Problema-prea multe procese in Task Manager

Salutare.Dupa cum se poate deduce din titlu,am prea multe procese in Task Manager(inainte nu aveam asa de multe).In ultimul timp,odata cu deschiderea Windows-ului,imi apare o fereastra cmd.exe cu procesul csrss.exe care se inchide foarte repede si nu apuc sa vad ce scrie in respectiva fereastra.Nu sunt sigur daca este un virus in calculator(am facut o scanare completa cu Avast si mi-a gasit 4 fisiere infecte,iar dupa aceea am selectat optiunea Fix Automatically si am apasat Apply,astfel am scapat de acele fisiere,dar acele procese in plus nu au disparut),iar inainte sa mi se intample acest incident imi zicea sa dau restart la calculator-era o problema in care scria ceva cu "User" si observasem ca nu puteam sa deschid Task Manager,iar dupa acea am inchis calculatorul si dupa ce l-am deschis un pic mai tarziu au inceput sa se intample cele povestite de mai sus).
Ce as putea face ca sa scap de acele procese daca este nevoie?


P.S Daca am ales gresit topic-ul imi cer scuze.

Descarca si salveaza pe Desktop, RogueKiller sau de aici.
Inchide toate programele care ruleaza.
Scoate tot din porturile USB(Memory Stick, Hard Extern).
Dublu click pe RogueKiller.exe, pentru a rula.
Pentru Windows Vista sau Windows 7,
click dreapta, selecteaza Run as administrator.
Asteapta pana Prescan-ul a terminat.
Click pe "Scan".
Asteapta pana ce in Status box apare "Scan Finished".
Click pe "Report" si copy/paste aici.

MhG_40, on 07 august 2014 - 14:44, said:

Acesta este reportul:
RogueKiller V9.2.6.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Scan -- Date : 08/07/2014  15:58:42
¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] VM303_STI.EXE -- C:\Windows\VM303_STI.EXE[7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 6 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BigDog303 : C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)  -> FOUND
[Hj.Name|Suspicious.Path] HKEY_USERS\S-1-5-21-4258389948-3788153222-501430170-1000\Software\Microsoft\Windows\CurrentVersion\Run | Audio Driver Support for Windows© : C:\Users\user\AppData\Roaming\Audio Driver Support\csrss.exe  -> FOUND
[Suspicious.Path] HKEY_USERS\S-1-5-21-4258389948-3788153222-501430170-1001\Software\Microsoft\Windows\CurrentVersion\Run | Yontoo Desktop : "C:\Users\user\AppData\Roaming\Yontoo\YontooDesktop.exe"  -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 65.52.240.48
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activation.cloud.techsmith.com
¤¤¤ AntiRootkit : 7 (Driver: LOADED) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x84a571e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x84a571e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x84a571e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x84a571e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x84a571e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x84a571e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x84a571e8
¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] s6rfmjig.default : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> FOUND
[PUP][CHROME:Addon] Default : GoPhoto.it [pfmopbbadnfoelckkcmjjeaaegjpjjbk] -> FOUND
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST316081 5AS SCSI Disk Device +++++
--- User ---
[MBR] 144e49bec45b2faa84e24992a2f13f95
[BSP] 56f1870d082435c1308f0d7c3a0114c6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 49898 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 102399984 | Size: 102627 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

Dupa ce s-a terminat scanarea,am fost dus pe acest site:
http://www.adlice.co...rt-2-irp-hooks/

Edited by radudami, 07 August 2014 - 15:08.

Si ai citit ce scrie acolo ?

Quote

Deci da, esti infectat. Pe langa ceva PUP-uri detectate.
Sfatul meu ar fi sa urmezi pasii de la topicul de mai sus cu Instructiuni inainte de a deschide topic, dupa care sa revii aici cu logurile de rigoare.
Probabil dupa ce ii vei urma nu vei fi complet devirusat, dar vor fi eliminati ceva paraziti.

Ruleaza din nou RogueKiller.exe.
Asteapta pana Prescan-ul a terminat.
Click pe "Scan".
Asteapta pana ce in Status box apare "Scan Finished".
Verifica sa fie bifat  ce e citat mai jos:

Quote

Click pe "Delete".
Cand in Status box apare "Deleting Finished".
Click pe "Report" si copy/paste aici.


 Rk_T.jpg   72.64K   9 downloads

Edited by MhG_40, 07 August 2014 - 15:50.

MhG_40, on 07 august 2014 - 15:49, said:

RogueKiller V9.2.6.0 [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User : user [Admin rights]
Mode : Remove -- Date : 08/07/2014  17:22:13
¤¤¤ Bad processes : 1 ¤¤¤
[Suspicious.Path] VM303_STI.EXE -- C:\Windows\VM303_STI.EXE[7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 6 ¤¤¤
[Suspicious.Path] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | BigDog303 : C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) [x] -> DELETED
[Hj.Name|Suspicious.Path] HKEY_USERS\S-1-5-21-4258389948-3788153222-501430170-1000\Software\Microsoft\Windows\CurrentVersion\Run | Audio Driver Support for Windows© : C:\Users\user\AppData\Roaming\Audio Driver Support\csrss.exe [x] -> DELETED
[Suspicious.Path] HKEY_USERS\S-1-5-21-4258389948-3788153222-501430170-1001\Software\Microsoft\Windows\CurrentVersion\Run | Yontoo Desktop : "C:\Users\user\AppData\Roaming\Yontoo\YontooDesktop.exe" [x] -> DELETED
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | EnableLUA : 0  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ HOSTS File : 2 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 65.52.240.48 -> DELETED
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 activation.cloud.techsmith.com -> DELETED
¤¤¤ AntiRootkit : 7 (Driver: LOADED) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CREATE[0] : Unknown @ 0x84a571e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_CLOSE[2] : Unknown @ 0x84a571e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_DEVICE_CONTROL[14] : Unknown @ 0x84a571e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_INTERNAL_DEVICE_CONTROL[15] : Unknown @ 0x84a571e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_POWER[22] : Unknown @ 0x84a571e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_SYSTEM_CONTROL[23] : Unknown @ 0x84a571e8
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mountmgr.sys - IRP_MJ_PNP[27] : Unknown @ 0x84a571e8
¤¤¤ Web browsers : 2 ¤¤¤
[PUP][FIREFX:Addon] s6rfmjig.default : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> NOT SELECTED
[PUP][CHROME:Addon] Default : GoPhoto.it [pfmopbbadnfoelckkcmjjeaaegjpjjbk] -> NOT SELECTED
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST316081 5AS SCSI Disk Device +++++
--- User ---
[MBR] 144e49bec45b2faa84e24992a2f13f95
[BSP] 56f1870d082435c1308f0d7c3a0114c6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 49898 MB
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 102399984 | Size: 102627 MB
User = LL1 ... OK
Error reading LL2 MBR! ([1] Incorrect function. )

