Preventivka - asi malware

[Márty84]

OK, jeste to OTL. Mimochodem, z dneska tam mate nejakou novinku. Znate to?

2013-01-05 15:55:42 ----A---- C:\Windows\system32\drivers\whbt.sys

Google nic takoveho nezna, coz je krajne podezrele Otestujte ten soubor na virustotal, pripadne jotti http://forum.viry.cz/viewtopic.php?f=29&t=5846

[Nikolaos Koulisianis]

OTL logfile created on: 5.1.2013 16:00:44 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nikos\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,01 Gb Available Physical Memory | 50,45% Memory free
4,00 Gb Paging File | 2,46 Gb Available in Paging File | 61,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 80,08 Gb Total Space | 11,84 Gb Free Space | 14,78% Space Free | Partition Type: NTFS
Drive D: | 99,61 Gb Total Space | 17,05 Gb Free Space | 17,12% Space Free | Partition Type: NTFS
Drive G: | 53,20 Gb Total Space | 27,96 Gb Free Space | 52,57% Space Free | Partition Type: NTFS

Computer Name: NIKOS-PC | User Name: Nikos | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.01 14:21:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nikos\Desktop\OTL.exe
PRC - [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012.11.01 20:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2012.07.11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011.12.08 17:37:18 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011.12.08 17:34:58 | 001,527,104 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011.10.21 10:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.08.18 02:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe


========== Modules (No Company Name) ==========

MOD - [2012.12.05 02:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012.12.05 02:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012.12.05 02:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012.12.05 02:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012.12.05 02:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012.12.05 02:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012.12.05 02:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012.12.05 02:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2010.03.15 11:28:24 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2012.12.11 20:57:21 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.07.11 19:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2012.06.07 18:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.12.08 17:34:58 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.12.08 17:31:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.11.07 22:28:23 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.08.18 02:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.05.31 16:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (a6er9pfo)
DRV - [2013.01.05 15:55:43 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\whbt.sys -- (qwiua)
DRV - [2012.12.21 08:48:09 | 000,007,040 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBDrv.sys -- (usbUDisc)
DRV - [2012.10.30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.10.30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.10.30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.10.30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.10.30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.10.15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012.08.02 18:15:20 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.08.02 18:15:20 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011.07.22 17:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.05.18 08:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.11.03 15:39:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.10.07 13:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.08.18 03:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.13 23:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008.03.04 02:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007.04.23 12:54:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mgmt.sys -- (s115mgmt)
DRV - [2007.04.23 12:54:50 | 000,098,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115obex.sys -- (s115obex)
DRV - [2007.04.23 12:54:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdm.sys -- (s115mdm)
DRV - [2007.04.23 12:54:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115mdfl.sys -- (s115mdfl)
DRV - [2007.04.23 12:54:46 | 000,083,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s115bus.sys -- (s115bus)
DRV - [2007.01.15 14:28:20 | 000,070,144 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2005.09.23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3453027719-967907754-1008735648-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-3453027719-967907754-1008735648-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKU\S-1-5-21-3453027719-967907754-1008735648-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKU\S-1-5-21-3453027719-967907754-1008735648-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3453027719-967907754-1008735648-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKU\S-1-5-21-3453027719-967907754-1008735648-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3453027719-967907754-1008735648-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKU\S-1-5-21-3453027719-967907754-1008735648-1001\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3453027719-967907754-1008735648-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3453027719-967907754-1008735648-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-3453027719-967907754-1008735648-1001\..\SearchScopes\{067EEE88-00C3-4905-BFBA-9DAFE8EB00D4}: "URL" = http://websearch.ask.com/redirect?clien ... 8CE833367E
IE - HKU\S-1-5-21-3453027719-967907754-1008735648-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\S-1-5-21-3453027719-967907754-1008735648-1001\..\SearchScopes\{C651879F-DC83-45B9-B76E-77B28873590F}: "URL" = http://search.centrum.cz/index.php?q={s ... trum-1.0.0
IE - HKU\S-1-5-21-3453027719-967907754-1008735648-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.5
FF - prefs.js..extensions.enabledItems: wrc@avast.com:7.0.1466
FF - prefs.js..extensions.enabledItems: support@mask-myip.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.12.0.8
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.2.1
FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.1
FF - prefs.js..network.proxy.ftp: "198.36.222.8"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "198.36.222.8"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "198.36.222.8"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Nikos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\Cetrumcz@igeared: C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2012.11.16 06:29:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\50db362d8cc9e@50db362d8ccd7.com: C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\50db362d8cc9e@50db362d8ccd7.com [2012.12.26 18:20:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.01 08:49:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.05 08:22:09 | 000,000,000 | ---D | M]

