Lenovo 420 - pomalé spouštění Windows 7

[Rawmen]

Zdravím,
poslední dobou mě zlobí načítání W7, je strašně pomalé, když zapnu notebook, tak to jde normálně až do části, než se objeví přihlášení k uživatelskému účtu, to zde je např. 15-20s černá obrazovka. Pak naskočí ať zadám heslo, po zadaní hesla, vidím jen modrou plochu, žádná lišta start, žádné ikony, občas se to po chvilce naskočí, občas musím notebook natvrdo vypnout a zkusit to znovu, takhle se to opakuje např. i 4-5x po sobě než se vůbec dostanu do Windows. Před chvílí jsem zkusil, když se mi to zase nenačetlo a zůstalo to jen u modré plochy zmáčknout ctrl + alt + delete. Správce úloh funguje, když dám procesy, tak tam vůbec nebylo explorer.exe, tak jsem zkusil Aplikace-> nová úloha -> napsal explorer.exe a vyhodilo mi to hlášku: " C:\Windows\explorer.exe Operace nebyla dokončena, protože soubor obsahuje virus". Zkoušel jsem to skenovat snad vším možným co znám z hlavy nebo jsem našel např. i tu.

avast! Free Antivirus - nic
CCleaner - tím jsem projel jenom registry
SUPERAntiSpyware Professional - našlo to jen nějaký bordel v cookies
Spyware Terminator 2012 - nic
Malwarebytes Anti-Malware - jenom nějaké vadné soubory u staženého Photoshopu v složce language, který jsem stahoval za účelem amatérských úprav pár fotek.

Před chvilkou mi to 2x komplet zamrzlo po pár minutách co jsem se úspěšně dostal do Windows, spustil jsem firefox, na YT pustil hudbu, otevřel Adobe Reader, že se mrknu na angličtinu, najednou přestala hrát hudba a pak to zamrzlo.

Za veškeré rady děkuji!

PS: Pokud dám spustit v nouzovém režimu, Windows naběhne normálně za chvilku.

[JaRon]

ahoj,
citat:
Stahnete SystemLook http://jpshortstuff.247fixes.com/SystemLook.exe a ulozte jej na plochu
• Do okna vlozte skript nize

:filefind
explorer.exe

[Rawmen]

Výsledek

SystemLook 30.07.11 by jpshortstuff
Log created at 15:39 on 18/03/2014 by Rawmen
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== filefind ==========

Searching for "explorer.exe"
C:\Windows\explorer.exe --a---- 2388992 bytes [16:28 09/03/2014] [06:19 25/02/2011] (Unable to calculate MD5)
C:\Windows\erdnt\cache86\explorer.exe --a---- 2871808 bytes [20:33 23/03/2013] [06:19 25/02/2011] 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\System32\explorer.exe --a---- 2616320 bytes [06:44 16/07/2011] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\SysWOW64\explorer.exe --a---- 2616320 bytes [06:44 16/07/2011] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe --a---- 2872320 bytes [03:24 21/11/2010] [03:24 21/11/2010] AC4C51EB24AA95B77F705AB159189E24
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe --a---- 2871808 bytes [06:44 16/07/2011] [06:19 25/02/2011] 332FEAB1435662FC6C672E25BEB37BE3
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe --a---- 2871808 bytes [06:44 16/07/2011] [06:14 26/02/2011] 3B69712041F3D63605529BD66DC00C48
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe --a---- 2616320 bytes [03:24 21/11/2010] [03:24 21/11/2010] 40D777B7A95E00593EB1568C68514493
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe --a---- 2616320 bytes [06:44 16/07/2011] [05:30 25/02/2011] 8B88EBBB05A0E56B7DCC708498C02B3E
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe --a---- 2616320 bytes [06:44 16/07/2011] [05:19 26/02/2011] 0FB9C74046656D1579A64660AD67B746

-= EOF =-

[JaRon]

na https://www.virustotal.com/ otestuj subor C:\Windows\explorer.exe

[Rawmen]

