Pomalý start systému - prosím o kontrolu

[quinter]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:51:08, on 21.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tony\Desktop\Programy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Programy\QIP\QIP\qip.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B15D64A5-DCE2-47E7-81BC-1B0F3ABBF2BB}: NameServer = 213.180.32.2,213.180.33.225
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9931 bytes

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)


Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si na svojí plochu StartupLite .exe by MalwareBytes

Tento program identifikuje a dává volbu k odstranění nepotřebných položek k vyprázdnění paměti.
Poklepej na ikonu StartupLite.exe (by MalwareBytes ) ke spuštění programu. Ve vistě a windows 7 spusť jako správce (pravým klik na ikonu a vyber-spustit jako správce).Vytvoří se list nepotřebných vstupů po spuštění. Nech všechny položky jako deaktivované a klikni na Continue . Restartuj PC.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

[quinter]

Tak malwarebytes nic nenašel, 0 nákaz, tady ještě log z HJT, pro jistotu


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:50:38, on 21.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tony\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tony\Desktop\Programy\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tony\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Programy\QIP\QIP\qip.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B15D64A5-DCE2-47E7-81BC-1B0F3ABBF2BB}: NameServer = 213.180.32.2,213.180.33.225
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9127 bytes

[bledulka]

Ahoj, Jaro3 už spí
Stav počítače se zlepšil, nebo jsou stále problémy?

[quinter]

Tak PC se chovat celkem normálně, ale ten start je prostě pomalejší než dřív. Zkoušel jsem ještě defragmentaci disku, ale stále je to stejně. Ten nadpis Vítejte byl dřív zobrazen asi tak 5 vteřin, teď je to něco kolem vteřin třiceti.

[bledulka]

Tak to může být také stářím systému.

Stáhni na plochu ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Před použitím vypni všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary
-Zavři všechna aktivní okna a spusť ho pod učtem s právy administrátora
- Po spuštění se zobrazí podmínky použití, potvrď je stiskem tlačítka Ano

- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna

- Po dokončení skenování, se vytvoří log C:\ComboFix.txt, zkopíruj celý jeho obsah sem.

[quinter]

ComboFix 11-01-22.03 - Tony 23.01.2011 17:10:19.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4061.2990 [GMT 1:00]
Spuštěný z: c:\users\Tony\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Tony\AppData\Roaming\Microsoft\Internet Explorer\qsTAtsrv.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-23 do 2011-01-23 )))))))))))))))))))))))))))))))
.

