Re: Neznáme processy.
Napsal: 07 úno 2011 14:46
Dobré odpoledne.Omlouvám se trošku se to zdrželo.
ComboFix 11-02-06.02 - komp 08.02.2010 13:21:16.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2559.2031 [GMT 1:00]
Spuštěný z: c:\documents and settings\komp\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\documents and settings\komp\Plocha\Internet Explorer.lnk
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-08 do 2010-02-08 )))))))))))))))))))))))))))))))
.
2011-01-16 13:55 . 2011-01-16 13:55 -------- d-----w- C:\ATI
2011-01-16 13:23 . 2010-02-04 13:03 -------- d-----w- C:\Riot Games
2011-01-15 23:46 . 2011-01-15 23:48 -------- d-----w- C:\AV_LOGS
2011-01-01 12:09 . 2011-01-01 12:09 -------- d-----w- C:\TEXCACHE
2011-01-01 10:11 . 2011-01-01 10:11 -------- d-----w- C:\rsit
2010-12-03 15:28 . 2011-01-01 23:04 -------- d-----w- C:\Download
2010-11-30 14:59 . 2010-11-30 14:59 -------- d-----w- C:\562dabf31c3f002d52de92f10d8160
2010-10-18 08:46 . 2010-10-18 08:46 -------- d-----w- C:\Sounds
2010-10-18 08:40 . 2011-01-26 19:56 -------- d-----w- C:\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2002-01-04 23:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2002-01-04 23:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-09 14:52 . 2004-08-18 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:23 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-18 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2004-08-18 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2004-08-18 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-18 10:23 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 08:03 . 2004-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2004-08-18 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2004-08-18 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-18 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-18 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-27 06:30 . 2004-08-18 12:00 8466432 ----a-w- c:\windows\system32\shell32.dll
2010-07-16 12:00 . 2004-08-18 12:00 1287680 ----a-w- c:\windows\system32\ole32.dll
2010-06-30 12:33 . 2004-08-18 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-18 17:47 . 2004-08-18 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2010-06-17 14:03 . 2004-08-18 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 16:18 . 2004-08-18 12:00 143422 ----a-w- c:\windows\system32\l3codecx.ax
2010-06-14 14:31 . 2010-09-30 20:35 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2004-08-18 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-04-28 18:15 . 2004-08-18 12:00 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-28 05:45 . 2004-08-17 15:45 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-16 15:38 . 2004-08-18 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2010-03-30 10:24 . 2009-01-30 18:33 317440 ------w- c:\windows\system32\mp4sdecd.dll
2010-03-29 22:52 . 2004-08-18 12:00 262416 ----a-w- c:\windows\system32\mpg4ds32.ax
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 14:42 . 2004-08-18 12:00 65536 ----a-w- c:\windows\system32\asycfilt.dll
2010-02-24 13:11 . 2004-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-12 04:35 . 2004-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-05 18:27 . 2004-08-18 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2010-01-29 14:45 . 2004-08-18 12:00 307260 ----a-w- c:\windows\system32\l3codeca.acm
2010-01-13 14:02 . 2004-08-18 12:00 86016 ----a-w- c:\windows\system32\cabview.dll
2009-12-24 07:04 . 2004-08-18 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 09:25 . 2004-08-18 12:00 474112 ----a-w- c:\windows\system32\shlwapi.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 16:03 . 2004-08-18 12:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-11-11 18:06 . 2009-11-11 18:06 1130824 ----a-w- c:\windows\system32\dfshim.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2002-01-08 395640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-09 65536]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 774168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-01-09 519584]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-10-1 67128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^komp^Nabídka Start^Programy^Po spuštění^Registration Heroes of Might & Magic 5.LNK]
path=c:\documents and settings\komp\Nabídka Start\Programy\Po spuštění\Registration Heroes of Might & Magic 5.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-12-10 20:41 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib]
2009-10-30 18:45 93376 ------w- c:\program files\Olympus\ib\olycamdetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 15:46 14944136 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2002-01-08 04:05 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Documents and Settings\\komp\\Local Settings\\Data aplikací\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"58331:TCP"= 58331:TCP:Pando Media Booster
"58331:UDP"= 58331:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.10.2010 19:50 691696]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 17:09 1253376]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.12.2010 21:41 247096]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [16.1.2011 0:45 17792]
S1 MpKsl5ccb6cd2;MpKsl5ccb6cd2;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{27669FE2-F1D4-4D65-B912-76E7CFF2B670}\MpKsl5ccb6cd2.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{27669FE2-F1D4-4D65-B912-76E7CFF2B670}\MpKsl5ccb6cd2.sys [?]
