PC-HELP.CZ

Caute,
chtel bych poprosit o kontrolu logu. Jedna se o pracovni notebook, ktery komunikuje s ruznymi druhy systemu a nejsem si jist co tam muze byt. Dnes jsem aktualizoval Acrobat a nastroj na kontrolu kruhovitosti s nazvem RENISHAW BALLBAR. Po updatu acrobatu se notebook silene zpomalil, porad hlasi nedostatek virtualni pameti. Diky

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:54:23, on 17.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\National Instruments\Shared\License Manager\Bin\nilm.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Renishaw Calibration\dx10server.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://web.volny.cz
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/e-center-p
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: dx10server.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Prevést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Prevést cíl vazby do existujícího PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Prevést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Pridat do stávajícího PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://web.volny.cz
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 2498913716
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2498862052
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB669C04-0EE7-4076-BBCB-319AD5E17AC8}: NameServer = 212.158.128.2,212.158.102.103
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1596422-946D-45FA-A455-9EB68E76AE08}: NameServer = 195.250.128.34
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: NILM License manager - GLOBEtrotter Software Inc. - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OKI OPHH DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHHLDCS.EXE
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9032 bytes

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

Provedl jsem vsechny akce, zde je log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4111

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

18.5.2010 7:42:28
mbam-log-2010-05-18 (07-42-28).txt

Typ skenu: Rychlý sken
Skenované objekty: 129206
Uplynulý čas: 15 minuta(y), 23 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\jepinit_dlls (Spyware.Agent.H) -> No action taken.

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\aston.mt (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\winsrc.dll (Trojan.BHO) -> No action taken.

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4111

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

18.5.2010 9:14:51
mbam-log-2010-05-18 (09-14-51).txt

Typ skenu: Rychlý sken
Skenované objekty: 129201
Uplynulý čas: 14 minuta(y), 20 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\jepinit_dlls (Spyware.Agent.H) -> Quarantined and deleted successfully.

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\WINDOWS\system32\aston.mt (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsrc.dll (Trojan.BHO) -> Quarantined and deleted successfully.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ComboFix 10-05-16.02 - dilana_difak 18.05.2010 9:51.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.246.5 [GMT 2:00]
Spuštěný z: c:\documents and settings\dilana_difak\Plocha\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\drive\drive.exe
c:\windows\system32\winsrc.dll.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-18 do 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-18 07:39 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-18 07:39 . 2010-05-18 07:39 -------- d-----w- c:\windows\LastGood
2010-05-18 05:23 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 05:23 . 2010-05-18 05:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 05:23 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-17 12:08 . 2010-05-17 12:08 -------- d-----w- c:\program files\Trend Micro
2010-05-17 10:58 . 2010-05-17 10:58 -------- d-----w- c:\windows\system32\XPSViewer
2010-05-17 10:58 . 2010-05-17 10:58 -------- d-----w- c:\program files\MSBuild
2010-05-17 10:57 . 2010-05-17 10:57 -------- d-----w- c:\program files\Reference Assemblies
2010-05-17 10:57 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-05-17 10:55 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-05-17 10:55 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-05-17 10:55 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-05-17 10:55 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-05-17 10:55 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-05-17 10:55 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-05-17 10:55 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-05-17 10:55 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-05-17 10:48 . 2010-05-17 10:48 -------- d-----w- c:\program files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 08:08 . 2004-05-07 05:27 -------- d-----w- c:\program files\Drive
2010-05-17 11:38 . 2004-01-28 12:31 -------- d-----w- c:\program files\Renishaw Ballbar 5
2010-05-17 11:00 . 2002-10-07 11:34 81364 ----a-w- c:\windows\system32\perfc005.dat
2010-05-17 11:00 . 2002-10-07 11:34 437206 ----a-w- c:\windows\system32\perfh005.dat
2010-05-17 08:49 . 2003-12-23 16:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-26 07:14 . 2004-05-27 05:24 -------- d-----w- c:\program files\DOConCD
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-06-11 28672]
"AtiPTA"="atiptaxx.exe" [2002-06-11 286720]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-02-26 180316]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 36864]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]
"QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-01-30 106496]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-14 634880]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"CARPService"="carpserv.exe" [2003-03-12 4608]
"S7UB Start"="c:\program files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2002-11-18 110645]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2004-11-20 778240]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-04-12 425984]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-28 98304]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
dx10server.exe.lnk - c:\program files\Renishaw Calibration\dx10server.exe [2006-11-6 208896]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2003-12-23 102400]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv7.exe"=

