Prosím o kontrolu, občas zlobí

Zpráva

darthvader · #1 Příspěvek od **darthvader** » 20 pro 2013 21:20

Ahoj, kamarád mi Vás doporučil že jste tady machři na pomoc s různými problémy s pc. Občas se mi to zakousne a nebo to strašně dlouho šrotuje a nemá žádnou odezvu.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Zuzka at 2013-12-20 21:07:47
Microsoft Windows 7 Starter Service Pack 1
System drive C: has 41 GB (40%) free of 102 GB
Total RAM: 1014 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:08:10, on 20.12.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16736)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\wininit.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.exe
C:\windows\system32\AsusService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\system32\svchost.exe
C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
C:\windows\system32\svchost.exe
C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\SearchIndexer.exe
C:\Users\Zuzka\AppData\Local\Seznam.cz\bin\postak.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Users\Zuzka\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\AutoKMS\AutoKMS.exe
C:\windows\KMSEmulator.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wuauclt.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Zuzka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zuzka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zuzka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zuzka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Zuzka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\sppsvc.exe
C:\Users\Zuzka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\Users\Zuzka\Desktop\RSIT.exe
C:\Program Files\trend micro\Zuzka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss ... dae9194339
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Slick Savings - {34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5} - C:\Users\Zuzka\AppData\Roaming\Slick Savings\Coupons.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programy\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programy\Java\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Zuzka\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programy\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Zuzka\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL
O2 - BHO: Windows 7 Starter Helper - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programy\Java\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [ETDWare] %ProgramFiles%\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Programy\Microsoft office 2010\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AutoKMS] C:\windows\AutoKMS.exe
O4 - HKLM\..\Run: [SafeQ Client] "C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\00a34553-c5e1-4091-83dc-4ee096d55149.exe /check
O4 - HKCU\..\Run: [Google Update] "C:\Users\Zuzka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Seznam Postak] "C:\Users\Zuzka\AppData\Local\Seznam.cz\bin\postak.exe" -s
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programy\Daemon tools lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Zuzka\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Zuzka\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Programy\Microsoft office\Office10\OSA.EXE
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\Programy\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\Programy\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\Microsoft office 2010\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programy\Microsoft office 2010\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programy\Microsoft office 2010\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programy\Microsoft office 2010\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Users\Zuzka\AppData\Local\Seznam.cz\listicka.dll (HKCU)
O9 - Extra 'Tools' menuitem: Nastavení Lištičky ... - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - C:\Users\Zuzka\AppData\Local\Seznam.cz\listicka.dll (HKCU)
O9 - Extra button: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Users\Zuzka\AppData\Local\Seznam.cz\listicka.dll (HKCU)
O9 - Extra 'Tools' menuitem: Zvýrazňovač slov Lištičky - {4E6D6F90-31CA-4878-A7A3-1CD50F115A69} - C:\Users\Zuzka\AppData\Local\Seznam.cz\listicka.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\windows\system32\AsusService.exe
O23 - Service: AutoKMS - Unknown owner - C:\windows\AutoKMS\AutoKMS.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 11863 bytes

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\AutoKMS.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000Core.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000UA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Zuzka\AppData\Roaming\Mozilla\Firefox\Profiles\018welq3.default

prefs.js - "browser.startup.homepage" - "http://search.babylon.com/?babsrc=HP_ss ... dae9194339"

"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.9.900.170 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Programy\Java\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\Programy\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Programy\MICROS~2\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Zuzka\AppData\Roaming\Mozilla\Firefox\Profiles\018welq3.default\extensions\
ffxtlbr@babylon.com
savingsslider@mybrowserbar.com
{32a1fd71-835e-4b11-8e54-886fda0b4c89}
{58d2a791-6199-482f-a9aa-9b725ec61362}

C:\Users\Zuzka\AppData\Roaming\Mozilla\Firefox\Profiles\018welq3.default\searchplugins\
qip-search.xml
yahoo_ff.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08 77424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}]
Slick Savings - C:\Users\Zuzka\AppData\Roaming\Slick Savings\Coupons.dll [2013-10-11 540000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Programy\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programy\Java\bin\ssv.dll [2012-11-21 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-19 606544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\Zuzka\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-10-25 140752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Programy\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}]
Help the General-Search Project - C:\Users\Zuzka\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL [2012-03-06 431104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D381FF29-7CFB-4D4E-B92A-C4EDDC696614}]
Windows 7 Starter Helper - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll [2009-12-09 137904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Programy\Java\bin\jp2ssv.dll [2012-11-21 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-11-19 606544]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2013-05-08 41056]
"HotkeyMon"=AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotKeyMon.exe []
"HotkeyService"=AsusSender.exe C:\Program Files\ASUS\HotkeyService\HotkeyService.exe []
"SuperHybridEngine"=AsusSender.exe C:\Program Files\ASUS\SHE\SuperHybridEngine.exe []
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-04-27 9177632]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2010-06-10 548744]
"ASUSPRP"=C:\Program Files\ASUS\APRP\APRP.EXE [2011-04-18 2018032]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"BCSSync"=C:\Programy\Microsoft office 2010\Office14\BCSSync.exe [2010-03-13 91520]
"AutoKMS"=C:\windows\AutoKMS.exe [2013-03-06 615936]
"SafeQ Client"=C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe [2012-06-11 259072]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2013-11-06 141848]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2013-11-06 173592]
"Persistence"=C:\windows\system32\igfxpers.exe [2013-11-06 150552]
"AvastUI.exe"=C:\Program Files\AVAST Software\Avast\AvastUI.exe [2013-11-19 3568312]
"20131121"=C:\Program Files\AVAST Software\Avast\setup\emupdate\00a34553-c5e1-4091-83dc-4ee096d55149.exe [2013-11-25 180184]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Zuzka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-24 136176]
"Seznam Postak"=C:\Users\Zuzka\AppData\Local\Seznam.cz\bin\postak.exe [2012-01-10 491040]
"DAEMON Tools Lite"=C:\Programy\Daemon tools lite\DTLite.exe [2011-11-10 3514176]
""= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"Facebook Update"=C:\Users\Zuzka\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-08 138096]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - C:\Programy\Microsoft office\Office10\OSA.EXE

