ComboFix 11-11-15.01 - Mike 15.11.2011  15:17:24.9.2 - x86 MINIMAL
Systm Microsoft Windows XP Professional  5.1.2600.3.1250.420.1029.18.1023.800 [GMT 1:00]
Sputn z: c:\documents and settings\Mike\Plocha\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Ostatn vmazy   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Mike\Local Settings\Data aplikac\24ca6f99\U\80000000.@
c:\documents and settings\Mike\Local Settings\Data aplikac\24ca6f99\U\800000cb.@
c:\documents and settings\Mike\Local Settings\Data aplikac\24ca6f99\U\800000cf.@
c:\documents and settings\Mike\Local Settings\Data aplikac\24ca6f99\X
c:\windows\$NtUninstallKB46252$
c:\windows\$NtUninstallKB46252$\1770484693
c:\windows\system32\AF15BDAEX.dll
c:\windows\system32\c_13504.nl_
c:\windows\system32\c_13504.nls
c:\windows\XSxS
.
Nakaen kopie c:\windows\system32\drivers\imapi.sys byla nalezena a vylena. 
Obnovena kopie z - The cat found it :) 
Nakaen kopie c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe byla nalezena a vylena. 
Obnovena kopie z - c:\system volume information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP219\A0198346.exe 
.
Nakaen kopie c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe byla nalezena a vylena. 
Obnovena kopie z - c:\system volume information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP219\A0198347.exe 
.
Nakaen kopie c:\windows\system32\Ati2evxx.exe byla nalezena a vylena. 
Obnovena kopie z - c:\system volume information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP219\A0198345.exe 
.
Nakaen kopie c:\program files\Java\jre6\bin\jqs.exe byla nalezena a vylena. 
Obnovena kopie z - c:\system volume information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP219\A0198348.exe 
.
Nakaen kopie d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe byla nalezena a vylena. 
Obnovena kopie z - d:\program files\Malwarebytes' Anti-Malware\  
.
Nakaen kopie c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe byla nalezena a vylena. 
Obnovena kopie z - c:\system volume information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP219\A0198350.exe 
.
Nakaen kopie c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe byla nalezena a vylena. 
Obnovena kopie z - c:\system volume information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP219\A0198352.exe 
.
Nakaen kopie c:\windows\system32\Ati2evxx.exe byla nalezena a vylena. 
Obnovena kopie z - c:\system volume information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP219\A0198345.exe
Nakaen kopie c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe byla nalezena a vylena. 
Obnovena kopie z - c:\system volume information\_restore{517757C6-82BC-462C-AA76-35963B8FB75D}\RP219\A0198352.exe
.
(((((((((((((((((((((((((   Soubory vytvoen od 2011-10-15 do 2011-11-15  )))))))))))))))))))))))))))))))
.
.