R2 dpmconv;dpmconv;c:\windows\system32\drivers\dpmconv.sys [9.2.2004 18:09 267776]
R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [9.2.2004 18:09 30192]
R2 s7odpx2x;SIMATIC MPI/PROFIBUS DPX2 Driver;c:\windows\system32\drivers\s7odpx2x.sys [23.12.2004 10:24 67127]
R2 s7opcmcx;s7opcmcx;c:\windows\system32\drivers\s7opcmcx.sys [23.12.2004 10:24 191543]
R2 s7osmcax;s7osmcax;c:\windows\system32\drivers\s7osmcax.sys [23.12.2004 10:24 175159]
R2 vsnl2ada;SIMATIC MPI/PROFIBUS FDL Transport Driver;c:\windows\system32\drivers\vsnl2ada.sys [9.2.2004 18:09 75776]
R3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [24.4.2003 14:55 291328]
R3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [24.4.2003 14:55 244608]
R3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\drivers\DP83815.sys [24.4.2003 23:52 16512]
S2 pardrv;pardrv; [x]
S2 Renishaw DX10 Server;Renishaw DX10 Server;c:\program files\Renishaw Calibration\DX10Server.exe [6.11.2006 10:06 208896]
S2 Renishaw PC10 Enabler;Renishaw PC10 Enabler;c:\windows\system32\drivers\Pc10Vdd.Sys --> c:\windows\system32\drivers\Pc10Vdd.Sys [?]
S3 <NtDriverName>;<NtDriverName>;c:\windows\system32\Drivers\<NtDriverName>.sys --> c:\windows\system32\Drivers\<NtDriverName>.sys [?]
S3 ATICDSDr;ATICDSDr;\??\c:\docume~1\DILANA~1\LOCALS~1\Temp\ATICDSDr.sys --> c:\docume~1\DILANA~1\LOCALS~1\Temp\ATICDSDr.sys [?]
S3 c5511w2k;c5511w2k;c:\windows\system32\drivers\c5511w2k.sys [9.2.2004 18:07 8192]
S3 cglptnt;cglptnt;c:\wincmd\CGLPTNT.SYS [24.12.2003 10:49 7888]
S3 ctndrvd;CTNet NT Driver;c:\windows\system32\drivers\ctndrv2.sys [30.6.2006 14:12 6488]
S3 DX10;DX10 device driver;c:\windows\system32\drivers\DX10.sys [6.11.2006 10:10 22912]
S3 OKI OPHH DCS Loader;OKI OPHH DCS Loader;c:\windows\system32\spool\drivers\w32x86\3\OPHHLDCS.EXE [4.5.2009 9:16 24576]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [18.10.2002 2:34 30512]
S3 S7OUPC2X;SIMATIC PC Adapter USB Driver;c:\windows\system32\drivers\s7oupc2x.sys [16.2.2007 10:20 21536]
S3 WinPhlash;WinPhlash;c:\swsetup\sp27331\PhlashNT.sys [23.7.2003 22:28 21984]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Obsah adresáře 'Naplánované úlohy'

2004-07-07 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-07-07 13:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/info/e-center-p
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Prevést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Prevést cíl vazby do existujícího PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Prevést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridat do stávajícího PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {AB669C04-0EE7-4076-BBCB-319AD5E17AC8} = 212.158.128.2,212.158.102.103
TCP: {E1596422-946D-45FA-A455-9EB68E76AE08} = 195.250.128.34
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\dilana_difak\Data aplikací\Mozilla\Firefox\Profiles\t5nx6xv5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-windows auto update - msblast.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 10:10
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?8?3?7??????? ??3B?????????????T?B? ??????
windows auto update = msblast.exe?I just want to say LOVE YOU SAN!!?bill

