VIRY.CZ

Dobrý den, přítelkyni na notebooku ESET stále ukazuje Win32/BrowseFox.B Potenciálně nechtěná aplikace. Pokud klikne na Léčit, je vyžadován restart počítače ale po chvíli se hláška objeví znovu. Pokud klikne na Žádná akce, vyskočí ještě pár dalších podobných hlášek, hrozbu to nachází v chrome.exe a explorer.exe. Dále má v chrome nainstalovaný nějaký Ask toolbar, kterého se nemůžu běžnou odinstalací zbavit..pravděpodobně to spolu bude souviset a je dost možné, že podobných chuťovek bude mít v počítači víc... Prosím tedy o pomoc s řešením tohoto problému. Zde je log z RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Uživatelka at 2014-05-18 16:53:34
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 4 GB (3%) free of 120 GB
Total RAM: 2039 MB (18% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
C:\WINDOWS\tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files\Winamp Toolbar\winamptb.dll [2013-03-25 2089520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-09-16 4502400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files\Winamp Toolbar\winamptb.dll [2013-03-25 2089520]
10

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-05-22 141848]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-05-22 166424]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-05-22 137752]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1040384]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-09-23 926896]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-06-03 177456]
"seznam-listicka-distribuce"=C:\Program Files\Seznam.cz\distribution\szninstall.exe [2013-05-16 1062472]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-08 3076144]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ICQ"=C:\Program Files\ICQ7M\ICQ.exe [2013-06-24 127040]
"cz.seznam.software.autoupdate"=C:\Documents and Settings\Uživatelka\Data aplikací\Seznam.cz\szninstall.exe [2013-05-16 1062472]
"cz.seznam.software.szndesktop"=C:\Documents and Settings\Uživatelka\Data aplikací\Seznam.cz\bin\wszndesktop.exe [2013-04-12 92664]
"SpeedUpMyComputer"=C:\Program Files\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as []
"FixMyRegistry"=C:\Program Files\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as []
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\Uživatelka\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-03-17 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7M\ICQ.exe"="C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7M\ICQ.exe"="C:\Program Files\ICQ7M\ICQ.exe:*:Enabled:ICQ7M"

======List of files/folders created in the last 1 months======

2014-05-18 16:53:36 ----D---- C:\Program Files\trend micro
2014-05-18 16:53:34 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2014-05-18 16:53:36 ----RD---- C:\Program Files
2014-05-18 15:57:21 ----D---- C:\WINDOWS\Temp
2014-05-18 13:56:19 ----A---- C:\WINDOWS\system32\rpcnetp.exe
2014-05-17 22:17:53 ----D---- C:\Documents and Settings\Uživatelka\Data aplikací\vlc
2014-05-17 16:06:20 ----D---- C:\WINDOWS\Prefetch
2014-05-17 15:41:31 ----D---- C:\Documents and Settings\Uživatelka\Data aplikací\ICQ
2014-05-17 15:39:37 ----A---- C:\WINDOWS\system32\rpcnet.dll
2014-05-17 06:20:09 ----D---- C:\WINDOWS
2014-05-16 19:03:40 ----HD---- C:\WINDOWS\inf
2014-05-16 19:03:35 ----D---- C:\WINDOWS\system32\CatRoot2
2014-05-15 21:23:31 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-05-15 19:25:32 ----A---- C:\WINDOWS\system32\MRT.exe
2014-05-14 19:49:38 ----D---- C:\Documents and Settings\Uživatelka\Data aplikací\BitTorrent
2014-05-07 18:43:03 ----SHD---- C:\WINDOWS\Installer
2014-05-06 21:05:36 ----D---- C:\Documents and Settings\Uživatelka\Data aplikací\Skype
2014-05-05 21:53:56 ----D---- C:\WINDOWS\system32
2014-05-05 21:41:30 ----A---- C:\WINDOWS\imsins.BAK
2014-05-05 21:41:04 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-04-30 10:12:55 ----A---- C:\WINDOWS\system32\mshtml.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2013-08-30 21576]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2011-08-04 61936]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R2 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2012-06-03 5504]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-24 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2013-05-22 1287552]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-02-14 530861]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-02-14 149123]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-12 250776]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2011-08-04 39824]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-03-17 5955872]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-27 224672]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-03-18 30336]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 F06DEFF2-5B9C-490D-910F-35D3A9119622;F06DEFF2-5B9C-490D-910F-35D3A9119622; \??\C:\Program Files\Browser Tab Search by Ask\SafetyNut\configmgrc1.cfg []
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-08 974944]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre7\bin\jqs.exe [2013-06-24 182184]
R2 rpcnet;Remote Procedure Call (RPC) Net; C:\WINDOWS\system32\rpcnet.exe [2013-05-22 69792]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-09-16 3273088]
R2 ssinstall;SInstalátor; C:\WINDOWS\System32\ssins.exe [2013-10-01 2324216]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-24 116648]
S2 SafetyNutManager;SafetyNut Manager; C:\Program Files\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 Update GreyGray;Update GreyGray; C:\Program Files\GreyGray\updateGreyGray.exe []
S2 Util GreyGray;Util GreyGray; C:\Program Files\GreyGray\bin\utilGreyGray.exe []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2013-09-25 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-06-24 116648]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-07-20 754856]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

