Win64/Patched.A

[Nol]

Zdravím, už jsem tu.

Výpis je tu:

# AdwCleaner v2.011 - Logfile created 12/04/2012 at 21:29:59
# Updated 02/12/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Zbyna - ZBYNA-PC
# Boot Mode : Normal
# Running from : C:\Users\Zbyna\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\user.js
File Found : C:\Users\Zbyna\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Zbyna\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\Program Files (x86)\ICQ6Toolbar
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\ICQ\ICQToolbar
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Zbyna\AppData\Local\APN
Folder Found : C:\Users\Zbyna\AppData\Local\Babylon
Folder Found : C:\Users\Zbyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found : C:\Users\Zbyna\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Zbyna\AppData\LocalLow\Media Access Startup
Folder Found : C:\Users\Zbyna\AppData\Roaming\Babylon

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Software
Key Found : HKU\S-1-5-21-1348611725-3275266447-3591598739-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searc ... &ch_id=osd

-\\ Google Chrome v10.0.648.204

File : C:\Users\Zbyna\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.19] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Found [l.22] : keyword = "isearch.avg.com",
Found [l.25] : search_url = "hxxp://isearch.avg.com/search?cid={0F33B9DB-AAA8-4C5E-8D3E-B719FD20AAE1}&mid=0bc6685c0a4047d692fbd16b537c7b84-b6b31fa87cb65ebad97d85df8d55e6ec2d714a32&lang=cs&ds=AVG&pr=fr&d=2012-06-10 18:08:14&v=13.2.0.5&sap=dsp&q={searchTerms}",
Found [l.1980] : homepage = "hxxp://www.ask.com/?l=dis&o=15187cr",

*************************

AdwCleaner[R1].txt - [7546 octets] - [04/12/2012 21:29:59]

########## EOF - C:\AdwCleaner[R1].txt - [7606 octets] ##########

[vyosek]

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Delete
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

[Nol]

Zajímavé.
Po restartu vyskočilo DOS okno s popisem:
C:\Windows\inf\UpdateUSB.exe
a v okně Updating USB driver, Please wait ...
a po pár vteřinách zmizelo.

Jinak požadovaný log je zde:

# AdwCleaner v2.011 - Logfile created 12/04/2012 at 22:18:02
# Updated 02/12/2012 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : Zbyna - ZBYNA-PC
# Boot Mode : Normal
# Running from : C:\Users\Zbyna\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files (x86)\DAEMON Tools Toolbar
Deleted on reboot : C:\Program Files (x86)\ICQ6Toolbar
Deleted on reboot : C:\Program Files (x86)\Yontoo
Deleted on reboot : C:\ProgramData\Babylon
Deleted on reboot : C:\ProgramData\ICQ\ICQToolbar
Deleted on reboot : C:\ProgramData\Tarma Installer
Deleted on reboot : C:\Users\Zbyna\AppData\Local\APN
Deleted on reboot : C:\Users\Zbyna\AppData\Local\Babylon
Deleted on reboot : C:\Users\Zbyna\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Deleted on reboot : C:\Users\Zbyna\AppData\LocalLow\BabylonToolbar
Deleted on reboot : C:\Users\Zbyna\AppData\LocalLow\Media Access Startup
Deleted on reboot : C:\Users\Zbyna\AppData\Roaming\Babylon
File Deleted : C:\user.js
File Deleted : C:\Users\Zbyna\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Zbyna\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Software
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16455

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://www.icq.com/search/results.php?q={searc ... &ch_id=osd --> hxxp://www.google.com

-\\ Google Chrome v10.0.648.204

File : C:\Users\Zbyna\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.19] : icon_url = "hxxp://isearch.avg.com/favicon.ico",
Deleted [l.22] : keyword = "isearch.avg.com",
Deleted [l.25] : search_url = "hxxp://isearch.avg.com/search?cid={0F33B9DB-AAA8-4C5E-8D3E-B719FD20AAE1}&mid=0b[...]
Deleted [l.1980] : homepage = "hxxp://www.ask.com/?l=dis&o=15187cr",

