chrome
"HyperCam 3 3.5.1211.29" = HyperCam 3
"JpegResampler2010_is1" = Jpeg Resampler Vs 6+
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.75.0.1300
"Metin2_is1" = Metin2
"Mozilla Firefox 21.0 (x86 cs)" = Mozilla Firefox 21.0 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Postal 2" = Postal 2
"privitize" = toolbar on IE and Chrome
"Steam App 10" = Counter-Strike
"Steam App 570" = Dota 2
"Tony Hawks Pro Skater HD_is1" = Tony Hawks Pro Skater HD
"uTorrent" = µTorrent
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2235947728-872269853-3953581352-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 9.6.2013 6:09:43 | Computer Name = NoVaS-PC | Source = Service Control Manager | ID = 7009
Description = Při čekání na připojení služby BrowserProtect bylo dosaženo časového
limitu (30000 ms).

Error - 9.6.2013 6:09:43 | Computer Name = NoVaS-PC | Source = Service Control Manager | ID = 7000
Description = Služba BrowserProtect neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 9.6.2013 6:12:09 | Computer Name = NoVaS-PC | Source = Service Control Manager | ID = 7038
Description = Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s
aktuálně konfigurovaným heslem z důvodu následující chyby: %%1330 Chcete-li zajistit
správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management
Console (MMC).

Error - 9.6.2013 6:12:09 | Computer Name = NoVaS-PC | Source = Service Control Manager | ID = 7000
Description = Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku
následující chyby: %%1069

Error - 9.6.2013 6:59:22 | Computer Name = NoVaS-PC | Source = Service Control Manager | ID = 7038
Description = Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s
aktuálně konfigurovaným heslem z důvodu následující chyby: %%1330 Chcete-li zajistit
správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management
Console (MMC).

Error - 9.6.2013 6:59:22 | Computer Name = NoVaS-PC | Source = Service Control Manager | ID = 7000
Description = Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku
následující chyby: %%1069

Error - 10.6.2013 1:57:06 | Computer Name = NoVaS-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (2:18:01, ?10.?6.?2013) bylo neočekávané.

Error - 10.6.2013 2:01:34 | Computer Name = NoVaS-PC | Source = Service Control Manager | ID = 7038
Description = Služba nvUpdatusService se nemohla přihlásit jako .\UpdatusUser s
aktuálně konfigurovaným heslem z důvodu následující chyby: %%1330 Chcete-li zajistit
správnou konfiguraci služby, použijte modul snap-in Služby konzoly Microsoft Management
Console (MMC).

Error - 10.6.2013 2:01:34 | Computer Name = NoVaS-PC | Source = Service Control Manager | ID = 7000
Description = Služba NVIDIA Update Service Daemon neuspěla při spuštění v důsledku
následující chyby: %%1069

Error - 10.6.2013 3:24:30 | Computer Name = NoVaS-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Instalace se nezdařila: Instalování následující aktualizace se nezdařilo
z důvodu chyby (0x80073712): Aktualizace Windows 7 Service Pack 1 pro systémy pro
platformu x64 (KB976932).

< End of report >

#12 Příspěvek od **vyosek** » 10 čer 2013 11:36

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013.06.09 12:53:55 | 000,000,097 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=-
"DAEMON Tools Lite"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare Ultimate] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVSSkypeRecorder] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pokki] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\temp] /64
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Service] /64

:files
C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
C:\AdwCleaner[*].txt
C:\Program Files (x86)\IObit
c:\users\novas\appdata\roaming\*.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

novas1998 · #13 Příspěvek od **novas1998** » 10 čer 2013 11:50

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\DeleteOnReboot.bat moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare Ultimate\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVSSkypeRecorder\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pokki\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\temp\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Service\ deleted successfully.
========== FILES ==========
C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} folder moved successfully.
C:\AdwCleaner[R1].txt moved successfully.
C:\AdwCleaner[R2].txt moved successfully.
C:\AdwCleaner[R3].txt moved successfully.
C:\AdwCleaner[S1].txt moved successfully.
C:\AdwCleaner[S2].txt moved successfully.
File\Folder C:\Program Files (x86)\IObit not found.
File\Folder c:\users\novas\appdata\roaming\*.exe not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NoVaS
->Temp folder emptied: 16864588 bytes
->Temporary Internet Files folder emptied: 374552382 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 21257283 bytes
->Flash cache emptied: 3052 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 353513978 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 731,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: NoVaS
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: NoVaS
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 06102013_124434

Files\Folders moved on Reboot...
C:\Users\NoVaS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

#14 Příspěvek od **vyosek** » 10 čer 2013 11:58

Jak se chova PC

novas1998 · #15 Příspěvek od **novas1998** » 10 čer 2013 12:07

Nic moc

, fyzická paměť se drží na 80%

VIRY.CZ

Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%

Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%

Re: Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%

Re: Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%

Re: Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%

Re: Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%

Re: Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%

Re: Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%

Re: Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%

Re: Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%

Re: Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%

Re: Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%

Re: Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%

Re: Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%

Re: Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%

Re: Při zapnutí PC naskočí po 5 min fyzická paměť až na 95%