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-05-18 10:16:22
ComboFix-quarantined-files.txt 2010-05-18 08:16

Před spuštěním: 3 981 815 808
Po spuštění: 3 971 743 744

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - CA092AB1C6C2EE9BD34F6BC44265115A

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
c:\windows\Tasks\Symantec NetDetect.job
c:\program files\Symantec\LiveUpdate\NDETECT.EXE

Folder::
c:\program files\Symantec

DirLook::
c:\program files\Drive

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Tyto adresy znáš:

TCP: = 212.158.128.2,212.158.102.103
TCP: = 195.250.128.34
?

ComboFix 10-05-16.02 - dilana_difak 18.05.2010 14:19:21.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.246.104 [GMT 2:00]
Spuštěný z: c:\documents and settings\dilana_difak\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\dilana_difak\Plocha\CFScript.txt

FILE ::
"c:\program files\Symantec\LiveUpdate\NDETECT.EXE"
"c:\windows\Tasks\Symantec NetDetect.job"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Symantec
c:\program files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\LSETUP.EXE
c:\program files\Symantec\LiveUpdate\LUALL.EXE
c:\program files\Symantec\LiveUpdate\LUALL.HLP
c:\program files\Symantec\LiveUpdate\LuComServer.EXE
c:\program files\Symantec\LiveUpdate\LuComServerPS.DLL
c:\program files\Symantec\LiveUpdate\ludirloc.dat
c:\program files\Symantec\LiveUpdate\LUINFO.INF
c:\program files\Symantec\LiveUpdate\LUInit.exe
c:\program files\Symantec\LiveUpdate\LUInit.ini
c:\program files\Symantec\LiveUpdate\LUINSDLL.DLL
c:\program files\Symantec\LiveUpdate\NDETECT.EXE
c:\program files\Symantec\LiveUpdate\NetDetectController.DLL
c:\program files\Symantec\LiveUpdate\ProductRegCom.DLL
c:\program files\Symantec\LiveUpdate\Readme.TXT
c:\program files\Symantec\LiveUpdate\S32LIVE1.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP1.CPL
c:\program files\Symantec\LiveUpdate\S32LUIS1.DLL
c:\program files\Symantec\LiveUpdate\S32LUWI1.DLL
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.exe
c:\windows\Tasks\Symantec NetDetect.job

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-18 do 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-18 07:39 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-18 05:23 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 05:23 . 2010-05-18 05:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 05:23 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-17 12:08 . 2010-05-17 12:08 -------- d-----w- c:\program files\Trend Micro
2010-05-17 10:58 . 2010-05-17 10:58 -------- d-----w- c:\windows\system32\XPSViewer
2010-05-17 10:58 . 2010-05-17 10:58 -------- d-----w- c:\program files\MSBuild
2010-05-17 10:57 . 2010-05-17 10:57 -------- d-----w- c:\program files\Reference Assemblies
2010-05-17 10:57 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-05-17 10:55 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-05-17 10:55 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-05-17 10:55 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-05-17 10:55 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-05-17 10:55 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-05-17 10:55 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-05-17 10:55 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-05-17 10:55 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2010-05-17 10:48 . 2010-05-17 10:48 -------- d-----w- c:\program files\MSXML 6.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 08:08 . 2004-05-07 05:27 -------- d-----w- c:\program files\Drive
2010-05-17 11:38 . 2004-01-28 12:31 -------- d-----w- c:\program files\Renishaw Ballbar 5
2010-05-17 11:00 . 2002-10-07 11:34 81364 ----a-w- c:\windows\system32\perfc005.dat
2010-05-17 11:00 . 2002-10-07 11:34 437206 ----a-w- c:\windows\system32\perfh005.dat
2010-05-17 08:49 . 2003-12-23 16:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-04-26 07:14 . 2004-05-27 05:24 -------- d-----w- c:\program files\DOConCD
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\Drive ----

