VIRY.CZ

Chytil jsem- jak odstranit - viz log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:28, on 4.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Zaloha\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
c:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Opera 10 UNITE\opera.exe
C:\Program Files\ScanSpyware\3.9.1.9\ScanSpyware.exe
C:\Documents and Settings\Já\Dokumenty\My Downloads\Programy\RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\Já.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2124320
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
R3 - URLSearchHook: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll
R3 - URLSearchHook: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: ShowBarObj Class - {2863E737-DD3F-4280-9AF8-E9E79C16F312} - C:\Program Files\Save Tube Video Company\SaveTubeVideoBurn\MinBHO.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Zaloha\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IObitCom Toolbar - {31c7d459-9cc3-44f2-9dca-fc11795309b4} - C:\Program Files\IObitCom\tbIOb1.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Save Tube Video - {F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} - C:\Program Files\Save Tube Video Company\SaveTubeVideoBurn\SaveTubeVideo.dll
O3 - Toolbar: Messenger Plus Live Toolbar - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [setup] C:\DOCUME~1\J1EA4~1\LOCALS~1\Temp\Rar$EX01.984\setup.exe
O4 - HKLM\..\Run: [RealPlayerrealplay] c:\program files\common files\real\rcaplugins\stubdrmuisystem.exe
O4 - HKLM\..\Run: [QuickTimeQuickTimeResources] c:\program files\quicktime\qtsystem\quicktimestreamingextras.resources\en.lproj\quicktimeresourcesquicktimeresources.exe
O4 - HKLM\..\Run: [SETUPAntivirus] c:\program files\eset\setup\nod32setup.exe
O4 - HKLM\..\Run: [gemcompilerConfiguration1.0.1.448] C:\program files\common files\real\rcaplugins\stubdrmuisystem.exe
O4 - HKLM\..\Run: [SubsetFontTaskSubsetFontTask] c:\program files\microsoft expression\blend 2\projectbuildtasks\subsetfonttasksubsetfonttask.exe
O4 - HKLM\..\RunServices: [setup] C:\DOCUME~1\J1EA4~1\LOCALS~1\Temp\Rar$EX01.984\setup.exe
O4 - HKLM\..\RunServices: [QuickTimeResourcesQuickTime] c:\program files\quicktime\qtsystem\quicktimeh264.resources\de.lproj\quicktimeresourcesquicktimeresources.exe
O4 - HKLM\..\RunServices: [DivXHandheld] c:\program files\corel\corel videostudio 12\avcontrol\profiles\divxhandheld.exe
O4 - HKLM\..\RunServices: [SubsetFontTaskSubsetFontTask] c:\program files\microsoft expression\blend 2\projectbuildtasks\subsetfonttasksubsetfonttask.exe
O4 - HKLM\..\RunServices: [RealNetworksplugin] C:\program files\common files\real\rcaplugins\stubdrmuisystem.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Já\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [kwgmreuwe6wb] C:\Documents and Settings\Já\Local Settings\Temp\m.22D7A.tmp.exe
O4 - HKCU\..\Run: [Desktop Security 2010] "C:\Documents and Settings\Já\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe" /STARTUP
O4 - HKCU\..\Run: [SecurityCenter] C:\Documents and Settings\Já\Data aplikací\Desktop Security 2010\securitycenter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Zaloha\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Zaloha\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Zaloha\Program Files\Offline Explorer EnterpriseA\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Zaloha\Program Files\Offline Explorer EnterpriseA\Add_AllO.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Najít pomocí &Google - C:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
O8 - Extra context menu item: Přeložit stránku pomocí Google - C:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
O8 - Extra context menu item: Stáhnout Free Download Managerem - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Stáhnout video Free Download Managerem - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Stáhnout vybrané Free Download Managerem - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Stáhnout vše Free Download Managerem - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Gladinet Side Panel - {A0BB3F12-4E51-4F7E-A7A2-6ADD8289C36B} - Shdocvw.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: wlcrdplauncher - C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ComodoBackupService - COMODO - C:\Program Files\Comodo\BackUp\CmdBkSvc.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: Google Update Service (gupdate1c8d63a1720ca32) (gupdate1c8d63a1720ca32) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Zaloha\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - c:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

--
End of file - 17668 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AWC AutoSweep.job
C:\WINDOWS\tasks\AWC Update.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1482476501-1417001333-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-1482476501-1417001333-1003UA.job
C:\WINDOWS\tasks\Norton Security Scan.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{F6D51471-0A77-410A-AF61-786E24A678AE}.job
C:\WINDOWS\tasks\Úklid 1 kliknutím.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2009-07-03 777320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files\TechSmith\SnagIt 9\SnagItBHO.dll [2008-08-29 66888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2863E737-DD3F-4280-9AF8-E9E79C16F312}]
ShowBarObj Class - C:\Program Files\Save Tube Video Company\SaveTubeVideoBurn\MinBHO.dll [2009-10-29 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Zaloha\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-11-26 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
IObitCom Toolbar - C:\Program Files\IObitCom\tbIOb1.dll [2010-02-18 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
Windows Live Family Safety Browser Helper Class - C:\Program Files\Windows Live\Family Safety\fssbho.dll [2009-08-05 113512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]
Messenger Plus Live Toolbar - C:\Program Files\Messenger_Plus_Live\tbMess.dll [2010-02-22 2353176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}]
Babylon IE plugin - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll [2009-05-24 252304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-12-15 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
myBabylon English Toolbar - C:\Program Files\myBabylon_English\tbmyB1.dll [2010-02-18 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}]
FDMIECookiesBHO Class - C:\Program Files\Free Download Manager\iefdm2.dll [2008-12-30 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23 2121728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 9\SnagItIEAddin.dll [2008-08-29 161096]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - myBabylon English Toolbar - C:\Program Files\myBabylon_English\tbmyB1.dll [2010-02-18 2349080]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} - Save Tube Video - C:\Program Files\Save Tube Video Company\SaveTubeVideoBurn\SaveTubeVideo.dll [2009-11-03 696320]
{9b339f6e-ddcd-401b-8764-230adbd01761} - Messenger Plus Live Toolbar - C:\Program Files\Messenger_Plus_Live\tbMess.dll [2010-02-22 2353176]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-03-11 86016]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2008-06-17 921600]
"fssui"=C:\Program Files\Windows Live\Family Safety\fsui.exe [2009-08-05 647520]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe [2008-03-25 144784]
"setup"=C:\DOCUME~1\J1EA4~1\LOCALS~1\Temp\Rar$EX01.984\setup.exe [2010-05-04 153088]
"RealPlayerrealplay"=c:\program files\common files\real\rcaplugins\stubdrmuisystem.exe [2010-05-04 153088]
"QuickTimeQuickTimeResources"=c:\program files\quicktime\qtsystem\quicktimestreamingextras.resources\en.lproj\quicktimeresourcesquicktimeresources.exe [2010-05-04 153088]
"SETUPAntivirus"=c:\program files\eset\setup\nod32setup.exe [2010-05-04 153088]
"gemcompilerConfiguration1.0.1.448"=C:\program files\common files\real\rcaplugins\stubdrmuisystem.exe [2010-05-04 153088]
"SubsetFontTaskSubsetFontTask"=c:\program files\microsoft expression\blend 2\projectbuildtasks\subsetfonttasksubsetfonttask.exe [2010-05-04 153088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"Google Update"=C:\Documents and Settings\Já\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2008-08-29 133104]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-09-06 39408]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-29 2343120]
"kwgmreuwe6wb"=C:\Documents and Settings\Já\Local Settings\Temp\m.22D7A.tmp.exe [2010-05-04 2944000]
"Desktop Security 2010"=C:\Documents and Settings\Já\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe [2010-05-04 1409536]
"SecurityCenter"=C:\Documents and Settings\Já\Data aplikací\Desktop Security 2010\securitycenter.exe [2010-05-04 133632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-03-29 2343120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Gladinet Cloud Desktop.lnk]
C:\WINDOWS\Installer\{F979607B-EA89-41EC-A4E1-0179CA060FBE}\_53B6F4C0F921C66A97CB54.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Já^Nabídka Start^Programy^Po spuštění^VirtuaWin.lnk]
C:\PROGRA~1\VirtuaWin\VirtuaWin.exe [2009-09-10 126464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlcrdplauncher]
C:\Program Files\Live Mesh\Remote Desktop\wlcrdplauncher.dll [2010-02-01 21840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
C:\WINDOWS\system32\nnnnLcab
relog_ap

