VIRY.CZ

Dobrý den, jsem naprostý počítačový analfabet ... Dala jsem kontrolu celého notebooku (Asus F5) avastem (free verze) a našlo mi to 2 trojské koně (byl to nějaký Revenom nebo Renevon), někde jsem se dočetla, že je dobré použít SUPERAntiSpyware a to mi objevilo Trojan.Agent/Gen-Malfem, ale už ne ty dva na R. Můžete mi prosím poradit? Nejlépe stylem pro trola ... Chtěla jsem provést to RSIT, z těch tří odkazů jsem uložila všechny ale když dám Continue, tak mi tam vždycky skočí error (postupně, napřed jsem dala uložit jeden, spustila - klikla Continue a nic a tak jsem pokračovala u dalších dvou) :/ Děkuju za pomoc.

I když mi to hlásí stále error, ta jsem přecejen našla ve složce rsit toto:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Asined at 2013-07-01 18:19:32
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 29 GB (19%) free of 153 GB
Total RAM: 3070 MB (66% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for PLANEO.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 25b623dc-d3a4-4e9a-943b-b7be1b4445e4.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task ab76bb94-c79a-4e92-800e-0fe92b54065f.job
C:\Windows\tasks\WebReg Deskjet F2100 series.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2013-05-10 68680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27383DC1-37A3-94AF-F7F6-936D243F51BF}]
Download and Sa Class - C:\ProgramData\Download and Sa\506d493294824.ocx [2012-10-04 155136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealNetworks Download and Record Plugin for Internet Explorer - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29 539888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06 194912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42DFA04F-0F16-418e-B80C-AB97A5AFAD3A}]
PDFXChange 2012 - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll [2012-08-14 423040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-23 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77e8143b-6759-416e-b521-82cfed75150b}]
DivX Browser Bar Toolbar - C:\Program Files\DivX_Browser_Bar\prxtbDivX.dll [2013-06-18 231712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-20 192592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-23 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]
{42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - PDFXChange 2012 - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll [2012-08-14 423040]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-20 192592]
{77e8143b-6759-416e-b521-82cfed75150b} - DivX Browser Bar Toolbar - C:\Program Files\DivX_Browser_Bar\prxtbDivX.dll [2013-06-18 231712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-12 6265376]
"Skytel"=C:\Windows\Skytel.exe [2008-08-12 1833504]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"ExpressFiles"=C:\Program Files\ExpressFiles\ExpressFiles.exe [2012-04-13 455800]
"TkBellExe"=C:\Program Files\Real\RealPlayer\Update\realsched.exe [2013-03-29 295072]
"SearchProtectAll"=C:\Program Files\SearchProtect\bin\cltmng.exe [2013-05-08 2852640]
"DivXMediaServer"=C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [2013-05-20 450560]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2013-02-13 1263952]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\Sidebar.exe [2009-04-11 1233920]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2013-05-15 4760816]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

Zdravím!
Log není kompletní.

Já vím, konečně mi to normálně doběhlo :

Logfile of random's system information tool 1.09 (written by random/random)
Run by PLANEO at 2013-07-01 19:43:13
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 26 GB (17%) free of 153 GB
Total RAM: 3070 MB (33% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:43:30, on 1.7.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16490)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ExpressFiles\EFupdater.exe
C:\Windows\Explorer.EXE
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\ExpressFiles\ExpressFiles.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ICQ7.7\ICQ.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\PLANEO\AppData\Roaming\SearchProtect\bin\cltmng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Users\PLANEO\Downloads\RSIT(1).exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\PLANEO\Downloads\RSIT(1).exe
C:\Program Files\trend micro\PLANEO.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT32886 ... E31FB52974
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: DivX Browser Bar Toolbar - {77e8143b-6759-416e-b521-82cfed75150b} - C:\Program Files\DivX_Browser_Bar\prxtbDivX.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Download and Sa - {27383DC1-37A3-94AF-F7F6-936D243F51BF} - C:\ProgramData\Download and Sa\506d493294824.ocx
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: PXCIEaddin5 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: DivX Browser Bar - {77e8143b-6759-416e-b521-82cfed75150b} - C:\Program Files\DivX_Browser_Bar\prxtbDivX.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: DivX Browser Bar Toolbar - {77e8143b-6759-416e-b521-82cfed75150b} - C:\Program Files\DivX_Browser_Bar\prxtbDivX.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ExpressFiles] "C:\Program Files\ExpressFiles\ExpressFiles.exe" -tray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe
O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.7\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EADM] "D:\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [SearchProtect] C:\Users\PLANEO\AppData\Roaming\SearchProtect\bin\cltmng.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://oas.support.microsoft.com/ActiveX/MSDcode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:\Program Files\SearchProtect\bin\CltMngSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 13304 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\Norton Security Scan for PLANEO.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task 89478cce-a130-4def-aaef-9badc5902b43.job
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task c6dbd0dc-c373-474b-b079-ba1d7ec41cc8.job
C:\Windows\tasks\WebReg Deskjet F2100 series.job

=========Mozilla firefox=========

ProfilePath - C:\Users\PLANEO\AppData\Roaming\Mozilla\Firefox\Profiles\h9ndpdpu.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}:6.0.19, belle.starr.colt@gmx.com:3.9, DTToolbar@toolbarnet.com:1.1.1.0014, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, wrc@avast.com:6.0.1289, toolbar@ask.com:3.12.2.16749, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... 71&UM=2&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}"=C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"{34712C68-7391-4c47-94F3-8F88D49AD632}"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Plus Web Player Plug-In,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5]
"Description"=Office Live Update v1.5
"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0]
"Description"=RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0]
"Description"=RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0]
"Description"=RealNetworks(tm) RealDownloader Peppe rFlash Video Shim Plug-In
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282]
"Description"=RealPlayer Download Plugin
"Path"=C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@realnetworks.com/npdlplugin;version=1]
"Description"=RealDownloader Plugin
"Path"=C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.7]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Program Files\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nppl3260.xpt
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
nprpplugin.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
babylon.xml
mall-cz.xml

