VIRY.CZ

dobrý den,

mladá má velmi zpomalený pc. Windows xp. je lepší rovnou přeinstalovat windowsy nebo provést kontrolu logu?
jestli kontrolu, jako první mám pro vás udělat toto? děkuji

Stahnete Junkware Removal Tool http://thisisudax.org/downloads/JRT.exe
•Ulozte nejlepe na plochu
•Po spusteni se zobrazi licencni podminky, stisknete libovolnou klavesu
•Probehne vytvoreni zalohy a nasledne prohledavani
•Probehne skenovani a pak se objevi log, pripadne bude ulozen v c:\JRT jako JRT.txt, ten sem vlozte

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
•Ulozte nejlepe na plochu
•Ukoncete vsechny programy
•Kliknete na Scan a nasledne Clean
•Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte

Zdravim

Kdyz se podivate nahoru, tak je tam takovej veeeelkej obdelnik, kde je popsano co mate udelat

running hijackthis je nějaký seknutý. má jen tři čárky. na Céčku v rsit je v textáku jen toto:

Logfile of random's system information tool 1.09 (written by random/random)
Run by PC at 2013-12-11 21:05:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 21 GB (54%) free of 40 GB
Total RAM: 511 MB (18% free)

asi je něco špatně, že?

Tak jej ukoncete

Stahnete FRST 32-bit version z teto stranky http://www.bleepingcomputer.com/downloa ... scan-tool/

Spuštění FRST

Po spuštění FRST odsouhlasíme licenční podmínky kliknutím na [Ano].
Dooznačíme položku Addition.txt - viz obrázek.
Klikneme na tlačítko [Scan], čímž spustíme skenování.
Počkáme na dokončení skenování FRST
Otevře se nám textový soubor FRST.txt, což je požadovaný log a jehož obsah vložíme do svého tématu na fóru.
Na ploše nám zbyde utilita FRST a dva logy - FRST.txt a Addition.txt - nic z toho zatím nemažeme!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2013
Ran by PC (administrator) on PC-2D5 on 11-12-2013 22:07:25
Running from D:\instalačky
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Trend Micro Inc.) C:\Program Files\trend micro\PC.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [AutoKMS] - C:\WINDOWS\AutoKMS.exe [615936 2012-06-19] ()
HKLM\...\Run: [Smapp] - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [143360 2003-05-05] (Analog Devices, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-28] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-06-28] (Nero AG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/red ... 19-06-2012
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/red ... 19-06-2012
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT3220468
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/red ... 19-06-2012
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.194.204.126 85.132.148.70

FireFox:
========
FF ProfilePath: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default
FF user.js: detected! => C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\user.js
FF SelectedSearchEngine: uTorrentControl_v2 Customized Web Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - c:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @kb-ext.cz/PKIComponent - C:\Documents and Settings\PC\Application Data\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll (Komerční banka, a.s.)
FF SearchPlugin: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: Winamp Toolbar - C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF Extension: uTorrentControl_v2 - C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=48
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=48"
CHR Extension: (YouTube) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0
CHR HKLM\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Documents and Settings\PC\Local Settings\Application Data\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

========================== Services (Whitelisted) =================

R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-21] (Analog Devices, Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R3 FETND5BV; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2004-12-16] (VIA Technologies, Inc. )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R0 mv61xxmm; C:\Windows\System32\Drivers\mv61xxmm.sys [13616 2012-01-12] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\Windows\System32\Drivers\mv64xxmm.sys [5632 2012-01-12] (Marvell Semiconductor Inc.)
R0 mvxxmm; C:\Windows\System32\Drivers\mvxxmm.sys [13616 2012-01-12] (Marvell Semiconductor Inc.)
R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-06-19] (Duplex Secure Ltd.)
R0 viamraid; C:\Windows\System32\DRIVERS\viamraid.sys [116608 2010-11-18] (VIA Technologies inc,.ltd)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [13976 2010-02-11] (VIA Technologies, Inc.)
S4 IntelIde; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-11 22:07 - 2013-12-11 22:07 - 00000000 ____D C:\FRST
2013-12-11 21:05 - 2013-12-11 21:06 - 00000000 ____D C:\Program Files\trend micro
2013-12-11 21:05 - 2013-12-11 21:05 - 00000000 ____D C:\rsit
2013-11-26 20:24 - 2013-11-26 20:28 - 00589878 _____ C:\Documents and Settings\PC\Desktop\alza tv.bmp
2013-11-26 20:23 - 2013-11-26 21:12 - 00000216 _____ C:\WINDOWS\wiadebug.log
2013-11-26 20:23 - 2013-11-26 20:23 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-26 20:23 - 2013-11-26 20:23 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-11-15 11:40 - 2013-11-15 11:40 - 00013896 _____ C:\WINDOWS\KB2868626.log
2013-11-15 11:40 - 2013-11-15 11:40 - 00012456 _____ C:\WINDOWS\KB2900986.log
2013-11-15 11:40 - 2013-11-15 11:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-15 11:40 - 2013-11-15 11:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-15 11:39 - 2013-11-15 11:39 - 00014531 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-15 11:39 - 2013-11-15 11:39 - 00012815 _____ C:\WINDOWS\KB2862152.log
2013-11-15 11:39 - 2013-11-15 11:39 - 00012299 _____ C:\WINDOWS\KB2876331.log
2013-11-15 11:39 - 2013-11-15 11:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-15 11:39 - 2013-11-15 11:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$

==================== One Month Modified Files and Folders =======

2013-12-11 22:07 - 2013-12-11 22:07 - 00000000 ____D C:\FRST
2013-12-11 21:53 - 2012-09-27 02:09 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-11 21:06 - 2013-12-11 21:05 - 00000000 ____D C:\Program Files\trend micro
2013-12-11 21:05 - 2013-12-11 21:05 - 00000000 ____D C:\rsit
2013-12-11 20:54 - 2012-06-19 20:08 - 02021431 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-11 20:53 - 2012-06-19 20:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-11 20:52 - 2012-06-19 20:22 - 00000178 ___SH C:\Documents and Settings\PC\ntuser.ini
2013-12-11 20:52 - 2012-06-19 20:14 - 00032518 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-11 14:53 - 2012-09-27 02:09 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-11 14:53 - 2008-04-14 12:00 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-08 15:41 - 2008-04-14 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-26 21:12 - 2013-11-26 20:23 - 00000216 _____ C:\WINDOWS\wiadebug.log
2013-11-26 21:07 - 2012-10-10 15:32 - 00062106 _____ C:\WINDOWS\setupapi.log
2013-11-26 20:55 - 2012-06-19 22:51 - 00000000 ____D C:\Program Files\SpeedFan
2013-11-26 20:28 - 2013-11-26 20:24 - 00589878 _____ C:\Documents and Settings\PC\Desktop\alza tv.bmp
2013-11-26 20:23 - 2013-11-26 20:23 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-26 20:23 - 2013-11-26 20:23 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-11-17 09:15 - 2012-06-19 23:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-11-15 11:40 - 2013-11-15 11:40 - 00013896 _____ C:\WINDOWS\KB2868626.log
2013-11-15 11:40 - 2013-11-15 11:40 - 00012456 _____ C:\WINDOWS\KB2900986.log
2013-11-15 11:40 - 2013-11-15 11:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-15 11:40 - 2013-11-15 11:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-15 11:40 - 2012-10-11 18:01 - 00388796 _____ C:\WINDOWS\iis6.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00358628 _____ C:\WINDOWS\FaxSetup.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00207640 _____ C:\WINDOWS\ocgen.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00163630 _____ C:\WINDOWS\tsoc.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00119118 _____ C:\WINDOWS\comsetup.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00112588 _____ C:\WINDOWS\msmqinst.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00072165 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00062814 _____ C:\WINDOWS\netfxocm.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00033570 _____ C:\WINDOWS\updspapi.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00024650 _____ C:\WINDOWS\MedCtrOC.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00018038 _____ C:\WINDOWS\tabletoc.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-15 11:39 - 2013-11-15 11:39 - 00014531 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-15 11:39 - 2013-11-15 11:39 - 00012815 _____ C:\WINDOWS\KB2862152.log
2013-11-15 11:39 - 2013-11-15 11:39 - 00012299 _____ C:\WINDOWS\KB2876331.log
2013-11-15 11:39 - 2013-11-15 11:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-15 11:39 - 2013-11-15 11:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-15 11:39 - 2013-08-17 18:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-15 11:37 - 2012-01-12 15:05 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt.exe

Some content of TEMP:
====================
C:\Documents and Settings\PC\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\PKIComponent-KBExt-setup.exe
C:\Documents and Settings\PC\Local Settings\Temp\sfamcc00001.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2012-01-12 15:02] - [2012-01-12 15:02] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d

