pomoc! zamrzá systém po startu pc

[jarda.otta]

Dobrý den.Prosím o radu a pomoc.Cca 2 měsíce jsem nevypínal pc.Ale včera jsem byl nucen ho vypnout a dnes sice naběhne systém,všechny ikony na plpše i programy v liště,Ale po jakémkoliv kliknutí na cokoliv systém zatuhne.Procesor na nule.Myš jde ale nejde nic aktivovat a ať kliknu na cokoliv,nic.Nejde ani tříprsťák ctrl alt del.Jedině můžu do nouzového režimu.Ten běží i se sítí.Chtěl jsem dát v nouzáku bod obnovení,ale napsalo mě to že nebyl vytvořen žádný bod obnovení.Teď vám to píšu z nouzového režimu.Mám Win Vista home,2gb ram,Eset smart security 4.Zkusil jsem v nouzáku combofix ale píše mě že je zaplá antivirová rezidentní ochrana.Ale ve správci souborů nic není.děkuji za pomoc

[Rudy]

Dejte log z RSIT: http://viry.cz/forum/viewtopic.php?f=24&t=81939 .

[jarda.otta]

vůbec mě nejde odnikud stáhnout,Ve správci stahování se to tváří jako stažené ale když dám otevřít umístnění souboru,tak ho nenajde.Ani když dám vyhledat rsit.Najde jen ty starší stažené.Tak snad nebude vadit když spustím ten starší z 9.12.

[jarda.otta]

ještě pro upozornění.Rsit proběhl v nouzovém režimu.Jinak se do pc nedostanu.

Logfile of random's system information tool 1.08 (written by random/random)
Run by jaris at 2010-12-09 19:05:31
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 9 GB (3%) free of 297 GB
Total RAM: 2047 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:06:07, on 9.12.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\PhotoFiltre Studio X\pfstudiox.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\IncrediMail\Bin\IncMail.exe
C:\Users\jaris\Desktop\RSIT.exe
C:\Program Files\trend micro\jaris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\VIDEOD~1\ArcURLRecord.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Catcher Class - {ADECBED6-0366-4377-A739-E69DFBA04663} - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O3 - Toolbar: RAW Thumbnail Viewer - {F301665A-12F8-4331-804A-5BCBD379668C} - (no file)
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Read EXIF - C:\Program Files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\Windows\system32\fsproflt.exe
O23 - Service: Google Update Service (gupdate1c9e9c6e1469ee0) (gupdate1c9e9c6e1469ee0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe
O23 - Service: NLS Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\system32\NLSSRV32.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11060 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AWC AutoSweep.job
C:\Windows\tasks\AWC Startup.job
C:\Windows\tasks\AWC Update.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\User_Feed_Synchronization-{F601E435-7F1B-4885-ADA7-F72CB8713B0C}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2009-02-04 752744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11222041-111B-46E3-BD29-EFB2449479B1}]
IEPlugin Class - C:\PROGRA~1\ArcSoft\VIDEOD~1\ArcURLRecord.dll [2009-11-24 158208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2010-03-03 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-09-11 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADECBED6-0366-4377-A739-E69DFBA04663}]
Catcher Class - C:\Program Files\Moyea\FLV Downloader\MoyeaCth.dll [2007-12-05 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
kikin Plugin - C:\Program Files\kikin\ie_kikin.dll [2010-08-16 799472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-09-11 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2010-03-03 798771]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll []
{F301665A-12F8-4331-804A-5BCBD379668C} -
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll [2009-10-15 211272]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-08-26 279944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-02-06 2021400]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-10-08 47904]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-07-29 497648]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2010-07-30 353736]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]
"WEBTRAN"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\365dni]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe [2010-10-06 204800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2010-10-08 47904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared files\brs.exe [2010-03-13 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
C:\Program Files\DAEMON Tools Pro\DTAgent.exe [2010-04-15 427328]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
C:\Program Files\Uniblue\DriverScanner\launcher.exe [2010-07-16 338296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
C:\Windows\ehome\ehTray.exe [2008-01-19 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2006-07-25 1043968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-09-24 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
C:\Program Files\TechSmith\Jing\Jing.exe [2010-08-19 3069192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KennyKerr.WindowClippings.HotKey]
C:\Users\jaris\Downloads\WindowClippings.exe /hotkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KennyKerr.WindowClippings.Icon]
C:\Users\jaris\Downloads\WindowClippings.exe /icon []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
C:\Program Files\Microsoft LifeCam\LifeExp.exe [2009-07-24 118640]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
C:\PROGRA~1\Magentic\bin\Magentic.exe /c []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe [2010-03-04 2192672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-07-02 671608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2009-11-25 54672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-05-14 1479680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2009-03-15 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-02 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seznam Postak]
C:\Program Files\Seznam.cz\postak.exe -s []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-09-18 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
C:\Windows\vVX3000.exe [2009-07-24 762208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Aktualizovat ESET licenci.lnk]
C:\PROGRA~1\ESET\MINODL~1\MINODL~1.EXE [2010-10-05 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bitmeter2.lnk]
C:\PROGRA~1\Codebox\BitMeter\BITMET~1.EXE [2008-10-11 1462272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update ESET's licence.lnk]
C:\PROGRA~1\ESET\MINODL~1\MINODL~1.EXE [2010-10-05 125952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^jaris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AutoLyrix.lnk]
C:\PROGRA~1\AUTOLY~1\AUTOLY~1.EXE [2010-06-21 503808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^jaris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MP3 Dancer.lnk]
[]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DfLogon]
LogonDll.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\fsproflt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=255
"NoDriveTypeAutoRun"=255
"HonorAutoRunSetting"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDriveAutoRun"=255
"NoDriveTypeAutoRun"=255
"HonorAutoRunSetting"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 months======

2010-12-09 13:09:26 ----SD---- C:\ComboFix
2010-12-09 08:40:17 ----A---- C:\Windows\ntbtlog.txt
2010-12-07 13:49:13 ----D---- C:\Windows\system32\ShellExt
2010-12-07 13:36:12 ----A---- C:\Windows\system32\fsproflt.exe
2010-12-07 13:36:10 ----A---- C:\Windows\system32\drivers\FSPFltd.sys
2010-12-07 13:36:09 ----D---- C:\Program Files\Hide Folders 2009
2010-12-06 14:44:21 ----D---- C:\Program Files\Photo Notifier and Animation Creator
2010-12-06 14:44:12 ----D---- C:\ProgramData\Photo Notifier and Animation Creator
2010-12-05 13:51:14 ----D---- C:\Users\jaris\AppData\Roaming\SolidDocuments
2010-12-05 13:47:36 ----A---- C:\Windows\system32\solidlocalui.dll
2010-12-05 13:47:36 ----A---- C:\Windows\system32\solidlocalmon.dll
2010-12-05 13:46:47 ----D---- C:\Program Files\SolidDocuments
2010-12-05 13:46:31 ----D---- C:\ProgramData\SolidDocuments
2010-12-05 10:57:34 ----A---- C:\Users\jaris\AppData\Roaming\langInstall.exe
2010-12-05 10:56:38 ----D---- C:\Users\jaris\AppData\Roaming\Iceni
2010-12-05 10:56:38 ----D---- C:\ProgramData\Iceni
2010-12-05 10:56:38 ----D---- C:\ProgramData\Aspell
2010-12-05 10:56:35 ----D---- C:\Users\jaris\AppData\Roaming\Aspell
2010-12-05 10:56:35 ----D---- C:\Program Files\Iceni
2010-12-05 09:14:30 ----D---- C:\Users\jaris\AppData\Roaming\Nitro PDF
2010-12-05 08:59:08 ----A---- C:\Windows\system32\nitrolocalui.dll
2010-12-05 08:59:08 ----A---- C:\Windows\system32\nitrolocalmon.dll
2010-12-05 08:58:43 ----D---- C:\ProgramData\Nitro PDF
2010-12-05 08:58:43 ----D---- C:\Program Files\Common Files\Nitro PDF
2010-12-05 08:58:41 ----D---- C:\Program Files\Nitro PDF
2010-12-03 12:10:55 ----D---- C:\Users\jaris\AppData\Roaming\Downloaded Installations
2010-12-02 08:10:37 ----D---- C:\Program Files\Microsoft Office Labs
2010-12-02 06:16:22 ----D---- C:\Program Files\Voxware Audio decoder
2010-11-22 08:53:50 ----A---- C:\Windows\system32\drivers\pccsmcfd.sys
2010-11-22 08:53:23 ----D---- C:\Program Files\PC Connectivity Solution
2010-11-20 23:05:16 ----D---- C:\Program Files\AAALOGO2010
2010-11-15 13:20:44 ----DC---- C:\ProgramData\{5E80195C-322F-4958-B480-817CAC450BC4}
2010-11-15 11:13:11 ----D---- C:\ProgramData\Digital Film Tools
2010-11-15 03:35:59 ----D---- C:\Users\jaris\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-11-15 03:05:28 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2010-11-15 01:26:16 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-11-14 15:24:13 ----D---- C:\Program Files\ImageSkill
2010-11-13 18:39:16 ----D---- C:\Program Files\Shape Collage
2010-11-12 16:28:10 ----D---- C:\Program Files\Reallusion
2010-11-11 15:25:35 ----D---- C:\Users\jaris\AppData\Roaming\kikin
2010-11-11 15:25:34 ----D---- C:\Program Files\kikin
2010-11-11 15:25:33 ----D---- C:\Program Files\JDownloader
2010-11-11 13:23:44 ----D---- C:\Windows\cs
2010-11-11 13:21:14 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2010-11-11 11:49:32 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-11-11 11:49:32 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-11-11 11:49:31 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-11-11 11:48:31 ----A---- C:\Windows\system32\d3dx9_32.dll

