Vyskakuje ActivClient

[roskild]

Zdravím,stále mi vyskakujú tieto okná:

Musím asi 10 krát stlačiť cancel aby som to zrušil

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16545 BrowserJavaVersion: 10.55.2
Run by Ingrida at 9:07:13 on 2014-08-08
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.421.1051.18.3066.1661 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\windows\system32\atiesrxx.exe
C:\windows\system32\SLsvc.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\Hpservice.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\taskeng.exe
C:\windows\System32\spoolsv.exe
c:\Program Files\ActivIdentity\ActivClient\accoca.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\AEADISRV.EXE
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\MyPC Backup\BackupStack.exe
c:\Program Files\ActivIdentity\ActivClient\acevents.exe
c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
C:\windows\system32\taskeng.exe
c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\PDF Complete\pdfsvc.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\servicing\TrustedInstaller.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\windows\system32\msiexec.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Opera\23.0.1522.72\opera.exe
C:\Program Files\Opera\23.0.1522.72\opera_crashreporter.exe
C:\Program Files\Opera\23.0.1522.72\opera.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Opera\23.0.1522.72\opera.exe
C:\windows\system32\wuauclt.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
c:\windows\system32\MsiExec.exe
C:\windows\system32\conime.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\System32\svchost.exe -k Cognizance
C:\windows\system32\svchost.exe -k rpcss
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.default-search.net?sid=503&aid=101& ... 85&src=hmp
mStart Page = about:blank
BHO: BHO_Startup Class: {3134413B-49B4-425C-98A5-893C1F195601} - c:\program files\hewlett-packard\file sanitizer\IEBHO.dll
BHO: Linkey: {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - c:\users\ingrida\appdata\local\linkey\ieextension\iedll.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\users\ingrida\appdata\roaming\micros~1\windows\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\HPDIGI~1.LNK -
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:153
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{82221D49-3DBA-4350-908C-2C85D0AFF56A} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{DCE07D79-5B33-4135-A8E0-3BC92B5C1F09} : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= APSHook.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ingrida\appdata\roaming\mozilla\firefox\profiles\f12jha0d.default\
FF - prefs.js: browser.search.selectedEngine - default-search.net
FF - prefs.js: browser.startup.homepage - hxxp://www.default-search.net?sid=503&aid=101& ... 85&src=hmp
FF - prefs.js: keyword.URL - hxxp://www.default-search.net/search?sid=503&a ... &src=ds&p=
FF - component: c:\users\ingrida\appdata\roaming\mozilla\firefox\profiles\f12jha0d.default\extensions\firesheep@codebutler.com\platform\winnt_x86-msvc\components\mozpopen.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-7-17 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-7-17 175176]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2008-5-14 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2008-5-14 12928]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-7-17 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-7-17 369584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-5-17 242240]
R1 F06DEFF2-5B9C-490D-910F-35D3A91196222;F06DEFF2-5B9C-490D-910F-35D3A91196222;c:\program files\settings manager\systemk\systemkmgrc2.cfg [2014-6-21 34192]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-8-6 207688]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2008-5-14 12496]
R2 accoca;ActivClient Middleware Service;c:\program files\actividentity\activclient\accoca.exe [2007-5-16 182576]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-13 172032]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-7-17 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-7-17 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-7-17 46808]
R2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2014-3-14 36392]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\hewlett-packard\hp protecttools security manager\PTChangeFilterService.exe [2008-5-14 34184]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2008-5-14 256512]
R2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\hewlett-packard\file sanitizer\HPFSService.exe [2008-8-6 77824]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-4-7 26168]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2014-4-4 418376]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-27 50704]
R2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2012-9-9 625816]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-8-6 576024]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-4-4 22856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2014-4-4 701512]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-6 227896]
S3 MfeAVFK;McAfee Inc. MfeAVFK;c:\windows\system32\drivers\MfeAVFK.sys [2008-8-6 79240]
S3 MfeBOPK;McAfee Inc. MfeBOPK;c:\windows\system32\drivers\MfeBOPK.sys [2008-8-6 35240]
S3 MfeRKDK;McAfee Inc. MfeRKDK;c:\windows\system32\drivers\MfeRKDK.sys [2008-8-6 34152]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2008-4-8 1112560]
S3 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-07-19 15:14:34 -------- d-----w- c:\users\ingrida\appdata\local\Opera Software
2014-07-19 15:14:33 -------- d-----w- c:\users\ingrida\appdata\roaming\Opera Software
2014-07-15 19:35:03 -------- d-----w- c:\programdata\systemk
2014-07-10 06:27:13 11204096 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2014-07-10 06:27:43 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-10 06:27:42 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 9:08:12,42 ===============

[Rudy]

Zdravím!
Dejte log FRST: http://forum.viry.cz/viewtopic.php?f=13&t=133100 .

