VIRY.CZ

Dobrý den,
chtel bych pprosit o kontrolu logu. Nejdou mi otevírat základní programy. Skype, Firefox, CCcleaner...vždy když vyberu možnost otevřít např. firefox v daném programu, tak se mi automaticky přepíšou veškeré programy a otevírají se jako firefox.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2014
Ran by Alena (administrator) on ALENA-PC on 08-05-2014 17:44:56
Running from C:\Users\Alena\Desktop\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
() C:\Program Files\ATK Hotkey\AsLdrSrv.exe
() C:\Program Files\ATKGFNEX\GFNEXSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(ASUS) C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
() C:\Program Files\ASUS\ASUS Live Update\ALU.exe
() C:\Program Files\ATK Hotkey\HControlUser.exe
() C:\Program Files\ATKOSD2\ATKOSD2.exe
(ATK0100) C:\Program Files\ATK Hotkey\HControl.exe
() C:\Program Files\ATK Hotkey\MsgTranAgt.exe
(ASUSTeK Computer INC.) C:\Program Files\ASUS\ATK Media\DMedia.exe
( ) C:\Program Files\ASUS\ATK Media\GPSWatch.exe
(ATK) C:\Program Files\P4G\BatteryLife.exe
(ATK) C:\Program Files\ASUS\Splendid\ACMON.exe
() C:\Program Files\ATK Hotkey\ATKOSD.exe
(ASUSTeK) C:\Windows\System32\ACEngSvr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Program Files\Wireless Console 2\wcourier.exe
() C:\Program Files\ATK Hotkey\KBFiltr.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files\ATK Hotkey\WDC.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Motorola Inc.) C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPStart.exe
(ASUS) C:\Windows\AsScrPro.exe
() C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [HControlUser] => C:\Program Files\ATK Hotkey\HcontrolUser.exe [98304 2008-01-11] ()
HKLM\...\Run: [ATKOSD2] => C:\Program Files\ATKOSD2\ATKOSD2.exe [7766016 2008-01-23] ()
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [13548064 2008-07-25] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] => C:\Windows\system32\NvMcTray.dll [92704 2008-07-25] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6265376 2008-08-12] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-08-12] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SMSERIAL] => C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [655360 2007-08-28] (Motorola Inc.)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-17] (Synaptics, Inc.)
HKLM\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe [3054136 2010-11-05] (ASUS)
HKLM\...\Run: [ASUS Camera ScreenSaver] => C:\Windows\AsScrProlog.exe [47672 2010-11-05] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-31] (AVAST Software)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2138487535-3467575883-3640298852-1000\...\Run: [Nektra OEAPI] => [X]
HKU\S-1-5-21-2138487535-3467575883-3640298852-1000\...\Run: [OEXPRESS] => [X]
HKU\S-1-5-21-2138487535-3467575883-3640298852-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2138487535-3467575883-3640298852-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
Startup: C:\Users\Alena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
ShortcutTarget: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
URLSearchHook: HKLM - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll (Conduit Ltd.)
URLSearchHook: HKCU - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll (Conduit Ltd.)
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
SearchScopes: HKCU - {D3E3835B-74C1-436A-BE86-43C446AD62DB} URL = http://search.centrum.cz/index.php?q={s ... trum-1.0.0
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: No Name - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - No File
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll (Conduit Ltd.)
Toolbar: HKLM - No Name - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No File
Toolbar: HKLM - No Name - {D5D47440-0750-463D-BAEF-A47D02414806} - No File
Toolbar: HKLM - BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll (Conduit Ltd.)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {D5D47440-0750-463D-BAEF-A47D02414806} - No File
Toolbar: HKCU - BS Player Toolbar - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files\BS_Player\tbBS_0.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 02 %SystemRoot%\system32\napinsp.dll [50176] (Společnost Microsoft)
Tcpip\Parameters: [DhcpNameServer] 192.168.168.1

FireFox:
========
FF ProfilePath: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.seznam.cz/
FF Keyword.URL: hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Alena\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\daemon-search.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-1.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-10.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-11.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-12.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-13.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-14.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-15.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-16.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-17.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-18.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-19.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-2.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-20.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-21.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-22.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-23.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-24.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-3.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-4.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-5.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-6.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-7.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-8.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin-9.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin.gif
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin.src
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\icqplugin.xml
FF SearchPlugin: C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Battlefield Heroes Updater - C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\Extensions\battlefieldheroespatcher@ea.com [2013-11-04]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011-08-30]
FF Extension: ICQ Toolbar - C:\Users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\Extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012-07-26]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-19]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-03-19]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-02-18]