Nevím jak to jsem inteligentněji vložit.
SHA256: d4d3d955bf1d28646b60b2334745ac805e300a8d50c53fcc9f4e3f113dcf484c
File name: explorer.exe
Detection ratio: 0 / 50
Analysis date: 2014-03-18 18:21:34 UTC ( 0 minut ago )

http://www.nahraj-obrazek.cz/?di=3139516731112
http://www.nahraj-obrazek.cz/?di=213951673112
http://www.nahraj-obrazek.cz/?di=513951673118
http://www.nahraj-obrazek.cz/?di=8139516731112

[JaRon]

hlavne je to 0/50
stiahni a uloz na plochu ComboFix

potom spust pod uctom s administratorskym opravnenim


akcia trva cca. 5-10 minut, niekedy i dlhsie -, Pocas scanu nespustaj ziadne ine aplikacie

Nie je dovod na paniku ak stroj bude restartovany
upozornenie: ak pouzivas antispyware s rezidentnim stitem, ten pred scanom vypni.

po restarte aplikacie vytvori log, ulozeny na C:\Combofix.txt (jeho obsah vloz sem)

[Rawmen]

ComboFix 14-03-19.01 - Rawmen 19.03.2014 12:08:51.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4007.2202 [GMT 1:00]
Spuštěný z: c:\users\Rawmen\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: ZoneAlarm Free Firewall Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\SysWow64\SET6F1F.tmp
c:\windows\SysWow64\SETA9DA.tmp
c:\windows\SysWow64\SETB0C7.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-19 do 2014-03-19 )))))))))))))))))))))))))))))))
.
.
2014-03-18 17:16 . 2014-03-18 17:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-03-18 17:15 . 2014-03-18 17:15 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-18 17:15 . 2014-03-18 17:15 -------- d-----w- c:\program files (x86)\Java
2014-03-18 12:08 . 2014-03-18 12:08 -------- d-----w- C:\Eula
2014-03-18 11:47 . 2014-03-18 11:48 -------- d-----w- c:\program files (x86)\CheckPoint
2014-03-18 11:46 . 2014-03-18 11:46 -------- d-----w- c:\programdata\CheckPoint
2014-03-18 11:40 . 2014-03-18 11:41 -------- d-----w- c:\program files (x86)\Crawler
2014-03-18 11:40 . 2014-03-18 11:40 -------- d-----w- c:\users\Rawmen\AppData\Roaming\SUPERAntiSpyware.com
2014-03-18 11:40 . 2014-03-18 15:10 -------- d-----w- c:\programdata\Spyware Terminator
2014-03-18 11:40 . 2014-03-18 11:40 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2014-03-18 11:40 . 2014-03-18 11:40 -------- d-----w- c:\users\Rawmen\AppData\Roaming\Spyware Terminator
2014-03-18 11:40 . 2014-03-18 11:41 -------- d-----w- c:\program files (x86)\Spyware Terminator
2014-03-18 11:40 . 2014-03-18 11:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-03-18 11:40 . 2014-03-18 11:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-03-18 05:44 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A38718DB-DDA2-4040-9501-6E2D855BC0FB}\mpengine.dll
2014-03-17 16:51 . 2014-03-17 16:51 -------- d-----w- c:\programdata\Martau
2014-03-17 16:51 . 2014-03-17 16:51 -------- d-----w- c:\program files\Total Uninstall 6
2014-03-16 18:56 . 2014-03-16 18:56 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-03-16 18:53 . 2014-03-16 18:56 -------- d-----w- c:\program files\Adobe
2014-03-16 18:46 . 2014-03-16 18:56 -------- d-----w- c:\program files\Common Files\Adobe
2014-03-15 19:26 . 2014-03-15 19:26 -------- d-----w- c:\users\Rawmen\AppData\Roaming\Skyrim - Legendary Edition
2014-03-15 19:04 . 2014-03-15 19:04 -------- d-----w- c:\users\Rawmen\AppData\Local\Skyrim
2014-03-15 18:45 . 2014-03-15 18:45 -------- d-----w- c:\program files (x86)\R.G. Mechanics
2014-03-15 16:23 . 2014-03-15 16:24 -------- d-----w- c:\users\Rawmen\AppData\Local\PAYDAY
2014-03-15 16:23 . 2014-03-15 16:23 -------- d-----w- c:\programdata\RELOADED
2014-03-15 16:13 . 2014-03-17 16:42 -------- d-----w- c:\program files (x86)\Payday The Heist
2014-03-11 06:48 . 2014-03-11 06:48 -------- d-----w- c:\users\Rawmen\AppData\Roaming\SomePDF
2014-03-11 06:48 . 2014-03-11 06:48 -------- d-----w- c:\program files (x86)\SomePDF
2014-03-09 18:45 . 2014-03-12 16:20 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-03-09 18:45 . 2014-03-09 18:45 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-03-09 17:51 . 2014-03-09 17:51 -------- d-----w- c:\windows\vbSkinner
2014-03-09 16:38 . 2014-03-19 06:20 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-03-09 16:28 . 2014-03-09 16:28 -------- d-----w- c:\windows\W7SBC
2014-03-09 16:28 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer_edit_w7sbc.exe