[2010.11.02 21:14:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikos\AppData\Roaming\Mozilla\Extensions
[2013.01.02 12:57:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions
[2012.07.20 18:50:35 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012.12.26 18:20:11 | 000,000,000 | ---D | M] (continuetosave) -- C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\50db362d8cc9e@50db362d8ccd7.com
[2011.09.13 15:08:18 | 000,000,000 | ---D | M] (FireGestures) -- C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\firegestures@xuldev.org
[2012.07.20 16:37:39 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2011.10.09 07:25:14 | 000,000,000 | ---D | M] (Mask My IP) -- C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\support@mask-myip.com
[2012.03.11 08:03:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.11.10 19:12:03 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.03.11 08:03:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.11.16 06:29:49 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
File not found (No name found) -- C:\USERS\NIKOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X04ZY9EQ.DEFAULT\EXTENSIONS\{32A1FD71-835E-4B11-8E54-886FDA0B4C89}
File not found (No name found) -- C:\USERS\NIKOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X04ZY9EQ.DEFAULT\EXTENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03}
[2010.03.26 07:34:16 | 000,001,425 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Cetrumcz_igeared.xml
[2010.11.27 16:00:04 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.11.27 16:00:04 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2010.11.27 16:00:04 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.11.27 16:00:04 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.11.27 16:00:04 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com/search?q={searchT ... utf-8&aq=t
CHR - default_search_provider: suggest_url = http://suggestqueries.google.com/comple ... earchTerms},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Nikos\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Translate = C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: Disk Google = C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Kalend\u00E1\u0159 Google = C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: PicMonkey = C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm\1.5_0\
CHR - Extension: avast! WebRep = C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: continuetosave = C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\jokidimojepnnmokgkejhdemceogapfi\3.9_0\
CHR - Extension: Nejlep\u0161\u00ED hry = C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\kheikdbkbpgjphjhmhghgabdhcldfcpg\1.0_0\
CHR - Extension: Evernote Web = C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol\1.0.7_0\
CHR - Extension: Kontrola e-mailu Google = C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Simple Christmas = C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfngdachcmmioepljkfoippkhncdjbkf\1.0_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: uTorrentControl2 = C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.18.20_0\
CHR - Extension: Gmail = C:\Users\Nikos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {95289393-33EA-4F8D-B952-483415B9C955} - No CLSID value found.
O2 - BHO: (continuetosave) - {B6CD0FE8-3D38-3FC9-2EAC-719A63666601} - C:\ProgramData\continuetosave\50db362d8ce63.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3453027719-967907754-1008735648-1001\..\Toolbar\WebBrowser: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - No CLSID value found.
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-3453027719-967907754-1008735648-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3453027719-967907754-1008735648-1001..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C291C63-8B78-434E-B851-8CA473CB98B1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E75F4732-626B-4D53-8ED6-AAF31A8361EB}: DhcpNameServer = 192.168.137.1
O18 - Protocol\Handler\centrumcztoolbar - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0b5f6c8c-e7c6-11df-a6cd-0016d38adf33}\Shell - "" = AutoRun
O33 - MountPoints2\{0b5f6c8c-e7c6-11df-a6cd-0016d38adf33}\Shell\AutoRun\command - "" = F:\Installer.exe
O33 - MountPoints2\{d9de0fb1-1369-11e1-995d-0016d38adf33}\Shell - "" = AutoRun
O33 - MountPoints2\{d9de0fb1-1369-11e1-995d-0016d38adf33}\Shell\AutoRun\command - "" = H:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.05 11:49:57 | 000,000,000 | ---D | C] -- C:\Users\Nikos\AppData\Roaming\Malwarebytes
[2013.01.05 11:49:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.01 16:02:01 | 000,000,000 | ---D | C] -- C:\Users\Nikos\AppData\Roaming\SUPERAntiSpyware.com
[2013.01.01 16:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.01.01 16:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.01.01 16:01:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.01.01 14:20:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nikos\Desktop\OTL.exe
[2013.01.01 09:07:57 | 000,000,000 | ---D | C] -- C:\rsit
[2012.12.31 10:09:35 | 000,000,000 | ---D | C] -- C:\Users\Nikos\AppData\Local\adaware
[2012.12.31 10:09:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012.12.31 10:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012.12.31 10:07:29 | 000,000,000 | ---D | C] -- C:\Users\Nikos\AppData\Local\Programs
[2012.12.28 16:28:22 | 000,000,000 | ---D | C] -- C:\Users\Nikos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Camfrog Video Chat 6.4
