VIRY.CZ

# AdwCleaner v2.109 - Logfile created 02/02/2013 at 21:34:18
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Jirka - PC
# Boot Mode : Normal
# Running from : C:\Users\Jirka\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\DVDVideoSoftTB
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Jirka\AppData\Local\APN
Folder Deleted : C:\Users\Jirka\AppData\Local\Babylon
Folder Deleted : C:\Users\Jirka\AppData\Local\Conduit
Folder Deleted : C:\Users\Jirka\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Jirka\AppData\LocalLow\DVDVideoSoftTB
Folder Deleted : C:\Users\Jirka\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Jirka\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DVDVideoSoftTB
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2205CE98-753C-4635-AE16-3CEC9BA442A2}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6BA609B2-7325-4054-A2CA-6273EBC7BAD8}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=964dc60c00000000000050e5493da347 --> hxxp://www.google.com

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Jirka\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5643 octets] - [02/02/2013 21:24:06]
AdwCleaner[R2].txt - [5703 octets] - [02/02/2013 21:34:04]
AdwCleaner[S1].txt - [4486 octets] - [02/02/2013 21:34:18]

########## EOF - C:\AdwCleaner[S1].txt - [4546 octets] ##########

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  File::
  C:\Windows\tasks\AdvancedDriverUpdater_UPDATES.job
  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116504671-2471816576-3720499224-1000Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116504671-2471816576-3720499224-1000UA.job
  C:\Windows\tasks\One-Click Optimizer.job
  C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7b9afc42-05d5-4b6a-92c4-6dc65884f9c5.job
  C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ff240c65-2e8c-4d4f-8b9a-982198ec3919.job
  
  Registry::
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "Advanced SystemCare 6"=-
  "Zoner Photo Studio Autoupdate"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  "Application Restart #1"=-
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FPVCodecPackTrialInfo]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MDS_Menu]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyTomTomSA.exe]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMASH]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateLBPShortCut]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateP2GoShortCut]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePSTShortCut]
  
  Driver::
  esihdrv
  
  RegNull::
  [HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes\{11D741B8-DD31-4707-B06A-7A68E3D84884}*]
  [HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes\{3B84C2D7-708C-48EF-8ED7-0C5FC0F030C6}*]
  [HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes\{3B8C523D-E999-4C87-BB58-E03B7F5C67F8}*]
  [HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes\{47BF077C-44C6-42B1-8F88-ADE2585DD2ED}*]
  [HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes\{861F5797-5F25-43E6-9510-527D056BC13C}*]
  [HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes\{A82EB336-567D-4F41-A63E-8113AD8B6903}*]
  [HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes\{B67DA794-42D6-4DFE-AE29-0334338228C9}*]
  [HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes\{C55AC07F-5B51-486C-811A-750184298D58}*]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
  
  RegLock::
  [HKEY_USERS\S-1-5-21-1116504671-2471816576-3720499224-1000_Classes]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
  [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
  [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