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/
CHR DefaultSearchKeyword: seznam.cz
CHR DefaultSearchProvider: Seznam
CHR DefaultSearchURL: http://search.seznam.cz/?q={searchTerms}
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\8.0.552.215\pdf.dll No File
CHR Plugin: (Google Gears 0.5.33.0) - C:\Program Files\Google\Chrome\Application\8.0.552.215\gears.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\8.0.552.215\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File

========================== Services (Whitelisted) =================

R2 ASLDRService; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [94208 2007-10-02] ()
R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-31] (AVAST Software)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-11-04] ()
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
R2 spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [125496 2007-08-03] ()
S2 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

R2 ASMMAP; C:\Program Files\ATKGFNEX\ASMMAP.sys [13880 2007-07-24] ()
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [21256 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [58680 2012-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [35928 2012-10-31] (AVAST Software)
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [738504 2012-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [361032 2012-10-31] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [54232 2012-10-31] (AVAST Software)
R3 DCamUSBET; C:\Windows\System32\DRIVERS\etDevice.sys [474624 2007-09-06] (eMPIA Technology, Inc.)
R3 FiltUSBET; C:\Windows\System32\DRIVERS\etFilter.sys [206464 2008-02-05] (eMPIA Technology Inc.)
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [190424 2009-04-11] (Společnost Microsoft)
R2 ghaio; C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [20936 2007-08-03] ()
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15928 2008-06-03] ( )
R3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-24] (Pinnacle Systems GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [107736 2014-05-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51416 2014-04-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2006-12-14] (ATK0100)
R3 Ntfs; C:\Windows\system32\Drivers\Ntfs.sys [1082232 2013-03-03] (Společnost Microsoft)
R3 ScanUSBET; C:\Windows\System32\DRIVERS\etScan.sys [6528 2008-01-31] (eMPIA Technology, Inc.)
S3 ASUSProcObsrv; \??\E:\I386\AsProcOb.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 ipswuio; System32\DRIVERS\ipswuio.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-08 17:44 - 2014-05-08 17:44 - 00000000 ____D () C:\FRST
2014-05-08 17:15 - 2014-05-08 17:15 - 00004514 _____ () C:\Windows\PFRO.log
2014-05-08 16:55 - 2014-05-08 16:56 - 00010046 _____ () C:\Users\Alena\Documents\Uninstall STAR WARS The Old Republic.log
2014-05-08 16:48 - 2014-05-08 16:48 - 00000040 _____ () C:\Users\Public\Documents\_rgpl
2014-05-08 16:15 - 2014-05-08 17:18 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 16:14 - 2014-05-08 16:14 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-08 16:14 - 2014-05-08 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-08 16:14 - 2014-05-08 16:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 16:14 - 2014-05-08 16:14 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-08 16:14 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-08 16:14 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-08 16:14 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 16:05 - 2014-05-08 16:05 - 00043654 _____ () C:\Users\Alena\Documents\cc_20140508_160544.reg
2014-05-05 17:50 - 2014-05-05 17:50 - 00002424 _____ () C:\Users\Alena\Documents\NVIDIA System Information 05-05-2014 17-50-12.txt
2014-05-05 17:50 - 2014-05-05 17:50 - 00002424 _____ () C:\Users\Alena\Documents\NVIDIA System Information 05-05-2014 17-49-47.txt
2014-05-05 17:33 - 2014-05-05 17:33 - 00002424 _____ () C:\Users\Alena\Documents\NVIDIA System Information 05-05-2014 17-33-09.txt
2014-05-03 09:04 - 2014-04-29 22:18 - 06020608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-03 09:04 - 2014-04-29 21:28 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-17 19:21 - 2014-04-17 19:21 - 00039301 _____ () C:\Users\Alena\Desktop\1997267.swf
2014-04-15 14:11 - 2014-04-15 14:11 - 00046890 _____ () C:\Users\Alena\Desktop\(373) Doručené – Seznam Email.htm
2014-04-15 14:11 - 2014-04-15 14:11 - 00000000 ____D () C:\Users\Alena\Desktop\(373) Doručené – Seznam Email_soubory
2014-04-09 06:02 - 2014-02-23 12:53 - 00916992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 06:02 - 2014-02-23 12:52 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 06:02 - 2014-02-23 12:52 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-09 06:02 - 2014-02-23 12:50 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-09 06:02 - 2014-02-23 12:48 - 00630272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 06:02 - 2014-02-23 12:48 - 00611840 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2014-04-09 06:02 - 2014-02-23 12:48 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-09 06:02 - 2014-02-23 12:48 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-09 06:02 - 2014-02-23 12:47 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-09 06:02 - 2014-02-23 12:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 06:02 - 2014-02-23 12:46 - 11111424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 06:02 - 2014-02-23 12:46 - 02005504 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 06:02 - 2014-02-23 12:46 - 01469440 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 06:02 - 2014-02-23 12:46 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-09 06:02 - 2014-02-23 12:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-09 06:02 - 2014-02-23 12:46 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 06:02 - 2014-02-23 12:46 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-09 06:02 - 2014-02-23 12:46 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-09 06:02 - 2014-02-23 12:46 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-09 06:02 - 2014-02-23 12:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2014-04-09 06:02 - 2014-02-23 11:12 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-09 06:02 - 2014-02-23 09:25 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-09 06:02 - 2014-02-23 09:25 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 06:02 - 2014-02-23 09:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-09 06:02 - 2014-02-06 03:56 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

