Corel 8 na XP

[jirkamm]

Dobrý den.
Občas se mi stane, že mi zamrzne corel (nejčastěji při otevírání okna exportu, kde se vybírá kam to uložit.
Mohl bych poprosit jestli by se mi na to někdo nepodíval co by se s tím dalo udělat? A případně pomohl vyčistit od balastu.
Děkuji moc.

Zde je log.

Logfile of random's system information tool 1.09 (written by random/random)
Run by jirka at 2013-10-07 23:00:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 371 GB (78%) free of 477 GB
Total RAM: 2047 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:00:41, on 7.10.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\hw\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\zabezpeceni\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\zabezpeceni\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Zabezpeceni\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\Mx-3 B-Cup Service.exe
C:\Program Files\zabezpeceni\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\hry\Need for Speed Undercover\PB\PnkBstrA.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\zabezpeceni\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
C:\Program Files\Hw\Browser Mouse\1.0\lwbwheel.exe
C:\PROGRA~1\hw\G-09 Gamepad\JoyUpDrv.EXE
C:\PROGRA~1\hw\Multimedia Hotkey Program\MMKBD.exe
C:\WINDOWS\system32\outinst.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\zabezpeceni\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ASUS\Probe\AsusProb.exe
C:\Program Files\Hw\Monitor Calibration Wizard\MCW.exe
C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\internet\365dní\365dniNET.exe
C:\Program Files\Hw\ATITool\ATITool.exe
C:\Program Files\programy\Samurize\Client.exe
C:\Program Files\programy\Samurize\Client.exe
C:\Program Files\programy\Samurize\Client.exe
C:\Program Files\programy\Samurize\Client.exe
C:\Program Files\programy\Samurize\InstanceManager.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\programy\Rainlendar\Rainlendar.exe
C:\Program Files\zabezpeceni\SpamPal\spampal.exe
C:\Program Files\manazery\totalcmd\TOTALCMD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet\Maxthon3\Bin\Maxthon.exe
C:\Program Files\internet\Maxthon3\Bin\Maxthon.exe
C:\Program Files\internet\Maxthon3\Bin\Maxthon.exe
C:\Program Files\internet\Maxthon3\Bin\Maxthon.exe
C:\Program Files\internet\Maxthon3\Bin\Maxthon.exe
C:\Program Files\internet\Maxthon3\Bin\Maxthon.exe
C:\Documents and Settings\jirka\Plocha\RSIT.exe
C:\Program Files\trend micro\jirka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RemoteControl] C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Hw\Browser Mouse\1.0\lwbwheel.exe
O4 - HKLM\..\Run: [Game Device] C:\PROGRA~1\hw\G-09 Gamepad\JoyUpDrv.EXE
O4 - HKLM\..\Run: [Multimedir KBD] C:\PROGRA~1\hw\Multimedia Hotkey Program\MMKBD.exe
O4 - HKLM\..\Run: [OutlookFriend] outinst.exe
O4 - HKLM\..\Run: [PtiuPbmd] Rundll32.exe ptipbm.dll,SetWriteBack
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\zabezpeceni\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [MCW Startup] "C:\Program Files\Hw\Monitor Calibration Wizard\MCW.exe" /s /p
O4 - HKCU\..\Run: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN22835FBS05V3:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1
O4 - HKCU\..\Run: [365dni] C:\Program Files\internet\365dní\365dniNET.exe
O4 - Startup: Client počasí.lnk = C:\Program Files\programy\Samurize\Client.exe
O4 - Startup: Client procesy.lnk = C:\Program Files\programy\Samurize\Client.exe
O4 - Startup: Client svátek.lnk = C:\Program Files\programy\Samurize\Client.exe
O4 - Startup: Client základ.lnk = C:\Program Files\programy\Samurize\Client.exe
O4 - Startup: Instance Manager.lnk = C:\Program Files\programy\Samurize\InstanceManager.exe
O4 - Startup: Outlook Express.lnk = C:\Program Files\Outlook Express\msimn.exe
O4 - Startup: Rainlendar.lnk = C:\Program Files\programy\Rainlendar\Rainlendar.exe
O4 - Startup: SpamPal.lnk = C:\Program Files\zabezpeceni\SpamPal\spampal.exe
O4 - Startup: Total Commander 32.lnk = C:\Program Files\manazery\totalcmd\TOTALCMD.EXE
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: ATITool.lnk = C:\Program Files\Hw\ATITool\ATITool.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\hw\BlueSoleil\BTNtService.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\zabezpeceni\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\zabezpeceni\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\zabezpeceni\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Zabezpeceni\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Zabezpeceni\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MX-3 B-Cup XP (Mx-3 B-Cup Service) - n.v.t. MX-3 - C:\WINDOWS\system32\Mx-3 B-Cup Service.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\hry\Need for Speed Undercover\PB\PnkBstrA.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 10201 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\ASUS\ASUS Remote\RemoteControlAppl.exe [2006-02-14 69632]
"LWBMOUSE"=C:\Program Files\Hw\Browser Mouse\1.0\lwbwheel.exe [2001-03-26 429568]
"Game Device"=C:\PROGRA~1\hw\G-09 Gamepad\JoyUpDrv.EXE [2003-03-27 77889]
"Multimedir KBD"=C:\PROGRA~1\hw\Multimedia Hotkey Program\MMKBD.exe [1999-09-06 270336]
"OutlookFriend"=C:\WINDOWS\system32\outinst.exe [2005-02-25 29184]
"PtiuPbmd"=ptipbm.dll,SetWriteBack []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-02-26 65024]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-08-01 61440]
"egui"=C:\Program Files\zabezpeceni\ESET NOD32 Antivirus\egui.exe [2009-11-16 2054360]
"ASUS Probe"=C:\Program Files\ASUS\Probe\AsusProb.exe [2002-12-06 617984]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MCW Startup"=C:\Program Files\Hw\Monitor Calibration Wizard\MCW.exe [2002-12-20 321024]
"HP Photosmart 5510 series (NET)"=C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2012-10-17 1837672]
"365dni"=C:\Program Files\internet\365dní\365dniNET.exe [2008-11-03 749568]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
APC UPS Status.lnk - C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe
ATITool.lnk - C:\Program Files\Hw\ATITool\ATITool.exe