======List of files/folders modified in the last 1 months======

2010-12-09 19:05:33 ----D---- C:\Program Files\trend micro
2010-12-09 15:51:53 ----D---- C:\Windows\inf
2010-12-09 15:51:53 ----AD---- C:\Windows\System32
2010-12-09 15:51:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-12-09 14:10:18 ----D---- C:\Windows\Prefetch
2010-12-09 14:09:51 ----D---- C:\Windows\temp
2010-12-09 13:13:21 ----D---- C:\Windows\system32\drivers
2010-12-09 13:09:52 ----AD---- C:\Windows
2010-12-09 12:26:06 ----D---- C:\zálohy mail
2010-12-09 12:24:12 ----HD---- C:\Windows\PIF
2010-12-09 11:44:44 ----D---- C:\Program Files\IncredimailBackup
2010-12-09 09:12:05 ----D---- C:\Users\jaris\AppData\Roaming\Skype
2010-12-09 08:43:41 ----D---- C:\Windows\pss
2010-12-08 16:10:06 ----D---- C:\Windows\system32\catroot
2010-12-08 15:12:04 ----A---- C:\LOGFILE.TXT
2010-12-08 14:47:22 ----SHD---- C:\System Volume Information
2010-12-08 13:57:53 ----D---- C:\Users\jaris\AppData\Roaming\Adobe
2010-12-07 17:53:38 ----D---- C:\Users\jaris\AppData\Roaming\uTorrent
2010-12-07 13:36:09 ----RD---- C:\Program Files
2010-12-07 12:55:34 ----D---- C:\Windows\system32\drivers\UMDF
2010-12-06 16:26:16 ----SHD---- C:\Windows\Installer
2010-12-06 16:25:51 ----D---- C:\ProgramData\PhotoMail
2010-12-06 14:44:12 ----D---- C:\ProgramData
2010-12-06 09:49:08 ----D---- C:\Program Files\Common Files
2010-12-02 06:17:13 ----D---- C:\Program Files\The KMPlayer
2010-12-02 06:07:47 ----D---- C:\Program Files\Common Files\Adobe
2010-11-30 17:00:30 ----D---- C:\Program Files\rajce
2010-11-27 21:18:50 ----D---- C:\Users\jaris\AppData\Roaming\Vso
2010-11-24 12:01:01 ----D---- C:\Windows\winsxs
2010-11-24 12:01:00 ----D---- C:\Program Files\Internet Explorer
2010-11-23 07:05:22 ----D---- C:\Windows\system32\catroot2
2010-11-22 08:53:58 ----D---- C:\ProgramData\Installations
2010-11-22 08:53:50 ----DC---- C:\Windows\system32\DRVSTORE
2010-11-22 08:48:14 ----D---- C:\Program Files\Nokia
2010-11-22 08:47:05 ----D---- C:\ProgramData\Nokia
2010-11-22 08:16:24 ----D---- C:\ProgramData\PC Suite
2010-11-21 17:06:35 ----D---- C:\ProgramData\NCH Software
2010-11-16 02:00:02 ----D---- C:\ProgramData\Adobe
2010-11-15 15:30:10 ----D---- C:\ProgramData\Bitmeter2
2010-11-15 03:37:54 ----D---- C:\Program Files\Adobe
2010-11-15 03:06:17 ----D---- C:\Windows\system32\Tasks
2010-11-15 01:03:16 ----D---- C:\Program Files\Common Files\PX Storage Engine
2010-11-14 18:22:27 ----A---- C:\Windows\ODBCINST.INI
2010-11-14 17:16:38 ----RD---- C:\Program Files\Skype
2010-11-14 17:16:28 ----D---- C:\ProgramData\Skype
2010-11-14 17:06:54 ----D---- C:\Program Files\NCH Swift Sound
2010-11-14 17:06:29 ----D---- C:\Users\jaris\AppData\Roaming\NCH Software
2010-11-14 17:06:29 ----D---- C:\Program Files\NCH Software
2010-11-13 14:47:47 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-13 14:37:05 ----A---- C:\Windows\FFS20ChtReg.ini
2010-11-11 14:35:48 ----D---- C:\ProgramData\Microsoft Help
2010-11-11 14:34:05 ----D---- C:\Program Files\Windows Mail
2010-11-11 14:21:36 ----A---- C:\Windows\system32\mrt.exe
2010-11-11 13:38:00 ----D---- C:\Windows\Microsoft.NET
2010-11-11 13:35:38 ----RSD---- C:\Windows\assembly
2010-11-11 13:24:00 ----D---- C:\Program Files\Windows Live
2010-11-11 13:19:30 ----SD---- C:\ProgramData\Microsoft
2010-11-11 13:17:32 ----D---- C:\Program Files\Common Files\microsoft shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 FSProFilter;FSPro File Filter; C:\Windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2010-03-19 45648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2006-07-05 59256]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\Windows\System32\drivers\sfsync02.sys [2006-07-10 27032]
R1 InCDPass;InCDPass; C:\Windows\system32\drivers\InCDPass.sys [2006-07-25 31488]
R1 incdrm;InCD Reader; C:\Windows\system32\drivers\InCDRm.sys [2006-07-25 33792]
R3 Afc;PPdus ASPI Shell; C:\Windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 appliandMP;appliandMP; C:\Windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 MarvinBus;Pinnacle Marvin Bus; C:\Windows\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2010-03-04 261152]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-04-08 64000]
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys [2009-07-14 92672]
R4 InCDfs;InCD File System; C:\Windows\system32\drivers\InCDFs.sys [2006-07-25 102912]
S0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-10-10 697328]
S1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2009-03-15 56268]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/23 15:55:08]; \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 87536]
S2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-02-06 113448]
S2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-02-06 130952]
S2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE; C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536]
S3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2010-10-06 195120]
S3 appliand;Applian Network Service; C:\Windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2010-10-23 36616]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-04-11 22528]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-19 92160]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2009-04-11 507904]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2009-04-11 29696]
S3 catchme;catchme; \??\C:\Users\jaris\AppData\Local\Temp\catchme.sys []
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-19 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-19 16384]
S3 dot4usb;MS Dot4USB Filter Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-19 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632]
S3 FlyPCI;FlyPCI; \??\C:\Windows\system32\drivers\FlyPCI.sys [2003-10-10 4134]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-11 236544]
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2010-07-10 11008040]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-04-15 47360]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card; C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-05-28 14896]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-04-11 148992]
S3 rockusb;Driver for rockusb Device; C:\Windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2006-11-02 47104]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-19 35328]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-11 27648]
S3 VX3000;VX-3000; C:\Windows\system32\DRIVERS\VX3000.sys [2009-07-24 1961328]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2009-07-14 132224]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 fsproflt;FSPro Filter Service; C:\Windows\system32\fsproflt.exe [2009-12-04 139952]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9; C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
S2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
S2 gupdate1c9e9c6e1469ee0;Google Update Service (gupdate1c9e9c6e1469ee0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-10 133104]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 MSCamSvc;MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2009-07-24 139120]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [2010-10-20 196928]
S2 nlsX86cc;NLS Service; C:\Windows\system32\NLSSRV32.EXE [2010-10-20 67904]
S2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-07-09 129640]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-19 21504]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-24 820008]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-09-29 616448]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-05-26 651720]
S4 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2006-07-25 849408]
S4 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2006-10-09 724992]
S4 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
S4 uCamMonitor;CamMonitor; C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

[Rudy]

Něco tam bude. Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[jarda.otta]

zde combofix

ComboFix 08-10-14.01 - jaris 2010-12-10 11:54:18.5 - NTFSx86 NETWORK
Spuštěný z: C:\Users\jaris\Desktop\ComboFix.exe
.
- REŽIM S OMEZENOU FUNKČNOSTÍ -
.
ADS - Windows: deleted 128 bytes in 1 streams.