ComboFix 13-02-02.05 - Jirka 03.02.2013 1:41.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8109.4137 [GMT 1:00]
Spuštěný z: c:\users\Jirka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Jirka\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ESIHDRV
-------\Service_esihdrv
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-01-03 do 2013-02-03 )))))))))))))))))))))))))))))))
.
.
2013-02-03 00:45 . 2013-02-03 00:45 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2013-02-03 00:45 . 2013-02-03 00:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-01 18:46 . 2013-02-01 18:46 -------- d-----w- c:\users\Jirka\AppData\Roaming\Malwarebytes
2013-02-01 18:46 . 2013-02-01 18:46 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-01 18:46 . 2013-02-01 18:46 -------- d-----w- c:\programdata\Malwarebytes
2013-02-01 18:46 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-01 17:26 . 2013-02-01 23:22 -------- d-----w- c:\program files\trend micro
2013-02-01 17:26 . 2013-02-01 17:54 -------- d-----w- C:\rsit
2013-02-01 16:39 . 2013-02-01 16:41 -------- d-----w- c:\users\Jirka\AppData\Roaming\wurst
2013-01-28 09:38 . 2013-01-28 09:38 -------- d-----w- c:\users\Jirka\Icon
2013-01-28 08:47 . 2013-01-28 08:47 -------- d-----w- c:\program files (x86)\IconConverter
2013-01-26 22:20 . 2013-01-26 22:20 -------- d-----w- c:\users\Jirka\AppData\Roaming\Eusing
2013-01-26 22:20 . 2013-01-26 22:20 -------- d-----w- c:\program files (x86)\Eusing Launcher
2013-01-26 09:21 . 2013-02-01 07:48 -------- d-----w- c:\users\Jirka\AppData\Roaming\VideoMeld
2013-01-23 19:33 . 2013-01-23 19:57 -------- d-----w- c:\users\Jirka\AppData\Local\ISL
2013-01-23 13:51 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-22 16:49 . 2013-01-22 16:49 -------- d-----w- c:\program files\ISL
2013-01-22 16:49 . 2013-01-22 16:49 -------- d-----w- c:\windows\Downloaded Installations
2013-01-18 22:14 . 2013-01-24 06:12 -------- d-----w- c:\windows\system32\drivers\N360x64\1402010.016
2013-01-17 08:03 . 2013-01-10 09:33 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2013-01-17 08:03 . 2013-01-17 08:03 -------- d-----w- c:\program files\Soluto
2013-01-14 17:43 . 2013-01-14 17:43 -------- d-----w- c:\users\Jirka\AppData\Roaming\SUPERAntiSpyware.com
2013-01-14 17:42 . 2013-01-14 17:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-01-09 06:59 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 06:59 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 06:59 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 06:59 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 06:59 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 06:59 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-04 17:25 . 2009-08-24 21:13 34304 ----a-w- c:\windows\system32\DfSdkBt.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 08:01 . 2011-12-15 19:51 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-31 15:41 . 2011-12-16 12:27 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-12-29 15:18 . 2011-12-23 21:23 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-12-16 17:11 . 2012-12-21 18:10 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 18:10 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 18:10 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 18:10 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 06:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-15 10:21 . 2012-11-15 10:21 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-15 10:21 . 2012-02-13 09:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-15 10:14 . 2003-03-18 19:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-11-15 10:14 . 2003-02-21 03:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-11-14 07:06 . 2012-12-13 09:18 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 09:18 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 09:18 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 09:18 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 09:18 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 09:18 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 09:18 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 09:18 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 09:18 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 09:18 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 09:18 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 09:18 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 09:18 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 09:18 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 09:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 09:18 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 09:18 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 09:18 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 09:18 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 09:18 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 09:18 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 09:18 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-10 07:23 . 2003-11-07 12:28 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-11-09 05:45 . 2012-12-13 08:39 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 08:39 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
2010-10-20 14:50 . 2012-05-24 08:13 2041344 ----a-w- c:\program files (x86)\Common Files\Boris Graffiti.msi
2005-09-30 11:33 . 2005-09-30 11:33 733184 ----a-w- c:\program files\Photofont Start.8BF
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eusing Launcher"="c:\program files (x86)\Eusing Launcher\eLauncher.exe" [2012-12-03 1654784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"EMET Notifier"="c:\program files (x86)\EMET\EMET_notifier.exe" [2012-05-09 152152]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"DisableCAD"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMyMusic"= 0 (0x0)
"NoUserFolderInStartMenu"= 0 (0x0)
"NoStartMenuMyGames"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R1 SASDIFSV;SASDIFSV;h:\superantispyware\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;h:\superantispyware\SASKUTIL64.SYS [x]
R2 !SASCORE;SAS Core Service;h:\superantispyware\SASCORE64.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 5\DfSdkS64.exe [2009-08-24 544768]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-05-07 21712]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-28 29720]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2009-06-18 17064]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-02 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe [2013-01-10 1239552]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-11-02 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-02 30208]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-16 1255736]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2013-01-10 54728]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1402010.016\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1402010.016\SYMEFA64.SYS [2012-10-04 1133216]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360x64\1402010.016\ccSetx64.sys [2012-08-20 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.1.2\Definitions\IPSDefs\20130201.001\IDSvia64.sys [2012-10-23 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1402010.016\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1402010.016\SYMNETS.SYS [2012-09-07 432800]
S2 ACT2_Service;Ashampoo Core Tuner 2 Service;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe [2011-08-22 1421216]
S2 ACT2PM;Ashampoo CoreTuner 2 ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2ProcessMonitor64.sys [2011-06-10 15160]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 143928]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [2013-01-10 183280]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2013-01-10 547312]
S2 UI5IFS;Ashampoo Uninstaller 5 FileSystemChanges Driver;c:\program files (x86)\Ashampoo\Ashampoo UnInstaller 5\IFS64.sys [2012-11-15 36776]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-10-22 138912]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-03-07 40832]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-03-07 65280]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2009-06-18 27304]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2011-02-16 14464]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 14:40 453736 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 20:18]
.
2013-02-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-02 20:18]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1116504671-2471816576-3720499224-1000Core.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 14:30]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1116504671-2471816576-3720499224-1000UA.job
- c:\users\Jirka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-16 14:30]
.
2013-02-01 c:\windows\Tasks\One-Click Optimizer.job
- c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 9\WO9.exe [2013-01-04 11:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888]
"Soluto"="c:\program files\soluto\soluto.exe" [2013-01-10 1229296]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\System32\Drivers\WTSRV.EXE
.
**************************************************************************
.
Celkový čas: 2013-02-03 01:50:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-02-03 00:50
ComboFix2.txt 2013-02-02 19:30
.
Před spuštěním: Volných bajtů: 865 917 026 304
Po spuštění: Volných bajtů: 865 370 030 080
.
- - End Of File - - A543A951C9E0D476F54B287978683F82