C:\Documents and Settings\jirka\Nabídka Start\Programy\Po spuštění
Client počasí.lnk - C:\Program Files\programy\Samurize\Client.exe
Client procesy.lnk - C:\Program Files\programy\Samurize\Client.exe
Client svátek.lnk - C:\Program Files\programy\Samurize\Client.exe
Client základ.lnk - C:\Program Files\programy\Samurize\Client.exe
Instance Manager.lnk - C:\Program Files\programy\Samurize\InstanceManager.exe
Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe
Rainlendar.lnk - C:\Program Files\programy\Rainlendar\Rainlendar.exe
SpamPal.lnk - C:\Program Files\zabezpeceni\SpamPal\spampal.exe
Total Commander 32.lnk - C:\Program Files\manazery\totalcmd\TOTALCMD.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-08-21 143360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoSMMyDocs"=1
"NoFavoritesMenu"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoRecycleFiles"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Hw\BlueSoleil\BlueSoleil.exe"="C:\Program Files\Hw\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMapp.exe"="C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMapp.exe:*:Enabled:ArchVision Content Manager"
"C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMftp.exe"="C:\Program Files\ArchVision\ArchVision Content Manager\rpcACMftp.exe:*:Enabled:ArchVision Download Processor"
"C:\Program Files\internet\Opera\opera.exe"="C:\Program Files\internet\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Autodesk\Backburner\monitor.exe"="C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor"
"C:\Program Files\Autodesk\Backburner\manager.exe"="C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager"
"C:\Program Files\Autodesk\Backburner\server.exe"="C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server"
"C:\Program Files\Pracovni\3ds Max 2010\3dsmax.exe"="C:\Program Files\Pracovni\3ds Max 2010\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2010 32-bit"
"C:\Program Files\Pracovni\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe"="C:\Program Files\Pracovni\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max 2010 32-bit"
"C:\Program Files\Pracovni\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe"="C:\Program Files\Pracovni\3ds Max 2010\mentalray\satellite\raysat_3dsmax2010_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max 2010 32-bit"
"C:\Program Files\zabezpeceni\Kerio\Personal Firewall 4\kpf4gui.exe"="C:\Program Files\zabezpeceni\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\Program Files\manazery\totalcmd\TOTALCMD.EXE"="C:\Program Files\manazery\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\programy\Proteus 7 Professional\BIN\ISIS.EXE"="C:\Program Files\programy\Proteus 7 Professional\BIN\ISIS.EXE:*:Enabled:ISIS Schematic Capture"
"C:\download\Terminal.exe"="C:\download\Terminal.exe:*:Enabled:Terminal"
"C:\Documents and Settings\jirka\Plocha\Terminal.exe"="C:\Documents and Settings\jirka\Plocha\Terminal.exe:*:Enabled:Terminal"
"C:\Program Files\programy\DATAQ\HardwareManager.exe"="C:\Program Files\programy\DATAQ\HardwareManager.exe:*:Enabled:HardwareManager"
"C:\Program Files\DATAQ\HardwareManager.exe"="C:\Program Files\DATAQ\HardwareManager.exe:*:Enabled:HardwareManager"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\internet\Opera\pluginwrapper\opera_plugin_wrapper.exe"="C:\Program Files\internet\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Hw\SAMSUNG PC Share Manager\WiselinkPro.exe"="C:\Program Files\Hw\SAMSUNG PC Share Manager\WiselinkPro.exe:*:Enabled:AllShare"
"C:\Program Files\Hw\SAMSUNG PC Share Manager\http_ss_win_pro.exe"="C:\Program Files\Hw\SAMSUNG PC Share Manager\http_ss_win_pro.exe:*:Enabled:PCSM_http_ss_win_pro"
"C:\Program Files\Common Files\soft602\langserv.exe"="C:\Program Files\Common Files\soft602\langserv.exe:*:Enabled:Software602 Spell Checker"
"C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe"="C:\Program Files\HP\HP Photosmart 5510 series\Bin\DeviceSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP (HP Photosmart 5510 series)"
"C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe"="C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe:LocalSubNet:Enabled:Síťový komunikační program HP (HP Photosmart 5510 series)"
"C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicatorCom.exe"="C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicatorCom.exe:LocalSubNet:Enabled:Síťový komunikační program HP COM (HP Photosmart 5510 series)"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server"
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe"="C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Disabled:Sentinel Keys Server"
"C:\Program Files\Internet\Maxthon3\bin\Maxthon.exe"="C:\Program Files\Internet\Maxthon3\bin\Maxthon.exe:*:Enabled:Maxthon"
"C:\Program Files\Internet\Maxthon3\bin\MxUp.exe"="C:\Program Files\Internet\Maxthon3\bin\MxUp.exe:*:Enabled:MxUp"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=i420vfw.dll
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"vidc.yv12"=yv12vfw.dll
"VIDC.FFDS"=ff_vfw.dll
"wave"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"midi"=wdmaud.drv
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"vidc.GEOS"=C:\WINDOWS\system32\v8300\GEO-MPEG4\2011.11.19.19.56\GeoCodecD.dll
"vidc.GEOV"=C:\WINDOWS\system32\v8300\GEO-MPEG4\2011.11.19.19.56\GeoCodec.dll
"vidc.GEOX"=C:\WINDOWS\system32\v8300\GEO-MPEG4\2011.11.19.19.56\GeoCodec.dll
"vidc.DIVX"=DivX.dll

