VIRY.CZ

Prosím o radu, jak odstranit viry. Už jsem odzkoušel kde co, ale bezvýsledně. Přikládám LOG.

Windows XP SP 3 (build 2600)
Boot Mode: Normal
Ověření souborů Microsoftu: Ano
Whitelist: Ano
Internet Explorer v8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
Log vygenerován: 29.10.2010 16:32:01
================================================================

SmallARK
================================================================
[?]NtClose -> C:\WINDOWS\system32\drivers\aswSP.SYS
[?]NtCreateKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[?]NtDeleteKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[?]NtDeleteValueKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[?]NtDuplicateObject -> C:\WINDOWS\system32\drivers\aswSP.SYS
[?]NtOpenKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[?]NtOpenProcess -> C:\WINDOWS\system32\drivers\aswSP.SYS
[?]NtOpenThread -> C:\WINDOWS\system32\drivers\aswSP.SYS
[?]NtQueryValueKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[?]NtRenameKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[?]NtRestoreKey -> C:\WINDOWS\system32\drivers\aswSP.SYS
[?]NtSetValueKey -> C:\WINDOWS\system32\drivers\aswSP.SYS

Běžící procesy
================================================================

C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\AVASTSVC.EXE
C:\PROGRA~1\ALWILS~1\AVAST5\AVASTUI.EXE
C:\WINDOWS\SYSTEM32\ACS.EXE
C:\PROGRAM FILES\FIREBIRD\FIREBIRD_2_1\BIN\FBGUARD.EXE
C:\PROGRAM FILES\JAVA\JRE6\BIN\JQS.EXE
C:\PROGRAM FILES\SONY ERICSSON\SONY ERICSSON PC SUITE\SUPSERV.EXE
C:\WINDOWS\SYSTEM32\PNKBSTRA.EXE
C:\WINDOWS\SYSTEM32\PNKBSTRB.EXE
C:\PROGRAM FILES\CYBERLINK\SHARED FILES\RICHVIDEO.EXE
C:\PROGRAM FILES\PHOTODEX\PROSHOWGOLD\SCSIACCESS.EXE
C:\PROGRAM FILES\FIREBIRD\FIREBIRD_2_1\BIN\FBSERVER.EXE
C:\WINDOWS\SYSTEM32\DEVLDR32.EXE

Scanner
================================================================
[S] csrss.exe
Podvržená cesta modulu: (00270000) [DLL] ?

[?] ati2evxx.exe
Non Microsoft v System32:

[S] svchost.exe
Podvržená cesta modulu: (001A0000) [DLL] ?

[?] ati2evxx.exe
Non Microsoft v System32:

[?] AvastSvc.exe
Nemá okno
Soubor 7%

[S] explorer.exe
Spouští se po startu HKLM Winlogon [Shell]
Podvržená cesta modulu: (001A0000) [DLL] ?

[?] AvastUI.exe
Spouští se po startu HKLM Run [avast5]
Soubor 7%

[S] wscript.exe
Spouští se po startu HKCU Explorer\Run [s]

[S] msmsgs.exe
Spouští se po startu HKCU Run [MSMSGS]

[S] ctfmon.exe
Spouští se po startu HKCU Run [ctfmon.exe]

[?] acs.exe
Non Microsoft v System32:
Nemá okno
Soubor 7%

[?] fbguard.exe
Nemá okno
Soubor 7%

[?] jqs.exe
Nemá okno
Soubor 7%

[?] SupServ.exe
Bez výrobce
Nemá okno
Soubor 12%

[?] PnkBstrA.exe
Bez výrobce v System32
Podobná jména: PNKBSTRA.EXE X PNKBSTRB.EXE
Nemá okno
Soubor 12%

[?] PnkBstrB.exe
Bez výrobce v System32
Podobná jména: PNKBSTRB.EXE X PNKBSTRA.EXE
Nemá okno
Soubor 12%

[?] RichVideo.exe
Nemá okno
Soubor 7%

[?] scsiaccess.exe
Bez výrobce
Nemá okno
Soubor 12%

[S] wuauclt.exe
Podvržená cesta modulu: (001B0000) [DLL] ?

[?] fbserver.exe
Nemá okno
Soubor 7%

[?] devldr32.exe
Non Microsoft v System32:

Po spuštění
================================================================

HKCU Run
|_ [S][MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background

HKLM Run
|_ [?][ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe
|_ [?][avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

HKCU Explorer\Run
|_ [?][s] C:\Documents and Settings\Zbyněk\Data aplikací\31390.js

HKLM IC
|_ [X][>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP (Soubor nenalezen)
|_ [?][{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] C:\WINDOWS\INF\msnetmtg.inf ,NetMtg.Install.PerUser.NT
|_ [?][{5945c046-1e7d-11d1-bc44-00c04fd912be}] C:\WINDOWS\INF\msmsgs.inf ,BLC.QuietInstall.PerUser
|_ [?][{6BF52A52-394A-11d3-B153-00C04F79FAA6}] C:\WINDOWS\INF\wmp11.inf ,PerUserStub
|_ [?][{89820200-ECBD-11cf-8B85-00AA005B4340}] regsvr32.exe /s /n /i:U shell32.dll

HKLM Winlogon Notify
|_ [?][AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll
|_ [?][WgaLogon] C:\WINDOWS\system32\WgaLogon.dll
|_ [X][WRNotifier] WRLogonNTF.dll (Soubor nenalezen)

Job
|_ [?][Install.job] C:\WINDOWS\system32\Adobe\Shockwave 11\nssstub.exe
|_ [?][REALUP~2.JOB] C:\Program Files\Real\RealUpgrade\realupgrade.exe
|_ [?][REALUP~1.JOB] C:\Program Files\Real\RealUpgrade\realupgrade.exe

HKLM BHO
|_ [X][{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] (Soubor nenalezen)
|_ [?][{3049C3E9-B461-4BC5-8870-4C09146192CA}] C:\Documents and Settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
|_ [?][{95289393-33EA-4F8D-B952-483415B9C955}] C:\Documents and Settings\Zbyněk\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
|_ [?][{DBC80044-A445-435b-BC74-9C25C1C588A9}] C:\Program Files\Java\jre6\bin\jp2ssv.dll
|_ [?][{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
|_ [?][{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}] C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

HKCU IE WebBrowser Toolbar
|_ [?][{EE5D279F-081B-4404-994D-C6B60AAEBA6D}] C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
|_ [?][{32099AAC-C132-4136-9E9A-4E364A424E17}] C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
|_ [X][{D4027C7F-154A-4066-A1AD-4243D8127440}] (Soubor nenalezen)
|_ [X][{4B3803EA-5230-4DC3-A7FC-33638F3D3542}] (Soubor nenalezen)

HKLM IE Toolbar
|_ [?][{EE5D279F-081B-4404-994D-C6B60AAEBA6D}] C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
|_ [?][{32099AAC-C132-4136-9E9A-4E364A424E17}] C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

Služby (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] Atheros Configuration Service
|_ Cesta: C:\WINDOWS\system32\acs.exe
| |_ Výrobce: Atheros
| |_ Popis: ACS
| |_ MD5: A0D799D3336E89935D1DB64E5093B713
|
|_ Jméno: ACS
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency: rpcSs

[?] Ati HotKey Poller
|_ Cesta: C:\WINDOWS\system32\Ati2evxx.exe
| |_ Výrobce: ATI Technologies Inc.
| |_ Popis: ATI External Event Utility EXE Module
| |_ MD5: BF2E2109982D69C5227CC09671EDB5FC
|
|_ Jméno: Ati HotKey Poller
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:

[?] ATI Smart
|_ Cesta: C:\WINDOWS\system32\ati2sgag.exe
| |_ Výrobce:
| |_ Popis: ATI Smart
| |_ MD5: CE0664AE94855BE469DEB05B8BFAFB95
|
|_ Jméno: ATI Smart
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ:
|_ Dependency:

[?] avast! Antivirus
|_ Cesta: C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
| |_ Výrobce: AVAST Software
| |_ Popis: avast! Service
| |_ MD5: ACB544D7254F366DFB48F380BC36CD25
|
|_ Jméno: avast! Antivirus
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Share Process
|_ Dependency: aswMon2

[X] Firebird Guardian - DefaultInstance
|_ Cesta: C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe -s DefaultInstance
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: FirebirdGuardianDefaultInstance
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[X] Firebird Server - DefaultInstance
|_ Cesta: C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe -s DefaultInstance
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: FirebirdServerDefaultInstance
|_ StartName: LocalSystem
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[X] Java Quick Starter
|_ Cesta: C:\Program Files\Java\jre6\bin\jqs.exe -service -config C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf
| |_ Výrobce:
| |_ Popis:
| |_ MD5:
|
|_ Jméno: JavaQuickStarterService
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Sony Ericsson OMSI download service
|_ Cesta: C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
| |_ Výrobce:
| |_ Popis:
| |_ MD5: DA345DE3B450E9E1691E7B9956D8FFC3
|
|_ Jméno: OMSI download service
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency:

[?] PnkBstrA
|_ Cesta: C:\WINDOWS\system32\PnkBstrA.exe
| |_ Výrobce:
| |_ Popis:
| |_ MD5: 831883B107684301F48ACE752C963984
|
|_ Jméno: PnkBstrA
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] PnkBstrB
|_ Cesta: C:\WINDOWS\system32\PnkBstrB.exe
| |_ Výrobce:
| |_ Popis:
| |_ MD5: E24106A5EAECDDFF00B25497049DD65F
|
|_ Jméno: PnkBstrB
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] Cyberlink RichVideo Service(CRVS)
|_ Cesta: C:\Program Files\CyberLink\Shared Files\RichVideo.exe
| |_ Výrobce:
| |_ Popis: RichVideo Module
| |_ MD5: 2AF094B1CE4725E4551F38FDA2348637
|
|_ Jméno: RichVideo
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ:
|_ Dependency: RPCSS

[?] ScsiAccess
|_ Cesta: C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
| |_ Výrobce:
| |_ Popis:
| |_ MD5: 54196CDAC7E1D81D71C652E100B99E77
|
|_ Jméno: ScsiAccess
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Win32 Own Process
|_ Dependency:

[?] VJVodClientServices
|_ Cesta: C:\WINDOWS\System32\svchost.exe
| |_ Výrobce: Microsoft Corporation
| |_ Popis: Generic Host Process for Win32 Services
| |_ MD5: BE4A520E29B6391F49E79CCC52044D93
|
|_ ServiceDLL: C:\WINDOWS\system32\nagasoft\vjocx.dll
| |_ Výrobce: NanJing Nagasoft Co, LTD.
| |_ Popis: ?
| |_ MD5: 9E8C7A7B8A98E4F6CCBBF9F88A1C111F
|
|_ Jméno: vvdsvc
|_ StartName: LocalSystem
|_ Typ spouštění: Auto Start
|_ Status: Zastaveno
|_ Typ: Win32 Share Process
|_ Dependency:

Ovladače (Zobraz běžící: True, Zobraz zastavené: False, Zobraz i bezpečné služby: False)
================================================================
[?] avast! Asynchronous Virus Monitor
|_ Cesta: C:\WINDOWS\system32\drivers\Aavmker4.sys
| |_ Výrobce: AVAST Software
| |_ Popis: avast! Base Kernel-Mode Device Driver for Windows NT/2000/XP
| |_ MD5: 8D488938E2F7048906F1FBD3AF394887
|
|_ Jméno: Aavmker4
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] AEGIS Protocol (IEEE 802.1x) v3.7.5.0
|_ Cesta: C:\WINDOWS\system32\DRIVERS\AegisP.sys
| |_ Výrobce: Cisco Systems, Inc.
| |_ Popis: IEEE 802.1X Protocol Driver
| |_ MD5: 023867B6606FBABCDD52E089C4A507DA
|
|_ Jméno: AegisP
|_ StartName:
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Service for Realtek AC97 Audio (WDM)
|_ Cesta: C:\WINDOWS\system32\drivers\ALCXWDM.SYS
| |_ Výrobce: Realtek Semiconductor Corp.
| |_ Popis: Realtek AC'97 Audio Driver (WDM)
| |_ MD5: F3E15607BA53249C765E36388B332C2F
|
|_ Jméno: ALCXWDM
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Atheros Wireless Network Adapter Service
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ar5211.sys
| |_ Výrobce: Atheros Communications, Inc.
| |_ Popis: Driver for Atheros AR5001 Wireless Network Adapter
| |_ MD5: 95E8E4A7FDD66935911FBB6A03576986
|
|_ Jméno: AR5211
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] aswFsBlk
|_ Cesta: C:\WINDOWS\system32\drivers\aswFsBlk.sys
| |_ Výrobce: AVAST Software
| |_ Popis: avast! File System Access Blocking Driver
| |_ MD5: A0D86B8AC93EF95620420C7A24AC5344
|
|_ Jméno: aswFsBlk
|_ StartName:
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: File System Driver
|_ Dependency: FltMgr

[?] avast! Standard Shield Support
|_ Cesta: C:\WINDOWS\system32\drivers\aswMon2.sys
| |_ Výrobce: AVAST Software
| |_ Popis: avast! File System Filter Driver for Windows XP
| |_ MD5: 7D880C76A285A41284D862E2D798EC0D
|
|_ Jméno: aswMon2
|_ StartName:
|_ Typ spouštění: Auto Start
|_ Status: Spuštěno
|_ Typ: File System Driver
|_ Dependency:

[?] aswSP
|_ Cesta: C:\WINDOWS\system32\drivers\aswSP.sys
| |_ Výrobce: AVAST Software
| |_ Popis: avast! self protection module
| |_ MD5: 7ECC2776638B04553F9A85BD684C3ABF
|
|_ Jméno: aswSP
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] avast! Network Shield Support
|_ Cesta: C:\WINDOWS\system32\drivers\aswTdi.sys
| |_ Výrobce: AVAST Software
| |_ Popis: avast! TDI Filter Driver
| |_ MD5: 095ED820A926AA8189180B305E1BCFC9
|
|_ Jméno: aswTdi
|_ StartName:
|_ Typ spouštění: System Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency: tcpip

[?] ati2mtag
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
| |_ Výrobce: ATI Technologies Inc.
| |_ Popis: ATI Radeon WindowsNT Miniport Driver
| |_ MD5: 3E6878DF6CEDCD36957CC5776335FCC5
|
|_ Jméno: ati2mtag
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Game port pro zařízení Creative SB Live!
|_ Cesta: C:\WINDOWS\system32\DRIVERS\ctljystk.sys
| |_ Výrobce: Creative Technology Ltd.
| |_ Popis: Creative Joyport Enabler
| |_ MD5: 71007BD2E1E26927FE3E4EB00C0BEEDF
|
|_ Jméno: ctljystk
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Creative SB Live! (WDM)
|_ Cesta: C:\WINDOWS\system32\drivers\emu10k1m.sys
| |_ Výrobce: Creative Technology Ltd.
| |_ Popis: Creative SB Live! Adapter Driver
| |_ MD5: 01F83E1B5DCE05F5CB7D99113CA9E890
|
|_ Jméno: emu10k
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Creative Interface Manager Driver (WDM)
|_ Cesta: C:\WINDOWS\system32\drivers\ctlfacem.sys
| |_ Výrobce: Creative Technology Ltd.
| |_ Popis: Creative SB Live! Interface Driver
| |_ MD5: 7FFA171CCE6A8BFC774862A578BA39A2
|
|_ Jméno: emu10k1
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] PxHelp20
|_ Cesta: C:\WINDOWS\System32\Drivers\PxHelp20.sys
| |_ Výrobce: Sonic Solutions
| |_ Popis: Px Engine Device Driver for Windows 2000/XP
| |_ MD5: 153D02480A0A2F45785522E814C634B6
|
|_ Jméno: PxHelp20
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Sony Ericsson seehcri Device Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\seehcri.sys
| |_ Výrobce: Sony Ericsson Mobile Communications
| |_ Popis: seehcri Driver
| |_ MD5: E5B56569A9F79B70314FEDE6C953641E
|
|_ Jméno: seehcri
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] Creative SoundFont Manager Driver (WDM)
|_ Cesta: C:\WINDOWS\system32\drivers\sfmanm.sys
| |_ Výrobce: Creative Technology Ltd.
| |_ Popis: SoundFont(R) Manager
| |_ MD5: 0B1A5E9CACB5CDD54A2815107BD7C772
|
|_ Jméno: sfman
|_ StartName:
|_ Typ spouštění: Ruční spuštění
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] videX32
|_ Cesta: C:\WINDOWS\system32\DRIVERS\videX32.sys
| |_ Výrobce: VIA Technologies, Inc.
| |_ Popis: VIA Generic PCI IDE Bus Driver
| |_ MD5: F95C0FCFBCBDA6D8F202D2DF4052F88D
|
|_ Jméno: videX32
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

[?] VIA SATA IDE Hot-plug Driver
|_ Cesta: C:\WINDOWS\system32\DRIVERS\xfilt.sys
| |_ Výrobce: VIA Technologies,Inc
| |_ Popis: ATA/ATAPI devices hot-plug monitor
| |_ MD5: BEC604CDC548A528EBD3D7AA1DD46A89
|
|_ Jméno: xfilt
|_ StartName:
|_ Typ spouštění: Boot Start
|_ Status: Spuštěno
|_ Typ: Kernel Driver
|_ Dependency:

lNetStat
================================================================
Typ: PID Proces Local <-> Remote Status
-----------------------------------------------------------------------------------------
TCP (896) svchost.exe 0.0.0.0:135 LISTENING
TCP (4) Systém 0.0.0.0:445 LISTENING
TCP (2732) fbserver.exe 0.0.0.0:3050 LISTENING
TCP (4) Systém 10.0.0.1:139 LISTENING
TCP (1776) AvastUI.exe 10.0.0.1:1039 CLOSE_WAIT
TCP (1776) AvastUI.exe 10.0.0.1:1040 CLOSE_WAIT
TCP (3108) alg.exe 127.0.0.1:1031 LISTENING
TCP (0) 127.0.0.1:1042 TIME_WAIT
TCP (1524) jqs.exe 127.0.0.1:5152 LISTENING
UDP (4) Systém 0.0.0.0:445 CLOSE_WAIT
UDP (948) svchost.exe 10.0.0.1:123
UDP (4) Systém 10.0.0.1:137
UDP (4) Systém 10.0.0.1:138
UDP (1112) svchost.exe 10.0.0.1:1900
UDP (948) svchost.exe 127.0.0.1:123
UDP (1784) wscript.exe 127.0.0.1:1030
UDP (1112) svchost.exe 127.0.0.1:1900
UDP (1228) PnkBstrA.exe 127.0.0.1:44301
UDP (1908) PnkBstrB.exe 127.0.0.1:45301

Moduly (Zobraz i bezpečné DLL: False, Jen bez výrobce: True, Zobraz registrované: False)
================================================================
[?] wgalogon.dll
|_ Cesta: C:\WINDOWS\system32\WgaLogon.dll
|_ MD5: 15A6CB4991BA08D408E2A36261A99B1F
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ winlogon.exe (588)

[?] aswar.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\defs\10102901\aswAR.dll
|_ MD5: FF3927A4F46A0B9E6F6CCF53AF883503
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)

[?] aswcmnos.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\defs\10102901\aswCmnOS.dll
|_ MD5: 3BB5BC4307E6C62FD2013885F8145274
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)
|_ AvastSvc.exe (1408)
|_ AvastUI.exe (1776)

[?] aswcmnbs.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\defs\10102901\aswCmnBS.dll
|_ MD5: 1A275966F9BF6022085D1F5CFA3CBF99
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)
|_ AvastSvc.exe (1408)
|_ AvastUI.exe (1776)

[?] aswcmnis.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\defs\10102901\aswCmnIS.dll
|_ MD5: DB23E99300D3A1BF9C3555CFF3C5B659
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)
|_ AvastSvc.exe (1408)
|_ AvastUI.exe (1776)

[?] aswscan.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\defs\10102901\aswScan.dll
|_ MD5: 4987F63A49B672B5F4A2B9C2E98B86CC
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)

[?] aswengin.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\defs\10102901\aswEngin.dll
|_ MD5: 35D528BBD07F31A81C228CE10FC98D41
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)

[?] ashbase.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\ashBase.dll
|_ MD5: 0D61A530A06E1519FB4C5163ACBAE350
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)
|_ AvastUI.exe (1776)

[?] aswaux.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\aswAux.dll
|_ MD5: 8842762C761261A29AC6B680E2DBCB5D
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)
|_ AvastUI.exe (1776)

[?] aswlog.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\aswLog.dll
|_ MD5: A4D681B9A2F4981439DC6467EBEDD735
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)
|_ AvastUI.exe (1776)

[?] aswproperty.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\aswProperty.dll
|_ MD5: 58245119DC0A30B2CB6F23B71699222C
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)
|_ AvastUI.exe (1776)

[?] ashtaskex.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
|_ MD5: 9931B1CDCF0B5E8DDF7A0D01F2FA9E2F
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)
|_ AvastUI.exe (1776)

[?] ashtask.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\ashTask.dll
|_ MD5: 3047F361F71B35145FEBFB7151EB8A53
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)
|_ AvastUI.exe (1776)

[?] aswsqlt.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
|_ MD5: 7FF91330D3C44CE3FA91CFA69BE69353
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)
|_ AvastUI.exe (1776)

[?] aswidle.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\aswIdle.dll
|_ MD5: 1631D5637B7FEAA828D0942128492CD9
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)

[?] aswengldr.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
|_ MD5: D4D6245B1BC183BA4C36BCC88143B916
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)
|_ AvastUI.exe (1776)

[?] aavm4h.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
|_ MD5: D4F59336EA56F87590B0708B07EF1872
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)
|_ AvastUI.exe (1776)

[?] ashserv.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\ashServ.dll
|_ MD5: 6DBE2C86B50616A378B5DC26D0668A78
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)

[?] aavmrpch.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
|_ MD5: 9FAAFC215E7C81FE67791A1C8D141271
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)
|_ AvastUI.exe (1776)

[?] ahresstd.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\AhResStd.dll
|_ MD5: 14AE7C128126559F96D174515B11BEB2
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)

[?] ahresmai.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\AhResMai.dll
|_ MD5: F8BAAF6B20A52D31EC9B89C2610D637D
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)

[?] ahresmes.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\ahResMes.dll
|_ MD5: 98B626C46616CE423F1645CD3EFF02A6
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)

[?] ahresp2p.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\ahResP2P.dll
|_ MD5: A59ADED53347B5B97907D63ACD8248D3
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)

[?] ahresns.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\AhResNS.dll
|_ MD5: 76CAB0273BFF7BE8DFC4AF5B98D4CF02
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)

[?] ahresws.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\AhResWS.dll
|_ MD5: 5AE2943B6E8CB4E418EE3E7117E2C7EA
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)

[?] ahresbhv.dll
|_ Cesta: C:\Program Files\Alwil Software\Avast5\AhResBhv.dll
|_ MD5: 39067BF01F1CC63E570FEFF0EEB0A763
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastSvc.exe (1408)

[?] fusion.dll
|_ Cesta: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\fusion.dll
|_ MD5: EA3AF33A9341B88D23FDC20D6EC826FE
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ explorer.exe (1612)

[?] uwinapi.dll
|_ Cesta: C:\Program Files\OpenOffice.org 2.2\program\uwinapi.dll
|_ MD5: B2FD24D8615774C339F4C2D2BC57EB48
|_ Výrobce: Sun Microsystems, Inc.
|_ Procesy
|_ explorer.exe (1612)

[?] culture.dll
|_ Cesta: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Culture.dll
|_ MD5: 219AF0F9A54EBEEB3E7E20025D801034
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ explorer.exe (1612)

[?] dfshim.dll
|_ Cesta: C:\WINDOWS\system32\dfshim.dll
|_ MD5: 41E107E57DD21B2A119709F0BB8CE576
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ explorer.exe (1612)

[?] stlport_vc7145.dll
|_ Cesta: C:\Program Files\OpenOffice.org 2.2\program\stlport_vc7145.dll
|_ MD5: 777A4759585663D2F761104918308A12
|_ Výrobce: STLport Consulting, Inc.
|_ Procesy
|_ explorer.exe (1612)

[?] shlxthdl.dll
|_ Cesta: C:\Program Files\OpenOffice.org 2.2\program\shlxthdl.dll
|_ MD5: FEDA3633B93FA6300AC2A2CEC3EE2584
|_ Výrobce: Sun Microsystems, Inc.
|_ Procesy
|_ explorer.exe (1612)

[?] shfusion.dll
|_ Cesta: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
|_ MD5: 36BA8022693AF7E967359FF3F97531D7
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ explorer.exe (1612)

[?] shfusres.dll
|_ Cesta: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\cs\ShFusRes.dll
|_ MD5: 468A8045135FC26BD82406A923F51E24
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ explorer.exe (1612)

[?] mscoree.dll
|_ Cesta: C:\WINDOWS\system32\mscoree.dll
|_ MD5: 08A73B0E7EE6E32983B5F9E540A8E380
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ explorer.exe (1612)
|_ jqs.exe (1524)

[?] mscorwks.dll
|_ Cesta: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
|_ MD5: A29E27328CAA54EE94104694270FD8D0
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ explorer.exe (1612)
|_ jqs.exe (1524)

[?] aswdata.dll
|_ Cesta: C:\PROGRA~1\ALWILS~1\Avast5\aswData.dll
|_ MD5: 6AC34BD8597820E68A791AB8738CE115
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastUI.exe (1776)

[?] aswutil.dll
|_ Cesta: C:\PROGRA~1\ALWILS~1\Avast5\aswUtil.dll
|_ MD5: 24953DB97398D53C77A4F8632D8533D6
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastUI.exe (1776)

[?] uilangres.dll
|_ Cesta: C:\PROGRA~1\ALWILS~1\Avast5\1029\uiLangRes.dll
|_ MD5: DC9E18C290368A6A9FDC9AF12A56F5F6
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastUI.exe (1776)

[?] commonres.dll
|_ Cesta: C:\PROGRA~1\ALWILS~1\Avast5\CommonRes.dll
|_ MD5: 3754FEAC3195378B9D262A584CB7D5DF
|_ Výrobce: AVAST Software
|_ Procesy
|_ AvastUI.exe (1776)

[?] athcfg20u.dll
|_ Cesta: C:\WINDOWS\system32\athcfg20U.dll
|_ MD5: BB5E9401929E3DA7A118E523B3C7347B
|_ Výrobce: Atheros
|_ Procesy
|_ acs.exe (388)

[?] aegise5.dll
|_ Cesta: C:\WINDOWS\system32\AegisE5.dll
|_ MD5: 8E6546C0E8483F70ACF344B7CA079BAC
|_ Výrobce: Meetinghouse Data Communications
|_ Procesy
|_ acs.exe (388)

[?] fbclient.dll
|_ Cesta: C:\Program Files\Firebird\Firebird_2_1\bin\fbclient.dll
|_ MD5: CC5E4EC19A178CB149E9A6517C7DB830
|_ Výrobce: Firebird Project
|_ Procesy
|_ fbguard.exe (1476)

[?] aspnet_isapi.dll
|_ Cesta: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
|_ MD5: 1BF5ADCDC841B69AB00187ABD53253A1
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ jqs.exe (1524)

[?] aspnet_perf.dll
|_ Cesta: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
|_ MD5: F1430F5D20F4BB71A003209C3DB3ADDF
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ jqs.exe (1524)

[?] corperfmonext.dll
|_ Cesta: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
|_ MD5: 2E61C409474416CC78D66300F1BCB722
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ jqs.exe (1524)

[?] netfxperf.dll
|_ Cesta: C:\WINDOWS\system32\netfxperf.dll
|_ MD5: 203D5ECB5CCDA683053CDA42DFF03573
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ jqs.exe (1524)

[?] perfcounter.dll
|_ Cesta: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
|_ MD5: C5A9554406507AB2AB341B221D97519D
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ jqs.exe (1524)

[?] icuuc30.dll
|_ Cesta: C:\Program Files\Firebird\Firebird_2_1\bin\icuuc30.dll
|_ MD5: 6BE2075B0ABED383CCD6D40649ECB37D
|_ Výrobce: IBM Corporation and others
|_ Procesy
|_ fbserver.exe (2732)

[?] mscomctl.ocx
|_ Cesta: C:\WINDOWS\system32\MSCOMCTL.OCX
|_ MD5: 714CF24FC19A20AE0DC701B48DED2CF6
|_ Výrobce: Microsoft Corporation
|_ Procesy
|_ UPM.exe (1016)

Výpis souborů
================================================================
\System32:
[?] AC3ACM.acm 7 no vrfy, {41EBA4D2}
[?] acs.exe 7 no vrfy, {99E90410}
[?] actskn43.ocx 7 no vrfy, {9266929B}
[?] AegisE5.dll 7 no vrfy, {D0631945}
[?] ar5211.sys 7 no vrfy, {2501BBAC}
[?] aswBoot.exe 7 no vrfy, {A54865FB}
[?] athcfg20.dll 7 no vrfy, {EB43CC85}
[?] athcfg20res.dll ATHCFG~1.DLL 14 no vrfy, {93668017}
[?] athcfg20resU.dll ATHCFG~2.DLL 14 no vrfy, {FDF53EFE}
[?] athcfg20U.dll ATHCFG~3.DLL 7 no vrfy, {77B5AECA}
[?] ati2sgag.exe 7 no vrfy, {D30650FC}
[?] atibrtmon.exe ATIBRT~1.EXE 12 ncmpny, {C37E8A50}
[X] BDEADMIN.CPL 100 ncmpny, cx (CODE)?, {399B5A57}
[?] CF28840.exe 25 ncmpny, {18F2789A}
[?] CmdLineExt.dll CMDLIN~1.DLL 7 no vrfy, {471FF228}
[?] D3DCompiler_33.dll D3DCOM~1.DLL 12 ncmpny, {3643F195}
[?] D3DCompiler_34.dll D3DCOM~2.DLL 12 ncmpny, {3D652F77}
[?] D3DCompiler_35.dll D3DCOM~3.DLL 12 ncmpny, {4BC4DCD8}
[?] D3DCompiler_36.dll D3DCOM~4.DLL 12 ncmpny, {AC686C2D}
[?] D3DCompiler_37.dll D3B880~1.DLL 12 ncmpny, {8B766EBF}
[?] D3DCompiler_38.dll D3B884~1.DLL 12 ncmpny, {D1F14970}
[?] D3DCompiler_39.dll D3C888~1.DLL 12 ncmpny, {540C6E50}
[?] D3DCompiler_40.dll D39C84~1.DLL 12 ncmpny, {EDF25E1C}
[?] D3DCompiler_41.dll D3AC88~1.DLL 12 ncmpny, {6445946A}
[?] D3DCompiler_42.dll D3AC8C~1.DLL 12 ncmpny, {F79F5B0F}
[?] D3DCompiler_43.dll D3AC80~1.DLL 12 ncmpny, {CE03D6E5}
[?] d3dcsx_42.dll D3DCSX~1.DLL 12 ncmpny, {5C4329EB}
[?] d3dcsx_43.dll D3DCSX~2.DLL 12 ncmpny, {B4C42181}
[?] d3dx10_33.dll D3DX10~1.DLL 12 ncmpny, {6B35033F}
[?] d3dx10_34.dll D3DX10~2.DLL 12 ncmpny, {D5987E3E}
[?] d3dx10_35.dll D3DX10~3.DLL 12 ncmpny, {610AC441}
[?] d3dx10_36.dll D3DX10~4.DLL 12 ncmpny, {4EC5A3FA}
[?] d3dx10_37.dll D3FA3E~1.DLL 12 ncmpny, {B89EF35A}
[?] d3dx10_38.dll D3FE3E~1.DLL 12 ncmpny, {46C52F4F}
[?] d3dx10_39.dll D3F24E~1.DLL 12 ncmpny, {41DB4A85}
[?] d3dx10_40.dll D3FE14~1.DLL 12 ncmpny, {925500F8}
[?] d3dx10_41.dll D3F224~1.DLL 12 ncmpny, {F2FCA1E6}
[?] d3dx10_42.dll D3F624~1.DLL 12 ncmpny, {A2D6F165}
[?] d3dx10_43.dll D3FA24~1.DLL 12 ncmpny, {C4513B29}
[?] d3dx11_42.dll D3DX11~1.DLL 12 ncmpny, {576C4CAA}
[?] d3dx11_43.dll D3DX11~2.DLL 12 ncmpny, {1504DE5E}
[?] d3dx9_33.dll 12 ncmpny, {A9975507}
[?] d3dx9_34.dll 12 ncmpny, {D937437C}
[?] d3dx9_35.dll 12 ncmpny, {0D0C5865}
[?] d3dx9_36.dll 12 ncmpny, {E7AB1CA1}
[?] D3DX9_37.dll 12 ncmpny, {71BF899A}
[?] D3DX9_38.dll 12 ncmpny, {871C9253}
[?] D3DX9_39.dll 12 ncmpny, {54FCEF38}
[?] D3DX9_40.dll 12 ncmpny, {526D610B}
[?] D3DX9_41.dll 12 ncmpny, {3926F24C}
[?] D3DX9_42.dll 12 ncmpny, {8C8C0454}
[?] D3DX9_43.dll 12 ncmpny, {E992CAF8}
[?] deployJava1.dll DEPLOY~1.DLL 14 no vrfy, {7D18D8D1}
[?] dfshim.dll 12 ncmpny, {90F966F6}
[?] difxapi.dll 12 ncmpny, {44FBD5F4}
[!] DivX.dll 70 no vrfy, infected? {4EA08ED9}
[?] DivXControlPanelApplet.cpl DIVXCO~1.CPL 14 no vrfy, {76817F36}
[?] divx_xx07.dll DIVX_X~3.DLL 14 no vrfy, {50586F05}
[?] divx_xx0a.dll DIVX_X~4.DLL 14 no vrfy, {3FFA6281}
[?] divx_xx0c.dll DIVX_X~2.DLL 14 no vrfy, {CADEE0F4}
[?] divx_xx11.dll DIVX_X~1.DLL 14 no vrfy, {B300AB47}
[?] divx_xx16.dll DI4024~1.DLL 14 no vrfy, {3F6EAF95}
[?] dpl100.dll 7 no vrfy, {6039D2FC}
[?] dxva2.dll 12 ncmpny, {B180B819}
[?] EPPicMgr.dll 7 no vrfy, {A88F7545}
[?] EpPicPrt.dll 7 no vrfy, {8FD0F7DE}
[?] EPSTP32U.EXE 14 no vrfy, {DD0604E0}
[?] evr.dll 12 ncmpny, {7A3679D8}
[?] Firebird2Control.cpl FIREBI~1.CPL 7 no vrfy, {CD6F9F2A}
[?] framedyn.dll 12 ncmpny, {7A56146A}
[?] GDS32.DLL 7 no vrfy, {4ED350CF}
[?] icardagt.exe 12 ncmpny, {584C68D5}
[?] ImagXpr7.dll 7 no vrfy, {0AA82F1E}
[?] infocardapi.dll INFOCA~1.DLL 12 ncmpny, {4B47A2AE}
[?] infocardcpl.cpl INFOCA~1.CPL 12 ncmpny, {182832B4}
[?] ISUSPM.cpl 14 no vrfy, {DAE4F373}
[?] java.exe 7 no vrfy, {08AB90D9}
[?] javacpl.cpl 14 no vrfy, {F7BC2C83}
[?] javaw.exe 7 no vrfy, {1F4DB434}
[?] javaws.exe 7 no vrfy, {34BF91F0}
[?] KeyHelp.ocx 7 no vrfy, {C913A771}
[?] L3CODECX.AX 7 no vrfy, {7F826A86}
[?] LegitCheckControl.dll LEGITC~1.DLL 12 ncmpny, {14E012FC}
[?] mcdvd_32.dll 7 no vrfy, {AE476336}
[?] milcore.dll 12 ncmpny, {17B4D7D0}
[?] mqad.dll 12 ncmpny, {716E8435}
[?] mqbkup.exe 12 ncmpny, {D97B5726}
[?] mqdscli.dll 12 ncmpny, {E55E28BD}
[?] mqise.dll 12 ncmpny, {A6F63285}
[?] mqoa.dll 12 ncmpny, {794736BE}
[?] mqqm.dll 12 ncmpny, {E10CC06F}
[?] mqrt.dll 12 ncmpny, {CF2206A7}
[?] mqrtdep.dll 12 ncmpny, {794CB3C3}
[?] mqsec.dll 12 ncmpny, {13E15EBA}
[?] mqsnap.dll 12 ncmpny, {E2ED763A}
[?] mqsvc.exe 12 ncmpny, {363EDBC0}
[?] mqtgsvc.exe 12 ncmpny, {36A337D6}
[?] mqtrig.dll 12 ncmpny, {05FA894C}
[?] mqupgrd.dll 12 ncmpny, {9B2EADE8}
[?] mqutil.dll 25 ncmpny, {7A280018}
[?] MRT.exe 25 ncmpny, {F92FC770}
[?] MSCOMCTL.OCX 12 ncmpny, {20841B97}
[?] mscoree.dll 12 ncmpny, {E67AE470}
[?] mscories.dll 12 ncmpny, {A7E167BC}
[?] msdelta.dll 12 ncmpny, {31109132}
[?] msi.dll 25 ncmpny, {1C4D0C2B}
[?] msidcrl40.dll MSIDCR~1.DLL 12 ncmpny, {88BD3A19}
[?] msihnd.dll 12 ncmpny, {957DFC0F}
[?] msisip.dll 12 ncmpny, {1793D70A}
[?] msms001.vwp 7 no vrfy, {5453DFEF}
[?] msxml4.dll 12 ncmpny, {FF338033}
[?] mvoice.vwp 7 no vrfy, {D214C6F8}
[?] netfxperf.dll NETFXP~1.DLL 12 ncmpny, {2F09EFAA}
[?] nv4_disp.dll 7 no vrfy, {E234E671}
[?] nvcuda.dll 7 no vrfy, {068D8B03}
[X] pbsvc.exe 100 ncmpny, cx (UPX1)?, {620A1655}
[?] PICEntry.dll 7 no vrfy, {A0F12275}
[?] PICSDK.dll 7 no vrfy, {0D41C756}
[?] PICSDK2.dll 7 no vrfy, {E044F906}
[?] PnkBstrA.exe 12 ncmpny, {7F90946A}
[?] PnkBstrB.exe 12 ncmpny, {FC96DB96}
[?] PresentationCFFRasterizerNative_v0300.dll PRESEN~1.DLL 12 ncmpny, {F3B4DBC9}
[?] PresentationHost.exe PRESEN~1.EXE 25 ncmpny, {B4638F72}
[?] PresentationHostProxy.dll PRESEN~2.DLL 12 ncmpny, {AC0E9ED4}
[?] PresentationNative_v0300.dll PRESEN~3.DLL 12 ncmpny, {C4F7B4C5}
[?] px.dll 7 no vrfy, {CB0A9C2E}
[?] pxafs.dll 7 no vrfy, {341F8F3D}
[!] pxcpya64.exe 63 no vrfy, cx ()?, {1609EBBF}
[!] pxcpyi64.exe 63 no vrfy, cx ()?, {2BFEE1C5}
[?] pxdrv.dll 7 no vrfy, {C8A82AB5}
[?] pxhpinst.exe 7 no vrfy, {81AF45C2}
[!] pxinsa64.exe 63 no vrfy, cx ()?, {F83F5926}
[!] pxinsi64.exe 63 no vrfy, cx ()?, {7D852519}
[?] pxmas.dll 7 no vrfy, {B21E31C1}
[?] pxsfs.dll 7 no vrfy, {3064E98E}
[?] pxwave.dll 7 no vrfy, {2289CFB6}
[?] QuickTime.qts QUICKT~1.QTS 7 no vrfy, {1FF29484}
[?] QuickTimeVR.qtx QUICKT~1.QTX 7 no vrfy, {8AD28A69}
[?] rgb9rast_2.dll RGB9RA~1.DLL 12 ncmpny, {6F98C95A}
[?] rmoc3260.dll 7 no vrfy, {B9A8F601}
[?] SDCtrls.dll 7 no vrfy, {BB236330}
[?] SpoonUninstall.exe SPOONU~1.EXE 12 ncmpny, {6B332C22}
[?] spupdsvc.exe 12 ncmpny, {46D8C449}
[?] TsWpfWrp.exe 12 ncmpny, {FF6F4D16}
[?] UIAutomationCore.dll UIAUTO~1.DLL 12 ncmpny, {DCDD10CA}
[?] vct3216.acm 7 no vrfy, {9E016EB3}
[?] vct3216.dll 7 no vrfy, {E2C8E405}
[?] voxmsdec.ax 7 no vrfy, {107FD657}
[?] voxmvdec.ax 7 no vrfy, {4EE8CD1E}
[?] vxblock.dll 7 no vrfy, {56B4E68D}
[?] wcapi.dll 7 no vrfy, {219AC8C5}
[?] wcapiU.dll 7 no vrfy, {D6404AE2}
[?] WgaLogon.dll 12 ncmpny, {16871545}
[?] wgapi.dll 7 no vrfy, {6D695743}
[?] WgaTray.exe 12 ncmpny, {74D9C284}
[?] X3DAudio1_2.dll X3DAUD~3.DLL 12 ncmpny, {45ACDE70}
[?] X3DAudio1_3.dll X3DAUD~4.DLL 12 ncmpny, {C9CD6A68}
[?] X3DAudio1_4.dll X30770~1.DLL 12 ncmpny, {A000BA0A}
[?] X3DAudio1_5.dll X30B70~1.DLL 12 ncmpny, {9D6A52A2}
[?] X3DAudio1_6.dll X30F70~1.DLL 12 ncmpny, {264B9CBE}
[?] X3DAudio1_7.dll X30380~1.DLL 12 ncmpny, {09C26C37}
[?] xactengine2_10.dll XAC2AC~1.DLL 12 ncmpny, {E07E9CE8}
[?] xactengine2_7.dll XA3466~1.DLL 12 ncmpny, {E1662632}
[?] xactengine2_8.dll XA3866~1.DLL 12 ncmpny, {14D6BF90}
[?] xactengine2_9.dll XA3C66~1.DLL 12 ncmpny, {1F9B9735}
[?] xactengine3_0.dll XA3A46~1.DLL 12 ncmpny, {5219CD0A}
[?] xactengine3_1.dll XA3E46~1.DLL 12 ncmpny, {EF87C5B9}
[?] xactengine3_2.dll XA3256~1.DLL 12 ncmpny, {7AA2DD34}
[?] xactengine3_3.dll XA3656~1.DLL 12 ncmpny, {9B5D71BD}
[?] xactengine3_4.dll XA3A56~1.DLL 12 ncmpny, {2ED550E8}
[?] xactengine3_5.dll XA3E56~1.DLL 12 ncmpny, {83E000A6}
[?] xactengine3_6.dll XA3266~1.DLL 12 ncmpny, {A4F9F4FD}
[?] xactengine3_7.dll XA3666~1.DLL 12 ncmpny, {CB4F170D}
[?] XAPOFX1_0.dll XAPOFX~1.DLL 12 ncmpny, {ECA53181}
[?] XAPOFX1_1.dll XAPOFX~2.DLL 12 ncmpny, {A9DBC8C7}
[?] XAPOFX1_2.dll XAPOFX~3.DLL 12 ncmpny, {05CAB707}
[?] XAPOFX1_3.dll XAPOFX~4.DLL 12 ncmpny, {230E40CD}
[?] XAPOFX1_4.dll XA6B58~1.DLL 12 ncmpny, {2A08E798}
[?] XAPOFX1_5.dll XA6F58~1.DLL 12 ncmpny, {C263B45D}
[?] XAudio2_0.dll XAUDIO~1.DLL 12 ncmpny, {DF7812CC}
[?] XAudio2_1.dll XAUDIO~2.DLL 12 ncmpny, {49B65670}
[?] XAudio2_2.dll XAUDIO~3.DLL 12 ncmpny, {13006CFB}
[?] XAudio2_3.dll XAUDIO~4.DLL 12 ncmpny, {8330A2CA}
[?] XAudio2_4.dll XA039E~1.DLL 12 ncmpny, {94EBA273}
[?] XAudio2_5.dll XA079E~1.DLL 12 ncmpny, {03DD1DAE}
[?] XAudio2_6.dll XA0B9E~1.DLL 12 ncmpny, {BEF6CF43}
[?] XAudio2_7.dll XA0F9E~1.DLL 12 ncmpny, {3A6CEE7A}
[?] xinput1_3.dll XINPUT~4.DLL 12 ncmpny, {F18D8B9B}
[?] xlive.dll 12 ncmpny, {642088C6}
[?] xvid.ax 12 ncmpny, {541DD030}
[?] xvidcore.dll 12 ncmpny, {3508DF27}
[?] xvidvfw.dll 12 ncmpny, {D104454C}

================================================================
Ultimate Process Manager v4.1.3 - [ Lodus Software ]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

Děkuji za rychlou odpověď. Tady je LOG:

ComboFix 10-10-28.09 - Zbyněk 31.10.2010 14:14:05.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1022.622 [GMT 1:00]
Spuštěný z: c:\documents and settings\Zbyněk\Dokumenty\Stažené soubory\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\hpe1A3.dll
c:\documents and settings\Zbyněk\Data aplikací\10.exe
c:\documents and settings\Zbyněk\Data aplikací\11.exe
c:\documents and settings\Zbyněk\Data aplikací\12.exe
c:\documents and settings\Zbyněk\Data aplikací\13.exe
c:\documents and settings\Zbyněk\Data aplikací\14.exe
c:\documents and settings\Zbyněk\Data aplikací\15.exe
c:\documents and settings\Zbyněk\Data aplikací\16.exe
c:\documents and settings\Zbyněk\Data aplikací\17.exe
c:\documents and settings\Zbyněk\Data aplikací\18.exe
c:\documents and settings\Zbyněk\Data aplikací\19.exe
c:\documents and settings\Zbyněk\Data aplikací\20.exe
c:\documents and settings\Zbyněk\Data aplikací\21.exe
c:\documents and settings\Zbyněk\Data aplikací\22.exe
c:\documents and settings\Zbyněk\Data aplikací\23.exe
c:\documents and settings\Zbyněk\Data aplikací\24.exe
c:\documents and settings\Zbyněk\Data aplikací\25.exe
c:\documents and settings\Zbyněk\Data aplikací\26.exe
c:\documents and settings\Zbyněk\Data aplikací\27.exe
c:\documents and settings\Zbyněk\Data aplikací\28.exe
c:\documents and settings\Zbyněk\Data aplikací\29.exe
c:\documents and settings\Zbyněk\Data aplikací\30.exe
c:\documents and settings\Zbyněk\Data aplikací\4.exe
c:\documents and settings\Zbyněk\Data aplikací\5.exe
c:\documents and settings\Zbyněk\Data aplikací\6.exe
c:\documents and settings\Zbyněk\Data aplikací\7.exe
c:\documents and settings\Zbyněk\Data aplikací\8.exe
c:\documents and settings\Zbyněk\Data aplikací\9.exe
c:\documents and settings\Zbyněk\Data aplikací\AD ON Multimedia
c:\documents and settings\Zbyněk\Local Settings\Data aplikací\DoubleD
c:\documents and settings\Zbyněk\Local Settings\Data aplikací\DoubleD\GamingHarbor Toolbar\4.1.4.20920\bin\stbup.exe
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\customer_cup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\heart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_down.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\menu_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\plates.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\ticket.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\accessories\tray.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\music\mainmenumusic.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_bring_check_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_deliver_order_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_diner.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_food_ready_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_gain_heart_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pencil_write_2.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_rollover_1.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\audio\sfx\sfx_seat_people_snd.ogg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\credits.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_lose.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\flo_win.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help1.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\help2.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\highscores.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\choosedifficulty.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelintro_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\levelover_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\mainmenu.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\popup_mask.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradegrid.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upgradetitle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\backgrounds\upsell.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowleft_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\arrowright_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\back_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalk.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backchalkup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\backtomenu_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancel.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\cancelup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\career_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\close.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\closeup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\continueover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\credits_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\download_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\easy_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\endlessshift_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\hard_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\help_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\highscores_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_blue.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\instructions_yellow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplay.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\letsplayover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\medium_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\moreinfoup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\off_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\on_on.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pause.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\pauseover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitgameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\quitover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegame.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\resumegameover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\submitup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagain.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\tryagainover.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_over.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\upgrade_up.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewglobalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewhighscoreon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocal.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\buttons\viewlocalup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\comics\webcomic.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\career.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\customer.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\endless.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\global.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\config\powerups.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\cook.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cook\stove.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\arrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\click2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\grab.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\cursor\open.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\old_male\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\blue\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\green\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\purple\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\red\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\anim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\customers\young_female\yellow\sit_legs.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\idle.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\lower.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\flo\upper.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\arial.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\fonts\komikaaxis.mvec
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dirt4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\dishcart.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_off.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\drinkstation_on2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\chair.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\furniture\ticketstation.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdown.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowdownon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowleft.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowlefton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowright.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowrighton.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\arrowupon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\p1icon.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\textedit.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\hiscore\title.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_1_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_2_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_a.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_b.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_c.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\endless_1_3_d.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fifth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\first_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\fourth_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\layouts\second_level_diner.txt
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\playfirst_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\background.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food1.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food2.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\food\food3.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\frames\upgrade_0001.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\2top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\tables\4top.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\diner\upgrades.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\restaurants\tableshadow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\credits.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\game.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\gothighscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\help2.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscore.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoreinfo.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\hiscoresubmit.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\choosedifficulty.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooseplayer.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\chooserestaurant.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\levelover.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\loading.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainloop.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\mainmenu.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\ok.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\pause.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\style.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\tutorialintro.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upgrade.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\upsell.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\webcomic.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\scripts\yesno.lua
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\aol_logo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\gamelabsplash.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\splash\playfirst_logo.jpg
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\strings.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\angersmoke.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\clock.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closed.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\closingtime.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\coinflip.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\dollar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\coffee.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\tables.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\doodles\wallpaper.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expert.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\expertscore.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\foodpoof.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\fork_timer.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\goalcompleted.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\heartgrow.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\chairflags.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\check.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\checkmark.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\jar.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\level_career.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\score.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\sound.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staroff.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\staron.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tablenumberup.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\traynumber.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorial_character.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialarrow.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\tutorialbox.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgradeanim.xml
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\drinks.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\maitred.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\oven.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\select.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\shoes.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\stereo.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\assets\ui\upgrades\table.png
c:\windows\Downloaded Program Files\DinerDash.1.0.0.80\dinerdash.exe
c:\windows\Downloaded Program Files\Install.inf
E:\AUTORUN.INF
E:\install.exe

Nakažená kopie c:\windows\system32\drivers\rdpcdd.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty had a snack :p
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-09-28 do 2010-10-31 )))))))))))))))))))))))))))))))
.