2014-03-09 16:28 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer_backup_w7sbc.exe
2014-03-09 16:28 . 2011-02-25 06:19 2388992 ----a-w- c:\windows\explorer.exe
2014-03-09 16:09 . 2014-03-17 16:41 -------- d-----w- c:\program files (x86)\LiveTuner
2014-03-09 16:09 . 2006-10-11 11:45 73728 ----a-w- c:\windows\SysWow64\pv.exe
2014-03-09 16:04 . 2014-03-09 16:43 -------- d-----w- c:\users\Rawmen\AppData\Roaming\Moonchild Productions
2014-03-09 16:04 . 2014-03-09 16:04 -------- d-----w- c:\users\Rawmen\AppData\Local\Moonchild Productions
2014-03-09 15:03 . 2014-03-09 15:08 -------- d-----w- C:\Games
2014-03-04 13:24 . 2014-03-04 13:38 -------- d-----w- c:\users\Rawmen\AppData\Roaming\PhotoScape
2014-03-01 17:57 . 2014-03-08 20:56 -------- d-----w- c:\users\Rawmen\AppData\Local\Battle.net
2014-03-01 17:57 . 2014-03-01 18:22 -------- d-----w- c:\users\Rawmen\AppData\Roaming\Battle.net
2014-03-01 17:57 . 2014-03-05 17:09 -------- d-----w- c:\program files (x86)\Battle.net
2014-03-01 17:54 . 2014-03-01 17:54 -------- d-----w- c:\users\Rawmen\AppData\Local\Blizzard Entertainment
2014-02-28 18:52 . 2014-02-28 18:52 -------- d-----w- c:\users\Rawmen\.objectdb
2014-02-28 18:52 . 2014-02-28 18:52 -------- d-----w- c:\users\Rawmen\AppData\Roaming\VitySoft
2014-02-28 18:51 . 2014-02-28 18:51 -------- d-----w- c:\program files (x86)\FreeRapid Downloader 0.9u2
2014-02-28 12:06 . 2014-02-28 12:06 -------- d-----w- c:\program files (x86)\Fox
2014-02-28 12:05 . 2014-02-28 12:05 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2014-02-28 12:05 . 2014-02-28 12:05 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2014-02-27 16:04 . 2014-03-09 17:03 -------- d-----w- c:\users\Rawmen\AppData\Roaming\uTorrent
2014-02-26 08:31 . 2014-03-17 16:44 -------- d-----w- c:\users\Rawmen\AppData\Roaming\Seznam.cz
2014-02-25 13:29 . 2014-02-25 13:53 -------- d-----w- c:\users\Rawmen\AppData\Roaming\Audacity
2014-02-25 13:14 . 2003-03-19 04:05 89088 ----a-w- c:\windows\SysWow64\ATL71.DLL
2014-02-25 09:01 . 2014-02-25 09:01 -------- d-----w- c:\windows\Migration
2014-02-25 08:59 . 2014-02-25 08:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-02-23 18:31 . 2014-03-09 18:02 -------- d-----w- c:\program files (x86)\Gabest
2014-02-23 18:31 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2014-02-23 18:31 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2014-02-23 18:31 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2014-02-23 18:31 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2014-02-23 18:31 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2014-02-23 18:31 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2014-02-23 18:31 . 2014-02-23 18:31 -------- d-----w- c:\program files (x86)\Xvid
2014-02-23 18:30 . 2014-03-09 12:41 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2014-02-20 20:55 . 2014-03-15 20:47 -------- d-----w- c:\users\Rawmen\AppData\Local\Kosata6
2014-02-18 09:20 . 2014-02-18 09:20 -------- d-----w- c:\users\Rawmen\AppData\Local\Macromedia
2014-02-18 09:19 . 2014-02-18 09:19 -------- d-----w- c:\users\Rawmen\AppData\Local\Mozilla
2014-02-18 09:08 . 2014-03-15 19:40 -------- d-----w- C:\AdwCleaner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-18 22:38 . 2012-07-09 10:21 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-12 16:20 . 2012-09-06 11:37 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-03-12 07:33 . 2012-08-14 21:28 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 07:33 . 2011-07-14 13:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-28 12:05 . 2012-08-16 18:57 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2014-02-15 15:33 . 2014-02-15 15:33 14107008 ----a-w- c:\windows\SysWow64\drvgenpro.exe
2014-01-06 07:54 . 2014-01-05 19:53 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-05 19:53 . 2013-03-09 17:13 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-05 19:53 . 2013-03-09 17:13 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-05 19:53 . 2013-03-09 17:13 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-05 19:53 . 2013-03-09 17:13 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-05 19:53 . 2013-03-09 17:13 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-05 19:53 . 2011-07-22 07:03 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-05 19:53 . 2013-03-09 17:13 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-05 19:53 . 2013-03-09 17:13 43152 ----a-w- c:\windows\avastSS.scr