======File associations======

.scr - open -
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2013-10-07 23:00:19 ----D---- C:\rsit
2013-10-03 22:41:33 ----AH---- C:\WINDOWS\system32\mlfcache.dat
2013-10-03 22:18:07 ----D---- C:\Documents and Settings\jirka\Data aplikací\VariCAD-Viewer.cz
2013-09-12 07:24:32 ----A---- C:\WINDOWS\imsins.BAK

======List of files/folders modified in the last 1 month======

2013-10-07 23:00:25 ----D---- C:\Program Files\trend micro
2013-10-07 23:00:22 ----D---- C:\WINDOWS\Temp
2013-10-07 23:00:07 ----D---- C:\WINDOWS\Prefetch
2013-10-07 22:55:51 ----AC---- C:\WINDOWS\win.ini
2013-10-07 22:54:06 ----D---- C:\Documents and Settings\jirka\Data aplikací\365dni
2013-10-07 22:52:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-10-07 22:38:02 ----D---- C:\temp
2013-10-07 22:36:39 ----D---- C:\WINDOWS
2013-10-07 22:36:10 ----D---- C:\a
2013-10-07 22:35:16 ----D---- C:\download
2013-10-07 19:57:12 ----A---- C:\vraylog.txt
2013-10-06 23:41:38 ----A---- C:\WINDOWS\WTRAN32.INI
2013-10-05 07:14:06 ----D---- C:\WINDOWS\system32\config
2013-10-03 23:59:11 ----D---- C:\ digigraf
2013-10-03 22:41:33 ----D---- C:\WINDOWS\system32
2013-10-03 22:17:46 ----D---- C:\Program Files\Pracovni
2013-09-26 09:05:46 ----D---- C:\Program Files\programy
2013-09-26 09:05:35 ----D---- C:\Program Files
2013-09-25 15:41:26 ----D---- C:\WINDOWS\system32\drivers
2013-09-25 12:41:53 ----RD---- C:\WINDOWS\Offline Web Pages
2013-09-24 07:13:10 ----D---- C:\WINDOWS\system32\CatRoot2
2013-09-20 18:48:18 ----AC---- C:\WINDOWS\TPDATAQ.INI
2013-09-20 18:48:18 ----AC---- C:\WINDOWS\DI710.INI
2013-09-20 14:28:18 ----AC---- C:\WINDOWS\system32\FlashPlayerApp.exe
2013-09-20 14:08:17 ----AC---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2013-09-12 07:25:15 ----HD---- C:\WINDOWS\inf
2013-09-12 07:25:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-09-12 07:25:13 ----D---- C:\Program Files\Internet Explorer
2013-09-12 07:25:07 ----D---- C:\WINDOWS\ie8updates
2013-09-12 07:24:08 ----D---- C:\WINDOWS\system32\MRT
2013-09-12 07:20:45 ----D---- C:\WINDOWS\Debug
2013-09-12 07:20:37 ----AC---- C:\WINDOWS\system32\MRT.exe
2013-09-11 18:46:21 ----SHD---- C:\WINDOWS\Installer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 40183525;40183525; C:\WINDOWS\system32\DRIVERS\40183525.sys [2012-08-28 133208]
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2005-05-01 28271]
R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-14 46464]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 UlSata;UlSata; C:\WINDOWS\system32\DRIVERS\ulsata.sys [2003-09-25 56320]
R0 vax347b;vax347b; C:\WINDOWS\system32\DRIVERS\vax347b.sys [2005-07-08 159616]
R0 vax347s;vax347s; C:\WINDOWS\System32\Drivers\vax347s.sys [2004-04-30 5248]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2003-07-02 27904]
R0 viasraid;viasraid; C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 77312]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 aslm75;aslm75; \??\C:\WINDOWS\system32\drivers\aslm75.sys []
R1 ATITool;ATITool Overclocking Utility; C:\WINDOWS\system32\DRIVERS\ATITool.sys [2005-09-26 24064]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-11-16 96408]
R1 fwdrv;Firewall Driver; C:\WINDOWS\system32\drivers\fwdrv.sys [2005-06-21 270336]
R1 Haspnt;HaspNT; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R1 khips;Kerio HIPS Driver; C:\WINDOWS\system32\drivers\khips.sys [2005-05-30 53248]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2006-01-10 31846]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 IOPort;IOPort; \??\C:\WINDOWS\system32\DRIVERS\IOPORT.SYS []
R2 multikey;Virtual USB MultiKey; C:\WINDOWS\system32\DRIVERS\multikey.sys [2013-06-27 40960]
R2 Sentinel;Sentinel; C:\WINDOWS\System32\Drivers\SENTINEL.SYS [2008-07-11 92712]
R3 3xHybrid;3xHybrid service; C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-11 2829696]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-03-19 613244]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-08-21 3299840]
R3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\WINDOWS\system32\DRIVERS\BlueletSCOAudio.sys [2005-08-31 20480]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-07-30 11988]
R3 DigitalJoystickEnabler;Digtial Game Device Driver; C:\WINDOWS\system32\drivers\g2kgame.sys [2003-08-21 14414]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-18 5888]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2011-02-13 27632]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2006-02-28 84836]
R3 WinDriver6;WinDriver6; C:\WINDOWS\system32\drivers\windrvr6.sys [2010-08-31 195968]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-01-19 189568]
S3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2006-06-23 31488]
S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2006-01-19 10068]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2006-07-16 23040]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 CrystalCpuInfo;CrystalCpuInfo; C:\WINDOWS\system32\drivers\CrystalCpuInfo.sys []
S3 FlyPCI;FlyPCI; \??\C:\WINDOWS\system32\drivers\FlyPCI.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 FTDIBUS;DI148-U; C:\WINDOWS\system32\drivers\ftdibus.sys [2004-04-20 24209]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2011-03-18 73096]
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2011-02-13 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2011-02-13 25512]
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2008-03-23 17480]
S3 HidBatt;Ovladač baterie zdroje UPS standardu HID; C:\WINDOWS\system32\DRIVERS\HidBatt.sys [2008-04-14 20352]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2001-08-27 4693]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RivaTuner32;RivaTuner32; \??\C:\Program Files\hw\RivaTuner v2.0 RC 15.8\RivaTuner32.sys []
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 SE27bus;Sony Ericsson Device 039 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE27bus.sys [2006-04-28 61600]
S3 SE27mdfl;Sony Ericsson Device 039 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE27mdfl.sys [2006-04-28 9360]
S3 SE27mdm;Sony Ericsson Device 039 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE27mdm.sys [2006-04-28 97184]
S3 SE27mgmt;Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE27mgmt.sys [2006-04-28 88688]
S3 se27nd5;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS); C:\WINDOWS\system32\DRIVERS\se27nd5.sys [2006-04-28 18704]
S3 SE27obex;Sony Ericsson Device 039 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\SE27obex.sys [2006-04-28 86560]
S3 se27unic;Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM); C:\WINDOWS\system32\DRIVERS\se27unic.sys [2006-04-28 90800]
S3 SECBULK;FriendlyARM USB Download Driver; C:\WINDOWS\System32\Drivers\SECBULK.sys [2008-12-08 16640]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SNTNLUSB;SafeNet USB SuperPro/UltraPro/HardwareKey; C:\WINDOWS\system32\DRIVERS\SNTNLUSB.SYS [2008-07-11 37088]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2013-02-12 12928]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 vncdrv;vncdrv; C:\WINDOWS\system32\DRIVERS\vncdrv.sys [2004-06-26 4736]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 APC UPS Service;APC UPS Service; C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe [2005-12-12 176193]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-08-21 573440]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\hw\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2006-09-22 69632]
R2 ekrn;ESET Service; C:\Program Files\zabezpeceni\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 KPF4;Kerio Personal Firewall 4; C:\Program Files\zabezpeceni\Kerio\Personal Firewall 4\kpf4ss.exe [2005-07-15 1630208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2011-06-20 73728]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Zabezpeceni\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 Mx-3 B-Cup Service;MX-3 B-Cup XP; C:\WINDOWS\system32\Mx-3 B-Cup Service.exe [2008-03-22 124928]
R2 PnkBstrA;PunkBuster; C:\Program Files\hry\Need for Speed Undercover\PB\PnkBstrA.exe [2008-10-22 63040]
R2 SentinelKeysServer;Sentinel Keys Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2008-07-11 328992]
R2 SentinelProtectionServer;Sentinel Protection Server; C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [2008-07-11 226592]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S1 StarWindService;StarWind iSCSI Service; C:\Program Files\CdRW\Alcohol\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-08-20 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 MBAMService;MBAMService; C:\Program Files\Zabezpeceni\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-20 257416]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\zabezpeceni\ESET NOD32 Antivirus\EHttpSrv.exe [2009-11-16 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-11-05 1044816]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2013-02-16 79360]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-06-14 74656]
S3 WinRM;Windows Remote Management (WS-Management); C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-04-18 754856]
S4 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\zabezpeceni\Ad-Aware\aawservice.exe []
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]