C:\Windows\System32\winlogon.exe
[2012-01-12 15:04] - [2012-01-12 15:04] - 0509440 ____A (Microsoft Corporation) 53a8857723277b1d6d5ee60a9f85b117

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2012-01-12 15:04] - [2012-01-12 15:04] - 0110592 ____A (Microsoft Corporation) c519e15665cd89a91ad383fce3cb556a

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-12-2013
Ran by PC at 2013-12-11 22:08:01
Running from D:\instalačky
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

µTorrent (Version: 3.2.0)
7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Reader X (10.1.8) - Czech (Version: 10.1.8)
BS.Player FREE (Version: 2.61.1065)
Combined Community Codec Pack 2011-11-11 (Version: 2011.11.11.0)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Download Updater (AOL LLC)
ICQ7.7 (Version: 7.7)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Czech) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (Czech) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (Czech) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (Czech) 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (Czech) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (Czech) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (Czech) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Czech) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Slovak) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (Czech) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (Czech) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (Czech) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (Czech) 2010 (Version: 14.0.6029.1000)
Microsoft Script Debugger
Microsoft Software Update for Web Folders (Czech) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 13.0 (x86 cs) (Version: 13.0)
Mozilla Maintenance Service (Version: 13.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MUI Help Package - CSY
Nero 7 Ultra Edition (Version: 7.02.9752)
SoundMAX (Version: 5.12.01.3663)
SpeedFan (remove only)
Spybot - Search & Destroy (Version: 1.6.2)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
VIA Rhine-Family Fast Ethernet Adapter
WebFldrs XP (Version: 9.50.7523)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Internet Explorer 8 Multilingual User Interface (MUI) (Version: 20090411.120000)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.11 (32-bit) (Version: 4.11.0)

==================== Restore Points =========================

15-09-2013 09:04:11 Kontrolní bod systému
29-09-2013 16:22:46 Instalace avast! Free Antivirus
29-09-2013 16:25:05 Removed EasyCleaner
01-10-2013 14:18:24 Kontrolní bod systému
10-10-2013 07:07:17 Software Distribution Service 3.0
14-10-2013 15:17:57 Software Distribution Service 3.0
20-10-2013 06:14:19 Removed Java 7 Update 25
10-11-2013 09:52:44 Kontrolní bod systému
15-11-2013 10:36:56 Software Distribution Service 3.0
17-11-2013 08:15:08 Software Distribution Service 3.0
21-11-2013 10:40:39 Kontrolní bod systému
28-11-2013 18:21:32 Kontrolní bod systému
07-12-2013 11:24:13 Kontrolní bod systému
11-12-2013 20:47:56 Kontrolní bod systému

==================== Hosts content: ==========================

2008-04-14 12:00 - 2013-03-21 13:35 - 00445930 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2012-06-19 21:04 - 2012-02-18 04:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2012-06-19 21:04 - 2012-02-21 08:08 - 00344064 _____ () C:\Program Files\WinRAR\rarlng.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2013 10:04:53 PM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace RSIT.exe, verze 3.3.6.1, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (12/11/2013 08:48:38 PM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace IEXPLORE.EXE, verze 8.0.6001.18702, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (12/11/2013 08:46:48 PM) (Source: Application Hang) (User: )
Description: Chybný blok 1180947459

Error: (12/11/2013 08:46:31 PM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace IEXPLORE.EXE, verze 8.0.6001.18702, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (12/11/2013 03:08:03 PM) (Source: Application Hang) (User: )
Description: Chybný blok 1180947459

Error: (12/11/2013 03:07:47 PM) (Source: Application Hang) (User: )
Description: Chybný blok 1180947459

Error: (12/11/2013 03:07:03 PM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace IEXPLORE.EXE, verze 8.0.6001.18702, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (12/11/2013 03:07:03 PM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace IEXPLORE.EXE, verze 8.0.6001.18702, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (12/10/2013 03:27:26 PM) (Source: Application Error) (User: )
Description: Chybný blok -464067300
Výměna klíčů nezajistila nastavení zabezpečeného připojení po ověření 802.1x. Aktuální nastavení bylo označeno za neplatné a bezdrátové připojení bude odpojeno.