============================================
RKreport_SCN_08072014_155842.log - RKreport_SCN_08072014_171936.log

Descarca: ComboFix si salveaza-l pe Desktop.
Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, Mozila Firefox, etc) si ruleaza ComboFix.
Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data.
Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora.
La sfarsit va afisa rezultatele scanarii.
Salveaza acel fisier si posteaza continutul AICI.

MhG_40, on 07 august 2014 - 16:33, said:

Antivirusul meu Avast raporteaza fisierul exe ComboFix ca fiind virus.
[ http://imagizer.imageshack.us/v2/280x200q90/631/8ID44A.jpg - Pentru incarcare in pagina (embed) Click aici ]

Acum, vad ca, a crescut, detectia pe ComboFix.
Bun, facem asa.

Descarca si ruleaza OTL.
Pentru Windows Vista sau Windows 7,Windows 8,
click dreapta, selecteaza Run as administrator.
Bifezi ca in imagine.
[ http://s11.postimg.org/jaand9soj/otl1.jpg - Pentru incarcare in pagina (embed) Click aici ]
La terminare vor apare 2 ferestre de Notepad - OTL.txt si Extras.txt.
Copiaza pe rand continutul acestor ferestre si posteazale aici.

Continutul de pe OTL.txt

OTL logfile created on: 8/7/2014 6:24:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.37 Mb Total Physical Memory | 626.97 Mb Available Physical Memory | 61.27% Memory free
2.00 Gb Paging File | 1.40 Gb Available in Paging File | 69.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.73 Gb Total Space | 21.87 Gb Free Space | 44.89% Space Free | Partition Type: NTFS
Drive D: | 50.11 Gb Total Space | 23.72 Gb Free Space | 47.33% Space Free | Partition Type: NTFS
Drive E: | 50.11 Gb Total Space | 37.79 Gb Free Space | 75.41% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/08/07 18:22:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user\Downloads\OTL.exe
PRC - [2014/07/29 19:30:34 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2014/07/14 19:12:31 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2013/09/12 11:31:23 | 005,071,712 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/01/31 12:01:06 | 000,865,056 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/01/31 12:01:05 | 001,821,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2009/07/14 04:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/14 04:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/01/24 23:07:00 | 000,061,440 | ---- | M] (Vimicro) -- C:\Windows\VM303_STI.EXE


========== Modules (No Company Name) ==========

MOD - [2014/07/14 19:12:37 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/07/14 19:12:34 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll


========== Services (SafeList) ==========

SRV - [2014/07/14 19:12:31 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/07/14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/07/14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/12/24 16:49:48 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/12/12 17:32:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/12 11:31:23 | 005,071,712 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/09/05 17:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/19 21:32:08 | 001,259,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2009/07/14 04:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 04:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 04:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/11/09 23:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/04/13 09:49:00 | 000,101,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (app5t3ss)
DRV - [2014/07/14 19:13:27 | 000,414,520 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2014/07/14 19:12:44 | 000,779,536 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/07/14 19:12:44 | 000,192,352 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2014/07/14 19:12:44 | 000,081,768 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2014/07/14 19:12:44 | 000,071,944 | ---- | M] (AVAST Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswStm.sys -- (aswStm)
DRV - [2014/07/14 19:12:44 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/07/14 19:12:44 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2014/07/14 19:12:44 | 000,024,184 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\aswHwid.sys -- (aswHwid)
DRV - [2013/02/19 21:32:54 | 010,919,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/07/25 07:21:18 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/09/28 21:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/07/14 04:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 04:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 04:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 02:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 02:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 02:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 01:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/03/18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/06/23 13:45:58 | 000,480,128 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav303.sys -- (vvftav303)
DRV - [2006/02/23 01:30:00 | 000,391,300 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC30x)
DRV - [2006/02/23 01:30:00 | 000,391,300 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbVM303.sys -- (ZSMC303)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certif...24&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://cool-tvlive.net/terra
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://cool-tvlive.net/terra
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cool-tvlive.net/terra
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://cool-tvlive.net/terra
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certif...24&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certif...24&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certif...24&st=chrome&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-tvlive.net/terra
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = String@!@http://search.certified-toolbar.com?si=46366&st=bs&tid=6221&ver=4.8&ts=1374049292660.000002&tguid=46366-6221-1374049292660-323009EAD3A986FC8318548748F6CB24&q={searchTerms}
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.pu-...942&lg=EN&cc=RO


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.certif...24&st=chrome&q=
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://cool-tvlive.net/terra
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://cool-tvlive.net/terra
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = about:newtab
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cool-tvlive.net/terra
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://cool-tvlive.net/terra
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 A5 B2 FA 1D 6A CD 01  [binary data]
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.certif...24&st=chrome&q=
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar = http://search.certif...24&st=chrome&q=
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = http://search.certif...24&st=chrome&q=
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://cool-tvlive.net/terra
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL = about:newtab
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = about:newtab
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = String@!@http://search.certified-toolbar.com?si=46366&st=bs&tid=6221&ver=4.8&ts=1374049292660.000002&tguid=46366-6221-1374049292660-323009EAD3A986FC8318548748F6CB24&q={searchTerms}
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...4AB001E8C6B0358
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = String@!@http://search.certified-toolbar.com?si=46366&st=bs&tid=6221&ver=4.1&ts=1374049292660&tguid=46366-6221-1374049292660-323009EAD3A986FC8318548748F6CB24&q={searchTerms}
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-se...4AB001E8C6B0358
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 60 A5 B2 FA 1D 6A CD 01  [binary data]
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...4AB001E8C6B0358
IE - HKU\S-1-5-21-4258389948-3788153222-501430170-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== Firefox ==========

FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://websearch.pu-...N&cc=RO&l=1&q="
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.order.1S: "WebSearch"
FF - prefs.js..browser.search.selectedEngineS: "WebSearch"
FF - prefs.js..browser.startup.homepage: "http://cool-tvlive.net/terra"
FF - prefs.js..extensions.enabledAddons: contact%40dislikenow.com:1.1
FF - prefs.js..extensions.enabledAddons: flv2mp3%40hotger.com:2.0
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1497
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:3.2.3.20140326060057
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: "http://search.certif...4&st=chrome&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.ro/"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.60.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\user\AppData\LocalLow\POWERC~1\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\user\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/07/14 19:12:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/24 16:49:31 | 000,000,000 | ---D | M]

[2011/07/24 17:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions
[2014/06/08 09:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\extensions
[2014/05/22 18:31:44 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/07/05 08:56:24 | 000,000,000 | ---D | M] (sAefaeo- ssave) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\extensions\[email protected]
[2012/11/06 17:38:01 | 000,005,382 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\extensions\[email protected]
[2013/01/04 15:20:26 | 000,086,923 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\extensions\[email protected]
[2012/12/29 14:13:42 | 000,005,520 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\extensions\[email protected]
[2013/08/09 07:58:21 | 000,249,988 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\extensions\[email protected]
[2013/08/04 11:58:43 | 000,224,035 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
[2014/05/19 19:27:03 | 000,957,880 | ---- | M] () (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/22 15:56:32 | 000,001,294 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\searchplugins\delta.xml
[2013/12/23 12:26:09 | 000,002,015 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\searchplugins\Web Search.xml
[2013/07/05 08:57:00 | 000,007,828 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\searchplugins\WebSearch.xml
[2014/07/19 20:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2014/07/25 09:57:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/24 16:49:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/07/14 19:12:45 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/04/22 15:56:20 | 000,006,511 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2013/12/23 12:26:09 | 000,002,015 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Web Search.xml

========== Chrome  ==========

CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://cool-tvlive.net/terra
CHR - plugin: Silverlight (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: Google Translate = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.5_0\
CHR - Extension: Watch Football Live Stream = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bencnnelaeahkcjgdoabdjjcenhfidna\1.1_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Facebook = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm\1.0.3_0\
CHR - Extension: Google Search = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: ***** = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.1_0\
CHR - Extension: avast! Online Security = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2021.112_0\
CHR - Extension: Google Play = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi\3.0_0\
CHR - Extension: Untitled = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmbeliffdhjjnpofkljepangicefcgob\1.0_0\
CHR - Extension: sAefaeo- ssave = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmfakjpkpkjgdeiclggkignnjidodcgm\1\
CHR - Extension: Google Wallet = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: APK Downloader = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhlfmheblhjhkmacldlhdnbgbaiigba\2.1.3_0\
CHR - Extension: My Chrome Theme = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0\
CHR - Extension: GoPhoto.it = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.6_0\

O1 HOSTS File: ([2014/08/07 17:22:13 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (HomeTab) - {19a395c9-823b-4700-b817-396fc84ffb16} - C:\Users\user\AppData\Roaming\HomeTab\HomeTab.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (sAefaeo- ssave) - {856639DC-1593-0861-7D8C-EFD16BC0A9C3} - C:\ProgramData\sAefaeo- ssave\51d56a9e91d2e.dll ()
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (***** Plus for IE Browser Helper Object) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\***** Plus for IE\*****Plus32.dll (***** Plus)
O3 - HKLM\..\Toolbar: (HomeTab) - {19a395c9-823b-4700-b817-396fc84ffb16} - C:\Users\user\AppData\Roaming\HomeTab\HomeTab.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BigDog303] C:\Windows\VM303_STI.EXE (Vimicro)
O4 - HKU\S-1-5-21-4258389948-3788153222-501430170-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4258389948-3788153222-501430170-1000..\Run: [TBPanel] C:\Program Files\EXPERTool\TBPanel.exe (Gainward Co. Ltd.)
O4 - HKU\S-1-5-21-4258389948-3788153222-501430170-1001..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-4258389948-3788153222-501430170-1001..\Run: [Facebook Update] C:\Users\user\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-4258389948-3788153222-501430170-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D34960B-ECC1-439A-9135-218B3CBCAE14}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 00:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/08/07 15:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/08/06 11:35:53 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Audio Driver Support
[2014/08/06 11:34:46 | 000,000,000 | RHSD | C] -- C:\Users\user\xmona
[2014/08/06 10:56:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\GameNEW
[2014/08/05 16:44:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\Game
[2014/08/04 14:47:19 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\FIFA 12
[2014/08/02 10:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\moxy
[2014/08/02 10:29:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\localus2
[2014/07/31 17:56:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apple Computer
[2014/07/31 17:56:37 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Apple Computer
[2014/07/31 17:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2014/07/31 17:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2014/07/31 17:54:26 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Apple
[2014/07/31 17:54:18 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2014/07/31 17:54:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2014/07/30 13:28:21 | 000,026,176 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\System32\hamachi.sys
[2014/07/30 10:29:59 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\FM_temp
[2014/07/29 19:54:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\LogMeIn
[2014/07/29 19:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2014/07/28 20:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2014/07/24 10:29:04 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Virtua Tennis 4
[2014/07/24 10:20:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2014/07/24 10:20:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2014/07/24 10:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2014/07/20 11:36:50 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Euro Truck Simulator 2
[2014/07/19 20:20:05 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Skype
[2014/07/19 20:19:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014/07/19 20:19:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014/07/18 19:32:16 | 000,000,000 | ---D | C] -- C:\Downloads
[2014/07/15 08:31:01 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\CAMERA WEB SI RDS
[2014/07/15 08:30:33 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\IMPRIMANTA
[2014/07/15 08:30:21 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\router
[2014/07/15 08:29:10 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\ALTELE
[2014/07/15 08:28:33 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\JOCURI
[2014/07/15 08:25:32 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\UTILITATI
[2014/07/14 19:18:33 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DropboxMaster
[2014/07/14 19:18:10 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/07/14 19:17:55 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
[2014/07/14 19:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\GPU-Z
[2014/07/14 19:15:22 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Dropbox
[2014/07/14 19:13:59 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AVAST Software
[2014/07/14 19:13:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/07/14 19:12:55 | 000,071,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2014/07/14 19:12:54 | 000,779,536 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/07/14 19:12:54 | 000,414,520 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/07/14 19:12:53 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/07/14 19:12:52 | 000,081,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014/07/14 19:12:40 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/07/14 18:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EXPERTool
[2014/07/14 18:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\EXPERTool