-----------------EOF-----------------

[Roli]

Zdravím, nejdříve se zeptám, je nutné aby běželi všechny ty svátky, kalendáře, počasí, ......?

Ono totiž všechno tohle ubírá kapacitu paměti důležitou pro chod Corelu který je celkem náročný.

[jirkamm]

Dobrý den.
Díky moc za reakci.
Byl bych rád kdyby běželi i dál. Používám to. Součet všech Clientů od Samurize a kalendáře v paměti je cca 15MB s nízkou prioritou pro cpu.
Používám Corel Draw 8 s jednoduchými vektory (pro frézovaní).
Když v corelu otevřu (pro mě složitější) soubor o velikosti 560kB tak v paměti zabírá 31,5MB. Když všechny tyto objekty nakopíruji 10x tak je v paměti corel na 62MB. RAM mám 2GB.

Myslíte, že i v tomto případě by to mohl být problém?

Děkuji moc
Jirka

[Roli]

Koukneme se tedy ještě hluběji zda se nám tam neskrývá nějaká breberka.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[jirkamm]

Ahoj.
Snad jsem to udělal dobře.
Snažil jsem se úřihlásit jako admin ale bez úspěchu. Asi špatné heslo.
U svého účtu mám nastavené admin práva. Bude to takto stačit?