2010-01-12 09:27 . 2010-01-12 09:27 65844 ----a-w- c:\program files\Drive\uninst.exe
2008-10-07 08:30 . 2008-10-07 08:30 409600 ----a-w- c:\program files\Drive\sprache.dll
2008-10-07 08:15 . 2008-10-07 08:15 11020 ----a-w- c:\program files\Drive\Support.chm
2008-10-07 08:00 . 2008-10-07 08:00 1310447 ----a-w- c:\program files\Drive\Kms.chm
2005-11-10 11:31 . 2005-04-19 12:33 25225 ----a-w- c:\program files\Drive\DriveGUI\mdb_022.csv
2005-11-10 11:31 . 2004-12-08 10:21 285 ----a-w- c:\program files\Drive\DriveGUI\mfamily.csv
2005-11-10 11:31 . 2005-04-28 15:15 295469 ----a-w- c:\program files\Drive\DriveGUI\DriveGUI_de.chm
2005-11-10 11:31 . 2005-04-28 14:12 316882 ----a-w- c:\program files\Drive\DriveGUI\DriveGUI.chm
2005-11-10 11:31 . 2005-04-07 09:46 774054 ----a-w- c:\program files\Drive\DriveGUI\DriveGUI.bmp
2005-11-10 11:31 . 2005-03-24 11:59 3723 ----a-w- c:\program files\Drive\DriveGUI\defaults_1.5A_1.5_400V.dat
2005-11-10 11:31 . 2005-03-24 11:59 3716 ----a-w- c:\program files\Drive\DriveGUI\defaults_6A_15A_230V.dat
2005-11-10 11:31 . 2005-03-24 11:59 3712 ----a-w- c:\program files\Drive\DriveGUI\defaults_6A_6A_400V.dat
2005-11-10 11:31 . 2005-03-24 11:59 3715 ----a-w- c:\program files\Drive\DriveGUI\defaults_3A_9A_230V.dat
2005-11-10 11:31 . 2005-03-24 11:59 3716 ----a-w- c:\program files\Drive\DriveGUI\defaults_6A_15A_115V.dat
2005-11-10 11:31 . 2005-03-24 11:59 3719 ----a-w- c:\program files\Drive\DriveGUI\defaults_3A_3A_480V.dat
2005-11-10 11:31 . 2005-03-24 11:59 3715 ----a-w- c:\program files\Drive\DriveGUI\defaults_3.5A_9A_115V.dat
2005-11-10 11:31 . 2005-03-24 11:59 3719 ----a-w- c:\program files\Drive\DriveGUI\defaults_3A_3A_400V.dat
2005-11-10 11:31 . 2005-03-24 11:59 3716 ----a-w- c:\program files\Drive\DriveGUI\defaults_10A_20A_230V.dat
2005-11-10 11:31 . 2005-03-24 11:59 3716 ----a-w- c:\program files\Drive\DriveGUI\defaults_10A_20A_115V.dat
2005-11-10 11:31 . 2005-03-24 11:59 3723 ----a-w- c:\program files\Drive\DriveGUI\defaults_1.5A_1.5_480V.dat
2005-11-10 11:31 . 2005-03-24 11:59 3712 ----a-w- c:\program files\Drive\DriveGUI\defaults_6A_6A_480V.dat
2005-11-10 11:31 . 2005-04-28 10:48 1073152 ----a-w- c:\program files\Drive\DriveGUI\DriveGUI.exe
2005-11-10 11:31 . 2005-04-28 15:31 286720 ----a-w- c:\program files\Drive\DriveGUI\lang_de.dll
2005-11-10 11:31 . 2005-01-20 11:23 45056 ----a-w- c:\program files\Drive\DriveGUI\DriveComm.dll
2004-06-22 09:20 . 2004-06-22 09:20 286720 ----a-w- c:\program files\Drive\graphicalmotiontasking.doc
2004-05-07 05:27 . 2001-08-21 14:34 2754 ----a-w- c:\program files\Drive\Glyphs\IconSimpleConstant.bmp
2004-05-07 05:27 . 2002-03-04 13:10 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtWaitForParameter.bmp
2004-05-07 05:27 . 2002-03-20 14:31 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtWaitIO.bmp
2004-05-07 05:27 . 2002-04-07 13:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtStopDisable.bmp
2004-05-07 05:27 . 2002-02-28 09:08 1154 ----a-w- c:\program files\Drive\Glyphs\IconMtStart.bmp
2004-05-07 05:27 . 2002-04-03 15:45 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtStop.bmp
2004-05-07 05:27 . 2002-03-06 13:36 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtSetParameter.bmp
2004-05-07 05:27 . 2002-03-07 14:12 7554 ----a-w- c:\program files\Drive\Glyphs\IconMtMotionLarge.bmp
2004-05-07 05:27 . 2002-02-01 10:29 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtLoop.bmp
2004-05-07 05:27 . 2002-02-01 10:25 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtMotion.bmp