[2012.12.27 12:07:50 | 000,000,000 | ---D | C] -- C:\Windows\FltMgr
[2012.12.27 12:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\PogiSys
[2012.12.26 18:20:36 | 000,000,000 | ---D | C] -- C:\ProgramData\WoW Worldwide Software LTD
[2012.12.26 18:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\SoftQuick
[2012.12.26 18:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\ContinueToSave
[2012.12.26 18:20:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\continuetosave
[2012.12.26 18:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\continuetosave
[2012.12.23 12:10:04 | 000,000,000 | ---D | C] -- C:\Users\Nikos\AppData\Local\PunkBuster
[2012.12.23 11:56:23 | 000,000,000 | ---D | C] -- C:\Users\Nikos\Documents\Battlefield Play4Free
[2012.12.23 11:30:59 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2012.12.21 20:35:10 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.21 20:35:09 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.21 08:44:30 | 000,007,040 | ---- | C] (Scott) -- C:\Windows\System32\drivers\USBDrv.sys
[2012.12.21 08:44:06 | 000,000,000 | ---D | C] -- C:\Users\Nikos\tab
[2012.12.12 21:23:40 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.12 21:23:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.12 21:23:38 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.12 21:23:37 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.12 21:23:37 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.12 21:23:35 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.12 21:23:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.12 21:23:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.12 10:47:20 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.12 10:46:57 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.12 10:46:57 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.12 10:46:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 10:46:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 10:46:50 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 10:46:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 10:46:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 10:46:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 10:46:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 10:46:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 10:46:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 10:46:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 10:46:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 10:46:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 10:46:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 10:46:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 10:46:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 10:46:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 10:46:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 10:46:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 10:46:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 10:46:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 10:46:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 10:46:46 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 10:46:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 10:46:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 10:46:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 10:46:45 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 10:46:45 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 10:46:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 10:46:24 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.12 10:46:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.09 17:52:32 | 000,000,000 | ---D | C] -- C:\Users\Nikos\Documents\pro otce_mcf-Dateien
[2012.12.09 17:33:47 | 000,000,000 | ---D | C] -- C:\Users\Nikos\Documents\restore
[2012.12.09 17:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2012.12.09 17:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\hps
[2012.12.09 17:17:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dm paradies foto 3
[2012.12.09 17:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\dm
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.05 16:02:01 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7265e1a6-8e8f-4f2f-aa0b-197e3408008b.job
[2013.01.05 15:55:43 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\whbt.sys
[2013.01.05 15:54:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.05 15:13:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.05 11:13:00 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.05 08:11:31 | 000,000,510 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c5387644-9715-435f-876d-921df2a91af2.job
[2013.01.05 08:11:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.03 10:35:06 | 000,020,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.03 10:35:06 | 000,020,576 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.03 10:27:24 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.02 08:06:59 | 000,551,997 | ---- | M] () -- C:\Users\Nikos\Desktop\adwcleaner.exe
[2013.01.01 14:27:59 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2013.01.01 14:21:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nikos\Desktop\OTL.exe
[2012.12.31 15:00:23 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat
[2012.12.28 16:28:22 | 000,002,153 | ---- | M] () -- C:\Users\Nikos\Application Data\Microsoft\Internet Explorer\Quick Launch\Camfrog Video Chat 6.4.lnk
[2012.12.28 16:28:22 | 000,002,129 | ---- | M] () -- C:\Users\Nikos\Desktop\Camfrog.lnk