==================== One Month Modified Files and Folders =======

2014-05-08 17:44 - 2014-05-08 17:44 - 00000000 ____D () C:\FRST
2014-05-08 17:23 - 2013-02-03 17:04 - 01129561 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 17:18 - 2014-05-08 16:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 17:16 - 2011-08-30 17:02 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-08 17:16 - 2010-11-05 19:32 - 00027839 _____ () C:\ProgramData\nvModes.001
2014-05-08 17:16 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 17:16 - 2006-11-02 14:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-08 17:16 - 2006-11-02 14:47 - 00003744 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-08 17:15 - 2014-05-08 17:15 - 00004514 _____ () C:\Windows\PFRO.log
2014-05-08 17:14 - 2010-11-05 16:32 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-05-08 17:14 - 2006-11-02 15:01 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-08 17:13 - 2011-08-30 17:06 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-05-08 17:12 - 2011-08-30 17:06 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-08 17:06 - 2012-05-13 13:55 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-08 16:58 - 2011-08-30 17:02 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-08 16:56 - 2014-05-08 16:55 - 00010046 _____ () C:\Users\Alena\Documents\Uninstall STAR WARS The Old Republic.log
2014-05-08 16:56 - 2014-02-06 22:11 - 00000000 ____D () C:\Users\Alena\AppData\Local\Unity
2014-05-08 16:55 - 2013-12-06 19:29 - 00000000 ____D () C:\Program Files\Common Files\BioWare
2014-05-08 16:54 - 2014-02-08 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2014-05-08 16:54 - 2014-02-08 18:41 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2014-05-08 16:51 - 2010-11-05 08:54 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-05-08 16:50 - 2010-12-05 12:24 - 00000000 ____D () C:\ProgramData\Google
2014-05-08 16:50 - 2010-12-05 11:18 - 00000000 ____D () C:\Users\Alena\AppData\Local\Google
2014-05-08 16:48 - 2014-05-08 16:48 - 00000040 _____ () C:\Users\Public\Documents\_rgpl
2014-05-08 16:46 - 2014-02-20 20:44 - 00000000 __SHD () C:\Windows\system32\AI_RecycleBin
2014-05-08 16:40 - 2013-11-04 19:45 - 00000000 ____D () C:\Users\Alena\Documents\Battlefield Heroes
2014-05-08 16:29 - 2006-11-02 14:37 - 00000000 ____D () C:\Windows\DigitalLocker
2014-05-08 16:20 - 2013-09-04 20:55 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2138487535-3467575883-3640298852-1000UA.job
2014-05-08 16:20 - 2013-09-04 20:55 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2138487535-3467575883-3640298852-1000Core.job
2014-05-08 16:14 - 2014-05-08 16:14 - 00000906 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-08 16:14 - 2014-05-08 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-08 16:14 - 2014-05-08 16:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 16:14 - 2014-05-08 16:14 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-08 16:05 - 2014-05-08 16:05 - 00043654 _____ () C:\Users\Alena\Documents\cc_20140508_160544.reg
2014-05-08 16:04 - 2011-01-06 21:45 - 00000000 ____D () C:\Windows\Minidump
2014-05-08 13:45 - 2010-11-05 14:11 - 00045056 _____ () C:\Windows\system32\acovcnt.exe
2014-05-07 21:39 - 2006-11-02 12:33 - 01561330 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-07 21:21 - 2010-11-05 16:26 - 00203264 _____ () C:\Users\Alena\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-07 18:00 - 2010-11-05 19:47 - 00000462 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{21887DA4-EDF5-4F39-AADC-858982A159A4}.job
2014-05-05 17:50 - 2014-05-05 17:50 - 00002424 _____ () C:\Users\Alena\Documents\NVIDIA System Information 05-05-2014 17-50-12.txt
2014-05-05 17:50 - 2014-05-05 17:50 - 00002424 _____ () C:\Users\Alena\Documents\NVIDIA System Information 05-05-2014 17-49-47.txt
2014-05-05 17:48 - 2010-11-05 19:32 - 00027839 _____ () C:\ProgramData\nvModes.dat
2014-05-05 17:33 - 2014-05-05 17:33 - 00002424 _____ () C:\Users\Alena\Documents\NVIDIA System Information 05-05-2014 17-33-09.txt
2014-05-04 09:58 - 2006-11-02 12:23 - 00000254 _____ () C:\Windows\win.ini
2014-04-30 11:07 - 2012-05-13 13:55 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-30 11:07 - 2012-05-13 13:55 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 22:18 - 2014-05-03 09:04 - 06020608 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 21:28 - 2014-05-03 09:04 - 01638912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 19:12 - 2010-11-05 17:53 - 00000000 ____D () C:\Users\Alena\AppData\Roaming\Skype
2014-04-27 12:21 - 2014-01-31 17:16 - 00000000 ___RD () C:\Users\Alena\Desktop\Hry Jára
2014-04-26 09:32 - 2013-12-26 15:55 - 00158121 _____ () C:\Windows\hpoins14.dat
2014-04-26 09:32 - 2010-11-05 18:31 - 00017310 _____ () C:\ProgramData\hpzinstall.log
2014-04-17 19:21 - 2014-04-17 19:21 - 00039301 _____ () C:\Users\Alena\Desktop\1997267.swf
2014-04-15 14:11 - 2014-04-15 14:11 - 00046890 _____ () C:\Users\Alena\Desktop\(373) Doručené – Seznam Email.htm
2014-04-15 14:11 - 2014-04-15 14:11 - 00000000 ____D () C:\Users\Alena\Desktop\(373) Doručené – Seznam Email_soubory
2014-04-10 08:13 - 2010-12-05 12:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-10 08:09 - 2013-07-20 08:06 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 08:06 - 2006-11-02 12:24 - 88028728 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-08 14:10 - 2010-11-05 08:44 - 00007592 _____ () C:\Users\Alena\AppData\Local\d3d9caps.dat