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1
"NoDispCPL"=0
"NoDispSettingsPage"=0
"NoDispScrSavPage"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"MaxRecentDocs"=21
"GreyMSIAds"=1
"NoDriveTypeAutoRun"=144
"HideClock"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveTrack"=
"NoViewContextMenu"=
"NoFileAssociate"=
"NoFind"=
"NoRun"=
"NoClose"=
"StartMenuLogoff"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe"="C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home"
"C:\Program Files\Opera 95 FIN\opera.exe"="C:\Program Files\Opera 95 FIN\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\TC UP\PLUGINS\Media\FreeDownloadManager\fdmwi.exe"="C:\Program Files\TC UP\PLUGINS\Media\FreeDownloadManager\fdmwi.exe:*:Enabled:fdmwi"
"C:\Program Files\TC UP\PLUGINS\Media\uTorrent\utorrent.exe"="C:\Program Files\TC UP\PLUGINS\Media\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Zaloha\Jazyky\EDDICA\DUA1\tbload.BAK"="C:\Zaloha\Jazyky\EDDICA\DUA1\tbload.BAK:*:Enabled:Toolbook II"
"C:\Zaloha\Jazyky\EDDICA\DUA1\tbload.exe"="C:\Zaloha\Jazyky\EDDICA\DUA1\tbload.exe:*:Enabled:ToolBook"
"C:\Program Files\TC UP\PLUGINS\Tools\TightVNC\WinVNC.exe"="C:\Program Files\TC UP\PLUGINS\Tools\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server"
"C:\Program Files\TC UP\PLUGINS\Media\OperaUSB\op.com"="C:\Program Files\TC UP\PLUGINS\Media\OperaUSB\op.com:*:Enabled:Opera Internet Browser"
"C:\Program Files\TC UP\PLUGINS\Tools\HFS\hfs.exe"="C:\Program Files\TC UP\PLUGINS\Tools\HFS\hfs.exe:*:Enabled:hfs"
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe"="C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials"
"C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe"="C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe:*:Enabled:Nero MediaHome Essentials (1)"
"C:\Program Files\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe"="C:\Program Files\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe:*:Enabled:Nero MediaHome Essentials (2)"
"C:\Program Files\Free Download Manager\fdm.exe"="C:\Program Files\Free Download Manager\fdm.exe:*:Enabled:Free Download Manager"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Zaloha\Program Files\FlashGet\flashget.exe"="C:\Zaloha\Program Files\FlashGet\flashget.exe:*:Enabled:FlashGet"
"C:\Program Files\Opera 952\Opera 9.52\opera.exe"="C:\Program Files\Opera 952\Opera 9.52\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Microsoft Expression\Media 2\Media.exe"="C:\Program Files\Microsoft Expression\Media 2\Media.exe:*:Enabled:iView Multimedia"
"C:\Program Files\Avid\Avid Free DV\AvidFreeDV.exe"="C:\Program Files\Avid\Avid Free DV\AvidFreeDV.exe:*:Enabled:Avid Editor"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Opera 951 USB\OperaPortable\App\Opera\Opera.exe"="C:\Program Files\Opera 951 USB\OperaPortable\App\Opera\Opera.exe:*:Enabled:Opera"
"C:\Program Files\Opera 10 UNITE\opera.exe"="C:\Program Files\Opera 10 UNITE\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Opera 10 Preview\opera.exe"="C:\Program Files\Opera 10 Preview\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Opera 10 UNITE 1615\opera.exe"="C:\Program Files\Opera 10 UNITE 1615\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Opera 10 UNITE RC\opera.exe"="C:\Program Files\Opera 10 UNITE RC\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Opera W\opera.exe"="C:\Program Files\Opera W\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladinetClient.exe"="C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladinetClient.exe:*:Enabled:Gladinet Cloud Desktop"
"C:\Program Files\TC UP\PLUGINS\Media\OperaUSB\operausb.exe"="C:\Program Files\TC UP\PLUGINS\Media\OperaUSB\operausb.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Opera 951 USB\op.com"="C:\Program Files\Opera 951 USB\op.com:*:Enabled:Opera Internet Browser"
"C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe"="C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe:*:Enabled:Live Mesh Remote Desktop"
"C:\Documents and Settings\Já\Local Settings\Data aplikací\Microsoft\Live Mesh\GacBase\Moe.exe"="C:\Documents and Settings\Já\Local Settings\Data aplikací\Microsoft\Live Mesh\GacBase\Moe.exe:*:Enabled:Live Mesh"
"C:\Program Files\Save Tube Video Company\SaveTubeVideoBurn\downloader.exe"="C:\Program Files\Save Tube Video Company\SaveTubeVideoBurn\downloader.exe:*:Enabled:SaveTubeVideo"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe"="C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe:*:Enabled:Live Mesh Remote Desktop"
"C:\Documents and Settings\Já\Local Settings\Data aplikací\Microsoft\Live Mesh\GacBase\Moe.exe"="C:\Documents and Settings\Já\Local Settings\Data aplikací\Microsoft\Live Mesh\GacBase\Moe.exe:*:Enabled:Live Mesh"

======File associations======

.ini - open - "C:\Program Files\TC UP\PLUGINS\Media\Notepad++\notepad++.exe" "%1"
.js - edit - C:\Program Files\TC UP\PLUGINS\Media\Notepad++\notepad++.exe "%1"
.js - open - "C:\Program Files\TC UP\PLUGINS\Media\Notepad++\notepad++.exe" "%1"
.reg - edit - C:\Program Files\TC UP\PLUGINS\Media\Notepad++\notepad++.exe "%1"
.reg - open - "C:\Program Files\TC UP\PLUGINS\Media\Notepad++\notepad++.exe" "%1"
.scr - open - "C:\Program Files\TC UP\PLUGINS\Media\XnView\xnview.exe" "%1"
.scr - install -
.scr - config -
.txt - open - "C:\Program Files\TC UP\PLUGINS\Media\Notepad++\notepad++.exe" "%1"
.vbs - edit - C:\Program Files\TC UP\PLUGINS\Media\Notepad++\notepad++.exe "%1"
.vbs - open - "C:\Program Files\TC UP\PLUGINS\Media\Notepad++\notepad++.exe" "%1"

======List of files/folders created in the last 1 months======

2010-05-04 16:34:54 ----D---- C:\rsit
2010-05-04 16:27:48 ----A---- C:\WINDOWS\ScanSpyware.INI
2010-05-04 16:17:06 ----D---- C:\Documents and Settings\Já\Data aplikací\ScanSpyware
2010-05-04 16:17:06 ----A---- C:\WINDOWS\system32\ssbtsr.exe
2010-05-04 16:17:03 ----D---- C:\Program Files\ScanSpyware
2010-05-04 15:06:28 ----D---- C:\Documents and Settings\Já\Data aplikací\Desktop Security 2010
2010-05-03 19:28:22 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-05-03 19:28:21 ----A---- C:\WINDOWS\system32\javaws.exe
2010-05-03 19:28:21 ----A---- C:\WINDOWS\system32\javaw.exe
2010-05-03 19:28:20 ----A---- C:\WINDOWS\system32\java.exe
2010-04-28 10:46:58 ----A---- C:\gmail_debug_response10.txt
2010-04-28 10:46:58 ----A---- C:\gmail_debug_headers10.txt
2010-04-28 10:46:57 ----A---- C:\gmail_debug_response9.txt
2010-04-28 10:46:57 ----A---- C:\gmail_debug_headers9.txt
2010-04-15 17:58:47 ----D---- C:\Documents and Settings\Já\Data aplikací\Foxit Software
2010-04-14 11:26:21 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 11:25:54 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 11:18:03 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 11:17:46 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 11:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 11:16:19 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-13 05:04:19 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-05 20:14:34 ----D---- C:\Program Files\Messenger_Plus_Live

======List of files/folders modified in the last 1 months======

2010-05-04 16:34:54 ----D---- C:\WINDOWS\Prefetch
2010-05-04 16:29:47 ----D---- C:\WINDOWS\Temp
2010-05-04 16:27:48 ----D---- C:\WINDOWS
2010-05-04 16:17:06 ----D---- C:\WINDOWS\system32
2010-05-04 16:17:03 ----RD---- C:\Program Files
2010-05-04 15:51:57 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2010-05-04 15:41:21 ----SD---- C:\WINDOWS\Tasks
2010-05-04 15:39:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-04 05:11:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Google Updater
2010-05-03 19:29:37 ----SHD---- C:\WINDOWS\Installer
2010-05-03 19:29:36 ----SHD---- C:\Config.Msi
2010-05-02 01:42:18 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-02 00:27:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-05-02 00:26:52 ----D---- C:\WINDOWS\Debug
2010-05-02 00:21:54 ----D---- C:\Program Files\CCleaner
2010-04-30 15:00:05 ----D---- C:\Program Files\Norton Security Scan
2010-04-28 12:25:34 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-28 10:45:04 ----A---- C:\WINDOWS\wincmd.ini
2010-04-26 19:05:15 ----D---- C:\Program Files\Opera W
2010-04-25 20:14:40 ----D---- C:\Documents and Settings\Já\Data aplikací\Canon
2010-04-23 15:08:36 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-04-19 16:28:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-15 18:00:43 ----HD---- C:\BJPrinter
2010-04-15 18:00:24 ----D---- C:\Program Files\Opera 10 UNITE
2010-04-14 11:28:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-04-14 11:26:39 ----HD---- C:\WINDOWS\inf
2010-04-14 11:26:28 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-14 11:26:13 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 11:25:57 ----D---- C:\WINDOWS\system32\drivers
2010-04-13 21:43:00 ----D---- C:\Program Files\AllMedia Grabber
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-05 20:12:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Messenger Plus!
2010-04-05 20:11:57 ----D---- C:\Program Files\Messenger Plus! Live