C:\Users\Zuzka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Zuzka\AppData\Roaming\Dropbox\bin\Dropbox.exe
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2013-11-06 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Programy\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 4171424]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-12-20 21:07:48 ----D---- C:\Program Files\trend micro
2013-12-20 21:07:47 ----D---- C:\rsit
2013-12-20 20:25:53 ----D---- C:\Program Files\Lavalys
2013-12-17 11:34:49 ----A---- C:\windows\KMSEmulator.exe
2013-11-26 20:26:16 ----D---- C:\Users\Zuzka\AppData\Roaming\Slick Savings

======List of files/folders modified in the last 1 month======

2013-12-20 21:07:55 ----D---- C:\windows\Temp
2013-12-20 21:07:48 ----RD---- C:\Program Files
2013-12-20 21:00:43 ----D---- C:\Windows
2013-12-20 21:00:41 ----D---- C:\windows\inf
2013-12-20 21:00:37 ----D---- C:\windows\Prefetch
2013-12-20 20:41:58 ----D---- C:\windows\system32\config
2013-12-20 20:34:09 ----SHD---- C:\windows\Installer
2013-12-20 20:33:09 ----SHD---- C:\System Volume Information
2013-12-20 20:31:00 ----D---- C:\windows\system32\Tasks
2013-12-20 20:30:59 ----D---- C:\windows\Tasks
2013-12-20 20:28:41 ----D---- C:\Program Files\CCleaner
2013-12-20 20:21:42 ----D---- C:\Users\Zuzka\AppData\Roaming\Dropbox
2013-12-20 20:19:47 ----D---- C:\windows\SoftwareDistribution
2013-12-20 12:03:17 ----D---- C:\Users\Zuzka\AppData\Roaming\uTorrent
2013-12-20 12:01:14 ----D---- C:\ProgramData\ProductData
2013-12-17 18:46:10 ----D---- C:\Program Files\Common Files\Spigot
2013-12-16 18:40:58 ----D---- C:\windows\system32\catroot2
2013-12-16 18:39:10 ----D---- C:\windows\debug
2013-12-16 16:28:39 ----D---- C:\Users\Zuzka\AppData\Roaming\DAEMON Tools Lite
2013-12-16 16:22:24 ----SHD---- C:\Boot
2013-12-15 17:55:20 ----D---- C:\ProgramData\IObit
2013-12-11 18:07:53 ----D---- C:\windows\System32
2013-12-11 18:07:49 ----A---- C:\windows\system32\FlashPlayerApp.exe
2013-12-09 14:05:44 ----D---- C:\C - Filmy
2013-12-04 23:28:24 ----A---- C:\windows\WDICT32.INI
2013-12-02 13:48:39 ----D---- C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-26 20:29:07 ----D---- C:\Program Files\IObit

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;avast! Revert; C:\windows\system32\drivers\aswRvrt.sys [2013-11-19 49944]
R0 aswVmm;avast! VM Monitor; C:\windows\system32\drivers\aswVmm.sys [2013-11-19 178304]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\drivers\iaStor.sys [2010-06-08 435736]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 AsIO;AsIO; C:\windows\system32\drivers\AsIO.sys [2010-06-28 11456]
R1 AsUpIO;AsUpIO; C:\windows\system32\drivers\AsUpIO.sys [2010-08-03 11832]
R1 aswRdr;aswRdr; \??\C:\windows\system32\drivers\aswRdr2.sys [2013-11-19 79720]
R1 aswSnx;aswSnx; \??\C:\windows\system32\drivers\aswSnx.sys [2013-11-19 774392]
R1 aswSP;aswSP; \??\C:\windows\system32\drivers\aswSP.sys [2013-11-19 403440]
R1 aswTdi;aswTdi; \??\C:\windows\system32\drivers\aswTdi.sys [2013-11-19 57672]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-24 239168]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 aswFsBlk;aswFsBlk; \??\C:\windows\system32\drivers\aswFsBlk.sys [2013-11-19 35656]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2013-11-19 70384]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2009-10-05 1221632]
R3 ETD;ELAN PS/2 Port Input Device; C:\windows\system32\DRIVERS\ETD.sys [2010-07-21 102912]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2013-11-06 4807168]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2010-04-27 3084256]
R3 kbfiltr;Keyboard Filter; C:\windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 13880]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x86.sys [2010-08-24 68208]
R3 tap0901;TAP-Win32 Adapter V9; C:\windows\system32\DRIVERS\tap0901.sys [2011-12-15 26624]
S2 Parvdm;Parvdm; C:\windows\system32\drivers\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 btusbflt;Bluetooth USB Filter; C:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-07-01 86056]
S3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2009-07-01 108072]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\windows\System32\drivers\rdpvideominiport.sys [2013-11-13 14848]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2013-11-13 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2013-11-13 27136]
S3 usbscan;Ovladač skeneru USB; C:\windows\system32\drivers\usbscan.sys [2013-07-03 36352]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\drivers\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AsusService;Asus Launcher Service; C:\windows\system32\AsusService.exe [2010-12-07 224680]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-11-19 50344]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-08-03 582944]
R2 LiveUpdateSvc;LiveUpdate; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2013-10-25 2151200]
R3 AutoKMS;AutoKMS; C:\windows\AutoKMS\AutoKMS.exe [2013-09-12 734208]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11 257416]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Programy\Microsoft office 2010\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2011-12-15 14848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PanService;PandoraService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [2011-12-07 577752]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 20 pro 2013 22:42