Some content of TEMP:
====================
C:\Users\Alena\AppData\Local\Temp\BRSVC_1872495_hlp.exe
C:\Users\Alena\AppData\Local\Temp\eauninstall.exe
C:\Users\Alena\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-08 17:25

==================== End Of Log ============================

Zdravím!
Otevřte poznámkový blok a zkopírujte do něj:

Start
C:\ProgramData\Skype\Toolbars
HKU\S-1-5-21-2138487535-3467575883-3640298852-1000\...\Run: [Nektra OEAPI] => [X]
HKU\S-1-5-21-2138487535-3467575883-3640298852-1000\...\Run: [OEXPRESS] => [X]
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
BHO: No Name - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - No File
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll (Conduit Ltd.)
Toolbar: HKLM - No Name - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No File
Toolbar: HKLM - No Name - {D5D47440-0750-463D-BAEF-A47D02414806} - No File
Toolbar: HKCU - No Name - {D5D47440-0750-463D-BAEF-A47D02414806} - No File
Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Keyword.URL: hxxp://search.icq.com/search/afe_result ... r=1.5.3&q=
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2138487535-3467575883-3640298852-1000UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2138487535-3467575883-3640298852-1000Core.job
C:\Windows\system32\acovcnt.exe
C:\Users\Alena\AppData\Local\Temp
End

Uložte do C:\Users\Alena\Desktop\Downloads jako fixlist.txt. Spusťte znovu FRST a klikněte na >Fix<. Po skončení akce se objeví log, který sem zkopírujte.