2013-12-24 23:09 . 2014-02-12 06:14 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-12 06:14 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 09:53 . 2014-02-12 09:19 548864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-21 08:56 . 2014-02-12 09:19 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-19 13:11 . 2013-03-09 17:13 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[-] 2011-02-25 . D46D915C5E581B71BFBD07DF7F7BC326 . 2388992 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\erdnt\cache86\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-11-10 3491264]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-01-06 6563608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2013-01-10 6000936]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-05 3764024]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-01-29 74160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 aswKbd;aswKbd; [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel® Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys;c:\windows\SYSNATIVE\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 20:16 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 07:33]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14 16:33]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14 16:33]
.
2014-03-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 67ce7df5-a4ee-48d3-a614-08d0d5ee3af7.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-03-18 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task c1a41149-c427-490f-9b04-08380fc0c696.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-05 19:53 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"TpShocks"="TpShocks.exe" [2011-01-14 380776]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-27 41320]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2012-09-21 85864]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2013-10-22 2777736]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-10-22 3684488]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60747
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60747
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí &BitSpiritu - c:\program files (x86)\BitSpirit\bsurl.htm
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} -
TCP: DhcpNameServer = 10.0.0.138
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Rawmen\AppData\Roaming\Mozilla\Firefox\Profiles\44xt1m8p.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.cz/
FF - user.js: extensions.zonealarm.hpOld0 - hxxp://google.cz/
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=77a8cef406c04a1c89746ac022cdb9af&tu=10G9y00D12C01x0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - c8bef31d000000000000f0def15b49f7
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16147
FF - user.js: extensions.zonealarm.vrsn - 1.8.28.13
FF - user.js: extensions.zonealarm.vrsni - 1.8.28.13
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.28.1312:47
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - HFA5
FF - user.js: extensions.zonealarm.instlRef - ZLN122307750166635-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=en&gu=77a8cef406c04a1c89746ac022cdb9af&tu=10G9y00D12C01x0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=en&gu=77a8cef406c04a1c89746ac022cdb9af&tu=10G9y00D12C01x0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=en&gu=77a8cef406c04a1c89746ac022cdb9af&tu=10G9y00D12C01x0&sku=&tstsId=&ver=&
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3572560028-3069878945-2009164157-1000\Software\SecuROM\License information*]
"datasecu"=hex:f6,41,d1,f6,43,02,2b,c1,61,f4,35,c7,45,e5,1c,9c,e2,fa,11,62,08,
cb,25,8e,30,e4,d6,b0,a1,37,40,71,9c,8e,ee,d6,98,b7,48,88,e6,74,2d,3e,ff,f6,\
"rkeysecu"=hex:1b,b5,52,6d,b9,b0,2c,c1,55,51,23,8c,25,8e,a7,8c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2014-03-19 12:23:34
ComboFix-quarantined-files.txt 2014-03-19 11:23
.
Před spuštěním: Volných bajtů: 115 130 511 360
Po spuštění: Volných bajtů: 114 697 646 080
.
- - End Of File - - 2B1BCD35A98A13934AEA3DA6F9B55683
44E7ABCAD512943DF2560B20266D6620