========== Files - Modified Within 30 Days ==========

[2014/08/07 18:20:01 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/07 18:05:05 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/07 18:05:05 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/07 18:00:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/07 17:59:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/08/07 17:59:43 | 804,806,656 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/07 17:32:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/08/07 17:22:13 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014/08/07 17:09:06 | 000,029,160 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/08/01 21:08:39 | 000,659,580 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/08/01 21:08:39 | 000,120,508 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/07/31 17:56:13 | 000,002,503 | ---- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2014/07/14 19:13:27 | 000,414,520 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/07/14 19:12:44 | 000,779,536 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2014/07/14 19:12:44 | 000,192,352 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/07/14 19:12:44 | 000,081,768 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2014/07/14 19:12:44 | 000,071,944 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswStm.sys
[2014/07/14 19:12:44 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/07/14 19:12:44 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/07/14 19:12:44 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/07/14 19:12:40 | 000,276,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/07/14 19:12:40 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

========== Files Created - No Company Name ==========

[2014/08/07 15:49:36 | 000,029,160 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2014/08/04 14:45:37 | 000,000,741 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 12.lnk
[2014/07/31 17:56:13 | 000,002,503 | ---- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2014/07/31 17:56:13 | 000,002,491 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2014/07/31 17:54:20 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2014/07/24 10:20:12 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2014/07/14 19:12:55 | 000,192,352 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/07/14 19:12:53 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/07/14 19:12:52 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/07/14 18:59:14 | 002,991,535 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2014/06/25 15:13:58 | 000,000,092 | ---- | C] () -- C:\Users\user\AppData\Roaming\burnaware.ini
[2014/05/14 17:26:53 | 000,000,132 | ---- | C] () -- C:\Users\user\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2014/02/25 07:00:00 | 000,007,302 | ---- | C] () -- C:\Windows\cadx2.ini
[2013/12/30 11:45:01 | 000,000,096 | ---- | C] () -- C:\Users\user\AppData\Roaming\version2.xml
[2013/05/28 23:22:48 | 000,641,024 | ---- | C] () -- C:\Windows\System32\ficvdec_x86.dll
[2013/04/29 17:20:10 | 000,008,704 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/29 12:51:55 | 000,004,534 | ---- | C] () -- C:\Users\user\AppData\Roaming\CamStudio.cfg
[2013/04/29 12:50:41 | 000,000,408 | ---- | C] () -- C:\Users\user\AppData\Roaming\CamShapes.ini
[2013/04/29 12:50:41 | 000,000,408 | ---- | C] () -- C:\Users\user\AppData\Roaming\CamLayout.ini
[2013/04/29 12:50:41 | 000,000,096 | ---- | C] () -- C:\Users\user\AppData\Roaming\Camdata.ini

========== ZeroAccess Check ==========

[2009/07/14 07:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 07:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 04:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 04:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2014/06/05 16:06:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\.minecraft
[2013/05/26 11:02:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audacity
[2014/08/06 11:35:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Audio Driver Support
[2014/07/14 19:13:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AVAST Software
[2013/04/22 15:55:59 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Babylon
[2013/04/30 08:31:55 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BANDISOFT
[2013/07/04 10:03:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BitTorrent
[2014/02/03 12:48:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BSplayer
[2013/06/25 13:37:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\BSplayer Pro
[2013/10/30 20:33:11 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Canneverbe Limited
[2013/04/23 14:45:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/10/07 16:42:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
[2014/07/14 19:19:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Dropbox
[2014/07/14 19:19:13 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DropboxMaster
[2014/08/06 15:05:05 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GameRanger
[2011/07/24 17:44:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\GHISLER
[2013/05/03 10:53:08 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IsolatedStorage
[2012/07/28 14:09:36 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leadertech
[2013/06/28 10:42:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MB-Map&GPS
[2014/05/04 16:21:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\MB-Ruler
[2013/04/29 12:58:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Mirillis
[2014/08/07 10:40:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\newnext.me
[2012/07/25 07:22:07 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy
[2014/02/04 09:58:01 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Opera Software
[2014/03/19 19:06:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Oracle
[2014/08/06 14:46:06 | 000,000,000 | -H-D | M] -- C:\Users\user\AppData\Roaming\Origin
[2013/04/02 15:33:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PhotoScape
[2013/11/11 17:32:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Publish Providers
[2012/07/25 18:43:56 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ScanSoft
[2013/11/12 17:18:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony
[2013/11/12 17:51:43 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Sony Creative Software Inc
[2013/07/13 09:17:02 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TeamViewer
[2013/11/12 16:31:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TechSmith
[2014/06/15 14:53:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Transformice
[2012/07/25 07:22:47 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software
[2013/08/12 15:39:40 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Unity
[2014/08/05 16:14:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\uTorrent
[2013/03/01 15:27:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Wargaming.net
[2013/07/06 11:07:10 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\YourFileDownloader