S1 MpKslba37c025;MpKslba37c025;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4877FE78-359A-4E25-A6A6-2CB86E42BDF0}\MpKslba37c025.sys [7.2.2010 9:00 28752]
S1 MpKslbbe536ab;MpKslbbe536ab;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{81639109-6FE6-4521-971C-F5EFF8459433}\MpKslbbe536ab.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{81639109-6FE6-4521-971C-F5EFF8459433}\MpKslbbe536ab.sys [?]
S2 AsusGIO;AsusGIO;\??\c:\program files\ASUS\Ai Booster\AsusGIO.sys --> c:\program files\ASUS\Ai Booster\AsusGIO.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 Secunia Update Agent;Secunia Update Agent;"c:\program files\Secunia\PSI\sua.exe" --start-service --> c:\program files\Secunia\PSI\sua.exe [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 11:10 3276800]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys --> c:\windows\system32\DRIVERS\psi_mf.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 1:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
2010-02-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
2011-01-31 c:\windows\Tasks\User_Feed_Synchronization-{0348DB9B-2D6C-4C98-98EB-DA2B88995C6B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
2011-01-31 c:\windows\Tasks\User_Feed_Synchronization-{C96DABC5-EA7D-4D6D-9759-57EBB3F88E89}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
2010-02-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-10-03 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\komp\Data aplikací\Mozilla\Firefox\Profiles\6x3l3ilf.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
AddRemove-AV Voice Changer Software DIAMOND 7.0 - c:\progra~1\AVVCS7~1.0D~\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 13:33
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-08 13:37:05
ComboFix-quarantined-files.txt 2010-02-08 12:36
ComboFix2.txt 2011-01-13 18:58
Před spuštěním: 802 451 456
Po spuštění: 1 776 517 120
- - End Of File - - 927802E0523FD0512C9CCCC13F097CE9
ComboFix 11-02-06.02 - komp 08.02.2010 13:21:16.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2559.2031 [GMT 1:00]
Spuštěný z: c:\documents and settings\komp\Plocha\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Předchozí spuštění -------
.
c:\documents and settings\komp\Plocha\Internet Explorer.lnk
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-08 do 2010-02-08 )))))))))))))))))))))))))))))))
.
2011-01-16 13:55 . 2011-01-16 13:55 -------- d-----w- C:\ATI
2011-01-16 13:23 . 2010-02-04 13:03 -------- d-----w- C:\Riot Games
2011-01-15 23:46 . 2011-01-15 23:48 -------- d-----w- C:\AV_LOGS
2011-01-01 12:09 . 2011-01-01 12:09 -------- d-----w- C:\TEXCACHE
2011-01-01 10:11 . 2011-01-01 10:11 -------- d-----w- C:\rsit
2010-12-03 15:28 . 2011-01-01 23:04 -------- d-----w- C:\Download
2010-11-30 14:59 . 2010-11-30 14:59 -------- d-----w- C:\562dabf31c3f002d52de92f10d8160
2010-10-18 08:46 . 2010-10-18 08:46 -------- d-----w- C:\Sounds
2010-10-18 08:40 . 2011-01-26 19:56 -------- d-----w- C:\Temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 17:09 . 2002-01-04 23:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2002-01-04 23:23 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-09 14:52 . 2004-08-18 12:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:23 . 2004-08-18 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2004-08-18 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2004-08-18 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-18 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-18 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2004-08-18 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2004-08-18 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-18 10:23 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-18 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-18 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-18 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-27 08:03 . 2004-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2004-08-18 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2004-08-18 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-23 16:12 . 2004-08-18 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2004-08-18 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2004-08-18 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-27 06:30 . 2004-08-18 12:00 8466432 ----a-w- c:\windows\system32\shell32.dll
2010-07-16 12:00 . 2004-08-18 12:00 1287680 ----a-w- c:\windows\system32\ole32.dll
2010-06-30 12:33 . 2004-08-18 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-18 17:47 . 2004-08-18 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2010-06-17 14:03 . 2004-08-18 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-15 16:18 . 2004-08-18 12:00 143422 ----a-w- c:\windows\system32\l3codecx.ax
2010-06-14 14:31 . 2010-09-30 20:35 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2004-08-18 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-04-28 18:15 . 2004-08-18 12:00 2192128 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-28 05:45 . 2004-08-17 15:45 2068992 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-16 15:38 . 2004-08-18 12:00 406016 ----a-w- c:\windows\system32\usp10.dll
2010-03-30 10:24 . 2009-01-30 18:33 317440 ------w- c:\windows\system32\mp4sdecd.dll
2010-03-29 22:52 . 2004-08-18 12:00 262416 ----a-w- c:\windows\system32\mpg4ds32.ax
2010-03-10 06:17 . 2004-08-18 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 14:42 . 2004-08-18 12:00 65536 ----a-w- c:\windows\system32\asycfilt.dll
2010-02-24 13:11 . 2004-08-18 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-12 04:35 . 2004-08-18 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-18 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-02-05 18:27 . 2004-08-18 12:00 1294336 ----a-w- c:\windows\system32\quartz.dll