((((((((((((((((((((((((( Soubory vytvořené od 2010-11-10 do 2010-12-10 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 10:34 --------- d-----w C:\Users\jaris\AppData\Roaming\Skype
2010-12-09 18:05 --------- d-----w C:\Program Files\trend micro
2010-12-09 10:44 --------- d-----w C:\Program Files\IncredimailBackup
2010-12-09 08:10 88,665 ----a-w C:\Users\All Users\nvModes.dat
2010-12-09 08:10 88,665 ----a-w C:\PROGRA~2\nvModes.dat
2010-12-07 17:08 11,272,192 --sha-w C:\Users\Krečmerová\ntuser.dat
2010-12-07 17:08 11,272,192 --sha-w C:\Users\Krečmerová\ntuser.dat
2010-12-07 16:53 --------- d-----w C:\Users\jaris\AppData\Roaming\uTorrent
2010-12-07 12:37 --------- d-----w C:\Program Files\Hide Folders 2009
2010-12-06 15:25 --------- d-----w C:\PROGRA~2\PhotoMail
2010-12-06 13:44 --------- d-----w C:\Program Files\Photo Notifier and Animation Creator
2010-12-06 13:44 --------- d-----w C:\PROGRA~2\Photo Notifier and Animation Creator
2010-12-06 08:43 --------- d-----w C:\Users\jaris\AppData\Roaming\SolidDocuments
2010-12-05 12:46 --------- d-----w C:\Program Files\SolidDocuments
2010-12-05 12:46 --------- d-----w C:\PROGRA~2\SolidDocuments
2010-12-05 09:57 2,106,893 ----a-w C:\Users\jaris\AppData\Roaming\langInstall.exe
2010-12-05 09:57 --------- d-----w C:\Users\jaris\AppData\Roaming\Aspell
2010-12-05 09:56 --------- d-----w C:\Users\jaris\AppData\Roaming\Iceni
2010-12-05 09:56 --------- d-----w C:\Program Files\Iceni
2010-12-05 09:56 --------- d-----w C:\PROGRA~2\Iceni
2010-12-05 09:56 --------- d-----w C:\PROGRA~2\Aspell
2010-12-05 08:32 --------- d-----w C:\Users\jaris\AppData\Roaming\Nitro PDF
2010-12-05 07:58 --------- d-----w C:\Program Files\Nitro PDF
2010-12-05 07:58 --------- d-----w C:\Program Files\Common Files\Nitro PDF
2010-12-05 07:58 --------- d-----w C:\PROGRA~2\Nitro PDF
2010-12-05 07:54 --------- d-----w C:\Users\jaris\AppData\Roaming\Downloaded Installations
2010-12-02 07:10 --------- d-----w C:\Program Files\Microsoft Office Labs
2010-12-02 05:17 --------- d-----w C:\Program Files\The KMPlayer
2010-12-02 05:16 --------- d-----w C:\Program Files\Voxware Audio decoder
2010-12-02 05:07 --------- d-----w C:\Program Files\Common Files\Adobe
2010-11-30 16:00 --------- d-----w C:\Program Files\rajce
2010-11-27 20:18 --------- d-----w C:\Users\jaris\AppData\Roaming\Vso
2010-11-22 07:53 --------- d-----w C:\Program Files\PC Connectivity Solution
2010-11-22 07:53 --------- d-----w C:\PROGRA~2\Installations
2010-11-22 07:48 --------- d-----w C:\Program Files\Nokia
2010-11-22 07:47 --------- d-----w C:\PROGRA~2\Nokia
2010-11-22 07:16 --------- d-----w C:\PROGRA~2\PC Suite
2010-11-21 16:06 --------- d-----w C:\PROGRA~2\NCH Software
2010-11-20 22:05 --------- d-----w C:\Program Files\AAALOGO2010
2010-11-18 11:04 --------- d-----w C:\Program Files\JDownloader
2010-11-15 14:30 --------- d-----w C:\PROGRA~2\Bitmeter2
2010-11-15 12:20 --------- dc----w C:\PROGRA~2\{5E80195C-322F-4958-B480-817CAC450BC4}
2010-11-15 12:19 --------- d-----w C:\PROGRA~2\Digital Film Tools
2010-11-15 12:13 --------- d-----w C:\Program Files\ImageSkill
2010-11-15 10:05 --------- d-----w C:\PROGRA~2\regid.1986-12.com.adobe
2010-11-15 02:37 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2010-11-15 02:35 --------- d-----w C:\Users\jaris\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-11-15 00:03 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2010-11-14 16:16 --------- d-----w C:\PROGRA~2\Skype
2010-11-14 16:16 --------- d-----r C:\Program Files\Skype
2010-11-14 16:06 --------- d-----w C:\Users\jaris\AppData\Roaming\NCH Software
2010-11-14 16:06 --------- d-----w C:\Program Files\NCH Swift Sound
2010-11-14 16:06 --------- d-----w C:\Program Files\NCH Software
2010-11-13 17:39 --------- d-----w C:\Program Files\Shape Collage
2010-11-13 13:47 --------- d--h--w C:\Program Files\InstallShield Installation Information
2010-11-13 13:47 --------- d-----w C:\Program Files\Reallusion
2010-11-13 10:11 --------- d-----w C:\Users\jaris\AppData\Roaming\kikin
2010-11-13 10:08 --------- d-----w C:\Program Files\kikin
2010-11-11 13:35 --------- d-----w C:\PROGRA~2\Microsoft Help
2010-11-11 13:34 --------- d-----w C:\Program Files\Windows Mail
2010-11-11 12:24 --------- d-----w C:\Program Files\Windows Live
2010-11-11 12:21 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2010-11-07 11:11 --------- d-----w C:\Users\jaris\AppData\Roaming\Bitmeter2
2010-11-07 08:46 --------- d-----w C:\Program Files\CovertFront3_at
2010-11-05 16:06 --------- d-----w C:\Program Files\Codebox
2010-11-05 13:48 --------- d-----w C:\Program Files\AutoLyrix
2010-11-04 15:13 --------- d-----w C:\Program Files\TapinRadio
2010-11-04 07:59 --------- d-----w C:\Program Files\SWF to AVI
2010-10-30 09:28 --------- d-----w C:\Users\jaris\AppData\Roaming\Image Zone Express
2010-10-30 07:14 --------- d-----w C:\Program Files\iTunes
2010-10-30 07:12 --------- d-----w C:\Program Files\iPod
2010-10-30 07:12 --------- d-----w C:\Program Files\Common Files\Apple
2010-10-30 07:12 --------- d-----w C:\PROGRA~2\Apple Computer
2010-10-30 07:05 --------- d-----w C:\Program Files\Bonjour
2010-10-23 11:44 36,616 ----a-w C:\Windows\system32\drivers\btcusb.sys
2010-10-20 18:43 --------- d-----w C:\Users\jaris\AppData\Roaming\Moyea
2010-10-19 12:11 --------- d-----w C:\Users\jaris\AppData\Roaming\PC Suite
2010-10-19 12:07 --------- d-----w C:\Program Files\Common Files\PCSuite
2010-10-19 12:07 --------- d-----w C:\Program Files\Common Files\Nokia
2010-10-18 16:06 --------- d-----w C:\Program Files\ESET
2010-10-18 11:38 --------- d-----w C:\Users\jaris\AppData\Roaming\mojosoft
2010-10-18 11:38 --------- d-----w C:\Program Files\MOJOSOFT
2010-10-18 09:54 --------- d-----w C:\Program Files\Marias
2010-10-18 08:58 --------- d-----w C:\Program Files\MachrSoft
2010-10-18 08:10 --------- d-----w C:\Program Files\BitZipper
2010-10-18 08:03 --------- d-----w C:\Users\jaris\AppData\Roaming\BitZipper
2010-10-17 11:12 --------- d-----w C:\Users\jaris\AppData\Roaming\Zoner
2010-10-11 13:11 --------- d-----w C:\PROGRA~2\POP3Profiles
2010-10-11 13:01 --------- d-----w C:\Program Files\Ubisoft
2010-10-10 14:34 --------- d-----w C:\Users\jaris\AppData\Roaming\DAEMON Tools Pro
2010-10-10 14:06 697,328 ----a-w C:\Windows\system32\drivers\sptd.sys
2010-10-10 14:06 --------- d-----w C:\Program Files\DAEMON Tools Pro
2010-10-10 14:04 --------- d-----w C:\PROGRA~2\DAEMON Tools Pro
2010-09-25 13:42 17,920 ----a-w C:\Windows\WebFerretUninstall.exe
2010-09-22 23:32 301,936 ----a-w C:\Windows\WLXPGSS.SCR
2010-08-09 06:56 11,993 ----a-w C:\Users\jaris\nymphalid.zip
2009-10-17 14:42 47,360 ----a-w C:\Users\jaris\AppData\Roaming\pcouffin.sys
2009-06-03 20:15 476,752 ----a-w C:\Users\All Users\pswi_preloaded.exe
2009-06-03 20:15 476,752 ----a-w C:\PROGRA~2\pswi_preloaded.exe
2009-04-26 10:18 174 --sha-w C:\Program Files\desktop.ini
2009-05-01 21:02 1,044,480 ----a-w C:\Program Files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 200,704 ----a-w C:\Program Files\mozilla firefox\plugins\ssldivx.dll
2009-09-11 13:56 75,208 ----a-w C:\Program Files\mozilla firefox\plugins\xxxnpFoxitReaderPlugin.dll
2010-02-02 17:09 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2010-02-02 17:09 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2010-02-02 17:09 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2010-02-02 17:09 245,760 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 09:32 279944 --a------ C:\Program Files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-08-16 20:35 799472 --a------ C:\Program Files\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "C:\Program Files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files\IncrediMail\bin\IncMail.exe" [2010-07-30 353736]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"WEBTRAN"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"BindDirectlyToPropertySetStorage"= 0 (0x0)
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
"vidc.mjpg"= pvmjpg30.dll
"vidc.uldx"= C:\PROGRA~1\Corel\CORELV~1\DivX_UL.dll
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Aktualizovat ESET licenci.lnk]
backup=C:\Windows\pss\Aktualizovat ESET licenci.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bitmeter2.lnk]
backup=C:\Windows\pss\Bitmeter2.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update ESET's licence.lnk]
backup=C:\Windows\pss\Update ESET's licence.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^jaris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AutoLyrix.lnk]
backup=C:\Windows\pss\AutoLyrix.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^jaris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MP3 Dancer.lnk]
backup=C:\Windows\pss\MP3 Dancer.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\365dni
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2010-10-06 16:55 204800 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2010-10-08 16:04 47904 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
--a------ 2010-03-18 10:19 207360 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--------- 2010-03-13 11:58 75048 C:\Program Files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2010-04-15 09:17 427328 C:\Program Files\DAEMON Tools Pro\DTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
--a------ 2010-07-16 11:51 338296 C:\Program Files\Uniblue\DriverScanner\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-19 08:33 125952 C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2008-10-25 10:44 31072 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 20:52 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-07-25 15:55 1043968 C:\Program Files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2010-09-24 01:10 421160 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
--a------ 2010-08-19 15:23 3069192 C:\Program Files\TechSmith\Jing\Jing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KennyKerr.WindowClippings.HotKey]
C:\Users\jaris\Downloads\WindowClippings.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KennyKerr.WindowClippings.Icon]