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/09/14 21:04:02 | 097,519,942 | ---- | M] ()(C:\Windows\System32\???^) -- C:\Windows\System32\䌤ꭶᨬ^
[2013/09/14 21:04:02 | 097,519,942 | ---- | C] ()(C:\Windows\System32\???^) -- C:\Windows\System32\䌤ꭶᨬ^
< End of report >

Continutul de pe Extras.txt

OTL Extras logfile created on: 8/7/2014 6:24:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user\Downloads
Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.37 Mb Total Physical Memory | 626.97 Mb Available Physical Memory | 61.27% Memory free
2.00 Gb Paging File | 1.40 Gb Available in Paging File | 69.96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.73 Gb Total Space | 21.87 Gb Free Space | 44.89% Space Free | Partition Type: NTFS
Drive D: | 50.11 Gb Total Space | 23.72 Gb Free Space | 47.33% Space Free | Partition Type: NTFS
Drive E: | 50.11 Gb Total Space | 37.79 Gb Free Space | 75.41% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-4258389948-3788153222-501430170-1000\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DefaultInboundAction" = 0
"DefaultOutboundAction" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{87F38EC2-57EC-4531-A20C-1F5F0FA4F362}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{EFBBAFA1-4280-4DA4-BC98-808399C2475E}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D557AA7-1FDD-4A8C-8732-310CBD87DFE2}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{1EAF4CDB-05CD-4E99-9246-0DAED04F0365}" = dir=in | app=c:\users\user\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{1F39E007-B7F4-4409-AC27-F838274BD3F8}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"{22BA4AB2-AD9A-4902-A436-0CD8C5AF35F9}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{23BF2133-BED2-4DFE-8D6A-E9F255FCAEB0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{321B16E6-63DC-49B4-B165-48182BD85321}" = dir=in | app=c:\program files\intel\intelappstore\bin\ismagent.exe |
"{32A8F5A5-8667-48AB-B67C-BBBDC3602043}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{42AA2D66-D01F-44EC-AAF1-3881B026890C}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{461894BF-52FD-4E45-8CF3-4089557D7918}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\unturned\unturned.exe |
"{54F6C9DB-8270-4035-B052-5C0D3B79031D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F3B1B3B-4640-4DEE-885C-B858ED55C97A}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6BAF6C94-7EE2-4C1A-95A0-DA6BA7EFC04E}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{7BCF05D3-D40C-4244-9EEF-56A0C2B11EEF}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{816EB807-5C5F-4ED8-8A9C-6400DDF0C79F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{88CD35C5-B4A2-4CF9-8796-4DBE3AB337FC}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{894F6978-F1AC-432A-BA3B-60799C334EA5}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{8B14EBC4-9CB8-4864-AE89-1FB96F4D5E31}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{8DFF0592-7909-49FA-8067-C10D4EB2EC73}" = protocol=17 | dir=in | app=d:\games radu\vt4.exe |
"{92128626-521E-453F-BEA4-90210A6DA059}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"{931E6B5C-44F7-49F3-80FA-E12E9776971C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9E81E28E-33F3-48C6-A39D-4CC15F321098}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe |
"{A1D9B562-C50B-47E3-BFB8-9CC07C3A1671}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe |
"{A6AB2FC4-A8B4-4C52-970B-0B767FE03488}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\unturned\unturned.exe |
"{B4BD7FAD-478E-41C8-ABE0-5EDBEB9E8A26}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B78385A3-02DC-425E-AC24-5C89780B0BEB}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe |
"{D273C605-C94D-4D5D-AC39-F2BAE6BAB671}" = protocol=6 | dir=in | app=d:\games radu\vt4.exe |
"{E1CDD282-C35F-47C6-A9C4-3ADA134E04AB}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{E2EA37A3-C827-401E-8F95-502AA533E2AB}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe |
"{E6FCF0BD-AE38-4C0A-B42B-DE53AAFCFB70}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{06DCA286-7D68-46D3-B82E-26B603D8DCD9}E:\backup c 24 iulie 2011\odc\odc.exe" = protocol=6 | dir=in | app=e:\backup c 24 iulie 2011\odc\odc.exe |
"TCP Query User{1DD524C8-C80C-4116-84DE-34B8BA8A173A}C:\program files\Microsoft Office\Office12\GROOVE.EXE" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{1FF79C00-7CD2-474A-B302-F0C26616B787}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"TCP Query User{25728C09-1F93-4526-A08E-9274E512435A}C:\users\user\appdata\roaming\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
"TCP Query User{311F6960-8ED1-48DB-A54A-C9F2FA0C7F63}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{3F6D3728-F58A-4223-87A8-5D9AB45CBF44}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"TCP Query User{4DBD630C-8E7F-47D7-B80D-E4552F17EF34}D:\games radu\fifa 14 ultimate edition\game\fifa14.exe" = protocol=6 | dir=in | app=d:\games radu\fifa 14 ultimate edition\game\fifa14.exe |
"TCP Query User{52BCD324-7A9A-4A73-9837-9A271AF900C5}D:\games radu\fifa 14 ultimate edition multi14-fullunlocked\fifa 14\game\fifa14.exe" = protocol=6 | dir=in | app=d:\games radu\fifa 14 ultimate edition multi14-fullunlocked\fifa 14\game\fifa14.exe |
"TCP Query User{637B6997-BB54-48AC-88BA-34386EF74B31}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{6C008B85-88D3-4B26-87DC-45797F4F93E2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{831391B3-77E1-43C5-971D-B501A3D8C413}D:\games radu\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=d:\games radu\fifa 12\game\fifa.exe |
"TCP Query User{8947E52C-32DA-49D5-8D3A-92EA0C9B89B5}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{8AEE6708-FF85-4F5C-A337-BF3E3FC52EF9}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{A7FD7BE2-6E65-48E2-879F-EE2419BDF990}C:\users\user\appdata\roaming\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"TCP Query User{AF71494A-B464-4D56-ABD7-39B537B2346C}D:\games radu\fifa 14\game\fifa14.exe" = protocol=6 | dir=in | app=d:\games radu\fifa 14\game\fifa14.exe |
"TCP Query User{B9639E75-63D8-4C0B-A78B-6F0724FAD647}D:\games radu\virtua tennis 4\vt4.exe" = protocol=6 | dir=in | app=d:\games radu\virtua tennis 4\vt4.exe |
"TCP Query User{C3E19521-5AEF-440C-95EC-D50B84D7C8B8}E:\backup c 24 iulie 2011\odc\odc.exe" = protocol=6 | dir=in | app=e:\backup c 24 iulie 2011\odc\odc.exe |