*************************

AdwCleaner[R1].txt - [7651 octets] - [04/12/2012 21:29:59]
AdwCleaner[S1].txt - [7144 octets] - [04/12/2012 22:18:02]

########## EOF - C:\AdwCleaner[S1].txt - [7204 octets] ##########

[vyosek]

Ten UpdateUSB.exe je soucasti ASUSu

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "SUPERAntiSpyware"=-
  "DAEMON Tools Lite"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
  "vProt"=-
  "ROC_ROC_JULY_P1"=-
  "QuickTime Task"=-
  "iTunesHelper"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
  "AvgUninstallURL"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "UpdateUSB"=-
  "AdobeAAMUpdater-1.0"=-
  
  File::
  c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
  c:\windows\Tasks\Adobe Flash Player Updater.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  
  NetSvc::
  Themes
  
  Driver::
  Themes
  
  DDS::
  mStart Page = hxxp://www.gooofullsearch.com/
  
  RegNull::
  [HKEY_USERS\S-1-5-21-1348611725-3275266447-3591598739-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  [HKEY_USERS\S-1-5-21-1348611725-3275266447-3591598739-1000\Software\SecuROM\License information*]
  
  RegLock::
  [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
  [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Nol]

Windows naběhly.

Byl problém, že se do spuštění Combofixu začal míchat Avast sandbox, ale asi se mi ho podařilo zakázat.
Podruhé spuštění Combofixu přetažením souboru proběhlo dobře.

ComboFix 12-12-04.01 - Zbyna 04.12.2012 23:23:29.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.4094.2418 [GMT 1:00]
Spuštěný z: c:\users\Zbyna\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Zbyna\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Themes
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-04 do 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-04 22:31 . 2012-12-04 22:33 -------- d-----w- c:\users\Zbyna\AppData\Local\temp
2012-12-04 22:31 . 2012-12-04 22:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-04 20:18 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-12-04 20:18 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-12-04 20:18 . 2012-10-30 22:51 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-12-04 20:18 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-12-04 20:18 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-12-04 20:18 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-12-04 20:18 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-04 20:18 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-12-04 20:18 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-12-04 20:18 . 2012-12-04 20:18 -------- d-----w- c:\programdata\AVAST Software
2012-12-04 20:18 . 2012-12-04 20:18 -------- d-----w- c:\program files\AVAST Software
2012-12-04 20:12 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5252C1D-FFFB-47F7-A7A1-3BF57A729BAB}\mpengine.dll
2012-12-03 19:22 . 2012-12-03 19:22 -------- d-----w- c:\programdata\Malwarebytes
2012-12-03 18:11 . 2012-12-03 18:11 -------- d-----w- C:\rsit
2012-12-03 18:11 . 2012-12-03 18:11 -------- d-----w- c:\program files\trend micro
2012-11-20 11:15 . 2012-11-20 11:15 -------- d-----w- c:\program files (x86)\Mega Codec Pack
2012-11-18 08:20 . 2012-12-04 20:01 -------- d-----w- c:\users\UpdatusUser
2012-11-18 08:19 . 2012-11-18 08:20 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-11-18 08:19 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-11-17 15:53 . 2012-10-04 03:03 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-17 15:53 . 2012-10-04 02:24 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-16 19:28 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 19:28 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-16 19:27 . 2012-10-12 14:53 2769920 ----a-w- c:\windows\system32\win32k.sys
2012-11-09 12:09 . 2012-11-09 12:09 -------- d-----w- c:\users\Zbyna\AppData\Local\M-Photo_Ltd
2012-11-09 12:05 . 2012-11-09 12:05 -------- d-----w- c:\programdata\M-Photo
2012-11-09 12:04 . 2012-11-09 12:04 -------- d-----w- C:\kalendareMCL
2012-11-09 12:04 . 2012-11-09 12:04 19715256 ----a-w- c:\windows\SysWow64\kalendareMCL_kalendareMCL_uninstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 18:14 . 2012-06-09 13:37 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-22 18:14 . 2012-01-05 14:51 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-17 15:56 . 2006-11-02 12:35 66395536 ----a-w- c:\windows\system32\mrt.exe
2012-10-10 20:23 . 2012-10-10 20:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2012-02-09 20:43 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2008-12-11 16:50 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2012-10-10 20:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2012-10-10 20:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2012-02-09 20:43 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 19:51 . 2008-12-11 16:50 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2008-12-11 16:50 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2008-12-11 16:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2008-12-11 16:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2008-12-11 16:50 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-13 13:45 . 2012-10-10 14:56 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-13 13:28 . 2012-10-10 14:56 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.