2011-01-23 16:13 . 2011-01-23 16:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-23 16:06 . 2011-01-20 09:39 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4C0339A-31B6-4D7E-896D-88F3C59CB09F}\mpengine.dll
2011-01-22 22:16 . 2011-01-22 22:16 -------- dc-h--w- c:\programdata\{7451F7D5-591C-4490-8D3B-C73A69A0E782}
2011-01-22 20:38 . 2011-01-22 20:40 -------- d-----w- c:\users\Tony\AppData\Roaming\vlc
2011-01-22 16:30 . 2011-01-22 16:30 -------- d-----w- C:\rsit
2011-01-22 16:15 . 2011-01-22 16:15 -------- d-----w- c:\users\Tony\AppData\Local\ATI
2011-01-21 19:46 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-21 18:48 . 2011-01-21 18:48 -------- d-----w- c:\program files\Defraggler
2011-01-18 20:54 . 2011-01-18 20:54 -------- d-----w- c:\users\Tony\AppData\Roaming\GRETECH
2011-01-18 17:43 . 2011-01-18 17:43 -------- dc-h--w- c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2011-01-18 17:37 . 2011-01-18 17:37 6288 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2011-01-18 17:23 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-01-18 12:12 . 2006-11-09 21:46 7040 ----a-w- c:\windows\system32\drivers\hidusbf.sys
2011-01-16 16:12 . 2010-06-09 17:55 138240 ----a-w- c:\users\Tony\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
2011-01-12 11:53 . 2011-01-12 11:53 -------- d-----w- c:\users\Tony\AppData\Roaming\Avira
2011-01-12 11:52 . 2011-01-12 11:52 -------- d-----w- c:\programdata\Avira
2011-01-12 11:52 . 2011-01-12 11:52 -------- d-----w- c:\program files (x86)\Avira
2011-01-12 11:52 . 2010-12-13 07:40 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-01-12 11:52 . 2010-12-13 07:40 116568 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-01-12 07:55 . 2010-04-28 10:32 932384 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys
2011-01-12 07:55 . 2010-04-27 00:23 1103904 ----a-w- c:\windows\system32\drivers\rtl8192se.sys
2011-01-12 07:55 . 2010-04-08 09:07 612352 ----a-w- c:\windows\system32\drivers\rtl819xp.sys
2011-01-12 07:55 . 2010-04-01 13:01 442368 ----a-w- c:\windows\system32\drivers\rtl8187Se.sys
2011-01-12 07:55 . 2009-02-05 01:49 451072 ------w- c:\windows\SysWow64\ISSRemoveSP.exe
2011-01-12 07:11 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 07:11 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 07:11 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 07:11 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 07:11 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 07:11 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-12 07:11 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 07:11 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 07:11 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 07:11 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-10 18:51 . 2011-01-10 18:51 -------- d-----w- c:\programdata\ATI
2011-01-10 18:51 . 2011-01-10 18:51 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-01-10 18:50 . 2011-01-10 18:51 -------- d-----w- c:\program files\ATI Technologies
2011-01-10 18:27 . 2011-01-10 18:27 -------- d-----w- c:\program files\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-23 16:06 . 2010-12-04 17:32 4484 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-01-22 23:30 . 2009-12-22 00:44 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-01-22 23:30 . 2009-12-22 00:44 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-01-22 23:01 . 2009-12-22 00:44 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-01-08 20:03 . 2009-12-22 00:44 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-12-20 17:08 . 2009-12-22 17:57 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-04 06:35 . 2010-12-17 17:40 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-17 17:40 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-17 17:40 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-17 17:40 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-17 17:40 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-17 17:40 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-17 17:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-17 17:40 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-17 17:40 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-17 17:40 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:17 . 2010-12-17 17:40 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:16 . 2010-12-17 17:40 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-17 17:40 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-17 17:40 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-17 17:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-17 17:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-17 17:40 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-17 17:40 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-10-27 05:06 . 2010-12-17 17:40 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-17 17:40 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R3 cpuz130;cpuz130;c:\users\Tony\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\DRIVERS\hidusbf.sys [2006-11-09 7040]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 222208]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1255736]
R4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-21 834544]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
S2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-03 251760]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 450048]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {B15D64A5-DCE2-47E7-81BC-1B0F3ABBF2BB} = 213.180.32.2,213.180.33.225
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-HSON - %ProgramFiles%\TOSHIBA\TBS\HSON.exe
HKLM-Run-00TCrdMain - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
AddRemove-QIP 2010 - c:\program files (x86)\QIP 2010\unins000.exe


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-4154602735-317559753-901735074-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D88B2C64-B12F-8690-6132-451BF5CC1CD8}*]
@Allowed: (Read) (RestrictedCode)
"jadnecnfkgmnjnoladko"=hex:62,61,70,6f,00,33
"jadnecnfkgmnjnoladgo"=hex:62,61,67,6f,00,33
"iadmamkpeihddibjhg"=hex:6b,61,6f,6f,70,6b,6b,6a,6b,63,69,6d,6c,68,61,65,6c,70,
64,68,62,69,00,00

[HKEY_USERS\S-1-5-21-4154602735-317559753-901735074-1000\Software\SecuROM\License information*]
"datasecu"=hex:b4,4f,dd,0b,43,46,9f,3f,6c,b0,61,88,eb,e3,1d,8e,fd,fe,03,2b,7d,
43,55,89,4f,e2,87,3f,16,57,0c,58,90,c3,73,40,77,8b,bb,5d,20,2a,b9,c9,9a,e0,\
"rkeysecu"=hex:f1,76,b4,09,94,41,7b,7c,1e,39,19,54,bf,19,6a,cc