[2012.12.28 12:20:11 | 000,007,602 | ---- | M] () -- C:\Users\Nikos\AppData\Local\Resmon.ResmonCfg
[2012.12.27 17:27:18 | 000,631,548 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.12.27 17:27:18 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.27 17:27:18 | 000,388,752 | ---- | M] () -- C:\Windows\System32\perfh011.dat
[2012.12.27 17:27:18 | 000,122,156 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.12.27 17:27:18 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc011.dat
[2012.12.27 17:27:18 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.26 14:57:15 | 000,139,424 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.12.26 14:57:04 | 000,282,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.12.26 14:55:50 | 000,234,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.12.23 11:45:24 | 000,138,056 | ---- | M] () -- C:\Users\Nikos\AppData\Roaming\PnkBstrK.sys
[2012.12.22 08:03:27 | 000,553,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.21 10:40:31 | 001,358,887 | ---- | M] () -- C:\Users\Nikos\Desktop\20121206092228.pdf
[2012.12.21 09:20:32 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.12.21 08:48:09 | 000,007,040 | ---- | M] (Scott) -- C:\Windows\System32\drivers\USBDrv.sys
[2012.12.21 08:48:09 | 000,001,375 | ---- | M] () -- C:\Windows\System32\drivers\USBDrv.inf
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.13 14:20:58 | 000,002,320 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.11 20:57:20 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.11 20:57:20 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.09 17:52:32 | 000,012,099 | ---- | M] () -- C:\Users\Nikos\Documents\pro otce.mcf
[2012.12.09 17:17:42 | 000,001,208 | ---- | M] () -- C:\Users\Public\Desktop\CEWE prezentace fotografií.lnk
[2012.12.09 17:17:42 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\dm paradies foto 3.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.05 15:55:42 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\whbt.sys
[2013.01.02 08:06:26 | 000,551,997 | ---- | C] () -- C:\Users\Nikos\Desktop\adwcleaner.exe
[2013.01.01 18:48:15 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c5387644-9715-435f-876d-921df2a91af2.job
[2013.01.01 16:02:52 | 000,000,510 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7265e1a6-8e8f-4f2f-aa0b-197e3408008b.job
[2013.01.01 14:27:59 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.12.31 15:00:23 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat
[2012.12.28 16:28:22 | 000,002,153 | ---- | C] () -- C:\Users\Nikos\Application Data\Microsoft\Internet Explorer\Quick Launch\Camfrog Video Chat 6.4.lnk
[2012.12.28 16:28:22 | 000,002,129 | ---- | C] () -- C:\Users\Nikos\Desktop\Camfrog.lnk
[2012.12.28 12:20:11 | 000,007,602 | ---- | C] () -- C:\Users\Nikos\AppData\Local\Resmon.ResmonCfg
[2012.12.23 12:11:46 | 000,282,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.12.23 11:45:24 | 000,139,424 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.12.23 11:45:23 | 000,138,056 | ---- | C] () -- C:\Users\Nikos\AppData\Roaming\PnkBstrK.sys
[2012.12.23 11:44:47 | 000,282,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.12.23 11:44:47 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.12.23 11:44:33 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.12.21 10:40:31 | 001,358,887 | ---- | C] () -- C:\Users\Nikos\Desktop\20121206092228.pdf
[2012.12.21 08:44:30 | 000,001,375 | ---- | C] () -- C:\Windows\System32\drivers\USBDrv.inf
[2012.12.09 17:52:31 | 000,012,099 | ---- | C] () -- C:\Users\Nikos\Documents\pro otce.mcf
[2012.12.09 17:17:42 | 000,001,208 | ---- | C] () -- C:\Users\Public\Desktop\CEWE prezentace fotografií.lnk
[2012.12.09 17:17:42 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\dm paradies foto 3.lnk
[2012.01.08 10:11:44 | 000,127,078 | ---- | C] () -- C:\Users\Nikos\Zarlivost.pdf
[2011.07.17 06:29:14 | 000,292,004 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2011.07.17 06:29:14 | 000,036,232 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2011.07.17 06:29:13 | 000,631,548 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2011.07.17 06:29:13 | 000,122,156 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2011.07.17 06:12:20 | 000,141,988 | ---- | C] () -- C:\Windows\System32\perfi011.dat
[2011.07.17 06:12:19 | 000,388,752 | ---- | C] () -- C:\Windows\System32\perfh011.dat
[2011.07.17 06:12:19 | 000,106,622 | ---- | C] () -- C:\Windows\System32\perfc011.dat
[2011.07.17 06:12:19 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd011.dat
[2011.06.09 07:04:48 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.09 07:03:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.05.15 15:55:29 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.05.15 15:55:29 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.05.12 16:18:04 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011.05.12 16:18:04 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011.05.12 16:18:04 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.12.17 16:59:20 | 000,090,944 | ---- | C] () -- C:\Users\Nikos\web_ka.pdf
[2010.12.10 07:46:41 | 000,043,237 | ---- | C] () -- C:\Users\Nikos\koulisianis-cv-eng.pdf
[2010.12.10 07:46:26 | 000,043,804 | ---- | C] () -- C:\Users\Nikos\koulisianis-cv-cze.pdf
[2010.11.03 15:34:52 | 000,005,632 | ---- | C] () -- C:\Users\Nikos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.02 19:44:14 | 000,011,668 | ---- | C] () -- C:\Users\Nikos\ffdshow.reg