C:\Users\PLANEO\AppData\Roaming\Mozilla\Firefox\Profiles\h9ndpdpu.default\extensions\
506d493294695@506d4932946ce.com
belle.starr.colt@gmx.com
{77e8143b-6759-416e-b521-82cfed75150b}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Users\PLANEO\AppData\Roaming\Mozilla\Firefox\Profiles\h9ndpdpu.default\searchplugins\
ask-search.xml
askcom.xml
conduit.xml
daemon-search.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2013-05-10 68680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-08-04 1586472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27383DC1-37A3-94AF-F7F6-936D243F51BF}]
Download and Sa Class - C:\ProgramData\Download and Sa\506d493294824.ocx [2012-10-04 155136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealNetworks Download and Record Plugin for Internet Explorer - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29 539888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2013-05-06 194912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{42DFA04F-0F16-418e-B80C-AB97A5AFAD3A}]
PDFXChange 2012 - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll [2012-08-14 423040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-06-23 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77e8143b-6759-416e-b521-82cfed75150b}]
DivX Browser Bar Toolbar - C:\Program Files\DivX_Browser_Bar\prxtbDivX.dll [2013-06-18 231712]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocná služba pro přihlášení ke službě Windows Live ID - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-20 192592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-06-23 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]
{42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - PDFXChange 2012 - C:\Program Files\Tracker Software\PDF-XChange 5\PXCIEaddin5.dll [2012-08-14 423040]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-06-20 192592]
{77e8143b-6759-416e-b521-82cfed75150b} - DivX Browser Bar Toolbar - C:\Program Files\DivX_Browser_Bar\prxtbDivX.dll [2013-06-18 231712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-12-10 49152]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-08-12 6265376]
"Skytel"=C:\Windows\Skytel.exe [2008-08-12 1833504]
"Windows Mobile-based device management"=C:\Windows\WindowsMobile\wmdSync.exe [2008-01-21 215552]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"ExpressFiles"=C:\Program Files\ExpressFiles\ExpressFiles.exe [2012-04-13 455800]
"TkBellExe"=C:\Program Files\Real\RealPlayer\Update\realsched.exe [2013-03-29 295072]
"SearchProtectAll"=C:\Program Files\SearchProtect\bin\cltmng.exe [2013-05-08 2852640]
"DivXMediaServer"=C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [2013-05-20 450560]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2013-02-13 1263952]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2013-05-01 421888]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-11-11 39408]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]
"ICQ"=C:\Program Files\ICQ7.7\ICQ.exe [2012-01-23 127040]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]
"EADM"=D:\Origin\Origin.exe [2013-06-04 3456080]
"SearchProtect"=C:\Users\PLANEO\AppData\Roaming\SearchProtect\bin\cltmng.exe [2013-05-08 2852640]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2013-05-15 4760816]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\PLANEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2013-05-08 115440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=iyvu9_32.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"wave2"=serwvdrv.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"VIDC.IV41"=IR41_32.AX
"VIDC.IV32"=ir32_32.dll
"VIDC.IV31"=ir32_32.dll
"VIDC.FMVC"=fmcodec.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"VIDC.NSVI"=nsvideo.dll
"vidc.mjpg"=pvmjpg30.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-07-01 18:59:10 ----D---- C:\Program Files\SUPERAntiSpyware
2013-07-01 18:58:50 ----D---- C:\Users\PLANEO\AppData\Roaming\SUPERAntiSpyware.com
2013-07-01 18:35:06 ----ASH---- C:\hiberfil.sys
2013-07-01 16:50:12 ----D---- C:\Program Files\trend micro
2013-07-01 16:50:10 ----D---- C:\rsit
2013-07-01 15:22:54 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2013-07-01 14:16:21 ----A---- C:\Windows\ntbtlog.txt
2013-06-30 01:11:27 ----D---- C:\Program Files\Bonjour
2013-06-30 01:11:22 ----SHD---- C:\Config.Msi
2013-06-26 01:49:29 ----D---- C:\Program Files\Safari
2013-06-24 09:26:30 ----D---- C:\Users\PLANEO\AppData\Roaming\Apple Computer
2013-06-23 15:33:55 ----D---- C:\Program Files\CCleaner
2013-06-23 14:44:41 ----A---- C:\Windows\system32\deployJava1.dll
2013-06-23 14:44:40 ----A---- C:\Windows\system32\npDeployJava1.dll
2013-06-23 14:44:40 ----A---- C:\Windows\system32\javaws.exe
2013-06-23 14:43:53 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-06-23 14:43:53 ----A---- C:\Windows\system32\javaw.exe
2013-06-23 13:49:54 ----D---- C:\Program Files\Conduit
2013-06-23 13:49:16 ----D---- C:\Program Files\DivX_Browser_Bar
2013-06-23 13:47:16 ----D---- C:\Program Files\SearchProtect
2013-06-23 13:46:57 ----D---- C:\Users\PLANEO\AppData\Roaming\SearchProtect
2013-06-23 13:45:39 ----A---- C:\ministub.exe
2013-06-23 13:45:37 ----D---- C:\ProgramData\Conduit
2013-06-23 09:18:52 ----A---- C:\Windows\Filzip.ini
2013-06-23 02:11:02 ----D---- C:\Users\PLANEO\AppData\Roaming\Malwarebytes
2013-06-23 02:10:50 ----D---- C:\ProgramData\Malwarebytes
2013-06-22 17:01:11 ----A---- C:\ProgramData\sdaksda.txt
2013-06-22 17:00:51 ----A---- C:\ProgramData\g252qs.txt
2013-06-14 07:25:26 ----A---- C:\Windows\system32\mshtmled.dll
2013-06-14 07:25:25 ----A---- C:\Windows\system32\vbscript.dll
2013-06-14 07:25:23 ----A---- C:\Windows\system32\ieui.dll
2013-06-14 07:25:22 ----A---- C:\Windows\system32\jsproxy.dll
2013-06-14 07:25:22 ----A---- C:\Windows\system32\ieUnatt.exe
2013-06-14 07:25:21 ----A---- C:\Windows\system32\msfeeds.dll
2013-06-14 07:25:20 ----A---- C:\Windows\system32\wininet.dll
2013-06-14 07:25:20 ----A---- C:\Windows\system32\jscript.dll
2013-06-14 07:25:18 ----A---- C:\Windows\system32\url.dll
2013-06-14 07:25:18 ----A---- C:\Windows\system32\jscript9.dll
2013-06-14 07:25:17 ----A---- C:\Windows\system32\iertutil.dll
2013-06-14 07:25:16 ----A---- C:\Windows\system32\urlmon.dll
2013-06-14 07:25:13 ----A---- C:\Windows\system32\ieframe.dll
2013-06-14 07:25:12 ----A---- C:\Windows\system32\mshtml.dll
2013-06-13 19:17:26 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-06-13 19:17:24 ----A---- C:\Windows\system32\win32spl.dll
2013-06-13 19:17:24 ----A---- C:\Windows\system32\printcom.dll
2013-06-13 19:16:35 ----A---- C:\Windows\system32\certutil.exe
2013-06-13 19:16:34 ----A---- C:\Windows\system32\cryptsvc.dll
2013-06-13 19:16:34 ----A---- C:\Windows\system32\cryptnet.dll
2013-06-13 19:16:34 ----A---- C:\Windows\system32\crypt32.dll
2013-06-13 19:16:32 ----A---- C:\Windows\system32\certenc.dll
2013-06-13 19:16:24 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-06-13 19:16:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-06-13 19:15:23 ----A---- C:\Windows\system32\cryptdlg.dll