2004-05-07 05:27 . 2002-05-28 14:48 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtFunction.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompNETHReverse.bmp
2004-05-07 05:27 . 2002-03-13 13:20 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtDelay.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompNET.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompNEHReverse.bmp
2004-05-07 05:27 . 2002-05-28 14:36 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompLTTHReverse.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompNE.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompLTT.bmp
2004-05-07 05:27 . 2002-05-28 14:08 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompLTTReverse.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompLTHReverse.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompLT.bmp
2004-05-07 05:27 . 2002-05-28 13:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompLETReverse.bmp
2004-05-07 05:27 . 2002-05-28 14:36 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompLETHReverse.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompLEHReverse.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompLET.bmp
2004-05-07 05:27 . 2002-05-28 13:46 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompGTTReverse.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompLE.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompGTT.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompGTHReverse.bmp
2004-05-07 05:27 . 2002-05-28 14:08 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompGETReverse.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompGT.bmp
2004-05-07 05:27 . 2002-05-28 14:36 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompGETHReverse.bmp
2004-05-07 05:27 . 2002-05-28 14:36 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompGTTHReverse.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompGEHReverse.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompGET.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompEQT.bmp
2004-05-07 05:27 . 2002-05-28 14:36 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompEQTHReverse.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompGE.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompEQ.bmp
2004-05-07 05:27 . 2002-05-28 14:35 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCompEQHReverse.bmp
2004-05-07 05:27 . 2002-03-21 12:14 2754 ----a-w- c:\program files\Drive\Glyphs\IconExtenderOutput.bmp
2004-05-07 05:27 . 2001-07-29 12:20 2754 ----a-w- c:\program files\Drive\Glyphs\IconLabel.bmp
2004-05-07 05:27 . 2002-03-21 12:12 2754 ----a-w- c:\program files\Drive\Glyphs\IconMtCntrInit.bmp
2004-05-07 05:27 . 2001-07-28 12:02 2754 ----a-w- c:\program files\Drive\Glyphs\IconAnchor.bmp
2004-05-07 05:27 . 2001-07-28 12:30 834 ----a-w- c:\program files\Drive\Glyphs\IconAnchorSmall.bmp
2004-05-07 05:27 . 2002-03-21 12:14 2754 ----a-w- c:\program files\Drive\Glyphs\IconExtender.bmp
2004-05-07 05:27 . 2000-01-23 23:01 2023424 ----a-w- c:\program files\Drive\vcl50.bpl
2004-05-07 05:27 . 2003-07-28 06:19 1518592 ----a-w- c:\program files\Drive\PrjS600GMTDLL.dll
2004-05-07 05:27 . 2000-01-30 23:00 1496064 ----a-w- c:\program files\Drive\cc3250mt.dll
2004-05-07 05:27 . 2000-01-30 23:00 25600 ----a-w- c:\program files\Drive\borlndmm.dll
2004-05-07 05:27 . 2002-12-06 07:45 242176 ----a-w- c:\program files\Drive\600graphicalmotiontasking 12-05-02.doc

