VIRY.CZ

Logfile of random's system information tool 1.06 (written by random/random)
Run by Hana Pojmonová at 2010-11-22 16:58:01
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (42%) free of 15 GB
Total RAM: 1012 MB (56% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-15 16862720]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2006-07-17 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-24 1044480]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-05-13 821768]
"M3000Mnt"=M3000Rmv.dll ,WinMainRmv /StartStillMnt []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-10-17 62464]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-14 171008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"NVIDIA driver monitor"=C:\WINDOWS\nvsvc32.exe [2010-10-17 62464]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-11 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoStart]
C:\DOCUME~1\HANAPO~1\LOCALS~1\Temp\9141.exe [2010-11-20 31232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boodak]
C:\WINDOWS\system32\jofebe.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\Documents and Settings\Hana Pojmonová\fxyw.exe [2010-11-18 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-09-23 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Firewall]
C:\DOCUME~1\HANAPO~1\LOCALS~1\Temp\lsass.exe [2010-11-14 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0hxd66k.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0hxd66k.exe [2010-11-16 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0pfl60n.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0pfl60n.exe [2010-11-18 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0zu0lg0.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0zu0lg0.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^15k7brh.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\15k7brh.exe [2010-11-15 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^1yze3a1.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\1yze3a1.exe [2010-11-19 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^66k81wh.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\66k81wh.exe [2010-11-19 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^6douu5v.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\6douu5v.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^6s86e3a.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\6s86e3a.exe [2010-11-16 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^70aaqg0.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\70aaqg0.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^bg8703ek5f.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\bg8703ek5f.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^c1yo1klq.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\c1yo1klq.exe [2010-11-19 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^fqlgmm3yy.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\fqlgmm3yy.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^g81sdezf66w.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\g81sdezf66w.exe [2010-11-16 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^grniojf66w.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\grniojf66w.exe [2010-11-19 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^j5k7brh3.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\j5k7brh3.exe [2010-11-15 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^jkf081mx.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\jkf081mx.exe [2010-11-18 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^l03c6duk5.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\l03c6duk5.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^mhn66e3a1w.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\mhn66e3a1w.exe [2010-11-19 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^n0jo81lghm8.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\n0jo81lghm8.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^q3cxnoz081g.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\q3cxnoz081g.exe [2010-11-20 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qgmm3yy7.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qgmm3yy7.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qlr66i86u8.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qlr66i86u8.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qmrnddze86g.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qmrnddze86g.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qq6m8703u.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qq6m8703u.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s0o31gb0m7.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s0o31gb0m7.exe [2010-11-15 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s1zjfabg.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s1zjfabg.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s3o1klq8703.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s3o1klq8703.exe [2010-11-19 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^tu6ag3w5.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\tu6ag3w5.exe [2010-11-19 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^ty86k870.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\ty86k870.exe [2010-11-16 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^u5vgrsnt60.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\u5vgrsnt60.exe [2010-11-20 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^up081whidtu.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\up081whidtu.exe [2010-11-20 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^w2xyt03k0lw.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\w2xyt03k0lw.exe [2010-11-16 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^wx1oo6u0.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\wx1oo6u0.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^x081epqlr.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\x081epqlr.exe [2010-11-16 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^xsjzzffgbr.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\xsjzzffgbr.exe [2010-11-20 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^y5k7brh3ez.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\y5k7brh3ez.exe [2010-11-15 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^yejuk780c.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\yejuk780c.exe [2010-11-19 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^zuva86m81y.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\zuva86m81y.exe [2010-11-18 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2
"MpfService"=2
"mnmsrvc"=3
"McSysmon"=3
"McShield"=2
"McProxy"=2
"McODS"=3
"McNASvc"=2
"mcmscsvc"=2
"McAfee SiteAdvisor Service"=2
"gusvc"=3
"GoogleDesktopManager-080708-050100"=3

C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění
6douu5v.exe
fqlgmm3yy.exe
qgmm3yy7.exe
wx1oo6u0.exe
15k7brh.exe
s0o31gb0m7.exe
j5k7brh3.exe
y5k7brh3ez.exe
6s86e3a.exe
g81sdezf66w.exe
0hxd66k.exe
w2xyt03k0lw.exe
x081epqlr.exe
ty86k870.exe
qlr66i86u8.exe
s1zjfabg.exe
n0jo81lghm8.exe
qq6m8703u.exe
l03c6duk5.exe
bg8703ek5f.exe
qmrnddze86g.exe
70aaqg0.exe
0zu0lg0.exe
jkf081mx.exe
0pfl60n.exe
zuva86m81y.exe
1yze3a1.exe
mhn66e3a1w.exe
s3o1klq8703.exe
66k81wh.exe
tu6ag3w5.exe
yejuk780c.exe
c1yo1klq.exe
grniojf66w.exe
q3cxnoz081g.exe
up081whidtu.exe
xsjzzffgbr.exe
u5vgrsnt60.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-14 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tvvalvlx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tvvalvlx.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Hana Pojmonová\Plocha\P1753577.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb4ca8e2-f648-11df-a645-00242bbd3bb8}]
shell\AutoRun\command - D:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe
shell\open\command - D:\TTHDHGC\DFG-2352-66235-2352322-634621321-6662355\364855.exe


======List of files/folders created in the last 1 months======

2010-11-22 16:58:01 ----D---- C:\rsit
2010-11-22 16:58:01 ----D---- C:\Program Files\trend micro
2010-11-22 16:47:15 ----D---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\HEXelon
2010-11-22 16:42:31 ----D---- C:\Program Files\TC UP
2010-11-22 15:58:56 ----D---- C:\Program Files\Yahoo!
2010-11-22 15:58:45 ----D---- C:\Program Files\CCleaner
2010-11-21 19:23:41 ----RA---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\k6jLC.txt
2010-11-20 19:30:28 ----A---- C:\wifi32.exe
2010-11-18 20:19:33 ----A---- C:\nlw.exe
2010-11-18 19:28:32 ----SHD---- C:\FOUND.000
2010-11-17 18:22:23 ----D---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\BSplayer
2010-11-17 15:59:32 ----D---- C:\Program Files\Conduit
2010-11-17 15:59:11 ----D---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\BSplayer Pro
2010-11-17 15:59:05 ----D---- C:\Program Files\Webteh
2010-11-16 19:52:51 ----A---- C:\winn27.exe
2010-11-14 09:17:37 ----RSHD---- C:\RECYCLER
2010-11-13 19:58:42 ----RSH---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\juzjf.exe
2010-11-13 19:58:22 ----A---- C:\t6.exe

======List of files/folders modified in the last 1 months======

2010-11-22 16:36:40 ----RASH---- C:\boot.ini
2010-11-22 16:36:40 ----A---- C:\WINDOWS\win.ini
2010-11-22 16:36:40 ----A---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-05-20 1312576]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-07 16896]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-14 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000]
R3 M3000Srv;Acer Crystal Eye webcam Driver; C:\WINDOWS\System32\Drivers\M3000KNT.sys [2008-08-06 151936]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-04-24 225024]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 qcj265c;qcj265c; C:\WINDOWS\System32\drivers\qcj265c.sys [2010-11-16 138272]
S1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 int15.sys;int15.sys; \??\c:\acernb\int15.sys []
S3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-07-07 96856]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 f5wmaeu4;RUMBA AS/400 Shared Folders; C:\Documents and Settings\Hana Pojmonová\Data aplikací\Microsoft\roulyke.exe [2010-11-19 201216]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Postupujte dále dle tohoto návodu:
http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 10-11-22.01 - Hana Pojmonová 22.11.2010 21:24:09.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1012.590 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hana Pojmonová\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 101122-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Hana Pojmonová\Data aplikací\Microsoft\dyvoopou.exe
c:\documents and settings\Hana Pojmonová\Data aplikací\Microsoft\jofebe.exe
c:\documents and settings\Hana Pojmonová\Data aplikací\Microsoft\roulyke.exe
c:\recycler\S-1-5-21-2768641779-7308119087-725856793-5782\yv8g67.exe
c:\windows\nvsvc32.exe
c:\windows\System32\drivers\qcj265c.sys
c:\windows\system32\jofebe.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_f5wmaeu4
-------\Legacy_qcj265c
-------\Service_f5wmaeu4
-------\Service_qcj265c