Zdravim

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe

Ulozte nejlepe na plochu
Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
Probehne vytvoreni zalohy a nasledne prohledavani
Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Scan a nasledne Clean
Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

darthvader · #3 Příspěvek od **darthvader** » 21 pro 2013 09:40

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Starter x86
Ran by Zuzka on so 21.12.2013 at 9:27:20,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-244091639-1036266413-1833324685-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mediafinder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\download with &media finder
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\gencrawler_gc.gencrawler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\mf
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{c93dd6bc-3267-449c-8f75-9c7d301c3e78}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{34A0D84B-CDDC-4EC4-AFDD-4F1DDE1D14E5}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}

~~~ Files

Successfully deleted: [File] "C:\Users\Zuzka\AppData\Roaming\microsoft\internet explorer\qipsearchbar.dll"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Zuzka\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Zuzka\AppData\Roaming\drivercure"
Successfully deleted: [Folder] "C:\Users\Zuzka\AppData\Roaming\iwin"
Successfully deleted: [Folder] "C:\Users\Zuzka\AppData\Roaming\media finder"
Successfully deleted: [Folder] "C:\Users\Zuzka\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Zuzka\AppData\Roaming\slick savings"
Successfully deleted: [Folder] "C:\Users\Zuzka\appdata\local\babylon"
Successfully deleted: [Folder] "C:\Users\Zuzka\appdata\local\slick savings"
Successfully deleted: [Folder] "C:\Program Files\Common Files\spigot"
Successfully deleted: [Empty Folder] C:\Users\Zuzka\appdata\local\{1A7732C6-FBDE-4EA7-AF5C-FD3879E4E4CA}
Successfully deleted: [Empty Folder] C:\Users\Zuzka\appdata\local\{7D927628-E4EC-4B55-9F98-35CB6623919E}

~~~ FireFox

Successfully deleted: [File] C:\user.js
Failed to delete: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Users\Zuzka\AppData\Roaming\mozilla\firefox\profiles\018welq3.default\user.js
Successfully deleted: [File] C:\Users\Zuzka\AppData\Roaming\mozilla\firefox\profiles\018welq3.default\searchplugins\qip-search.xml
Successfully deleted: [Folder] C:\Users\Zuzka\AppData\Roaming\mozilla\firefox\profiles\018welq3.default\extensions\ffxtlbr@babylon.com
Successfully deleted: [Folder] C:\Users\Zuzka\AppData\Roaming\mozilla\firefox\profiles\018welq3.default\extensions\savingsslider@mybrowserbar.com
Successfully deleted the following from C:\Users\Zuzka\AppData\Roaming\mozilla\firefox\profiles\018welq3.default\prefs.js

user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.order.1", "Search the web (Babylon)");
user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?babsrc=HP_ss&affID=111015&mntrId=382ac36400000000000014dae9194339");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=111015");
user_pref("extensions.BabylonToolbar.bbDpng", 18);
user_pref("extensions.BabylonToolbar.dfltSrch", false);
user_pref("extensions.BabylonToolbar.hmpg", false);
user_pref("extensions.BabylonToolbar.id", "382ac36400000000000014dae9194339");
user_pref("extensions.BabylonToolbar.instlDay", "15434");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.lastDP", 18);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1714:00:02");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "9.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 123368834);
user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "azb");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1714:00:02");
user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111015");
user_pref("extensions.BabylonToolbar_i.hardId", "382ac36400000000000014dae9194339");
user_pref("extensions.BabylonToolbar_i.id", "382ac36400000000000014dae9194339");
user_pref("extensions.BabylonToolbar_i.instlDay", "15434");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:00:02");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on so 21.12.2013 at 9:36:39,17
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

darthvader · #4 Příspěvek od **darthvader** » 21 pro 2013 09:49

# AdwCleaner v3.015 - Report created 21/12/2013 at 09:44:20
# Updated 10/12/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Zuzka - DARTHVADER
# Running from : C:\Users\Zuzka\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\ParetoLogic
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\Users\Zuzka\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Zuzka\AppData\Roaming\ParetoLogic
Folder Deleted : C:\Users\Zuzka\AppData\Roaming\Mozilla\Firefox\Profiles\018welq3.default\Extensions\{32A1FD71-835E-4B11-8E54-886FDA0B4C89}
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\NSIS_med2
Key Deleted : HKLM\SOFTWARE\NSIS_ocoll2e
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NSIS_med2
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKLM\Software\ParetoLogic
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16736