2010-10-29 14:20 . 2010-10-29 14:31 -------- d-----w- c:\program files\Ultimate Process Manager
2010-10-29 14:01 . 2010-10-29 14:01 -------- d-----w- c:\program files\CCleaner
2010-10-28 18:25 . 2010-10-28 18:24 390144 ----a-w- c:\windows\system32\CF28840.exe
2010-10-28 12:44 . 2008-04-14 06:52 73796 ------w- c:\windows\system32\slserv.exe
2010-10-28 12:41 . 2008-04-14 06:51 4255 ------w- c:\windows\system32\drivers\adv01nt5.dll
2010-10-28 12:40 . 2008-04-14 06:51 15423 ------w- c:\windows\system32\drivers\ch7xxnt5.dll
2010-10-28 12:39 . 2006-12-28 22:31 19569 ----a-w- c:\windows\002994_.tmp
2010-10-24 17:27 . 2010-10-24 17:27 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\DSS
2010-10-20 13:48 . 2008-06-13 12:21 450560 ----a-w- c:\windows\system32\GDS32.DLL
2010-10-20 13:48 . 2008-06-13 12:26 462848 ----a-w- c:\windows\system32\Firebird2Control.cpl
2010-10-20 13:48 . 2010-10-20 13:48 -------- d-----w- c:\program files\Firebird
2010-10-20 13:27 . 2010-10-20 13:27 -------- d-----w- c:\documents and settings\Zbyněk\Local Settings\Data aplikací\MRP
2010-10-14 13:53 . 2010-10-14 14:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Tools
2010-10-04 13:35 . 2010-10-29 13:37 -------- d-----w- c:\program files\Crawler

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 18:35 . 2010-09-29 18:35 223 ----a-w- c:\documents and settings\Zbyněk\Data aplikací\jsdfgs.bat
2010-09-11 14:19 . 2010-09-11 14:19 1409 ----a-w- c:\windows\QTFont.for
2010-09-07 15:12 . 2010-06-29 11:59 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-06-18 07:29 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-06-18 07:29 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-06-18 07:29 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-06-18 07:29 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-06-18 07:29 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-06-18 07:29 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-06-18 07:29 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-06-18 07:29 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-06 17:18 . 2010-09-06 17:18 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-09-06 17:18 . 2010-09-06 17:18 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-09-06 17:18 . 2010-09-06 17:18 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2009-08-31 15:55 . 2009-10-12 14:21 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2005-10-18 19:01 331776 ----a-w- c:\program files\Atheros\ACU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2007-07-02 10:27 219520 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
2002-10-15 17:00 1818624 ----a-w- c:\windows\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-08-20 19:45 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 06:01 180736 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]
2010-01-04 19:13 23941120 ----a-w- c:\program files\CounterPath\X-Lite\x-lite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-10 21:56 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-04-13 10:09 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-01-31 22:13 385024 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2005-12-07 21:57 30208 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-11-20 08:17 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-11-16 21:42 577536 ----a-r- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-11-24 20:24 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-03-27 10:32 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CounterPath\\X-Lite\\x-lite.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [18.6.2010 8:29 165584]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [18.6.2010 8:29 17744]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [20.10.2010 14:48 81920]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [20.10.2010 14:48 2723840]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [28.11.2009 11:04 27632]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [7.9.2010 11:02 90112]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [6.9.2010 18:18 13224]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [5.6.2009 14:43 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [5.6.2009 14:43 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [5.6.2009 14:43 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [5.6.2009 14:43 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [5.6.2009 14:43 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [5.6.2009 14:43 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [5.6.2009 14:43 109736]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [5.6.2009 14:43 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [5.6.2009 14:43 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [5.6.2009 14:43 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [5.6.2009 14:43 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [5.6.2009 14:43 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [5.6.2009 14:43 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [5.6.2009 14:43 109864]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [8.11.2007 12:49 717296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-10-04 c:\windows\Tasks\Install.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-07-25 15:26]

2010-10-31 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-839522115-1177238915-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-10-29 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-839522115-1177238915-725345543-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-10-29 c:\windows\Tasks\User_Feed_Synchronization-{246CFACA-C0B6-49CE-B54C-27B3EAC436E6}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60341
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
DPF: {8ACDC08B-DC64-4613-97F2-299B65F66E1D} - hxxp://www.digimeld.com/download/digimeldOcx.CAB
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://icq.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
FF - ProfilePath - c:\documents and settings\Zbyněk\Data aplikací\Mozilla\Firefox\Profiles\klolz1cb.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60341&qkw=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Data aplikací\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprjplug.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe
AddRemove-Sniper - Path of Vengeance - e:\hra\Uninst.isu

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-31 14:20
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-839522115-1177238915-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:6b,d2,1d,c8,5e,81,c6,39,07,3e,41,fd,09,97,b0,03,cd,23,82,fc,42,b4,8b,
01,2a,8a,fe,71,c3,e5,1f,b1,6a,2d,75,6d,93,cb,de,25,30,8b,b7,fe,0e,95,cc,4f,\
"??"=hex:34,5d,ab,11,db,ba,d5,0d,bc,da,71,86,a7,58,7c,1a

[HKEY_USERS\S-1-5-21-839522115-1177238915-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:36,16,cf,fe,1d,2f,c5,29,b8,bd,3e,a2,fe,d8,5d,4c,73,e3,94,f4,0a,
e7,dd,9b,a0,75,e5,d4,a2,14,94,9d,69,0d,14,18,63,75,69,ae,26,e6,a0,10,c7,9f,\
"rkeysecu"=hex:7f,d4,5b,66,d1,98,1b,39,5e,20,33,20,57,6b,f3,3f
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-10-31 14:22:25
ComboFix-quarantined-files.txt 2010-10-31 13:22

Před spuštěním: Volných bajtů: 13 966 315 520
Po spuštění: Volných bajtů: 13 964 468 224

- - End Of File - - B76436D5ED417CA24DF8ED8A90B3A3EA

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřrte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\002994_.tmp

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

OK, mockrát děkuji. Vše ok!

Nemáte zač!

VIRY.CZ

Asi pár virů..

Asi pár virů..

Re: Asi pár virů..

Re: Asi pár virů..

Re: Asi pár virů..

Re: Asi pár virů..

Re: Asi pár virů..