========== ZeroAccess Check ==========

[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2010.11.12 22:48:27 | 000,000,000 | ---D | M] -- C:\Users\Nikos\AppData\Roaming\2K Sports
[2012.12.31 10:15:19 | 000,000,000 | ---D | M] -- C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus
[2012.10.23 18:18:50 | 000,000,000 | ---D | M] -- C:\Users\Nikos\AppData\Roaming\BSplayer
[2010.11.02 19:39:53 | 000,000,000 | ---D | M] -- C:\Users\Nikos\AppData\Roaming\BSplayer Pro
[2012.11.25 08:17:32 | 000,000,000 | ---D | M] -- C:\Users\Nikos\AppData\Roaming\Camfrog
[2010.11.07 06:55:50 | 000,000,000 | ---D | M] -- C:\Users\Nikos\AppData\Roaming\DAEMON Tools Lite
[2010.12.26 08:18:14 | 000,000,000 | ---D | M] -- C:\Users\Nikos\AppData\Roaming\Leadertech
[2011.10.09 07:24:11 | 000,000,000 | ---D | M] -- C:\Users\Nikos\AppData\Roaming\MaskMyIP
[2012.08.15 16:55:40 | 000,000,000 | ---D | M] -- C:\Users\Nikos\AppData\Roaming\Miranda
[2011.08.13 07:36:12 | 000,000,000 | ---D | M] -- C:\Users\Nikos\AppData\Roaming\Opera
[2012.08.15 16:49:34 | 000,000,000 | ---D | M] -- C:\Users\Nikos\AppData\Roaming\QIP
[2012.08.15 17:10:45 | 000,000,000 | ---D | M] -- C:\Users\Nikos\AppData\Roaming\Trillian
[2012.03.03 15:57:42 | 000,000,000 | ---D | M] -- C:\Users\Nikos\AppData\Roaming\TuneUp Software
[2011.10.29 12:33:34 | 000,000,000 | ---D | M] -- C:\Users\Nikos\AppData\Roaming\Unity
[2011.07.03 06:42:32 | 000,000,000 | ---D | M] -- C:\Users\Nikos\AppData\Roaming\Utherverse
[2013.01.03 11:08:52 | 000,000,000 | ---D | M] -- C:\Users\Nikos\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >

[Nikolaos Koulisianis]

Tak OTL jsem poslal a tu novinku neznám ... co to je?

[Nikolaos Koulisianis]

Takže sjel jsem to přes virustotal a našel jsem toto...trojana

eSafe Win32.TrojanHorse 20130103

[Nikolaos Koulisianis]

přes JOTTI nic

[Márty84]

OTL jste sice poslal, ale nejak jste do nej zapomnel vlozit ten skript Ale nevadi.


Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

[EMPTYTEMP]
[EMPTYFLASH]
[CreateRestorePoint]
[RESETHOSTS]
[Purity]

:services
SBRE
Lavasoft Kernexplorer
qwiua
gupdate
SkypeUpdate
AdobeFlashPlayerUpdateSvc
gupdatem
NBService
NMIndexingService

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7265e1a6-8e8f-4f2f-aa0b-197e3408008b.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c5387644-9715-435f-876d-921df2a91af2.job
C:\Program Files\Ad-Aware Antivirus
C:\ProgramData\Spybot - Search & Destroy
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus
C:\Program Files\Spybot - Search & Destroy 2
C:\Windows\system32\drivers\whbt.sys