Tak tady je ten log. Jinak na začátku jsem špatně popsal problém. Programy otevřit jdou jen přes Program files. Takhle se chovají pouze ikony na ploše a ikony v příslušenství.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:07-05-2014
Ran by Alena at 2014-05-08 19:46:20 Run:1
Running from C:\Users\Alena\Desktop\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
C:\ProgramData\Skype\Toolbars
HKU\S-1-5-21-2138487535-3467575883-3640298852-1000\...\Run: [Nektra OEAPI] => [X]
HKU\S-1-5-21-2138487535-3467575883-3640298852-1000\...\Run: [OEXPRESS] => [X]
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
BHO: No Name - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - No File
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll (Conduit Ltd.)
Toolbar: HKLM - No Name - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No File
Toolbar: HKLM - No Name - {D5D47440-0750-463D-BAEF-A47D02414806} - No File
Toolbar: HKCU - No Name - {D5D47440-0750-463D-BAEF-A47D02414806} - No File
Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Keyword.URL: hxxp://search.icq.com/search/afe_result ... r=1.5.3&q=
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2138487535-3467575883-3640298852-1000UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2138487535-3467575883-3640298852-1000Core.job
C:\Windows\system32\acovcnt.exe
C:\Users\Alena\AppData\Local\Temp
End
*****************

C:\ProgramData\Skype\Toolbars => Moved successfully.
HKU\S-1-5-21-2138487535-3467575883-3640298852-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Nektra OEAPI => Value deleted successfully.
HKU\S-1-5-21-2138487535-3467575883-3640298852-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OEXPRESS => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\ICQ Search => Value deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853} => Key deleted successfully.
HKCR\CLSID\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Key deleted successfully.
HKCR\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BFC32E1D-EE75-4A48-BC60-104E11EE2431} => Value deleted successfully.
HKCR\CLSID\{BFC32E1D-EE75-4A48-BC60-104E11EE2431} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D5D47440-0750-463D-BAEF-A47D02414806} => Value deleted successfully.
HKCR\CLSID\{D5D47440-0750-463D-BAEF-A47D02414806} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D5D47440-0750-463D-BAEF-A47D02414806} => Value deleted successfully.
HKCR\CLSID\{D5D47440-0750-463D-BAEF-A47D02414806} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value deleted successfully.
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Firefox Keyword.URL deleted successfully.
HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => Key deleted successfully.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => Key deleted successfully.
C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll not found.
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => Key deleted successfully.
C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll not found.
Skype C2C Service => Service stopped successfully.
Skype C2C Service => Service deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2138487535-3467575883-3640298852-1000UA.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2138487535-3467575883-3640298852-1000Core.job => Moved successfully.
C:\Windows\system32\acovcnt.exe => Moved successfully.

"C:\Users\Alena\AppData\Local\Temp" directory move:

C:\Users\Alena\AppData\Local\Temp\AIBB_4148.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\AI_ResourceCleanerLog.txt => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\Alena.bmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\BRSVC_1872495_hlp.exe => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\eauninstall.exe => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\GoogleToolbarInstaller1.log => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\log3 => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\PMBUninst.log => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\setF797.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\settings.ini => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\The Battle for Middle-earth II_uninst.exe => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\trz223F.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\_iu14D2N.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\_lang.txt => Moved successfully.
Could not move "C:\Users\Alena\AppData\Local\Temp\Skype\DbTemp\temp-hIIhMWXZafxZo3j6U0j6IkhT" => Scheduled to move on reboot.
Could not move "C:\Users\Alena\AppData\Local\Temp\Skype\DbTemp\temp-ugnDg9npodJnY1vWL771xi7K" => Scheduled to move on reboot.
Could not move "C:\Users\Alena\AppData\Local\Temp\Skype\DbTemp\temp-V7j7xLA4USgXZtIkC0JfAmjq" => Scheduled to move on reboot.
Could not move "C:\Users\Alena\AppData\Local\Temp\Skype\DbTemp\temp-x4ejMZUh5FnPfLjCEp8viGrN" => Scheduled to move on reboot.
C:\Users\Alena\AppData\Local\Temp\Low\VGX2D38.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\Low\VGX2D48.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\Low\VGX3313.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\Low\VGX3333.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\Low\VGX3778.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\Low\VGX3B7F.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\Low\VGX435C.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\Low\VGXA70B.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\Low\VGXA71C.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\Low\VGXACD7.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\Low\VGXACF8.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\Low\VGXB033.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\Low\VGXB3BD.tmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\Low\VGXB786.tmp => Moved successfully.
Could not move "C:\Users\Alena\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-08 19:50:20)<=