Díky moc jirka

ComboFix 13-10-09.01 - jirka 09.10.2013 19:57:48.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1095 [GMT 2:00]
Spuštěný z: c:\documents and settings\jirka\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *Disabled* {A990EAA7-8941-4621-BC27-4F16261D3180}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\system\BCBSMP35.BPL
c:\windows\system\VCL35.BPL
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-09 do 2013-10-09 )))))))))))))))))))))))))))))))
.
.
2013-10-09 17:54 . 2013-10-09 17:54 -------- d--h--w- c:\documents and settings\jirka\Okolní tiskárny
2013-10-07 21:00 . 2013-10-07 21:00 -------- d-----w- C:\rsit
2013-10-03 20:18 . 2013-10-03 20:18 -------- d-----w- c:\documents and settings\jirka\Data aplikací\VariCAD-Viewer.cz
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 17:08 . 2012-04-03 05:24 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 17:08 . 2011-09-21 10:18 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 17:08 . 2013-03-12 20:08 17226632 -c--a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-09-23 18:25 . 2004-08-18 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:25 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:25 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:25 . 2004-08-18 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-29 07:01 . 2004-08-18 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2004-08-18 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2004-08-18 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2011-02-13 15:26 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2004-08-18 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2004-08-18 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 19:47 1543680 ----a-w- c:\windows\system32\wmvdecod.dll
2013-07-18 23:18 . 2013-07-18 23:18 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-17 00:58 . 2008-03-22 08:20 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2006-05-03 10:06 163328 -csha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 -csha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 -csha-r- c:\windows\system32\nbDX.dll
2010-01-06 22:00 107520 -csha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCW Startup"="c:\program files\Hw\Monitor Calibration Wizard\MCW.exe" [2002-12-20 321024]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"365dni"="c:\program files\internet\365dní\365dniNET.exe" [2008-11-03 749568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2006-02-14 69632]
"LWBMOUSE"="c:\program files\Hw\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 429568]
"Game Device"="c:\progra~1\hw\G-09 Gamepad\JoyUpDrv.EXE" [2003-03-27 77889]
"Multimedir KBD"="c:\progra~1\hw\Multimedia Hotkey Program\MMKBD.exe" [1999-09-06 270336]
"OutlookFriend"="outinst.exe" [2005-02-25 29184]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 24576]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"egui"="c:\program files\zabezpeceni\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\documents and settings\jirka\Nabídka Start\Programy\Po spuštění\
Client počasí.lnk - c:\program files\programy\Samurize\Client.exe i="počasí" [2007-4-7 2010624]
Client procesy.lnk - c:\program files\programy\Samurize\Client.exe i="procesy" [2007-4-7 2010624]
Client svátek.lnk - c:\program files\programy\Samurize\Client.exe i="svátek" [2007-4-7 2010624]
Client základ.lnk - c:\program files\programy\Samurize\Client.exe i="základ" [2007-4-7 2010624]
Instance Manager.lnk - c:\program files\programy\Samurize\InstanceManager.exe [2007-4-7 1659392]
Outlook Express.lnk - c:\program files\Outlook Express\msimn.exe [2008-3-22 60416]
Rainlendar.lnk - c:\program files\programy\Rainlendar\Rainlendar.exe [2005-10-23 118784]
SpamPal.lnk - c:\program files\zabezpeceni\SpamPal\spampal.exe [2005-10-24 387616]
Total Commander 32.lnk - c:\program files\manazery\totalcmd\TOTALCMD.EXE [2008-3-22 851664]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2012-1-13 221247]
ATITool.lnk - c:\program files\Hw\ATITool\ATITool.exe -s [2005-11-29 2428416]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hw\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ArchVision\\ArchVision Content Manager\\rpcACMapp.exe"=
"c:\\Program Files\\ArchVision\\ArchVision Content Manager\\rpcACMftp.exe"=
"c:\\Program Files\\internet\\Opera\\opera.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Pracovni\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Pracovni\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Pracovni\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\zabezpeceni\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\manazery\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\programy\\Proteus 7 Professional\\BIN\\ISIS.EXE"=
"c:\\download\\Terminal.exe"=
"c:\\Program Files\\programy\\DATAQ\\HardwareManager.exe"=
"c:\\Program Files\\DATAQ\\HardwareManager.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Internet\\Maxthon3\\bin\\Maxthon.exe"=
"c:\\Program Files\\Internet\\Maxthon3\\bin\\MxUp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 40183525;40183525;c:\windows\system32\drivers\40183525.sys [28.8.2012 11:38 133208]
R0 vax347b;vax347b;c:\windows\system32\drivers\vax347b.sys [4.4.2008 23:32 159616]
R0 vax347s;vax347s;c:\windows\system32\drivers\vax347s.sys [4.4.2008 23:32 5248]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [22.3.2008 9:56 77312]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 10:03 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 10:06 96408]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [21.6.2005 11:51 270336]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [30.5.2005 10:32 53248]
R2 ekrn;ESET Service;c:\program files\zabezpeceni\ESET NOD32 Antivirus\ekrn.exe [16.11.2009 10:04 735960]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [24.2.2011 0:32 6144]
R2 multikey;Virtual USB MultiKey;c:\windows\system32\drivers\multikey.sys [27.6.2013 0:05 40960]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [11.7.2008 1:02 328992]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [22.3.2008 4:02 2829696]
R3 DigitalJoystickEnabler;Digtial Game Device Driver;c:\windows\system32\drivers\G2KGAME.SYS [22.3.2008 19:20 14414]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16.2.2012 10:09 22856]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [13.2.2011 17:19 27632]
S2 MBAMService;MBAMService;c:\program files\zabezpeceni\Malwarebytes' Anti-Malware\mbamservice.exe [16.2.2012 10:09 701512]
S2 Mx-3 B-Cup Service;MX-3 B-Cup XP;c:\windows\system32\Mx-3 B-Cup Service.exe [22.3.2008 21:21 124928]
S3 CrystalCpuInfo;CrystalCpuInfo; [x]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [24.3.2008 14:50 4134]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [14.12.2011 22:08 36608]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [13.2.2011 17:18 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [17.12.2011 2:34 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [17.12.2011 2:34 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [17.12.2011 2:34 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [17.12.2011 2:34 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [17.12.2011 2:34 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [17.12.2011 2:34 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [17.12.2011 2:34 115752]
S3 SECBULK;FriendlyARM USB Download Driver;c:\windows\system32\drivers\SECBULK.sys [13.2.2012 0:43 16640]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 14:05 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 17:08]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 10.0.0.1
DPF: Microsoft XML Parser for Java
.
.
------- Asociace souborů -------
.
.scr=MicroStation Resource
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-09 20:07
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\docume~1\jirka\LOCALS~1\Temp\catchme.dll 53248 bytes executable
.
sken byl úspešně dokončen
skryté soubory: 1
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{471C32C3-F87A-1E07-999F-4806B8AAA7B2}\InProcServer32*]
"dalccmgi"=hex:69,62,70,61,68,6e,6c,6b,64,66,6c,69,62,61,6d,6b,6f,61,6d,66,70,
6c,6f,70,6c,6a,66,63,6e,66,69,6e,66,6b,6b,63,6b,62,69,6c,67,6e,64,63,67,62,\
"falchckkcoga"=hex:63,61,69,70,6b,6e,00,00
"halcacdjdibkaojg"=hex:6b,62,6d,61,69,6e,6e,70,6a,67,65,6c,62,69,69,6d,69,6b,
66,61,6f,62,70,70,6e,61,61,63,70,6e,62,6b,62,65,66,6a,63,66,6a,6e,6f,63,65,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2013-10-09 20:10:55
ComboFix-quarantined-files.txt 2013-10-09 18:10
.
Před spuštěním: Volných bajtů: 387 483 561 984
Po spuštění: Volných bajtů: 387 756 523 520
.
- - End Of File - - 4E2D7466443382E22F1BE3836C874D39
413FC2A0C716421B3158746D63736515