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]

-\\ Mozilla Firefox v9.0.1 (cs)

[ File : C:\Users\Zuzka\AppData\Roaming\Mozilla\Firefox\Profiles\018welq3.default\prefs.js ]

Line Deleted : user_pref("extensions.enabledAddons", "ffxtlbr@babylon.com:1.2.0,{58d2a791-6199-482f-a9aa-9b725ec61362}:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:9.0.1");

-\\ Google Chrome v

[ File : C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [3073 octets] - [21/12/2013 09:41:41]
AdwCleaner[S0].txt - [3019 octets] - [21/12/2013 09:44:20]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3079 octets] ##########

#5 Příspěvek od **vyosek** » 21 pro 2013 22:59

Poprosim o log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

darthvader · #6 Příspěvek od **darthvader** » 23 pro 2013 19:29

nejde mi stáhnout ten frstlauncher.. hodí to chybu při stahování nebo nedostupnost stránky..

#7 Příspěvek od **vyosek** » 24 pro 2013 10:33

Melo by to byt nyni vse OK, zkuste

darthvader · #8 Příspěvek od **darthvader** » 25 pro 2013 21:18

pořád nic

a to jsem to zkusil na dvou PC a různých prohlížečích..

#9 Příspěvek od **vyosek** » 26 pro 2013 17:05

Fajn, spustte tedy jen FRST.exe

darthvader · #10 Příspěvek od **darthvader** » 26 pro 2013 18:47

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-12-2013 01
Ran by Zuzka (administrator) on DARTHVADER on 26-12-2013 18:41:22
Running from C:\Users\Zuzka\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronic Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Users\Zuzka\AppData\Local\Seznam.cz\bin\postak.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Windows\System32\AsusService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ASUSTeK Computer Inc.) C:\Program Files\Asus\HotkeyService\HotkeyService.exe
(ASUSTeK Computer Inc.) C:\Program Files\Asus\SHE\SuperHybridEngine.exe
(ASUSTeK Computer Inc.) C:\Program Files\Asus\HotkeyService\HotKeyMon.exe
(IObit) C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dropbox, Inc.) C:\Users\Zuzka\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Windows\AutoKMS\AutoKMS.exe
() C:\Windows\KMSEmulator.exe
(Google Inc.) C:\Users\Zuzka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Zuzka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Zuzka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Zuzka\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Zuzka\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [HotkeyMon] - C:\Program Files\Asus\HotkeyService\HotKeyMon.exe [101288 2010-12-07] (ASUSTeK Computer Inc.)
HKLM\...\Run: [HotkeyService] - C:\Program Files\Asus\HotkeyService\HotkeyService.exe [1248176 2010-12-07] (ASUSTeK Computer Inc.)
HKLM\...\Run: [SuperHybridEngine] - C:\Program Files\Asus\SHE\SuperHybridEngine.exe [412600 2010-11-15] (ASUSTeK Computer Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9177632 2010-04-27] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] - C:\Program Files\Elantech\ETDCtrl.exe [548744 2010-06-10] (ELAN Microelectronic Corp.)
HKLM\...\Run: [ASUSPRP] - C:\Program Files\Asus\APRP\aprp.exe [2018032 2011-04-18] (ASUSTek Computer Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] - C:\Programy\Microsoft office 2010\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AutoKMS] - C:\Windows\AutoKMS.exe [615936 2013-03-06] ()
HKLM\...\Run: [SafeQ Client] - C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe [259072 2012-06-11] ()
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-19] (AVAST Software)
HKLM\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\00a34553-c5e1-4091-83dc-4ee096d55149.exe [180184 2013-11-25] (AVAST Software)
HKCU\...\Run: [Google Update] - C:\Users\Zuzka\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-24] (Google Inc.)
HKCU\...\Run: [Seznam Postak] - C:\Users\Zuzka\AppData\Local\Seznam.cz\bin\postak.exe [491040 2012-01-10] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Programy\Daemon tools lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [Facebook Update] - C:\Users\Zuzka\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-08] (Facebook Inc.)
HKCU\...\Winlogon: [Shell] C:\Program Files\Oceanis\SystemSetting\WallPaperAgent.exe [115888 2009-12-10] (Oceanis) <==== ATTENTION
MountPoints2: {a29d810d-a038-11e2-b6f3-14dae9194339} - F:\LaunchU3.exe -a
MountPoints2: {d2668326-f035-11e1-b3a5-14dae9194339} - "E:\WD SmartWare.exe" autoplay=true
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [IconPatch] - C:\Windows\AP\IconPatch.vbs
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [IconPatch] - C:\Windows\AP\IconPatch.vbs
Startup: C:\Users\Zuzka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Zuzka\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Zuzka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {4b525216-2c99-4186-a9f4-7b0b52c77f43} URL = http://www.mapy.cz/?query={searchTerms} ... isticka_12
SearchScopes: HKCU - {B94E3CD8-6F73-42D1-9BDC-4E152A70D3B1} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {c11c0a38-8c6e-4fa2-892a-0efbc13402d3} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... isticka_12
SearchScopes: HKCU - {c6e64787-b090-408d-b2c3-c0b7d19e98d2} URL = http://www.firmy.cz/phr/{searchTerms}?s ... isticka_12
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programy\Microsoft office 2010\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programy\Java\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programy\Microsoft office 2010\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Windows 7 Starter Helper - {D381FF29-7CFB-4D4E-B92A-C4EDDC696614} - C:\Program Files\Oceanis\SystemSetting\StarterHelper.dll (Oceanis)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programy\Java\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\System32\textwareilluminatorbaseProtocol.dll ()
Tcpip\Parameters: [DhcpNameServer] 90.183.115.6 83.167.234.32