======List of files/folders modified in the last 1 month======

2013-07-01 19:43:09 ----D---- C:\Windows\Temp
2013-07-01 19:02:26 ----D---- C:\Windows\System32
2013-07-01 19:02:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-07-01 19:02:25 ----D---- C:\Windows\inf
2013-07-01 18:59:44 ----D---- C:\Windows\Tasks
2013-07-01 18:59:42 ----D---- C:\Windows\system32\Tasks
2013-07-01 18:59:28 ----HD---- C:\ProgramData
2013-07-01 18:59:10 ----RD---- C:\Program Files
2013-07-01 18:57:22 ----D---- C:\Windows\tracing
2013-07-01 18:44:47 ----D---- C:\Users\PLANEO\AppData\Roaming\ExpressFiles
2013-07-01 18:44:33 ----D---- C:\Users\PLANEO\AppData\Roaming\Skype
2013-07-01 18:44:00 ----D---- C:\Windows
2013-07-01 14:59:53 ----SHD---- C:\$RECYCLE.BIN
2013-07-01 14:59:44 ----RD---- C:\Users
2013-06-30 01:33:37 ----SHD---- C:\System Volume Information
2013-06-30 01:14:29 ----SHD---- C:\Windows\Installer
2013-06-29 21:43:36 ----D---- C:\Windows\system32\drivers
2013-06-26 01:12:30 ----D---- C:\Users\PLANEO\AppData\Roaming\DivX
2013-06-25 09:32:55 ----A---- C:\Windows\system32\acovcnt.exe
2013-06-24 11:24:43 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-06-24 09:39:39 ----D---- C:\Windows\rescache
2013-06-23 15:47:17 ----D---- C:\Users\PLANEO\AppData\Roaming\DAEMON Tools Lite
2013-06-23 15:45:41 ----D---- C:\Windows\Panther
2013-06-23 15:45:40 ----D---- C:\Windows\Minidump
2013-06-23 15:45:40 ----D---- C:\Windows\Logs
2013-06-23 15:45:40 ----D---- C:\Windows\Debug
2013-06-23 14:42:30 ----D---- C:\Program Files\Java
2013-06-23 14:38:28 ----D---- C:\Program Files\QuickTime
2013-06-23 14:12:18 ----D---- C:\Program Files\Opera
2013-06-23 14:10:31 ----D---- C:\Program Files\Apple Software Update
2013-06-23 14:02:40 ----D---- C:\Users\PLANEO\AppData\Roaming\vlc
2013-06-23 13:59:32 ----D---- C:\Windows\winsxs
2013-06-23 13:54:31 ----D---- C:\ProgramData\DivX
2013-06-23 13:54:31 ----D---- C:\Program Files\DivX
2013-06-23 13:54:25 ----RSD---- C:\Windows\Fonts
2013-06-23 13:48:50 ----D---- C:\Program Files\Common Files\DivX Shared
2013-06-23 13:40:59 ----D---- C:\Windows\system32\catroot
2013-06-23 13:40:56 ----D---- C:\Windows\system32\catroot2
2013-06-23 09:35:54 ----D---- C:\Windows\Prefetch
2013-06-23 09:33:02 ----SD---- C:\Windows\Downloaded Program Files
2013-06-14 07:28:05 ----D---- C:\Windows\system32\migration
2013-06-14 07:28:05 ----D---- C:\Windows\system32\cs-CZ
2013-06-14 07:28:05 ----D---- C:\Program Files\Internet Explorer
2013-06-14 07:27:27 ----D---- C:\ProgramData\Microsoft Help
2013-06-14 07:19:46 ----A---- C:\Windows\system32\mrt.exe
2013-06-14 04:51:00 ----D---- C:\Windows\system32\config
2013-06-14 04:50:41 ----RSD---- C:\Windows\Media
2013-06-14 04:50:41 ----D---- C:\Windows\system32\wbem
2013-06-14 04:50:39 ----D---- C:\Windows\system32\spool
2013-06-14 04:50:39 ----D---- C:\Windows\system32\Msdtc
2013-06-14 04:50:39 ----D---- C:\ProgramData\P4G
2013-06-14 04:50:32 ----D---- C:\Windows\registration
2013-06-13 19:15:43 ----D---- C:\Windows\Microsoft.NET
2013-06-13 19:14:46 ----RSD---- C:\Windows\assembly
2013-06-10 22:09:58 ----D---- C:\Users\PLANEO\AppData\Roaming\Tropico 4
2013-06-07 00:02:27 ----D---- C:\Users\PLANEO\AppData\Roaming\ICQ
2013-06-06 10:23:48 ----D---- C:\Program Files\DAEMON Tools Toolbar
2013-06-06 10:22:12 ----D---- C:\Program Files\Ask.com
2013-06-05 13:28:38 ----D---- C:\Users\PLANEO\AppData\Roaming\Origin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Achernar;Achernar - SCSI Command Filter Drivers; C:\Windows\System32\Drivers\Achernar.sys [2007-02-05 18432]
R0 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2013-03-07 21576]
R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-05-09 49376]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-06-27 175176]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-03-09 691696]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2013-05-09 49760]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-06-27 770344]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-06-27 369584]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-05-09 56080]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R2 ASMMAP;ASMMAP; \??\C:\Program Files\ATKGFNEX\ASMMAP.sys [2007-07-24 13880]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-05-09 29816]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-05-09 66336]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
R2 ghaio;ghaio; \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys [2007-08-03 20936]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-04-06 908800]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-08-12 2159384]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2008-06-03 15928]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2008-01-21 18432]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2006-12-14 7680]
R3 NVENETFD;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2008-07-08 1050656]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-06-25 44064]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-07-25 7547552]
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys [2008-07-22 15872]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2008-07-23 1772544]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-08-17 190512]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S3 aeubkysf;aeubkysf; C:\Windows\system32\drivers\aeubkysf.sys []
S3 ASUSProcObsrv;ASUS Process Creation/Termination Observer; \??\E:\I386\AsProcOb.sys []
S3 CRFILTER;USB Mass Storage Filter; C:\Windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
S3 Dot4;Ovladač MS IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4.sys [2008-01-21 131584]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\Windows\system32\DRIVERS\Dot4Prt.sys [2008-01-21 16384]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\Windows\system32\DRIVERS\dot4usb.sys [2008-01-21 36864]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2008-12-08 55264]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ipswuio;ipswuio; C:\Windows\System32\DRIVERS\ipswuio.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 winusb;WinUSB Service; C:\Windows\system32\DRIVERS\winusb.sys [2009-04-11 31616]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 194048]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 ASLDRService;ASLDR Service; C:\Program Files\ATK Hotkey\ASLDRSrv.exe [2007-10-03 94208]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 BcmSqlStartupSvc;Služba spouštění serveru SQL Server aplikace Business Contact Manager; C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-16 30312]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-30 390504]
R2 CltMngSvc;Search Protect by Conduit Updater; C:\Program Files\SearchProtect\bin\CltMngSvc.exe [2013-05-08 97056]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-07-25 196608]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-21 21504]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 spmgr;spmgr; C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe [2007-08-03 125496]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 hpqcxs08;hpqcxs08; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-24 256904]
S3 fsssvc;Windows Live Zabezpečení rodiny; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-28 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-09-21 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-17 117144]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2008-10-24 145248]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]

-----------------EOF-----------------

Poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Vyjelo mi toto:

ComboFix 13-06-30.01 - PLANEO 01.07.2013 20:15:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1394 [GMT 2:00]
Spuštěný z: c:\users\PLANEO\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Download and Sa
c:\programdata\Download and Sa\506d493294824.ocx
c:\programdata\Download and Sa\506d49329485d.html
c:\programdata\Download and Sa\506d493294896.js
c:\programdata\Download and Sa\data\506d493294896.js
c:\programdata\Download and Sa\data\jsondb.js
c:\programdata\Download and Sa\niinpihegnkddnddpndlojcpecicmcpf.crx
c:\programdata\Download and Sa\settings.ini
c:\programdata\Download and Sa\uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Download and Sa
c:\programdata\Microsoft\Windows\Start Menu\Programs\Download and Sa\Download and Sa.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\Download and Sa\Uninstall.lnk
c:\programdata\ofirloc.pad
c:\windows\unin0405.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-06-01 do 2013-07-01 )))))))))))))))))))))))))))))))
.
.
2013-07-01 18:27 . 2013-07-01 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-01 17:58 . 2013-07-01 17:58 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2013-07-01 17:58 . 2013-07-01 17:58 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2013-07-01 17:58 . 2013-07-01 17:58 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2013-07-01 17:58 . 2013-07-01 17:58 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2013-07-01 17:58 . 2013-07-01 17:58 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2013-07-01 17:58 . 2013-07-01 17:58 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2013-07-01 17:58 . 2013-07-01 17:58 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2013-07-01 17:58 . 2013-07-01 17:58 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2013-07-01 17:58 . 2013-07-01 17:58 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2013-07-01 17:58 . 2013-07-01 17:58 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2013-07-01 17:58 . 2013-07-01 17:58 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2013-07-01 17:58 . 2013-07-01 17:58 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2013-07-01 17:57 . 2013-07-01 17:57 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2013-07-01 17:57 . 2013-07-01 17:57 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2013-07-01 17:57 . 2013-07-01 17:57 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2013-07-01 17:57 . 2013-07-01 17:57 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2013-07-01 17:57 . 2013-07-01 17:57 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2013-07-01 16:59 . 2013-07-01 16:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-01 16:58 . 2013-07-01 16:58 -------- d-----w- c:\users\PLANEO\AppData\Roaming\SUPERAntiSpyware.com
2013-07-01 14:50 . 2013-07-01 17:43 -------- d-----w- c:\program files\trend micro
2013-07-01 14:50 . 2013-07-01 17:12 -------- d-----w- C:\rsit
2013-07-01 13:22 . 2013-07-01 13:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-07-01 12:59 . 2013-07-01 12:59 -------- d-----w- c:\users\Asined
2013-06-29 23:11 . 2013-06-29 23:11 -------- d-----w- c:\program files\Bonjour
2013-06-28 23:08 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E87AD040-FD57-4927-B976-EE61C89AB78A}\mpengine.dll
2013-06-25 23:49 . 2013-06-29 23:14 -------- d-----w- c:\program files\Safari
2013-06-24 07:26 . 2013-06-25 23:50 -------- d-----w- c:\users\PLANEO\AppData\Roaming\Apple Computer
2013-06-23 13:33 . 2013-06-23 13:34 -------- d-----w- c:\program files\CCleaner
2013-06-23 12:44 . 2013-06-23 12:42 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-23 12:44 . 2013-06-23 12:42 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-23 12:43 . 2013-06-23 12:43 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-23 12:39 . 2013-06-23 12:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-23 12:39 . 2013-06-23 12:39 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2013-06-23 11:49 . 2013-06-23 11:49 -------- d-----w- c:\program files\Conduit
2013-06-23 11:49 . 2013-06-23 11:49 -------- d-----w- c:\program files\DivX_Browser_Bar
2013-06-23 11:49 . 2013-06-23 11:49 -------- d-----w- c:\users\PLANEO\AppData\Local\Conduit
2013-06-23 11:48 . 2013-06-23 11:48 -------- d-----w- c:\users\PLANEO\AppData\Local\CRE
2013-06-23 11:47 . 2013-06-23 11:47 -------- d-----w- c:\program files\SearchProtect
2013-06-23 11:46 . 2013-06-23 11:52 -------- d-----w- c:\users\PLANEO\AppData\Roaming\SearchProtect
2013-06-23 11:45 . 2013-06-23 11:45 81768 ----a-w- C:\ministub.exe
2013-06-23 11:45 . 2013-06-23 11:45 -------- d-----w- c:\programdata\Conduit
2013-06-23 00:11 . 2013-06-23 00:11 -------- d-----w- c:\users\PLANEO\AppData\Roaming\Malwarebytes
2013-06-23 00:10 . 2013-06-23 00:10 -------- d-----w- c:\programdata\Malwarebytes
2013-06-13 17:17 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-13 17:17 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-13 17:17 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-13 17:16 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-13 17:16 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-13 17:16 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-13 17:16 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-13 17:16 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-13 17:16 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-13 17:16 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-13 17:15 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-01 17:59 . 2009-10-01 20:09 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-06-27 19:14 . 2013-04-21 09:50 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:14 . 2010-01-05 10:30 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 19:13 . 2011-10-25 06:02 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-24 09:24 . 2013-02-19 09:08 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-24 09:24 . 2012-11-03 11:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2013-04-21 09:50 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2010-01-05 10:30 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2010-01-05 10:30 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2010-01-05 10:30 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2010-01-05 10:30 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2011-10-25 06:01 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2010-01-05 10:30 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-08 06:10 . 2011-06-11 00:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-05-02 00:06 . 2010-01-05 10:16 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-15 14:20 . 2013-05-15 16:51 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 16:51 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-15 16:51 2049024 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{77e8143b-6759-416e-b521-82cfed75150b}"= "c:\program files\DivX_Browser_Bar\prxtbDivX.dll" [2013-06-18 231712]
.
[HKEY_CLASSES_ROOT\clsid\{77e8143b-6759-416e-b521-82cfed75150b}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{77e8143b-6759-416e-b521-82cfed75150b}]
2013-06-18 11:54 231712 ----a-w- c:\program files\DivX_Browser_Bar\prxtbDivX.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{77e8143b-6759-416e-b521-82cfed75150b}"= "c:\program files\DivX_Browser_Bar\prxtbDivX.dll" [2013-06-18 231712]
.
[HKEY_CLASSES_ROOT\clsid\{77e8143b-6759-416e-b521-82cfed75150b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{77E8143B-6759-416E-B521-82CFED75150B}"= "c:\program files\DivX_Browser_Bar\prxtbDivX.dll" [2013-06-18 231712]
.
[HKEY_CLASSES_ROOT\clsid\{77e8143b-6759-416e-b521-82cfed75150b}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-11 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ICQ"="c:\program files\ICQ7.7\ICQ.exe" [2012-01-23 127040]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"EADM"="d:\origin\Origin.exe" [2013-06-04 3456080]
"SearchProtect"="c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"Skytel"="Skytel.exe" [2008-08-12 1833504]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ExpressFiles"="c:\program files\ExpressFiles\ExpressFiles.exe" [2012-04-13 455800]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2013-03-29 295072]
"SearchProtectAll"="c:\program files\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\PLANEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 19:34 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-19 09:24]
.
2013-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 15:01]
.
2013-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 15:01]
.
2011-10-28 c:\windows\Tasks\WebReg Deskjet F2100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3288691&octid=CT3288691&SearchSource=61&CUI=UN21897031020324405&UM=2&UP=SP938480DB-6D39-45C1-98B8-4AE31FB52974
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 10.98.231.66 10.98.0.227
FF - ProfilePath - c:\users\PLANEO\AppData\Roaming\Mozilla\Firefox\Profiles\h9ndpdpu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3288691&CUI=UN10647529152296171&UM=2&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DivX Browser Bar Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3288691&ctid=CT3288691&SearchSource=2&CUI=UN10647529152296171&UM=2&q=
FF - ExtSQL: 2013-06-23 13:46; {77e8143b-6759-416e-b521-82cfed75150b}; c:\users\PLANEO\AppData\Roaming\Mozilla\Firefox\Profiles\h9ndpdpu.default\extensions\{77e8143b-6759-416e-b521-82cfed75150b}
FF - ExtSQL: !HIDDEN! 2009-10-23 04:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109980
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 2e9ec95c00000000000000224351a545
FF - user.js: extensions.BabylonToolbar_i.hardId - 2e9ec95c00000000000000224351a545
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15443
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:31
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
BHO-{27383DC1-37A3-94AF-F7F6-936D243F51BF} - c:\programdata\Download and Sa\506d493294824.ocx
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{20E7BC40-33F6-4A81-9D52-B58349326206} - c:\programdata\Download and Sa\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-01 20:27
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\users\PLANEO\AppData\Local\Temp\catchme.dll 53248 bytes executable
c:\windows\TEMP\TMP00000090494071D28A958A38 524288 bytes
.
sken byl úspešně dokončen
skryté soubory: 2
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4067374528-2909061595-2700989555-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4067374528-2909061595-2700989555-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4067374528-2909061595-2700989555-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4067374528-2909061595-2700989555-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4067374528-2909061595-2700989555-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-4067374528-2909061595-2700989555-1000)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2013-07-01 20:30:29
ComboFix-quarantined-files.txt 2013-07-01 18:30
.
Před spuštěním: Volných bajtů: 27 373 854 720
Po spuštění: Volných bajtů: 27 305 635 840
.
- - End Of File - - 2255C4DE8AE0A8C04C855838C6BC7F52
64B1E91C5C6C2157642651010728F90F

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\programdata\Microsoft\IdentityCRL\production\temp
c:\program files\Conduit
c:\programdata\Conduit
c:\program files\DivX_Browser_Bar
c:\program files\Google\GoogleToolbarNotifier
c:\users\PLANEO\AppData\Roaming\SearchProtect

Collect::
c:\windows\system32\acovcnt.exe
c:\windows\TEMP\TMP00000090494071D28A958A38