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :files
  C:\Windows\tasks\AdvancedDriverUpdater_UPDATES.job
  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116504671-2471816576-3720499224-1000Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116504671-2471816576-3720499224-1000UA.job
  C:\Windows\tasks\One-Click Optimizer.job
  C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7b9afc42-05d5-4b6a-92c4-6dc65884f9c5.job
  C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ff240c65-2e8c-4d4f-8b9a-982198ec3919.job
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

All processes killed
========== FILES ==========
File\Folder C:\Windows\tasks\AdvancedDriverUpdater_UPDATES.job not found.
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116504671-2471816576-3720499224-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1116504671-2471816576-3720499224-1000UA.job moved successfully.
C:\Windows\tasks\One-Click Optimizer.job moved successfully.
File\Folder C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 7b9afc42-05d5-4b6a-92c4-6dc65884f9c5.job not found.
File\Folder C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ff240c65-2e8c-4d4f-8b9a-982198ec3919.job not found.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
C:\Windows\CD95F661A5C411AFB2CCABCD21A325B8.TMP folder moved successfully.
C:\Windows\msdownld.tmp folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Jirka
->Temp folder emptied: 48337 bytes
->Temporary Internet Files folder emptied: 557458 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6670003 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67978 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DefaultAppPool
->Flash cache emptied: 0 bytes

User: Jirka
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: AppData

User: Default

User: Default User

User: DefaultAppPool

User: Jirka
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02032013_090615

Files\Folders moved on Reboot...
C:\Users\Jirka\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Fajn, jak se chova PC

Normálně, díky. Zajímalo by mě, jestli v něm byly nějaké viry a jestli soubor wtsrv.exe byl opravdu nakažen, jak zjistil Eset sysinspector.

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri
  
  stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Nejsem si jist jestli primo ten soubor byl zavadny, ale i tak tam byla jina havet

A pokud nejsou problemy ci dotazy, je to z me strany vse

Provedl jsem čištění, zdá se, že je vše v pořádku. Vřelé díky za pomoc. Zdravím.

Nemate zac, rad jsem pomohl Zase nekdy

A na zaklade Pravidla o zamykani temat