C:\Users\Alena\AppData\Local\Temp\Skype\DbTemp\temp-hIIhMWXZafxZo3j6U0j6IkhT => Is moved successfully.
C:\Users\Alena\AppData\Local\Temp\Skype\DbTemp\temp-ugnDg9npodJnY1vWL771xi7K => Is moved successfully.
C:\Users\Alena\AppData\Local\Temp\Skype\DbTemp\temp-V7j7xLA4USgXZtIkC0JfAmjq => Is moved successfully.
C:\Users\Alena\AppData\Local\Temp\Skype\DbTemp\temp-x4ejMZUh5FnPfLjCEp8viGrN => Is moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-08 19:57:41)<=

C:\Users\Alena\AppData\Local\Temp\Skype\DbTemp\temp-hIIhMWXZafxZo3j6U0j6IkhT => Is moved successfully.
C:\Users\Alena\AppData\Local\Temp\Skype\DbTemp\temp-ugnDg9npodJnY1vWL771xi7K => Is moved successfully.
C:\Users\Alena\AppData\Local\Temp\Skype\DbTemp\temp-V7j7xLA4USgXZtIkC0JfAmjq => Is moved successfully.
C:\Users\Alena\AppData\Local\Temp\Skype\DbTemp\temp-x4ejMZUh5FnPfLjCEp8viGrN => Is moved successfully.

Smazáno. Nastala nějaká změna.

ne, stále se všechny ikony zobrazují ke spuštění jako firefox, když kliknu např. na Skype, tak se otevře Firefox a dotazuje se na uložení nějakého souboru exe. Když kliknu na ikonu a vyberu správný program k jejímu spuštění, tak se mi tento program automaticky nastaví na ostatní ikony, které se týkají programů.

Zkuste obnovu systému k datu, kdy korektně fungoval.

To jsem chtěl udělat již na začátku, bohužel toto není můj NTB, ale tety a obnova systému byla vypnutá, tudíž ji nemůžu udělat...
Je ještě nějaká možnost jak to udělat mimo přeformátování...??

Tak jsem to zkusil ještě jednou a log se liší.


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:07-05-2014
Ran by Alena at 2014-05-08 21:16:42 Run:2
Running from C:\Users\Alena\Desktop\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
C:\ProgramData\Skype\Toolbars
HKU\S-1-5-21-2138487535-3467575883-3640298852-1000\...\Run: [Nektra OEAPI] => [X]
HKU\S-1-5-21-2138487535-3467575883-3640298852-1000\...\Run: [OEXPRESS] => [X]
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = http://search.icq.com/search/results.ph ... &ch_id=osd
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = http://www.daemon-search.com/search/web?q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT1750559
BHO: No Name - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - No File
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll (Conduit Ltd.)
Toolbar: HKLM - No Name - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - No File
Toolbar: HKLM - No Name - {D5D47440-0750-463D-BAEF-A47D02414806} - No File
Toolbar: HKCU - No Name - {D5D47440-0750-463D-BAEF-A47D02414806} - No File
Toolbar: HKCU - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Keyword.URL: hxxp://search.icq.com/search/afe_result ... r=1.5.3&q=
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll No File
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2138487535-3467575883-3640298852-1000UA.job
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2138487535-3467575883-3640298852-1000Core.job
C:\Windows\system32\acovcnt.exe
C:\Users\Alena\AppData\Local\Temp
End
*****************

"C:\ProgramData\Skype\Toolbars" => File/Directory not found.
HKU\S-1-5-21-2138487535-3467575883-3640298852-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Nektra OEAPI => Value not found.
HKU\S-1-5-21-2138487535-3467575883-3640298852-1000\Software\Microsoft\Windows\CurrentVersion\Run\\OEXPRESS => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\ICQ Search => Value not found.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKCR\Wow6432Node\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key not found.
HKCR\Wow6432Node\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853} => Key not found.
HKCR\CLSID\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found.
HKCR\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Key not found.
HKCR\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{BFC32E1D-EE75-4A48-BC60-104E11EE2431} => Value not found.
HKCR\CLSID\{BFC32E1D-EE75-4A48-BC60-104E11EE2431} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{D5D47440-0750-463D-BAEF-A47D02414806} => Value not found.
HKCR\CLSID\{D5D47440-0750-463D-BAEF-A47D02414806} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D5D47440-0750-463D-BAEF-A47D02414806} => Value not found.
HKCR\CLSID\{D5D47440-0750-463D-BAEF-A47D02414806} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} => Value not found.
HKCR\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
Firefox Keyword.URL deleted successfully.
HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin => Key not found.
C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => Key not found.
C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll not found.
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => Key not found.
C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll not found.
Skype C2C Service => Service not found.
"C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job" => File/Directory not found.
"C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2138487535-3467575883-3640298852-1000UA.job" => File/Directory not found.
"C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2138487535-3467575883-3640298852-1000Core.job" => File/Directory not found.
C:\Windows\system32\acovcnt.exe => Moved successfully.