FireFox:
========
FF ProfilePath: C:\Users\Zuzka\AppData\Roaming\Mozilla\Firefox\Profiles\018welq3.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Programy\Java\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\Programy\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\Programy\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Zuzka\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Zuzka\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Zuzka\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\Zuzka\AppData\Roaming\Mozilla\Firefox\Profiles\018welq3.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: Start Page - C:\Users\Zuzka\AppData\Roaming\Mozilla\Firefox\Profiles\018welq3.default\Extensions\{58d2a791-6199-482f-a9aa-9b725ec61362}
FF Extension: Adblock Plus - C:\Users\Zuzka\AppData\Roaming\Mozilla\Firefox\Profiles\018welq3.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchKeyword: google.cz
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Zuzka\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Zuzka\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Zuzka\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Zuzka\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Clearly) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj\9.3374.689.453_0
CHR Extension: (Google Wallet) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Zuzka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR StartMenuInternet: Google Chrome - C:\Users\Zuzka\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 AsusService; C:\windows\system32\AsusService.exe [224680 2010-12-07] ()
R3 AutoKMS; C:\windows\AutoKMS\AutoKMS.exe [734208 2013-09-12] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-19] (AVAST Software)
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
S3 Microsoft SharePoint Workspace Audit Service; C:\Programy\Microsoft office 2010\Office14\GROOVE.EXE [30785672 2012-09-20] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
S3 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [577752 2011-12-07] (Pandora.TV)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11456 2010-06-28] ()
R1 AsUpIO; C:\Windows\System32\drivers\AsUpIO.sys [11832 2010-08-03] ()
R2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [35656 2013-11-19] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [70384 2013-11-19] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [79720 2013-11-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-11-19] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [774392 2013-11-19] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [403440 2013-11-19] (AVAST Software)
R1 aswTdi; C:\windows\system32\drivers\aswTdi.sys [57672 2013-11-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-11-19] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2011-12-24] (DT Soft Ltd)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [102912 2010-07-21] (ELAN Microelectronic Corp.)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [13880 2009-07-20] ( )
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-26 18:41 - 2013-12-26 18:42 - 00015938 _____ C:\Users\Zuzka\Desktop\FRST.txt
2013-12-26 18:41 - 2013-12-26 18:41 - 00000000 ____D C:\FRST
2013-12-22 22:15 - 2013-12-22 22:15 - 01061231 _____ (Farbar) C:\Users\Zuzka\Desktop\FRST.exe
2013-12-22 22:14 - 2013-12-22 22:15 - 01061231 _____ (Farbar) C:\Users\Zuzka\Downloads\FRST.exe
2013-12-21 09:46 - 2013-12-21 09:46 - 00000838 _____ C:\windows\PFRO.log
2013-12-21 09:41 - 2013-12-21 09:44 - 00000000 ____D C:\AdwCleaner
2013-12-21 09:36 - 2013-12-21 09:36 - 00008884 _____ C:\Users\Zuzka\Desktop\JRT.txt
2013-12-21 09:27 - 2013-12-21 09:27 - 00000000 ____D C:\windows\ERUNT
2013-12-21 09:26 - 2013-12-21 09:26 - 01226750 _____ C:\Users\Zuzka\Desktop\adwcleaner.exe
2013-12-21 09:25 - 2013-12-21 09:26 - 01034531 _____ (Thisisu) C:\Users\Zuzka\Desktop\JRT.exe
2013-12-20 21:07 - 2013-12-20 21:08 - 00000000 ____D C:\rsit
2013-12-20 21:07 - 2013-12-20 21:08 - 00000000 ____D C:\Program Files\trend micro
2013-12-20 21:05 - 2013-12-20 21:05 - 00781383 _____ C:\Users\Zuzka\Desktop\RSIT.exe
2013-12-20 21:04 - 2013-12-20 21:05 - 00781383 _____ C:\Users\Zuzka\Downloads\RSIT.exe
2013-12-20 21:00 - 2013-12-25 21:15 - 00000124 _____ C:\windows\setupact.log
2013-12-20 21:00 - 2013-12-20 21:00 - 00000000 _____ C:\windows\setuperr.log
2013-12-20 20:30 - 2013-12-20 20:30 - 00000000 ____D C:\windows\Tasks\ImCleanDisabled
2013-12-20 20:26 - 2013-12-20 20:26 - 00001092 _____ C:\Users\Zuzka\Desktop\EVEREST Ultimate Edition.lnk
2013-12-20 20:25 - 2013-12-20 20:25 - 00000000 ____D C:\Program Files\Lavalys
2013-12-17 11:34 - 2013-12-21 09:47 - 00077824 ____N C:\windows\KMSEmulator.exe