EDIT:
Všiml jsem si, že selhalo stažení HijackThis, stáhl jsem si ho tedy ručně, zde je log z něj:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:11:39, on 18.5.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\rpcnet.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\ssins.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ7M\ICQ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Uživatelka\Dokumenty\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=12902
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: UsProvider Class - {539F76FD-084E-4858-86D5-62F02F54AE86} - C:\Program Files\Minibar\Minibar.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [seznam-listicka-distribuce] "C:\Program Files\Seznam.cz\distribution\szninstall.exe" -s -d listicka 1 szn-software-listicka cz.seznam.software.autoupdate
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [cz.seznam.software.autoupdate] "C:\Documents and Settings\Uživatelka\Data aplikací\Seznam.cz\szninstall.exe" -c
O4 - HKCU\..\Run: [cz.seznam.software.szndesktop] "C:\Documents and Settings\Uživatelka\Data aplikací\Seznam.cz\bin\wszndesktop.exe" -q
O4 - HKCU\..\Run: [SpeedUpMyComputer] C:\Program Files\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as
O4 - HKCU\..\Run: [FixMyRegistry] C:\Program Files\SmartTweak\FixMyRegistry\FixMyRegistry.exe /ot /as
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Visit AppsHat.com - {AAA38851-3CFF-475F-B5E0-720D3645E4A5} - C:\Program Files\Minibar\Minibar.dll (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\WINDOWS\system32\rpcnet.exe
O23 - Service: SafetyNut Manager (SafetyNutManager) - Unknown owner - C:\Program Files\Browser Tab Search by Ask\SafetyNut\SafetyNutManager.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SInstalátor (ssinstall) - PS Media s.r.o. - C:\WINDOWS\System32\ssins.exe
O23 - Service: Update GreyGray - Unknown owner - C:\Program Files\GreyGray\updateGreyGray.exe (file missing)
O23 - Service: Util GreyGray - Unknown owner - C:\Program Files\GreyGray\bin\utilGreyGray.exe (file missing)

--
End of file - 9509 bytes

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

• Ulozte nejlepe na plochu
• Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
• Probehne vytvoreni zalohy a nasledne prohledavani
• Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Scan a nasledne Clean
• Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Log z JRT:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by U§ivatelka on ne 18.05.2014 at 17:22:22,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] update greygray
Successfully deleted: [Service] update greygray



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\speedupmycomputer
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\winamptbserver.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smarttweak
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\firstsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\winamp toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\updater.amiupd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltbsearch.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.aoltoolband.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.downloader.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarinfo.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptb.toolbarparams.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\winamptbserver.aoltoolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\winamp toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{99c91fc5-db5b-4aa0-bb70-5d89c5a4df96}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8282CD88-DB17-46F6-B08B-13D319ADB050}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\U§ivatelka\Data aplikacˇ\minibar"
Successfully deleted: [Folder] "C:\Documents and Settings\U§ivatelka\Data aplikacˇ\opencandy"
Successfully deleted: [Folder] "C:\Documents and Settings\U§ivatelka\Data aplikacˇ\swvupdater"
Successfully deleted: [Folder] "C:\Program Files\bettersurf"
Successfully deleted: [Folder] "C:\Program Files\greygray"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files\minibar"
Successfully deleted: [Folder] "C:\Program Files\smarttweak"
Successfully deleted: [Folder] "C:\Program Files\winamp toolbar"
Successfully deleted: [Folder] "C:\Program Files\Common Files\software update utility"



~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\U§ivatelka\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mpcknfcdcgpffjddjeceioobdelceffo





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on ne 18.05.2014 at 17:27:01,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Log z AdwCleaneru:

# AdwCleaner v3.208 - Report created 18/05/2014 at 17:29:47
# Updated 11/05/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Uživatelka - HOME-EA37342991
# Running from : C:\Documents and Settings\Uživatelka\Plocha\adwcleaner_3.208.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622
[#] Service Deleted : SafetyNutManager

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\RegClean
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar
Folder Deleted : C:\Program Files\Better-Surf
Folder Deleted : C:\Documents and Settings\Uživatelka\Local Settings\Data aplikací\AppsHat Mobile Apps
Folder Deleted : C:\Documents and Settings\Uživatelka\Local Settings\Data aplikací\Minibar
Folder Deleted : C:\Documents and Settings\Uživatelka\Local Settings\Data aplikací\Winamp Toolbar
Folder Deleted : C:\Documents and Settings\Uživatelka\Nabídka Start\Programy\SmartTweak Software
[!] Folder Deleted : C:\Documents and Settings\Uživatelka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\poheodfamflhhhdcmjfeggbgigeefaco