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[-HKEY_CLASSES_ROOT\clsid\{77e8143b-6759-416e-b521-82cfed75150b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{77e8143b-6759-416e-b521-82cfed75150b}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{77e8143b-6759-416e-b521-82cfed75150b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{77e8143b-6759-416e-b521-82cfed75150b}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{77E8143B-6759-416E-B521-82CFED75150B}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
"SearchProtect"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Firefox::
FF - ProfilePath - c:\users\PLANEO\AppData\Roaming\Mozilla\Firefox\Profiles\h9ndpdpu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DivX Browser Bar Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 71&UM=2&q=
FF - ExtSQL: 2013-06-23 13:46; {77e8143b-6759-416e-b521-82cfed75150b}; c:\users\PLANEO\AppData\Roaming\Mozilla\Firefox\Profiles\h9ndpdpu.default\extensions\{77e8143b-6759-416e-b521-82cfed75150b}
FF - ExtSQL: !HIDDEN! 2009-10-23 04:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109980
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 2e9ec95c00000000000000224351a545
FF - user.js: extensions.BabylonToolbar_i.hardId - 2e9ec95c00000000000000224351a545
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15443
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:31
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

RegLock::
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
[HKEY_USERS\S-1-5-21-4067374528-2909061595-2700989555-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Zde je výsledek:

ComboFix 13-06-30.01 - PLANEO 01.07.2013 21:55:10.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1584 [GMT 2:00]
Spuštěný z: c:\users\PLANEO\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\PLANEO\Desktop\CFScript.txt..txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
file zipped: c:\windows\system32\acovcnt.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Conduit
c:\program files\Conduit\Community Alerts\Alert.dll
c:\program files\DivX_Browser_Bar
c:\program files\DivX_Browser_Bar\DivX_Browser_BarToolbarHelper.exe
c:\program files\DivX_Browser_Bar\GottenAppsContextMenu.xml
c:\program files\DivX_Browser_Bar\hk64tbDivX.dll
c:\program files\DivX_Browser_Bar\hktbDivX.dll
c:\program files\DivX_Browser_Bar\ldrtbDivX.dll
c:\program files\DivX_Browser_Bar\OtherAppsContextMenu.xml
c:\program files\DivX_Browser_Bar\prxtbDivX.dll
c:\program files\DivX_Browser_Bar\SharedAppsContextMenu.xml
c:\program files\DivX_Browser_Bar\tbDivX.dll
c:\program files\DivX_Browser_Bar\toolbar.cfg
c:\program files\DivX_Browser_Bar\ToolbarContextMenu.xml
c:\program files\DivX_Browser_Bar\uninstall.exe
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Google\GoogleToolbarNotifier\5.7.8313.1002\gth.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.8313.1002\gtn.dll
c:\program files\Google\GoogleToolbarNotifier\5.7.8313.1002\Readme.url
c:\program files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\programdata\Conduit
c:\programdata\Conduit\conduitutil.exe
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\AUTHAPP_HEADER.JPG
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\DOWNARROW00.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\GLOBAL_1025.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\GLOBAL_1028.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\GLOBAL_1037.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\GLOBAL_1038.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\GLOBAL_1041.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\GLOBAL_1042.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\GLOBAL_1081.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\GLOBAL_1095.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\GLOBAL_1097.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\GLOBAL_1098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\GLOBAL_1099.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\GLOBAL_1100.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\GLOBAL_1102.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\GLOBAL_2052.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\GLOBAL_3098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\GLOBAL_DEFAULT.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\HIP_ABC.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\HIP_AUDIOREPL.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\HIP_SPEAKER.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\HIPUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\IC_ALERT_LOW_16X.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\MULTIUSERSSO.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\NEWUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\NEWUSERFED.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\SAVEDUSERS.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\WAIT.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\WAITPAGE.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\WLID_BOOK.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\WLID_FRAME.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\WLID_ICON_ERROR.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\WLID_LOGO_H.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(10)\WLID_USERTILE.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\AUTHAPP_HEADER.JPG
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\DOWNARROW00.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\GLOBAL_1025.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\GLOBAL_1028.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\GLOBAL_1037.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\GLOBAL_1038.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\GLOBAL_1041.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\GLOBAL_1042.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\GLOBAL_1081.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\GLOBAL_1095.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\GLOBAL_1097.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\GLOBAL_1098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\GLOBAL_1099.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\GLOBAL_1100.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\GLOBAL_1102.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\GLOBAL_2052.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\GLOBAL_3098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\GLOBAL_DEFAULT.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\HIP_ABC.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\HIP_AUDIOREPL.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\HIP_SPEAKER.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\HIPUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\IC_ALERT_LOW_16X.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\MULTIUSERSSO.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\NEWUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\NEWUSERFED.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\SAVEDUSERS.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\WAIT.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\WAITPAGE.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\WLID_BOOK.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\WLID_FRAME.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\WLID_ICON_ERROR.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\WLID_LOGO_H.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(12)\WLID_USERTILE.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\AUTHAPP_HEADER.JPG
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\DOWNARROW00.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\GLOBAL_1025.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\GLOBAL_1028.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\GLOBAL_1037.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\GLOBAL_1038.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\GLOBAL_1041.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\GLOBAL_1042.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\GLOBAL_1081.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\GLOBAL_1095.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\GLOBAL_1097.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\GLOBAL_1098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\GLOBAL_1099.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\GLOBAL_1100.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\GLOBAL_1102.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\GLOBAL_2052.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\GLOBAL_3098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\GLOBAL_DEFAULT.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\HIP_ABC.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\HIP_AUDIOREPL.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\HIP_SPEAKER.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\HIPUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\IC_ALERT_LOW_16X.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\MULTIUSERSSO.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\NEWUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\NEWUSERFED.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\SAVEDUSERS.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\WAIT.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\WAITPAGE.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\WLID_BOOK.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\WLID_FRAME.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\WLID_ICON_ERROR.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\WLID_LOGO_H.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(14)\WLID_USERTILE.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\AUTHAPP_HEADER.JPG
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\DOWNARROW00.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\GLOBAL_1025.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\GLOBAL_1028.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\GLOBAL_1037.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\GLOBAL_1038.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\GLOBAL_1041.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\GLOBAL_1042.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\GLOBAL_1081.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\GLOBAL_1095.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\GLOBAL_1097.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\GLOBAL_1098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\GLOBAL_1099.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\GLOBAL_1100.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\GLOBAL_1102.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\GLOBAL_2052.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\GLOBAL_3098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\GLOBAL_DEFAULT.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\HIP_ABC.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\HIP_AUDIOREPL.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\HIP_SPEAKER.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\HIPUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\IC_ALERT_LOW_16X.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\MULTIUSERSSO.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\NEWUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\NEWUSERFED.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\SAVEDUSERS.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\WAIT.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\WAITPAGE.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\WLID_BOOK.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\WLID_FRAME.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\WLID_ICON_ERROR.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\WLID_LOGO_H.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(21)\WLID_USERTILE.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\AUTHAPP_HEADER.JPG
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\DOWNARROW00.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\GLOBAL_1025.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\GLOBAL_1028.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\GLOBAL_1037.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\GLOBAL_1038.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\GLOBAL_1041.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\GLOBAL_1042.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\GLOBAL_1081.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\GLOBAL_1095.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\GLOBAL_1097.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\GLOBAL_1098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\GLOBAL_1099.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\GLOBAL_1100.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\GLOBAL_1102.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\GLOBAL_2052.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\GLOBAL_3098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\GLOBAL_DEFAULT.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\HIP_ABC.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\HIP_AUDIOREPL.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\HIP_SPEAKER.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\HIPUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\IC_ALERT_LOW_16X.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\MULTIUSERSSO.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\NEWUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\NEWUSERFED.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\SAVEDUSERS.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\WAIT.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\WAITPAGE.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\WLID_BOOK.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\WLID_FRAME.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\WLID_ICON_ERROR.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\WLID_LOGO_H.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(4)\WLID_USERTILE.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\AUTHAPP_HEADER.JPG
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\DOWNARROW00.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\GLOBAL_1025.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\GLOBAL_1028.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\GLOBAL_1037.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\GLOBAL_1038.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\GLOBAL_1041.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\GLOBAL_1042.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\GLOBAL_1081.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\GLOBAL_1095.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\GLOBAL_1097.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\GLOBAL_1098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\GLOBAL_1099.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\GLOBAL_1100.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\GLOBAL_1102.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\GLOBAL_2052.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\GLOBAL_3098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\GLOBAL_DEFAULT.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\HIP_ABC.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\HIP_AUDIOREPL.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\HIP_SPEAKER.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\HIPUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\IC_ALERT_LOW_16X.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\MULTIUSERSSO.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\NEWUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\NEWUSERFED.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\SAVEDUSERS.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\WAIT.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\WAITPAGE.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\WLID_BOOK.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\WLID_FRAME.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\WLID_ICON_ERROR.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\WLID_LOGO_H.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(52)\WLID_USERTILE.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\AUTHAPP_HEADER.JPG
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\DOWNARROW00.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\GLOBAL_1025.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\GLOBAL_1028.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\GLOBAL_1037.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\GLOBAL_1038.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\GLOBAL_1041.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\GLOBAL_1042.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\GLOBAL_1081.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\GLOBAL_1095.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\GLOBAL_1097.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\GLOBAL_1098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\GLOBAL_1099.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\GLOBAL_1100.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\GLOBAL_1102.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\GLOBAL_2052.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\GLOBAL_3098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\GLOBAL_DEFAULT.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\HIP_ABC.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\HIP_AUDIOREPL.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\HIP_SPEAKER.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\HIPUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\IC_ALERT_LOW_16X.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\MULTIUSERSSO.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\NEWUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\NEWUSERFED.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\SAVEDUSERS.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\WAIT.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\WAITPAGE.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\WLID_BOOK.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\WLID_FRAME.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\WLID_ICON_ERROR.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\WLID_LOGO_H.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(7)\WLID_USERTILE.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\AUTHAPP_HEADER.JPG