==================== One Month Modified Files and Folders =======

2013-12-26 18:42 - 2013-12-26 18:41 - 00015938 _____ C:\Users\Zuzka\Desktop\FRST.txt
2013-12-26 18:41 - 2013-12-26 18:41 - 00000000 ____D C:\FRST
2013-12-26 18:40 - 2011-12-24 20:19 - 00000910 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000Core.job
2013-12-26 18:37 - 2013-02-18 20:48 - 00000914 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-26 18:37 - 2013-01-08 19:29 - 00000928 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000UA.job
2013-12-26 18:37 - 2011-12-24 20:19 - 00000962 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000UA.job
2013-12-25 21:15 - 2013-12-20 21:00 - 00000124 _____ C:\windows\setupact.log
2013-12-25 21:13 - 2013-09-12 18:32 - 00000292 _____ C:\windows\Tasks\AutoKMS.job
2013-12-25 21:12 - 2013-01-08 19:29 - 00000906 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000Core.job
2013-12-22 22:18 - 2009-07-14 05:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-22 22:18 - 2009-07-14 05:34 - 00009696 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-22 22:15 - 2013-12-22 22:15 - 01061231 _____ (Farbar) C:\Users\Zuzka\Desktop\FRST.exe
2013-12-22 22:15 - 2013-12-22 22:14 - 01061231 _____ (Farbar) C:\Users\Zuzka\Downloads\FRST.exe
2013-12-21 09:47 - 2013-12-17 11:34 - 00077824 ____N C:\windows\KMSEmulator.exe
2013-12-21 09:47 - 2012-10-31 08:46 - 00000000 ___RD C:\Users\Zuzka\Downloads\Dropbox
2013-12-21 09:47 - 2012-10-31 08:42 - 00000000 ____D C:\Users\Zuzka\AppData\Roaming\Dropbox
2013-12-21 09:46 - 2013-12-21 09:46 - 00000838 _____ C:\windows\PFRO.log
2013-12-21 09:46 - 2009-07-14 05:53 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-21 09:45 - 2013-04-04 09:54 - 01734119 _____ C:\windows\WindowsUpdate.log
2013-12-21 09:44 - 2013-12-21 09:41 - 00000000 ____D C:\AdwCleaner
2013-12-21 09:36 - 2013-12-21 09:36 - 00008884 _____ C:\Users\Zuzka\Desktop\JRT.txt
2013-12-21 09:27 - 2013-12-21 09:27 - 00000000 ____D C:\windows\ERUNT
2013-12-21 09:26 - 2013-12-21 09:26 - 01226750 _____ C:\Users\Zuzka\Desktop\adwcleaner.exe
2013-12-21 09:26 - 2013-12-21 09:25 - 01034531 _____ (Thisisu) C:\Users\Zuzka\Desktop\JRT.exe
2013-12-20 21:08 - 2013-12-20 21:07 - 00000000 ____D C:\rsit
2013-12-20 21:08 - 2013-12-20 21:07 - 00000000 ____D C:\Program Files\trend micro
2013-12-20 21:05 - 2013-12-20 21:05 - 00781383 _____ C:\Users\Zuzka\Desktop\RSIT.exe
2013-12-20 21:05 - 2013-12-20 21:04 - 00781383 _____ C:\Users\Zuzka\Downloads\RSIT.exe
2013-12-20 21:00 - 2013-12-20 21:00 - 00000000 _____ C:\windows\setuperr.log
2013-12-20 20:30 - 2013-12-20 20:30 - 00000000 ____D C:\windows\Tasks\ImCleanDisabled
2013-12-20 20:28 - 2011-12-24 22:14 - 00000000 ____D C:\Program Files\CCleaner
2013-12-20 20:26 - 2013-12-20 20:26 - 00001092 _____ C:\Users\Zuzka\Desktop\EVEREST Ultimate Edition.lnk
2013-12-20 20:25 - 2013-12-20 20:25 - 00000000 ____D C:\Program Files\Lavalys
2013-12-20 12:03 - 2013-04-22 20:12 - 00000000 ____D C:\Users\Zuzka\AppData\Roaming\uTorrent
2013-12-20 12:01 - 2013-11-12 12:45 - 00000000 ____D C:\ProgramData\ProductData
2013-12-16 16:28 - 2011-12-24 22:08 - 00000000 ____D C:\Users\Zuzka\AppData\Roaming\DAEMON Tools Lite
2013-12-16 16:22 - 2013-11-12 12:17 - 47607808 _____ C:\windows\system32\config\SOFTWARE.iobit
2013-12-16 16:22 - 2013-11-12 12:17 - 00262144 _____ C:\windows\system32\config\DEFAULT.iobit
2013-12-16 16:22 - 2013-11-12 12:17 - 00061440 _____ C:\windows\system32\config\SAM.iobit
2013-12-16 16:22 - 2013-11-12 12:17 - 00028672 _____ C:\windows\system32\config\SECURITY.iobit
2013-12-16 16:22 - 2011-12-12 00:02 - 00000000 ____D C:\Users\Zuzka
2013-12-15 17:55 - 2013-11-04 14:04 - 00000000 ____D C:\ProgramData\IObit
2013-12-11 18:07 - 2013-02-18 20:48 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2013-12-11 18:07 - 2013-02-18 20:48 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-10 10:45 - 2013-11-12 19:31 - 47607808 _____ C:\windows\system32\config\SOFTWARE.iodefrag.bak
2013-12-10 10:45 - 2013-11-12 19:31 - 00262144 _____ C:\windows\system32\config\DEFAULT.iodefrag.bak
2013-12-10 10:45 - 2013-11-12 19:31 - 00061440 _____ C:\windows\system32\config\SAM.iodefrag.bak
2013-12-10 10:45 - 2013-11-12 19:31 - 00028672 _____ C:\windows\system32\config\SECURITY.iodefrag.bak
2013-12-09 14:49 - 2011-12-24 20:22 - 00002326 _____ C:\Users\Zuzka\Desktop\Google Chrome.lnk
2013-12-09 14:05 - 2011-12-24 20:27 - 00000000 ____D C:\C - Filmy
2013-12-04 23:28 - 2013-09-19 07:04 - 00002693 _____ C:\windows\WDICT32.INI
2013-12-02 14:03 - 2013-11-12 12:56 - 52543488 _____ C:\windows\system32\config\components.iobit
2013-12-02 13:48 - 2013-11-12 12:45 - 00000000 ____D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
2013-11-26 20:29 - 2013-11-04 14:04 - 00000000 ____D C:\Program Files\IObit