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="01DF18302C1134048DD3A716B9B14EA06426B7B4BF8F94964E5E08D0DAA0C36AB5F01A48E46EE107D43558F550145D6DB761AAA9CBBC7CEF8716BC2040BF9677B1FE29201343A065D605F097C5F68BF70885B84B57D36FC85BA6E02101FA8752C7346C6C40960192D98B325329D0152B341E5FBE945D76A65B7ED2E0968B8DB9DC7C3B4247718524B9D6906A5A9D29172AF9510D89648DB22ECAA0504A2D908E6C88239CD8E0A4D5E43A3601905C6CEE6EACF52312F827BA0B038EC5BD20F1D8845063D9FB76FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CBA7FD869164D6794B7CF4EAA46FBBB29B5C1BB8E4A6CE00E59E4F7EA76B9C9B0FA87A8279BE2099554942564E6AE79BAC366141F033404BFD597DFE08D873A9C21F374F558E140637370514805ED019D5137E830E3133A2DBA3F536E295B564552784C2472E50FF03F8904E29CE6E9AAF294404EE3BE037EAC13CEC2DE169FC5DEC5419EBC189C6954280286DBAC21BDB2FDB3C9B0512CE1C16E5FD0F8FA6C3C8AAE7698BC03E27C44B8264327326538101B71B8ABCA5C890550A84DF3B0E44B0D2A260AAD1AB2DD134CDB7597D2CAFEFBB53D73E60C8B2BF55B64338243091B93569A2E7EB0AC463A98A6B675CA39F95C3A6B97AC5C077F0656DABF8921A8D43D713503D0FDC86F27759967423C6B150B3C6706F9666FC41EAC6D76229E6A279D606ACBFB9ED11939DF5F2CB1AC73C35771AF647D36B8BC996C0E9B99F348453D2A42128993E609C779B4ED2B04B2770333D51C1DC1AC2D46C9C43BF2BA906698F9D79EB9C179841B076B57C99162AB42FE0059F0DC67DFE61A2CA2E272E2C31F23DD01FC71D058EFF1E859DC850EDA41F7E80D4643DAA133D874E35280B61C3695168C7B4D0854F645A4A7E8F594069CE25F6E1C92CA445626DF56DFA9D534346B5AD78E680ECC5534AD3BA45CABB2E62AC4F3284D4F1EEEC2C6125C1CDDCFE4DF173F45B4A597A411A4507B155969A65C105D52D956098F9793F64DE3403C89D2CAE1628C6590F1573FE58C62F936552A4B2AB703A161C0ADC626ECF7C246D5490C225BAA3798BC2247402D693DAAE169141F28F6C20A7CB5718628AD80C071698127DCB05C137C3397E763B427D92C161D46A9C72668B1023D41A0BFE4837880E75C4323646797EF252AEAAF105E0C4B2D6D726D86E5C308E3C52CCFB368FBFC10F0A2E938016E5FF11534AC22D2CBCC1EA4F040746F0AE435C5D3DF81CDFEF4DD5840D091CF4E3098FEE1E1DDD9A780DDC1C50055F74E5615B6D4D73817F89DC84918098047FE33C5FECAE69716536E70DC43CD62F4503FF8D32182172AD7555F3E572766DE385C3C707C3BF633F3C6"