C:\Users\jaris\Downloads\WindowClippings.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2009-07-24 14:05 118640 C:\Program Files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
C:\PROGRA~1\Magentic\bin\Magentic.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
--a------ 2010-04-29 14:39 437584 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
--a------ 2010-03-04 14:10 2192672 C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
--a------ 2010-07-02 11:20 671608 C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
--a------ 2009-11-25 20:42 54672 C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2010-05-14 09:32 1479680 C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2009-03-15 11:15 180224 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2010-09-08 10:17 421888 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
--------- 2010-02-02 23:08 87336 C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2009-04-11 07:28 1233920 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2010-10-11 16:49 14940040 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2009-03-05 15:07 2260480 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2010-05-14 10:44 248552 C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2009-09-18 08:58 198160 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
--a------ 2009-07-24 14:05 762208 C:\Windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 08:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a0,d6,55,00,7c,fa,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1898359F-5DE4-4526-B22D-27215C463BA9}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{30FCCEB0-C0AB-4774-91BA-2AADDB821060}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{6E5DBEF9-CCA6-41DF-98D5-8DDB810FCFF7}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{D361D436-F227-4D4B-A4AF-6D34F938AE48}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{E55DB96E-8456-42C8-8DB5-1A6AC8A91FEF}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{042D3B06-FBB7-4471-B234-10287A6B1DEB}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{1DB60722-7F1A-45FF-A898-D57B36658AAC}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E735D30C-A928-4C17-B350-B8653DA30BCF}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{880C0695-17F9-4F45-9E70-38BF1D460B78}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{88FA3BB0-27B4-496C-A536-78488F1F9F9F}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{E53340CD-C278-4E53-BC36-8CED099ABD31}C:\\users\\jaris\\downloads\\utorrent.exe"= UDP:C:\users\jaris\downloads\utorrent.exe:utorrent.exe
"UDP Query User{AEF40B1A-3BED-4417-981C-E9D1DED7DA43}C:\\users\\jaris\\downloads\\utorrent.exe"= TCP:C:\users\jaris\downloads\utorrent.exe:utorrent.exe
"{7D701B24-E2B1-435E-BC74-680F91AAC15A}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent (TCP-In)
"{D233F4E1-C3A3-4DBB-9807-0048D9816635}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent (UDP-In)
"{DAE83455-A3F6-4093-8B41-B14ACC7E8B2D}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{4FF93D9B-C863-44E8-A794-BFA4B5D110AE}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:Render Manager
"{20D2799F-6655-41C6-BFD5-42FCC710F872}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{BCE3E531-CBED-42E9-A038-B48A19B78D14}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:umi
"{3E4C78EB-3D04-4B19-868B-5F9C11CB4911}"= UDP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"{97395B07-0A49-4DE5-8D24-A77E08A2B43E}"= TCP:C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:Pinnacle VideoSpin
"TCP Query User{716A8B82-515F-42C4-95DF-81312EFFBF00}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser
"UDP Query User{7C971406-DD26-44F3-8143-E2D1AC583C99}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser
"{52097C16-993D-4074-B79A-B5024A1D980F}"= C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{181E0135-0845-4777-A5E0-D2181B0AEBAB}"= UDP:C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{0953B98D-42FC-4F49-B22A-92ED0F2D26FD}"= TCP:C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:Render Manager
"{E0B75273-A6DD-454B-8C8D-7EFEAD2564F8}"= UDP:C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{C4EDC4F0-6EB8-4092-BF60-8B9BE5129DAE}"= TCP:C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:Studio
"{D1C6835D-A8B1-402B-A69F-D936C03AB49A}"= UDP:C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{F5A6F8C6-68AB-4A70-BB39-F74A729522C1}"= TCP:C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:umi
"{D06EF6C0-3D9E-4F8C-A854-99C18367D46E}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{80B8C7AD-0C03-445A-AF34-BDA898F657CB}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgImp.exe:Magentic
"{DADF6A67-F104-4240-8B36-EC3FC67A13E7}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{9114AD5D-8C06-445A-88B4-6191D7CDE176}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{D952FF7B-69C4-4E78-96E7-C390D76DEE72}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{EE6FADA5-FA20-492C-A3F6-DFFFE6646234}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{F4F65498-6E0A-41C5-9761-63E9124B4C87}"= Disabled:UDP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{0C577250-80EF-4416-A196-C227AA088643}"= Disabled:TCP:C:\Program Files\Magentic\bin\Magentic.exe:Magentic
"{4FBCD7EA-830C-4695-AF6F-EEFDD9AEDCF6}"= Disabled:UDP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{6AFFF482-23D4-4E38-A4AB-DC5158FFAE84}"= Disabled:TCP:C:\Program Files\Magentic\bin\MgApp.exe:Magentic
"{9FE8BCAB-E163-4039-BB46-E28E8638E3A8}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{E9C94D40-40F3-47D3-866C-9A62A3C5A0FA}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{91B0A416-056A-471B-9325-831FC35CAE23}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{1D6C682E-FAE3-40ED-9B1B-E587589AD28E}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{68E1B3F5-0896-44CD-8F35-AC56659D2993}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{50FB4765-9D0A-4BF8-9CFB-1AA5EDA8FC59}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{FE17CC36-C22F-464E-8066-D306B58EA37A}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{2578E983-0D8C-42A5-AC2F-AF3CC980FCBD}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{6E674132-1BA7-45FF-A173-B8A9CDDBF713}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{B9AEAC67-7D4B-4FB4-A894-0B423BC87FBC}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{018B8CB2-5E7D-4508-8EAF-B981A1A4D1B7}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{E2E36CD1-5F98-49C8-A144-D986FCF9E6A1}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{F2537161-B3AD-4139-B804-51E2A52AD75C}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{9E06EA70-1015-46B1-8F55-0538791B7A74}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{F7DA489A-477A-49C9-8EBE-FBDE45B1FDD1}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe
"{8727FD17-FC88-4C55-B783-0D8174EF7A35}"= UDP:C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:LifeEnC2.exe
"{4ABD255A-2334-4E57-8B81-71176A8DF41B}"= TCP:C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:LifeEnC2.exe
"{6CA0290A-E8D3-4D4F-95C2-C582CFE9EABF}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{1909345D-8318-451A-A381-268E7A97ADB1}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{DE8B8E3C-0FFC-4C36-B958-15411FFD2018}"= UDP:C:\Program Files\Microsoft LifeCam\LifeTray.exe:LifeTray.exe
"{7F1486D2-F7DC-4559-AEE4-7CF483B9A029}"= TCP:C:\Program Files\Microsoft LifeCam\LifeTray.exe:LifeTray.exe
"{C4D9F7AD-21DF-457C-8C76-A2E1388E7569}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{7A579619-6927-4244-924C-DAA558EF568D}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server
"{1A9AC6D0-6E6D-443A-86E3-B878F248B15D}"= UDP:C:\Program Files\Opera\opera.exe:Opera Internet Browser
"{F426AF54-EA57-421B-8923-59B659062AFB}"= TCP:C:\Program Files\Opera\opera.exe:Opera Internet Browser
"{652829A3-8C3A-4B9D-983F-2B593AE3F83D}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B2543E1C-62A7-44CD-947E-F651F6207489}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9047CF2A-3C06-4BFC-AE4A-D42C4D29AEBC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{918FE79B-C62D-4FC6-B1E8-88DBC68E5D09}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{91B94028-59FB-4D9F-83D4-1845B6C21E49}"= C:\Program Files\Skype\Phone\Skype.exe:Skype
"{EC433963-77A0-4F37-9417-33ED59C761F1}"= C:\Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe:CyberLink PowerDVD 10.0
"{88CFD8AB-942A-4C16-BC17-810926751031}"= C:\Program Files\CyberLink\PowerDVD10\PowerDVD9.EXE:CyberLink PowerDVD 9.0
"{19CCD208-9A50-4FF8-892B-E6074BEAD85E}"= Disabled:UDP:C:\Program Files\IncrediMail\Bin\ImpCnt.exe:IncrediMail
"{C5C34621-4F51-40C1-B066-CC4B88F5D38D}"= Disabled:TCP:C:\Program Files\IncrediMail\Bin\ImpCnt.exe:IncrediMail
"{2D1A4C9A-ECB6-4913-85F0-C9C28CDA0FE6}"= UDP:C:\Users\jaris\Downloads\VideoConverter_Setup.exe:Video Converter
"{948709D2-1A7B-4F36-960B-1411BDB71AD7}"= TCP:C:\Users\jaris\Downloads\VideoConverter_Setup.exe:Video Converter
"{CA966B3D-9F92-4E73-9703-0EE8D10530A2}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour Service
"{10FCDE0A-6AB6-44A6-AFD9-D6C5D37A204C}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour Service
"{E7AB77B7-DF18-48BB-800A-A10B9BE5EB4C}"= C:\Program Files\iTunes\iTunes.exe:iTunes
"{159A6C6E-79C0-41AC-817C-30B43B746ECC}"= C:\Program Files\Windows Live\Contacts\wlcomm.exe:Windows Live Communications Platform
"{B52B7304-865A-4B86-AF96-3573AEA2ECCF}"= UDPLocalSubnet:LocalSubnet:Windows Live Communications Platform (UPnP)
"{4AC91848-F614-4669-B34F-4492509101F7}"= TCPLocalSubnet:LocalSubnet:Windows Live Communications Platform (SSDP)
"{AD7B6800-A03F-42D1-8885-8E726C83E795}"= C:\Program Files\Windows Live\Mesh\MOE.exe:Windows Live Mesh
"{1C62BF46-2C2F-4C71-BC52-AE65A5BE3875}"= Disabled:UDP:C:\Program Files\IncrediMail\Bin\ImApp.exe:IncrediMail
"{A9C1FE1B-94DC-454A-B91C-5A1B309D2569}"= Disabled:TCP:C:\Program Files\IncrediMail\Bin\ImApp.exe:IncrediMail
"{39546A4E-6AF3-41A1-8997-08380B10538C}"= Disabled:UDP:C:\Program Files\IncrediMail\Bin\IncMail.exe:IncrediMail
"{AE693B10-560E-4AF8-A7D2-7B554D1F49F4}"= Disabled:TCP:C:\Program Files\IncrediMail\Bin\IncMail.exe:IncrediMail