Error: (12/10/2013 03:26:38 PM) (Source: Application Error) (User: )
Description: Chybující aplikace nmindexstoresvr.exe, verze 2.0.16.0, chybující modul unknown, verze 0.0.0.0, adresa chyby 0x4081893c.
Zpracování události, specifické pro médium ([nmindexstoresvr.exe!ws!])

System errors:
=============
Error: (12/04/2013 08:30:43 AM) (Source: Dhcp) (User: )
Description: Zapůjčení adresy IP 192.168.1.103 pro síťovou kartu s adresou 0013D4BC65E0 byla
serverem DHCP 0.0.0.0 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error: (10/20/2013 07:14:11 AM) (Source: Service Control Manager) (User: )
Description: Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal již 1krát.

Microsoft Office Sessions:
=========================
Error: (12/11/2013 10:04:53 PM) (Source: Application Hang)(User: )
Description: RSIT.exe3.3.6.1hungapp0.0.0.000000000

Error: (12/11/2013 08:48:38 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE8.0.6001.18702hungapp0.0.0.000000000

Error: (12/11/2013 08:46:48 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (12/11/2013 08:46:31 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE8.0.6001.18702hungapp0.0.0.000000000

Error: (12/11/2013 03:08:03 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (12/11/2013 03:07:47 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (12/11/2013 03:07:03 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE8.0.6001.18702hungapp0.0.0.000000000

Error: (12/11/2013 03:07:03 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE8.0.6001.18702hungapp0.0.0.000000000

Error: (12/10/2013 03:27:26 PM) (Source: Application Error)(User: )
Description: -464067300

Error: (12/10/2013 03:26:38 PM) (Source: Application Error)(User: )
Description: nmindexstoresvr.exe2.0.16.0unknown0.0.0.04081893c

==================== Memory info ===========================

Percentage of memory in use: 81%
Total physical RAM: 511.23 MB
Available physical RAM: 96.37 MB
Total Pagefile: 1245.62 MB
Available Pagefile: 886.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1943.91 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:39.06 GB) (Free:22.23 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:113.6 GB) (Free:1.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 153 GB) (Disk ID: EAB1EAB1)
Partition 1: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=114 GB) - (Type=OF Extended)

==================== End Of Log ============================

Co udelame s temi nelegalnimi Office?? Nase forum nepodporuje piratsky SW

odinstaluju

Prosim pekne a pak novy log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2013
Ran by PC (administrator) on PC-2D5 on 11-12-2013 22:52:55
Running from D:\instalačky
Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [AutoKMS] - C:\WINDOWS\AutoKMS.exe [615936 2012-06-19] ()
HKLM\...\Run: [Smapp] - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [143360 2003-05-05] (Analog Devices, Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-28] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-06-28] (Nero AG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/red ... 19-06-2012
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/red ... 19-06-2012
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT3220468
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/red ... 19-06-2012
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 213.194.204.126 85.132.148.70

FireFox:
========
FF ProfilePath: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default
FF user.js: detected! => C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\user.js
FF SelectedSearchEngine: uTorrentControl_v2 Customized Web Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=13
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220468&SearchSource=2&q=
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @kb-ext.cz/PKIComponent - C:\Documents and Settings\PC\Application Data\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll (Komerční banka, a.s.)
FF SearchPlugin: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
FF Extension: Winamp Toolbar - C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF Extension: uTorrentControl_v2 - C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=48
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=48"
CHR Extension: (YouTube) - C:\Documents and Settings\PC\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0
CHR HKLM\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Documents and Settings\PC\Local Settings\Application Data\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx

========================== Services (Whitelisted) =================

R2 SoundMAX Agent Service (default); C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [45056 2002-09-21] (Analog Devices, Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R3 FETND5BV; C:\Windows\System32\DRIVERS\fetnd5bv.sys [42496 2004-12-16] (VIA Technologies, Inc. )
S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R0 mv61xxmm; C:\Windows\System32\Drivers\mv61xxmm.sys [13616 2012-01-12] (Marvell Semiconductor Inc.)
R0 mv64xxmm; C:\Windows\System32\Drivers\mv64xxmm.sys [5632 2012-01-12] (Marvell Semiconductor Inc.)
R0 mvxxmm; C:\Windows\System32\Drivers\mvxxmm.sys [13616 2012-01-12] (Marvell Semiconductor Inc.)
R3 rtl8139; C:\Windows\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R0 speedfan; C:\Windows\System32\speedfan.sys [25240 2011-03-18] (Almico Software)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [477240 2012-06-19] (Duplex Secure Ltd.)
R0 viamraid; C:\Windows\System32\DRIVERS\viamraid.sys [116608 2010-11-18] (VIA Technologies inc,.ltd)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [13976 2010-02-11] (VIA Technologies, Inc.)
S4 IntelIde; No ImagePath
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-11 22:46 - 2013-12-11 22:46 - 00000106 _____ C:\WINDOWS\AutoKMS.tmp
2013-12-11 22:07 - 2013-12-11 22:07 - 00000000 ____D C:\FRST
2013-12-11 21:05 - 2013-12-11 21:06 - 00000000 ____D C:\Program Files\trend micro
2013-12-11 21:05 - 2013-12-11 21:05 - 00000000 ____D C:\rsit
2013-11-26 20:24 - 2013-11-26 20:28 - 00589878 _____ C:\Documents and Settings\PC\Desktop\alza tv.bmp
2013-11-26 20:23 - 2013-11-26 21:12 - 00000216 _____ C:\WINDOWS\wiadebug.log
2013-11-26 20:23 - 2013-11-26 20:23 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-26 20:23 - 2013-11-26 20:23 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-11-15 11:40 - 2013-11-15 11:40 - 00013896 _____ C:\WINDOWS\KB2868626.log
2013-11-15 11:40 - 2013-11-15 11:40 - 00012456 _____ C:\WINDOWS\KB2900986.log
2013-11-15 11:40 - 2013-11-15 11:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-15 11:40 - 2013-11-15 11:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-15 11:39 - 2013-11-15 11:39 - 00014531 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-15 11:39 - 2013-11-15 11:39 - 00012815 _____ C:\WINDOWS\KB2862152.log
2013-11-15 11:39 - 2013-11-15 11:39 - 00012299 _____ C:\WINDOWS\KB2876331.log
2013-11-15 11:39 - 2013-11-15 11:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-15 11:39 - 2013-11-15 11:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$

==================== One Month Modified Files and Folders =======

2013-12-11 22:53 - 2012-09-27 02:09 - 00000914 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-12-11 22:48 - 2012-06-19 20:08 - 02061361 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-11 22:46 - 2013-12-11 22:46 - 00000106 _____ C:\WINDOWS\AutoKMS.tmp
2013-12-11 22:46 - 2012-06-19 20:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-11 22:46 - 2012-06-19 12:54 - 00292480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-11 22:45 - 2012-06-19 20:22 - 00000178 ___SH C:\Documents and Settings\PC\ntuser.ini
2013-12-11 22:45 - 2012-06-19 20:14 - 00032518 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-11 22:41 - 2012-06-19 23:03 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-12-11 22:40 - 2012-06-19 23:19 - 00000000 ____D C:\Program Files\MSBuild
2013-12-11 22:40 - 2012-06-19 23:14 - 00000000 ____D C:\Program Files\Microsoft Office
2013-12-11 22:40 - 2012-06-19 12:56 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2013-12-11 22:39 - 2012-06-19 23:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-12-11 22:37 - 2012-06-19 20:06 - 00000000 ____D C:\Program Files\Common Files\System
2013-12-11 22:37 - 2008-04-14 12:00 - 00000491 _____ C:\WINDOWS\win.ini
2013-12-11 22:07 - 2013-12-11 22:07 - 00000000 ____D C:\FRST
2013-12-11 21:06 - 2013-12-11 21:05 - 00000000 ____D C:\Program Files\trend micro
2013-12-11 21:05 - 2013-12-11 21:05 - 00000000 ____D C:\rsit
2013-12-11 14:53 - 2012-09-27 02:09 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-11 14:53 - 2008-04-14 12:00 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-08 15:41 - 2008-04-14 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-26 21:12 - 2013-11-26 20:23 - 00000216 _____ C:\WINDOWS\wiadebug.log
2013-11-26 21:07 - 2012-10-10 15:32 - 00062106 _____ C:\WINDOWS\setupapi.log
2013-11-26 20:55 - 2012-06-19 22:51 - 00000000 ____D C:\Program Files\SpeedFan
2013-11-26 20:28 - 2013-11-26 20:24 - 00589878 _____ C:\Documents and Settings\PC\Desktop\alza tv.bmp
2013-11-26 20:23 - 2013-11-26 20:23 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-11-26 20:23 - 2013-11-26 20:23 - 00000000 _____ C:\WINDOWS\Sti_Trace.log
2013-11-15 11:40 - 2013-11-15 11:40 - 00013896 _____ C:\WINDOWS\KB2868626.log
2013-11-15 11:40 - 2013-11-15 11:40 - 00012456 _____ C:\WINDOWS\KB2900986.log
2013-11-15 11:40 - 2013-11-15 11:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2900986$
2013-11-15 11:40 - 2013-11-15 11:40 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868626$
2013-11-15 11:40 - 2012-10-11 18:01 - 00388796 _____ C:\WINDOWS\iis6.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00358628 _____ C:\WINDOWS\FaxSetup.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00207640 _____ C:\WINDOWS\ocgen.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00163630 _____ C:\WINDOWS\tsoc.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00119118 _____ C:\WINDOWS\comsetup.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00112588 _____ C:\WINDOWS\msmqinst.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00072165 _____ C:\WINDOWS\ntdtcsetup.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00062814 _____ C:\WINDOWS\netfxocm.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00033570 _____ C:\WINDOWS\updspapi.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00024650 _____ C:\WINDOWS\MedCtrOC.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00018038 _____ C:\WINDOWS\tabletoc.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00001393 _____ C:\WINDOWS\imsins.log
2013-11-15 11:40 - 2012-10-11 18:01 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-11-15 11:39 - 2013-11-15 11:39 - 00014531 _____ C:\WINDOWS\KB2888505-IE8.log
2013-11-15 11:39 - 2013-11-15 11:39 - 00012815 _____ C:\WINDOWS\KB2862152.log
2013-11-15 11:39 - 2013-11-15 11:39 - 00012299 _____ C:\WINDOWS\KB2876331.log
2013-11-15 11:39 - 2013-11-15 11:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2876331$
2013-11-15 11:39 - 2013-11-15 11:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862152$
2013-11-15 11:39 - 2013-08-17 18:18 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-15 11:37 - 2012-01-12 15:05 - 80340640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt.exe