"OODEFRAG14.00.00.01PROFESSIONAL"="0F4D02330B013A488595D04CDB53A9A45B919ED87EF3717BC70568A84F829CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794BA7FD869164D6794656865088A56E9C2DF2EC65BFE3F5F6B8B89B90FDCC6AFEDB3D47A1104F3579D8B0587D245C9F140F4CCAD2FD273AE349B59E5CE048611235B13FE23DECC8A41F8F61CF201A8DC252CFB8172497CCCA5F50B306F5E30A9CD4A05D18B773A2160885777870640E068C324A21A1EC8105DDB79A6603CF28DD6E596CFD1524A0B4AE24263D0AD23ED62CA326AC11F0B02DFE302CF340142810B6AB6CBA289D26BB689591FB666252154A699A227AEB7DE93F68823A5A6550299645A094F4AEA99BCCF41DBC1B3DFD05D114F8BAF470A19C452F20B8EB7A7BB1839F8C0CCD46F225CDDA1BF9FA9310407954CD6DFF081D622882CE86E5577917E1E8C20337E01C3742FA664A3F3397A39950FABE4CDDCF03F00A3116BB3C81A299D954940B182F14C92045943D05D2144C499258B0F26759471CA4BCB9BE12158979850D4EA9B540DAD6A1F9791469ED92DEE53C67C25A47BEB18D2FBE8CEA3B1BD9DBEF4BBBBC643F6162D5F9EE1CB90AB9C38AEF0E7F4B4CE07588B0BDD54BB982E8FCBC88E58DFB941EBFBEF61B2E0702DCA7DDD41116452967F2E07A29AE380DBB6A3CC8CCC3A972D3A7394B9162C80B47713C348D38F00C8E0BC75F390FAA5B818ED13EA9A8A049E696FAF24E9B3B3469BF03B55D0243324883382EE05B30BDD0C417E26706EC45FC03F761D571EB7FC8A3FEF084D6FA0B375AF6EEE792986E660540400A9E777B979D233E6B8F48D778C47A041C1A64D061D770C1A25D544725606AB7B5DDA0B804240C506A0A60AD55BF99F28DCE0912EE6F2C55772194125A1561560D0914407BBC31EC3D306D53DA5E856267F979CC12FAC96D0013AD1256C696FBB0039B9A6FC3844AC4AC96D59904BBE6A40ACEFDB44D51076A1DF1C20538901DC1B64583B112251922F8C21D5317BE7666762619C6CC055FA5B171BC368A223D88586DEA6F226F30B64CB16E69279F55072DF99A35EE61E55E84F9C45AF46C207D5FAE14C180D6F6E7EEAC5BE34679EA21431989A47E339C039DD455BA1A8E00459FCC896E3C6985AC5AE7C990A8CAF9A30C52EA946F504BC6EFA0A42AB23932F0EB04EEFB2645A30B6C3D9B4F9D3863B61700102EE83740DDF42B63A30B2832FA719844AD09BB31401375552DFCC964AF5690BD4CA1392379636E98582F7ED688E20CD9A80C6B46F0B7B35360AA8E7526E4B1AD7D4517908D1B8956CECB8A389DD14E15977638670EC66972ABBBE95A000154E487C0DDB0E8393823A2B5C0C0364A5CC016193618771B3EC7D2B0BCD48942C1F"
.
Celkový čas: 2011-01-23 17:15:43
ComboFix-quarantined-files.txt 2011-01-23 16:15
ComboFix2.txt 2011-01-14 10:43