[roskild]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:9-08-2014
Ran by Ingrida (administrator) on INGRIDA-PC on 09-08-2014 10:29:11
Running from C:\Users\Ingrida\Desktop
Platform: Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86) OS Language: Slovenčina (Slovensko)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
(SafeBoot International) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accoca.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Agere Systems) C:\Windows\System32\agrsmsvc.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
(Bioscrypt Inc.) C:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(InterVideo) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Pandora.TV) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(BitTorrent, Inc.) C:\Program Files\uTorrent\uTorrent.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\.DEFAULT\...\Run: [Nokia.PCSync] => C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
HKU\S-1-5-21-425153742-1188894343-820399068-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\S-1-5-21-425153742-1188894343-820399068-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-01-09] (Google Inc.)
AppInit_DLLs: APSHook.dll => C:\windows\system32\APSHook.dll [81680 2008-05-21] (Bioscrypt Inc.)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
Startup: C:\Users\Ingrida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
HKLM\...\AppCertDlls: [x64] -> c:\program files\settings manager\systemk\x64\sysapcrt.dll
HKLM\...\AppCertDlls: [x86] -> C:\Program Files\Settings Manager\systemk\sysapcrt.dll [489488 2014-07-09] ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=503&a ... 85&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?si ... earchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?si ... earchTerms}
BHO: BHO_Startup Class -> {3134413B-49B4-425C-98A5-893C1F195601} -> C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\Ingrida\AppData\Local\Linkey\IEExtension\iedll.dll (Aztec Media Inc)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: IEExtension.VDownloaderBHO -> {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Credential Manager for HP ProtectTools -> {DF21F1DB-80C6-11D3-9483-B03D0EC10000} -> c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/tri ... /wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: default-search.net
FF Homepage: hxxp://www.default-search.net?sid=503&aid=101& ... 85&src=hmp
FF Keyword.URL: hxxp://www.default-search.net/search?sid=503&a ... &src=ds&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\searchplugins\default-search.xml
FF SearchPlugin: C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\searchplugins\icq-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\atlas-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\azet-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\default-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\dunaj-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\slovnik-sk.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\zoznam-sk.xml
FF Extension: VideoDownloadConverter - C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com [2014-07-13]
FF Extension: Flash Video Downloader - Full HD Download - C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\Extensions\artur.dubovoy@gmail.com [2014-05-18]
FF Extension: Firesheep - C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\Extensions\firesheep@codebutler.com [2014-03-05]
FF Extension: DownloadHelper - C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-05-18]
FF Extension: Fast Video Download - C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2014-06-22]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-07-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-07-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-07-12]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-07-12]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-17]
FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files\VDownloader\Addons\FireFox
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-07-10]

Chrome:
=======
CHR HomePage: hxxp://www.zoznam.sk/
CHR RestoreOnStartup: "hxxp://www.warforum.cz/viewtopic.php?t=255086", "chrome://downloads/", "hxxp://www.bontonland.cz/?cat_id=SU6232-2&aid=D1D4G7F5S6G7H8", "hxxp://tracker.cztorrent.net/upload", "hxxp://tracker.cztorrent.net/", "hxxp://www.default-search.net?sid=503&aid=101& ... 85&src=hmp", "hxxp://www.default-search.net?sid=503&aid=101& ... 85&src=hmp"
CHR StartupUrls: "hxxp://www.default-search.net?sid=503&aid=101& ... 85&src=hmp"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Winamp Application Detector) - C:\Program Files\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Dokumenty Google) - C:\Users\Ingrida\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-15]
CHR Extension: (Video Downloader professional) - C:\Users\Ingrida\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-05-18]
CHR Extension: (FVD Downloader) - C:\Users\Ingrida\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-05-18]
CHR HKLM\...\Chrome\Extension: [eoccbpoodnckjdnackiffhjfkogfhnhh] - C:\Program Files\VDownloader\Addons\Chrome.crx [2014-05-18]
CHR HKLM\...\Chrome\Extension: [jdejokknogmkgekcbkobljnbnafcbdlg] - C:\Program Files\OApps\chrome-sl.crx [2014-05-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 accoca; c:\Program Files\ActivIdentity\ActivClient\accoca.exe [182576 2007-05-16] (ActivIdentity)
R2 ASBroker; c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [111888 2008-05-21] (Bioscrypt Inc.)
R2 ASChannel; c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll [137488 2008-05-21] (Bioscrypt Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36392 2014-03-14] (Just Develop It)
R2 HP ProtectTools Service; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [34184 2008-05-14] (Hewlett-Packard Development Company, L.P)
R2 HpFkCryptService; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [256512 2008-05-14] (SafeBoot International)
R2 HPFSService; C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe [77824 2008-05-02] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [225280 2007-03-13] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [131072 2007-03-13] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2011-04-16] (Hewlett-Packard Company) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [43520 2008-02-28] (Hewlett-Packard) [File not signed]
R2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [625816 2012-06-22] (Pandora.TV)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [576024 2008-05-12] (PDF Complete Inc)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53248 2008-02-28] (Hewlett-Packard) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [300544 2007-06-15] (Nokia.) [File not signed]
S4 TuneUp.Defrag; C:\windows\System32\TuneUpDefragService.exe [361216 2011-03-02] (TuneUp Software)
S4 TuneUp.ProgramStatisticsSvc; C:\windows\System32\TUProgSt.exe [604416 2011-03-02] (TuneUp Software)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswFsBlk; C:\windows\system32\Drivers\aswFsBlk.sys [29816 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [66336 2013-05-09] (AVAST Software)
R1 AswRdr; C:\windows\system32\Drivers\AswRdr.sys [49760 2013-05-09] (AVAST Software)
R0 aswRvrt; C:\windows\system32\Drivers\aswRvrt.sys [49376 2013-05-09] ()
R1 aswSnx; C:\windows\system32\Drivers\aswSnx.sys [770344 2013-07-17] (AVAST Software)
R1 aswSP; C:\windows\system32\Drivers\aswSP.sys [369584 2013-07-17] (AVAST Software)
R1 aswTdi; C:\windows\system32\Drivers\aswTdi.sys [56080 2013-05-09] (AVAST Software)
R0 aswVmm; C:\windows\system32\Drivers\aswVmm.sys [175176 2013-07-17] ()
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-05-17] (DT Soft Ltd)
R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files\Settings Manager\systemk\systemkmgrc2.cfg [34192 2014-07-09] (Aztec Media Inc)
R0 giveio; C:\windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79240 2008-07-14] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35240 2008-07-14] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [207688 2008-07-14] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34152 2008-07-14] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55176 2008-07-14] (McAfee, Inc.)
R2 npf; C:\windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
R3 ROCKEYNT; C:\windows\System32\DRIVERS\Rockey4.sys [22528 2009-04-12] (Feitian Technologies Co., Ltd.)
R1 RsvLock; C:\windows\system32\Drivers\RsvLock.sys [12496 2008-05-14] (SafeBoot International)
R0 SafeBoot; C:\windows\system32\Drivers\SafeBoot.sys [108752 2008-05-14] () [File not signed]
R0 SbAlg; C:\windows\system32\Drivers\SbAlg.sys [51376 2008-05-14] (SafeBoot N.V.)
R0 SbFsLock; C:\windows\system32\Drivers\SbFsLock.sys [12928 2008-05-14] (SafeBoot International)
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1810992 2009-03-27] ()
R0 speedfan; C:\windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
U5 AppMgmt; C:\windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 eabfiltr;
S4 udfs; system32\DRIVERS\udfs.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 10:29 - 2014-08-09 10:30 - 00024369 _____ () C:\Users\Ingrida\Desktop\FRST.txt
2014-08-09 10:28 - 2014-08-09 10:29 - 00000000 ____D () C:\FRST
2014-08-09 09:47 - 2014-08-09 09:50 - 01084928 _____ (Farbar) C:\Users\Ingrida\Desktop\FRST.exe
2014-08-09 09:36 - 2014-08-09 09:36 - 00012568 _____ () C:\Users\Ingrida\Desktop\[TreZzoR]Captain America_ Navrat prvniho Avengera _ Captain.America.The.Winter.Soldier.2014.BDRip.XviD.AC3.CZ-TreZzoR.torrent
2014-08-08 09:09 - 2014-08-08 09:09 - 00014865 _____ () C:\Users\Ingrida\Desktop\attach.txt
2014-08-08 09:09 - 2014-08-08 09:08 - 00016704 _____ () C:\Users\Ingrida\Desktop\dds.txt
2014-08-08 09:06 - 2014-08-08 09:07 - 00688992 ____R (Swearware) C:\Users\Ingrida\Desktop\dds.exe
2014-08-03 17:15 - 2014-08-03 17:17 - 00000000 ____D () C:\Users\Ingrida\Desktop\Fotky byt
2014-07-19 17:14 - 2014-07-19 17:14 - 00000797 _____ () C:\Users\Public\Desktop\Opera 23.lnk
2014-07-19 17:14 - 2014-07-19 17:14 - 00000797 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 23.lnk
2014-07-19 17:14 - 2014-07-19 17:14 - 00000000 ____D () C:\Users\Ingrida\AppData\Roaming\Opera Software
2014-07-19 17:14 - 2014-07-19 17:14 - 00000000 ____D () C:\Users\Ingrida\AppData\Local\Opera Software
2014-07-19 11:09 - 2014-07-19 11:09 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-07-15 21:35 - 2014-08-03 17:58 - 00000000 ____D () C:\ProgramData\systemk
2014-07-12 17:17 - 2014-07-12 17:18 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-12 16:01 - 2014-07-13 10:30 - 00003208 _____ () C:\windows\setupact.log
2014-07-12 16:01 - 2014-07-12 16:01 - 00000000 _____ () C:\windows\setuperr.log
2014-07-10 08:27 - 2014-07-10 08:27 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe
2014-07-10 07:42 - 2014-07-10 07:42 - 00000954 _____ () C:\tmp1
2014-07-10 07:42 - 2014-07-10 07:42 - 00000128 _____ () C:\tmp2

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-09 10:30 - 2014-08-09 10:29 - 00024369 _____ () C:\Users\Ingrida\Desktop\FRST.txt
2014-08-09 10:29 - 2014-08-09 10:28 - 00000000 ____D () C:\FRST
2014-08-09 10:27 - 2012-05-28 15:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-08-09 10:26 - 2012-12-05 23:50 - 00000000 ____D () C:\Users\Ingrida\AppData\Roaming\uTorrent
2014-08-09 09:50 - 2014-08-09 09:47 - 01084928 _____ (Farbar) C:\Users\Ingrida\Desktop\FRST.exe
2014-08-09 09:39 - 2014-01-04 08:04 - 01190335 _____ () C:\windows\WindowsUpdate.log
2014-08-09 09:39 - 2013-02-14 08:12 - 00000924 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-09 09:36 - 2014-08-09 09:36 - 00012568 _____ () C:\Users\Ingrida\Desktop\[TreZzoR]Captain America_ Navrat prvniho Avengera _ Captain.America.The.Winter.Soldier.2014.BDRip.XviD.AC3.CZ-TreZzoR.torrent
2014-08-09 09:24 - 2013-02-14 08:12 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-09 09:24 - 2008-08-06 04:47 - 00000000 ____D () C:\ProgramData\hpqLog
2014-08-09 09:24 - 2006-11-02 14:45 - 00003344 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-09 09:24 - 2006-11-02 14:45 - 00003344 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-09 09:23 - 2006-11-02 14:58 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-08 12:24 - 2009-01-17 04:56 - 00006396 _____ () C:\windows\bthservsdp.dat
2014-08-08 12:24 - 2006-11-02 14:58 - 00032562 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-08-08 09:09 - 2014-08-08 09:09 - 00014865 _____ () C:\Users\Ingrida\Desktop\attach.txt
2014-08-08 09:08 - 2014-08-08 09:09 - 00016704 _____ () C:\Users\Ingrida\Desktop\dds.txt
2014-08-08 09:07 - 2014-08-08 09:06 - 00688992 ____R (Swearware) C:\Users\Ingrida\Desktop\dds.exe
2014-08-08 08:55 - 2011-12-20 21:36 - 00000000 ____D () C:\Program Files\trend micro
2014-08-07 00:30 - 2011-04-27 21:38 - 00000000 ____D () C:\Program Files\Opera
2014-08-06 10:59 - 2012-07-22 10:33 - 00000000 ___RD () C:\Users\Ingrida\Desktop\Na CzT
2014-08-04 08:55 - 2008-04-17 13:30 - 00806912 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-03 17:58 - 2014-07-15 21:35 - 00000000 ____D () C:\ProgramData\systemk
2014-08-03 17:17 - 2014-08-03 17:15 - 00000000 ____D () C:\Users\Ingrida\Desktop\Fotky byt
2014-08-03 17:16 - 2010-03-26 20:56 - 00000000 ____D () C:\Users\Ingrida\Desktop\Dokument
2014-08-03 17:12 - 2012-12-01 22:45 - 00000000 ____D () C:\Users\Ingrida\Desktop\Hudba
2014-07-26 15:46 - 2012-05-03 20:49 - 00000000 ____D () C:\Users\Ingrida\AppData\Roaming\BSplayer
2014-07-19 17:14 - 2014-07-19 17:14 - 00000797 _____ () C:\Users\Public\Desktop\Opera 23.lnk
2014-07-19 17:14 - 2014-07-19 17:14 - 00000797 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 23.lnk
2014-07-19 17:14 - 2014-07-19 17:14 - 00000000 ____D () C:\Users\Ingrida\AppData\Roaming\Opera Software
2014-07-19 17:14 - 2014-07-19 17:14 - 00000000 ____D () C:\Users\Ingrida\AppData\Local\Opera Software
2014-07-19 15:41 - 2009-01-17 11:45 - 00000000 ____D () C:\Users\Ingrida\AppData\Roaming\Skype
2014-07-19 11:09 - 2014-07-19 11:09 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-07-19 11:09 - 2014-03-28 20:00 - 00000000 ___RD () C:\Program Files\Skype
2014-07-19 11:09 - 2009-01-17 11:44 - 00000000 ____D () C:\ProgramData\Skype
2014-07-13 21:18 - 2013-08-05 15:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-13 10:30 - 2014-07-12 16:01 - 00003208 _____ () C:\windows\setupact.log
2014-07-12 17:18 - 2014-07-12 17:17 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-12 16:01 - 2014-07-12 16:01 - 00000000 _____ () C:\windows\setuperr.log
2014-07-10 09:59 - 2006-11-02 13:18 - 00000000 ____D () C:\windows\Microsoft.NET
2014-07-10 08:27 - 2014-07-10 08:27 - 11204096 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerInstaller.exe
2014-07-10 08:27 - 2012-05-28 15:34 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-07-10 08:27 - 2011-06-14 19:53 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-10 07:42 - 2014-07-10 07:42 - 00000954 _____ () C:\tmp1
2014-07-10 07:42 - 2014-07-10 07:42 - 00000128 _____ () C:\tmp2

Some content of TEMP:
====================
C:\Users\Ingrida\AppData\Local\temp\BackupSetup.exe
C:\Users\Ingrida\AppData\Local\temp\tmp670C.exe
C:\Users\Ingrida\AppData\Local\temp\tmp8F93.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-09 09:31

==================== End Of Log ============================

[Rudy]

Otevřte poznámkový blok a zkopírujte do něj:

Start
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=503&a ... 85&src=hmp
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?si ... &src=ds&p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?si ... &src=ds&p={searchTerms}
BHO: IEExtension.VDownloaderBHO -> {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
C:\Program Files\Google\Google Toolbar
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: default-search.net
FF Homepage: hxxp://www.default-search.net?sid=503&a ... 85&src=hmp
FF Keyword.URL: hxxp://www.default-search.net/search?si ... &src=ds&p=
FF Plugin HKCU: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll No File
FF SearchPlugin: C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\searchplugins\default-search.xml
FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files\VDownloader\Addons\FireFox
CHR StartupUrls: "hxxp://www.default-search.net?sid=503&aid=101& ... 85&src=hmp"
U4 eabfiltr;
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Ingrida\AppData\Local\temp
End

Uložte na plochu jako fixlist.txt. Pak znovu spusťte FRST a klikněte na >Fix<. Zkopírujte sem pak log, který se na závěr vytvoří.

[roskild]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:9-08-2014
Ran by Ingrida at 2014-08-09 13:15:12 Run:1
Running from C:\Users\Ingrida\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=503&a ... 85&src=hmp
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?si ... &src=ds&p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2503} URL = http://www.default-search.net/search?si ... &src=ds&p={searchTerms}
BHO: IEExtension.VDownloaderBHO -> {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -> C:\windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
C:\Program Files\Google\Google Toolbar
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
FF DefaultSearchEngine: default-search.net
FF SearchEngineOrder.1: default-search.net
FF SelectedSearchEngine: default-search.net
FF Homepage: hxxp://www.default-search.net?sid=503&a ... 85&src=hmp
FF Keyword.URL: hxxp://www.default-search.net/search?si ... &src=ds&p=
FF Plugin HKCU: vitzo.com/VDownloader -> C:\Program Files\VDownloader\Addons\npVDownloader.dll No File
FF SearchPlugin: C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\searchplugins\default-search.xml
FF HKLM\...\Firefox\Extensions: [support@vdownloader.com] - C:\Program Files\VDownloader\Addons\FireFox
CHR StartupUrls: "hxxp://www.default-search.net?sid=503&aid=101& ... 85&src=hmp"
U4 eabfiltr;
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Users\Ingrida\AppData\Local\temp
End
*****************

"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2503}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}" => Key deleted successfully.
"HKCR\CLSID\{7b523e7c-f096-4e36-a0cb-7efeb5c675c1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
C:\Program Files\Google\Google Toolbar => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
"HKCU\Software\MozillaPlugins\vitzo.com/VDownloader" => Key deleted successfully.
C:\Program Files\VDownloader\Addons\npVDownloader.dll not found.
C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\searchplugins\default-search.xml => Moved successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\support@vdownloader.com => value deleted successfully.
CHR StartupUrls: "hxxp://www.default-search.net?sid=503&aid=101& ... 85&src=hmp" ==> The Chrome "Settings" can be used to fix the entry.
eabfiltr => Service deleted successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Users\Ingrida\AppData\Local\temp => Moved successfully.

==== End of Fixlog ====

[Rudy]

Smazáno. Nastala nějaká změna?

[roskild]

Nie,nenastala.Naskakuje to stále

[Rudy]

Zkuste ještě spustit následující:

1.

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

a

2.

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

[roskild]

# AdwCleaner v3.304 - Report created 09/08/2014 at 20:49:08
# Updated 08/08/2014 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : Ingrida - INGRIDA-PC
# Running from : C:\Users\Ingrida\Desktop\adwcleaner_3.304.exe
# Option : Scan

***** [ Services ] *****

Service Found : BackupStack
Service Found : F06DEFF2-5B9C-490D-910F-35D3A91196222

***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****

Task Found : DTReg
Task Found : Your File Updater

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v30.0 (sk)

[ File : C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\prefs.js ]

Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.BUTTON_STRUCTURE", "[{\"b\":221584481,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221584482,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.firstKnownVersion", "6.33.3.58478");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=4FF0CE59-66DA-47D8-96F8-CA888BD22199&n=780bfdd9&p2=^HJ^xdm073^YYA^sk&si=pconvFF");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installKeysSource", "LocalStorage");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installType", "XPI");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2014051801");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm073^YYA^sk");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconvFF");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.pixelUrl", "hxxp://videodownloadconverter.dl.tb.ask.com/install_pixels.jhtml?partner=^HJ^xdm073^YYA^sk&coId=31a9e6d02f1043b9be37be64eba[...]
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "4FF0CE59-66DA-47D8-96F8-CA888BD22199");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.isCompliantUninstallImplementation", true);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1405239921015");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.lastKnownVersion", "6.58.4.18199");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.partnerPixelFired", true);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.successUrl", "hxxp://pconverter.com/thankyou.php");
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.toolbarCollapsed", false);
Line Found : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
Line Found : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");

-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Ingrida\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Startup_urls] : hxxp://www.default-search.net?sid=503&aid=101& ... 85&src=hmp
Found [Homepage] : hxxp://www.default-search.net?sid=503&aid=101& ... 85&src=hmp
Found [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Found [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Found [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Found [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [4944 octets] - [06/04/2014 17:41:30]
AdwCleaner[R1].txt - [4477 octets] - [09/08/2014 20:49:08]
AdwCleaner[S0].txt - [5134 octets] - [06/04/2014 17:42:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [4597 octets] ##########

[roskild]

# AdwCleaner v3.304 - Report created 09/08/2014 at 20:53:55
# Updated 08/08/2014 by Xplode
# Operating System : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# Username : Ingrida - INGRIDA-PC
# Running from : C:\Users\Ingrida\Desktop\adwcleaner_3.304.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : BackupStack
[#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A91196222

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\systemk
Folder Deleted : C:\Program Files\GrabRez
Folder Deleted : C:\Program Files\MyPC Backup
Folder Deleted : C:\Program Files\Settings Manager
Folder Deleted : C:\Users\Ingrida\AppData\Local\Linkey
Folder Deleted : C:\Users\Ingrida\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Ingrida\AppData\Roaming\Settings Manager
Folder Deleted : C:\Users\Ingrida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Folder Deleted : C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\VideoDownloadConverter_4z
Folder Deleted : C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\Extensions\4zffxtbr@VideoDownloadConverter_4z.com
File Deleted : C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
File Deleted : C:\windows\system32\drivers\tStLibG.sys
File Deleted : C:\Users\Ingrida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\default-search.xml
File Deleted : C:\Users\Ingrida\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Ingrida\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Ingrida\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal

***** [ Scheduled Tasks ] *****

Task Deleted : DTReg

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Linkey.Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]
Value Deleted : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\SystemK
Key Deleted : HKLM\Software\Linkey
Key Deleted : HKLM\Software\SystemK
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Linkey
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Settings Manager
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Linkey
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Settings Manager

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v30.0 (sk)

[ File : C:\Users\Ingrida\AppData\Roaming\Mozilla\Firefox\Profiles\f12jha0d.default\prefs.js ]

Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.BUTTON_STRUCTURE", "[{\"b\":221584481,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221584482,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.firstKnownVersion", "6.33.3.58478");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=4FF0CE59-66DA-47D8-96F8-CA888BD22199&n=780bfdd9&p2=^HJ^xdm073^YYA^sk&si=pconvFF");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.initialized", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installKeysSource", "LocalStorage");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installType", "XPI");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.contextKey", "");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.installDate", "2014051801");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerId", "^HJ^xdm073^YYA^sk");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.partnerSubId", "pconvFF");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.pixelUrl", "hxxp://videodownloadconverter.dl.tb.ask.com/install_pixels.jhtml?partner=^HJ^xdm073^YYA^sk&coId=31a9e6d02f1043b9be37be64eba[...]
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.success", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.installation.toolbarId", "4FF0CE59-66DA-47D8-96F8-CA888BD22199");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.isCompliantUninstallImplementation", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastActivePing", "1405239921015");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.lastKnownVersion", "6.58.4.18199");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.defaultSearch", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.homePageEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.keywordEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.options.tabEnabled", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.partnerPixelFired", true);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.successUrl", "hxxp://pconverter.com/thankyou.php");
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.toolbarCollapsed", false);
Line Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.weather.location", "10001");
Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "videodownloadconverter@mindspark.com");

-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\Ingrida\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_crm
Deleted [Search Provider] : hxxp://www.delta-search.com/?q={searchTerms}&a ... 22645DB07F
Deleted [Search Provider] : hxxp://www.default-search.net/search?sid=503&a ... earchTerms}
Deleted [Startup_urls] : hxxp://www.default-search.net?sid=503&aid=101& ... 85&src=hmp
Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
Deleted [Extension] : fbmimoidopbghbcmdmpkjaffffmcbmbg
Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

*************************

AdwCleaner[R0].txt - [4944 octets] - [06/04/2014 17:41:30]
AdwCleaner[R1].txt - [4677 octets] - [09/08/2014 20:49:08]
AdwCleaner[S0].txt - [5134 octets] - [06/04/2014 17:42:51]
AdwCleaner[S1].txt - [8032 octets] - [09/08/2014 20:53:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8092 octets] ##########

[roskild]

Po restarte to naskakuje stále

[roskild]

Ono niečo nieje v poriadku.Skúšl som odinštalovať nepotrebné programy a vypísalo mi toto:
To je pri ICQ


Toto je Nokia Connectivity Cable Driver


Toto je PokerStars


Chcel som odinštalovať Avast,že si dám Eset a normálne ho nemôžem odinštalovať.Proste ma nepustí,kliknem na odinštalovať a nič

[Rudy]

Zkuste obnovu systému k datu, kdy korektně fungoval.

[roskild]

Zkuste obnovu systému k datu, kdy korektně fungoval.

Tak som to chcel skúsiť ale najneskôr je to možné k dátumu 9.8.2014 a vtedy mi tie okná už naskakovali.

[Rudy]

Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.