"TCP Query User{D05FF961-7B84-4D10-8318-6EDE52AB368E}C:\program files\EA SPORTS\FIFA 07\fifa07.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 07\fifa07.exe |
"TCP Query User{E4FB86F3-382F-4ECA-A4C2-254946AAF0C5}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{FCEB4437-BEB9-45A7-B7A3-55DF10957725}F:\easysetupassistant\wr741n\easysetupassistant.exe" = protocol=6 | dir=in | app=f:\easysetupassistant\wr741n\easysetupassistant.exe |
"UDP Query User{00C8D6E4-1407-4258-B8FC-4E095C1FA0C0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{0919F936-905E-40F9-8DD0-49EA359EC15C}C:\users\user\appdata\roaming\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\bittorrent\bittorrent.exe |
"UDP Query User{14ADC685-D11A-4E69-B95F-CF6B920FB2E5}D:\games radu\fifa 14 ultimate edition multi14-fullunlocked\fifa 14\game\fifa14.exe" = protocol=17 | dir=in | app=d:\games radu\fifa 14 ultimate edition multi14-fullunlocked\fifa 14\game\fifa14.exe |
"UDP Query User{196F658F-2694-41CD-8230-597D0DE77460}C:\program files\EA SPORTS\FIFA 07\fifa07.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 07\fifa07.exe |
"UDP Query User{1E583687-2255-4A1B-845B-281535841F0B}D:\games radu\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=d:\games radu\fifa 12\game\fifa.exe |
"UDP Query User{21AA2D91-BA9F-480B-B0A0-058972ABFE19}D:\games radu\fifa 14 ultimate edition\game\fifa14.exe" = protocol=17 | dir=in | app=d:\games radu\fifa 14 ultimate edition\game\fifa14.exe |
"UDP Query User{2211C3B1-579A-4354-9157-0F7BAC276BBA}F:\easysetupassistant\wr741n\easysetupassistant.exe" = protocol=17 | dir=in | app=f:\easysetupassistant\wr741n\easysetupassistant.exe |
"UDP Query User{2266572B-5469-43ED-8C00-A256996A05E5}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{442F2079-5D0B-4412-82ED-7DE6E9B4964D}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe |
"UDP Query User{4BF45761-8145-4136-B61A-A0CFC9AA7F0D}E:\backup c 24 iulie 2011\odc\odc.exe" = protocol=17 | dir=in | app=e:\backup c 24 iulie 2011\odc\odc.exe |
"UDP Query User{509E31B2-14FB-45FA-BED6-E2F4792CD10E}D:\games radu\virtua tennis 4\vt4.exe" = protocol=17 | dir=in | app=d:\games radu\virtua tennis 4\vt4.exe |
"UDP Query User{5E6CA123-D79B-4B78-AF70-EAE976593B4D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{71EB23C3-8C32-416A-B844-5DB47EDE7B06}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{8346E7A0-3C25-406A-AC22-5600A1F7150E}C:\users\user\appdata\roaming\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\utorrent\utorrent.exe |
"UDP Query User{88205164-B061-4745-8DEC-1FDB6E25142B}E:\backup c 24 iulie 2011\odc\odc.exe" = protocol=17 | dir=in | app=e:\backup c 24 iulie 2011\odc\odc.exe |
"UDP Query User{B5B17E18-D231-4A3E-8FC7-832766E3D048}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{BE6A3A21-3CEE-4789-A8F8-096B9D970444}C:\program files\Microsoft Office\Office12\GROOVE.EXE" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{BEC42E5B-9486-4DD6-BB09-A35AE7B8C708}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{CFFD8FDC-4F4F-4DBE-99DB-1DFF16D1AB9A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D5F4B463-7F03-4D6F-8852-0CA84A93977F}D:\games radu\fifa 14\game\fifa14.exe" = protocol=17 | dir=in | app=d:\games radu\fifa 14\game\fifa14.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series
"{19B0831B-0C18-4103-86E4-90FCD04CD3B9}" = System Requirements Lab CYRI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21B632E1-4B3D-4AC2-9ABD-E00544F67D48}" = ***** Plus for IE (32-bit)
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 60
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™
"{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1" = EXPERTool v9.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7363206E-C7BD-45CD-89A0-792B28409811}_is1" = MB-Ruler
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{924C3DC2-8E4E-432E-F973-9A2174A39774}" = sAefaeo- ssave
"{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}" = Software Version Updater
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D303B}" = USB PC Camera (ZC0301PLH)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CE3B8E96-B0AF-4871-9178-1519B58E3A93}" = USB PC Camera (ZC0301PLH)
"{CF097717-F174-4144-954A-FBC4BF301033}" = Nero 7 Essentials
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{fd97d1e2-368a-4cd9-af63-8eeff938044a}" = ***** Plus for IE
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2007
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Avast" = avast! Free Antivirus
"BSPlayerf" = BS.Player FREE
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DAEMON Tools Lite" = Daemon Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Euro Truck Simulator 1.3" = Euro Truck Simulator 1.3
"FIFA 12 © EA_is1" = FIFA 12 © EA version 1
"GFWL_{53450FA2-E900-456E-9715-501000008200}" = Virtua Tennis 4™
"Google Chrome" = Google Chrome
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mirillis Action!" = Action!
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"music2pc_is1" = music2pc 2.18
"Opera 19.0.1326.56" = Opera Stable 19.0.1326.56
"Origin" = Origin
"Picasa 3" = Picasa 3
"Setup - FIFA 14 Ultimate Edition ..." = Setup - FIFA 14 Ultimate Edition ...
"Sony Vegas Pro Pre-Cracked By Exµs" = Sony Vegas Pro Pre-Cracked By Exµs 11.0
"SopCast" = Sopcast 3.8.3
"SP_0bdf5975" = SafeSaver 1.74
"SP_b0285714" = Search Assistant WebSearch 1.74
"TeamViewer 8" = TeamViewer 8
"TechPowerUp GPU-Z" = TechPowerUp GPU-Z
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 2.1.0
"Winamp" = Winamp (remove only)
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4258389948-3788153222-501430170-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Power Loader" = Power Challenge Game Plugin
"UnityWebPlayer" = Unity Web Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4258389948-3788153222-501430170-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"BitTorrent" = BitTorrent
"Power Loader" = Power Challenge Game Plugin
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2014 7:47:48 AM | Computer Name = user-PC | Source = Application Hang | ID = 1002
Description = The program opera.exe version 19.0.1326.56 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: fb8 Start
Time: 01cfa8b92e3ddcc0 Termination Time: 1776 Application Path: C:\Program Files\Opera\19.0.1326.56\opera.exe
Report
Id: a2c203b1-14ba-11e4-86a3-001e8c6b0358