Před spuštěním: Volných bajtů: 218 165 907 456
Po spuštění: Volných bajtů: 218 086 887 424

- - End Of File - - 18EB9161F3F01A2C2C0E99FC5F53AF91

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Driver::
cpuz130

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=-
"ConsentPromptBehaviorUser"=-
"EnableUIADesktopToggle"=-

RegLock::
 [HKEY_USERS\S-1-5-21-4154602735-317559753-901735074-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D88B2C64-B12F-8690-6132-451BF5CC1CD8}*]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT


Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

[quinter]

Tak tady je ten combofix
________________________-


ComboFix 11-01-22.03 - Tony 23.01.2011 18:33:25.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4061.3230 [GMT 1:00]
Spuštěný z: c:\users\Tony\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Tony\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CPUZ130
-------\Service_cpuz130


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-23 do 2011-01-23 )))))))))))))))))))))))))))))))
.

2011-01-23 17:36 . 2011-01-23 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-23 17:36 . 2011-01-23 17:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-01-23 16:06 . 2011-01-20 09:39 7844688 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D4C0339A-31B6-4D7E-896D-88F3C59CB09F}\mpengine.dll
2011-01-22 22:16 . 2011-01-22 22:16 -------- dc-h--w- c:\programdata\{7451F7D5-591C-4490-8D3B-C73A69A0E782}
2011-01-22 20:38 . 2011-01-22 20:40 -------- d-----w- c:\users\Tony\AppData\Roaming\vlc
2011-01-22 16:30 . 2011-01-22 16:30 -------- d-----w- C:\rsit
2011-01-22 16:15 . 2011-01-22 16:15 -------- d-----w- c:\users\Tony\AppData\Local\ATI
2011-01-21 19:46 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-21 18:48 . 2011-01-21 18:48 -------- d-----w- c:\program files\Defraggler
2011-01-18 20:54 . 2011-01-18 20:54 -------- d-----w- c:\users\Tony\AppData\Roaming\GRETECH
2011-01-18 17:43 . 2011-01-18 17:43 -------- dc-h--w- c:\programdata\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2011-01-18 17:37 . 2011-01-18 17:37 6288 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2011-01-18 17:23 . 2010-04-12 08:55 91568 ----a-w- c:\windows\system32\drivers\scdemu.sys
2011-01-18 12:12 . 2006-11-09 21:46 7040 ----a-w- c:\windows\system32\drivers\hidusbf.sys
2011-01-16 16:12 . 2010-06-09 17:55 138240 ----a-w- c:\users\Tony\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
2011-01-12 07:55 . 2010-04-28 10:32 932384 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys
2011-01-12 07:55 . 2010-04-27 00:23 1103904 ----a-w- c:\windows\system32\drivers\rtl8192se.sys
2011-01-12 07:55 . 2010-04-08 09:07 612352 ----a-w- c:\windows\system32\drivers\rtl819xp.sys
2011-01-12 07:55 . 2010-04-01 13:01 442368 ----a-w- c:\windows\system32\drivers\rtl8187Se.sys
2011-01-12 07:55 . 2009-02-05 01:49 451072 ------w- c:\windows\SysWow64\ISSRemoveSP.exe
2011-01-12 07:11 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-12 07:11 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-12 07:11 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-12 07:11 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-12 07:11 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-12 07:11 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-12 07:11 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-12 07:11 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-12 07:11 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-12 07:11 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-10 18:51 . 2011-01-10 18:51 -------- d-----w- c:\programdata\ATI
2011-01-10 18:51 . 2011-01-10 18:51 -------- d-----w- c:\program files (x86)\ATI Technologies
2011-01-10 18:50 . 2011-01-10 18:51 -------- d-----w- c:\program files\ATI Technologies
2011-01-10 18:27 . 2011-01-10 18:27 -------- d-----w- c:\program files\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-23 16:27 . 2010-12-04 17:32 4484 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2011-01-22 23:30 . 2009-12-22 00:44 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-01-22 23:30 . 2009-12-22 00:44 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-01-22 23:01 . 2009-12-22 00:44 214520 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-01-08 20:03 . 2009-12-22 00:44 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2010-12-20 17:08 . 2009-12-22 17:57 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-04 06:35 . 2010-12-17 17:40 1194496 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 06:31 . 2010-12-17 17:40 57856 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 05:52 . 2010-12-17 17:40 978944 ----a-w- c:\windows\SysWow64\wininet.dll
2010-11-04 05:48 . 2010-12-17 17:40 44544 ----a-w- c:\windows\SysWow64\licmgr10.dll
2010-11-04 05:16 . 2010-12-17 17:40 482816 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:41 . 2010-12-17 17:40 386048 ----a-w- c:\windows\SysWow64\html.iec
2010-11-04 04:35 . 2010-12-17 17:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-04 04:08 . 2010-12-17 17:40 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2010-11-02 05:18 . 2010-12-17 17:40 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 05:17 . 2010-12-17 17:40 473600 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 05:17 . 2010-12-17 17:40 1169408 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 05:16 . 2010-12-17 17:40 1114624 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 05:10 . 2010-12-17 17:40 464384 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 05:10 . 2010-12-17 17:40 285696 ----a-w- c:\windows\system32\schtasks.exe
2010-11-02 04:40 . 2010-12-17 17:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-02 04:40 . 2010-12-17 17:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-11-02 04:34 . 2010-12-17 17:40 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-11-02 04:34 . 2010-12-17 17:40 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-10-27 05:06 . 2010-12-17 17:40 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-27 04:32 . 2010-12-17 17:40 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.

((((((((((((((((((((((((((((( SnapShot@2011-01-23_16.13.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-21 13:14 . 2011-01-23 16:24 82442 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-01-23 16:04 55024 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-01-23 16:24 55024 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-12-20 19:14 . 2011-01-23 16:04 29636 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4154602735-317559753-901735074-1000_UserData.bin
+ 2009-12-20 19:14 . 2011-01-23 16:24 29636 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-4154602735-317559753-901735074-1000_UserData.bin
- 2009-12-20 14:53 . 2011-01-21 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-20 14:53 . 2011-01-23 16:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-05 15:04 . 2011-01-23 16:39 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-05 15:04 . 2011-01-21 19:40 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-21 19:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-23 16:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-20 16:11 . 2011-01-23 16:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-20 16:11 . 2011-01-23 17:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-20 16:11 . 2011-01-23 16:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-12-20 16:11 . 2011-01-23 17:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-23 16:01 . 2011-01-23 16:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-01-23 17:37 . 2011-01-23 17:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-23 16:01 . 2011-01-23 16:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-23 17:37 . 2011-01-23 17:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2011-01-23 01:22 402396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-01-23 17:37 402396 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2011-01-23 16:36 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-01-23 00:42 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-01-13 34088]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2009-08-12 352256]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe" [2009-08-12 6203296]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2009-08-10 248688]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-07-14 42368]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
R3 ENTECH64;ENTECH64;c:\windows\system32\DRIVERS\ENTECH64.sys [2008-09-17 12744]
R3 hidusbf;USB Mouse Rate Adjuster Lower Filter by SweetLow;c:\windows\system32\DRIVERS\hidusbf.sys [2006-11-09 7040]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 222208]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-08-17 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-08-03 137560]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1255736]
R4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-05-11 124368]
R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2009-09-03 251760]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-12-21 834544]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2009-07-24 482384]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-29 203264]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-22 215040]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2010-03-31 450048]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF21975.cfxxe" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-28 7982112]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe" [BU]
"00TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.com/
uLocal Page = c:\windows\SYSTEM32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {B15D64A5-DCE2-47E7-81BC-1B0F3ABBF2BB} = 213.180.32.2,213.180.33.225
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-4154602735-317559753-901735074-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D88B2C64-B12F-8690-6132-451BF5CC1CD8}*]
@Allowed: (Read) (RestrictedCode)
"jadnecnfkgmnjnoladko"=hex:62,61,70,6f,00,33
"jadnecnfkgmnjnoladgo"=hex:62,61,67,6f,00,33
"iadmamkpeihddibjhg"=hex:6b,61,6f,6f,70,6b,6b,6a,6b,63,69,6d,6c,68,61,65,6c,70,
64,68,62,69,00,00

[HKEY_USERS\S-1-5-21-4154602735-317559753-901735074-1000\Software\SecuROM\License information*]
"datasecu"=hex:b4,4f,dd,0b,43,46,9f,3f,6c,b0,61,88,eb,e3,1d,8e,fd,fe,03,2b,7d,
43,55,89,4f,e2,87,3f,16,57,0c,58,90,c3,73,40,77,8b,bb,5d,20,2a,b9,c9,9a,e0,\
"rkeysecu"=hex:f1,76,b4,09,94,41,7b,7c,1e,39,19,54,bf,19,6a,cc