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2001-02-01 25244]
R1 atitray;atitray; \??\C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys []
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2008-02-27 3840]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2006-03-02 39936]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-11-02 56572]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 ATITUNEP;ATI WDM TV Tuner; C:\WINDOWS\system32\DRIVERS\atintuxx.sys [2002-09-24 36911]
R2 ATIXSAudio;ATI WDM TV Audio Crossbar; C:\WINDOWS\system32\DRIVERS\atinxsxx.sys [2002-09-24 60047]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R2 MVDCODEC;ATI WDM Specialized MVD Codec; C:\WINDOWS\system32\DRIVERS\atinmdxx.sys [2002-09-24 12415]
R2 tifsfilter;Acronis True Image FS Filter; C:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2008-08-02 44384]
R2 TTDec;ATI WDM Teletext Decoder; C:\WINDOWS\system32\DRIVERS\ATINTTXX.sys [2002-09-24 21695]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-05-14 622172]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2006-03-02 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2002-10-13 539520]
R3 atinrvxx;ATI WDM Rage Theater Video; C:\WINDOWS\system32\DRIVERS\atinrvxx.sys [2002-09-24 100719]
R3 ativraxx;ATI WDM Rage Theater Audio; C:\WINDOWS\system32\DRIVERS\atinraxx.sys [2002-09-24 48399]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2003-03-04 145408]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2006-03-02 61824]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-10-11 47360]
R3 RDPDISPM;RDPDISPM; C:\WINDOWS\system32\DRIVERS\rdpdispm.sys [2010-02-01 9040]
R3 RDPVDD;RDPVDD; C:\WINDOWS\system32\DRIVERS\rdpvmp.sys [2010-02-01 19408]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2006-03-02 12416]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2006-03-02 17024]
R3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]
S1 PDIDRV;PDIDRV; C:\WINDOWS\system32\drivers\PDIDRV.sys []
S2 CINEMSUP;Software Cinemaster NT4.0 Driver; C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS []
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2004-08-03 48128]
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2004-08-03 38912]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2004-08-03 51328]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-04 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-03 153376]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-10-19 61440]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2008-06-17 507904]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Zaloha\Program Files\Spyware Terminator\sp_rsser.exe [2008-02-24 1097216]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-01-04 603904]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-02-25 1047880]
R2 UleadBurningHelper;Ulead Burning Helper; c:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
R2 wlcrasvc;Live Mesh Remote Desktop; C:\Program Files\Live Mesh\Remote Desktop\wlcrasvc.exe [2010-02-01 44880]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2002-10-12 110677]
S2 gupdate1c8d63a1720ca32;Google Update Service (gupdate1c8d63a1720ca32); C:\Program Files\Google\Update\GoogleUpdate.exe [2008-08-29 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-09 183280]
S3 AcrSch2Svc;Acronis Scheduler2 Service; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2007-10-30 427288]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 ComodoBackupService;ComodoBackupService; C:\Program Files\Comodo\BackUp\CmdBkSvc.exe [2008-11-21 1023488]
S3 DfSdkS;Defragmentation-Service; C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2008-12-22 410976]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Služba Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-03-03 143360]
S3 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 TryAndDecideService;Acronis Try And Decide Service; C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 492720]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-02-26 435016]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S3 x10nets;X10 Device Network Service; C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe []
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-01 271920]

-----------------EOF-----------------
Dík za pomoc JK

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Dík, zkusím ! JK

S omluvou, nejsem sice "ouplná lama", ale moje RČ začíná 3X a nejsem technicky vzdělán. Proto díky za pomoc !
Tady je log z Combofixu:
ComboFix 10-05-03.06 - Já 04.05.2010 19:41:09.1.1 - x86
Spuštěný z: c:\documents and settings\Já\Dokumenty\My Downloads\Programy\ComboFix.exe
AV: Eset NOD32 Antivirus 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Já\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.lnk
c:\program files\\setup.exe
c:\program files\Save Tube Video Company\SaveTubeVideoBurn\MiNBho.dll
c:\program files\Save Tube Video Company\SaveTubeVideoBurn\SaVEtubevideo.dll
c:\program files\Setup.exe
c:\program files\WindowsUpdate
c:\recycler\NPROTECT
c:\windows\BMe7abc3f8.txt
c:\windows\BMe7abc3f8.xml
c:\windows\eSellerateEngine.dll
c:\windows\system32\SHELLLNK.TLB
c:\windows\UA000106.DLL