Some content of TEMP:
====================
C:\Users\Zuzka\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-21 10:07

==================== End Of Log ============================

#11 Příspěvek od **vyosek** » 26 pro 2013 19:03

Nelegalni Office doporucuji nahradit free alternativou (LibreOffice, OpenOffice), ktera tam zrejme kdysi byla

Odinstalujte LiveUpdate od IOBit a PANDORA.TV

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] - C:\Programy\Microsoft office 2010\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AutoKMS] - C:\Windows\AutoKMS.exe [615936 2013-03-06] ()
HKLM\...\Run: [SafeQ Client] - C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe [259072 2012-06-11] ()
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKCU\...\Run: [Google Update] - C:\Users\Zuzka\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-24] (Google Inc.)
HKCU\...\Run: [Seznam Postak] - C:\Users\Zuzka\AppData\Local\Seznam.cz\bin\postak.exe [491040 2012-01-10] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Programy\Daemon tools lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [Facebook Update] - C:\Users\Zuzka\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-08] (Facebook Inc.)
MountPoints2: {a29d810d-a038-11e2-b6f3-14dae9194339} - F:\LaunchU3.exe -a
MountPoints2: {d2668326-f035-11e1-b3a5-14dae9194339} - "E:\WD SmartWare.exe" autoplay=true
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [IconPatch] - C:\Windows\AP\IconPatch.vbs
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [IconPatch] - C:\Windows\AP\IconPatch.vbs

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {4b525216-2c99-4186-a9f4-7b0b52c77f43} URL = http://www.mapy.cz/?query={searchTerms}&sourceid=IEListicka_12
SearchScopes: HKCU - {B94E3CD8-6F73-42D1-9BDC-4E152A70D3B1} URL = http://search.yahoo.com/search?fr=chr-g ... =402027&p={searchTerms}
SearchScopes: HKCU - {c11c0a38-8c6e-4fa2-892a-0efbc13402d3} URL = http://www.zbozi.cz/?q={searchTerms}&r=campmoz&sourceid=IEListicka_12
SearchScopes: HKCU - {c6e64787-b090-408d-b2c3-c0b7d19e98d2} URL = http://www.firmy.cz/phr/{searchTerms}?sourceid=IEListicka_12
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\System32\textwareilluminatorbaseProtocol.dll ()

FF SearchPlugin: C:\Users\Zuzka\AppData\Roaming\Mozilla\Firefox\Profiles\018welq3.default\searchplugins\yahoo_ff.xml

R3 AutoKMS; C:\windows\AutoKMS\AutoKMS.exe [734208 2013-09-12] ()
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
S3 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [577752 2011-12-07] (Pandora.TV)

DisableService: Skype Updater

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\AutoKMS.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000Core.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000UA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000UA.job
C:\Program Files\PANDORA.TV
C:\ProgramData\IObit
C:\Windows\AutoKMS
C:\Windows\KMSEmulator.exe
C:\Program Files\IObit

Hosts:
CMD: shutdown /r /f /t 2

End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

darthvader · #12 Příspěvek od **darthvader** » 27 pro 2013 13:04

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-12-2013 01
Ran by Zuzka at 2013-12-27 12:59:04 Run:1
Running from C:\Users\Zuzka\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] - C:\Programy\Microsoft office 2010\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [AutoKMS] - C:\Windows\AutoKMS.exe [615936 2013-03-06] ()
HKLM\...\Run: [SafeQ Client] - C:\Program Files\Y Soft\SafeQ Client\Client\SafeQ Client.exe [259072 2012-06-11] ()
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKCU\...\Run: [Google Update] - C:\Users\Zuzka\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-12-24] (Google Inc.)
HKCU\...\Run: [Seznam Postak] - C:\Users\Zuzka\AppData\Local\Seznam.cz\bin\postak.exe [491040 2012-01-10] ()
HKCU\...\Run: [DAEMON Tools Lite] - C:\Programy\Daemon tools lite\DTLite.exe [3514176 2011-11-10] (DT Soft Ltd)
HKCU\...\Run: [] - [x]
HKCU\...\Run: [Facebook Update] - C:\Users\Zuzka\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-01-08] (Facebook Inc.)
MountPoints2: {a29d810d-a038-11e2-b6f3-14dae9194339} - F:\LaunchU3.exe -a
MountPoints2: {d2668326-f035-11e1-b3a5-14dae9194339} - "E:\WD SmartWare.exe" autoplay=true
HKU\Default\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default\...\RunOnce: [IconPatch] - C:\Windows\AP\IconPatch.vbs
HKU\Default User\...\RunOnce: [Reboot] - C:\Windows\Reboot.exe [ 2010-12-13] (AsusTek Computer Inc.)
HKU\Default User\...\RunOnce: [IconPatch] - C:\Windows\AP\IconPatch.vbs