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_10_2_161_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG12.00.00.01PROFESSIONAL"="01DF18302C1134048DD3A716B9B14EA06426B7B4BF8F94964E5E08D0DAA0C36AB5F01A48E46EE107D43558F550145D6DB761AAA9CBBC7CEF8716BC2040BF9677B1FE29201343A065D605F097C5F68BF70885B84B57D36FC85BA6E02101FA8752C7346C6C40960192D98B325329D0152B341E5FBE945D76A65B7ED2E0968B8DB9DC7C3B4247718524B9D6906A5A9D29172AF9510D89648DB22ECAA0504A2D908E6C88239CD8E0A4D5E43A3601905C6CEE6EACF52312F827BA0B038EC5BD20F1D8845063D9FB76FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D9DB7CE019D40AA5CBA7FD869164D6794B7CF4EAA46FBBB29B5C1BB8E4A6CE00E59E4F7EA76B9C9B0FA87A8279BE2099554942564E6AE79BAC366141F033404BFD597DFE08D873A9C21F374F558E140637370514805ED019D5137E830E3133A2DBA3F536E295B564552784C2472E50FF03F8904E29CE6E9AAF294404EE3BE037EAC13CEC2DE169FC5DEC5419EBC189C6954280286DBAC21BDB2FDB3C9B0512CE1C16E5FD0F8FA6C3C8AAE7698BC03E27C44B8264327326538101B71B8ABCA5C890550A84DF3B0E44B0D2A260AAD1AB2DD134CDB7597D2CAFEFBB53D73E60C8B2BF55B64338243091B93569A2E7EB0AC463A98A6B675CA39F95C3A6B97AC5C077F0656DABF8921A8D43D713503D0FDC86F27759967423C6B150B3C6706F9666FC41EAC6D76229E6A279D606ACBFB9ED11939DF5F2CB1AC73C35771AF647D36B8BC996C0E9B99F348453D2A42128993E609C779B4ED2B04B2770333D51C1DC1AC2D46C9C43BF2BA906698F9D79EB9C179841B076B57C99162AB42FE0059F0DC67DFE61A2CA2E272E2C31F23DD01FC71D058EFF1E859DC850EDA41F7E80D4643DAA133D874E35280B61C3695168C7B4D0854F645A4A7E8F594069CE25F6E1C92CA445626DF56DFA9D534346B5AD78E680ECC5534AD3BA45CABB2E62AC4F3284D4F1EEEC2C6125C1CDDCFE4DF173F45B4A597A411A4507B155969A65C105D52D956098F9793F64DE3403C89D2CAE1628C6590F1573FE58C62F936552A4B2AB703A161C0ADC626ECF7C246D5490C225BAA3798BC2247402D693DAAE169141F28F6C20A7CB5718628AD80C071698127DCB05C137C3397E763B427D92C161D46A9C72668B1023D41A0BFE4837880E75C4323646797EF252AEAAF105E0C4B2D6D726D86E5C308E3C52CCFB368FBFC10F0A2E938016E5FF11534AC22D2CBCC1EA4F040746F0AE435C5D3DF81CDFEF4DD5840D091CF4E3098FEE1E1DDD9A780DDC1C50055F74E5615B6D4D73817F89DC84918098047FE33C5FECAE69716536E70DC43CD62F4503FF8D32182172AD7555F3E572766DE385C3C707C3BF633F3C6"
"OODEFRAG14.00.00.01PROFESSIONAL"="0F4D02330B013A488595D04CDB53A9A45B919ED87EF3717BC70568A84F829CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794BA7FD869164D6794656865088A56E9C2DF2EC65BFE3F5F6B8B89B90FDCC6AFEDB3D47A1104F3579D8B0587D245C9F140F4CCAD2FD273AE349B59E5CE048611235B13FE23DECC8A41F8F61CF201A8DC252CFB8172497CCCA5F50B306F5E30A9CD4A05D18B773A2160885777870640E068C324A21A1EC8105DDB79A6603CF28DD6E596CFD1524A0B4AE24263D0AD23ED62CA326AC11F0B02DFE302CF340142810B6AB6CBA289D26BB689591FB666252154A699A227AEB7DE93F68823A5A6550299645A094F4AEA99BCCF41DBC1B3DFD05D114F8BAF470A19C452F20B8EB7A7BB1839F8C0CCD46F225CDDA1BF9FA9310407954CD6DFF081D622882CE86E5577917E1E8C20337E01C3742FA664A3F3397A39950FABE4CDDCF03F00A3116BB3C81A299D954940B182F14C92045