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [ext@bettersurfplus.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nhogbcndagiknbfomjgdeghehkljalhi
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\poheodfamflhhhdcmjfeggbgigeefaco
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [FixMyRegistry]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0B8F85AE-22C7-4EF3-AE53-1F0B7AAC6D83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1824FF90-C98E-48A6-838F-E3B6572B0C77}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{539F76FD-084E-4858-86D5-62F02F54AE86}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8271B5D6-76D3-4ABF-AEB3-1721161C76BC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE60E6ED-49DD-4099-8B5E-386A4908D5D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06E50566-0AB7-431C-841D-62794727DAF9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{26E7211D-0650-43CF-8498-4C81E83AEAAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BEAA0C04-ED15-4C17-800B-28716025A4E4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE60E6ED-49DD-4099-8B5E-386A4908D5D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AA74D58F-ACD0-450D-A85E-6C04B171C044}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AAA38851-3CFF-475F-B5E0-720D3645E4A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{539F76FD-084E-4858-86D5-62F02F54AE86}]
Key Deleted : HKLM\Software\BetterSurf
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\Minibar
Key Deleted : HKLM\Software\SafetyNut
Key Deleted : HKLM\Software\Speedchecker Limited
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\AppsHat Mobile Apps
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AppsHat Mobile Apps
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FLV Player
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\bi_uninstaller
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SpeedUpMyComputer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Google Chrome v34.0.1847.137

[ File : C:\Documents and Settings\Uživatelka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=210&systemid=488&v=n12521-347&apn_uid=1853406017824150&apn_dtid=TCH001&o=APN11459&apn_ptnrs=AG1&q={searchTerms}
Deleted [Homepage] : hxxp://www.search.ask.com/?o=APN11459&gct=hp&d ... 21-347&t=4
Deleted [Extension] : poheodfamflhhhdcmjfeggbgigeefaco

*************************

AdwCleaner[R0].txt - [12147 octets] - [18/05/2014 17:29:00]
AdwCleaner[S0].txt - [11725 octets] - [18/05/2014 17:29:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11786 octets] ##########

Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
• Do okna vlozte skript nize

• Kód: Vybrat vše

  autoclean;
  emptyclsid;
  iedefaults;
  FFdefaults;
  CHRdefaults;
  emptyalltemp;
  resethosts;
  

• Nasledne kliknete na Run Script
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by U§ivatelka on ne 18.05.2014 at 23:12:54,79.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\UIVATE~1\Plocha\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

18.5.2014 23:15:22 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-682003330-884357618-1417001333-1004\Software\Microsoft\Internet Explorer\Approved Extensions\{1824FF90-C98E-48A6-838F-E3B6572B0C77} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\12x3q4@3244516.com deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Util GreyGray deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Util GreyGray deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Util GreyGray deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Util GreyGray deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Update GreyGray deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Update GreyGray deleted successfully

==== Deleting Files \ Folders ======================

C:\DOCUME~1\ALLUSE~1\DATAAP~1\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} deleted
C:\extensions.sqlite deleted
C:\extensions.ini deleted
C:\DOCUME~1\ALLUSE~1\DATAAP~1\ICQ deleted
C:\WINDOWS\SET3.tmp deleted
C:\WINDOWS\SET4.tmp deleted
C:\WINDOWS\SET8.tmp deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [14.10.2013 21:20]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[16.09.2013 12:31]
mmifolfpllfdhilecpdpmemhelmanajl - C:\Program Files\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.seznam.cz/?clid=12902"
"ICQ Search"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="C:\\Documents and Settings\\All Users\\Data aplikacˇ\\ICQ\\ICQNewTab\\newTab.html"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"ICQ Search"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.seznam.cz/?clid=12902"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE8SRC"
{107B754C-C0BC-4B28-9D44-34BC54366D4F} Zboží.cz Url="http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12902"
{2506E15F-276B-4A72-8D91-E6E9F20DB497} Encyklopedie Seznam Url="http://encyklopedie.seznam.cz/search?q= ... arch_12902"
{5A4437D5-93E5-4252-81E9-58EACD7C25A9} Bing Url="http://www.bing.com/search?FORM=UP97DF& ... -SearchBox"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"
{6C39C052-B412-4BF3-B381-6ADE47573A67} Slovník CZ/EN Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_12902"
{8F942570-24A5-4329-BC0A-226484D66199} Seznam TV Program Url="http://tv.seznam.cz/hledej?w={searchTer ... arch_12902"
{91C2EFFC-16EA-4D0B-B79F-51EBD376600D} Firmy.cz Url="http://www.firmy.cz/?q={searchTerms}&so ... arch_12902"
{A137101E-7AEB-42E3-BFF9-EB6FCD67FADE} Mapy.cz Url="http://www.mapy.cz/?query={searchTerms} ... arch_12902"
{C60F4075-2D8E-4A68-BEB1-E9429A1B44EA} Slovník EN/CZ Url="http://slovnik.seznam.cz/?q={searchTerm ... arch_12902"
{E594AE21-9CDE-4720-8A76-CD06EBEC461D} Novinky.cz Url="http://www.novinky.cz/hledej?w={searchT ... arch_12902"