2010-01-29 14:45 . 2004-08-18 12:00 307260 ----a-w- c:\windows\system32\l3codeca.acm
2010-01-13 14:02 . 2004-08-18 12:00 86016 ----a-w- c:\windows\system32\cabview.dll
2009-12-24 07:04 . 2004-08-18 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2009-12-14 07:10 . 2004-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 09:25 . 2004-08-18 12:00 474112 ----a-w- c:\windows\system32\shlwapi.dll
2009-11-27 17:14 . 2004-08-17 15:49 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2004-08-18 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2004-08-18 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2004-08-17 15:49 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-21 16:03 . 2004-08-18 12:00 471552 ----a-w- c:\windows\apppatch\aclayers.dll
2009-11-11 18:06 . 2009-11-11 18:06 1130824 ----a-w- c:\windows\system32\dfshim.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2002-01-08 395640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-01-09 65536]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-07 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-07 774168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MDS_Menu"="c:\program files\Olympus\ib\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-01-09 519584]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2010-10-1 67128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^komp^Nabídka Start^Programy^Po spuštění^Registration Heroes of Might & Magic 5.LNK]
path=c:\documents and settings\komp\Nabídka Start\Programy\Po spuštění\Registration Heroes of Might & Magic 5.LNK
backup=c:\windows\pss\Registration Heroes of Might & Magic 5.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-12-10 20:41 133432 ----a-w- c:\program files\ICQ7.2\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib]
2009-10-30 18:45 93376 ------w- c:\program files\Olympus\ib\olycamdetect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-12-03 15:46 14944136 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2002-01-08 04:05 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Documents and Settings\\komp\\Local Settings\\Data aplikací\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"=
"c:\\Program Files\\ICQ7.2\\ICQ.exe"=
"c:\\Program Files\\ICQ7.2\\aolload.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Vzdálená správa systému Windows
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"58331:TCP"= 58331:TCP:Pando Media Booster
"58331:UDP"= 58331:UDP:Pando Media Booster
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [17.10.2010 19:50 691696]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [27.8.2009 17:09 1253376]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [10.12.2010 21:41 247096]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\drivers\vcsvad.sys [16.1.2011 0:45 17792]
S1 MpKsl5ccb6cd2;MpKsl5ccb6cd2;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{27669FE2-F1D4-4D65-B912-76E7CFF2B670}\MpKsl5ccb6cd2.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{27669FE2-F1D4-4D65-B912-76E7CFF2B670}\MpKsl5ccb6cd2.sys [?]
S1 MpKslba37c025;MpKslba37c025;c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{4877FE78-359A-4E25-A6A6-2CB86E42BDF0}\MpKslba37c025.sys [7.2.2010 9:00 28752]
S1 MpKslbbe536ab;MpKslbbe536ab;\??\c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{81639109-6FE6-4521-971C-F5EFF8459433}\MpKslbbe536ab.sys --> c:\documents and settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{81639109-6FE6-4521-971C-F5EFF8459433}\MpKslbbe536ab.sys [?]
S2 AsusGIO;AsusGIO;\??\c:\program files\ASUS\Ai Booster\AsusGIO.sys --> c:\program files\ASUS\Ai Booster\AsusGIO.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18.3.2010 12:16 130384]
S2 Secunia Update Agent;Secunia Update Agent;"c:\program files\Secunia\PSI\sua.exe" --start-service --> c:\program files\Secunia\PSI\sua.exe [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [7.8.2008 11:10 3276800]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys --> c:\windows\system32\DRIVERS\psi_mf.sys [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [18.8.2004 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18.3.2010 12:16 753504]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 1:28 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 1:49 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 1:28 369688]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
Akamai REG_MULTI_SZ Akamai
.
Obsah adresáře 'Naplánované úlohy'
2010-02-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 11:26]
2011-01-31 c:\windows\Tasks\User_Feed_Synchronization-{0348DB9B-2D6C-4C98-98EB-DA2B88995C6B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
2011-01-31 c:\windows\Tasks\User_Feed_Synchronization-{C96DABC5-EA7D-4D6D-9759-57EBB3F88E89}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
2010-02-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-10-03 20:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\komp\Data aplikací\Mozilla\Firefox\Profiles\6x3l3ilf.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe
AddRemove-AV Voice Changer Software DIAMOND 7.0 - c:\progra~1\AVVCS7~1.0D~\UNWISE.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 13:33
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(708)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-08 13:37:05
ComboFix-quarantined-files.txt 2010-02-08 12:36
ComboFix2.txt 2011-01-13 18:58
Před spuštěním: 802 451 456
Po spuštění: 1 776 517 120
- - End Of File - - 927802E0523FD0512C9CCCC13F097CE9
Stahněte MBAM z mého podpisu
záložka 