Error - 7/29/2014 12:50:11 PM | Computer Name = user-PC | Source = Application Hang | ID = 1002
Description = The program Unturned.exe version 4.5.2.25830 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ea8 Start
Time: 01cfab4cba9152c0 Termination Time: 119 Application Path: D:\Steam\steamapps\common\Unturned\Unturned.exe
Report
Id: 60476151-1740-11e4-b945-001e8c6b0358

Error - 7/30/2014 7:26:50 AM | Computer Name = user-PC | Source = Application Hang | ID = 1002
Description = The program uTorrent.exe version 3.4.1.30888 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1428 Start
Time: 01cfabe5517227d0 Termination Time: 921 Application Path: C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
Report
Id: 52ca67b1-17dc-11e4-aef3-001e8c6b0358

Error - 7/31/2014 5:26:22 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: opera.exe, version: 19.0.1326.56, time
stamp: 0x52e8af01  Faulting module name: webplayer_win.dll, version: 4.3.7.33236,
time stamp: 0x536a098f  Exception code: 0xc0000005  Fault offset: 0x003a5430  Faulting
process id: 0xb0c  Faulting application start time: 0x01cfac9f36f19fc0  Faulting application
path: C:\Program Files\Opera\19.0.1326.56\opera.exe  Faulting module path: C:\Users\user\AppData\LocalLow\Unity\WebPlayer\player\Stable3.x.x\webplayer_win.dll
Report
Id: bbbddc30-1894-11e4-889f-001e8c6b0358

Error - 8/1/2014 8:26:55 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WebKit2WebProcess.exe, version: 7534.57.2.4,
time stamp: 0x4f97642d  Faulting module name: JavascriptCore.dll, version: 7534.57.3.3,
time stamp: 0x4f973ed0  Exception code: 0xc0000005  Fault offset: 0x0008e8b5  Faulting
process id: 0x9e8  Faulting application start time: 0x01cfad803f959320  Faulting application
path: C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe  Faulting
module path: C:\Program Files\Safari\Apple Application Support\JavascriptCore.dll
Report
Id: 1f492f10-1977-11e4-a9c2-001e8c6b0358

Error - 8/1/2014 8:37:12 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: WebKit2WebProcess.exe, version: 7534.57.2.4,
time stamp: 0x4f97642d  Faulting module name: WebKit.dll, version: 7534.57.2.4, time
stamp: 0x4f976417  Exception code: 0xc0000005  Fault offset: 0x000c7f63  Faulting process
id: 0x86c  Faulting application start time: 0x01cfad84b75f82e0  Faulting application
path: C:\Program Files\Safari\Apple Application Support\WebKit2WebProcess.exe  Faulting
module path: C:\Program Files\Safari\Apple Application Support\WebKit.dll  Report
Id: 8f0c2fe0-1978-11e4-a9c2-001e8c6b0358

Error - 8/1/2014 9:37:44 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: fifa14.exe, version: 1.2.0.0, time stamp:
0x03f40040  Faulting module name: fifa14.exe, version: 1.2.0.0, time stamp: 0x03f40040
Exception
code: 0xc0000005  Fault offset: 0x001b4cc3  Faulting process id: 0x12d8  Faulting application
start time: 0x01cfad8db95a90e0  Faulting application path: D:\Games Radu\FIFA 14
ULTIMATE EDITION MULTI14-FULLUNLOCKED\FIFA 14\Game\fifa14.exe  Faulting module path:
D:\Games Radu\FIFA 14 ULTIMATE EDITION MULTI14-FULLUNLOCKED\FIFA 14\Game\fifa14.exe
Report
Id: 03e58ac0-1981-11e4-a9c2-001e8c6b0358

Error - 8/6/2014 4:35:56 AM | Computer Name = user-PC | Source = .NET Runtime | ID = 1026
Description =

Error - 8/6/2014 4:35:57 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RegSvcs.exe, version: 0.0.0.0, time stamp:
0x52bad995  Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206, time stamp:
0x50e65f4f  Exception code: 0xe0434352  Fault offset: 0x0000969b  Faulting process id:
0x1194  Faulting application start time: 0x01cfb15169a91e00  Faulting application path:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe  Faulting module path:
C:\Windows\system32\KERNELBASE.dll  Report Id: af4e6690-1d44-11e4-a8d7-001e8c6b0358

Error - 8/6/2014 4:36:05 AM | Computer Name = user-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RegSvcs.exe, version: 0.0.0.0, time stamp:
0x52bad995  Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206, time stamp:
0x50e65f4f  Exception code: 0xe0434352  Fault offset: 0x0000969b  Faulting process id:
0x1194  Faulting application start time: 0x01cfb15169a91e00  Faulting application path:
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe  Faulting module path:
C:\Windows\system32\KERNELBASE.dll  Report Id: b3f3f9d0-1d44-11e4-a8d7-001e8c6b0358

[ System Events ]
Error - 8/4/2014 11:43:06 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7000
Description = The UPnP Device Host service failed to start due to the following
error:   %%1069

Error - 8/5/2014 9:54:37 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 8/5/2014 9:56:53 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 8/5/2014 9:57:59 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 8/5/2014 9:59:38 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 8/6/2014 3:29:13 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 8/6/2014 3:31:54 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 8/6/2014 3:33:45 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 8/6/2014 3:35:34 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.