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Configurable\System]
"{CFFB2921-F1A3-4493-AC41-E78B6EDBB4EC}"= UDP:33701|%ProgramFiles%\Windows Live\Mesh\wlcrasvc.exe|Svc=wlcrasvc:@%ProgramFiles%\Windows Live\Mesh\WLRemoteServiceResource.dll,-103

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM

R0 FSProFilter;FSPro File Filter;C:\Windows\system32\Drivers\FSPFltd.sys [2008-06-05 43792]
R1 PSched;Plánovač paketů technologie QoS;C:\Windows\system32\DRIVERS\pacer.sys [2009-04-11 72192]
R2 fsproflt;FSPro Filter Service;C:\Windows\system32\fsproflt.exe [2009-12-04 139952]
R3 appliandMP;appliandMP;C:\Windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
R3 RTSTOR;Realtek USB 2.0 Card Reader;C:\Windows\system32\drivers\RTSTOR.SYS [2009-04-08 64000]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/23 15:55:08];C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 11:58 87536]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
S2 gupdate1c9e9c6e1469ee0;Google Update Service (gupdate1c9e9c6e1469ee0);C:\Program Files\Google\Update\GoogleUpdate.exe [2009-06-10 133104]
S2 MBAMService;MBAMService;C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 MSCamSvc;MSCamSvc;C:\Program Files\Microsoft LifeCam\MSCamS32.exe [2009-07-24 139120]
S2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe [2010-10-20 196928]
S2 nlsX86cc;NLS Service;C:\Windows\system32\NLSSRV32.EXE [2010-10-20 67904]
S2 wlidsvc;Windows Live ID Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536]
S3 appliand;Applian Network Service;C:\Windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
S3 FlyPCI;FlyPCI;C:\Windows\system32\drivers\FlyPCI.sys [2003-10-10 4134]
S3 FontCache;Mezipaměť písem Windows;C:\Windows\system32\svchost.exe [2008-01-19 21504]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [2010-05-28 14896]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
S3 rockusb;Driver for rockusb Device;C:\Windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 ACDaemon;ArcSoft Connect Daemon;C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S4 uCamMonitor;CamMonitor;C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ

*Newly Created Service* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-{F301665A-12F8-4331-804A-5BCBD379668C} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
ShellIconOverlayIdentifiers-{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} - %SystemRoot%\system32\EhStorShell.dll
HKLM-RunOnce-<NO NAME> - (no file)
Notify-DfLogon - LogonDll.dll
MSConfigStartUp-Seznam Postak - C:\Program Files\Seznam.cz\postak.exe


.
------- Doplňkový sken -------
.
FireFox -: Profile - C:\Users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.seznam.cz/
FF -: plugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
FF -: plugin - C:\Program Files\Google\Picasa3\npPicasa3.dll
FF -: plugin - C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\4.0.50917.0\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\np_gp.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - C:\Program Files\Opera\program\plugins\NPOFF12.DLL
FF -: plugin - C:\Program Files\Opera\program\plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\QuickTime\Plugins\npqtplugin8.dll
FF -: plugin - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
FF -: plugin - C:\Users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\maps@ovi.com\plugins\npNMapNPR.dll
FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-10 11:55:09
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-12-10 12:12:00
ComboFix-quarantined-files.txt 2010-12-10 11:10:58
ComboFix2.txt 2010-03-07 11:49:31
ComboFix3.txt 2010-02-03 08:55:53
ComboFix4.txt 2010-01-28 11:52:19

Před spuštěním: Systém nemůže nalézt text zprávy číslo 0x2379 v souboru zpráv pro Application.
Po spuštění: 9,334,542,336

443 --- E O F --- 2010-11-24 11:01:09

[Rudy]

Stáhněte nový ComboFix a udělejte nový sken. Tento má omezenou funkčnost.