Some content of TEMP:
====================
C:\Documents and Settings\PC\Local Settings\Temp\fp_pl_pfs_installer.exe
C:\Documents and Settings\PC\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\PC\Local Settings\Temp\PKIComponent-KBExt-setup.exe
C:\Documents and Settings\PC\Local Settings\Temp\sfamcc00001.dll

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2012-01-12 15:02] - [2012-01-12 15:02] - 1033728 ____A (Microsoft Corporation) 2bb75b7f548d82a099125d0c5971de7d

C:\Windows\System32\winlogon.exe
[2012-01-12 15:04] - [2012-01-12 15:04] - 0509440 ____A (Microsoft Corporation) 53a8857723277b1d6d5ee60a9f85b117

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2012-01-12 15:04] - [2012-01-12 15:04] - 0110592 ____A (Microsoft Corporation) c519e15665cd89a91ad383fce3cb556a

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-12-2013
Ran by PC at 2013-12-11 23:00:28
Running from D:\instalačky
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

µTorrent (Version: 3.2.0)
7-Zip 9.20
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Reader X (10.1.8) - Czech (Version: 10.1.8)
BS.Player FREE (Version: 2.61.1065)
Combined Community Codec Pack 2011-11-11 (Version: 2011.11.11.0)
Download Updater (AOL LLC)
ICQ7.7 (Version: 7.7)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Script Debugger
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 13.0 (x86 cs) (Version: 13.0)
Mozilla Maintenance Service (Version: 13.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MUI Help Package - CSY
Nero 7 Ultra Edition (Version: 7.02.9752)
SoundMAX (Version: 5.12.01.3663)
SpeedFan (remove only)
Spybot - Search & Destroy (Version: 1.6.2)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
VIA Rhine-Family Fast Ethernet Adapter
WebFldrs XP (Version: 9.50.7523)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Internet Explorer 8 Multilingual User Interface (MUI) (Version: 20090411.120000)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR 4.11 (32-bit) (Version: 4.11.0)

==================== Restore Points =========================

15-09-2013 09:04:11 Kontrolní bod systému
29-09-2013 16:22:46 Instalace avast! Free Antivirus
29-09-2013 16:25:05 Removed EasyCleaner
01-10-2013 14:18:24 Kontrolní bod systému
10-10-2013 07:07:17 Software Distribution Service 3.0
14-10-2013 15:17:57 Software Distribution Service 3.0
20-10-2013 06:14:19 Removed Java 7 Update 25
10-11-2013 09:52:44 Kontrolní bod systému
15-11-2013 10:36:56 Software Distribution Service 3.0
17-11-2013 08:15:08 Software Distribution Service 3.0
21-11-2013 10:40:39 Kontrolní bod systému
28-11-2013 18:21:32 Kontrolní bod systému
07-12-2013 11:24:13 Kontrolní bod systému
11-12-2013 20:47:56 Kontrolní bod systému
11-12-2013 21:37:06 Removed Microsoft Office Professional Plus 2010

==================== Hosts content: ==========================

2008-04-14 12:00 - 2013-03-21 13:35 - 00445930 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2013 10:50:42 PM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace FRST.exe, verze 3.3.8.1, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (12/11/2013 10:04:53 PM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace RSIT.exe, verze 3.3.6.1, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (12/11/2013 08:48:38 PM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace IEXPLORE.EXE, verze 8.0.6001.18702, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (12/11/2013 08:46:48 PM) (Source: Application Hang) (User: )
Description: Chybný blok 1180947459

Error: (12/11/2013 08:46:31 PM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace IEXPLORE.EXE, verze 8.0.6001.18702, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (12/11/2013 03:08:03 PM) (Source: Application Hang) (User: )
Description: Chybný blok 1180947459

Error: (12/11/2013 03:07:47 PM) (Source: Application Hang) (User: )
Description: Chybný blok 1180947459

Error: (12/11/2013 03:07:03 PM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace IEXPLORE.EXE, verze 8.0.6001.18702, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (12/11/2013 03:07:03 PM) (Source: Application Hang) (User: )
Description: Zablokovaná aplikace IEXPLORE.EXE, verze 8.0.6001.18702, zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error: (12/10/2013 03:27:26 PM) (Source: Application Error) (User: )
Description: Chybný blok -464067300
Výměna klíčů nezajistila nastavení zabezpečeného připojení po ověření 802.1x. Aktuální nastavení bylo označeno za neplatné a bezdrátové připojení bude odpojeno.

System errors:
=============
Error: (12/04/2013 08:30:43 AM) (Source: Dhcp) (User: )
Description: Zapůjčení adresy IP 192.168.1.103 pro síťovou kartu s adresou 0013D4BC65E0 byla
serverem DHCP 0.0.0.0 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error: (10/20/2013 07:14:11 AM) (Source: Service Control Manager) (User: )
Description: Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal již 1krát.

Microsoft Office Sessions:
=========================
Error: (12/11/2013 10:50:42 PM) (Source: Application Hang)(User: )
Description: FRST.exe3.3.8.1hungapp0.0.0.000000000

Error: (12/11/2013 10:04:53 PM) (Source: Application Hang)(User: )
Description: RSIT.exe3.3.6.1hungapp0.0.0.000000000

Error: (12/11/2013 08:48:38 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE8.0.6001.18702hungapp0.0.0.000000000

Error: (12/11/2013 08:46:48 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (12/11/2013 08:46:31 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE8.0.6001.18702hungapp0.0.0.000000000

Error: (12/11/2013 03:08:03 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (12/11/2013 03:07:47 PM) (Source: Application Hang)(User: )
Description: 1180947459

Error: (12/11/2013 03:07:03 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE8.0.6001.18702hungapp0.0.0.000000000

Error: (12/11/2013 03:07:03 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE8.0.6001.18702hungapp0.0.0.000000000

Error: (12/10/2013 03:27:26 PM) (Source: Application Error)(User: )
Description: -464067300

==================== Memory info ===========================

Percentage of memory in use: 76%
Total physical RAM: 511.23 MB
Available physical RAM: 119.99 MB
Total Pagefile: 1245.62 MB
Available Pagefile: 900.72 MB
Total Virtual: 2047.88 MB
Available Virtual: 1952.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:39.06 GB) (Free:24.62 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:113.6 GB) (Free:1.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 153 GB) (Disk ID: EAB1EAB1)
Partition 1: (Active) - (Size=39 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=114 GB) - (Type=OF Extended)

==================== End Of Log ============================

dobry večer,

jak to vypadá,máte toho moc? děkuji. samozřejmě kdyžtak vydržím

Omlouvam se, nejak jsem ted nestihal

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

Start
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [AutoKMS] - C:\WINDOWS\AutoKMS.exe [615936 2012-06-19] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-28] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-06-28] (Nero AG)

SearchScopes: HKLM - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/red ... 685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120619232037203&tb_oid=19-06-2012&tb_mrud=19-06-2012
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/red ... 685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120619232037203&tb_oid=19-06-2012&tb_mrud=19-06-2012
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3220468
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/red ... 685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120619232037203&tb_oid=19-06-2012&tb_mrud=19-06-2012
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FF user.js: detected! => C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\user.js
FF SelectedSearchEngine: uTorrentControl_v2 Customized Web Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT32204 ... hSource=13
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF SearchPlugin: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\searchplugins\conduit.xml
FF Extension: Winamp Toolbar - C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF Extension: uTorrentControl_v2 - C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

CHR HomePage: hxxp://search.conduit.com/?ctid=CT32204 ... hSource=48
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=48"
CHR HKLM\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Documents and Settings\PC\Local Settings\Application Data\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx

DisableService: JavaQuickStarterService

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

C:\WINDOWS\AutoKMS.exe 

Hosts:
CMD: shutdown /r /f /t 2

End

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

Kliknete na Fix
Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

bylo to jaksi moc rychlý. po spuštění Fix to hned vyhodilo texťák

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-12-2013 01
Ran by PC at 2013-12-13 15:48:05 Run:1
Running from C:\Documents and Settings\PC\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [NeroFilterCheck] - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [AutoKMS] - C:\WINDOWS\AutoKMS.exe [615936 2012-06-19] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-28] (Nero AG)
HKU\Default User\...\RunOnce: [NeroHomeFirstStart] - C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe [ 2007-06-28] (Nero AG)

SearchScopes: HKLM - DefaultScope {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/red ... 685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120619232037203&tb_oid=19-06-2012&tb_mrud=19-06-2012
SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/red ... 685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120619232037203&tb_oid=19-06-2012&tb_mrud=19-06-2012
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT3220468
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/red ... 685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20120619232037203&tb_oid=19-06-2012&tb_mrud=19-06-2012
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

FF user.js: detected! => C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\user.js
FF SelectedSearchEngine: uTorrentControl_v2 Customized Web Search
FF Homepage: hxxp://search.conduit.com/?ctid=CT32204 ... hSource=13
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF SearchPlugin: C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\searchplugins\conduit.xml
FF Extension: Winamp Toolbar - C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
FF Extension: uTorrentControl_v2 - C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

CHR HomePage: hxxp://search.conduit.com/?ctid=CT32204 ... hSource=48
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=48"
CHR HKLM\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Documents and Settings\PC\Local Settings\Application Data\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx

DisableService: JavaQuickStarterService

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

C:\WINDOWS\AutoKMS.exe

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AutoKMS => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\RunOnce\\NeroHomeFirstStart => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\user.js => Moved successfully.
Firefox SelectedSearchEngine deleted successfully.
Firefox homepage deleted successfully.
Firefox Keyword.URL deleted successfully.
C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\searchplugins\conduit.xml => Moved successfully.
C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\Extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} => Moved successfully.
C:\Documents and Settings\PC\Application Data\Mozilla\Firefox\Profiles\u5a0bc43.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6} => Moved successfully.
CHR HomePage: hxxp://search.conduit.com/?ctid=CT32204 ... hSource=48 ==> The Chrome "Settings" can be used to fix the entry.
CHR RestoreOnStartup: "hxxp://search.conduit.com/?ctid=CT3220468&SearchSource=48" ==> The Chrome "Settings" can be used to fix the entry.
HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda => Key deleted successfully.
C:\Documents and Settings\PC\Local Settings\Application Data\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx => Moved successfully.
JavaQuickStarterService service was disabled
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\WINDOWS\AutoKMS.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

==== End of Fixlog ====

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

VIRY.CZ

Kontrola logu u mladé

Kontrola logu u mladé

Re: Kontrola logu u mladé

Re: Kontrola logu u mladé

Re: Kontrola logu u mladé

Re: Kontrola logu u mladé

Re: Kontrola logu u mladé

Re: Kontrola logu u mladé

Re: Kontrola logu u mladé

Re: Kontrola logu u mladé

Re: Kontrola logu u mladé

Re: Kontrola logu u mladé

Re: Kontrola logu u mladé

Re: Kontrola logu u mladé

Re: Kontrola logu u mladé

Re: Kontrola logu u mladé