[Roli]

Ahoj.
Bude to takto stačit?

Ahoj, je to v pořádku.

Ještě mám dotaz, proč máš starou neaktualizovanou verzi NODu ?


Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

Registry:: 
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[jirkamm]

Ahoj.
NOD jsem nechal aktualizovat automaticky. Evidentně se aktualizuje jen databáze.
Je to normální placená verze tak jsem si myslel, že se bude aktualizovat vše.
Bohužel.

zde je výpis.
restat proběhl ok.

Děkuji moc jirka

ComboFix 13-10-09.01 - jirka 10.10.2013 10:16:49.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.800 [GMT 2:00]
Spuštěný z: c:\documents and settings\jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\jirka\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Kerio Personal Firewall *Disabled* {A990EAA7-8941-4621-BC27-4F16261D3180}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-10 do 2013-10-10 )))))))))))))))))))))))))))))))
.
.
2013-10-09 17:54 . 2013-10-09 17:54 -------- d--h--w- c:\documents and settings\jirka\Okolní tiskárny
2013-10-07 21:00 . 2013-10-07 21:00 -------- d-----w- C:\rsit
2013-10-03 20:18 . 2013-10-03 20:18 -------- d-----w- c:\documents and settings\jirka\Data aplikací\VariCAD-Viewer.cz
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 06:08 . 2012-04-03 05:24 692616 -c--a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-10 06:08 . 2011-09-21 10:18 71048 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-10 06:08 . 2013-03-12 20:08 17813896 -c--a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-09-23 18:25 . 2004-08-18 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 18:25 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-09-23 18:25 . 2004-08-18 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-09-23 18:25 . 2004-08-18 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2013-09-23 18:06 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-08-29 07:01 . 2004-08-18 12:00 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-09 01:56 . 2004-08-18 12:00 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2004-08-18 12:00 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2011-02-13 15:26 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2004-08-18 12:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2004-08-18 12:00 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 19:47 1543680 ----a-w- c:\windows\system32\wmvdecod.dll
2013-07-18 23:18 . 2013-07-18 23:18 102608 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-07-17 00:58 . 2008-03-22 08:20 123008 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2006-05-03 10:06 163328 -csha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 -csha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 -csha-r- c:\windows\system32\nbDX.dll
2010-01-06 22:00 107520 -csha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCW Startup"="c:\program files\Hw\Monitor Calibration Wizard\MCW.exe" [2002-12-20 321024]
"HP Photosmart 5510 series (NET)"="c:\program files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" [2012-10-17 1837672]
"365dni"="c:\program files\internet\365dní\365dniNET.exe" [2008-11-03 749568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2006-02-14 69632]
"LWBMOUSE"="c:\program files\Hw\Browser Mouse\1.0\lwbwheel.exe" [2001-03-26 429568]
"Game Device"="c:\progra~1\hw\G-09 Gamepad\JoyUpDrv.EXE" [2003-03-27 77889]
"Multimedir KBD"="c:\progra~1\hw\Multimedia Hotkey Program\MMKBD.exe" [1999-09-06 270336]
"OutlookFriend"="outinst.exe" [2005-02-25 29184]
"PtiuPbmd"="ptipbm.dll" [2003-01-15 24576]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 65024]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"egui"="c:\program files\zabezpeceni\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\documents and settings\jirka\Nabídka Start\Programy\Po spuštění\
Client počasí.lnk - c:\program files\programy\Samurize\Client.exe i="počasí" [2007-4-7 2010624]
Client procesy.lnk - c:\program files\programy\Samurize\Client.exe i="procesy" [2007-4-7 2010624]
Client svátek.lnk - c:\program files\programy\Samurize\Client.exe i="svátek" [2007-4-7 2010624]
Client základ.lnk - c:\program files\programy\Samurize\Client.exe i="základ" [2007-4-7 2010624]
Instance Manager.lnk - c:\program files\programy\Samurize\InstanceManager.exe [2007-4-7 1659392]
Outlook Express.lnk - c:\program files\Outlook Express\msimn.exe [2008-3-22 60416]
Rainlendar.lnk - c:\program files\programy\Rainlendar\Rainlendar.exe [2005-10-23 118784]
SpamPal.lnk - c:\program files\zabezpeceni\SpamPal\spampal.exe [2005-10-24 387616]
Total Commander 32.lnk - c:\program files\manazery\totalcmd\TOTALCMD.EXE [2008-3-22 851664]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2012-1-13 221247]
