RogueKiller V8.7.5 [Oct 22 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora :
http://www.adlice.com/forum/Webové stránky :
http://www.adlice.com/softwares/roguekiller/ :
http://tigzyrk.blogspot.com/Operační systém : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Normální režim
Uživatel : pokus [Práva správce]
Mód : Odebrat -- Datum : 10/27/2013 22:05:41
| ARK || FAK || MBR |
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ][PUM] HKLM\[...]\SystemRestore : DisableSR (1) -> NAHRAZENO (0)
¤¤¤ naplánované úlohy : 0 ¤¤¤
¤¤¤ spuštění položky : 0 ¤¤¤
¤¤¤ Webové prohlížeče : 0 ¤¤¤
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Address] SSDT[25] : NtClose @ 0x805B1EA4 -> HOOKED (Unknown @ 0xF7B59BC4)
[Address] SSDT[41] : NtCreateKey @ 0x8061AF8C -> HOOKED (Unknown @ 0xF7B59B7E)
[Address] SSDT[50] : NtCreateSection @ 0x805A092C -> HOOKED (Unknown @ 0xF7B59BCE)
[Address] SSDT[53] : NtCreateThread @ 0x805C748E -> HOOKED (Unknown @ 0xF7B59B74)
[Address] SSDT[63] : NtDeleteKey @ 0x8061B428 -> HOOKED (Unknown @ 0xF7B59B83)
[Address] SSDT[65] : NtDeleteValueKey @ 0x8061B5F8 -> HOOKED (Unknown @ 0xF7B59B8D)
[Address] SSDT[68] : NtDuplicateObject @ 0x805B3AB8 -> HOOKED (Unknown @ 0xF7B59BBF)
[Address] SSDT[98] : NtLoadKey @ 0x8061D1B0 -> HOOKED (Unknown @ 0xF7B59B92)
[Address] SSDT[122] : NtOpenProcess @ 0x805C1512 -> HOOKED (Unknown @ 0xF7B59B60)
[Address] SSDT[128] : NtOpenThread @ 0x805C179E -> HOOKED (Unknown @ 0xF7B59B65)
[Address] SSDT[177] : NtQueryValueKey @ 0x806191B0 -> HOOKED (Unknown @ 0xF7B59BE7)
[Address] SSDT[193] : NtReplaceKey @ 0x8061D060 -> HOOKED (Unknown @ 0xF7B59B9C)
[Address] SSDT[200] : NtRequestWaitReplyPort @ 0x805982D0 -> HOOKED (Unknown @ 0xF7B59BD8)
[Address] SSDT[204] : NtRestoreKey @ 0x8061C96C -> HOOKED (Unknown @ 0xF7B59B97)
[Address] SSDT[213] : NtSetContextThread @ 0x805C90E6 -> HOOKED (Unknown @ 0xF7B59BD3)
[Address] SSDT[237] : NtSetSecurityObject @ 0x805B622A -> HOOKED (Unknown @ 0xF7B59BDD)
[Address] SSDT[247] : NtSetValueKey @ 0x806194FE -> HOOKED (Unknown @ 0xF7B59B88)
[Address] SSDT[255] : NtSystemDebugControl @ 0x8060EED6 -> HOOKED (Unknown @ 0xF7B59BE2)
[Address] SSDT[257] : NtTerminateProcess @ 0x805C879A -> HOOKED (Unknown @ 0xF7B59B6F)
[Address] Shadow SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0xF7B59BF6)
[Address] Shadow SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0xF7B59BFB)
[Inline] EAT @explorer.exe (?MILLIS_PER_SECOND@GCDate@@2JB) : GrooveUtil.DLL -> HOOKED (Unknown @ 0xC8F7333C)
¤¤¤ Externí včelstvo: ¤¤¤
¤¤¤ Nákaza : ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS541680J9SA00 +++++
--- User ---
[MBR] d18ebc0b68d5f89364871020a8b578fc
[BSP] 74295121703c5408305f185e879132ac : Windows XP MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 10252 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20996955 | Size: 37032 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 96839820 | Size: 29031 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Dokončeno : << RKreport[0]_D_10272013_220541.txt >>
RKreport[0]_S_10272013_193328.txt;RKreport[0]_S_10272013_193432.txt;RKreport[0]_S_10272013_193529.txt
RKreport[0]_S_10272013_220530.txt
--- Doplnění předchozího příspěvku (27 Říj 2013 22:31) ---
ComboFix 13-10-26.01 - pokus 27.10.2013 22:12:09.12.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1014.494 [GMT 1:00]
Spuštěný z: c:\documents and settings\pokus\Plocha\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
c:\windows\system32\Desktop_.ini
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Util_LinkSwift
-------\Service_Util LinkSwift
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-09-27 do 2013-10-27 )))))))))))))))))))))))))))))))
.