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\DOWNARROW00.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\GLOBAL_1025.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\GLOBAL_1028.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\GLOBAL_1037.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\GLOBAL_1038.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\GLOBAL_1041.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\GLOBAL_1042.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\GLOBAL_1081.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\GLOBAL_1095.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\GLOBAL_1097.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\GLOBAL_1098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\GLOBAL_1099.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\GLOBAL_1100.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\GLOBAL_1102.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\GLOBAL_2052.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\GLOBAL_3098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\GLOBAL_DEFAULT.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\HIP_ABC.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\HIP_AUDIOREPL.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\HIP_SPEAKER.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\HIPUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\IC_ALERT_LOW_16X.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\MULTIUSERSSO.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\NEWUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\NEWUSERFED.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\SAVEDUSERS.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\WAIT.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\WAITPAGE.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\WLID_BOOK.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\WLID_FRAME.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\WLID_ICON_ERROR.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\WLID_LOGO_H.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(8)\WLID_USERTILE.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\AUTHAPP_HEADER.JPG
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\DOWNARROW00.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\GLOBAL_1025.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\GLOBAL_1028.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\GLOBAL_1037.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\GLOBAL_1038.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\GLOBAL_1041.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\GLOBAL_1042.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\GLOBAL_1081.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\GLOBAL_1095.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\GLOBAL_1097.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\GLOBAL_1098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\GLOBAL_1099.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\GLOBAL_1100.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\GLOBAL_1102.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\GLOBAL_2052.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\GLOBAL_3098.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\GLOBAL_DEFAULT.CSS
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\HIP_ABC.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\HIP_AUDIOREPL.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\HIP_SPEAKER.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\HIPUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\IC_ALERT_LOW_16X.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\MULTIUSERSSO.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\NEWUSER.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\NEWUSERFED.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\SAVEDUSERS.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\WAIT.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\WAITPAGE.HTM
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\WLID_BOOK.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\WLID_FRAME.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\WLID_ICON_ERROR.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\WLID_LOGO_H.GIF
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC(9)\WLID_USERTILE.GIF
c:\users\PLANEO\AppData\Roaming\SearchProtect
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\cltmng.exe
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\ChromeModule.dll
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\msvcp100.dll
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\msvcr100.dll
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\rep.dat
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\SPHook32.dll
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\SPRunner.exe
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\abstraction.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\application.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\dialogsApi.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\jquery.min.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib\json2.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.css
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\bubble.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\information.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-LTR.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-default-RTL.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\main.html
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\ok-button.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\separation-line.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images\warning.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\main.html
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\SearchProtector.css
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\settings.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\popupTransparent.xul
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData
c:\programdata\Microsoft\IdentityCRL\production\temp . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\AUTHAPP_HEADER.JPG . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DOWNARROW00.GIF . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1025.CSS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1028.CSS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1037.CSS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1038.CSS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1041.CSS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1042.CSS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1081.CSS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1095.CSS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1097.CSS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1098.CSS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1099.CSS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1100.CSS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_1102.CSS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_2052.CSS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_3098.CSS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\GLOBAL_DEFAULT.CSS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\HIP_ABC.GIF . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\HIP_AUDIOREPL.GIF . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\HIP_SPEAKER.GIF . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\HIPUSER.HTM . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IC_ALERT_LOW_16X.GIF . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\MULTIUSERSSO.HTM . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSER.HTM . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERFED.HTM . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSERS.HTM . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\WAIT.GIF . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\WAITPAGE.HTM . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\WLID_BOOK.GIF . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\WLID_FRAME.GIF . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\WLID_ICON_ERROR.GIF . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\WLID_LOGO_H.GIF . . . . nemohl být smazán
c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\WLID_USERTILE.GIF . . . . nemohl být smazán
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-06-01 do 2013-07-01 )))))))))))))))))))))))))))))))
.
.
2013-07-01 20:17 . 2013-07-01 20:17 -------- d-----w- c:\users\PLANEO\AppData\Roaming\SearchProtect
2013-07-01 20:09 . 2013-07-01 20:17 -------- d-----w- c:\users\PLANEO\AppData\Local\temp
2013-07-01 20:09 . 2013-07-01 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-01 16:59 . 2013-07-01 16:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-01 16:58 . 2013-07-01 16:58 -------- d-----w- c:\users\PLANEO\AppData\Roaming\SUPERAntiSpyware.com
2013-07-01 14:50 . 2013-07-01 17:43 -------- d-----w- c:\program files\trend micro
2013-07-01 14:50 . 2013-07-01 17:12 -------- d-----w- C:\rsit
2013-07-01 13:22 . 2013-07-01 13:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-07-01 12:59 . 2013-07-01 12:59 -------- d-----w- c:\users\Asined
2013-06-29 23:11 . 2013-06-29 23:11 -------- d-----w- c:\program files\Bonjour
2013-06-28 23:08 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E87AD040-FD57-4927-B976-EE61C89AB78A}\mpengine.dll
2013-06-25 23:49 . 2013-06-29 23:14 -------- d-----w- c:\program files\Safari
2013-06-24 07:26 . 2013-06-25 23:50 -------- d-----w- c:\users\PLANEO\AppData\Roaming\Apple Computer
2013-06-23 13:33 . 2013-06-23 13:34 -------- d-----w- c:\program files\CCleaner
2013-06-23 12:44 . 2013-06-23 12:42 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-23 12:44 . 2013-06-23 12:42 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-23 12:43 . 2013-06-23 12:43 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-23 12:39 . 2013-06-23 12:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-23 12:39 . 2013-06-23 12:39 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2013-06-23 11:49 . 2013-06-23 11:49 -------- d-----w- c:\users\PLANEO\AppData\Local\Conduit
2013-06-23 11:48 . 2013-06-23 11:48 -------- d-----w- c:\users\PLANEO\AppData\Local\CRE
2013-06-23 11:47 . 2013-06-23 11:47 -------- d-----w- c:\program files\SearchProtect
2013-06-23 11:45 . 2013-06-23 11:45 81768 ----a-w- C:\ministub.exe
2013-06-23 00:11 . 2013-06-23 00:11 -------- d-----w- c:\users\PLANEO\AppData\Roaming\Malwarebytes
2013-06-23 00:10 . 2013-06-23 00:10 -------- d-----w- c:\programdata\Malwarebytes
2013-06-13 17:17 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-13 17:17 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-13 17:17 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-13 17:16 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-13 17:16 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-13 17:16 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-13 17:16 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-13 17:16 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-13 17:16 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-13 17:16 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-13 17:15 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-01 20:13 . 2009-10-01 20:09 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-06-27 19:14 . 2013-04-21 09:50 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:14 . 2010-01-05 10:30 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 19:13 . 2011-10-25 06:02 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-24 09:24 . 2013-02-19 09:08 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-24 09:24 . 2012-11-03 11:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 08:59 . 2013-04-21 09:50 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2010-01-05 10:30 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2010-01-05 10:30 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2010-01-05 10:30 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2010-01-05 10:30 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2011-10-25 06:01 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2010-01-05 10:30 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-08 06:10 . 2011-06-11 00:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-05-02 00:06 . 2010-01-05 10:16 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-15 14:20 . 2013-05-15 16:51 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 16:51 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-15 16:51 2049024 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ICQ"="c:\program files\ICQ7.7\ICQ.exe" [2012-01-23 127040]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"EADM"="d:\origin\Origin.exe" [2013-06-04 3456080]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816]
"SearchProtect"="c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"Skytel"="Skytel.exe" [2008-08-12 1833504]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ExpressFiles"="c:\program files\ExpressFiles\ExpressFiles.exe" [2012-04-13 455800]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2013-03-29 295072]
"SearchProtectAll"="c:\program files\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\users\PLANEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\System32\Drivers\Achernar.sys [2007-02-05 18432]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 19:34 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-19 09:24]
.
2013-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 15:01]
.
2013-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 15:01]
.
2011-10-28 c:\windows\Tasks\WebReg Deskjet F2100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3288691&octid=CT3288691&SearchSource=61&CUI=UN21897031020324405&UM=2&UP=SP938480DB-6D39-45C1-98B8-4AE31FB52974
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 10.98.231.66 10.98.0.227
FF - ProfilePath - c:\users\PLANEO\AppData\Roaming\Mozilla\Firefox\Profiles\h9ndpdpu.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - ExtSQL: 2013-06-23 13:46; {77e8143b-6759-416e-b521-82cfed75150b}; c:\users\PLANEO\AppData\Roaming\Mozilla\Firefox\Profiles\h9ndpdpu.default\extensions\{77e8143b-6759-416e-b521-82cfed75150b}
FF - ExtSQL: !HIDDEN! 2009-10-23 04:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109980
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 2e9ec95c00000000000000224351a545
FF - user.js: extensions.BabylonToolbar_i.hardId - 2e9ec95c00000000000000224351a545
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15443
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:31
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-DivX_Browser_Bar Toolbar - c:\program files\DivX_Browser_Bar\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-01 22:16
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\SearchProtect\bin\CltMngSvc.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ASUS\Net4Switch\Net4Switch.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ATK Media\DMEDIA.EXE
c:\program files\ASUS\ATK Media\GPSWATCH.EXE
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Celkový čas: 2013-07-01 22:25:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-07-01 20:25
ComboFix2.txt 2013-07-01 18:30
.
Před spuštěním: Volných bajtů: 27 325 276 160
Po spuštění: Volných bajtů: 34 169 073 664
.
- - End Of File - - D74577F730D870513B5A608CE31E5896
64B1E91C5C6C2157642651010728F90F
Nahr nˇ probŘhlo ŁspŘçnŘ