[vyosek]

Neprobehlo

Restart do nouzoveho rezimu (restart, mackat F8, zvolit Stav nouze s praci v siti)

Znovu aplikujte skript pro CF

[Nol]

I v nouzovém režimu CF psal, že je Avast spuštěný.


ComboFix 12-12-04.01 - Zbyna 05.12.2012 0:28.3.4 - x64 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.4094.3452 [GMT 1:00]
Spuštěný z: c:\users\Zbyna\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Zbyna\Desktop\CFScript.txt
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-04 do 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-04 23:35 . 2012-12-04 23:37 -------- d-----w- c:\users\Zbyna\AppData\Local\temp
2012-12-04 23:35 . 2012-12-04 23:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-04 20:18 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-12-04 20:18 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-12-04 20:18 . 2012-10-30 22:51 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-12-04 20:18 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-12-04 20:18 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-12-04 20:18 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-12-04 20:18 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-04 20:18 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-12-04 20:18 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-12-04 20:18 . 2012-12-04 20:18 -------- d-----w- c:\programdata\AVAST Software
2012-12-04 20:18 . 2012-12-04 20:18 -------- d-----w- c:\program files\AVAST Software
2012-12-04 20:12 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5252C1D-FFFB-47F7-A7A1-3BF57A729BAB}\mpengine.dll
2012-12-03 19:22 . 2012-12-03 19:22 -------- d-----w- c:\programdata\Malwarebytes
2012-12-03 18:11 . 2012-12-03 18:11 -------- d-----w- C:\rsit
2012-12-03 18:11 . 2012-12-03 18:11 -------- d-----w- c:\program files\trend micro
2012-11-20 11:15 . 2012-11-20 11:15 -------- d-----w- c:\program files (x86)\Mega Codec Pack
2012-11-18 08:20 . 2012-12-04 20:01 -------- d-----w- c:\users\UpdatusUser
2012-11-18 08:19 . 2012-11-18 08:20 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-11-18 08:19 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-11-17 15:53 . 2012-10-04 03:03 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-17 15:53 . 2012-10-04 02:24 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-16 19:28 . 2012-09-25 16:31 91648 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 19:28 . 2012-09-25 16:19 75776 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-16 19:27 . 2012-10-12 14:53 2769920 ----a-w- c:\windows\system32\win32k.sys
2012-11-09 12:09 . 2012-11-09 12:09 -------- d-----w- c:\users\Zbyna\AppData\Local\M-Photo_Ltd
2012-11-09 12:05 . 2012-11-09 12:05 -------- d-----w- c:\programdata\M-Photo
2012-11-09 12:04 . 2012-11-09 12:04 -------- d-----w- C:\kalendareMCL
2012-11-09 12:04 . 2012-11-09 12:04 19715256 ----a-w- c:\windows\SysWow64\kalendareMCL_kalendareMCL_uninstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-22 18:14 . 2012-06-09 13:37 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-22 18:14 . 2012-01-05 14:51 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-17 15:56 . 2006-11-02 12:35 66395536 ----a-w- c:\windows\system32\mrt.exe
2012-10-10 20:23 . 2012-10-10 20:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-10 20:23 . 2012-02-09 20:43 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-10 20:23 . 2012-10-10 20:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-10 20:23 . 2012-10-10 20:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-10 20:23 . 2012-10-10 20:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-10 20:23 . 2012-10-10 20:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:23 . 2012-10-10 20:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:23 . 2008-12-11 16:50 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-10 20:23 . 2012-10-10 20:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-10 20:23 . 2012-10-10 20:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-10 20:23 . 2012-10-10 20:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:23 . 2012-10-10 20:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-10 20:22 . 2012-10-10 20:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-10 20:22 . 2012-10-10 20:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-10 20:22 . 