.
2013-10-27 14:54 . 2013-10-27 14:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-10-27 14:54 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-10-27 14:40 . 2013-10-27 16:56 -------- d-----w- C:\AdwCleaner
2013-10-26 19:32 . 2013-10-26 19:32 -------- d-----w- c:\documents and settings\pokus\Data aplikací\Avira
2013-10-26 19:23 . 2013-10-26 19:23 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2013-10-26 19:21 . 2013-10-27 15:28 88840 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-10-26 19:21 . 2013-10-27 15:28 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-10-26 19:21 . 2013-10-27 15:28 136672 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-10-26 19:20 . 2013-10-26 19:20 -------- d-----w- c:\program files\Avira
2013-10-26 19:20 . 2013-10-26 19:20 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Avira
2013-10-09 12:50 . 2013-07-03 02:12 25088 -c----w- c:\windows\system32\dllcache\hidparse.sys
2013-10-09 12:50 . 2013-07-03 01:59 14976 -c----w- c:\windows\system32\dllcache\usbscan.sys
2013-10-09 12:50 . 2013-08-29 00:56 26240 -c----w- c:\windows\system32\dllcache\usbser.sys
2013-10-09 12:50 . 2013-07-17 00:58 46848 -c----w- c:\windows\system32\dllcache\irbus.sys
2013-10-09 12:50 . 2013-07-17 00:58 60160 -c----w- c:\windows\system32\dllcache\usbaudio.sys
2013-10-09 12:50 . 2013-07-17 00:58 123008 -c----w- c:\windows\system32\dllcache\usbvideo.sys
2013-10-09 12:49 . 2013-08-09 00:55 32384 -c----w- c:\windows\system32\dllcache\usbccgp.sys
2013-10-09 12:49 . 2013-08-09 00:55 5376 -c----w- c:\windows\system32\dllcache\usbd.sys
2013-10-09 12:49 . 2013-08-09 00:55 144128 -c----w- c:\windows\system32\dllcache\usbport.sys
2013-10-09 12:49 . 2009-03-18 11:02 30336 -c----w- c:\windows\system32\dllcache\usbehci.sys
2013-10-06 15:44 . 2008-01-07 12:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg
2013-10-06 15:40 . 2013-10-06 15:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-09 11:57 . 2012-04-18 04:45 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-10-09 11:57 . 2012-02-07 09:41 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-09-23 17:23 . 2004-08-17 13:49 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2013-09-23 17:23 . 2004-08-17 13:49 841216 ----a-w- c:\windows\system32\wininet.dll
2013-09-23 17:23 . 2009-06-18 09:58 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-09-23 17:23 . 2004-08-17 13:49 17408 ----a-w- c:\windows\system32\corpol.dll
2013-09-04 13:47 . 2007-10-04 08:12 1024000 ----a-w- c:\windows\system32\ieframe.dll.mui
2013-08-29 07:01 . 2004-08-17 13:44 1878656 ----a-w- c:\windows\system32\win32k.sys
2013-08-29 00:56 . 2012-08-05 13:27 26240 ----a-w- c:\windows\system32\drivers\usbser.sys
2013-08-09 01:56 . 2004-08-17 13:49 386560 ----a-w- c:\windows\system32\themeui.dll
2013-08-09 00:55 . 2004-08-03 21:08 144128 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-08-09 00:55 . 2009-01-18 22:26 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-08-09 00:55 . 2001-10-25 14:00 5376 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-08-05 13:30 . 2004-08-17 13:49 1289216 ----a-w- c:\windows\system32\ole32.dll
2013-08-02 23:48 . 2006-10-18 20:47 1543680 ------w- c:\windows\system32\wmvdecod.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-30 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-30 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-30 138008]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-09-30 102400]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 16261632]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2007-07-04 475136]
"V0470Mon.exe"="c:\windows\V0470Mon.exe" [2007-06-04 32768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-10-27 347192]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Acer Empowering Technology.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Acer Empowering Technology.lnk
backup=c:\windows\pss\Acer Empowering Technology.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Bluetooth.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^pokus^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\documents and settings\pokus\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer ePresentation HPD]
2007-03-02 10:25 208896 -c--a-w- c:\program files\Acer\Empowering Technology\ePresentation\ePresentation.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-12-19 14:39 41208 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Boot]
2006-03-15 21:12 579584 -c--a-w- c:\program files\Acer\Empowering Technology\ePower\Boot.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11 3325952 -c--a-w- c:\program files\Electronic Arts\EADM\Core.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2007-07-04 10:44 475136 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2007-10-17 09:59 858632 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 16:04 2879488 -c--a-w- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V0470Mon.exe]
2007-06-04 00:01 32768 ----a-w- c:\windows\V0470Mon.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:Remote Desktop
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [12.4.2013 10:55 21576]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [26.10.2013 20:21 37352]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [26.10.2013 20:21 84024]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21.10.2011 14:23 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13.10.2011 16:21 249648]
R2 GTDetectSc;GtDetectSc Service;c:\program files\Option\Option 225 Driver Installation\GtDetectSc.exe [18.12.2007 12:48 196704]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [27.10.2013 15:54 701512]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [27.4.2011 10:03 16896]
S3 GT72NDISIPXP;GT 72 IP NDIS;c:\windows\system32\drivers\Gt51Ip.sys [10.2.2013 9:31 106624]
S3 GT72UBUS;GT 72 U BUS;c:\windows\system32\drivers\gt72ubus.sys [10.2.2013 9:31 59648]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [27.10.2013 15:54 22856]
S3 TdsNordecr;Nordea NCR1 SmartCard Reader;c:\windows\system32\drivers\nordecr.sys [30.10.2007 7:57 23040]
S3 VF0470Vid;Live! Cam Notebook (VF0470);c:\windows\system32\drivers\V0470Vid.sys [28.2.2013 17:28 146720]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.11.2008 5:48 717296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-16 15:56 1185744 ----a-w- c:\program files\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-10-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 11:57]
.
2013-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-06 17:45]
.
2013-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-10-06 17:45]
.
.
------- Doplňkový sken -------
.
uStart Page =
hxxp://www.google.commStart Page =
hxxp://www.google.comuSearchAssistant =
hxxp://www.google.comTCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKCU-Run-OEXPRESS - (no file)
AddRemove-BitLord - c:\program files\BitLord\uninst.exe
AddRemove-NOD32 v3.x FiX 1.1 by TemDono_is1 - c:\program files\ESET\ESET Smart Security\unins000.exe
AddRemove-WinZipper - c:\program files\WinZipper\eUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2013-10-27 22:26
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
.
- - - - - - - > 'explorer.exe'(1780)
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\program files\Acer\Empowering Technology\ePower\SysHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Celkový čas: 2013-10-27 22:30:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-10-27 21:30
.
Před spuštěním: 7 966 658 560
Po spuštění: 7 814 508 544
.
- - End Of File - - 71A260B05271B8A71493810E78F1BBDA
3B00EB857BBA060EBA3B17F7019E492F