Skript byl chybně uložen a nesmazal vše. Do poznámkového bloku zkopírujte toto:

KillAll::

Folder::
c:\program files\DivX_Browser_Bar
c:\users\PLANEO\AppData\Roaming\SearchProtect
c:\users\PLANEO\AppData\Local\Conduit


Collect::
c:\windows\TEMP\TMP00000090494071D28A958A38

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[-HKEY_CLASSES_ROOT\clsid\{77e8143b-6759-416e-b521-82cfed75150b}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{77e8143b-6759-416e-b521-82cfed75150b}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{77e8143b-6759-416e-b521-82cfed75150b}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{77e8143b-6759-416e-b521-82cfed75150b}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{77E8143B-6759-416E-B521-82CFED75150B}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchProtect"=-

Reboot::

Uložte na plochu jako

CFScript.txt

(nikoli jako CFScript.txt..txt). Pak je myší přetáhněte nad ikonu comboFix a pusťte. CF se spustí a vykoná příakzy ze skriptu.

Snad je tentokrát vše v pořádku:

ComboFix 13-06-30.01 - PLANEO 01.07.2013 23:16:14.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.1834 [GMT 2:00]
Spuštěný z: c:\users\PLANEO\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\PLANEO\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\PLANEO\AppData\Local\Conduit
c:\users\PLANEO\AppData\Local\Conduit\CT3288691\DivX_Browser_BarAutoUpdateHelper.exe
c:\users\PLANEO\AppData\Roaming\SearchProtect
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\cltmng.exe
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\CltMngSvc.exe
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\FirefoxModule.dll
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\ChromeModule.dll
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\InternetExplorerModule.dll
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\msvcp100.dll
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\msvcr100.dll
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\rep.dat
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\SPHook32.dll
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\SPRunner.exe
c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\uninstall.exe
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\dialogsApi.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\lib\jquery.min.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\lib\json2.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.css
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spbd\bubble.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spbd\images\information.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-LTR.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-default-RTL.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-LTR.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spbd\images\x-mouseover-RTL.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spbd\main.html
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spsd\images\ok-button.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spsd\images\separation-line.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spsd\images\warning.png
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spsd\main.html
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spsd\SearchProtector.css
c:\users\PLANEO\AppData\Roaming\SearchProtect\Dialogs\spsd\settings.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\abstraction.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\application.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\nsprotector.js
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\EN
c:\users\PLANEO\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository\searchProtectorData
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-06-01 do 2013-07-01 )))))))))))))))))))))))))))))))
.
.
2013-07-01 21:34 . 2013-07-01 21:34 -------- d-----w- c:\users\PLANEO\AppData\Roaming\SearchProtect
2013-07-01 21:27 . 2013-07-01 21:34 -------- d-----w- c:\users\PLANEO\AppData\Local\temp
2013-07-01 21:27 . 2013-07-01 21:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-01 16:59 . 2013-07-01 16:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-07-01 16:58 . 2013-07-01 16:58 -------- d-----w- c:\users\PLANEO\AppData\Roaming\SUPERAntiSpyware.com
2013-07-01 14:50 . 2013-07-01 17:43 -------- d-----w- c:\program files\trend micro
2013-07-01 14:50 . 2013-07-01 17:12 -------- d-----w- C:\rsit
2013-07-01 13:22 . 2013-07-01 13:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-07-01 12:59 . 2013-07-01 12:59 -------- d-----w- c:\users\Asined
2013-06-29 23:11 . 2013-06-29 23:11 -------- d-----w- c:\program files\Bonjour
2013-06-28 23:08 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E87AD040-FD57-4927-B976-EE61C89AB78A}\mpengine.dll
2013-06-25 23:49 . 2013-06-29 23:14 -------- d-----w- c:\program files\Safari
2013-06-24 07:26 . 2013-06-25 23:50 -------- d-----w- c:\users\PLANEO\AppData\Roaming\Apple Computer
2013-06-23 13:33 . 2013-06-23 13:34 -------- d-----w- c:\program files\CCleaner
2013-06-23 12:44 . 2013-06-23 12:42 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-23 12:39 . 2013-06-23 12:39 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-23 12:39 . 2013-06-23 12:39 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
2013-06-23 12:39 . 2013-06-23 12:38 159744 ----a-w- c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
2013-06-23 11:48 . 2013-06-23 11:48 -------- d-----w- c:\users\PLANEO\AppData\Local\CRE
2013-06-23 11:47 . 2013-06-23 11:47 -------- d-----w- c:\program files\SearchProtect
2013-06-23 11:45 . 2013-06-23 11:45 81768 ----a-w- C:\ministub.exe
2013-06-23 00:11 . 2013-06-23 00:11 -------- d-----w- c:\users\PLANEO\AppData\Roaming\Malwarebytes
2013-06-23 00:10 . 2013-06-23 00:10 -------- d-----w- c:\programdata\Malwarebytes
2013-06-14 05:25 . 2013-05-16 23:34 149656 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-14 05:25 . 2013-05-16 22:24 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll
2013-06-14 05:25 . 2013-05-16 22:23 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-06-14 05:25 . 2013-05-16 22:24 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-06-14 05:25 . 2013-05-16 23:34 757400 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2013-06-14 05:25 . 2013-05-16 22:29 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-06-14 05:25 . 2013-05-16 22:29 104448 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll
2013-06-14 05:25 . 2013-05-16 22:30 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-06-13 17:17 . 2013-05-08 04:37 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-13 17:16 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-13 17:16 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-13 17:16 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-13 17:16 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-13 17:16 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-13 17:15 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-01 21:32 . 2009-10-01 20:09 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-06-27 19:14 . 2013-04-21 09:50 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-27 19:14 . 2010-01-05 10:30 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-27 19:13 . 2011-10-25 06:02 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-24 09:24 . 2013-02-19 09:08 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-24 09:24 . 2012-11-03 11:40 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-23 12:43 . 2013-06-23 12:43 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-23 12:42 . 2013-06-23 12:44 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-16 22:39 . 2013-06-14 05:25 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-05-16 22:28 . 2013-06-14 05:25 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-05-16 22:27 . 2013-06-14 05:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-05-16 22:21 . 2013-06-14 05:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-05-16 22:20 . 2013-06-14 05:25 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-05-16 22:16 . 2013-06-14 05:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-09 08:59 . 2013-04-21 09:50 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2010-01-05 10:30 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2010-01-05 10:30 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2010-01-05 10:30 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2010-01-05 10:30 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2011-10-25 06:01 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2010-01-05 10:30 229648 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-08 06:10 . 2011-06-11 00:58 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-05-02 22:03 . 2013-06-13 17:16 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-02 22:03 . 2013-06-13 17:16 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 04:04 . 2013-06-13 17:17 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-05-02 04:03 . 2013-06-13 17:17 37376 ----a-w- c:\windows\system32\printcom.dll
2013-05-02 00:06 . 2010-01-05 10:16 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2013-04-15 14:20 . 2013-05-15 16:51 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 16:51 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-15 16:51 2049024 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ICQ"="c:\program files\ICQ7.7\ICQ.exe" [2012-01-23 127040]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"EADM"="d:\origin\Origin.exe" [2013-06-04 3456080]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-15 4760816]
"SearchProtect"="c:\users\PLANEO\AppData\Roaming\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"Skytel"="Skytel.exe" [2008-08-12 1833504]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"ExpressFiles"="c:\program files\ExpressFiles\ExpressFiles.exe" [2012-04-13 455800]
"TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2013-03-29 295072]
"SearchProtectAll"="c:\program files\SearchProtect\bin\cltmng.exe" [2013-05-08 2852640]
"DivXMediaServer"="c:\program files\DivX\DivX Media Server\DivXMediaServer.exe" [2013-05-20 450560]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
.
c:\users\PLANEO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2013-05-07 115440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\System32\Drivers\Achernar.sys [2007-02-05 18432]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2013-05-23 119056]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-20 19:34 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-19 09:24]
.
2013-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 15:01]
.
2013-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 15:01]
.
2011-10-28 c:\windows\Tasks\WebReg Deskjet F2100 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-12-10 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com/?ctid=CT3288691&octid=CT3288691&SearchSource=61&CUI=UN21897031020324405&UM=2&UP=SP938480DB-6D39-45C1-98B8-4AE31FB52974
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=ASUS&bmod=ASUS
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 10.98.231.66 10.98.0.227
FF - ProfilePath - c:\users\PLANEO\AppData\Roaming\Mozilla\Firefox\Profiles\h9ndpdpu.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3288691&octid=CT3288691&SearchSource=61&CUI=UN10647529152296171&UM=2&UP=SP938480DB-6D39-45C1-98B8-4AE31FB52974
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?octid=CT3288691&ctid=CT3288691&SearchSource=2&CUI=UN10647529152296171&UM=2&q=
FF - ExtSQL: 2013-06-23 13:46; {77e8143b-6759-416e-b521-82cfed75150b}; c:\users\PLANEO\AppData\Roaming\Mozilla\Firefox\Profiles\h9ndpdpu.default\extensions\{77e8143b-6759-416e-b521-82cfed75150b}
FF - ExtSQL: !HIDDEN! 2009-10-23 04:37; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109980
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 2e9ec95c00000000000000224351a545
FF - user.js: extensions.BabylonToolbar_i.hardId - 2e9ec95c00000000000000224351a545
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15443
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1711:31
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\ASUS\SmartLogon\smartlogon.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\SearchProtect\bin\CltMngSvc.exe
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ASUS\Net4Switch\Net4Switch.exe
c:\program files\ASUS\ASUS Live Update\ALU.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATK Hotkey\MsgTranAgt.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ATK Media\DMEDIA.EXE
c:\program files\ASUS\ATK Media\GPSWATCH.EXE
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Microsoft Office\Office12\ONENOTEM.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2013-07-01 23:40:10 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-07-01 21:40
ComboFix2.txt 2013-07-01 20:25
ComboFix3.txt 2013-07-01 18:30
.
Před spuštěním: Volných bajtů: 34 200 051 712
Po spuštění: Volných bajtů: 34 060 128 256
.
- - End Of File - - BD47D4570647EF76692995916C56C78B
64B1E91C5C6C2157642651010728F90F

Teď je to OK. Jak se PC nyní chová?

Dobrý den, počítač se chová dobře ... on i předtím byl celkem v pořádku, ale pak mi antivir vyhodil vir reveton a SUPERantispyreware zase toho trojáka agenta. Teď mi antivir nic nenalezl, tak snad je vše ok. Děkuju Vám strašně moc za pomoc

Joj pardon že zase otravuju ale, teď mi našel superantispyware nějaké Adware.Tracking Cookie .... vadí to, nebo to stačí smazat nebo to mazat nemusím?? Děkuju

Tracking cookies vám odstraní i CCleaner: http://forum.viry.cz/viewtopic.php?f=46&t=7478 . Jsou to neškodné textové soubory, které si na váš PC ukládají některé servery z důvodu, aby vás při příští návštěvě poznali. Pokud si nepřejete cookies ukládat, zakažte to v prohlížeči.

Aha aha, děkuju moc za pomoc a informace