Error - 8/6/2014 3:37:10 AM | Computer Name = user-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the eventlog service.


< End of report >

Ruleaza din nou OTL.
Pentru Windows Vista sau Windows 7,
click dreapta, selecteaza Run as administrator.

Copiaza ce e citat mai jos si "Paste"(Lipeste) textul in OTL.

Quote

Vezi pe imagine cum.
Apasa Run Fix.
Posteaza logul aici.

[ http://s23.postimg.org/6ui8tyrrv/OTLsc.jpg - Pentru incarcare in pagina (embed) Click aici ]

MhG_40, on 07 august 2014 - 18:05, said:

All processes killed
========== PROCESSES ==========
========== OTL ==========
Process SkypeC2CAutoUpdateSvc.exe killed successfully!
Process SkypeC2CPNRSvc.exe killed successfully!
Service c2cautoupdatesvc stopped successfully!
Service c2cautoupdatesvc deleted successfully!
C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe moved successfully.
Service c2cpnrsvc stopped successfully!
Service c2cpnrsvc deleted successfully!
C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe moved successfully.
Service YahooAUService stopped successfully!
Service YahooAUService deleted successfully!
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe moved successfully.
Service IJPLMSVC stopped successfully!
Service IJPLMSVC deleted successfully!
C:\Program Files\Canon\IJPLM\ijplmsvc.exe moved successfully.
Service EagleXNt stopped successfully!
Service EagleXNt deleted successfully!
File C:\Windows\system32\drivers\EagleXNt.sys not found.
Error: No service named app5t3ss was found to stop!
Service\Driver key app5t3ss not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4258389948-3788153222-501430170-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-4258389948-3788153222-501430170-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}\ not found.
Registry key HKEY_USERS\S-1-5-21-4258389948-3788153222-501430170-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\s6rfmjig.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\Web Search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19a395c9-823b-4700-b817-396fc84ffb16}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19a395c9-823b-4700-b817-396fc84ffb16}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{19a395c9-823b-4700-b817-396fc84ffb16} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19a395c9-823b-4700-b817-396fc84ffb16}\ not found.
Registry value HKEY_USERS\S-1-5-21-4258389948-3788153222-501430170-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
C:\Program Files\DAEMON Tools Lite\DTLite.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-4258389948-3788153222-501430170-1001\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
File C:\Program Files\DAEMON Tools Lite\DTLite.exe not found.
C:\Program Files\EXPERTool\UI\status folder moved successfully.
C:\Program Files\EXPERTool\UI\setting folder moved successfully.
C:\Program Files\EXPERTool\UI\memory folder moved successfully.
C:\Program Files\EXPERTool\UI\main\sli folder moved successfully.
C:\Program Files\EXPERTool\UI\main\right_nav folder moved successfully.
C:\Program Files\EXPERTool\UI\main\overclock folder moved successfully.
C:\Program Files\EXPERTool\UI\main\NV_control folder moved successfully.
C:\Program Files\EXPERTool\UI\main\number_xl folder moved successfully.
C:\Program Files\EXPERTool\UI\main\number_s folder moved successfully.
C:\Program Files\EXPERTool\UI\main\momory folder moved successfully.
C:\Program Files\EXPERTool\UI\main\left_nav folder moved successfully.
C:\Program Files\EXPERTool\UI\main\GW_logo folder moved successfully.
C:\Program Files\EXPERTool\UI\main\fan_duty folder moved successfully.
C:\Program Files\EXPERTool\UI\main\core folder moved successfully.
C:\Program Files\EXPERTool\UI\main\CF folder moved successfully.
C:\Program Files\EXPERTool\UI\main\auto folder moved successfully.
C:\Program Files\EXPERTool\UI\main\adjust folder moved successfully.
C:\Program Files\EXPERTool\UI\main folder moved successfully.
C:\Program Files\EXPERTool\UI\information folder moved successfully.
C:\Program Files\EXPERTool\UI\fan_adjust folder moved successfully.
C:\Program Files\EXPERTool\UI\core folder moved successfully.
C:\Program Files\EXPERTool\UI folder moved successfully.
C:\Program Files\EXPERTool folder moved successfully.
C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Users\user\AppData\Roaming\Babylon folder moved successfully.
C:\Users\user\AppData\Roaming\newnext.me\cache folder moved successfully.
C:\Users\user\AppData\Roaming\newnext.me folder moved successfully.
C:\Users\user\AppData\Roaming\OpenCandy\OpenCandy_5D7BF07CF8C64D4FA99CC2ACB21A5571 folder moved successfully.
C:\Users\user\AppData\Roaming\OpenCandy\5D7BF07CF8C64D4FA99CC2ACB21A5571 folder moved successfully.
C:\Users\user\AppData\Roaming\OpenCandy folder moved successfully.
C:\Users\user\AppData\Roaming\YourFileDownloader folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\user\Downloads\cmd.bat deleted successfully.
C:\Users\user\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: user
->Temp folder emptied: 2571610 bytes
->Temporary Internet Files folder emptied: 972485 bytes
->Java cache emptied: 666663 bytes
->FireFox cache emptied: 74087833 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 76596 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 345662 bytes
RecycleBin emptied: 608715 bytes

Total Files Cleaned = 76.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

User: user
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08072014_192733
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...

Scaneaza cu ESET Online Scanner si posteaza aici logul.