ATITool.lnk - c:\program files\Hw\ATITool\ATITool.exe -s [2005-11-29 2428416]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hw\\BlueSoleil\\BlueSoleil.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ArchVision\\ArchVision Content Manager\\rpcACMapp.exe"=
"c:\\Program Files\\ArchVision\\ArchVision Content Manager\\rpcACMftp.exe"=
"c:\\Program Files\\internet\\Opera\\opera.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"c:\\Program Files\\Pracovni\\3ds Max 2010\\3dsmax.exe"=
"c:\\Program Files\\Pracovni\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32server.exe"=
"c:\\Program Files\\Pracovni\\3ds Max 2010\\mentalray\\satellite\\raysat_3dsmax2010_32.exe"=
"c:\\Program Files\\zabezpeceni\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\manazery\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\programy\\Proteus 7 Professional\\BIN\\ISIS.EXE"=
"c:\\download\\Terminal.exe"=
"c:\\Program Files\\programy\\DATAQ\\HardwareManager.exe"=
"c:\\Program Files\\DATAQ\\HardwareManager.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Internet\\Maxthon3\\bin\\Maxthon.exe"=
"c:\\Program Files\\Internet\\Maxthon3\\bin\\MxUp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
.
R0 40183525;40183525;c:\windows\system32\drivers\40183525.sys [28.8.2012 11:38 133208]
R0 vax347b;vax347b;c:\windows\system32\drivers\vax347b.sys [4.4.2008 23:32 159616]
R0 vax347s;vax347s;c:\windows\system32\drivers\vax347s.sys [4.4.2008 23:32 5248]
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [22.3.2008 9:56 77312]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [16.11.2009 10:03 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [16.11.2009 10:06 96408]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [21.6.2005 11:51 270336]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [30.5.2005 10:32 53248]
R2 ekrn;ESET Service;c:\program files\zabezpeceni\ESET NOD32 Antivirus\ekrn.exe [16.11.2009 10:04 735960]
R2 IOPort;IOPort;c:\windows\system32\drivers\IOPORT.SYS [24.2.2011 0:32 6144]
R2 multikey;Virtual USB MultiKey;c:\windows\system32\drivers\multikey.sys [27.6.2013 0:05 40960]
R2 Mx-3 B-Cup Service;MX-3 B-Cup XP;c:\windows\system32\Mx-3 B-Cup Service.exe [22.3.2008 21:21 124928]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [11.7.2008 1:02 328992]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [22.3.2008 4:02 2829696]
R3 DigitalJoystickEnabler;Digtial Game Device Driver;c:\windows\system32\drivers\G2KGAME.SYS [22.3.2008 19:20 14414]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16.2.2012 10:09 22856]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [13.2.2011 17:19 27632]
S2 MBAMService;MBAMService;c:\program files\zabezpeceni\Malwarebytes' Anti-Malware\mbamservice.exe [16.2.2012 10:09 701512]
S3 CrystalCpuInfo;CrystalCpuInfo; [x]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [24.3.2008 14:50 4134]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [14.12.2011 22:08 36608]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [13.2.2011 17:18 13224]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [17.12.2011 2:34 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [17.12.2011 2:34 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [17.12.2011 2:34 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [17.12.2011 2:34 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [17.12.2011 2:34 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [17.12.2011 2:34 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [17.12.2011 2:34 115752]
S3 SECBULK;FriendlyARM USB Download Driver;c:\windows\system32\drivers\SECBULK.sys [13.2.2012 0:43 16640]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-06-20 14:05 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 06:08]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
DPF: Microsoft XML Parser for Java
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-10-10 10:28
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{471C32C3-F87A-1E07-999F-4806B8AAA7B2}\InProcServer32*]
"dalccmgi"=hex:69,62,70,61,68,6e,6c,6b,64,66,6c,69,62,61,6d,6b,6f,61,6d,66,70,
6c,6f,70,6c,6a,66,63,6e,66,69,6e,66,6b,6b,63,6b,62,69,6c,67,6e,64,63,67,62,\
"falchckkcoga"=hex:63,61,69,70,6b,6e,00,00
"halcacdjdibkaojg"=hex:6b,62,6d,61,69,6e,6e,70,6a,67,65,6c,62,69,69,6d,69,6b,
66,61,6f,62,70,70,6e,61,61,63,70,6e,62,6b,62,65,66,6a,63,66,6a,6e,6f,63,65,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(872)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(12260)
c:\program files\zabezpeceni\ESET NOD32 Antivirus\eplgHooks.dll
c:\windows\system32\outlfrnd.dll
c:\program files\Hw\Browser Mouse\1.0\MOUSEDLL.DLL
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2013-10-10 10:31:37
ComboFix-quarantined-files.txt 2013-10-10 08:31
ComboFix2.txt 2013-10-09 18:10
.
Před spuštěním: Volných bajtů: 387 552 800 768
Po spuštění: Volných bajtů: 387 642 200 064
.
- - End Of File - - 8A02A8B677C73F54C4112EAD7B5BF500
413FC2A0C716421B3158746D63736515