[JaRon]

odinstaluj SUPERAntiSpyware + Spyware Terminator
a napis, ci su stale problemy

[Rawmen]

Teď jsem je odinstaloval, ale tyhle dva programy mám od včera.

Jinak celkově to blbne už méně, ale občas to furt nejde. Dneska ráno to naběhlo hned na první zapnutí. Okolo oběda mi to nenaběhlo, tak jsem to zkusil o chvilku později a naběhlo to. Teď jsem to zapnul hned napoprvé a nabíhá už to mnohem rychleji.

btw: jinak tam žádný bordel nemám?

Je potřeba ještě něco odinstalovat? Včera jsem nainstaloval SUPERAntiSpyware + Spyware Terminator + Zone Alarm, když jsem zapnul notebook, tak po chvilce zamrzl, při brouzdání po netu, při hraní her. Napadlo vše vypnout + jsem vypnul MBAM a včera při hraní to nezamrzlo.

EDIT: tak jsem to "testovačně" resetoval a naběhlo to hned na první pokus.
EDIT2: tak teď ráno znovu, zapnu notebook a skončilo to u modré plochy, dám správce-> procesy a explorer.exe nikde, tak nová úloha a výsledek zase, že obsahuje virus, na tvrdo jsem to vypnul tlačítkem a na podruhé to naběhlo.

[JaRon]

Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:

Kód: Vybrat vše

KillAll::



FCopy::
c:\windows\erdnt\cache86\explorer.exe | c:\windows\explorer.exe

uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:



po aplikacii by mal vzniknut dalsi log, ten vloz sem

[Rawmen]

Jak jsem ráno psal, že to na podruhé naběhlo, tak to po hodině zase zamrzlo a už to nenaběhlo, zkoušel jsem to 4x. Pak jsem na to neměl nervy a šel radši na praxi, teď okolo půl 12 mi to taky naběhlo až na podruhé.

Log zde:

ComboFix 14-03-19.01 - Rawmen 20.03.2014 12:05:06.6.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4007.2203 [GMT 1:00]
Spuštěný z: c:\users\Rawmen\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Rawmen\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\windows\erdnt\cache86\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-02-20 do 2014-03-20 )))))))))))))))))))))))))))))))
.
.
2014-03-20 11:16 . 2014-03-20 11:16 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-03-20 11:16 . 2014-03-20 11:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-19 16:51 . 2014-03-19 16:51 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A38718DB-DDA2-4040-9501-6E2D855BC0FB}\offreg.dll
2014-03-18 17:16 . 2014-03-18 17:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-03-18 17:15 . 2014-03-18 17:15 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-18 17:15 . 2014-03-18 17:15 -------- d-----w- c:\program files (x86)\Java
2014-03-18 12:08 . 2014-03-18 12:08 -------- d-----w- C:\Eula
2014-03-18 11:47 . 2014-03-18 11:48 -------- d-----w- c:\program files (x86)\CheckPoint
2014-03-18 11:46 . 2014-03-18 11:46 -------- d-----w- c:\programdata\CheckPoint
2014-03-18 11:40 . 2014-03-18 11:41 -------- d-----w- c:\program files (x86)\Crawler
2014-03-18 11:40 . 2014-03-18 11:40 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2014-03-18 05:44 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A38718DB-DDA2-4040-9501-6E2D855BC0FB}\mpengine.dll
2014-03-17 16:51 . 2014-03-17 16:51 -------- d-----w- c:\programdata\Martau
2014-03-17 16:51 . 2014-03-17 16:51 -------- d-----w- c:\program files\Total Uninstall 6
2014-03-16 18:56 . 2014-03-16 18:56 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2014-03-16 18:53 . 2014-03-16 18:56 -------- d-----w- c:\program files\Adobe
2014-03-16 18:46 . 2014-03-16 18:56 -------- d-----w- c:\program files\Common Files\Adobe
2014-03-15 19:26 . 2014-03-15 19:26 -------- d-----w- c:\users\Rawmen\AppData\Roaming\Skyrim - Legendary Edition
2014-03-15 19:04 . 2014-03-15 19:04 -------- d-----w- c:\users\Rawmen\AppData\Local\Skyrim
2014-03-15 18:45 . 2014-03-15 18:45 -------- d-----w- c:\program files (x86)\R.G. Mechanics
2014-03-15 16:23 . 2014-03-15 16:24 -------- d-----w- c:\users\Rawmen\AppData\Local\PAYDAY
2014-03-15 16:23 . 2014-03-15 16:23 -------- d-----w- c:\programdata\RELOADED
2014-03-15 16:13 . 2014-03-17 16:42 -------- d-----w- c:\program files (x86)\Payday The Heist
2014-03-11 06:48 . 2014-03-11 06:48 -------- d-----w- c:\users\Rawmen\AppData\Roaming\SomePDF
2014-03-11 06:48 . 2014-03-11 06:48 -------- d-----w- c:\program files (x86)\SomePDF
2014-03-09 18:45 . 2014-03-12 16:20 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-03-09 18:45 . 2014-03-09 18:45 75064 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-03-09 17:51 . 2014-03-09 17:51 -------- d-----w- c:\windows\vbSkinner
2014-03-09 16:38 . 2014-03-19 06:20 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2014-03-09 16:28 . 2014-03-09 16:28 -------- d-----w- c:\windows\W7SBC
2014-03-09 16:28 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer_edit_w7sbc.exe
2014-03-09 16:28 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer_backup_w7sbc.exe
2014-03-09 16:28 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
2014-03-09 16:09 . 2014-03-17 16:41 -------- d-----w- c:\program files (x86)\LiveTuner
2014-03-09 16:09 . 2006-10-11 11:45 73728 ----a-w- c:\windows\SysWow64\pv.exe
2014-03-09 16:04 . 2014-03-09 16:43 -------- d-----w- c:\users\Rawmen\AppData\Roaming\Moonchild Productions
2014-03-09 16:04 . 2014-03-09 16:04 -------- d-----w- c:\users\Rawmen\AppData\Local\Moonchild Productions
2014-03-09 15:03 . 2014-03-09 15:08 -------- d-----w- C:\Games
2014-03-04 13:24 . 2014-03-04 13:38 -------- d-----w- c:\users\Rawmen\AppData\Roaming\PhotoScape
2014-03-01 17:57 . 2014-03-08 20:56 -------- d-----w- c:\users\Rawmen\AppData\Local\Battle.net
2014-03-01 17:57 . 2014-03-01 18:22 -------- d-----w- c:\users\Rawmen\AppData\Roaming\Battle.net
2014-03-01 17:57 . 2014-03-05 17:09 -------- d-----w- c:\program files (x86)\Battle.net
2014-03-01 17:54 . 2014-03-01 17:54 -------- d-----w- c:\users\Rawmen\AppData\Local\Blizzard Entertainment
2014-02-28 18:52 . 2014-02-28 18:52 -------- d-----w- c:\users\Rawmen\.objectdb
2014-02-28 18:52 . 2014-02-28 18:52 -------- d-----w- c:\users\Rawmen\AppData\Roaming\VitySoft
2014-02-28 18:51 . 2014-02-28 18:51 -------- d-----w- c:\program files (x86)\FreeRapid Downloader 0.9u2
2014-02-28 12:06 . 2014-02-28 12:06 -------- d-----w- c:\program files (x86)\Fox
2014-02-28 12:05 . 2014-02-28 12:05 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2014-02-28 12:05 . 2014-02-28 12:05 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2014-02-27 16:04 . 2014-03-09 17:03 -------- d-----w- c:\users\Rawmen\AppData\Roaming\uTorrent
2014-02-26 08:31 . 2014-03-17 16:44 -------- d-----w- c:\users\Rawmen\AppData\Roaming\Seznam.cz