943D05D2144C499258B0F26759471CA4BCB9BE12158979850D4EA9B540DAD6A1F9791469ED92DEE53C67C25A47BEB18D2FBE8CEA3B1BD9DBEF4BBBBC643F6162D5F9EE1CB90AB9C38AEF0E7F4B4CE07588B0BDD54BB982E8FCBC88E58DFB941EBFBEF61B2E0702DCA7DDD41116452967F2E07A29AE380DBB6A3CC8CCC3A972D3A7394B9162C80B47713C348D38F00C8E0BC75F390FAA5B818ED13EA9A8A049E696FAF24E9B3B3469BF03B55D0243324883382EE05B30BDD0C417E26706EC45FC03F761D571EB7FC8A3FEF084D6FA0B375AF6EEE792986E660540400A9E777B979D233E6B8F48D778C47A041C1A64D061D770C1A25D544725606AB7B5DDA0B804240C506A0A60AD55BF99F28DCE0912EE6F2C55772194125A1561560D0914407BBC31EC3D306D53DA5E856267F979CC12FAC96D0013AD1256C696FBB0039B9A6FC3844AC4AC96D59904BBE6A40ACEFDB44D51076A1DF1C20538901DC1B64583B112251922F8C21D5317BE7666762619C6CC055FA5B171BC368A223D88586DEA6F226F30B64CB16E69279F55072DF99A35EE61E55E84F9C45AF46C207D5FAE14C180D6F6E7EEAC5BE34679EA21431989A47E339C039DD455BA1A8E00459FCC896E3C6985AC5AE7C990A8CAF9A30C52EA946F504BC6EFA0A42AB23932F0EB04EEFB2645A30B6C3D9B4F9D3863B61700102EE83740DDF42B63A30B2832FA719844AD09BB31401375552DFCC964AF5690BD4CA1392379636E98582F7ED688E20CD9A80C6B46F0B7B35360AA8E7526E4B1AD7D4517908D1B8956CECB8A389DD14E15977638670EC66972ABBBE95A000154E487C0DDB0E8393823A2B5C0C0364A5CC016193618771B3EC7D2B0BCD48942C1F"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\BinarySense\hldasvc.exe
c:\program files (x86)\Common Files\BinarySense\hldasvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
c:\program files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
.
**************************************************************************
.
Celkový čas: 2011-01-23 18:41:39 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-23 17:41
ComboFix2.txt 2011-01-23 16:15
ComboFix3.txt 2011-01-14 10:43

Před spuštěním: Volných bajtů: 218 482 450 432
Po spuštění: Volných bajtů: 218 164 301 824

- - End Of File - - EEC694D034C73A4874FD2BD551443644

[quinter]

a nový log z HJT
_______________


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:44:37, on 23.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Users\Tony\Desktop\Programy\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\Tony\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOSHIBA Online Product Information] C:\Program Files (x86)\TOSHIBA\Toshiba Online Product Information\topi.exe (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - D:\Programy\QIP\QIP\qip.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{B15D64A5-DCE2-47E7-81BC-1B0F3ABBF2BB}: NameServer = 213.180.32.2,213.180.33.225
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Gadget Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7640 bytes

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Jak vypadá Start systému a jiné problémy nejsou?

[quinter]

S Pc nejsou žádné problémy, a ten start zůstal stejný, hold to bude asi tím opotřebováním systému jak psala bledulka