2011-11-15 14:10 . 2008-04-14 00:11	42112	----a-w-	c:\windows\system32\drivers\imapi.sys
2011-11-14 15:37 . 2011-11-15 14:28	--------	d-sh--w-	c:\documents and settings\Mike\Local Settings\Data aplikac\24ca6f99
2011-11-14 14:31 . 2011-11-14 14:31	--------	d-----w-	c:\windows\LastGood.Tmp
2011-11-12 11:25 . 2011-11-12 18:10	--------	d-----w-	c:\documents and settings\Mike\Data aplikac\Mp3tag
2011-11-04 11:10 . 2011-11-04 11:10	--------	d-----w-	c:\documents and settings\Babicka\Data aplikac\Avira
2011-10-24 18:11 . 2011-10-24 18:14	--------	d-----w-	c:\documents and settings\Mike\Data aplikac\PC Suite
2011-10-24 18:11 . 2011-10-24 18:14	--------	d-----w-	c:\documents and settings\All Users\Data aplikac\PC Suite
2011-10-24 18:07 . 2008-08-26 08:26	18816	----a-w-	c:\windows\system32\drivers\pccsmcfd.sys
2011-10-24 18:06 . 2011-10-24 18:06	--------	d-----w-	c:\program files\PC Connectivity Solution
2011-10-24 18:06 . 2011-05-18 08:13	123904	----a-w-	c:\windows\system32\ccdcmbwu.dll
2011-10-24 18:06 . 2011-05-18 08:09	1461992	----a-w-	c:\windows\system32\wdfcoinstaller01009.dll
2011-10-24 18:04 . 2011-10-24 18:04	--------	d-----w-	c:\documents and settings\All Users\Data aplikac\Installations
2011-10-17 15:14 . 2009-06-10 13:49	24576	----a-w-	c:\windows\system32\drivers\ANDROIDUSB.sys
2011-10-17 15:11 . 2011-10-18 12:49	--------	d-----w-	c:\documents and settings\Mike\Local Settings\Data aplikac\Htc
2011-10-17 15:11 . 2011-10-17 15:11	--------	d-----w-	c:\documents and settings\Mike\Data aplikac\HTC
2011-10-17 15:10 . 2011-10-17 15:10	--------	d-----w-	c:\documents and settings\Mike\Local Settings\Data aplikac\Downloaded Installations
2011-10-17 15:09 . 2011-10-17 15:09	--------	d-----w-	c:\program files\Spirent Communications
2011-10-17 15:09 . 2011-10-17 15:09	--------	d-----w-	c:\program files\HTC
2011-10-17 15:09 . 2011-10-17 15:09	--------	d-----w-	c:\program files\Common Files\Adobe AIR
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M vpis   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-17 05:45 . 2011-05-13 12:28	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 09:41 . 2008-07-29 17:59	613376	----a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2001-10-25 16:00	22528	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2001-10-25 16:00	220160	----a-w-	c:\windows\system32\oleacc.dll
2011-09-18 06:39 . 2011-10-13 14:26	134344	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-09-16 13:55 . 2011-10-13 14:26	91096	----a-w-	c:\windows\system32\drivers\avfwim.sys
2011-09-16 13:55 . 2011-10-13 14:26	111160	----a-w-	c:\windows\system32\drivers\avfwot.sys
2011-09-15 21:55 . 2011-10-13 14:26	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2011-09-15 21:55 . 2011-10-13 14:26	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-09-09 09:12 . 2008-04-14 08:51	602112	----a-w-	c:\windows\system32\crypt32.dll
2011-09-06 14:10 . 2008-04-14 07:45	1858944	----a-w-	c:\windows\system32\win32k.sys
2011-08-30 21:05 . 2011-08-30 21:05	83816	----a-w-	c:\windows\system32\dns-sd.exe
2011-08-30 21:05 . 2011-08-30 21:05	73064	----a-w-	c:\windows\system32\dnssd.dll
2011-08-30 21:05 . 2011-08-30 21:05	178536	----a-w-	c:\windows\system32\dnssdX.dll
2011-08-22 23:41 . 2008-03-01 13:02	916480	----a-w-	c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2008-04-27 10:09	43520	----a-w-	c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2008-03-01 13:02	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2008-04-27 10:08	385024	----a-w-	c:\windows\system32\html.iec
2011-11-11 15:56 . 2011-03-22 18:17	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-27 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((   Spoutc body v registru   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznmka* przdn zznamy a legitimn vchoz daje nejsou zobrazeny. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Infium"="c:\documents and settings\Mike\Dokumenty\QIP Infium\infium.exe" [2010-03-16 5739472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-05 258512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\system32\logonui.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05	356352	----a-w-	c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Center Agent"=c:\program files\Genius TVGo DVB-T03\HyperMediaCenter\DTVR\Scheduled.exe