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-06-11 28672]
"AtiPTA"="atiptaxx.exe" [2002-06-11 286720]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2003-02-26 180316]
"PreloadApp"="c:\hp\drivers\printers\photosmart\hphprld.exe" [2001-12-12 36864]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"Display Settings"="c:\program files\HPQ\Notebook Utilities\hptasks.exe" [2002-08-15 45056]
"QT4HPOT"="c:\program files\HPQ\One-Touch\OneTouch.EXE" [2003-01-30 106496]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-14 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-14 634880]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"CARPService"="carpserv.exe" [2003-03-12 4608]
"S7UB Start"="c:\program files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2002-11-18 110645]
"mouseElf"="c:\progra~1\KYE\GENIUS~1\mouseElf.exe" [2002-05-20 151552]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2004-11-20 778240]
"pdfFactory Pro Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-04-12 425984]
"NeroCheck"="c:\windows\System32\\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-28 98304]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-10-03 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-10-02 640376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
dx10server.exe.lnk - c:\program files\Renishaw Calibration\dx10server.exe [2006-11-6 208896]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2003-12-23 102400]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv7.exe"=

R2 pardrv;pardrv; [x]
R2 Renishaw DX10 Server;Renishaw DX10 Server;c:\program files\Renishaw Calibration\dx10server.exe [2005-07-29 208896]
R2 Renishaw PC10 Enabler;Renishaw PC10 Enabler;c:\windows\system32\drivers\Pc10Vdd.Sys [x]
R3 <NtDriverName>;<NtDriverName>;c:\windows\System32\Drivers\<NtDriverName>.sys [x]
R3 ATICDSDr;ATICDSDr;c:\docume~1\DILANA~1\LOCALS~1\Temp\ATICDSDr.sys [x]
R3 c5511w2k;c5511w2k;c:\windows\system32\DRIVERS\c5511w2k.sys [2000-04-05 8192]
R3 cglptnt;cglptnt;c:\wincmd\cglptnt.sys [2003-02-18 7888]
R3 ctndrvd;CTNet NT Driver;c:\windows\system32\drivers\ctndrv2.sys [2001-03-08 6488]
R3 DX10;DX10 device driver;c:\windows\system32\Drivers\DX10.sys [2004-05-28 22912]
R3 OKI OPHH DCS Loader;OKI OPHH DCS Loader;c:\windows\System32\spool\DRIVERS\W32X86\3\OPHHLDCS.EXE [2006-07-25 24576]
R3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\System32\drivers\s7oefs_x.sys [2002-10-18 30512]
R3 S7OUPC2X;SIMATIC PC Adapter USB Driver;c:\windows\system32\DRIVERS\s7oupc2x.sys [2005-01-14 21536]
R3 WinPhlash;WinPhlash;c:\swsetup\sp27331\PHLASHNT.SYS [2003-07-23 21984]
S2 dpmconv;dpmconv;c:\windows\System32\Drivers\dpmconv.sys [2002-11-29 267776]
S2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\DRIVERS\dpmtrcdd.sys [2002-09-30 30192]
S2 s7odpx2x;SIMATIC MPI/PROFIBUS DPX2 Driver;c:\windows\System32\Drivers\S7odpx2x.sys [2004-12-23 67127]
S2 s7opcmcx;s7opcmcx;c:\windows\System32\Drivers\s7opcmcx.sys [2004-12-23 191543]
S2 s7osmcax;s7osmcax;c:\windows\System32\Drivers\s7osmcax.sys [2004-12-23 175159]
S2 vsnl2ada;SIMATIC MPI/PROFIBUS FDL Transport Driver;c:\windows\System32\Drivers\vsnl2ada.sys [2002-09-30 75776]
S3 CALIAUD;Conexant AMC 3D ENVIRONMENTAL AUDIO;c:\windows\system32\drivers\caliaud.sys [2002-11-05 291328]
S3 CALIHALA;CALIHALA;c:\windows\system32\drivers\calihal.sys [2002-11-05 244608]
S3 DP83815;National Semiconductor Corp. DP83815/816 NDIS 5.0 Miniport Driver;c:\windows\system32\DRIVERS\DP83815.SYS [2002-08-29 16512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/info/e-center-p
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Prevést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Prevést cíl vazby do existujícího PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Prevést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridat do stávajícího PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
LSP: imon.dll
TCP: {AB669C04-0EE7-4076-BBCB-319AD5E17AC8} = 212.158.128.2,212.158.102.103
TCP: {E1596422-946D-45FA-A455-9EB68E76AE08} = 195.250.128.34
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\dilana_difak\Data aplikací\Mozilla\Firefox\Profiles\t5nx6xv5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 4