[Roli]

Ahoj.
NOD jsem nechal aktualizovat automaticky. Evidentně se aktualizuje jen databáze.
Je to normální placená verze tak jsem si myslel, že se bude aktualizovat vše.
Bohužel.

Ahoj, tak ho aktualizuj ručně, protože je škoda mít starou verzi když si ho platíš.


Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files 
C:\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\tasks\At*.job /s

:reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"=-

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem chci zkopírovat obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

[jirkamm]

O co jde? Poradíš?
Po ruční instalaci nového NODu se mi vše v Keriu hlásí jako "unknown". Při upozornění na odchozí nebo příchozí spojení tam není "kdo" a "odkud". Takže povoluji "cosi" lépe řečeno "cokoli" aby odesílalo a přijímalo data z netu. Včetně těch, které nechci aby na mě práskali, že je mám.
Když to pravidlem zakážu tak se nedostanu v prohlížeči na net, nefunguje mi pošta atd.

Při instalaci NODu se to nedokončilo. Vadilo mu, že "c:\Documents and Settings\All Users\Data aplikací\ESET\ESET NOD32 Antivirus\Logs\virlog.dat" je s čímsi provázané. Tak jsem "virlog.dat" v nouzovém režimu smáznul. Pak instalace proběhla.
Nevím jestli je to tímto postupem.

Když v NODu vypnu HIPS tak je to asi ok.
Pravidlo Keria s "unknown" je odmazané a nic se mi zatím nehlásí.

Potřebuju mít zapnuté v NODu HIPS?

Díky moc za radu.
Jirka

[Roli]

O co jde? Poradíš?

Pokud budu vědět tak ano jen tu nejsem nonstop 24 hodin.

Potřebuju mít zapnuté v NODu HIPS?

Myslím že nemusí být zapnuté když máš ještě Kerio, protože je možné že se "hádají".

Ještě bych rád ten log z OTMoveIt.

[jirkamm]

Ahoj.
Zde je soubor 10122013_191705.log
Díky moc jirka

• All processes killed
  ========== PROCESSES ==========
  No active process named explorer.exe was found!
  ========== FILES ==========
  File/Folder C:\*.tmp not found.
  File/Folder C:\WINDOWS\System32\*.tmp not found.
  File/Folder C:\WINDOWS\*.tmp not found.
  File/Folder C:\WINDOWS\tasks\At*.job not found.
  ========== REGISTRY ==========
  Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice\ deleted successfully.
  Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice not found.
  ========== COMMANDS ==========
  
  [EMPTYTEMP]
  
  User: All Users
  
  User: Default User
  ->Temp folder emptied: 0 bytes
  ->Temporary Internet Files folder emptied: 0 bytes
  ->Flash cache emptied: 0 bytes
  
  User: jirka
  ->Temp folder emptied: 7612151 bytes
  ->Temporary Internet Files folder emptied: 3400540 bytes
  ->Java cache emptied: 64746 bytes
  ->Opera cache emptied: 43972 bytes
  ->Flash cache emptied: 17910 bytes
  
  User: LocalService
  ->Temp folder emptied: 0 bytes
  ->Temporary Internet Files folder emptied: 32902 bytes
  
  User: NetworkService
  ->Temp folder emptied: 0 bytes
  ->Temporary Internet Files folder emptied: 32902 bytes
  
  %systemdrive% .tmp files removed: 0 bytes
  %systemroot% .tmp files removed: 0 bytes
  %systemroot%\System32 .tmp files removed: 0 bytes
  %systemroot%\System32\dllcache .tmp files removed: 0 bytes
  %systemroot%\System32\drivers .tmp files removed: 0 bytes
  Windows Temp folder emptied: 8424471 bytes
  %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
  %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
  RecycleBin emptied: 0 bytes
  
  Total Files Cleaned = 19,00 mb
  
  
  OTM by OldTimer - Version 3.1.21.0 log created on 10122013_191705
  
  Files moved on Reboot...
  File C:\WINDOWS\temp\usgthrsvc\Perflib_Perfdata_b54.dat not found!
  File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.
  
  Registry entries deleted on Reboot...

[Roli]

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.


Pak dej vědět jaký je stav PC.

[jirkamm]

Ahoj.
Chtělo to restart.
Jinak se tváří ok. Uvidíme jak se bude chovat corel.
V případě potřeby bych se ozval.
Díky moc.
jirka

[Roli]

Ahoj.
Jinak se tváří ok. Uvidíme jak se bude chovat corel.
V případě potřeby bych se ozval.

Ahoj,
tak mu dej nějaký den a pak písni jak to vypadá abych to tu zamknul když už nebude problém.

Díky moc.
jirka

Zatím není zač

[jirkamm]

ok.