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-04 do 2010-05-04 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 14:17 . 2010-05-04 14:17 -------- d-----w- c:\program files\ScanSpyware
2010-05-03 17:27 . 2010-05-03 17:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-01 22:21 . 2008-06-27 08:08 -------- d-----w- c:\program files\CCleaner
2010-04-30 13:00 . 2008-09-06 15:30 -------- d-----w- c:\program files\Norton Security Scan
2010-04-26 17:05 . 2009-11-25 14:50 -------- d-----w- c:\program files\Opera W
2010-04-23 13:08 . 2008-09-06 17:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-19 14:28 . 2006-03-02 12:00 454474 ----a-w- c:\windows\system32\perfh005.dat
2010-04-19 14:28 . 2006-03-02 12:00 87954 ----a-w- c:\windows\system32\perfc005.dat
2010-04-15 16:00 . 2009-06-17 19:39 -------- d-----w- c:\program files\Opera 10 UNITE
2010-04-13 19:43 . 2009-11-04 15:12 -------- d-----w- c:\program files\AllMedia Grabber
2010-04-05 18:15 . 2010-04-05 18:14 -------- d-----w- c:\program files\Messenger_Plus_Live
2010-04-05 18:11 . 2008-09-02 03:54 -------- d-----w- c:\program files\Messenger Plus! Live
2010-03-31 12:50 . 2010-03-31 12:50 -------- d-----w- c:\program files\Uniblue
2010-03-18 17:21 . 2008-06-26 17:12 -------- d-----w- c:\program files\Opera 951 USB
2010-03-12 16:22 . 2008-08-02 06:49 -------- d-----w- c:\program files\Acronis
2010-03-10 14:05 . 2008-06-20 22:43 -------- d-----w- c:\program files\Common Files\Java
2010-03-10 14:02 . 2008-06-20 22:44 -------- d-----w- c:\program files\Java
2010-03-06 04:42 . 2008-06-24 20:37 -------- d-----w- c:\program files\Google
2010-02-25 10:03 . 2010-02-26 20:26 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-25 09:56 . 2009-01-04 08:25 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-24 12:31 . 2006-03-02 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:34 . 2006-03-02 12:00 2183552 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:34 . 2004-08-17 15:45 2060544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 10:03 . 2010-04-13 03:04 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:47 . 2006-03-02 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2006-03-02 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-02-18 2349080]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-18 2349080]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-02-18 09:48 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]
2010-02-22 10:05 2353176 ----a-w- c:\program files\Messenger_Plus_Live\tbMess.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-02-18 09:48 2349080 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-02-18 2349080]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-02-18 2349080]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-18 2349080]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{9B339F6E-DDCD-401B-8764-230ADBD01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2009-05-16 12:52 192208 ----a-w- c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2009-05-16 12:55 192208 ----a-w- c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Já\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-08-29 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-06 39408]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"SecurityCenter"="c:\documents and settings\Já\Data aplikací\Desktop Security 2010\securitycenter.exe" [2010-05-04 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-06-17 921600]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"RealPlayerrealplay"="c:\program files\common files\real\rcaplugins\stubdrmuisystem.exe" [2010-05-04 153088]
"QuickTimeQuickTimeResources"="c:\program files\quicktime\qtsystem\quicktimestreamingextras.resources\en.lproj\quicktimeresourcesquicktimeresources.exe" [2010-05-04 153088]
"SETUPAntivirus"="c:\program files\eset\setup\nod32setup.exe" [2010-05-04 153088]
"gemcompilerConfiguration1.0.1.448"="c:\program files\common files\real\rcaplugins\stubdrmuisystem.exe" [2010-05-04 153088]
"SubsetFontTaskSubsetFontTask"="c:\program files\microsoft expression\blend 2\projectbuildtasks\subsetfonttasksubsetfonttask.exe" [2010-05-04 153088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 21 (0x15)
"GreyMSIAds"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlcrdplauncher]
2010-02-01 04:38 21840 ----a-w- c:\program files\Live Mesh\Remote Desktop\wlcrdplauncher.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Gladinet Cloud Desktop.lnk]
backup=c:\windows\pss\Gladinet Cloud Desktop.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Já^Nabídka Start^Programy^Po spuštění^VirtuaWin.lnk]
backup=c:\windows\pss\VirtuaWin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-03-29 12:54 2343120 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\LaunchPd.exe"
"ATI Remote Control"=c:\program files\ATI Multimedia\RemCtrl\ATIX10.exe
"Active Desktop Calendar"=c:\zaloha\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"AtiTrayTools"="c:\program files\Ray Adams\ATI Tray Tools\atitray.exe"
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe
"Google Update"="c:\documents and settings\Já\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" /startup
"UIWatcher"=c:\program files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe"
"SoundMan"=SOUNDMAN.EXE
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Babylon Client"=c:\program files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "c:\program files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
"PWRISOVM.EXE"=c:\program files\PowerISO2\PowerISO\PWRISOVM.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"UVS11 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"TrojanScanner"=c:\program files\Trojan Remover A\Trjscan.exe /boot
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"SpywareTerminator"="c:\zaloha\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"OODefragTray"=c:\windows\system32\oodtray.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"UVS12 Preload"=c:\program files\Corel\Corel VideoStudio 12\uvPL.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=c:\program files\Google\Gmail Notifier\gnotify.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"Advanced URL Catalog"="c:\program files\Jordysoft\Advanced URL Catalog\AdUrlCatalog.exe" /minimized
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Opera 95 FIN\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\FreeDownloadManager\\fdmwi.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\uTorrent\\utorrent.exe"=
"c:\\Zaloha\\Jazyky\\EDDICA\\DUA1\\tbload.BAK"=
"c:\\Zaloha\\Jazyky\\EDDICA\\DUA1\\tbload.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Tools\\TightVNC\\WinVNC.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\OperaUSB\\op.com"=
"c:\\Program Files\\TC UP\\PLUGINS\\Tools\\HFS\\hfs.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Zaloha\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Opera 952\\Opera 9.52\\opera.exe"=
"c:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe"=
"c:\\Program Files\\Avid\\Avid Free DV\\AvidFreeDV.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera 951 USB\\OperaPortable\\App\\Opera\\Opera.exe"=
"c:\\Program Files\\Opera 10 UNITE\\opera.exe"=
"c:\\Program Files\\Opera 10 Preview\\opera.exe"=
"c:\\Program Files\\Opera 10 UNITE 1615\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera 10 UNITE RC\\opera.exe"=
"c:\\Program Files\\Opera W\\opera.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Gladinet\\Gladinet Cloud Desktop\\GladinetClient.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\OperaUSB\\operausb.exe"=
"c:\\Program Files\\Opera 951 USB\\op.com"=
"c:\\Program Files\\Live Mesh\\Remote Desktop\\wlcrasvc.exe"=
"c:\\Documents and Settings\\Já\\Local Settings\\Data aplikací\\Microsoft\\Live Mesh\\GacBase\\Moe.exe"=
"c:\\Program Files\\Save Tube Video Company\\SaveTubeVideoBurn\\downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [22.5.2007 11:04 18088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.9.2008 21:54 138752]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 TTDec;ATI WDM Teletext Decoder;c:\windows\system32\drivers\atinttxx.sys [17.6.2008 9:18 21695]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 11:59 1047880]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [1.2.2010 6:42 44880]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [1.2.2010 6:42 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [1.2.2010 6:42 19408]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 11:18 10064]
S1 PDIDRV;PDIDRV; [x]
S2 gupdate1c8d63a1720ca32;Google Update Service (gupdate1c8d63a1720ca32);c:\program files\Google\Update\GoogleUpdate.exe [17.7.2008 8:18 133104]
S3 ComodoBackupService;ComodoBackupService;c:\program files\Comodo\BackUp\CmdBkSvc.exe [21.11.2008 9:49 1023488]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [22.12.2008 22:20 410976]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-05-04 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-01-13 12:11]

2010-05-04 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-01-09 11:38]

2010-05-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-20 05:11]

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-17 20:04]

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-17 20:04]

2010-04-30 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 21:42]

2010-05-04 c:\windows\Tasks\User_Feed_Synchronization-{F6D51471-0A77-410A-AF61-786E24A678AE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:01]

2010-04-30 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2008-06-21 13:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2124320
uDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Stáhnout &vše FlashGetem - c:\zaloha\Program Files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\zaloha\Program Files\FlashGet\jc_link.htm
IE: + Offline &Explorer: Download the link - file://c:\zaloha\Program Files\Offline Explorer EnterpriseA\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\zaloha\Program Files\Offline Explorer EnterpriseA\Add_AllO.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Najít pomocí &Google - c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
IE: Přeložit stránku pomocí Google - c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: {{A0BB3F12-4E51-4F7E-A7A2-6ADD8289C36B} - {52E729D7-DFFB-4011-97EE-D7E28212D901} - Shdocvw.dll
LSP: c:\windows\system32\imon.dll
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
FF - ProfilePath - c:\documents and settings\Já\Data aplikací\Mozilla\Firefox\Profiles\lpko86wk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Messenger Plus Live Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2124320&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101703&gct=&gc=1&q=
FF - component: c:\documents and settings\Já\Data aplikací\Mozilla\Firefox\Profiles\lpko86wk.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Já\Data aplikací\Mozilla\Firefox\Profiles\lpko86wk.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\Save Tube Video Company\SaveTubeVideoBurn\FF\components\swslib.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Opera 10 UNITE 1615\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 UNITE 1615\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Opera 10 UNITE\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 UNITE\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10 UNITE\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Opera 95 FIN\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 95 FIN\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 95 FIN\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Opera 952\Opera 9.52\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 952\Opera 9.52\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Opera W\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera W\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 19:59
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="E2A359391E13E7AB40A02859ED713129A6A58F72A4FD5C0C487D77E3D177E04E10E0DBE6CB5954A783C44028D95AE28FB28D38B7EF3E66933F017EC27678F97AE991991FA998333B37F4112D7D8C5A3FA40F3AFC1CB3BA77E42985D1723B7F43B977EEE9C44FA69D50786A9A5D9EF82D37967443C8281E8C5EA51E00995DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D14079F9BECE06DEE0506CA3D14E0AFDE8FDFC5DC952D942BCF81BA66512BD3DEF6660D36AFB716521FE16567A31F036691424D7DBEE4EB14273FE15550DC7EC52DBB8E6B9D949107E4D5E0EF1D0CF67E0AC6DE2BCE39603B7013FE319CE6DC512B0E9EEA4B5C58C64B2596617FCF334E2685D5ECCFB7EE56328A8FA0E4DB5AE2717CFC16B04364BDEAA32A7CAB67E56F36A853002A42900B1743567C3E22E54EA2BB2C85AAD5B58E013B7DB4E5A23EEFB2EDBD552B8C4BF3EEF058D29D72F05C08137301F872D1CC6EE83A30D9A3F151B4A8BC10089FA1A12B5B61E3DFDA72C70D615E09414B3D0339BE4B4C13633889F83D3F0A55589E96645D7E26C3BC65C0C1143B508A6806AC08E06117042ECF84E2A674CE0E674FC9556503C26ECF496BD9B09EBBC223BB3BA888705581A1771E787552209052C6A4DAF70318651B9FE02E4FDEE6B72BF1938D04B0FDC434752A61C713F01F709888FA2C5AB615FD6FAB391D962121033F8FC8B39E3CEBAB12EB6DD733EBDFEF6048592D27644B29C34D9A5925EA14023F7B160EF96F772519200EEDF1EB5D50B9A843BA4A1BBD2429B79758AF7C10511398CF9BC72C4D8FDBF4D9E75702866748E626A76B070347B5D418031A4073F0DD1B7978CE39372F2E8989392BF12DDC303296D9F40C95C07D01A6D41253033446AD36579C12E21CE9F6FB67FA35092F1CAB4ACE133DD4921C0AF4DE060A67C0F86D4F7D7F6760C0EA46328D1778322DB9EB1C9438E5859230B5D5C3A769AD9225E831448D1BA5DD12F353D9151B29FC3AFC8B4F1C03CEEA5C3CC03E702D45777EA76D989D460D07C474280D4FB24E17525FBAB538463B97C6C7D2989A430312BCA139FBCC3252A46A2D1E7E61876AC83E05F0924A94BA6B9AF9CA34254E1F591C44EC827B6019F0EF76C8192C16A5B1B95419C55508210D06668D855224B698DBEE85D64C04E4FD47205DDA560F10C6062942429EECA475BC16A114AB50C8EE3FF9A43628849FADE26BB555C7D69B51E9D21F90B04761F2F483347B79113A4D8EAB0E713C7D1638BD0F4F2FAF859E6E2E9386CAD94A5626E81F166ECDD8D37C94C1AA6D763DFA2AD2B34CA2FB67D20EA123741F2C606886D6CC392F79CE4316A16D88258DC9E262A279F2FE647E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1340)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(1940)
c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll
c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\system32\ieframe.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Gladinet\Gladinet Cloud Desktop\GlCopyHandler.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\documents and settings\Já\Local Settings\Data aplikací\Microsoft\Live Mesh\Bin\WLCShell.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Eset\nod32krn.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\zaloha\Program Files\Spyware Terminator\sp_rsser.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\documents and settings\Já\Local Settings\Data aplikací\Google\Update\1.2.183.23\GoogleCrashHandler.exe
.
**************************************************************************
.
Celkový čas: 2010-05-04 20:20:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-04 18:20