==== Reset Google Chrome ======================

Nothing found to reset

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mmifolfpllfdhilecpdpmemhelmanajl deleted successfully

==== Empty IE Cache ======================

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\UIVATE~1\Local Settings\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Documents and Settings\UIVATE~1\Local Settings\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=14 folders=5 2365109 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\RECYCLER successfully emptied

==== Deleting Files / Folders ======================

"C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Documents and Settings\UIVATE~1\Local Settings\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on ne 18.05.2014 at 23:39:50,78 ======================

Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100

Někde asi nastala chyba, FRST.txt obsahuje jen řádek "End of log". Krom něho se ale vygeneroval soubor FRST3.txt, přikládám tedy jeho obsah a pro jistotu v příloze soubor Addition.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-05-2014
Ran by Uživatelka (administrator) on HOME-EA37342991 on 19-05-2014 00:15:34
Running from C:\Documents and Settings\Uživatelka\Plocha
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.exe
(Skype Technologies S.A.) C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(PS Media s.r.o.) C:\WINDOWS\system32\ssins.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Documents and Settings\Uživatelka\Plocha\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [872448 2007-01-05] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [729088 2006-07-13] (Analog Devices, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1040384 2008-03-27] (Synaptics, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [177456 2008-06-03] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [3076144 2011-09-08] (ESET)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\.DEFAULT\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-682003330-884357618-1417001333-1004\...\Run: [ICQ] => C:\Program Files\ICQ7M\ICQ.exe [127040 2013-06-24] (ICQ, LLC.)
HKU\S-1-5-21-682003330-884357618-1417001333-1004\...\Run: [cz.seznam.software.autoupdate] => C:\Documents and Settings\Uživatelka\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-682003330-884357618-1417001333-1004\...\Run: [cz.seznam.software.szndesktop] => C:\Documents and Settings\Uživatelka\Data aplikací\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-682003330-884357618-1417001333-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Documents and Settings\Uživatelka\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/?clid=12902
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - CF28A15F4BC842498ACFF90CA05C2EB5 URL = http://search.aol.com/aol/search?s_it=t ... earchTerms}
SearchScopes: HKCU - {107B754C-C0BC-4B28-9D44-34BC54366D4F} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_12902
SearchScopes: HKCU - {2506E15F-276B-4A72-8D91-E6E9F20DB497} URL = http://encyklopedie.seznam.cz/search?q= ... arch_12902
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={searchT ... {startPage}
SearchScopes: HKCU - {6C39C052-B412-4BF3-B381-6ADE47573A67} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12902
SearchScopes: HKCU - {8F942570-24A5-4329-BC0A-226484D66199} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_12902
SearchScopes: HKCU - {91C2EFFC-16EA-4D0B-B79F-51EBD376600D} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_12902
SearchScopes: HKCU - {A137101E-7AEB-42E3-BFF9-EB6FCD67FADE} URL = http://www.mapy.cz/?query={searchTerms} ... arch_12902
SearchScopes: HKCU - {C60F4075-2D8E-4A68-BEB1-E9429A1B44EA} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_12902
SearchScopes: HKCU - {E594AE21-9CDE-4720-8A76-CD06EBEC461D} URL = http://www.novinky.cz/hledej?w={searchT ... arch_12902
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Toolbar: HKCU - &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKCU - &Odkazy - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.37 213.46.172.46

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013-09-28]

========================== Services (Whitelisted) =================

R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [974944 2011-09-08] (ESET)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182184 2013-06-24] (Oracle Corporation)
R2 rpcnet; C:\WINDOWS\system32\rpcnet.exe [69792 2013-05-22] (Absolute Software Corp.)
R2 Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3273088 2013-09-16] (Skype Technologies S.A.)
R2 ssinstall; C:\WINDOWS\System32\ssins.exe [2324216 2013-10-01] (PS Media s.r.o.)

==================== Drivers (Whitelisted) ====================

R1 aswKbd; C:\WINDOWS\system32\Drivers\aswKbd.sys [21576 2013-08-30] (AVAST Software)
R3 BCM43XX; C:\WINDOWS\System32\DRIVERS\bcmwl5.sys [1287552 2013-05-22] (Broadcom Corporation)
R3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [530861 2007-02-14] (Broadcom Corporation.)
R3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [30459 2007-02-14] (Broadcom Corporation.)
R3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [868298 2007-02-14] (Broadcom Corporation.)
R3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [149123 2007-02-14] (Broadcom Corporation.)
R3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [67960 2007-02-14] (Broadcom Corporation.)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [154136 2011-08-09] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [118104 2011-08-04] (ESET)
R2 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [147480 2011-08-04] (ESET)
R3 Epfwndis; C:\WINDOWS\System32\DRIVERS\Epfwndis.sys [39824 2011-08-04] (ESET)
R1 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [61936 2011-08-04] (ESET)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [5504 2012-06-03] ()
S4 IntelIde; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-19 00:15 - 2014-05-19 00:15 - 00012171 _____ () C:\Documents and Settings\Uživatelka\Plocha\FRST.txt
2014-05-19 00:15 - 2014-05-19 00:15 - 00000000 ____D () C:\FRST
2014-05-19 00:14 - 2014-05-19 00:14 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Uživatelka\Plocha\FRSTLauncher.exe
2014-05-19 00:11 - 2014-05-19 00:11 - 01056768 _____ (Farbar) C:\Documents and Settings\Uživatelka\Plocha\FRST.exe
2014-05-18 23:37 - 2014-05-18 23:12 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-05-18 23:14 - 2014-05-18 23:39 - 00008266 _____ () C:\zoek-results.log
2014-05-18 23:12 - 2014-05-18 23:33 - 00000000 ____D () C:\zoek_backup
2014-05-18 23:11 - 2014-05-18 23:11 - 01285120 _____ () C:\Documents and Settings\Uživatelka\Plocha\zoek.exe
2014-05-18 17:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-18 17:28 - 2014-05-18 17:31 - 00000000 ____D () C:\AdwCleaner
2014-05-18 17:22 - 2014-05-18 17:22 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-18 17:20 - 2014-05-18 17:21 - 01325827 _____ () C:\Documents and Settings\Uživatelka\Plocha\adwcleaner_3.208.exe
2014-05-18 17:20 - 2014-05-18 17:20 - 01016261 _____ (Thisisu) C:\Documents and Settings\Uživatelka\Plocha\JRT.exe
2014-05-18 16:53 - 2014-05-18 17:10 - 00000000 ____D () C:\Program Files\trend micro
2014-05-18 16:53 - 2014-05-18 16:53 - 00000000 ____D () C:\rsit
2014-05-11 18:24 - 2014-05-11 18:29 - 00000000 ____D () C:\Documents and Settings\Uživatelka\Plocha\u dědy
2014-05-10 17:34 - 2014-05-11 18:13 - 00000000 ____D () C:\Documents and Settings\Uživatelka\Plocha\Ještěd 2014
2014-05-05 21:40 - 2014-05-05 21:41 - 00005591 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-04-24 21:23 - 2014-05-10 17:35 - 00000000 ____D () C:\Documents and Settings\Uživatelka\Plocha\sraz
2014-04-24 21:00 - 2014-04-24 21:01 - 00045766 _____ () C:\Documents and Settings\Uživatelka\Plocha\toni duben.htm
2014-04-21 22:11 - 2014-04-21 22:11 - 00001033 _____ () C:\Documents and Settings\Uživatelka\Plocha\Zástupce - Skaph@CLCK-Weekend,18.4.2014.lnk