:otl
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.2.1
FF - prefs.js..extensions.enabledItems: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.12.0.8
FF - prefs.js..extensions.enabledItems: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.1
FF - prefs.js..network.proxy.ftp: "198.36.222.8"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "198.36.222.8"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "198.36.222.8"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.type: 1
FF - user.js - File not found
[2012.07.20 18:50:35 | 000,000,000 | ---D | M] (Ad-Aware Security Toolbar) -- C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2012.07.20 16:37:39 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
File not found (No name found) -- C:\USERS\NIKOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X04ZY9EQ.DEFAULT\EXTENSIONS\{32A1FD71-835E-4B11-8E54-886FDA0B4C89}
File not found (No name found) -- C:\USERS\NIKOS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\X04ZY9EQ.DEFAULT\EXTENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03}
O3 - HKU\S-1-5-21-3453027719-967907754-1008735648-1001\..\Toolbar\WebBrowser: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Value error.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6CD0FE8-3D38-3FC9-2EAC-719A63666601}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Browsing Protection"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
"SUPERAntiSpyware"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

[Nikolaos Koulisianis]

Hotovo

All processes killed
Error: Unable to interpret <[EMPTYTEMP]> in the current context!
Error: Unable to interpret <[EMPTYFLASH]> in the current context!
Error: Unable to interpret <[CreateRestorePoint]> in the current context!
Error: Unable to interpret <[RESETHOSTS]> in the current context!
Error: Unable to interpret <[Purity]> in the current context!
========== SERVICES/DRIVERS ==========
Service SBRE stopped successfully!
Service SBRE deleted successfully!
Service Lavasoft Kernexplorer stopped successfully!
Service Lavasoft Kernexplorer deleted successfully!
Error: No service named qwiua was found to stop!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\qwiua deleted successfully.
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service NBService stopped successfully!
Service NBService deleted successfully!
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7265e1a6-8e8f-4f2f-aa0b-197e3408008b.job moved successfully.
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c5387644-9715-435f-876d-921df2a91af2.job moved successfully.
C:\Program Files\Ad-Aware Antivirus\Definitions\WDBF folder moved successfully.
C:\Program Files\Ad-Aware Antivirus\Definitions\Staging folder moved successfully.
C:\Program Files\Ad-Aware Antivirus\Definitions\LKGD folder moved successfully.
C:\Program Files\Ad-Aware Antivirus\Definitions folder moved successfully.
C:\Program Files\Ad-Aware Antivirus folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Quarantine folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Cleaning folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20130101T064728.196892PID2968 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20130101T064726.465289PID2816 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20121231T131422.222082PID2308 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20121231T131418.181674PID2240 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20121231T103901.888831PID204 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20121231T091827.553398PID3480 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20121231T091741.751718PID2776 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20121231T090810.601542PID2084 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120721T120725.395940PID5752 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120721T115922.118587PID3012 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120721T115910.919288PID2516 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120721T045041.269840PID3508 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120721T045040.006768PID3304 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120721T044155.485958PID3356 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120721T044152.365952PID3160 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T190530.942879PID3040 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T190530.287678PID2936 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T180148.684588PID4020 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T175859.304494PID3256 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T175857.884892PID3180 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T174903.641532PID3452 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T173857.246881PID3272 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T173847.746464PID2944 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T173657.766102PID3096 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T171815.319329PID3644 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T171811.606523PID3476 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T161527.625445PID4508 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T161520.152017PID204 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T161436.479519PID6064 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T161035.085624PID5756 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T160857.212489PID2064 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T160856.900489PID2360 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T160856.572888PID1508 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T160856.214088PID1484 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T160855.886487PID1972 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T160855.558886PID3772 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T160854.622885PID3064 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T160819.335623PID2916 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T160741.115556PID2384 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T160720.429919PID3680 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T160636.347715PID3584 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs\20120720T153539.027407PID660 folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus\Logs folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Ad-Aware Antivirus folder moved successfully.
C:\Program Files\Spybot - Search & Destroy 2 folder moved successfully.
C:\Windows\system32\drivers\whbt.sys moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Prefs.js: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.2.1 removed from extensions.enabledItems
Prefs.js: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.12.0.8 removed from extensions.enabledItems
Prefs.js: {87934c42-161d-45bc-8cef-ef18abe2a30c}:2.1 removed from extensions.enabledItems
Prefs.js: "198.36.222.8" removed from network.proxy.ftp
Prefs.js: 3128 removed from network.proxy.ftp_port
Prefs.js: "198.36.222.8" removed from network.proxy.gopher
Prefs.js: 3128 removed from network.proxy.gopher_port
Prefs.js: "198.36.222.8" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: 1 removed from network.proxy.type
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\Setup\ada folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\Setup folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\components folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\options folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib\uwa folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib\panels\images folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib\panels\default folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib\panels\css folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib\panels folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin\lib folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\skin folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\locale\toolbar folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\locale\lib folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\locale folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\data\search folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\data folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\widgets\net.vmn.www.ToolbarCleaner folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\widgets\net.vmn.www.BrowserDataCleaner folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\widgets folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\newtab\images folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\newtab folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\modules folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content\lib folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome\content folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}\chrome folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\tests folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\lib folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin\data folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\lavasoft_search_plugin folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\windows folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\utils folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\traits folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\tabs folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\events folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\dom folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib\content folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\lib folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils\data folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\api-utils folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit\lib folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit\data folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources\addon-kit folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\resources folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\locale folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\defaults\preferences folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack\defaults folder moved successfully.
C:\Users\Nikos\AppData\Roaming\Mozilla\Firefox\Profiles\x04zy9eq.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-3453027719-967907754-1008735648-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D5D47440-0750-463D-BAEF-A47D02414806} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5D47440-0750-463D-BAEF-A47D02414806}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6CD0FE8-3D38-3FC9-2EAC-719A63666601}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B6CD0FE8-3D38-3FC9-2EAC-719A63666601}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype\ deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 01052013_192618

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Márty84]

Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.



Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

[Nikolaos Koulisianis]

tak tady je OTL

->Temporary Internet Files folder emptied: 0 bytes

User: Nikos
->Temp folder emptied: 51700778 bytes
->Temporary Internet Files folder emptied: 179571233 bytes
->Java cache emptied: 45470937 bytes
->FireFox cache emptied: 34470431 bytes
->Google Chrome cache emptied: 288765122 bytes
->Opera cache emptied: 586554 bytes
->Flash cache emptied: 6442 bytes

User: Public

%systemdrive% .tmp files removed: 53439792 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12048 bytes
RecycleBin emptied: 99566 bytes

Total Files Cleaned = 624,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Nikos
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 01052013_211630

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[Nikolaos Koulisianis]

a tady je Rogue...

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Nikos [Práva správce]
Mód : Kontrola -- Datum : 01/05/2013 21:23:27

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVS-22UST0 ATA Device +++++
--- User ---
[MBR] 088466a8e1f630fed29b153fa48db6fe
[BSP] c9509506733a3bec58f70967ee39cdcd : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 82000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 167938048 | Size: 102000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 376834048 | Size: 54473 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1]_S_01052013_02d2123.txt >>
RKreport[1]_S_01052013_02d2123.txt

[Márty84]

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

[Nikolaos Koulisianis]

první

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Nikos [Práva správce]
Mód : Odebrat -- Datum : 01/05/2013 22:16:22

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVS-22UST0 ATA Device +++++
--- User ---
[MBR] 088466a8e1f630fed29b153fa48db6fe
[BSP] c9509506733a3bec58f70967ee39cdcd : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 82000 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 167938048 | Size: 102000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 376834048 | Size: 54473 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[5]_D_01052013_02d2216.txt >>
RKreport[1]_S_01052013_02d2123.txt ; RKreport[2]_D_01052013_02d2214.txt ; RKreport[3]_S_01052013_02d2214.txt ; RKreport[4]_S_01052013_02d2216.txt ; RKreport[5]_D_01052013_02d2216.txt

[Nikolaos Koulisianis]

a druhý

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Spuštěno v : Normální režim
Uživatel : Nikos [Práva správce]
Mód : Oprava HOSTS -- Datum : 01/05/2013 22:17:50

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončeno : << RKreport[7]_H_01052013_02d2217.txt >>
RKreport[1]_S_01052013_02d2123.txt ; RKreport[2]_D_01052013_02d2214.txt ; RKreport[3]_S_01052013_02d2214.txt ; RKreport[4]_S_01052013_02d2216.txt ; RKreport[5]_D_01052013_02d2216.txt ;
RKreport[6]_H_01052013_02d2216.txt ; RKreport[7]_H_01052013_02d2217.txt

[Márty84]

OK, jak je na tom pc? Nastala nejaka zmena?

[Nikolaos Koulisianis]

no já myslím že už je to OK...to okno co mi vyskakovalo v google chrome už nevyskakuje, počítač respektive net se zrychlil tak myslím že je to v pořádku....