Před spuštěním: Volných bajtů: 74 403 819 520
Po spuštění: Volných bajtů: 75 503 800 320

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=I19W2E /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Záloha)" /noexecute=optin /fastdetect /TUTag=I19W2E-BAK

- - End Of File - - A4BEDF07CCE6EC29A6F6B61722D87E14

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\AskBarDis

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
[-HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Tady je nový log po doporučeném provedení. Bohužel, PC restartován, po něm znovu "obtěžuje" vyskakovací okno onoho "sajrajtu" To zn. že nezmizel. Jak dál ?
Log:ComboFix 10-05-03.06 - Já 04.05.2010 21:44:58.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.216 [GMT 2:00]
Spuštěný z: c:\documents and settings\Já\Dokumenty\My Downloads\Programy\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Já\Plocha\CFScript.lnk
AV: Eset NOD32 Antivirus 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\common files\real\rcaplugins\stubdrmuisystem.exe
c:\program files\eset\setup\nod32setup.exe
c:\program files\microsoft expression\blend 2\projectbuildtasks\subsetfonttasksubsetfonttask.exe
c:\program files\quicktime\qtsystem\quicktimestreamingextras.resources\en.lproj\quicktimeresourcesquicktimeresources.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-04 do 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-05-04 14:34 . 2010-05-04 14:35 -------- d-----w- C:\rsit
2010-05-04 14:17 . 2008-09-07 15:22 8704 ----a-w- c:\windows\system32\ssbtsr.exe
2010-05-04 14:17 . 2010-05-04 14:17 -------- d-----w- c:\program files\ScanSpyware
2010-05-03 17:28 . 2010-05-03 17:27 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-13 03:04 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-05 18:14 . 2010-04-05 18:15 -------- d-----w- c:\program files\Messenger_Plus_Live

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 22:21 . 2008-06-27 08:08 -------- d-----w- c:\program files\CCleaner
2010-04-30 13:00 . 2008-09-06 15:30 -------- d-----w- c:\program files\Norton Security Scan
2010-04-26 17:05 . 2009-11-25 14:50 -------- d-----w- c:\program files\Opera W
2010-04-23 13:08 . 2008-09-06 17:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-19 14:28 . 2006-03-02 12:00 454474 ----a-w- c:\windows\system32\perfh005.dat
2010-04-19 14:28 . 2006-03-02 12:00 87954 ----a-w- c:\windows\system32\perfc005.dat
2010-04-15 16:00 . 2009-06-17 19:39 -------- d-----w- c:\program files\Opera 10 UNITE
2010-04-13 19:43 . 2009-11-04 15:12 -------- d-----w- c:\program files\AllMedia Grabber
2010-04-05 18:11 . 2008-09-02 03:54 -------- d-----w- c:\program files\Messenger Plus! Live
2010-03-31 12:50 . 2010-03-31 12:50 -------- d-----w- c:\program files\Uniblue
2010-03-18 17:21 . 2008-06-26 17:12 -------- d-----w- c:\program files\Opera 951 USB
2010-03-12 16:22 . 2008-08-02 06:49 -------- d-----w- c:\program files\Acronis
2010-03-10 14:05 . 2008-06-20 22:43 -------- d-----w- c:\program files\Common Files\Java
2010-03-10 14:02 . 2008-06-20 22:44 -------- d-----w- c:\program files\Java
2010-03-06 04:42 . 2008-06-24 20:37 -------- d-----w- c:\program files\Google
2010-02-25 10:03 . 2010-02-26 20:26 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-25 09:56 . 2009-01-04 08:25 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-24 12:31 . 2006-03-02 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:34 . 2006-03-02 12:00 2183552 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:34 . 2004-08-17 15:45 2060544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2006-03-02 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2006-03-02 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-02-18 2349080]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-18 2349080]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-02-18 09:48 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]
2010-02-22 10:05 2353176 ----a-w- c:\program files\Messenger_Plus_Live\tbMess.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-02-18 09:48 2349080 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-02-18 2349080]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-02-18 2349080]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-18 2349080]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
"{9B339F6E-DDCD-401B-8764-230ADBD01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2009-05-16 12:52 192208 ----a-w- c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2009-05-16 12:55 192208 ----a-w- c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Já\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-08-29 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-06 39408]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"SecurityCenter"="c:\documents and settings\Já\Data aplikací\Desktop Security 2010\securitycenter.exe" [2010-05-04 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-06-17 921600]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 21 (0x15)
"GreyMSIAds"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlcrdplauncher]
2010-02-01 04:38 21840 ----a-w- c:\program files\Live Mesh\Remote Desktop\wlcrdplauncher.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Gladinet Cloud Desktop.lnk]
backup=c:\windows\pss\Gladinet Cloud Desktop.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Já^Nabídka Start^Programy^Po spuštění^VirtuaWin.lnk]
backup=c:\windows\pss\VirtuaWin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-03-29 12:54 2343120 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\LaunchPd.exe"
"ATI Remote Control"=c:\program files\ATI Multimedia\RemCtrl\ATIX10.exe
"Active Desktop Calendar"=c:\zaloha\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"AtiTrayTools"="c:\program files\Ray Adams\ATI Tray Tools\atitray.exe"
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe
"Google Update"="c:\documents and settings\Já\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" /startup
"UIWatcher"=c:\program files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe"
"SoundMan"=SOUNDMAN.EXE
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Babylon Client"=c:\program files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "c:\program files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
"PWRISOVM.EXE"=c:\program files\PowerISO2\PowerISO\PWRISOVM.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"UVS11 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"TrojanScanner"=c:\program files\Trojan Remover A\Trjscan.exe /boot
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"SpywareTerminator"="c:\zaloha\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"OODefragTray"=c:\windows\system32\oodtray.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"UVS12 Preload"=c:\program files\Corel\Corel VideoStudio 12\uvPL.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=c:\program files\Google\Gmail Notifier\gnotify.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"Advanced URL Catalog"="c:\program files\Jordysoft\Advanced URL Catalog\AdUrlCatalog.exe" /minimized
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Opera 95 FIN\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\FreeDownloadManager\\fdmwi.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\uTorrent\\utorrent.exe"=
"c:\\Zaloha\\Jazyky\\EDDICA\\DUA1\\tbload.BAK"=
"c:\\Zaloha\\Jazyky\\EDDICA\\DUA1\\tbload.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Tools\\TightVNC\\WinVNC.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\OperaUSB\\op.com"=
"c:\\Program Files\\TC UP\\PLUGINS\\Tools\\HFS\\hfs.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Zaloha\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Opera 952\\Opera 9.52\\opera.exe"=
"c:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe"=
"c:\\Program Files\\Avid\\Avid Free DV\\AvidFreeDV.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera 951 USB\\OperaPortable\\App\\Opera\\Opera.exe"=
"c:\\Program Files\\Opera 10 UNITE\\opera.exe"=
"c:\\Program Files\\Opera 10 Preview\\opera.exe"=
"c:\\Program Files\\Opera 10 UNITE 1615\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera 10 UNITE RC\\opera.exe"=
"c:\\Program Files\\Opera W\\opera.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Gladinet\\Gladinet Cloud Desktop\\GladinetClient.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\OperaUSB\\operausb.exe"=
"c:\\Program Files\\Opera 951 USB\\op.com"=
"c:\\Program Files\\Live Mesh\\Remote Desktop\\wlcrasvc.exe"=
"c:\\Documents and Settings\\Já\\Local Settings\\Data aplikací\\Microsoft\\Live Mesh\\GacBase\\Moe.exe"=
"c:\\Program Files\\Save Tube Video Company\\SaveTubeVideoBurn\\downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [22.5.2007 11:04 18088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.9.2008 21:54 138752]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 TTDec;ATI WDM Teletext Decoder;c:\windows\system32\drivers\atinttxx.sys [17.6.2008 9:18 21695]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 11:59 1047880]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [1.2.2010 6:42 44880]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [1.2.2010 6:42 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [1.2.2010 6:42 19408]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 11:18 10064]
S1 PDIDRV;PDIDRV; [x]
S2 gupdate1c8d63a1720ca32;Google Update Service (gupdate1c8d63a1720ca32);c:\program files\Google\Update\GoogleUpdate.exe [17.7.2008 8:18 133104]
S3 ComodoBackupService;ComodoBackupService;c:\program files\Comodo\BackUp\CmdBkSvc.exe [21.11.2008 9:49 1023488]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [22.12.2008 22:20 410976]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-05-04 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-01-13 12:11]