"QIP Internet Guardian"=c:\documents and settings\Mike\Data aplikac\QipGuard\QipGuard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"emMON"=emMON.exe
"Monitor"=c:\windows\PixArt\PAC207\Monitor.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe" /S
"HDInspector.exe"=c:\program files\Hard Drive Inspector\HDInspector.exe
"OODefragTray"=c:\windows\system32\oodtray.exe
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Bonus.SSR.FR10"="d:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"HTC Sync Loader"="d:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
"Malwarebytes' Anti-Malware"="d:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiSpyWareDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Marie\\Local Settings\\Data aplikac\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Games\\KONAMI\\Pro Evolution Soccer 2012\\pes2012.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22.12.2009 21:03 685816]
S1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [13.10.2011 15:26 111160]
S1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [13.10.2011 15:26 36000]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.7.2009 9:53 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.7.2009 9:53 72944]
S2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [15.11.2011 15:30 814344]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [13.10.2011 15:26 616400]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [13.10.2011 15:26 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [13.10.2011 15:26 463824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 MBAMService;MBAMService;d:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31.8.2011 20:06 366640]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [12.8.2011 16:13 87040]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [13.10.2011 15:26 91096]
S3 FGCWL;FGCWL;\??\d:\program files\Fortres Grand\Virtual Sandbox\FGCWL.sys --> d:\program files\Fortres Grand\Virtual Sandbox\FGCWL.sys [?]
S3 HTCAND32;HTC Device Driver;c:\windows\system32\drivers\ANDROIDUSB.sys [17.10.2011 16:14 24576]
S3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\drivers\htcnprot.sys [22.6.2010 17:01 21248]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3.1.2010 20:33 22712]
S3 PAC207;Webcam 1200;c:\windows\system32\drivers\PFC027.SYS [11.7.2009 14:46 611584]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [2.1.2010 20:24 47360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.7.2009 9:53 7408]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S4 AntiVirMailService;Avira Mail Protection;c:\program files\Avira\AntiVir Desktop\avmailc.exe [13.10.2011 15:26 342480]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Obsah adrese 'Naplnovan lohy'
.
2011-11-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
.
------- Doplkov sken -------
.
uStart Page = www.seznam.cz
uDefault_Search_URL = hxxp://search.qip.ru
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Sthnout s IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Sthnout s IDM obsah FLV videa - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Sthnout s IDM vechny odkazy - c:\program files\Internet Download Manager\IEGetAll.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikac\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikac\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikac\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikac\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikac\LangSoft\WebIE.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
TCP: DhcpNameServer = 10.10.10.10 10.10.11.11
FF - ProfilePath - c:\documents and settings\Mike\Data aplikac\Mozilla\Firefox\Profiles\h1w0ji0j.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - prefs.js: network.proxy.http - 217.170.100.73
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - NEPLATN POLOKY ODSTRANN Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-15 15:35
Windows 5.1.2600 Service Pack 3 NTFS
.
skenovn skrytch proces ...  
.
skenovn skrytch poloek 'Po sputn' ... 
.
skenovn skrytch soubor ...  
.
sken byl spen dokonen
skryt soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.imapi]
"ImagePath"="\*"
.