[jarda.otta]

Vůbec mě nejde nic stáhnout z webu.Tváří se to jako že se to stahuje a i dokončí ale soubory jsou nenalezeny.Tak jsem poprosil souseda a zde je log.Děkuji vám.
ComboFix 10-12-09.07 - jaris 11.12.2010 9:36.5.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.1017 [GMT 1:00]
Spuštěný z: c:\users\jaris\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\pswi_preloaded.exe
c:\users\jaris\AppData\Roaming\langInstall.exe

----- BITS: Možné infikované stránky -----

hxxp://msofficelb.vo.llnwd.net
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-11 do 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-11 08:48 . 2010-12-11 08:48 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-11 08:48 . 2010-12-11 08:48 -------- d-----w- c:\users\Krečmerová\AppData\Local\temp
2010-12-11 08:48 . 2010-12-11 08:48 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-11 08:48 . 2010-12-11 08:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-11 08:48 . 2010-12-11 08:48 -------- d-----w- c:\users\beatles\AppData\Local\temp
2010-12-07 16:29 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{028F9A4C-48B9-4B3E-94AA-03571A949BD8}\mpengine.dll
2010-12-07 12:49 . 2010-12-07 12:49 -------- d-----w- c:\windows\system32\ShellExt
2010-12-07 12:36 . 2009-12-04 07:56 139952 ----a-w- c:\windows\system32\fsproflt.exe
2010-12-07 12:36 . 2008-06-05 17:37 43792 ----a-w- c:\windows\system32\drivers\FSPFltd.sys
2010-12-07 12:36 . 2010-12-07 12:37 -------- d-----w- c:\program files\Hide Folders 2009
2010-12-06 13:44 . 2010-12-06 13:44 -------- d-----w- c:\program files\Photo Notifier and Animation Creator
2010-12-06 13:44 . 2010-12-06 13:44 -------- d-----w- c:\programdata\Photo Notifier and Animation Creator
2010-12-05 12:51 . 2010-12-06 08:43 -------- d-----w- c:\users\jaris\AppData\Roaming\SolidDocuments
2010-12-05 12:47 . 2009-10-21 18:20 18752 ----a-w- c:\windows\system32\solidlocalui.dll
2010-12-05 12:47 . 2009-10-21 18:20 27456 ----a-w- c:\windows\system32\solidlocalmon.dll
2010-12-05 12:46 . 2010-12-05 12:46 -------- d-----w- c:\program files\SolidDocuments
2010-12-05 12:46 . 2010-12-05 12:46 -------- d-----w- c:\programdata\SolidDocuments
2010-12-05 09:56 . 2010-12-05 09:56 -------- d-----w- c:\users\jaris\AppData\Local\Iceni
2010-12-05 09:56 . 2010-12-05 09:56 -------- d-----w- c:\programdata\Aspell
2010-12-05 09:56 . 2010-12-05 09:56 -------- d-----w- c:\users\jaris\AppData\Roaming\Iceni
2010-12-05 09:56 . 2010-12-05 09:56 -------- d-----w- c:\programdata\Iceni
2010-12-05 09:56 . 2010-12-05 09:57 -------- d-----w- c:\users\jaris\AppData\Roaming\Aspell
2010-12-05 09:56 . 2010-12-05 09:56 -------- d-----w- c:\program files\Iceni
2010-12-05 08:14 . 2010-12-05 08:32 -------- d-----w- c:\users\jaris\AppData\Roaming\Nitro PDF
2010-12-05 07:59 . 2010-10-20 16:38 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-12-05 07:59 . 2010-10-20 16:38 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-12-05 07:58 . 2010-12-05 07:58 -------- d-----w- c:\programdata\Nitro PDF
2010-12-05 07:58 . 2010-12-05 07:58 -------- d-----w- c:\program files\Common Files\Nitro PDF
2010-12-05 07:58 . 2010-12-05 07:58 -------- d-----w- c:\program files\Nitro PDF
2010-12-03 11:10 . 2010-12-05 07:54 -------- d-----w- c:\users\jaris\AppData\Roaming\Downloaded Installations
2010-12-02 07:10 . 2010-12-02 07:10 -------- d-----w- c:\program files\Microsoft Office Labs
2010-12-02 05:16 . 2010-12-02 05:16 -------- d-----w- c:\program files\Voxware Audio decoder
2010-12-02 05:16 . 1999-10-30 01:36 281600 ----a-w- c:\windows\system32\mvoice.vwp
2010-12-02 05:16 . 1999-04-15 12:10 424960 ----a-w- c:\windows\system32\msms001.vwp
2010-11-24 11:00 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-22 07:53 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-11-22 07:53 . 2010-11-22 07:53 -------- d-----w- c:\program files\PC Connectivity Solution
2010-11-20 22:05 . 2010-11-20 22:05 -------- d-----w- c:\program files\AAALOGO2010
2010-11-15 12:20 . 2010-11-15 12:20 -------- dc----w- c:\programdata\{5E80195C-322F-4958-B480-817CAC450BC4}
2010-11-15 10:13 . 2010-11-15 12:19 -------- d-----w- c:\programdata\Digital Film Tools
2010-11-15 02:35 . 2010-11-15 02:35 -------- d-----w- c:\users\jaris\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-11-15 02:05 . 2010-11-15 10:05 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-11-15 00:26 . 2010-11-15 02:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-14 14:24 . 2010-11-15 12:13 -------- d-----w- c:\program files\ImageSkill
2010-11-13 17:39 . 2010-11-13 17:39 -------- d-----w- c:\program files\Shape Collage
2010-11-13 13:48 . 2010-11-13 13:48 76 --sh--r- c:\windows\FFSSET.BIN
2010-11-12 15:28 . 2010-11-13 13:47 -------- d-----w- c:\program files\Reallusion
2010-11-11 14:25 . 2010-11-13 10:11 -------- d-----w- c:\users\jaris\AppData\Roaming\kikin
2010-11-11 14:25 . 2010-11-13 10:08 -------- d-----w- c:\program files\kikin
2010-11-11 14:25 . 2010-11-18 11:04 -------- d-----w- c:\program files\JDownloader
2010-11-11 13:19 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-11-11 12:23 . 2010-11-11 12:23 -------- d-----w- c:\windows\cs
2010-11-11 12:21 . 2010-11-11 12:21 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-11-11 12:14 . 2010-11-11 12:14 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\eeeb04701cb81990b\MeshBetaRemover.exe
2010-11-11 10:49 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-11-11 10:49 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-11-11 10:49 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-11-11 10:48 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 11:44 . 2010-10-23 11:44 36616 ----a-w- c:\windows\system32\drivers\btcusb.sys
2010-10-23 11:44 . 2010-10-23 11:44 19464 ----a-w- c:\windows\system32\btinstall.dll
2010-10-20 16:41 . 2010-10-20 16:41 67904 ----a-w- c:\windows\system32\NLSSRV32.EXE
2010-10-19 09:41 . 2010-03-15 21:23 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-10 14:06 . 2010-10-10 14:06 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-06 15:55 . 2010-10-06 15:55 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-10-06 15:55 . 2010-10-06 15:55 108478 ----a-w- c:\windows\system32\Vxdif.dll
2010-10-06 15:55 . 2010-10-06 15:55 195120 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-09-25 13:42 . 2010-09-25 13:42 17920 ----a-w- c:\windows\WebFerretUninstall.exe
2010-09-25 13:42 . 2010-09-25 13:42 8192 ----a-w- c:\windows\system32\NetFerret.dll
2010-09-22 23:32 . 2010-09-22 23:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-13 13:56 . 2010-10-24 13:01 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2005-10-18 11:12 . 2010-01-13 08:52 5545203 ----a-w- c:\program files\ffdemo30.exe
2002-07-28 22:40 . 2007-05-22 15:20 1059840 ----a-w- c:\program files\DS_Bonus_Plugin.8bf
2001-09-28 16:00 . 2009-06-19 23:19 243200 ----a-w- c:\program files\UNWISE.EXE
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-09-11 13:56 . 2010-07-01 07:39 75208 ----a-w- c:\program files\mozilla firefox\plugins\xxxnpFoxitReaderPlugin.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 08:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-08-16 19:35 799472 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-07-30 353736]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"WEBTRAN"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Aktualizovat ESET licenci.lnk]
backup=c:\windows\pss\Aktualizovat ESET licenci.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bitmeter2.lnk]
backup=c:\windows\pss\Bitmeter2.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update ESET's licence.lnk]
backup=c:\windows\pss\Update ESET's licence.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^jaris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AutoLyrix.lnk]
backup=c:\windows\pss\AutoLyrix.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^jaris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MP3 Dancer.lnk]
backup=c:\windows\pss\MP3 Dancer.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\365dni
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2010-10-06 15:55 204800 ----a-w- c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 15:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 10:58 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2010-04-15 08:17 427328 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
2010-07-16 10:51 338296 ----a-w- c:\program files\Uniblue\DriverScanner\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2006-07-25 14:55 1043968 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
2010-08-19 14:23 3069192 ----a-w- c:\program files\TechSmith\Jing\Jing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KennyKerr.WindowClippings.HotKey]
c:\users\jaris\Downloads\WindowClippings.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KennyKerr.WindowClippings.Icon]
c:\users\jaris\Downloads\WindowClippings.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 13:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
c:\progra~1\Magentic\bin\Magentic.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 13:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2010-03-04 13:10 2192672 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-07-02 10:20 671608 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42 54672 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-18 07:58 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-07-24 13:05 762208 ----a-w- c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-10 697328]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/23 15:55];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 10:58 87536]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
R2 gupdate1c9e9c6e1469ee0;Google Update Service (gupdate1c9e9c6e1469ee0);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 133104]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2010-10-20 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-20 67904]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
R3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2003-10-10 4134]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-05-28 14896]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]
S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-12-04 139952]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2010-12-09 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-03-29 12:11]

2010-12-09 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-29 11:24]

2010-12-08 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-03-29 11:38]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 12:27]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 12:27]

2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{F601E435-7F1B-4885-ADA7-F72CB8713B0C}.job
- c:\windows\system32\msfeedssync.exe [2010-10-24 04:25]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Read EXIF - c:\program files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=PMAH10FFAB&search=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\maps@ovi.com\plugins\npNMapNPR.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Adblock Plus: Element Hiding Helper: elemhidehelper@adblockplus.org - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\elemhidehelper@adblockplus.org
FF - Extension: Ovi maps browser plugin: maps@ovi.com - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\maps@ovi.com
FF - Extension: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Sothink SWF Catcher: {618D522B-652C-4e19-9194-048700B12ED6} - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\{618D522B-652C-4e19-9194-048700B12ED6}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Classic Compact: {D46E8522-6E86-44b1-A622-58C0668AD78E} - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-RunOnce-<NO NAME> - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 09:48
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\users\jaris\AppData\Local\Temp\catchme.dll 53248 bytes executable

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-12-11 09:54:40
ComboFix-quarantined-files.txt 2010-12-11 08:54
ComboFix2.txt 2010-12-10 11:44
ComboFix3.txt 2010-03-07 11:49
ComboFix4.txt 2010-02-03 08:55
ComboFix5.txt 2010-12-11 08:33

Před spuštěním: 9 333 231 616
Po spuštění: 9 301 286 912

- - End Of File - - C1EFC6E3DE00C2F00ECA8B13DD75D2CD

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\AskBarDis

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[jarda.otta]

zde je log po čištění

ComboFix 10-12-09.07 - jaris 11.12.2010 14:01:46.5.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.1384 [GMT 1:00]
Spuštěný z: c:\users\jaris\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\jaris\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: ESET Smart Security 4.0 *enabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
ADS - Windows: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-11 do 2010-12-11 )))))))))))))))))))))))))))))))
.

2010-12-11 13:12 . 2010-12-11 13:12 -------- d-----w- c:\users\jaris\AppData\Local\temp
2010-12-11 13:12 . 2010-12-11 13:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-11 13:12 . 2010-12-11 13:12 -------- d-----w- c:\users\Krečmerová\AppData\Local\temp
2010-12-11 13:12 . 2010-12-11 13:12 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-11 13:12 . 2010-12-11 13:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-11 13:12 . 2010-12-11 13:12 -------- d-----w- c:\users\beatles\AppData\Local\temp
2010-12-07 16:29 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{028F9A4C-48B9-4B3E-94AA-03571A949BD8}\mpengine.dll
2010-12-07 12:49 . 2010-12-07 12:49 -------- d-----w- c:\windows\system32\ShellExt
2010-12-07 12:36 . 2009-12-04 07:56 139952 ----a-w- c:\windows\system32\fsproflt.exe
2010-12-07 12:36 . 2008-06-05 17:37 43792 ----a-w- c:\windows\system32\drivers\FSPFltd.sys
2010-12-07 12:36 . 2010-12-07 12:37 -------- d-----w- c:\program files\Hide Folders 2009
2010-12-06 13:44 . 2010-12-06 13:44 -------- d-----w- c:\program files\Photo Notifier and Animation Creator
2010-12-06 13:44 . 2010-12-06 13:44 -------- d-----w- c:\programdata\Photo Notifier and Animation Creator
2010-12-05 12:51 . 2010-12-06 08:43 -------- d-----w- c:\users\jaris\AppData\Roaming\SolidDocuments
2010-12-05 12:47 . 2009-10-21 18:20 18752 ----a-w- c:\windows\system32\solidlocalui.dll
2010-12-05 12:47 . 2009-10-21 18:20 27456 ----a-w- c:\windows\system32\solidlocalmon.dll
2010-12-05 12:46 . 2010-12-05 12:46 -------- d-----w- c:\program files\SolidDocuments
2010-12-05 12:46 . 2010-12-05 12:46 -------- d-----w- c:\programdata\SolidDocuments
2010-12-05 09:56 . 2010-12-05 09:56 -------- d-----w- c:\users\jaris\AppData\Local\Iceni
2010-12-05 09:56 . 2010-12-05 09:56 -------- d-----w- c:\programdata\Aspell
2010-12-05 09:56 . 2010-12-05 09:56 -------- d-----w- c:\users\jaris\AppData\Roaming\Iceni
2010-12-05 09:56 . 2010-12-05 09:56 -------- d-----w- c:\programdata\Iceni
2010-12-05 09:56 . 2010-12-05 09:57 -------- d-----w- c:\users\jaris\AppData\Roaming\Aspell
2010-12-05 09:56 . 2010-12-05 09:56 -------- d-----w- c:\program files\Iceni
2010-12-05 08:14 . 2010-12-05 08:32 -------- d-----w- c:\users\jaris\AppData\Roaming\Nitro PDF
2010-12-05 07:59 . 2010-10-20 16:38 17728 ----a-w- c:\windows\system32\nitrolocalui.dll
2010-12-05 07:59 . 2010-10-20 16:38 26432 ----a-w- c:\windows\system32\nitrolocalmon.dll
2010-12-05 07:58 . 2010-12-05 07:58 -------- d-----w- c:\programdata\Nitro PDF
2010-12-05 07:58 . 2010-12-05 07:58 -------- d-----w- c:\program files\Common Files\Nitro PDF
2010-12-05 07:58 . 2010-12-05 07:58 -------- d-----w- c:\program files\Nitro PDF
2010-12-03 11:10 . 2010-12-05 07:54 -------- d-----w- c:\users\jaris\AppData\Roaming\Downloaded Installations
2010-12-02 07:10 . 2010-12-02 07:10 -------- d-----w- c:\program files\Microsoft Office Labs
2010-12-02 05:16 . 2010-12-02 05:16 -------- d-----w- c:\program files\Voxware Audio decoder
2010-12-02 05:16 . 1999-10-30 01:36 281600 ----a-w- c:\windows\system32\mvoice.vwp
2010-12-02 05:16 . 1999-04-15 12:10 424960 ----a-w- c:\windows\system32\msms001.vwp
2010-11-24 11:00 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-22 07:53 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-11-22 07:53 . 2010-11-22 07:53 -------- d-----w- c:\program files\PC Connectivity Solution
2010-11-20 22:05 . 2010-11-20 22:05 -------- d-----w- c:\program files\AAALOGO2010
2010-11-15 12:20 . 2010-11-15 12:20 -------- dc----w- c:\programdata\{5E80195C-322F-4958-B480-817CAC450BC4}
2010-11-15 10:13 . 2010-11-15 12:19 -------- d-----w- c:\programdata\Digital Film Tools
2010-11-15 02:35 . 2010-11-15 02:35 -------- d-----w- c:\users\jaris\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-11-15 02:05 . 2010-11-15 10:05 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2010-11-15 00:26 . 2010-11-15 02:37 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-11-14 14:24 . 2010-11-15 12:13 -------- d-----w- c:\program files\ImageSkill
2010-11-13 17:39 . 2010-11-13 17:39 -------- d-----w- c:\program files\Shape Collage
2010-11-13 13:48 . 2010-11-13 13:48 76 --sh--r- c:\windows\FFSSET.BIN
2010-11-12 15:28 . 2010-11-13 13:47 -------- d-----w- c:\program files\Reallusion
2010-11-11 14:25 . 2010-11-13 10:11 -------- d-----w- c:\users\jaris\AppData\Roaming\kikin
2010-11-11 14:25 . 2010-11-13 10:08 -------- d-----w- c:\program files\kikin
2010-11-11 14:25 . 2010-11-18 11:04 -------- d-----w- c:\program files\JDownloader
2010-11-11 13:19 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-23 11:44 . 2010-10-23 11:44 36616 ----a-w- c:\windows\system32\drivers\btcusb.sys
2010-10-23 11:44 . 2010-10-23 11:44 19464 ----a-w- c:\windows\system32\btinstall.dll
2010-10-20 16:41 . 2010-10-20 16:41 67904 ----a-w- c:\windows\system32\NLSSRV32.EXE
2010-10-19 09:41 . 2010-03-15 21:23 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-10 14:06 . 2010-10-10 14:06 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-06 15:55 . 2010-10-06 15:55 1419232 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-10-06 15:55 . 2010-10-06 15:55 108478 ----a-w- c:\windows\system32\Vxdif.dll
2010-10-06 15:55 . 2010-10-06 15:55 195120 ----a-w- c:\windows\system32\drivers\Apfiltr.sys
2010-09-25 13:42 . 2010-09-25 13:42 17920 ----a-w- c:\windows\WebFerretUninstall.exe
2010-09-25 13:42 . 2010-09-25 13:42 8192 ----a-w- c:\windows\system32\NetFerret.dll
2010-09-22 23:32 . 2010-09-22 23:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-13 13:56 . 2010-10-24 13:01 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2005-10-18 11:12 . 2010-01-13 08:52 5545203 ----a-w- c:\program files\ffdemo30.exe
2002-07-28 22:40 . 2007-05-22 15:20 1059840 ----a-w- c:\program files\DS_Bonus_Plugin.8bf
2001-09-28 16:00 . 2009-06-19 23:19 243200 ----a-w- c:\program files\UNWISE.EXE
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-09-11 13:56 . 2010-07-01 07:39 75208 ----a-w- c:\program files\mozilla firefox\plugins\xxxnpFoxitReaderPlugin.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-08-16 19:35 799472 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files\IncrediMail\bin\IncMail.exe" [2010-07-30 353736]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-05-14 1479680]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]
"WEBTRAN"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Aktualizovat ESET licenci.lnk]
backup=c:\windows\pss\Aktualizovat ESET licenci.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bitmeter2.lnk]
backup=c:\windows\pss\Bitmeter2.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Update ESET's licence.lnk]
backup=c:\windows\pss\Update ESET's licence.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^jaris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^AutoLyrix.lnk]
backup=c:\windows\pss\AutoLyrix.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^jaris^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MP3 Dancer.lnk]
backup=c:\windows\pss\MP3 Dancer.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2010-10-06 15:55 204800 ----a-w- c:\program files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-10-08 15:04 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 09:19 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 10:58 75048 ------w- c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2010-04-15 08:17 427328 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverScanner]
2010-07-16 10:51 338296 ----a-w- c:\program files\Uniblue\DriverScanner\Launcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 19:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2006-07-25 14:55 1043968 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 00:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jing]
2010-08-19 14:23 3069192 ----a-w- c:\program files\TechSmith\Jing\Jing.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KennyKerr.WindowClippings.HotKey]
c:\users\jaris\Downloads\WindowClippings.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KennyKerr.WindowClippings.Icon]
c:\users\jaris\Downloads\WindowClippings.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 13:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Magentic]
c:\progra~1\Magentic\bin\Magentic.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2010-04-29 13:39 437584 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart]
2010-03-04 13:10 2192672 ----a-w- c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-07-02 10:20 671608 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OM2_Monitor]
2009-11-25 19:42 54672 ----a-w- c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-05-14 08:32 1479680 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-03-15 10:15 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 09:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-10-11 15:49 14940040 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-18 07:58 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-07-24 13:05 762208 ----a-w- c:\windows\vVX3000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-10 697328]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/06/23 15:55];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-03-13 10:58 87536]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
R2 gupdate1c9e9c6e1469ee0;Google Update Service (gupdate1c9e9c6e1469ee0);c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 133104]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [2010-10-20 196928]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-10-20 67904]
R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-11-22 1121536]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2008-04-24 17920]
R3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2003-10-10 4134]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-05-28 14896]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 rockusb;Driver for rockusb Device;c:\windows\system32\DRIVERS\rockusb.sys [2006-03-22 73984]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]
S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2009-12-04 139952]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys [2010-06-24 28256]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Obsah adresáře 'Naplánované úlohy'

2010-12-11 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-03-29 12:11]

2010-12-11 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-29 11:24]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 12:27]

2010-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-10 12:27]

2010-12-09 c:\windows\Tasks\User_Feed_Synchronization-{F601E435-7F1B-4885-ADA7-F72CB8713B0C}.job
- c:\windows\system32\msfeedssync.exe [2010-10-24 04:25]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Read EXIF - c:\program files\ArcSoft\RAW Thumbnail Viewer\ArcEXIFM.htm
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
FF - ProfilePath - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=PMAH10FFAB&search=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Opera\program\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\maps@ovi.com\plugins\npNMapNPR.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Adblock Plus: Element Hiding Helper: elemhidehelper@adblockplus.org - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\elemhidehelper@adblockplus.org
FF - Extension: Ovi maps browser plugin: maps@ovi.com - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\maps@ovi.com
FF - Extension: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Sothink SWF Catcher: {618D522B-652C-4e19-9194-048700B12ED6} - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\{618D522B-652C-4e19-9194-048700B12ED6}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: Classic Compact: {D46E8522-6E86-44b1-A622-58C0668AD78E} - c:\users\jaris\AppData\Roaming\Mozilla\Firefox\Profiles\3un2dknd.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-RunOnce-<NO NAME> - (no file)
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-11 14:12
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Celkový čas: 2010-12-11 14:16:34
ComboFix-quarantined-files.txt 2010-12-11 13:16
ComboFix2.txt 2010-12-11 08:54
ComboFix3.txt 2010-12-10 11:44
ComboFix4.txt 2010-03-07 11:49
ComboFix5.txt 2010-12-11 12:57

Před spuštěním: 9 574 289 408
Po spuštění: 9 511 772 160

- - End Of File - - 0484488C42923FC7018836C35A743A5E

[jarda.otta]

Problém přetrvává.Po restartu vše zatuhne jen myš je pohyblivá ale nejde na nic kliknout a kurzor se změní na ikonu přesýpacích hodin.

[Rudy]

Pokud vám funguje nouzový režim, zkuste z něj obnovu systému k datu, kdy korektně fungoval.

[jarda.otta]

jak už jsem psal výše,nelze dát obnovu systému,protože mě to píše že nebyl vytvořen bod obnovení.to bylo první co jsem chtěl udělat.

[Rudy]

Co jste instaloval těsně před tím, než se problém objevil?

[jarda.otta]

těch programů byla spousta.Jak už jsem uvedl,pc jsem cca 2 měsíce nevypínal a pravděpodobně se to aktivovalo až po vypnutí a opětovném zapnutí pc.Některé viru se tak aktivují.musel bych projít ty dva měsíce zpátky.Ale co to bylo konkrétně už bohužel nevím.