2010-05-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-20 05:11]

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-17 20:04]

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-17 20:04]

2010-04-30 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 21:42]

2010-05-04 c:\windows\Tasks\User_Feed_Synchronization-{F6D51471-0A77-410A-AF61-786E24A678AE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:01]

2010-04-30 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2008-06-21 13:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2124320
uDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Stáhnout &vše FlashGetem - c:\zaloha\Program Files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\zaloha\Program Files\FlashGet\jc_link.htm
IE: + Offline &Explorer: Download the link - file://c:\zaloha\Program Files\Offline Explorer EnterpriseA\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\zaloha\Program Files\Offline Explorer EnterpriseA\Add_AllO.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Najít pomocí &Google - c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
IE: Přeložit stránku pomocí Google - c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: {{A0BB3F12-4E51-4F7E-A7A2-6ADD8289C36B} - {52E729D7-DFFB-4011-97EE-D7E28212D901} - Shdocvw.dll
LSP: c:\windows\system32\imon.dll
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
FF - ProfilePath - c:\documents and settings\Já\Data aplikací\Mozilla\Firefox\Profiles\lpko86wk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Messenger Plus Live Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2124320&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101703&gct=&gc=1&q=
FF - component: c:\documents and settings\Já\Data aplikací\Mozilla\Firefox\Profiles\lpko86wk.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Já\Data aplikací\Mozilla\Firefox\Profiles\lpko86wk.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\Save Tube Video Company\SaveTubeVideoBurn\FF\components\swslib.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-RealPlayerrealplay - c:\program files\common files\real\rcaplugins\stubdrmuisystem.exe
HKLM-Run-QuickTimeQuickTimeResources - c:\program files\quicktime\qtsystem\quicktimestreamingextras.resources\en.lproj\quicktimeresourcesquicktimeresources.exe
HKLM-Run-SETUPAntivirus - c:\program files\eset\setup\nod32setup.exe
HKLM-Run-gemcompilerConfiguration1.0.1.448 - c:\program files\common files\real\rcaplugins\stubdrmuisystem.exe
HKLM-Run-SubsetFontTaskSubsetFontTask - c:\program files\microsoft expression\blend 2\projectbuildtasks\subsetfonttasksubsetfonttask.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 22:02
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="E2A359391E13E7AB40A02859ED713129A6A58F72A4FD5C0C487D77E3D177E04E10E0DBE6CB5954A783C44028D95AE28FB28D38B7EF3E66933F017EC27678F97AE991991FA998333B37F4112D7D8C5A3FA40F3AFC1CB3BA77E42985D1723B7F43B977EEE9C44FA69D50786A9A5D9EF82D37967443C8281E8C5EA51E00995DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D14079F9BECE06DEE0506CA3D14E0AFDE8FDFC5DC952D942BCF81BA66512BD3DEF6660D36AFB716521FE16567A31F036691424D7DBEE4EB14273FE15550DC7EC52DBB8E6B9D949107E4D5E0EF1D0CF67E0AC6DE2BCE39603B7013FE319CE6DC512B0E9EEA4B5C58C64B2596617FCF334E2685D5ECCFB7EE56328A8FA0E4DB5AE2717CFC16B04364BDEAA32A7CAB67E56F36A853002A42900B1743567C3E22E54EA2BB2C85AAD5B58E013B7DB4E5A23EEFB2EDBD552B8C4BF3EEF058D29D72F05C08137301F872D1CC6EE83A30D9A3F151B4A8BC10089FA1A12B5B61E3DFDA72C70D615E09414B3D0339BE4B4C13633889F83D3F0A55589E96645D7E26C3BC65C0C1143B508A6806AC08E06117042ECF84E2A674CE0E674FC9556503C26ECF496BD9B09EBBC223BB3BA888705581A1771E787552209052C6A4DAF70318651B9FE02E4FDEE6B72BF1938D04B0FDC434752A61C713F01F709888FA2C5AB615FD6FAB391D962121033F8FC8B39E3CEBAB12EB6DD733EBDFEF6048592D27644B29C34D9A5925EA14023F7B160EF96F772519200EEDF1EB5D50B9A843BA4A1BBD2429B79758AF7C10511398CF9BC72C4D8FDBF4D9E75702866748E626A76B070347B5D418031A4073F0DD1B7978CE39372F2E8989392BF12DDC303296D9F40C95C07D01A6D41253033446AD36579C12E21CE9F6FB67FA35092F1CAB4ACE133DD4921C0AF4DE060A67C0F86D4F7D7F6760C0EA46328D1778322DB9EB1C9438E5859230B5D5C3A769AD9225E831448D1BA5DD12F353D9151B29FC3AFC8B4F1C03CEEA5C3CC03E702D45777EA76D989D460D07C474280D4FB24E17525FBAB538463B97C6C7D2989A430312BCA139FBCC3252A46A2D1E7E61876AC83E05F0924A94BA6B9AF9CA34254E1F591C44EC827B6019F0EF76C8192C16A5B1B95419C55508210D06668D855224B698DBEE85D64C04E4FD47205DDA560F10C6062942429EECA475BC16A114AB50C8EE3FF9A43628849FADE26BB555C7D69B51E9D21F90B04761F2F483347B79113A4D8EAB0E713C7D1638BD0F4F2FAF859E6E2E9386CAD94A5626E81F166ECDD8D37C94C1AA6D763DFA2AD2B34CA2FB67D20EA123741F2C606886D6CC392F79CE4316A16D88258DC9E262A279F2FE647E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1340)
c:\windows\system32\relog_ap.dll
.
Celkový čas: 2010-05-04 22:09:01
ComboFix-quarantined-files.txt 2010-05-04 20:08
ComboFix2.txt 2010-05-04 18:20

Před spuštěním: Volných bajtů: 75 510 726 656
Po spuštění: Volných bajtů: 75 490 652 160

- - End Of File - - EA4352D7F59A1E0FB90EDCCD8BCD8518

1. CF jste nepřesunul na plochu. Spuštěný z: c:\documents and settings\Já\Dokumenty\My Downloads\Programy\ComboFix.exe
2. Skript je uložen jako CFScript.lnk, nikoli jako CFScript.txt. Použité ovládací přepínače :: c:\documents and settings\Já\Plocha\CFScript.lnk

Musíte ještě jednou.

Omlouvám se, teď už budu působit jako "lama".
Stažený Combofix mám ve složce Dokumenty.
Odtud jsem jej přetáhl (celou složku) v průzkumníkovi na Plochu.
Zase špatně-viz log ( pouze horní část).
Druhý dotaz- před naběhnutím Combofix varuje- bacha,běží ESET. NODa zavřu- běžným způsobem, v taskmanageru "odstřelím"-ukončím proces nod32.exe (systémový), zřejmě je to málo, jsou tam ještě další " esetovské" procesy- já osobně nepoznám které ???
Znamená to napřed běžně z Dokumentů spustit combofix- usadí se v Program Filles ??? nebo jinde a odtud pak znovu přetáhnout na plochu ?
Dík za "polopatické vysvětlení"

Log- pouze horní čast- abych nezahlcoval prostor.

ComboFix 10-05-03.06 - Já 05.05.2010 9:03.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.140 [GMT 2:00]
Spuštěný z: c:\documents and settings\Já\Dokumenty\My Downloads\Programy\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Já\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

Ještě než prosím se budete zabývat poradou- staženo Operou 10.50

V ovl. panelu esetu by měla být možnost antivir vypnout. Pokud to uděláte, můžete eventuální hlášku CF ignorovat.

Omluva s obtěžováním.
Přemýšlím o následujícím postupu :
1.Dosavadní Combofix odstranit- na př. s Yourinstalatérem (sahne i do registrů komplet).
2.Stahnout znovu a uložit rovnou na plochu- doufám, že to půjde.
3.Zvolit doporučený postup- samozřejmě, že jsem NODa běžně vypnul, včetně jeho hlášky o možném ohrožení PC-v této fázi lze tedy v Cmbf pokračovat?
4. Nebude lepší po "uzavření NODu- jeho vypnutí v taskmanageru u NODa odstřelit nejen proces nod32.exe, ale zvolit - "odstřelit strom procesu"?
5.Při ukládání skriptu v Poznámkovém bloku ponechat původní nabídku kódování ANSI, nebo zvolit jinou ( na př.UTF 8)?
Dík za reakci, v případě nutnosti můj @ : jméno@ na gmailu.com

1. CF odinstalujete Start>spustit>(napsat) combofix /uninstall>OK. Nebo T-Cleanerem: http://sweb.cz/Marinus/T-Cleaner.exe .
2. Se stažením by neměl být problém.
3. Stačí NOD standardně vypnout. Pak můžete příp. hlášku ignorovat.
4. S kódováním by neměl být problém, CF používá standardní středoevropské kódování.

Provedeno nové stažení Combofixu- na plochu (viz log) a projeto Combofixem.
Tady je nový log :- prosím, projděte ho. Díky ! JK

ComboFix 10-05-05.0D - Já 06.05.2010 21:48:54.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.167 [GMT 2:00]
Spuštěný z: c:\documents and settings\Já\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-06 do 2010-05-06 )))))))))))))))))))))))))))))))
.

2010-05-06 13:41 . 2010-05-06 13:41 -------- d-----w- c:\program files\AskBardis
2010-05-04 14:17 . 2008-09-07 15:22 8704 ----a-w- c:\windows\system32\ssbtsr.exe
2010-05-04 14:17 . 2010-05-04 14:17 -------- d-----w- c:\program files\ScanSpyware
2010-05-03 17:28 . 2010-05-03 17:27 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-13 03:04 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-01 22:21 . 2008-06-27 08:08 -------- d-----w- c:\program files\CCleaner
2010-04-30 13:00 . 2008-09-06 15:30 -------- d-----w- c:\program files\Norton Security Scan
2010-04-26 17:05 . 2009-11-25 14:50 -------- d-----w- c:\program files\Opera W
2010-04-23 13:08 . 2008-09-06 17:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-19 14:28 . 2006-03-02 12:00 454474 ----a-w- c:\windows\system32\perfh005.dat
2010-04-19 14:28 . 2006-03-02 12:00 87954 ----a-w- c:\windows\system32\perfc005.dat
2010-04-15 16:00 . 2009-06-17 19:39 -------- d-----w- c:\program files\Opera 10 UNITE
2010-04-13 19:43 . 2009-11-04 15:12 -------- d-----w- c:\program files\AllMedia Grabber
2010-04-05 18:15 . 2010-04-05 18:14 -------- d-----w- c:\program files\Messenger_Plus_Live
2010-04-05 18:11 . 2008-09-02 03:54 -------- d-----w- c:\program files\Messenger Plus! Live
2010-03-31 12:50 . 2010-03-31 12:50 -------- d-----w- c:\program files\Uniblue
2010-03-18 17:21 . 2008-06-26 17:12 -------- d-----w- c:\program files\Opera 951 USB
2010-03-12 16:22 . 2008-08-02 06:49 -------- d-----w- c:\program files\Acronis
2010-03-10 14:05 . 2008-06-20 22:43 -------- d-----w- c:\program files\Common Files\Java
2010-03-10 14:02 . 2008-06-20 22:44 -------- d-----w- c:\program files\Java
2010-02-25 10:03 . 2010-02-26 20:26 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-25 09:56 . 2009-01-04 08:25 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-24 12:31 . 2006-03-02 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:34 . 2006-03-02 12:00 2183552 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:34 . 2004-08-17 15:45 2060544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2006-03-02 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2006-03-02 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-02-18 2349080]
"{31c7d459-9cc3-44f2-9dca-fc11795309b4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-18 2349080]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]
2010-02-18 09:48 2349080 ----a-w- c:\program files\IObitCom\tbIOb1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b339f6e-ddcd-401b-8764-230adbd01761}]
2010-02-22 10:05 2353176 ----a-w- c:\program files\Messenger_Plus_Live\tbMess.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2010-02-18 09:48 2349080 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-02-18 2349080]
"{9b339f6e-ddcd-401b-8764-230adbd01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2010-02-18 2349080]
"{31C7D459-9CC3-44F2-9DCA-FC11795309B4}"= "c:\program files\IObitCom\tbIOb1.dll" [2010-02-18 2349080]
"{9B339F6E-DDCD-401B-8764-230ADBD01761}"= "c:\program files\Messenger_Plus_Live\tbMess.dll" [2010-02-22 2353176]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CLASSES_ROOT\clsid\{31c7d459-9cc3-44f2-9dca-fc11795309b4}]

[HKEY_CLASSES_ROOT\clsid\{9b339f6e-ddcd-401b-8764-230adbd01761}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetIconOverlay]
@="{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}"
[HKEY_CLASSES_ROOT\CLSID\{3C3DC57A-7535-48AF-BB9E-C3576A4F34D0}]
2009-05-16 12:52 192208 ----a-w- c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GladinetUploading]
@="{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}"
[HKEY_CLASSES_ROOT\CLSID\{959A18D3-9CC9-41e8-B76F-34ED9A89D4EA}]
2009-05-16 12:55 192208 ----a-w- c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Já\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2008-08-29 133104]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-06 39408]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-03-29 2343120]
"SecurityCenter"="c:\documents and settings\Já\Data aplikací\Desktop Security 2010\securitycenter.exe" [2010-05-04 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-06-17 921600]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 21 (0x15)
"GreyMSIAds"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlcrdplauncher]
2010-02-01 04:38 21840 ----a-w- c:\program files\Live Mesh\Remote Desktop\wlcrdplauncher.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck OODBS\0OODBS

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Gladinet Cloud Desktop.lnk]
backup=c:\windows\pss\Gladinet Cloud Desktop.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Já^Nabídka Start^Programy^Po spuštění^VirtuaWin.lnk]
backup=c:\windows\pss\VirtuaWin.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-03-29 12:54 2343120 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ATI Launchpad"="c:\program files\ATI Multimedia\main\LaunchPd.exe"
"ATI Remote Control"=c:\program files\ATI Multimedia\RemCtrl\ATIX10.exe
"Active Desktop Calendar"=c:\zaloha\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe
"AtiTrayTools"="c:\program files\Ray Adams\ATI Tray Tools\atitray.exe"
"Picasa Media Detector"=c:\program files\Picasa2\PicasaMediaDetector.exe
"Google Update"="c:\documents and settings\Já\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" /startup
"UIWatcher"=c:\program files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" /background
"VistaStartMenu"="c:\program files\Vista Start Menu\VistaStartMenu.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe"
"SoundMan"=SOUNDMAN.EXE
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Babylon Client"=c:\program files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "c:\program files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
"PWRISOVM.EXE"=c:\program files\PowerISO2\PowerISO\PWRISOVM.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"UVS11 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
"AcronisTimounterMonitor"=c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
"TrojanScanner"=c:\program files\Trojan Remover A\Trjscan.exe /boot
"TrueImageMonitor.exe"=c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
"SpywareTerminator"="c:\zaloha\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"OODefragTray"=c:\windows\system32\oodtray.exe
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"UVS12 Preload"=c:\program files\Corel\Corel VideoStudio 12\uvPL.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=c:\program files\Google\Gmail Notifier\gnotify.exe
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe"
"Advanced URL Catalog"="c:\program files\Jordysoft\Advanced URL Catalog\AdUrlCatalog.exe" /minimized
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IEPro\\MiniDM.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Opera 95 FIN\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\FreeDownloadManager\\fdmwi.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\uTorrent\\utorrent.exe"=
"c:\\Zaloha\\Jazyky\\EDDICA\\DUA1\\tbload.BAK"=
"c:\\Zaloha\\Jazyky\\EDDICA\\DUA1\\tbload.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Tools\\TightVNC\\WinVNC.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\OperaUSB\\op.com"=
"c:\\Program Files\\TC UP\\PLUGINS\\Tools\\HFS\\hfs.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NMMediaServer.exe"=
"c:\\Program Files\\Free Download Manager\\fdm.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Zaloha\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Opera 952\\Opera 9.52\\opera.exe"=
"c:\\Program Files\\Microsoft Expression\\Media 2\\Media.exe"=
"c:\\Program Files\\Avid\\Avid Free DV\\AvidFreeDV.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera 951 USB\\OperaPortable\\App\\Opera\\Opera.exe"=
"c:\\Program Files\\Opera 10 UNITE\\opera.exe"=
"c:\\Program Files\\Opera 10 Preview\\opera.exe"=
"c:\\Program Files\\Opera 10 UNITE 1615\\opera.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera 10 UNITE RC\\opera.exe"=
"c:\\Program Files\\Opera W\\opera.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Gladinet\\Gladinet Cloud Desktop\\GladinetClient.exe"=
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\OperaUSB\\operausb.exe"=
"c:\\Program Files\\Opera 951 USB\\op.com"=
"c:\\Program Files\\Live Mesh\\Remote Desktop\\wlcrasvc.exe"=
"c:\\Documents and Settings\\Já\\Local Settings\\Data aplikací\\Microsoft\\Live Mesh\\GacBase\\Moe.exe"=
"c:\\Program Files\\Save Tube Video Company\\SaveTubeVideoBurn\\downloader.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 atitray;atitray;c:\program files\Ray Adams\ATI Tray Tools\atitray.sys [22.5.2007 11:04 18088]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [10.9.2008 21:54 138752]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 TTDec;ATI WDM Teletext Decoder;c:\windows\system32\drivers\atinttxx.sys [17.6.2008 9:18 21695]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.2.2010 11:59 1047880]
R2 wlcrasvc;Live Mesh Remote Desktop;c:\program files\Live Mesh\Remote Desktop\wlcrasvc.exe [1.2.2010 6:42 44880]
R3 RDPDISPM;RDPDISPM;c:\windows\system32\drivers\rdpdispm.sys [1.2.2010 6:42 9040]
R3 RDPVDD;RDPVDD;c:\windows\system32\drivers\rdpvmp.sys [1.2.2010 6:42 19408]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.2.2010 11:18 10064]
S1 PDIDRV;PDIDRV; [x]
S2 gupdate1c8d63a1720ca32;Google Update Service (gupdate1c8d63a1720ca32);c:\program files\Google\Update\GoogleUpdate.exe [17.7.2008 8:18 133104]
S3 ComodoBackupService;ComodoBackupService;c:\program files\Comodo\BackUp\CmdBkSvc.exe [21.11.2008 9:49 1023488]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [22.12.2008 22:20 410976]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-05-06 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2010-01-13 12:11]

2010-05-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-20 05:11]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-17 20:04]

2010-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-17 20:04]

2010-04-30 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 21:42]

2010-05-06 c:\windows\Tasks\User_Feed_Synchronization-{F6D51471-0A77-410A-AF61-786E24A678AE}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 01:01]

2010-04-30 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2008-06-21 13:13]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2124320
uDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Stáhnout &vše FlashGetem - c:\zaloha\Program Files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\zaloha\Program Files\FlashGet\jc_link.htm
IE: + Offline &Explorer: Download the link - file://c:\zaloha\Program Files\Offline Explorer EnterpriseA\Add_UrlO.htm
IE: + Offline E&xplorer: Download the current page - file://c:\zaloha\Program Files\Offline Explorer EnterpriseA\Add_AllO.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Najít pomocí &Google - c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gsearch.htm
IE: Přeložit stránku pomocí Google - c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\Web\gtranslate.htm
IE: Stáhnout Free Download Managerem - file://c:\program files\Free Download Manager\dllink.htm
IE: Stáhnout video Free Download Managerem - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Stáhnout vybrané Free Download Managerem - file://c:\program files\Free Download Manager\dlselected.htm
IE: Stáhnout vše Free Download Managerem - file://c:\program files\Free Download Manager\dlall.htm
IE: Translate this web page with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {{A0BB3F12-4E51-4F7E-A7A2-6ADD8289C36B} - {52E729D7-DFFB-4011-97EE-D7E28212D901} - Shdocvw.dll
LSP: c:\windows\system32\imon.dll
Trusted Zone: mojebanka.cz\*
Trusted Zone: mojebanka.cz\*
FF - ProfilePath - c:\documents and settings\Já\Data aplikací\Mozilla\Firefox\Profiles\lpko86wk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Messenger Plus Live Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2124320&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101703&gct=&gc=1&q=
FF - component: c:\documents and settings\Já\Data aplikací\Mozilla\Firefox\Profiles\lpko86wk.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Já\Data aplikací\Mozilla\Firefox\Profiles\lpko86wk.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\Save Tube Video Company\SaveTubeVideoBurn\FF\components\swslib.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Opera W\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera W\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Asociace souborů -------
.
.scr=scr
.reg=reg
.txt=txt
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-06 22:00
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="E2A359391E13E7AB40A02859ED713129A6A58F72A4FD5C0C487D77E3D177E04E10E0DBE6CB5954A783C44028D95AE28FB28D38B7EF3E66933F017EC27678F97AE991991FA998333B37F4112D7D8C5A3FA40F3AFC1CB3BA77E42985D1723B7F43B977EEE9C44FA69D50786A9A5D9EF82D37967443C8281E8C5EA51E00995DFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933A6A0AC4980AC7933A9C6AECB7A5D14079F9BECE06DEE0506CA3D14E0AFDE8FDFC5DC952D942BCF81BA66512BD3DEF6660D36AFB716521FE16567A31F036691424D7DBEE4EB14273FE15550DC7EC52DBB8E6B9D949107E4D5E0EF1D0CF67E0AC6DE2BCE39603B7013FE319CE6DC512B0E9EEA4B5C58C64B2596617FCF334E2685D5ECCFB7EE56328A8FA0E4DB5AE2717CFC16B04364BDEAA32A7CAB67E56F36A853002A42900B1743567C3E22E54EA2BB2C85AAD5B58E013B7DB4E5A23EEFB2EDBD552B8C4BF3EEF058D29D72F05C08137301F872D1CC6EE83A30D9A3F151B4A8BC10089FA1A12B5B61E3DFDA72C70D615E09414B3D0339BE4B4C13633889F83D3F0A55589E96645D7E26C3BC65C0C1143B508A6806AC08E06117042ECF84E2A674CE0E674FC9556503C26ECF496BD9B09EBBC223BB3BA888705581A1771E787552209052C6A4DAF70318651B9FE02E4FDEE6B72BF1938D04B0FDC434752A61C713F01F709888FA2C5AB615FD6FAB391D962121033F8FC8B39E3CEBAB12EB6DD733EBDFEF6048592D27644B29C34D9A5925EA14023F7B160EF96F772519200EEDF1EB5D50B9A843BA4A1BBD2429B79758AF7C10511398CF9BC72C4D8FDBF4D9E75702866748E626A76B070347B5D418031A4073F0DD1B7978CE39372F2E8989392BF12DDC303296D9F40C95C07D01A6D41253033446AD36579C12E21CE9F6FB67FA35092F1CAB4ACE133DD4921C0AF4DE060A67C0F86D4F7D7F6760C0EA46328D1778322DB9EB1C9438E5859230B5D5C3A769AD9225E831448D1BA5DD12F353D9151B29FC3AFC8B4F1C03CEEA5C3CC03E702D45777EA76D989D460D07C474280D4FB24E17525FBAB538463B97C6C7D2989A430312BCA139FBCC3252A46A2D1E7E61876AC83E05F0924A94BA6B9AF9CA34254E1F591C44EC827B6019F0EF76C8192C16A5B1B95419C55508210D06668D855224B698DBEE85D64C04E4FD47205DDA560F10C6062942429EECA475BC16A114AB50C8EE3FF9A43628849FADE26BB555C7D69B51E9D21F90B04761F2F483347B79113A4D8EAB0E713C7D1638BD0F4F2FAF859E6E2E9386CAD94A5626E81F166ECDD8D37C94C1AA6D763DFA2AD2B34CA2FB67D20EA123741F2C606886D6CC392F79CE4316A16D88258DC9E262A279F2FE647E"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1352)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(3788)
c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIcon.dll
c:\program files\Gladinet\Gladinet Cloud Desktop\GlOverlayIconU.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
.
Celkový čas: 2010-05-06 22:09:56
ComboFix-quarantined-files.txt 2010-05-06 20:09

Před spuštěním: Volných bajtů: 81 562 673 152
Po spuštění: Volných bajtů: 81 536 856 064

- - End Of File - - A2B3CB0780F1E71A5C62C995832698D3

Otevřte poznámkový blok a zkopírujte do něj:

Folder::
c:\program files\AskBardis

Collect::
c:\documents and settings\Já\Data aplikací\Desktop Security 2010\securitycenter.exe

Driver::
PDIDRV

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecurityCenter"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"KernelFaultCheck"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Provedeno, zdá se, že s úspěchem- přestala vyskakovat protivná okna. Za pomoc dík, jen ještě dotaz:
1.Při naběhnutí Cimbofixu nabízí aktualizace- stáhnout ?
2. Je Combofix universální?
Zároveň s omluvou a vysvětlením : Tenhle "sajrajt" jsem chytil asi po 7 létech poprvé, přišel mi přes Gmail( ten ho vyřadil do spamu) jako eCard. Protože občas eCardy dostávám od přátel ze zahraničí, naběhl jsem si na vidle. Nevarovalo mne ani to, že tam byl setup.exe. Za blbost se platí a vlastní bolí několikanásobně.
Tohle prosím, aby si vzali k srdci ostatní, kteří na tohle vlákno zabloudí !