"C:\Users\Alena\AppData\Local\Temp" directory move:

C:\Users\Alena\AppData\Local\Temp\Alena.bmp => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\mpbtrk.log => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\Setup Log 2014-05-08 #001.txt => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\Setup Log 2014-05-08 #002.txt => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\WER42E8.tmp.version.txt => Moved successfully.
Could not move "C:\Users\Alena\AppData\Local\Temp\????????????????????t" => Scheduled to move on reboot.
C:\Users\Alena\AppData\Local\Temp\Uniblue\Offers\aff_setup.exe => Moved successfully.
C:\Users\Alena\AppData\Local\Temp\nsj7FE.tmp\nsSCM.dll => Moved successfully.
Could not move "C:\Users\Alena\AppData\Local\Temp" directory. => Scheduled to move on reboot.


=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-08 21:19:32)<=

"C:\Users\Alena\AppData\Local\Temp\????????????????????t" => File could not move.
C:\Users\Alena\AppData\Local\Temp => Moved successfully.

==== End of Fixlog ====

Ovl.panely>možnosti složky a na všech záložkách obnovit výchozí. Restartovat.

provedeno a bez výsledku...stále stejný stav....jen při spouštění Firefoxu se otevře asi 5 oken, které požadují uložení různých exe. souborů.

Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Tak jsem to stáhnul a spustil. Zde je výsledný log:

ComboFix 14-05-10.01 - Alena 10.05.2014 19:07:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2814.1420 [GMT 2:00]
Spuštěný z: c:\users\Alena\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Alena\AppData\Roaming\Microsoft\Windows\Recent\httpswww.facebook.comphoto.phpfbid=745723635440219&set=a.673742672638316.1073741826.100000077691347&type=1.URL
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-10 do 2014-05-10 )))))))))))))))))))))))))))))))
.
.
2014-05-09 09:25 . 2014-05-10 16:49 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-05-08 19:11 . 2014-05-08 19:19 -------- d-----w- c:\program files\MyPC Backup
2014-05-08 16:20 . 2014-05-08 16:27 -------- d-----w- c:\program files\trend micro
2014-05-08 16:19 . 2014-05-08 16:20 -------- d-----w- C:\rsit
2014-05-08 15:44 . 2014-05-08 19:24 -------- d-----w- C:\FRST
2014-05-08 14:15 . 2014-05-08 15:18 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-08 14:14 . 2014-05-08 14:14 -------- d-----w- c:\programdata\Malwarebytes
2014-05-03 07:04 . 2014-04-29 19:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-30 09:07 . 2012-05-13 11:55 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-30 09:07 . 2012-05-13 11:55 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-23 10:53 . 2014-04-09 04:02 916992 ----a-w- c:\windows\system32\wininet.dll
2014-02-23 10:47 . 2014-04-09 04:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-23 10:46 . 2014-04-09 04:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-23 10:46 . 2014-04-09 04:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2014-02-23 10:46 . 2014-04-09 04:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2014-02-23 10:44 . 2014-04-09 04:02 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-23 09:12 . 2014-04-09 04:02 385024 ----a-w- c:\windows\system32\html.iec
2014-02-23 07:25 . 2014-04-09 04:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-11 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"Skytel"="Skytel.exe" [2008-08-12 1833504]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-08-28 655360]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-11-05 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2010-11-05 47672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Alena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files\MyPC Backup\MyPC Backup.exe [2014-3-14 2901032]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Ostatní služby/ovladače v paměti ---
.
*Deregistered* - NisDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 09:07]
.
2014-05-09 c:\windows\Tasks\User_Feed_Synchronization-{21887DA4-EDF5-4F39-AADC-858982A159A4}.job
- c:\windows\system32\msfeedssync.exe [2014-04-09 07:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} -
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
TCP: DhcpNameServer = 192.168.168.1
FF - ProfilePath - c:\users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2010-11-05 14:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
Toolbar-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe
MSConfigStartUp-GameXN (news) - c:\programdata\GameXN\GameXNGO.exe
MSConfigStartUp-GameXN (update) - c:\programdata\GameXN\GameXNGO.exe
AddRemove-Moorhuhn 2 V1.1 - c:\windows\IsUn0407.exe
AddRemove-Moorhuhn Winter-Edition - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-10 19:15
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
C:\avast! sandbox
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2014-05-10 19:17:50
ComboFix-quarantined-files.txt 2014-05-10 17:17
.
Před spuštěním: Volných bajtů: 88 510 935 040
Po spuštění: Volných bajtů: 88 477 528 064
.
- - End Of File - - 9AE245AE5D3FBAC61569E28D58900CFE
64B1E91C5C6C2157642651010728F90F

jinak problém stále přetrvává.

Dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\system32\acovcnt.exe

Firefox::
FF - ProfilePath - c:\users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.icq.com/search/afe_result ... r=1.3.1&q=

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

tak zde je nový log. Zatím je to stále stejné.

ComboFix 14-05-10.01 - Alena 10.05.2014 19:51:14.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2814.1673 [GMT 2:00]
Spuštěný z: c:\users\Alena\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Alena\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\acovcnt.exe"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-04-10 do 2014-05-10 )))))))))))))))))))))))))))))))
.
.
2014-05-10 17:58 . 2014-05-10 18:00 -------- d-----w- c:\users\Alena\AppData\Local\temp
2014-05-10 17:58 . 2014-05-10 17:58 -------- d-----w- c:\users\hedev\AppData\Local\temp
2014-05-09 09:25 . 2014-05-10 18:00 45056 ----a-w- c:\windows\system32\acovcnt.exe
2014-05-08 19:11 . 2014-05-08 19:19 -------- d-----w- c:\program files\MyPC Backup
2014-05-08 16:20 . 2014-05-08 16:27 -------- d-----w- c:\program files\trend micro
2014-05-08 16:19 . 2014-05-08 16:20 -------- d-----w- C:\rsit
2014-05-08 15:44 . 2014-05-08 19:24 -------- d-----w- C:\FRST
2014-05-08 14:15 . 2014-05-08 15:18 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-08 14:14 . 2014-05-08 14:14 -------- d-----w- c:\programdata\Malwarebytes
2014-05-03 07:04 . 2014-04-29 19:28 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-30 09:07 . 2012-05-13 11:55 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-04-30 09:07 . 2012-05-13 11:55 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-23 10:53 . 2014-04-09 04:02 916992 ----a-w- c:\windows\system32\wininet.dll
2014-02-23 10:47 . 2014-04-09 04:02 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-23 10:46 . 2014-04-09 04:02 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-23 10:46 . 2014-04-09 04:02 109056 ----a-w- c:\windows\system32\iesysprep.dll
2014-02-23 10:46 . 2014-04-09 04:02 71680 ----a-w- c:\windows\system32\iesetup.dll
2014-02-23 10:44 . 2014-04-09 04:02 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-23 09:12 . 2014-04-09 04:02 385024 ----a-w- c:\windows\system32\html.iec
2014-02-23 07:25 . 2014-04-09 04:02 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControlUser"="c:\program files\ATK Hotkey\HcontrolUser.exe" [2008-01-11 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"Skytel"="Skytel.exe" [2008-08-12 1833504]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-08-28 655360]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-11-05 3054136]
"ASUS Camera ScreenSaver"="c:\windows\AsScrProlog.exe" [2010-11-05 47672]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Alena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MyPC Backup.lnk - c:\program files\MyPC Backup\MyPC Backup.exe [2014-3-14 2901032]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-4-10 752168]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2014-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 09:07]
.
2014-05-10 c:\windows\Tasks\User_Feed_Synchronization-{21887DA4-EDF5-4F39-AADC-858982A159A4}.job
- c:\windows\system32\msfeedssync.exe [2014-04-09 07:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} -
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
TCP: DhcpNameServer = 192.168.168.1
FF - ProfilePath - c:\users\Alena\AppData\Roaming\Mozilla\Firefox\Profiles\2gc0hn0d.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2010-11-05 14:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-10 20:00
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\ASUS\SmartLogon\smartlogon.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\ASUS\ATK Media\DMEDIA.EXE
c:\program files\ASUS\ATK Media\GPSWATCH.EXE
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\MyPC Backup\BackupStack.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Internet Explorer\IELowutil.exe
.
**************************************************************************
.
Celkový čas: 2014-05-10 20:04:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-05-10 18:04
ComboFix2.txt 2014-05-10 17:39
ComboFix3.txt 2014-05-10 17:17
.
Před spuštěním: Volných bajtů: 88 411 779 072
Po spuštění: Volných bajtů: 88 269 705 216
.
- - End Of File - - DE1A3AA3435187DE605DF8FC2B16A1AF
64B1E91C5C6C2157642651010728F90F