==================== One Month Modified Files and Folders =======

2014-05-19 00:15 - 2014-05-19 00:15 - 00012171 _____ () C:\Documents and Settings\Uživatelka\Plocha\FRST.txt
2014-05-19 00:15 - 2014-05-19 00:15 - 00000000 ____D () C:\FRST
2014-05-19 00:15 - 2013-05-20 20:03 - 00000000 ____D () C:\Documents and Settings\Uživatelka\Plocha
2014-05-19 00:14 - 2014-05-19 00:14 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Uživatelka\Plocha\FRSTLauncher.exe
2014-05-19 00:14 - 2013-05-20 20:03 - 00000000 ___HD () C:\Documents and Settings\Uživatelka\Local Settings\Data aplikací
2014-05-19 00:11 - 2014-05-19 00:11 - 01056768 _____ (Farbar) C:\Documents and Settings\Uživatelka\Plocha\FRST.exe
2014-05-18 23:43 - 2013-06-24 19:04 - 00000948 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-18 23:42 - 2013-06-24 19:36 - 00000000 ____D () C:\Documents and Settings\Uživatelka\Data aplikací\ICQ
2014-05-18 23:42 - 2013-05-20 19:57 - 01567431 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-18 23:39 - 2014-05-18 23:14 - 00008266 _____ () C:\zoek-results.log
2014-05-18 23:39 - 2014-03-13 20:04 - 00000232 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-05-18 23:39 - 2013-06-24 20:10 - 00000000 _____ () C:\WINDOWS\system32\sinstall.log
2014-05-18 23:39 - 2013-06-24 19:04 - 00000944 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-18 23:39 - 2013-05-22 12:04 - 00069792 _____ (Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.dll
2014-05-18 23:39 - 2013-05-20 21:47 - 00017408 _____ () C:\WINDOWS\system32\rpcnetp.exe
2014-05-18 23:39 - 2013-05-20 20:02 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-18 23:38 - 2013-05-20 20:03 - 00000178 ___SH () C:\Documents and Settings\Uživatelka\ntuser.ini
2014-05-18 23:38 - 2013-05-20 20:02 - 00032606 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-18 23:33 - 2014-05-18 23:12 - 00000000 ____D () C:\zoek_backup
2014-05-18 23:33 - 2013-05-20 21:47 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2014-05-18 23:12 - 2014-05-18 23:37 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-05-18 23:11 - 2014-05-18 23:11 - 01285120 _____ () C:\Documents and Settings\Uživatelka\Plocha\zoek.exe
2014-05-18 17:32 - 2010-09-23 11:04 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-18 17:31 - 2014-05-18 17:28 - 00000000 ____D () C:\AdwCleaner
2014-05-18 17:31 - 2013-06-14 18:45 - 00000411 _____ () C:\WINDOWS\wiadebug.log
2014-05-18 17:31 - 2013-06-14 18:45 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-18 17:30 - 2013-05-20 20:03 - 00000000 ___RD () C:\Documents and Settings\Uživatelka\Nabídka Start\Programy
2014-05-18 17:23 - 2013-05-20 20:03 - 00000000 __RHD () C:\Documents and Settings\Uživatelka\Data aplikací
2014-05-18 17:22 - 2014-05-18 17:22 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-18 17:21 - 2014-05-18 17:20 - 01325827 _____ () C:\Documents and Settings\Uživatelka\Plocha\adwcleaner_3.208.exe
2014-05-18 17:20 - 2014-05-18 17:20 - 01016261 _____ (Thisisu) C:\Documents and Settings\Uživatelka\Plocha\JRT.exe
2014-05-18 17:10 - 2014-05-18 16:53 - 00000000 ____D () C:\Program Files\trend micro
2014-05-18 16:53 - 2014-05-18 16:53 - 00000000 ____D () C:\rsit
2014-05-17 22:17 - 2013-06-27 17:34 - 00000000 ____D () C:\Documents and Settings\Uživatelka\Data aplikací\vlc
2014-05-17 06:20 - 2013-06-24 18:39 - 00347473 _____ () C:\WINDOWS\FaxSetup.log
2014-05-17 06:20 - 2013-06-24 18:39 - 00171162 _____ () C:\WINDOWS\ocgen.log
2014-05-17 06:20 - 2013-06-24 18:39 - 00135241 _____ () C:\WINDOWS\tsoc.log
2014-05-17 06:20 - 2013-06-24 18:39 - 00115743 _____ () C:\WINDOWS\comsetup.log
2014-05-17 06:20 - 2013-06-24 18:39 - 00070475 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-17 06:20 - 2013-06-24 18:39 - 00055396 _____ () C:\WINDOWS\iis6.log
2014-05-17 06:20 - 2013-06-24 18:39 - 00021782 _____ () C:\WINDOWS\ocmsn.log
2014-05-17 06:20 - 2013-06-24 18:39 - 00017644 _____ () C:\WINDOWS\msgsocm.log
2014-05-17 06:20 - 2013-06-24 18:39 - 00001917 _____ () C:\WINDOWS\imsins.log
2014-05-17 06:20 - 2013-06-12 19:57 - 00372312 _____ () C:\WINDOWS\setupapi.log
2014-05-16 19:05 - 2013-06-14 19:03 - 00003218 _____ () C:\WINDOWS\setupact.log
2014-05-15 19:47 - 2013-06-24 19:06 - 00001819 _____ () C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
2014-05-15 19:27 - 2013-07-25 13:37 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-15 19:25 - 2013-05-22 14:26 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-14 19:49 - 2014-01-17 20:39 - 00000000 ____D () C:\Documents and Settings\Uživatelka\Data aplikací\BitTorrent
2014-05-14 19:49 - 2013-05-20 20:03 - 00000000 ___RD () C:\Documents and Settings\Uživatelka\Nabídka Start
2014-05-12 19:58 - 2013-05-22 11:36 - 00000000 ____D () C:\Documents and Settings\Uživatelka\Dokumenty\Bluetooth Exchange Folder
2014-05-11 18:33 - 2013-07-05 20:21 - 00313344 ___SH () C:\Documents and Settings\Uživatelka\Plocha\Thumbs.db
2014-05-11 18:29 - 2014-05-11 18:24 - 00000000 ____D () C:\Documents and Settings\Uživatelka\Plocha\u dědy
2014-05-11 18:13 - 2014-05-10 17:34 - 00000000 ____D () C:\Documents and Settings\Uživatelka\Plocha\Ještěd 2014
2014-05-10 17:35 - 2014-04-24 21:23 - 00000000 ____D () C:\Documents and Settings\Uživatelka\Plocha\sraz
2014-05-10 17:35 - 2014-01-16 22:12 - 00000000 ____D () C:\Documents and Settings\Uživatelka\Plocha\Mix foto
2014-05-08 19:22 - 2014-03-13 20:04 - 00000226 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2014-05-06 21:05 - 2013-06-24 20:12 - 00000000 ____D () C:\Documents and Settings\Uživatelka\Data aplikací\Skype
2014-05-05 21:43 - 2013-09-21 13:06 - 00000000 ____D () C:\Documents and Settings\Uživatelka\Plocha\PODCASTY
2014-05-05 21:41 - 2014-05-05 21:40 - 00005591 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-05-05 21:41 - 2013-06-24 18:39 - 00038782 _____ () C:\WINDOWS\updspapi.log
2014-05-05 21:41 - 2013-06-24 18:39 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-30 10:12 - 2008-04-14 08:51 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 10:12 - 2008-04-14 08:51 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-24 21:31 - 2013-06-14 18:47 - 00000000 ____D () C:\Documents and Settings\Uživatelka\Plocha\Marlena
2014-04-24 21:01 - 2014-04-24 21:00 - 00045766 _____ () C:\Documents and Settings\Uživatelka\Plocha\toni duben.htm
2014-04-21 22:11 - 2014-04-21 22:11 - 00001033 _____ () C:\Documents and Settings\Uživatelka\Plocha\Zástupce - Skaph@CLCK-Weekend,18.4.2014.lnk

Files to move or delete:
====================
C:\Documents and Settings\Uživatelka\sqlite3.dll


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe
[2008-04-14 08:52] - [2008-04-14 08:52] - 1034240 ____A (Microsoft Corporation) 27afd587c462e280ee046b8cca3c2cd1

C:\WINDOWS\system32\winlogon.exe
[2008-04-14 08:52] - [2008-04-14 08:52] - 0507904 ____A (Microsoft Corporation) cddb1f8e1aea356f3ad106f2cf9b7fea

C:\WINDOWS\system32\svchost.exe
[2008-04-14 08:52] - [2008-04-14 08:52] - 0014336 ____A (Microsoft Corporation) be4a520e29b6391f49e79ccc52044d93

C:\WINDOWS\system32\services.exe
[2008-04-14 08:52] - [2009-02-09 13:25] - 0111104 ____A (Microsoft Corporation) 9ef697af07bb8dd82c3b02ca953a95b7

C:\WINDOWS\system32\User32.dll
[2008-04-14 08:52] - [2008-04-14 08:52] - 0578560 ____A (Microsoft Corporation) e16e0990967374e76f3e40cacafd3d53

C:\WINDOWS\system32\userinit.exe
[2008-04-14 08:52] - [2008-04-14 08:52] - 0026112 ____A (Microsoft Corporation) 7dc1830f22e7d275b438127b68030239

C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys
[2008-04-14 07:42] - [2008-04-14 07:42] - 0052480 ____A (Microsoft Corporation) 28a4b296b47782173c346e376cb374d1




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: ESET Smart Security 5.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\Uivatelka\Plocha" je 91974 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ7M\\ICQ.exe"="C:\\Program Files\\ICQ7M\\ICQ.exe:*:Enabled:ICQ7M"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\ICQ7M\\ICQ.exe"="C:\\Program Files\\ICQ7M\\ICQ.exe:*:Enabled:ICQ7M"
"C:\\Program Files\\Winamp\\winamp.exe"="C:\\Program Files\\Winamp\\winamp.exe:*:Enabled:Winamp"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000


==================== End Of Log ==============================

Super, udelal jste to dobre

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
  HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
  HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
  HKU\.DEFAULT\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
  HKU\S-1-5-21-682003330-884357618-1417001333-1004\...\Run: [ICQ] => C:\Program Files\ICQ7M\ICQ.exe [127040 2013-06-24] (ICQ, LLC.)
  HKU\S-1-5-21-682003330-884357618-1417001333-1004\...\Run: [cz.seznam.software.autoupdate] => C:\Documents and Settings\Uživatelka\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
  HKU\S-1-5-21-682003330-884357618-1417001333-1004\...\Run: [cz.seznam.software.szndesktop] => C:\Documents and Settings\Uživatelka\Data aplikací\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
  HKU\S-1-5-21-682003330-884357618-1417001333-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
  Startup: C:\Documents and Settings\Uživatelka\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk
  