--------------------- ZAMKNUT KLE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0a1c3a73-f40b-49a1-884a-71cf2e01324c}]
@Denied: (Full) (Everyone)
"Model"=dword:000000d2
"Therad"=dword:00000014
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{416b460a-96e4-4cf3-8e6d-0c28f129b033}]
@Denied: (Full) (Everyone)
"Model"=dword:0000012f
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):bd,f4,9e,ec,9c,5d,44,67,eb,19,c3,16,1f,9e,ce,70,f5,42,00,51,4b,
   bd,6e,9e,de,83,d6,70,7a,98,37,fa,89,bd,fe,28,4a,fc,36,cf,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):7d,ca,0c,8a,15,ca,2b,a6,a8,37,04,c2,b9,b0,b0,e9,70,ba,17,f1,64,
   ea,9d,10,e1,67,a4,37,7d,e5,d2,0b,11,e5,c3,47,2f,6b,68,6f,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6A0AC4980AC7933FEBC9E127BECC74CDD6671067DB5B9C4BC3FA012CBCB6F507CB5FC10A04A4EBE37611F1C7A39247C44E87F82D5FEB8CA089F263060BC2B38912DAB3079C61928024708BB8E2119E551FEB8D23997FE4FD09BA97335DCF8880F007A52A6BFF542042C0F2B2E69DC9287426E9F4AB21759A424F0A48E88E7B7331BC77FA8D91716C3954659B51EE63BDC7006D7E1E55CF108505851E07D59402D0D8186321E842EC0ABD17234B3839A3CEB7CAB0C2DFEA5F1DBCD4DD45F81A0A18AAEFB28F7979AE93DEA6E6E7D517482B95D100B660607CB26D52E4AB7EADBA6EBE43525B800EE25385F03DAB5468B8305CB3E5253482D76B088CD50EEF3F8CAABD04F78934043CBB490AC25F82829021BFDB30B9A74AEC4A38D4AADD6CD010D6CB4A8A4222FB3AA68F32C2C4993193C6DBFB111C709ACFB4828065C22FE05616E6264DE60F65E82B29206840D782CDC12EC3D74475C45598FAA27096660162F9CC46915AD17E609930901758B9AB887C3791FF96C16218B8B7A171522214B5301D5E2E1506377662F89A9FAF29194515FEAE39BEDB4E7B3F1948516B2403E9DCC27C01AEF7F38B7CFD95243D5C81FC4675CDD046607C76A1F87E3D65C170F52525BB54398695C0EE1D08BB2A700B76001FBA2945333F2BA1277E753C54D60A88B2D3819BAEE156FF55EB061C3CBC294F78A0A6218B11FA3EC9B0CBEFA60D7CC13E68309AAB19A544103DB99659329C9385F3235794F0518F63D8EFCEAA2A06028E91835A1A9A8A99C536D5B301358D7D4657C09242DE37E9ABD71A7E8BA6A76302A38F4BA217F5084F88ADBA7D9408E821A8C10253EFAB167107A0D2DA1E595B230EA537737E19D9AB11BFE374B55AE9C904CAD6E4D1282903BB4AE53254A3CDA187B0EBCDE1759244E4AE32BA090EE9FECE8F9D7767232EBDAECC1D86653587911F897D0DD6DC2883389D734646E792EEC54C11BAAE8F7749C37AFA25D3F5002E0B61761CFB189555C0CDFE877F06B8EDBC28656AE48804AC6E89678514FF80C5FCC660023B7523C544A32428B9AD6A91D2E7D0C9AE4E8AEAD9BC704E04CA055F894149F1BD837903D813B9DABF3C28E26520CA25B18C58A3EADC7577D8087BA2E2EE318CEEEC44DCC30193CB00D29EE03B151E4B2421C66764152E3EEB7E0C1127CCA27275B7B0DCC1AA1434BF1769F50119C813542E873EB3DD2004CC8D4934D26736DE501D1131849DABCFE3B0F1B417972894BFE1A0343CA6BE984877EF81D183EEC9A47AFC2A2098017A47E47001C370DF332E1930CBA5872BF5A506F65D1803B112E9A71A570698221E6DA69103B5DD69CF8D7ABAA9E1970846200"
.
--------------------- Knihovny navzan na bc procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(296)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(1708)
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Nero\SMC\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\wmvcore.dll
c:\windows\system32\WMASF.DLL
c:\program files\WinRAR\rarext.dll
d:\program files\7-Zip\7-zip.dll
.
Celkov as: 2011-11-15  15:43:40 - pota byl restartovn
ComboFix-quarantined-files.txt  2011-11-15 14:43
.
Ped sputnm: 1696391168
Po sputn: 5636771840
.
- - End Of File - - 294BD1CC279AF8372EBA3D420D0AC5CD