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {4b525216-2c99-4186-a9f4-7b0b52c77f43} URL = http://www.mapy.cz/?query={searchTerms} ... isticka_12
SearchScopes: HKCU - {B94E3CD8-6F73-42D1-9BDC-4E152A70D3B1} URL = http://search.yahoo.com/search?fr=chr-g ... =402027&p={searchTerms}
SearchScopes: HKCU - {c11c0a38-8c6e-4fa2-892a-0efbc13402d3} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... isticka_12
SearchScopes: HKCU - {c6e64787-b090-408d-b2c3-c0b7d19e98d2} URL = http://www.firmy.cz/phr/{searchTerms}?s ... isticka_12
Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\System32\textwareilluminatorbaseProtocol.dll ()

FF SearchPlugin: C:\Users\Zuzka\AppData\Roaming\Mozilla\Firefox\Profiles\018welq3.default\searchplugins\yahoo_ff.xml

R3 AutoKMS; C:\windows\AutoKMS\AutoKMS.exe [734208 2013-09-12] ()
R2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit)
S3 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [577752 2011-12-07] (Pandora.TV)

DisableService: Skype Updater

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\AutoKMS.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000Core.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000UA.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000UA.job
C:\Program Files\PANDORA.TV
C:\ProgramData\IObit
C:\Windows\AutoKMS
C:\Windows\KMSEmulator.exe
C:\Program Files\IObit

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\BCSSync => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AutoKMS => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SafeQ Client => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\HotKeysCmds => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Seznam Postak => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a29d810d-a038-11e2-b6f3-14dae9194339} => Key deleted successfully.
HKCR\CLSID\{a29d810d-a038-11e2-b6f3-14dae9194339} => Key not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2668326-f035-11e1-b3a5-14dae9194339} => Key deleted successfully.
HKCR\CLSID\{d2668326-f035-11e1-b3a5-14dae9194339} => Key not found.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Reboot => Value deleted successfully.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IconPatch => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Reboot => Value not found.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\IconPatch => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4b525216-2c99-4186-a9f4-7b0b52c77f43} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4b525216-2c99-4186-a9f4-7b0b52c77f43} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B94E3CD8-6F73-42D1-9BDC-4E152A70D3B1} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{B94E3CD8-6F73-42D1-9BDC-4E152A70D3B1} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c11c0a38-8c6e-4fa2-892a-0efbc13402d3} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{c11c0a38-8c6e-4fa2-892a-0efbc13402d3} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{c6e64787-b090-408d-b2c3-c0b7d19e98d2} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{c6e64787-b090-408d-b2c3-c0b7d19e98d2} => Key not found.
HKCR\PROTOCOLS\Handler\textwareilluminatorbase => Key deleted successfully.
HKCR\CLSID\{CE5CD329-1650-414A-8DB0-4CBF72FAED87} => Key deleted successfully.
C:\Users\Zuzka\AppData\Roaming\Mozilla\Firefox\Profiles\018welq3.default\searchplugins\yahoo_ff.xml => Moved successfully.
AutoKMS => Service deleted successfully.
LiveUpdateSvc => Service deleted successfully.
PanService => Service not found.
Skype Updater service key not found.
C:\windows\tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\windows\tasks\AutoKMS.job => Moved successfully.
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000Core.job => Moved successfully.
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000UA.job => Moved successfully.
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000Core.job => Moved successfully.
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-244091639-1036266413-1833324685-1000UA.job => Moved successfully.
C:\Program Files\PANDORA.TV => Moved successfully.
C:\ProgramData\IObit => Moved successfully.

"C:\Windows\AutoKMS" directory move:

C:\Windows\AutoKMS\AutoKMS.exe => Moved successfully.
C:\Windows\AutoKMS\AutoKMS.ini => Moved successfully.
C:\Windows\AutoKMS\AutoKMS.log => Moved successfully.
Could not move "C:\Windows\AutoKMS" directory. => Scheduled to move on reboot.

C:\Windows\KMSEmulator.exe => Moved successfully.
C:\Program Files\IObit => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2013-12-27 13:01:26)<=

C:\Windows\AutoKMS => Is moved successfully.

==== End of Fixlog ====

#13 Příspěvek od **vyosek** » 27 pro 2013 23:12

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Prosím o kontrolu, občas zlobí

Prosím o kontrolu, občas zlobí

Re: Prosím o kontrolu, občas zlobí

Re: Prosím o kontrolu, občas zlobí

Re: Prosím o kontrolu, občas zlobí

Re: Prosím o kontrolu, občas zlobí

Re: Prosím o kontrolu, občas zlobí

Re: Prosím o kontrolu, občas zlobí

Re: Prosím o kontrolu, občas zlobí

Re: Prosím o kontrolu, občas zlobí

Re: Prosím o kontrolu, občas zlobí

Re: Prosím o kontrolu, občas zlobí

Re: Prosím o kontrolu, občas zlobí

Re: Prosím o kontrolu, občas zlobí