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

SafeBoot-Wdf01000.sys
AddRemove-LiveUpdate1.7 - c:\program files\Symantec\LiveUpdate\LSETUP.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 14:44
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?8?3?7??P???? ??3B?????????????T?B? ??????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(804)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\crypserv.exe
c:\windows\system32\HPConfig.exe
c:\program files\HPQ\Notebook Utilities\HPWirelessMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
c:\program files\Eset\nod32krn.exe
c:\program files\National Instruments\Shared\License Manager\Bin\nilm.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\carpserv.exe
c:\program files\Common Files\Siemens\Sqlany\dbsrv7.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Celkový čas: 2010-05-18 15:07:37 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-18 13:07
ComboFix2.txt 2010-05-18 08:16

Před spuštěním: 2 928 234 496
Po spuštění: 2 918 477 824

- - End Of File - - FA1E26CE470E10A7A162B1D0B3787942

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:11:16, on 20.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\National Instruments\Shared\License Manager\Bin\nilm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Renishaw Calibration\dx10server.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
C:\Program Files\Miranda IM\miranda32.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/e-center-p
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [mouseElf] C:\PROGRA~1\KYE\GENIUS~1\mouseElf.exe
O4 - HKLM\..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe /WAITSERVICE
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: dx10server.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://web.volny.cz
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 2498913716
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2498862052
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB669C04-0EE7-4076-BBCB-319AD5E17AC8}: NameServer = 212.158.128.2,212.158.102.103
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1596422-946D-45FA-A455-9EB68E76AE08}: NameServer = 195.250.128.34
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: NILM License manager - GLOBEtrotter Software Inc. - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe
O23 - Service: OKI OPHH DCS Loader - Oki Data Corporation - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\OPHHLDCS.EXE
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8207 bytes

Jinak ty adresy co jsi se ptal, tak TCP: = [b]212.158.128.2,212.158.102.103 mam nastaveny jako DNS servery u nas ve firme, ale
TCP: = 195.250.128.34 mi nic nerika.

Jinak uz jsem asi zjistil co mi netebook tak silene zpomalilo, je to C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe, tak se chci zeptat zda ho muzu v HJT fixnout. Ten notebook ma totiz jen 256 MB RAM a nechapu vyrobce jak tam mohli nasmazit Win XP Home.

oK.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/e-center-p
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Global Startup: dx10server.exe.lnk = ?
O14 - IERESET.INF: START_PAGE_URL=http://web.volny.cz
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 2498913716
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2498862052
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1596422-946D-45FA-A455-9EB68E76AE08}: NameServer = 195.250.128.34

Stáhni si na svojí plochu StartupLite .exe by MalwareBytes

Tento program identifikuje a dává volbu k odstranění nepotřebných položek k vyprázdnění paměti.
Poklepej na ikonu StartupLite.exe (by MalwareBytes ) ke spuštění programu. Ve vistě a windows 7 spusť jako správce (pravým klik na ikonu a vyber-spustit jako správce).Vytvoří se list nepotřebných vstupů po spuštění. Nech všechny položky jako deaktivované a klikni na Continue . Restartuj PC.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.

Vypada to dobre, notebook se zrychlil a uz tolik nestrankuje. Diky...

PC-HELP.CZ

kontrola

kontrola

Re: kontrola

Re: kontrola

Re: kontrola

Re: kontrola

Re: kontrola

Re: kontrola

Re: kontrola

Re: kontrola Vyřešeno