2014-02-25 13:29 . 2014-02-25 13:53 -------- d-----w- c:\users\Rawmen\AppData\Roaming\Audacity
2014-02-25 13:14 . 2003-03-19 04:05 89088 ----a-w- c:\windows\SysWow64\ATL71.DLL
2014-02-25 09:01 . 2014-02-25 09:01 -------- d-----w- c:\windows\Migration
2014-02-25 08:59 . 2014-02-25 08:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-02-23 18:31 . 2014-03-09 18:02 -------- d-----w- c:\program files (x86)\Gabest
2014-02-23 18:31 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll
2014-02-23 18:31 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax
2014-02-23 18:31 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll
2014-02-23 18:31 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax
2014-02-23 18:31 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll
2014-02-23 18:31 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2014-02-23 18:31 . 2014-02-23 18:31 -------- d-----w- c:\program files (x86)\Xvid
2014-02-23 18:30 . 2014-03-09 12:41 -------- d-----w- c:\program files (x86)\AviSynth 2.5
2014-02-20 20:55 . 2014-03-19 21:29 -------- d-----w- c:\users\Rawmen\AppData\Local\Kosata6
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-18 22:38 . 2012-07-09 10:21 90015360 ----a-w- c:\windows\system32\MRT.exe
2014-03-12 16:20 . 2012-09-06 11:37 234536 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-03-12 07:33 . 2012-08-14 21:28 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 07:33 . 2011-07-14 13:18 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-28 12:05 . 2012-08-16 18:57 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2014-02-15 15:33 . 2014-02-15 15:33 14107008 ----a-w- c:\windows\SysWow64\drvgenpro.exe
2014-01-06 07:54 . 2014-01-05 19:53 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-01-05 19:53 . 2013-03-09 17:13 422216 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-05 19:53 . 2013-03-09 17:13 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-05 19:53 . 2013-03-09 17:13 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-01-05 19:53 . 2013-03-09 17:13 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-01-05 19:53 . 2013-03-09 17:13 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-05 19:53 . 2011-07-22 07:03 334136 ----a-w- c:\windows\system32\aswBoot.exe
2014-01-05 19:53 . 2013-03-09 17:13 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-01-05 19:53 . 2013-03-09 17:13 43152 ----a-w- c:\windows\avastSS.scr
2013-12-24 23:09 . 2014-02-12 06:14 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-12-24 22:48 . 2014-02-12 06:14 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-12-21 09:53 . 2014-02-12 09:19 548864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-21 08:56 . 2014-02-12 09:19 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-11-10 3491264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"PWMTRV"="c:\progra~2\ThinkPad\UTILIT~1\PWMTR64V.DLL" [2013-01-10 6000936]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-05 3764024]
"RotateImage"="c:\program files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe" [2008-10-30 55808]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2014-01-29 74160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 smihlp2;SMI Helper Driver (smihlp2);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64;c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [x]
R3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys;c:\windows\SYSNATIVE\DRIVERS\ewdcsc.sys [x]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbdev.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc_x64.pkms;c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]
R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 aswKbd;aswKbd; [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\DRIVERS\smiifx64.sys;c:\windows\SYSNATIVE\DRIVERS\smiifx64.sys [x]
S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 CxAudMsg;Conexant Audio Message Service;c:\windows\system32\CxAudMsg64.exe;c:\windows\SYSNATIVE\CxAudMsg64.exe [x]
S2 IAStorDataMgrSvc;Úložná technologie Intel® Rapid;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 jhi_service;Intel(R) Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [x]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x]
S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x]
S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x]
S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 risdxc;risdxc;c:\windows\system32\DRIVERS\risdxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdxc64.sys [x]
S2 SAService;Conexant SmartAudio service;c:\windows\system32\SAsrv.exe;c:\windows\SYSNATIVE\SAsrv.exe [x]
S2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe;c:\program files\LENOVO\HOTKEY\TPHKLOAD.exe [x]
S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe;c:\program files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [x]
S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys;c:\windows\SYSNATIVE\DRIVERS\seehcri.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-15 20:16 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.154\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-14 07:33]
.
2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14 16:33]
.
2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-05-14 16:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-05 19:53 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-11-02 1933584]
"TpShocks"="TpShocks.exe" [2011-01-14 380776]
"LENOVO.TPKNRRES"="c:\program files\Lenovo\Communications Utility\TPKNRRES.exe" [2011-01-27 41320]
"ALCKRESI.EXE"="c:\program files\Lenovo\AutoLock\ALCKRESI.EXE" [2010-12-17 281448]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2012-06-14 887968]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2012-09-21 85864]
"SmartAudio"="c:\program files\CONEXANT\SAII\SACpl.exe" [2012-06-13 1647616]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"ForteConfig"="c:\program files\Conexant\ForteConfig\fmapp.exe" [2010-10-26 49056]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60747
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60747
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Stáhnout pomocí &BitSpiritu - c:\program files (x86)\BitSpirit\bsurl.htm
IE: Stáhnout s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stáhnout s IDM všechny odkazy - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} -
TCP: DhcpNameServer = 10.0.0.138
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\users\Rawmen\AppData\Roaming\Mozilla\Firefox\Profiles\44xt1m8p.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.cz/
FF - user.js: extensions.zonealarm.hpOld0 - hxxp://google.cz/
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?src=tb&tbid=HFA5&Lan={dfltLng}&gu=77a8cef406c04a1c89746ac022cdb9af&tu=10G9y00D12C01x0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.id - c8bef31d000000000000f0def15b49f7
FF - user.js: extensions.zonealarm.appId - {C56C48A0-DA4E-46F6-9859-1553DC865F84}
FF - user.js: extensions.zonealarm.instlDay - 16147
FF - user.js: extensions.zonealarm.vrsn - 1.8.28.13
FF - user.js: extensions.zonealarm.vrsni - 1.8.28.13
FF - user.js: extensions.zonealarm.vrsnTs - 1.8.28.1312:47
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - HFA5
FF - user.js: extensions.zonealarm.instlRef - ZLN122307750166635-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.ffxUnstlRst - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm.rvrt - false
FF - user.js: extensions.zonealarm.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?src=hp&tbid=HFA5&Lan=en&gu=77a8cef406c04a1c89746ac022cdb9af&tu=10G9y00D12C01x0&sku=&tstsId=&ver=&
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.kw_url - hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=en&gu=77a8cef406c04a1c89746ac022cdb9af&tu=10G9y00D12C01x0&sku=&tstsId=&ver=&&q=
FF - user.js: extensions.zonealarm.dnsErr - true
FF - user.js: extensions.zonealarm.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?src=nt&tbid=HFA5&Lan=en&gu=77a8cef406c04a1c89746ac022cdb9af&tu=10G9y00D12C01x0&sku=&tstsId=&ver=&
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
AddRemove-Adobe Shockwave Player - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\c:\program files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{127174DC-C366ED8B-06020101}_0]
"ImagePath"="\??\c:\program files\pc-doctor\pcdsrvc_x64.pkms"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-3572560028-3069878945-2009164157-1000\Software\SecuROM\License information*]
"datasecu"=hex:f6,41,d1,f6,43,02,2b,c1,61,f4,35,c7,45,e5,1c,9c,e2,fa,11,62,08,
cb,25,8e,30,e4,d6,b0,a1,37,40,71,9c,8e,ee,d6,98,b7,48,88,e6,74,2d,3e,ff,f6,\
"rkeysecu"=hex:1b,b5,52,6d,b9,b0,2c,c1,55,51,23,8c,25,8e,a7,8c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\progra~1\LENOVO\VIRTSCRL\virtscrl.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\SAsrv.exe
c:\progra~1\Lenovo\HOTKEY\TPONSCR.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Lenovo\System Update\SUService.exe
c:\program files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
.
**************************************************************************
.
Celkový čas: 2014-03-20 12:25:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-03-20 11:25
ComboFix2.txt 2014-03-19 11:23
.
Před spuštěním: Volných bajtů: 113 604 116 480
Po spuštění: Volných bajtů: 113 162 874 880
.
- - End Of File - - 078E28EBD7A98B554323CEB67EDC2E2B
44E7ABCAD512943DF2560B20266D6620

[JaRon]

su problemy aj po spusteni scriptu
spust s prikazoveho riadku sfc /scannow

[Rawmen]

Po tom posledním ComboFixu jsem to zapnul až teď, zatím to naběhlo napoprvé.

[JaRon]

malo by to byt v pohode

[Rawmen]

Děkuji, zatím to šlape.
I když jsem nevydělávající student, pokusím se podpořit fórum, bohužel jediná forma, kterou tak mohu učinit je SMS, ostatními vymoženostmi nedisponuji.