2012-10-10 20:22 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-10 20:22 . 2012-02-09 20:43 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-10 20:22 . 2012-10-10 20:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:22 . 2012-10-10 20:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-10 20:22 . 2012-10-10 20:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:22 . 2012-10-10 20:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 19:51 . 2008-12-11 16:50 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2008-12-11 16:50 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2008-12-11 16:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2008-12-11 16:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2008-12-11 16:50 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-13 13:45 . 2012-10-10 14:56 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-13 13:28 . 2012-10-10 14:56 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Sidebar"="c:\program files\windows sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2008-02-11 221288]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"CTSyncService"="c:\program files (x86)\InstallShield Installation Information\{3A94E148-9C8B-4FE9-99DD-93072F99BE20}\AMBSPISyncService.exe" [2008-04-17 1233196]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-16 47392]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1302528]
"CanonSolutionMenuEx"="c:\program files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Zbyna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Touch Mouse Server.lnk - c:\users\Zbyna\AppData\Local\Temp\iTouch-Server-Win.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
11g Wireless LAN Utility.lnk - c:\program files (x86)\LevelOne\11g Wireless LAN\WLanUtility.exe [2010-1-14 712704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2007-11-23 16896]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 2342800]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 2314120]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2779024]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mStart Page = hxxp://www.gooofullsearch.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.11.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Creative MediaSource CD-ROM Burner Plugin Unicode - c:\program files (x86)\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe
AddRemove-Creative MediaSource MiniDisc Plugin Unicode - c:\program files (x86)\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe
AddRemove-Creative MediaSource Online Store Plugin - c:\program files (x86)\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe
AddRemove-Creative MediaSource Unicode - c:\program files (x86)\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe
AddRemove-Creative Sound Blaster Properties x64 Edition - c:\program files (x86)\Creative Installation Information\SBCONTROL64\Setup.exe
AddRemove-eBay Icon - c:\users\Zbyna\AppData\Roaming\Desktopicon\uninst.exe
AddRemove-kalendareMCL_kalendareMCL - c:\windows\system32\kalendareMCL_kalendareMCL_uninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\users\Zbyna\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
c:\program files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Celkový čas: 2012-12-05 00:42:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-04 23:42
ComboFix2.txt 2012-12-04 23:12
ComboFix3.txt 2012-12-04 22:37
ComboFix4.txt 2012-12-03 20:41
.
Před spuštěním: Volných bajtů: 345 336 397 824
Po spuštění: Volných bajtů: 345 188 229 120
.
- - End Of File - - 4BA30F0A3DADBF80AE04BE7255982209

[Nol]

Asi pokračování zítra- teda vlastně už dnes.
Zatím děkuji.

[vyosek]

Fajn, jak se chova nas pacient?

[Nol]

Zdravím.

Omlouvám se za nepřítomnost zde, ale ještě jsem se v minulých dnech stěhoval.
Děkuji za trpělivost.

K původnímu tématu:
04 pro 2012 23:43 jsem vložil log, ale bylo mi řečeno, že se nezadařilo. Že se do toho připletl Avast, a že to mám zkusit znovu v nouzovém režimu.
Udělal jsem to, znovu vložil log.
A teď nevím, zda se povedlo, nebo jak pokračovat.

[vyosek]

Zdravim,

nic se nedeje...

No me se log zda cisty, proto se ptam, jak se chova PC, ci pozorujete nejake problemy

[Nol]

Mě se to taky zdá už dobré.
Děkuji za pomoc.

Teď ještě ccleaner a defragmentaci, nebo do toho raději už nerýpat?

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse