VIRY.CZ

Dobrý den,
dle Vašeho návodu http://forum.viry.cz/viewtopic.php?f=13&t=132686 jsem nejprve použil AdwCleaner zde je log :

# AdwCleaner v3.012 - Report created 18/11/2013 at 13:53:12
# Updated 11/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - ADAMJUN
# Running from : C:\Documents and Settings\Administrator\Plocha\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\ICQ\ICQToolbar
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\BS_Player
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Conduit
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\ConduitEngine
Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\BS_Player
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\dvdvideosoftiehelpers
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\oiq9f4qr.default\Conduit
Folder Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\oiq9f4qr.default\ConduitCommon
File Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\oiq9f4qr.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\oiq9f4qr.default\searchplugins\Conduit.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ICQ Service.exe
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook
Key Deleted : HKLM\SOFTWARE\Classes\ICQToolBar.IEHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{780C8CD1-2835-4EF6-BCCC-F62539B9591F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ABB72BC2-87A7-4606-8F4D-900C8427BAE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9AD5C524-1925-47DB-BC20-28177B527DCC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\ICQToolbar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\BS_Player
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\ICQ\ICQToolbar
Key Deleted : HKLM\Software\BS_Player

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]

-\\ Mozilla Firefox v25.0.1 (cs)

[ File : C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\oiq9f4qr.default\prefs.js ]

Line Deleted : user_pref("CT1750559..clientLogIsEnabled", false);
Line Deleted : user_pref("CT1750559..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT1750559..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT1750559.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT1750559.BrowserCompStateIsOpen_129495727276863004", true);
Line Deleted : user_pref("CT1750559.BrowserCompStateIsOpen_129502713039250930", true);
Line Deleted : user_pref("CT1750559.BrowserCompStateIsOpen_129536377873044161", true);
Line Deleted : user_pref("CT1750559.BrowserCompStateIsOpen_129544988592463877", true);
Line Deleted : user_pref("CT1750559.CT1750559", "CT1750559");
Line Deleted : user_pref("CT1750559.CurrentServerDate", "25-7-2011");
Line Deleted : user_pref("CT1750559.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT1750559.DialogsGetterLastCheckTime", "Mon Jul 25 2011 19:01:28 GMT+0200");
Line Deleted : user_pref("CT1750559.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT1750559.FirstServerDate", "25-7-2011");
Line Deleted : user_pref("CT1750559.FirstTime", true);
Line Deleted : user_pref("CT1750559.FirstTimeFF3", true);
Line Deleted : user_pref("CT1750559.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT1750559.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT1750559.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT1750559.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT1750559.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT1750559.Initialize", true);
Line Deleted : user_pref("CT1750559.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT1750559.InstallationAndCookieDataSentCount", 1);
Line Deleted : user_pref("CT1750559.InstalledDate", "Mon Jul 25 2011 19:01:33 GMT+0200");
Line Deleted : user_pref("CT1750559.InvalidateCache", false);
Line Deleted : user_pref("CT1750559.IsGrouping", false);
Line Deleted : user_pref("CT1750559.IsInitSetupIni", true);
Line Deleted : user_pref("CT1750559.IsMulticommunity", false);
Line Deleted : user_pref("CT1750559.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT1750559.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT1750559.IsProtectorsInit", true);
Line Deleted : user_pref("CT1750559.LanguagePackLastCheckTime", "Mon Jul 25 2011 19:01:33 GMT+0200");
Line Deleted : user_pref("CT1750559.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT1750559.LastLogin_3.5.0.12", "Mon Jul 25 2011 19:01:27 GMT+0200");
Line Deleted : user_pref("CT1750559.LatestVersion", "3.3.3.2");
Line Deleted : user_pref("CT1750559.Locale", "en-us");
Line Deleted : user_pref("CT1750559.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT1750559.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT1750559.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT1750559.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT1750559.OriginalFirstVersion", "3.5.0.12");
Line Deleted : user_pref("CT1750559.RadioIsPodcast", false);
Line Deleted : user_pref("CT1750559.RadioLastCheckTime", "Mon Jul 25 2011 19:01:32 GMT+0200");
Line Deleted : user_pref("CT1750559.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT1750559.RadioLastUpdateServer", "128929877726170000");
Line Deleted : user_pref("CT1750559.RadioMediaID", "11237206");
Line Deleted : user_pref("CT1750559.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT1750559.RadioMenuSelectedID", "EBRadioMenu_CT175055911237206");
Line Deleted : user_pref("CT1750559.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT1750559.RadioStationName", "1.FM%20Dance");
Line Deleted : user_pref("CT1750559.RadioStationURL", "hxxp://dance.1.fm/energydance128k?MSWMExt=.asf");
Line Deleted : user_pref("CT1750559.SearchEngineBeforeUnload", "Google");
Line Deleted : user_pref("CT1750559.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT1750559.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=");
Line Deleted : user_pref("CT1750559.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT1750559.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.SearchInNewTabLastCheckTime", "Mon Jul 25 2011 19:01:32 GMT+0200");
Line Deleted : user_pref("CT1750559.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT1750559.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT1750559.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT1750559.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT1750559.ServiceMapLastCheckTime", "Mon Jul 25 2011 19:01:22 GMT+0200");
Line Deleted : user_pref("CT1750559.SettingsLastCheckTime", "Mon Jul 25 2011 19:01:25 GMT+0200");
Line Deleted : user_pref("CT1750559.SettingsLastUpdate", "1311168857");
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsLastCheck", "Mon Jul 25 2011 19:01:22 GMT+0200");
Line Deleted : user_pref("CT1750559.ThirdPartyComponentsLastUpdate", "1246786978");
Line Deleted : user_pref("CT1750559.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT1750559.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1750559");
Line Deleted : user_pref("CT1750559.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT1750559.UserID", "UN10830609288537763");
Line Deleted : user_pref("CT1750559.WeatherNetwork", "");
Line Deleted : user_pref("CT1750559.WeatherPollDate", "Mon Jul 25 2011 19:01:33 GMT+0200");
Line Deleted : user_pref("CT1750559.WeatherUnit", "C");
Line Deleted : user_pref("CT1750559.alertChannelId", "31130");
Line Deleted : user_pref("CT1750559.backendstorage.amazonnew_all", "313232343836312C3135313035312C3135313235312C313337303331312C313333343632312C313332363131312C3135313133312C3135313237312C313336393638312C31353132363[...]
Line Deleted : user_pref("CT1750559.backendstorage.appbuttondisablenull", "30");
Line Deleted : user_pref("CT1750559.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
Line Deleted : user_pref("CT1750559.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdownload.conduit.com/\"}");
Line Deleted : user_pref("CT1750559.globalFirstTimeInfoLastCheckTime", "Mon Jul 25 2011 19:01:29 GMT+0200");
Line Deleted : user_pref("CT1750559.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT1750559.initDone", true);
Line Deleted : user_pref("CT1750559.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT1750559.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT1750559.myStuffEnabled", true);
Line Deleted : user_pref("CT1750559.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT1750559.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT1750559.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT1750559.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT1750559.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT1750559.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT1750559.testingCtid", "");
Line Deleted : user_pref("CT1750559.toolbarAppMetaDataLastCheckTime", "Mon Jul 25 2011 19:01:27 GMT+0200");
Line Deleted : user_pref("CT1750559.toolbarContextMenuLastCheckTime", "Mon Jul 25 2011 19:01:34 GMT+0200");
Line Deleted : user_pref("CT1750559.usagesFlag", 1);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/31130/30609/CZ", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1750559", "\"1310025259\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"8028f138140cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1750559", "\"634471230107830000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1750559&octid=CT1750559", "\"1311168857\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"634461627320900000\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\Data aplikací\\Mozilla\\Firefox\\Profiles\\oiq9f4qr.default\\conduitCommon\\modules\\3.5.0.12");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.5.0.12");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1750559");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1750559");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT1750559");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Jul 25 2011 19:01:38 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "8f68b099-ecf2-4dfb-a1f5-5b53d2b7a3c6");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jul 25 2011 19:01:29 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jul 25 2011 19:01:40 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jul 25 2011 19:01:23 GMT+0200");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "af0d343f-ec78-494a-b4b4-df6423757039");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "ArchiBar Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT144873&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");

-\\ Google Chrome v

[ File : C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [18591 octets] - [18/11/2013 13:47:15]
AdwCleaner[S0].txt - [18542 octets] - [18/11/2013 13:53:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18603 octets] ##########

Ještě přidám log z HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:32:54, on 18.11.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files\Glary Utilities 3\Integrator.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Administrator\Dokumenty\Stažené soubory\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-1004336348-115176313-839522115-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'UpdatusUser')
O4 - Startup: CodeMeter Control Center.lnk = C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files\SmarThru 4\WebCapture.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: CodeMeter Runtime Server (CodeMeter.exe) - WIBU-SYSTEMS AG - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6143 bytes

Zdravím,

v současné době mají XP nějaký problém s aktualizacemi

ve Správci úloh ukonči ten proces svchost.exe
v Ovládacích panelech vypni Automatické aktualizace

restartuj

zde http://www.microsoft.com/en-us/download ... x?id=40390
v roletce vyber jazyk a nainstaluj
pak i http://www.microsoft.com/cs-cz/download ... x?id=28385

spusť IE8 a zadej http://update.microsoft.com/microsoftup ... aspx?ln=cs
bude ti možná nabídnuta instalace jakéhosi doplňku ActiveX - proveď
a pak zkus aktualizace vyhledat a nainstalovat

Děkuji,
postupoval jsem dle rad, nicméně Microsoft Update stále jen hledá nejnovější aktualizace a dál nic. Zítra to zkusím znovu a dám vědět.

Nemáš v IE pod horním panelem úzký proužek s výzvou na instalaci AktiveX ?

obě záplaty KB jsou nainstalované?

active X mám nainstalovaný a záplaty také a stejně pořád pouze vyhledává aktualizace

Mně po uvedených opravách taky hledání trvalo přes půl hodiny a pak se to chytlo.

Stáhni Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
Ulož jej na plochu a spusť - zobrazí se licenční podminky -> start libovolnou klávesou.
Bude vytvořena záloha a proběhne skenování.
Vyskočí log (nebo je uložen zde c:\JRT jako JRT.txt) - zkopíruj jej sem

stáhni a spusť http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
některé Antiviry jej mohou blokovat, proto je budeš muset na tu chvíli odstavit
vyčkej až se program spustí a provede prescan, pak
- Zvol možnost Prohledat a poté Smazat a následně Zpráva - otevře se log, ten sem vlož

Stáhni a nainstaluj MBAM zde http://www.malwarebytes.org/products/malwarebytes_free/
Spustit -> na 3.záložce "Aktualizace" -> Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Rychlá kontrola -> Prohledat
po dokončení scanu vyskočí okno Notepad s výsledkem - obsah zkopíruj do své odpovědi
zatím nic nemazat - počkej na posouzení

ještě jsem si všiml, že mám vpravo dole žlutý čtvereček s vykřičníkem - stahují se aktualizace, ale pořád je tam 0% a za chvíli trojúhelník úplně zmizí.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on čt 21.11.2013 at 13:36:46,53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smarttweak



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on čt 21.11.2013 at 13:53:37,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller V8.7.8 [Nov 14 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.adlice.com/forum/
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://tigzyrk.blogspot.com/

Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : Administrator [Práva správce]
Mód : Odebrat -- Datum : 11/21/2013 14:04:56
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 7 ¤¤¤
[RUN][BLACKLIST] HKLM\[...]\Run : SW20 (C:\WINDOWS\system32\sw20.exe [-]) -> VYMAZÁNO
[RUN][BLACKLIST] HKLM\[...]\Run : SW24 (C:\WINDOWS\system32\sw24.exe [-]) -> VYMAZÁNO
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> VYMAZÁNO
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
[SCREENSVR][SUSP PATH] HKCU\[...]\Desktop : SCRNSAVE.EXE (C:\WINDOWS\ARMSTR~1.SCR [-]) -> NAHRAZENO (C:\WINDOWS\system32\logon.scr)

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 1 ¤¤¤
[Administrator][SUSP UNIC] CodeMeter Control Center.lnk : C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\CodeMeter Control Center.lnk @C:\PROGRA~1\CODEME~1\Runtime\bin\CODEME~2.EXE [-][-] -> VYMAZÁNO

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Maxtor 6L160M0 +++++
--- User ---
[MBR] e4864df1ac406be718a39869f1455f1c
[BSP] 786d7d39510aa73ede0b353436a0752d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 156319 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[0]_D_11212013_140456.txt >>
RKreport[0]_S_11212013_140442.txt

st.anger píše:ještě jsem si všiml, že mám vpravo dole žlutý čtvereček s vykřičníkem - stahují se aktualizace, ale pořád je tam 0% a za chvíli trojúhelník úplně zmizí.

Pokud bys měl aktualizace vypnuté (jak jsem psal) měl bys tam červený štít s bílým x a varováním.
a u toho vypínání je i odkaz na "Windows Update" pro ruční instalaci - vyzkoušej

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.11.21.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: ADAMJUN [administrátor]

Ochrana: Povolena

21.11.2013 14:16:32
MBAM-log-2013-11-21 (14-29-21).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 268584
Uplynulý čas: 11 minut, 49 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Nebyla provedena žádná instrukce.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

MBAM spustit znovu - Kontrolor -> dát Úplná kontrola
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Nalezené soubory
C:\Program Files\xxxxxx -> Umístnění do karantény a smazání se zdařilo..(Quarantined and deleted successfully)
ten bych taky rád viděl

Pak zkus můj návod o dvě zprávy výše

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.11.21.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Administrator :: ADAMJUN [administrátor]

Ochrana: Povolena

21.11.2013 16:19:48
mbam-log-2013-11-21 (16-19-48).txt

Typ: Kompletní kontrola (A:\|C:\|D:\|F:\|G:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 374308
Uplynulý čas: 1 hodin, 48 minut, 42 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKLM\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Přesun do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

tak konečně nějaký posun, aktualizace se načtou dám instalovat aktualizace (počet 34), proběhne aktualizace a hned to skončí a napíše mi to, že tyto aktualizace nebyly nainstalovány počet 34. Kód chyby: 0x80246008 - vygooglil jsem že by to mohla dělat Služba inteligentního přenosu na pozadí (BITS) tu však ve službách nemohu najít

Zkus podle kolegy

vyosek píše: Stahnete Service Repair http://kb.eset.com/library/ESET/KB%20Te ... Repair.exe

• Ulozte nejlepe na Plochu
• Spustte a potvrdte Yes abyste potvrdil reinstalaci sluzeb
• Nasledne kliknutim na Yes potvrdte restart PC
• Na Plose vznikne slozka CC Support, najdete tam log SvcRepair.txt - mel by byt CC Support\Logs\SvcRepair.txt - vlozte mi jej sem