  2014-05-19 00:14 - 2014-05-19 00:14 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Uživatelka\Plocha\FRSTLauncher.exe
  2014-05-18 23:37 - 2014-05-18 23:12 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
  2014-05-18 23:14 - 2014-05-18 23:39 - 00008266 _____ () C:\zoek-results.log
  2014-05-18 23:12 - 2014-05-18 23:33 - 00000000 ____D () C:\zoek_backup
  2014-05-18 23:11 - 2014-05-18 23:11 - 01285120 _____ () C:\Documents and Settings\Uživatelka\Plocha\zoek.exe
  2014-05-18 17:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
  2014-05-18 17:20 - 2014-05-18 17:21 - 01325827 _____ () C:\Documents and Settings\Uživatelka\Plocha\adwcleaner_3.208.exe
  2014-05-18 17:20 - 2014-05-18 17:20 - 01016261 _____ (Thisisu) C:\Documents and Settings\Uživatelka\Plocha\JRT.exe
  2014-05-18 16:53 - 2014-05-18 17:10 - 00000000 ____D () C:\Program Files\trend micro
  2014-05-18 16:53 - 2014-05-18 16:53 - 00000000 ____D () C:\rsit
  
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
  Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
  Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
  
  Hosts:
  End
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-05-2014
Ran by Uživatelka at 2014-05-19 15:05:02 Run:1
Running from C:\Documents and Settings\Uživatelka\Plocha
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [seznam-listicka-distribuce] => C:\Program Files\Seznam.cz\distribution\szninstall.exe [1062472 2013-05-16] ()
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\.DEFAULT\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-682003330-884357618-1417001333-1004\...\Run: [ICQ] => C:\Program Files\ICQ7M\ICQ.exe [127040 2013-06-24] (ICQ, LLC.)
HKU\S-1-5-21-682003330-884357618-1417001333-1004\...\Run: [cz.seznam.software.autoupdate] => C:\Documents and Settings\Uživatelka\Data aplikací\Seznam.cz\szninstall.exe [1062472 2013-05-16] ()
HKU\S-1-5-21-682003330-884357618-1417001333-1004\...\Run: [cz.seznam.software.szndesktop] => C:\Documents and Settings\Uživatelka\Data aplikací\Seznam.cz\bin\wszndesktop.exe [92664 2013-04-12] ()
HKU\S-1-5-21-682003330-884357618-1417001333-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\Uživatelka\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk

2014-05-19 00:14 - 2014-05-19 00:14 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Uživatelka\Plocha\FRSTLauncher.exe
2014-05-18 23:37 - 2014-05-18 23:12 - 00024064 _____ () C:\WINDOWS\zoek-delete.exe
2014-05-18 23:14 - 2014-05-18 23:39 - 00008266 _____ () C:\zoek-results.log
2014-05-18 23:12 - 2014-05-18 23:33 - 00000000 ____D () C:\zoek_backup
2014-05-18 23:11 - 2014-05-18 23:11 - 01285120 _____ () C:\Documents and Settings\Uživatelka\Plocha\zoek.exe
2014-05-18 17:29 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-18 17:20 - 2014-05-18 17:21 - 01325827 _____ () C:\Documents and Settings\Uživatelka\Plocha\adwcleaner_3.208.exe
2014-05-18 17:20 - 2014-05-18 17:20 - 01016261 _____ (Thisisu) C:\Documents and Settings\Uživatelka\Plocha\JRT.exe
2014-05-18 16:53 - 2014-05-18 17:10 - 00000000 ____D () C:\Program Files\trend micro
2014-05-18 16:53 - 2014-05-18 16:53 - 00000000 ____D () C:\rsit

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe

Hosts:
End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\seznam-listicka-distribuce => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck => Value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKU\S-1-5-21-682003330-884357618-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ => Value deleted successfully.
HKU\S-1-5-21-682003330-884357618-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKU\S-1-5-21-682003330-884357618-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.szndesktop => Value deleted successfully.
HKU\S-1-5-21-682003330-884357618-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS => Value deleted successfully.
C:\Documents and Settings\Uživatelka\Nabídka Start\Programy\Po spuštění\Adobe Gamma.lnk => Moved successfully.
C:\Documents and Settings\Uživatelka\Plocha\FRSTLauncher.exe => Moved successfully.
C:\WINDOWS\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Documents and Settings\Uživatelka\Plocha\zoek.exe => Moved successfully.
C:\WINDOWS\system32\sqlite3.dll => Moved successfully.
C:\Documents and Settings\Uživatelka\Plocha\adwcleaner_3.208.exe => Moved successfully.
C:\Documents and Settings\Uživatelka\Plocha\JRT.exe => Moved successfully.
C:\Program Files\trend micro => Moved successfully.
C:\rsit => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

Fajn, jak se chova PC

Zatím to vypadá, že je v pořádku. předtím varovné okno vyskočilo chvíli po startu počítače, ted už pár hodin nic, takže to vypadá, že problém je vyřešen! Přítelkyně vám děkuje!

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

Téma se může uzavřít, provedl jsem vyčištění a vše šlape, jak má. Díky!

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat