Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013
Ran by Martinek at 2013-10-24 22:05:37 Run:1
Running from C:\Users\Martinek\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
HKLM\...\Run: [AutoKMS] - C:\Windows\AutoKMS.exe [615936 2012-08-18] ()
HKCU\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Martinek\AppData\Roaming\Seznam.cz\szninstall.exe [1009288 2012-09-13] ()
HKCU\...\Run: [uTorrent] - D:\data\uTorrent.exe [802136 2013-05-15] (BitTorrent Inc.)
HKCU\...\Run: [Google Update] - C:\Users\Martinek\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-30] (Google Inc.)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [NokiaSuite.exe] - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Katka\...\Run: [Facebook Update] - C:\Users\Katka\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKU\Katka\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3478336 2012-01-24] (DT Soft Ltd)
HKU\Katka\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Katka\...\Run: [] - [x]
HKU\Katka\...\Run: [Google Update] - C:\Users\Martinek\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-30] (Google Inc.)
HKU\Katka\...\Run: [Clownfish] - [x]
HKU\Katka\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Katka\AppData\Roaming\Seznam.cz\szninstall.exe [1009288 2012-09-13] ()
HKU\Katka\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKU\Rodina\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7.7\ICQ.exe [127040 2012-01-23] (ICQ, LLC.)
HKU\Rodina\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3478336 2012-01-24] (DT Soft Ltd)
HKU\Rodina\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\Rodina\...\Run: [] - [x]
HKU\Rodina\...\Run: [Google Update] - C:\Users\Martinek\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-30] (Google Inc.)
HKU\Rodina\...\Run: [Clownfish] - [x]
HKU\Rodina\...\Run: [cz.seznam.software.autoupdate] - C:\Users\Rodina\AppData\Roaming\Seznam.cz\szninstall.exe [1009288 2012-09-13] ()
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.seznam.cz/?clid=6826
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
http://start.alawarhry.cz/?pid=6
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
http://www.bing.com/search?q={searchTer ... -SearchBox
SearchScopes: HKCU - URL
http://search.seznam.cz/?q={searchTerms ... earch_6826
SearchScopes: HKCU - SuggestionsURL_JSON
http://suggest.fulltext.seznam.cz/fullt ... earchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {399a1442-7377-49e7-8d77-6dc9ed5968c1} URL =
http://www.zbozi.cz/?q={searchTerms}&so ... earch_6826
SearchScopes: HKCU - {5cf5d387-d87c-4408-9a6b-301b0713d62a} URL =
http://www.mapy.cz/?query={searchTerms} ... earch_6826
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {8172f457-818d-46db-941f-2bbe53e156af} URL =
SearchScopes: HKCU - {9115e9cc-b430-43d5-914a-1c025fd7faf0} URL =
http://www.mapy.cz/?query={searchTerms} ... arch_13906
SearchScopes: HKCU - {d4250932-9b13-4d2d-9ebd-2d724fac8f16} URL =
http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13906
SearchScopes: HKCU - {eb97f7df-1773-4916-aae6-5af74da8c69d} URL =
http://www.firmy.cz/phr/{searchTerms}
SearchScopes: HKCU - {effa45b9-a476-47ce-8a8a-91c20d045331} URL =
http://www.firmy.cz/phr/{searchTerms}?s ... arch_13906
Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Extension: jid1-vW9nopuIAJiRHw - C:\Users\Martinek\AppData\Roaming\Mozilla\Firefox\Profiles\q1qyj9v4.default\Extensions\
jid1-vW9nopuIAJiRHw@jetpack.xpi
FF Extension: nasanightlaunch - C:\Users\Martinek\AppData\Roaming\Mozilla\Firefox\Profiles\q1qyj9v4.default\Extensions\
nasanightlaunch@example.com.xpi
FF Extension: No Name - C:\Users\Martinek\AppData\Roaming\Mozilla\Firefox\Profiles\q1qyj9v4.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Martinek\AppData\Roaming\Mozilla\Firefox\Profiles\q1qyj9v4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
C:\Users\Katka\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\Users\Martinek\AppData\Local\Temp\NEventMessages.dll
C:\Users\Martinek\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Martinek\AppData\Local\Temp\Quarantine.exe
C:\Users\Rodina\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe
C:\Windows\AutoKMS.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Defraggler Volume C Task.job => C:\Program Files\Defraggler\df64.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-89103289-3528142055-2165665206-1000Core.job => C:\Users\Martinek\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-89103289-3528142055-2165665206-1000UA.job => C:\Users\Martinek\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-89103289-3528142055-2165665206-1000Core.job => C:\Users\Martinek\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-89103289-3528142055-2165665206-1000UA.job => C:\Users\Martinek\AppData\Local\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:D1B5B4F1
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Internet Modem" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f
REG: reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent" /f
Hosts:
End
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AutoKMS => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\NokiaSuite.exe => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SonicMasterTray => Value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value deleted successfully.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr => Value deleted successfully.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\Clownfish => Value deleted successfully.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKU\Katka\Software\Microsoft\Windows\CurrentVersion\Run\\Skype => Value deleted successfully.
HKU\Rodina\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ => Value deleted successfully.
HKU\Rodina\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKU\Rodina\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr => Value deleted successfully.
HKU\Rodina\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKU\Rodina\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKU\Rodina\Software\Microsoft\Windows\CurrentVersion\Run\\Clownfish => Value deleted successfully.
HKU\Rodina\Software\Microsoft\Windows\CurrentVersion\Run\\cz.seznam.software.autoupdate => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{399a1442-7377-49e7-8d77-6dc9ed5968c1} => Key deleted successfully.
HKCR\CLSID\{399a1442-7377-49e7-8d77-6dc9ed5968c1} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5cf5d387-d87c-4408-9a6b-301b0713d62a} => Key deleted successfully.
HKCR\CLSID\{5cf5d387-d87c-4408-9a6b-301b0713d62a} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8172f457-818d-46db-941f-2bbe53e156af} => Key deleted successfully.
HKCR\CLSID\{8172f457-818d-46db-941f-2bbe53e156af} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9115e9cc-b430-43d5-914a-1c025fd7faf0} => Key deleted successfully.
HKCR\CLSID\{9115e9cc-b430-43d5-914a-1c025fd7faf0} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{d4250932-9b13-4d2d-9ebd-2d724fac8f16} => Key deleted successfully.
HKCR\CLSID\{d4250932-9b13-4d2d-9ebd-2d724fac8f16} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{eb97f7df-1773-4916-aae6-5af74da8c69d} => Key deleted successfully.
HKCR\CLSID\{eb97f7df-1773-4916-aae6-5af74da8c69d} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{effa45b9-a476-47ce-8a8a-91c20d045331} => Key deleted successfully.
HKCR\CLSID\{effa45b9-a476-47ce-8a8a-91c20d045331} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{687578B9-7132-4A7A-80E4-30EE31099E03} => Value deleted successfully.
HKCR\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\FF Plugin-x32: @microsoft.com/GENUINE - disabled No File => Key not found.
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File not found.
C:\Users\Martinek\AppData\Roaming\Mozilla\Firefox\Profiles\q1qyj9v4.default\Extensions\
jid1-vW9nopuIAJiRHw@jetpack.xpi => Moved successfully.
C:\Users\Martinek\AppData\Roaming\Mozilla\Firefox\Profiles\q1qyj9v4.default\Extensions\
nasanightlaunch@example.com.xpi => Moved successfully.
C:\Users\Martinek\AppData\Roaming\Mozilla\Firefox\Profiles\q1qyj9v4.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi => Moved successfully.
C:\Users\Martinek\AppData\Roaming\Mozilla\Firefox\Profiles\q1qyj9v4.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi => Moved successfully.
C:\Users\Katka\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe => Moved successfully.
C:\Users\Martinek\AppData\Local\Temp\NEventMessages.dll => Moved successfully.
C:\Users\Martinek\AppData\Local\Temp\NOSEventMessages.dll => Moved successfully.
C:\Users\Martinek\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Rodina\AppData\Local\Temp\{E638ABC1-0067-474b-A379-87CFE81E7848}.exe => Moved successfully.
"C:\Windows\AutoKMS.exe" => File/Directory not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\Defraggler Volume C Task.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-89103289-3528142055-2165665206-1000Core.job => Moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-89103289-3528142055-2165665206-1000UA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-89103289-3528142055-2165665206-1000Core.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-89103289-3528142055-2165665206-1000UA.job => Moved successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":D1B5B4F1" ADS removed successfully.
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Internet Modem" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\seznam-listicka-distribuce" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
========= reg delete "HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent" /f =========
Operace byla dokonźena ŁspŘçnŘ.
========= End of Reg: =========
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
==== End of Fixlog ====
OK s tim souhlasim, ale berte na vedomi, ze pokud se tam priste opet objevi nelegalni Office, muze byt pomoc odmitnuta uplne
od 1. února 2011.
Zase nekdy 
Přispějete na provoz fóra?