((((((((((((((((((((((((( Soubory vytvořené od 2010-10-23 do 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-22 20:09 . 2010-11-22 20:09 18432 ---ha-w- c:\documents and settings\Hana Pojmonová\indjjsf.exe
2010-11-22 16:13 . 2010-11-22 16:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-11-22 15:58 . 2010-11-22 15:58 -------- d-----w- C:\rsit
2010-11-22 15:58 . 2010-11-22 15:58 -------- d-----w- c:\program files\trend micro
2010-11-22 15:54 . 2010-11-22 15:54 -------- d-----w- c:\documents and settings\Hana Pojmonová\Local Settings\Data aplikací\GHISLER
2010-11-22 15:47 . 2010-11-22 15:47 -------- d-----w- c:\documents and settings\Hana Pojmonová\Data aplikací\HEXelon
2010-11-22 15:42 . 2010-11-22 15:42 -------- d-----w- c:\program files\TC UP
2010-11-22 14:58 . 2010-11-22 14:58 -------- d-----w- c:\program files\Yahoo!
2010-11-22 14:58 . 2010-11-22 14:58 -------- d-----w- c:\program files\CCleaner
2010-11-20 18:30 . 2010-11-20 18:30 85504 ----a-w- C:\wifi32.exe
2010-11-18 19:19 . 2010-11-18 19:19 187904 ----a-w- C:\nlw.exe
2010-11-18 18:31 . 2010-11-18 18:31 19456 ---ha-w- c:\documents and settings\Hana Pojmonová\fxyw.exe
2010-11-18 18:28 . 2010-11-18 18:28 -------- d-----w- C:\FOUND.000
2010-11-17 17:22 . 2010-11-17 17:22 -------- d-----w- c:\documents and settings\Hana Pojmonová\Data aplikací\BSplayer
2010-11-17 14:59 . 2010-11-17 14:59 -------- d-----w- c:\program files\Conduit
2010-11-17 14:59 . 2010-11-17 14:59 -------- d-----w- c:\documents and settings\Hana Pojmonová\Local Settings\Data aplikací\Conduit
2010-11-17 14:59 . 2010-11-17 14:59 -------- d-----w- c:\documents and settings\Hana Pojmonová\Data aplikací\BSplayer Pro
2010-11-17 14:59 . 2010-11-17 14:59 -------- d-----w- c:\program files\Webteh
2010-11-16 18:52 . 2010-11-17 15:35 193024 ----a-w- C:\winn27.exe
2010-11-15 18:43 . 2010-11-15 18:43 19456 ---ha-w- c:\documents and settings\Hana Pojmonová\bgmap.exe
2010-11-13 18:58 . 2010-11-13 18:58 91136 --sh--r- c:\documents and settings\Hana Pojmonová\Data aplikací\juzjf.exe
2010-11-13 18:58 . 2010-11-13 18:58 91136 ----a-w- C:\t6.exe
2010-11-04 10:58 . 2010-11-04 10:58 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-11-04 10:58 . 2010-11-04 10:58 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M3000Mnt"="M3000Rmv.dll " [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-15 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-24 1044480]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-13 821768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Hana Pojmonov \Nabˇdka Start\Programy\Po spuçtŘnˇ\
6douu5v.exe [2010-11-14 60416]
fqlgmm3yy.exe [2010-11-14 60416]
qgmm3yy7.exe [2010-11-14 60416]
wx1oo6u0.exe [2010-11-14 60416]
15k7brh.exe [2010-11-15 60416]
s0o31gb0m7.exe [2010-11-15 60416]
j5k7brh3.exe [2010-11-15 60416]
y5k7brh3ez.exe [2010-11-15 60416]
6s86e3a.exe [2010-11-16 60416]
g81sdezf66w.exe [2010-11-16 60416]
0hxd66k.exe [2010-11-16 60416]
w2xyt03k0lw.exe [2010-11-16 60416]
x081epqlr.exe [2010-11-16 60416]
ty86k870.exe [2010-11-16 60416]
qlr66i86u8.exe [2010-11-17 60416]
s1zjfabg.exe [2010-11-17 60416]
n0jo81lghm8.exe [2010-11-17 60416]
qq6m8703u.exe [2010-11-17 60416]
l03c6duk5.exe [2010-11-17 60416]
bg8703ek5f.exe [2010-11-17 60416]
qmrnddze86g.exe [2010-11-17 60416]
70aaqg0.exe [2010-11-17 60416]
0zu0lg0.exe [2010-11-17 60416]
jkf081mx.exe [2010-11-18 43008]
0pfl60n.exe [2010-11-18 43008]
zuva86m81y.exe [2010-11-18 43008]
1yze3a1.exe [2010-11-19 43008]
mhn66e3a1w.exe [2010-11-19 43008]
s3o1klq8703.exe [2010-11-19 43008]
66k81wh.exe [2010-11-19 43008]
tu6ag3w5.exe [2010-11-19 43008]
yejuk780c.exe [2010-11-19 43008]
c1yo1klq.exe [2010-11-19 43008]
grniojf66w.exe [2010-11-19 43008]
q3cxnoz081g.exe [2010-11-20 43008]
up081whidtu.exe [2010-11-20 43008]
xsjzzffgbr.exe [2010-11-20 43008]
u5vgrsnt60.exe [2010-11-20 43008]
1j70qqg.exe [2010-11-22 43008]
81ozavl.exe [2010-11-22 43008]
0tjp60r.exe [2010-11-22 43008]
jzk1abg81.exe [2010-11-22 43008]
1bsdyjp.exe [2010-11-22 43008]
vmrcnyjp.exe [2010-11-22 43008]
gr8s1oka0g.exe [2010-11-22 43008]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tvvalvlx.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0hxd66k.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0hxd66k.exe
backup=c:\windows\pss\0hxd66k.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0pfl60n.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0pfl60n.exe
backup=c:\windows\pss\0pfl60n.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0zu0lg0.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0zu0lg0.exe
backup=c:\windows\pss\0zu0lg0.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^15k7brh.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\15k7brh.exe
backup=c:\windows\pss\15k7brh.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^1yze3a1.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\1yze3a1.exe
backup=c:\windows\pss\1yze3a1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^66k81wh.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\66k81wh.exe
backup=c:\windows\pss\66k81wh.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^6douu5v.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\6douu5v.exe
backup=c:\windows\pss\6douu5v.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^6s86e3a.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\6s86e3a.exe
backup=c:\windows\pss\6s86e3a.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^70aaqg0.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\70aaqg0.exe
backup=c:\windows\pss\70aaqg0.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^bg8703ek5f.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\bg8703ek5f.exe
backup=c:\windows\pss\bg8703ek5f.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^c1yo1klq.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\c1yo1klq.exe
backup=c:\windows\pss\c1yo1klq.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^fqlgmm3yy.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\fqlgmm3yy.exe
backup=c:\windows\pss\fqlgmm3yy.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^g81sdezf66w.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\g81sdezf66w.exe
backup=c:\windows\pss\g81sdezf66w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^grniojf66w.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\grniojf66w.exe
backup=c:\windows\pss\grniojf66w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^j5k7brh3.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\j5k7brh3.exe
backup=c:\windows\pss\j5k7brh3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^jkf081mx.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\jkf081mx.exe
backup=c:\windows\pss\jkf081mx.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^l03c6duk5.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\l03c6duk5.exe
backup=c:\windows\pss\l03c6duk5.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^mhn66e3a1w.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\mhn66e3a1w.exe
backup=c:\windows\pss\mhn66e3a1w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^n0jo81lghm8.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\n0jo81lghm8.exe
backup=c:\windows\pss\n0jo81lghm8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^q3cxnoz081g.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\q3cxnoz081g.exe
backup=c:\windows\pss\q3cxnoz081g.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qgmm3yy7.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qgmm3yy7.exe
backup=c:\windows\pss\qgmm3yy7.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qlr66i86u8.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qlr66i86u8.exe
backup=c:\windows\pss\qlr66i86u8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qmrnddze86g.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qmrnddze86g.exe
backup=c:\windows\pss\qmrnddze86g.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qq6m8703u.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qq6m8703u.exe
backup=c:\windows\pss\qq6m8703u.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s0o31gb0m7.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s0o31gb0m7.exe
backup=c:\windows\pss\s0o31gb0m7.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s1zjfabg.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s1zjfabg.exe
backup=c:\windows\pss\s1zjfabg.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s3o1klq8703.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s3o1klq8703.exe
backup=c:\windows\pss\s3o1klq8703.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^tu6ag3w5.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\tu6ag3w5.exe
backup=c:\windows\pss\tu6ag3w5.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^ty86k870.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\ty86k870.exe
backup=c:\windows\pss\ty86k870.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^u5vgrsnt60.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\u5vgrsnt60.exe
backup=c:\windows\pss\u5vgrsnt60.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^up081whidtu.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\up081whidtu.exe
backup=c:\windows\pss\up081whidtu.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^w2xyt03k0lw.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\w2xyt03k0lw.exe
backup=c:\windows\pss\w2xyt03k0lw.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^wx1oo6u0.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\wx1oo6u0.exe
backup=c:\windows\pss\wx1oo6u0.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^x081epqlr.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\x081epqlr.exe
backup=c:\windows\pss\x081epqlr.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^xsjzzffgbr.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\xsjzzffgbr.exe
backup=c:\windows\pss\xsjzzffgbr.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^y5k7brh3ez.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\y5k7brh3ez.exe
backup=c:\windows\pss\y5k7brh3ez.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^yejuk780c.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\yejuk780c.exe
backup=c:\windows\pss\yejuk780c.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^zuva86m81y.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\zuva86m81y.exe
backup=c:\windows\pss\zuva86m81y.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Hana Pojmonová\fxyw.exe \u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-11 16:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 03:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 03:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
2008-09-23 04:53 6144 ----a-w- c:\program files\Acer\WR_PopUp\ProductReg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 14:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 18:29 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"mnmsrvc"=3 (0x3)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager-080708-050100"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Hana Pojmonová\\Plocha\\P1753577.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 tvvalvlx;tvvalvlx;c:\windows\system32\Drivers\tvvalvlx.sys --> c:\windows\system32\Drivers\tvvalvlx.sys [?]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.6.2009 17:49 114768]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.6.2009 17:49 20560]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [25.4.2009 18:19 151936]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [30.11.2008 1:09 96856]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=0&o=xph&d=0409&m=aoa110
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {53AA6D19-10CE-49B0-BF55-A09F866BDB1E} = 192.168.150.237,194.228.2.1
FF - ProfilePath - c:\documents and settings\Hana Pojmonová\Data aplikací\Mozilla\Firefox\Profiles\9d2kfv4h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
FF - component: c:\documents and settings\Hana Pojmonová\Data aplikací\Mozilla\Firefox\Profiles\9d2kfv4h.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Hana Pojmonová\Data aplikací\Mozilla\Firefox\Profiles\9d2kfv4h.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-boodak - c:\windows\system32\jofebe.exe
MSConfigStartUp-AutoStart - c:\docume~1\HANAPO~1\LOCALS~1\Temp\9141.exe
MSConfigStartUp-boodak - c:\windows\system32\jofebe.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-Windows Firewall - c:\docume~1\HANAPO~1\LOCALS~1\Temp\lsass.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 05:18
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\msctfime.ime

- - - - - - - > 'explorer.exe'(3924)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\fxssvc.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\docume~1\HANAPO~1\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Celkový čas: 2010-11-23 05:25:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-23 04:24

Před spuštěním: 6 633 938 944
Po spuštění: 6 619 226 112

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - B22511C7DB50BF9A77444DCDD45D8B0E

pokud jste tak jeste neucinil, presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:
ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:



po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem

Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou fukncni konfiguraci

ComboFix 10-11-22.05 - Hana Pojmonová 23.11.2010 15:05:52.2.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1012.531 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hana Pojmonová\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hana Pojmonová\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 101123-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\Hana Pojmonová\bgmap.exe"
"c:\documents and settings\Hana Pojmonová\Data aplikací\juzjf.exe"
"c:\documents and settings\Hana Pojmonová\fxyw.exe"
"c:\documents and settings\Hana Pojmonová\indjjsf.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0hxd66k.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0pfl60n.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0zu0lg0.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\15k7brh.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\1yze3a1.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\66k81wh.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\6douu5v.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\6s86e3a.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\70aaqg0.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\bg8703ek5f.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\c1yo1klq.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\fqlgmm3yy.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\g81sdezf66w.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\grniojf66w.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\j5k7brh3.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\jkf081mx.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\l03c6duk5.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\mhn66e3a1w.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\n0jo81lghm8.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\q3cxnoz081g.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qgmm3yy7.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qlr66i86u8.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qmrnddze86g.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qq6m8703u.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s0o31gb0m7.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s1zjfabg.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s3o1klq8703.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\tu6ag3w5.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\ty86k870.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\u5vgrsnt60.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\up081whidtu.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\w2xyt03k0lw.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\wx1oo6u0.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\x081epqlr.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\xsjzzffgbr.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\y5k7brh3ez.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\yejuk780c.exe"
"c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\zuva86m81y.exe"
"c:\documents and settings\Hana Pojmonová\Plocha\P1753577.JPG-www.facebook.exe"
"C:\nlw.exe"
"C:\t6.exe"
"C:\wifi32.exe"
"c:\windows\nvsvc32.exe"
"c:\windows\pss\0hxd66k.exeStartup"
"c:\windows\pss\0pfl60n.exeStartup"
"c:\windows\pss\0zu0lg0.exeStartup"
"c:\windows\pss\15k7brh.exeStartup"
"c:\windows\pss\1yze3a1.exeStartup"
"c:\windows\pss\66k81wh.exeStartup"
"c:\windows\pss\6douu5v.exeStartup"
"c:\windows\pss\6s86e3a.exeStartup"
"c:\windows\pss\70aaqg0.exeStartup"
"c:\windows\pss\bg8703ek5f.exeStartup"
"c:\windows\pss\c1yo1klq.exeStartup"
"c:\windows\pss\fqlgmm3yy.exeStartup"
"c:\windows\pss\g81sdezf66w.exeStartup"
"c:\windows\pss\grniojf66w.exeStartup"
"c:\windows\pss\j5k7brh3.exeStartup"
"c:\windows\pss\jkf081mx.exeStartup"
"c:\windows\pss\l03c6duk5.exeStartup"
"c:\windows\pss\mhn66e3a1w.exeStartup"
"c:\windows\pss\n0jo81lghm8.exeStartup"
"c:\windows\pss\q3cxnoz081g.exeStartup"
"c:\windows\pss\qgmm3yy7.exeStartup"
"c:\windows\pss\qlr66i86u8.exeStartup"
"c:\windows\pss\qmrnddze86g.exeStartup"
"c:\windows\pss\qq6m8703u.exeStartup"
"c:\windows\pss\s0o31gb0m7.exeStartup"
"c:\windows\pss\s1zjfabg.exeStartup"
"c:\windows\pss\s3o1klq8703.exeStartup"
"c:\windows\pss\tu6ag3w5.exeStartup"
"c:\windows\pss\ty86k870.exeStartup"
"c:\windows\pss\u5vgrsnt60.exeStartup"
"c:\windows\pss\up081whidtu.exeStartup"
"c:\windows\pss\w2xyt03k0lw.exeStartup"
"c:\windows\pss\wx1oo6u0.exeStartup"
"c:\windows\pss\x081epqlr.exeStartup"
"c:\windows\pss\xsjzzffgbr.exeStartup"
"c:\windows\pss\y5k7brh3ez.exeStartup"
"c:\windows\pss\yejuk780c.exeStartup"
"c:\windows\pss\zuva86m81y.exeStartup"
"C:\winn27.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\FOUND.000
c:\found.000\FILE0000.CHK
c:\found.000\FILE0001.CHK
c:\found.000\FILE0002.CHK
c:\found.000\FILE0003.CHK
c:\found.000\FILE0004.CHK
c:\found.000\FILE0005.CHK
c:\found.000\FILE0006.CHK
c:\found.000\FILE0007.CHK
c:\found.000\FILE0008.CHK
c:\found.000\FILE0009.CHK
c:\found.000\FILE0010.CHK
c:\found.000\FILE0011.CHK
c:\found.000\FILE0012.CHK
c:\found.000\FILE0013.CHK
c:\found.000\FILE0014.CHK
c:\found.000\FILE0015.CHK
c:\found.000\FILE0016.CHK
C:\nlw.exe
C:\t6.exe
C:\wifi32.exe
c:\windows\pss\0hxd66k.exeStartup
c:\windows\pss\0pfl60n.exeStartup
c:\windows\pss\0zu0lg0.exeStartup
c:\windows\pss\15k7brh.exeStartup
c:\windows\pss\1yze3a1.exeStartup
c:\windows\pss\66k81wh.exeStartup
c:\windows\pss\6douu5v.exeStartup
c:\windows\pss\6s86e3a.exeStartup
c:\windows\pss\70aaqg0.exeStartup
c:\windows\pss\bg8703ek5f.exeStartup
c:\windows\pss\c1yo1klq.exeStartup
c:\windows\pss\fqlgmm3yy.exeStartup
c:\windows\pss\g81sdezf66w.exeStartup
c:\windows\pss\grniojf66w.exeStartup
c:\windows\pss\j5k7brh3.exeStartup
c:\windows\pss\jkf081mx.exeStartup
c:\windows\pss\l03c6duk5.exeStartup
c:\windows\pss\mhn66e3a1w.exeStartup
c:\windows\pss\n0jo81lghm8.exeStartup
c:\windows\pss\q3cxnoz081g.exeStartup
c:\windows\pss\qgmm3yy7.exeStartup
c:\windows\pss\qlr66i86u8.exeStartup
c:\windows\pss\qmrnddze86g.exeStartup
c:\windows\pss\qq6m8703u.exeStartup
c:\windows\pss\s0o31gb0m7.exeStartup
c:\windows\pss\s1zjfabg.exeStartup
c:\windows\pss\s3o1klq8703.exeStartup
c:\windows\pss\tu6ag3w5.exeStartup
c:\windows\pss\ty86k870.exeStartup
c:\windows\pss\u5vgrsnt60.exeStartup
c:\windows\pss\up081whidtu.exeStartup
c:\windows\pss\w2xyt03k0lw.exeStartup
c:\windows\pss\wx1oo6u0.exeStartup
c:\windows\pss\x081epqlr.exeStartup
c:\windows\pss\xsjzzffgbr.exeStartup
c:\windows\pss\y5k7brh3ez.exeStartup
c:\windows\pss\yejuk780c.exeStartup
c:\windows\pss\zuva86m81y.exeStartup
C:\winn27.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_TVVALVLX
-------\Service_tvvalvlx


((((((((((((((((((((((((( Soubory vytvořené od 2010-10-23 do 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-22 20:09 . 2010-11-22 20:09 18432 ---ha-w- c:\documents and settings\Hana Pojmonová\indjjsf.exe
2010-11-22 16:13 . 2010-11-22 16:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-11-22 15:58 . 2010-11-22 15:58 -------- d-----w- C:\rsit
2010-11-22 15:58 . 2010-11-22 15:58 -------- d-----w- c:\program files\trend micro
2010-11-22 15:54 . 2010-11-22 15:54 -------- d-----w- c:\documents and settings\Hana Pojmonová\Local Settings\Data aplikací\GHISLER
2010-11-22 15:47 . 2010-11-22 15:47 -------- d-----w- c:\documents and settings\Hana Pojmonová\Data aplikací\HEXelon
2010-11-22 15:42 . 2010-11-22 15:42 -------- d-----w- c:\program files\TC UP
2010-11-22 14:58 . 2010-11-22 14:58 -------- d-----w- c:\program files\Yahoo!
2010-11-22 14:58 . 2010-11-22 14:58 -------- d-----w- c:\program files\CCleaner
2010-11-18 18:31 . 2010-11-18 18:31 19456 ---ha-w- c:\documents and settings\Hana Pojmonová\fxyw.exe
2010-11-17 17:22 . 2010-11-17 17:22 -------- d-----w- c:\documents and settings\Hana Pojmonová\Data aplikací\BSplayer
2010-11-17 14:59 . 2010-11-17 14:59 -------- d-----w- c:\program files\Conduit
2010-11-17 14:59 . 2010-11-17 14:59 -------- d-----w- c:\documents and settings\Hana Pojmonová\Local Settings\Data aplikací\Conduit
2010-11-17 14:59 . 2010-11-17 14:59 -------- d-----w- c:\documents and settings\Hana Pojmonová\Data aplikací\BSplayer Pro
2010-11-17 14:59 . 2010-11-17 14:59 -------- d-----w- c:\program files\Webteh
2010-11-15 18:45 . 2010-11-15 18:45 40128 ----a-w- c:\windows\system32\drivers\tvvalvlx.sys
2010-11-15 18:43 . 2010-11-15 18:43 19456 ---ha-w- c:\documents and settings\Hana Pojmonová\bgmap.exe
2010-11-13 18:58 . 2010-11-13 18:58 91136 --sh--r- c:\documents and settings\Hana Pojmonová\Data aplikací\juzjf.exe
2010-11-04 10:58 . 2010-11-04 10:58 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-11-04 10:58 . 2010-11-04 10:58 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\ ----



((((((((((((((((((((((((((((( SnapShot@2010-11-23_04.18.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-23 14:16 . 2010-11-23 14:16 16384 c:\windows\Temp\Perflib_Perfdata_5dc.dat
+ 2010-11-23 13:47 . 2010-11-23 13:47 16384 c:\windows\Temp\Perflib_Perfdata_5d4.dat
+ 2010-11-18 18:31 . 2010-11-22 20:09 45568 c:\windows\system32\secupdat.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M3000Mnt"="M3000Rmv.dll " [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-15 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-24 1044480]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-13 821768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Hana Pojmonov \Nabˇdka Start\Programy\Po spuçtŘnˇ\
6douu5v.exe [2010-11-14 60416]
fqlgmm3yy.exe [2010-11-14 60416]
qgmm3yy7.exe [2010-11-14 60416]
wx1oo6u0.exe [2010-11-14 60416]
15k7brh.exe [2010-11-15 60416]
s0o31gb0m7.exe [2010-11-15 60416]
j5k7brh3.exe [2010-11-15 60416]
y5k7brh3ez.exe [2010-11-15 60416]
6s86e3a.exe [2010-11-16 60416]
g81sdezf66w.exe [2010-11-16 60416]
0hxd66k.exe [2010-11-16 60416]
w2xyt03k0lw.exe [2010-11-16 60416]
x081epqlr.exe [2010-11-16 60416]
ty86k870.exe [2010-11-16 60416]
qlr66i86u8.exe [2010-11-17 60416]
s1zjfabg.exe [2010-11-17 60416]
n0jo81lghm8.exe [2010-11-17 60416]
qq6m8703u.exe [2010-11-17 60416]
l03c6duk5.exe [2010-11-17 60416]
bg8703ek5f.exe [2010-11-17 60416]
qmrnddze86g.exe [2010-11-17 60416]
70aaqg0.exe [2010-11-17 60416]
0zu0lg0.exe [2010-11-17 60416]
jkf081mx.exe [2010-11-18 43008]
0pfl60n.exe [2010-11-18 43008]
zuva86m81y.exe [2010-11-18 43008]
1yze3a1.exe [2010-11-19 43008]
mhn66e3a1w.exe [2010-11-19 43008]
s3o1klq8703.exe [2010-11-19 43008]
66k81wh.exe [2010-11-19 43008]
tu6ag3w5.exe [2010-11-19 43008]
yejuk780c.exe [2010-11-19 43008]
c1yo1klq.exe [2010-11-19 43008]
grniojf66w.exe [2010-11-19 43008]
q3cxnoz081g.exe [2010-11-20 43008]
up081whidtu.exe [2010-11-20 43008]
xsjzzffgbr.exe [2010-11-20 43008]
u5vgrsnt60.exe [2010-11-20 43008]
1j70qqg.exe [2010-11-22 43008]
81ozavl.exe [2010-11-22 43008]
0tjp60r.exe [2010-11-22 43008]
jzk1abg81.exe [2010-11-22 43008]
1bsdyjp.exe [2010-11-22 43008]
vmrcnyjp.exe [2010-11-22 43008]
gr8s1oka0g.exe [2010-11-22 43008]

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0hxd66k.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0hxd66k.exe
backup=c:\windows\pss\0hxd66k.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0pfl60n.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0pfl60n.exe
backup=c:\windows\pss\0pfl60n.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0zu0lg0.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0zu0lg0.exe
backup=c:\windows\pss\0zu0lg0.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^15k7brh.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\15k7brh.exe
backup=c:\windows\pss\15k7brh.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^1yze3a1.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\1yze3a1.exe
backup=c:\windows\pss\1yze3a1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^66k81wh.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\66k81wh.exe
backup=c:\windows\pss\66k81wh.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^6douu5v.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\6douu5v.exe
backup=c:\windows\pss\6douu5v.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^6s86e3a.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\6s86e3a.exe
backup=c:\windows\pss\6s86e3a.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^70aaqg0.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\70aaqg0.exe
backup=c:\windows\pss\70aaqg0.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^bg8703ek5f.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\bg8703ek5f.exe
backup=c:\windows\pss\bg8703ek5f.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^c1yo1klq.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\c1yo1klq.exe
backup=c:\windows\pss\c1yo1klq.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^fqlgmm3yy.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\fqlgmm3yy.exe
backup=c:\windows\pss\fqlgmm3yy.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^g81sdezf66w.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\g81sdezf66w.exe
backup=c:\windows\pss\g81sdezf66w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^grniojf66w.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\grniojf66w.exe
backup=c:\windows\pss\grniojf66w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^j5k7brh3.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\j5k7brh3.exe
backup=c:\windows\pss\j5k7brh3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^jkf081mx.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\jkf081mx.exe
backup=c:\windows\pss\jkf081mx.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^l03c6duk5.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\l03c6duk5.exe
backup=c:\windows\pss\l03c6duk5.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^mhn66e3a1w.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\mhn66e3a1w.exe
backup=c:\windows\pss\mhn66e3a1w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^n0jo81lghm8.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\n0jo81lghm8.exe
backup=c:\windows\pss\n0jo81lghm8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^q3cxnoz081g.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\q3cxnoz081g.exe
backup=c:\windows\pss\q3cxnoz081g.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qgmm3yy7.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qgmm3yy7.exe
backup=c:\windows\pss\qgmm3yy7.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qlr66i86u8.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qlr66i86u8.exe
backup=c:\windows\pss\qlr66i86u8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qmrnddze86g.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qmrnddze86g.exe
backup=c:\windows\pss\qmrnddze86g.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qq6m8703u.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qq6m8703u.exe
backup=c:\windows\pss\qq6m8703u.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s0o31gb0m7.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s0o31gb0m7.exe
backup=c:\windows\pss\s0o31gb0m7.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s1zjfabg.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s1zjfabg.exe
backup=c:\windows\pss\s1zjfabg.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s3o1klq8703.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s3o1klq8703.exe
backup=c:\windows\pss\s3o1klq8703.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^tu6ag3w5.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\tu6ag3w5.exe
backup=c:\windows\pss\tu6ag3w5.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^ty86k870.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\ty86k870.exe
backup=c:\windows\pss\ty86k870.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^u5vgrsnt60.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\u5vgrsnt60.exe
backup=c:\windows\pss\u5vgrsnt60.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^up081whidtu.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\up081whidtu.exe
backup=c:\windows\pss\up081whidtu.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^w2xyt03k0lw.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\w2xyt03k0lw.exe
backup=c:\windows\pss\w2xyt03k0lw.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^wx1oo6u0.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\wx1oo6u0.exe
backup=c:\windows\pss\wx1oo6u0.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^x081epqlr.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\x081epqlr.exe
backup=c:\windows\pss\x081epqlr.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^xsjzzffgbr.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\xsjzzffgbr.exe
backup=c:\windows\pss\xsjzzffgbr.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^y5k7brh3ez.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\y5k7brh3ez.exe
backup=c:\windows\pss\y5k7brh3ez.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^yejuk780c.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\yejuk780c.exe
backup=c:\windows\pss\yejuk780c.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^zuva86m81y.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\zuva86m81y.exe
backup=c:\windows\pss\zuva86m81y.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Hana Pojmonová\fxyw.exe \u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-11 16:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 03:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 03:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
2008-09-23 04:53 6144 ----a-w- c:\program files\Acer\WR_PopUp\ProductReg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 14:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 18:29 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"mnmsrvc"=3 (0x3)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager-080708-050100"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Hana Pojmonová\\Plocha\\P1753577.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.6.2009 17:49 114768]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.6.2009 17:49 20560]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [25.4.2009 18:19 151936]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [30.11.2008 1:09 96856]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=0&o=xph&d=0409&m=aoa110
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {53AA6D19-10CE-49B0-BF55-A09F866BDB1E} = 192.168.150.237,194.228.2.1
FF - ProfilePath - c:\documents and settings\Hana Pojmonová\Data aplikací\Mozilla\Firefox\Profiles\9d2kfv4h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
FF - component: c:\documents and settings\Hana Pojmonová\Data aplikací\Mozilla\Firefox\Profiles\9d2kfv4h.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Hana Pojmonová\Data aplikací\Mozilla\Firefox\Profiles\9d2kfv4h.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 15:18
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2444)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\docume~1\HANAPO~1\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Celkový čas: 2010-11-23 15:23:02 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-23 14:23
ComboFix2.txt 2010-11-23 04:25

Před spuštěním: 6 610 280 448
Po spuštění: 6 591 447 040

- - End Of File - - 1E971D17C453402D2CC611DA321695F0

Pročístěte PC pomocí CCleaneru (soubory i registry) viz odkaz v mém podpisu. Poté vložte nový log z combofixu.

ComboFix 10-11-22.05 - Hana Pojmonová 23.11.2010 16:55:07.3.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1012.522 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hana Pojmonová\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 101123-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Drivers\tvvalvlx.sys
c:\windows\system32\secupdat.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-23 do 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-22 20:09 . 2010-11-22 20:09 18432 ---ha-w- c:\documents and settings\Hana Pojmonová\indjjsf.exe
2010-11-22 16:13 . 2010-11-22 16:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-11-22 15:58 . 2010-11-22 15:58 -------- d-----w- C:\rsit
2010-11-22 15:58 . 2010-11-22 15:58 -------- d-----w- c:\program files\trend micro
2010-11-22 15:54 . 2010-11-22 15:54 -------- d-----w- c:\documents and settings\Hana Pojmonová\Local Settings\Data aplikací\GHISLER
2010-11-22 15:47 . 2010-11-22 15:47 -------- d-----w- c:\documents and settings\Hana Pojmonová\Data aplikací\HEXelon
2010-11-22 15:42 . 2010-11-22 15:42 -------- d-----w- c:\program files\TC UP
2010-11-22 14:58 . 2010-11-22 14:58 -------- d-----w- c:\program files\Yahoo!
2010-11-22 14:58 . 2010-11-22 14:58 -------- d-----w- c:\program files\CCleaner
2010-11-18 18:31 . 2010-11-18 18:31 19456 ---ha-w- c:\documents and settings\Hana Pojmonová\fxyw.exe
2010-11-17 17:22 . 2010-11-17 17:22 -------- d-----w- c:\documents and settings\Hana Pojmonová\Data aplikací\BSplayer
2010-11-17 14:59 . 2010-11-17 14:59 -------- d-----w- c:\program files\Conduit
2010-11-17 14:59 . 2010-11-17 14:59 -------- d-----w- c:\documents and settings\Hana Pojmonová\Local Settings\Data aplikací\Conduit
2010-11-17 14:59 . 2010-11-17 14:59 -------- d-----w- c:\documents and settings\Hana Pojmonová\Data aplikací\BSplayer Pro
2010-11-17 14:59 . 2010-11-17 14:59 -------- d-----w- c:\program files\Webteh
2010-11-15 18:43 . 2010-11-15 18:43 19456 ---ha-w- c:\documents and settings\Hana Pojmonová\bgmap.exe
2010-11-13 18:58 . 2010-11-13 18:58 91136 --sh--r- c:\documents and settings\Hana Pojmonová\Data aplikací\juzjf.exe
2010-11-04 10:58 . 2010-11-04 10:58 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-11-04 10:58 . 2010-11-04 10:58 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-11-23_04.18.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-23 15:42 . 2010-11-23 15:42 16384 c:\windows\Temp\Perflib_Perfdata_5dc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M3000Mnt"="M3000Rmv.dll " [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-15 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-24 1044480]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-13 821768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Hana Pojmonov \Nabˇdka Start\Programy\Po spuçtŘnˇ\
6douu5v.exe [2010-11-14 60416]
fqlgmm3yy.exe [2010-11-14 60416]
qgmm3yy7.exe [2010-11-14 60416]
wx1oo6u0.exe [2010-11-14 60416]
15k7brh.exe [2010-11-15 60416]
s0o31gb0m7.exe [2010-11-15 60416]
j5k7brh3.exe [2010-11-15 60416]
y5k7brh3ez.exe [2010-11-15 60416]
6s86e3a.exe [2010-11-16 60416]
g81sdezf66w.exe [2010-11-16 60416]
0hxd66k.exe [2010-11-16 60416]
w2xyt03k0lw.exe [2010-11-16 60416]
x081epqlr.exe [2010-11-16 60416]
ty86k870.exe [2010-11-16 60416]
qlr66i86u8.exe [2010-11-17 60416]
s1zjfabg.exe [2010-11-17 60416]
n0jo81lghm8.exe [2010-11-17 60416]
qq6m8703u.exe [2010-11-17 60416]
l03c6duk5.exe [2010-11-17 60416]
bg8703ek5f.exe [2010-11-17 60416]
qmrnddze86g.exe [2010-11-17 60416]
70aaqg0.exe [2010-11-17 60416]
0zu0lg0.exe [2010-11-17 60416]
jkf081mx.exe [2010-11-18 43008]
0pfl60n.exe [2010-11-18 43008]
zuva86m81y.exe [2010-11-18 43008]
1yze3a1.exe [2010-11-19 43008]
mhn66e3a1w.exe [2010-11-19 43008]
s3o1klq8703.exe [2010-11-19 43008]
66k81wh.exe [2010-11-19 43008]
tu6ag3w5.exe [2010-11-19 43008]
yejuk780c.exe [2010-11-19 43008]
c1yo1klq.exe [2010-11-19 43008]
grniojf66w.exe [2010-11-19 43008]
q3cxnoz081g.exe [2010-11-20 43008]
up081whidtu.exe [2010-11-20 43008]
xsjzzffgbr.exe [2010-11-20 43008]
u5vgrsnt60.exe [2010-11-20 43008]
1j70qqg.exe [2010-11-22 43008]
81ozavl.exe [2010-11-22 43008]
0tjp60r.exe [2010-11-22 43008]
jzk1abg81.exe [2010-11-22 43008]
1bsdyjp.exe [2010-11-22 43008]
vmrcnyjp.exe [2010-11-22 43008]
gr8s1oka0g.exe [2010-11-22 43008]

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0hxd66k.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0hxd66k.exe
backup=c:\windows\pss\0hxd66k.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0pfl60n.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0pfl60n.exe
backup=c:\windows\pss\0pfl60n.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0zu0lg0.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0zu0lg0.exe
backup=c:\windows\pss\0zu0lg0.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^15k7brh.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\15k7brh.exe
backup=c:\windows\pss\15k7brh.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^1yze3a1.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\1yze3a1.exe
backup=c:\windows\pss\1yze3a1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^66k81wh.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\66k81wh.exe
backup=c:\windows\pss\66k81wh.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^6douu5v.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\6douu5v.exe
backup=c:\windows\pss\6douu5v.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^6s86e3a.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\6s86e3a.exe
backup=c:\windows\pss\6s86e3a.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^70aaqg0.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\70aaqg0.exe
backup=c:\windows\pss\70aaqg0.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^bg8703ek5f.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\bg8703ek5f.exe
backup=c:\windows\pss\bg8703ek5f.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^c1yo1klq.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\c1yo1klq.exe
backup=c:\windows\pss\c1yo1klq.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^fqlgmm3yy.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\fqlgmm3yy.exe
backup=c:\windows\pss\fqlgmm3yy.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^g81sdezf66w.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\g81sdezf66w.exe
backup=c:\windows\pss\g81sdezf66w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^grniojf66w.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\grniojf66w.exe
backup=c:\windows\pss\grniojf66w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^j5k7brh3.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\j5k7brh3.exe
backup=c:\windows\pss\j5k7brh3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^jkf081mx.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\jkf081mx.exe
backup=c:\windows\pss\jkf081mx.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^l03c6duk5.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\l03c6duk5.exe
backup=c:\windows\pss\l03c6duk5.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^mhn66e3a1w.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\mhn66e3a1w.exe
backup=c:\windows\pss\mhn66e3a1w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^n0jo81lghm8.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\n0jo81lghm8.exe
backup=c:\windows\pss\n0jo81lghm8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^q3cxnoz081g.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\q3cxnoz081g.exe
backup=c:\windows\pss\q3cxnoz081g.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qgmm3yy7.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qgmm3yy7.exe
backup=c:\windows\pss\qgmm3yy7.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qlr66i86u8.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qlr66i86u8.exe
backup=c:\windows\pss\qlr66i86u8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qmrnddze86g.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qmrnddze86g.exe
backup=c:\windows\pss\qmrnddze86g.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qq6m8703u.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qq6m8703u.exe
backup=c:\windows\pss\qq6m8703u.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s0o31gb0m7.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s0o31gb0m7.exe
backup=c:\windows\pss\s0o31gb0m7.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s1zjfabg.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s1zjfabg.exe
backup=c:\windows\pss\s1zjfabg.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s3o1klq8703.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s3o1klq8703.exe
backup=c:\windows\pss\s3o1klq8703.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^tu6ag3w5.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\tu6ag3w5.exe
backup=c:\windows\pss\tu6ag3w5.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^ty86k870.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\ty86k870.exe
backup=c:\windows\pss\ty86k870.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^u5vgrsnt60.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\u5vgrsnt60.exe
backup=c:\windows\pss\u5vgrsnt60.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^up081whidtu.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\up081whidtu.exe
backup=c:\windows\pss\up081whidtu.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^w2xyt03k0lw.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\w2xyt03k0lw.exe
backup=c:\windows\pss\w2xyt03k0lw.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^wx1oo6u0.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\wx1oo6u0.exe
backup=c:\windows\pss\wx1oo6u0.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^x081epqlr.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\x081epqlr.exe
backup=c:\windows\pss\x081epqlr.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^xsjzzffgbr.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\xsjzzffgbr.exe
backup=c:\windows\pss\xsjzzffgbr.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^y5k7brh3ez.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\y5k7brh3ez.exe
backup=c:\windows\pss\y5k7brh3ez.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^yejuk780c.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\yejuk780c.exe
backup=c:\windows\pss\yejuk780c.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^zuva86m81y.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\zuva86m81y.exe
backup=c:\windows\pss\zuva86m81y.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
c:\documents and settings\Hana Pojmonová\fxyw.exe \u [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-11 16:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 03:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 03:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
2008-09-23 04:53 6144 ----a-w- c:\program files\Acer\WR_PopUp\ProductReg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 14:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 18:29 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"mnmsrvc"=3 (0x3)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager-080708-050100"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Hana Pojmonová\\Plocha\\P1753577.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.6.2009 17:49 114768]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.6.2009 17:49 20560]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [25.4.2009 18:19 151936]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [30.11.2008 1:09 96856]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=0&o=xph&d=0409&m=aoa110
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {53AA6D19-10CE-49B0-BF55-A09F866BDB1E} = 192.168.150.237,194.228.2.1
FF - ProfilePath - c:\documents and settings\Hana Pojmonová\Data aplikací\Mozilla\Firefox\Profiles\9d2kfv4h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
FF - component: c:\documents and settings\Hana Pojmonová\Data aplikací\Mozilla\Firefox\Profiles\9d2kfv4h.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Hana Pojmonová\Data aplikací\Mozilla\Firefox\Profiles\9d2kfv4h.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 16:59
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-11-23 17:01:54
ComboFix-quarantined-files.txt 2010-11-23 16:01
ComboFix2.txt 2010-11-23 14:23
ComboFix3.txt 2010-11-23 04:25

Před spuštěním: 6 597 877 760
Po spuštění: 6 586 957 824

- - End Of File - - 3CCF39645F72CF781D8C98F552D0FF84

Poprosím ještě o aktuální log z RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by Hana Pojmonová at 2010-11-23 17:35:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (41%) free of 15 GB
Total RAM: 1012 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:35:16, on 23.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
D:\zaloha disk\programy\antivir\RSIT.exe
C:\Program Files\trend micro\Hana Pojmonová.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 9&m=aoa110
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 6douu5v.exe
O4 - Startup: fqlgmm3yy.exe
O4 - Startup: qgmm3yy7.exe
O4 - Startup: wx1oo6u0.exe
O4 - Startup: 15k7brh.exe
O4 - Startup: s0o31gb0m7.exe
O4 - Startup: j5k7brh3.exe
O4 - Startup: y5k7brh3ez.exe
O4 - Startup: 6s86e3a.exe
O4 - Startup: g81sdezf66w.exe
O4 - Startup: 0hxd66k.exe
O4 - Startup: w2xyt03k0lw.exe
O4 - Startup: x081epqlr.exe
O4 - Startup: ty86k870.exe
O4 - Startup: qlr66i86u8.exe
O4 - Startup: s1zjfabg.exe
O4 - Startup: n0jo81lghm8.exe
O4 - Startup: qq6m8703u.exe
O4 - Startup: l03c6duk5.exe
O4 - Startup: bg8703ek5f.exe
O4 - Startup: qmrnddze86g.exe
O4 - Startup: 70aaqg0.exe
O4 - Startup: 0zu0lg0.exe
O4 - Startup: jkf081mx.exe
O4 - Startup: 0pfl60n.exe
O4 - Startup: zuva86m81y.exe
O4 - Startup: 1yze3a1.exe
O4 - Startup: mhn66e3a1w.exe
O4 - Startup: s3o1klq8703.exe
O4 - Startup: 66k81wh.exe
O4 - Startup: tu6ag3w5.exe
O4 - Startup: yejuk780c.exe
O4 - Startup: c1yo1klq.exe
O4 - Startup: grniojf66w.exe
O4 - Startup: q3cxnoz081g.exe
O4 - Startup: up081whidtu.exe
O4 - Startup: xsjzzffgbr.exe
O4 - Startup: u5vgrsnt60.exe
O4 - Startup: 1j70qqg.exe
O4 - Startup: 81ozavl.exe
O4 - Startup: 0tjp60r.exe
O4 - Startup: jzk1abg81.exe
O4 - Startup: 1bsdyjp.exe
O4 - Startup: vmrcnyjp.exe
O4 - Startup: gr8s1oka0g.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{53AA6D19-10CE-49B0-BF55-A09F866BDB1E}: NameServer = 192.168.150.237,194.228.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 5398 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-15 16862720]
"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2006-07-17 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-24 1044480]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-05-13 821768]
"M3000Mnt"=M3000Rmv.dll ,WinMainRmv /StartStillMnt []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-11 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\Documents and Settings\Hana Pojmonová\fxyw.exe [2010-11-18 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-09-23 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0hxd66k.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0hxd66k.exe [2010-11-16 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0pfl60n.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0pfl60n.exe [2010-11-18 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0zu0lg0.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0zu0lg0.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^15k7brh.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\15k7brh.exe [2010-11-15 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^1yze3a1.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\1yze3a1.exe [2010-11-19 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^66k81wh.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\66k81wh.exe [2010-11-19 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^6douu5v.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\6douu5v.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^6s86e3a.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\6s86e3a.exe [2010-11-16 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^70aaqg0.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\70aaqg0.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^bg8703ek5f.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\bg8703ek5f.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^c1yo1klq.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\c1yo1klq.exe [2010-11-19 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^fqlgmm3yy.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\fqlgmm3yy.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^g81sdezf66w.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\g81sdezf66w.exe [2010-11-16 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^grniojf66w.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\grniojf66w.exe [2010-11-19 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^j5k7brh3.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\j5k7brh3.exe [2010-11-15 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^jkf081mx.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\jkf081mx.exe [2010-11-18 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^l03c6duk5.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\l03c6duk5.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^mhn66e3a1w.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\mhn66e3a1w.exe [2010-11-19 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^n0jo81lghm8.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\n0jo81lghm8.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^q3cxnoz081g.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\q3cxnoz081g.exe [2010-11-20 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qgmm3yy7.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qgmm3yy7.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qlr66i86u8.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qlr66i86u8.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qmrnddze86g.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qmrnddze86g.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qq6m8703u.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qq6m8703u.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s0o31gb0m7.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s0o31gb0m7.exe [2010-11-15 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s1zjfabg.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s1zjfabg.exe [2010-11-17 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s3o1klq8703.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s3o1klq8703.exe [2010-11-19 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^tu6ag3w5.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\tu6ag3w5.exe [2010-11-19 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^ty86k870.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\ty86k870.exe [2010-11-16 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^u5vgrsnt60.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\u5vgrsnt60.exe [2010-11-20 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^up081whidtu.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\up081whidtu.exe [2010-11-20 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^w2xyt03k0lw.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\w2xyt03k0lw.exe [2010-11-16 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^wx1oo6u0.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\wx1oo6u0.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^x081epqlr.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\x081epqlr.exe [2010-11-16 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^xsjzzffgbr.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\xsjzzffgbr.exe [2010-11-20 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^y5k7brh3ez.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\y5k7brh3ez.exe [2010-11-15 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^yejuk780c.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\yejuk780c.exe [2010-11-19 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^zuva86m81y.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\zuva86m81y.exe [2010-11-18 43008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2
"MpfService"=2
"mnmsrvc"=3
"McSysmon"=3
"McShield"=2
"McProxy"=2
"McODS"=3
"McNASvc"=2
"mcmscsvc"=2
"McAfee SiteAdvisor Service"=2
"gusvc"=3
"GoogleDesktopManager-080708-050100"=3

C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění
6douu5v.exe
fqlgmm3yy.exe
qgmm3yy7.exe
wx1oo6u0.exe
15k7brh.exe
s0o31gb0m7.exe
j5k7brh3.exe
y5k7brh3ez.exe
6s86e3a.exe
g81sdezf66w.exe
0hxd66k.exe
w2xyt03k0lw.exe
x081epqlr.exe
ty86k870.exe
qlr66i86u8.exe
s1zjfabg.exe
n0jo81lghm8.exe
qq6m8703u.exe
l03c6duk5.exe
bg8703ek5f.exe
qmrnddze86g.exe
70aaqg0.exe
0zu0lg0.exe
jkf081mx.exe
0pfl60n.exe
zuva86m81y.exe
1yze3a1.exe
mhn66e3a1w.exe
s3o1klq8703.exe
66k81wh.exe
tu6ag3w5.exe
yejuk780c.exe
c1yo1klq.exe
grniojf66w.exe
q3cxnoz081g.exe
up081whidtu.exe
xsjzzffgbr.exe
u5vgrsnt60.exe
1j70qqg.exe
81ozavl.exe
0tjp60r.exe
jzk1abg81.exe
1bsdyjp.exe
vmrcnyjp.exe
gr8s1oka0g.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-14 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Hana Pojmonová\Plocha\P1753577.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-11-23 17:01:54 ----A---- C:\ComboFix.txt
2010-11-22 21:22:38 ----A---- C:\Boot.bak
2010-11-22 21:22:14 ----RASHD---- C:\cmdcons
2010-11-22 21:18:55 ----A---- C:\WINDOWS\zip.exe
2010-11-22 21:18:55 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-11-22 21:18:55 ----A---- C:\WINDOWS\SWSC.exe
2010-11-22 21:18:55 ----A---- C:\WINDOWS\SWREG.exe
2010-11-22 21:18:55 ----A---- C:\WINDOWS\sed.exe
2010-11-22 21:18:55 ----A---- C:\WINDOWS\PEV.exe
2010-11-22 21:18:55 ----A---- C:\WINDOWS\NIRCMD.exe
2010-11-22 21:18:55 ----A---- C:\WINDOWS\MBR.exe
2010-11-22 21:18:55 ----A---- C:\WINDOWS\grep.exe
2010-11-22 21:18:52 ----SHD---- C:\System Volume Information
2010-11-22 21:18:08 ----D---- C:\WINDOWS\ERDNT
2010-11-22 21:17:50 ----D---- C:\Qoobox
2010-11-22 17:13:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-11-22 17:07:51 ----RA---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\BG0Ai.txt
2010-11-22 16:58:01 ----D---- C:\rsit
2010-11-22 16:58:01 ----D---- C:\Program Files\trend micro
2010-11-22 16:47:15 ----D---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\HEXelon
2010-11-22 16:42:31 ----D---- C:\Program Files\TC UP
2010-11-22 15:58:56 ----D---- C:\Program Files\Yahoo!
2010-11-22 15:58:45 ----D---- C:\Program Files\CCleaner
2010-11-21 19:23:41 ----RA---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\k6jLC.txt
2010-11-17 18:22:23 ----D---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\BSplayer
2010-11-17 15:59:32 ----D---- C:\Program Files\Conduit
2010-11-17 15:59:11 ----D---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\BSplayer Pro
2010-11-17 15:59:05 ----D---- C:\Program Files\Webteh
2010-11-13 19:58:42 ----RSH---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\juzjf.exe

======List of files/folders modified in the last 1 months======

2010-11-23 16:59:28 ----A---- C:\WINDOWS\system.ini
2010-11-22 21:22:40 ----RASH---- C:\boot.ini
2010-11-22 21:03:16 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-05-20 1312576]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 catchme;catchme; \??\C:\DOCUME~1\HANAPO~1\LOCALS~1\Temp\catchme.sys []
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-07 16896]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-14 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000]
R3 M3000Srv;Acer Crystal Eye webcam Driver; C:\WINDOWS\System32\Drivers\M3000KNT.sys [2008-08-06 151936]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-04-24 225024]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 int15.sys;int15.sys; \??\c:\acernb\int15.sys []
S3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-07-07 96856]
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Otevřete HiJackThis (C:\Program Files\trend micro\Hana Pojmonová.exe) a po spuštění klikněte na druhé tlačítko "Do a scan only". Poté zaškrtněte tyto řádky:

O4 - Startup: 6douu5v.exe
O4 - Startup: fqlgmm3yy.exe
O4 - Startup: qgmm3yy7.exe
O4 - Startup: wx1oo6u0.exe
O4 - Startup: 15k7brh.exe
O4 - Startup: s0o31gb0m7.exe
O4 - Startup: j5k7brh3.exe
O4 - Startup: y5k7brh3ez.exe
O4 - Startup: 6s86e3a.exe
O4 - Startup: g81sdezf66w.exe
O4 - Startup: 0hxd66k.exe
O4 - Startup: w2xyt03k0lw.exe
O4 - Startup: x081epqlr.exe
O4 - Startup: ty86k870.exe
O4 - Startup: qlr66i86u8.exe
O4 - Startup: s1zjfabg.exe
O4 - Startup: n0jo81lghm8.exe
O4 - Startup: qq6m8703u.exe
O4 - Startup: l03c6duk5.exe
O4 - Startup: bg8703ek5f.exe
O4 - Startup: qmrnddze86g.exe
O4 - Startup: 70aaqg0.exe
O4 - Startup: 0zu0lg0.exe
O4 - Startup: jkf081mx.exe
O4 - Startup: 0pfl60n.exe
O4 - Startup: zuva86m81y.exe
O4 - Startup: 1yze3a1.exe
O4 - Startup: mhn66e3a1w.exe
O4 - Startup: s3o1klq8703.exe
O4 - Startup: 66k81wh.exe
O4 - Startup: tu6ag3w5.exe
O4 - Startup: yejuk780c.exe
O4 - Startup: c1yo1klq.exe
O4 - Startup: grniojf66w.exe
O4 - Startup: q3cxnoz081g.exe
O4 - Startup: up081whidtu.exe
O4 - Startup: xsjzzffgbr.exe
O4 - Startup: u5vgrsnt60.exe
O4 - Startup: 1j70qqg.exe
O4 - Startup: 81ozavl.exe
O4 - Startup: 0tjp60r.exe
O4 - Startup: jzk1abg81.exe
O4 - Startup: 1bsdyjp.exe
O4 - Startup: vmrcnyjp.exe
O4 - Startup: gr8s1oka0g.exe

A poté klikněte dole na tlačítko "Fix Checked"

Dále proveďte CFscript jako předtím ale tentokrát do něj vložte toto: A log poté vložte sem

ComboFix 10-11-22.05 - Hana Pojmonová 23.11.2010 19:15:44.4.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1012.618 [GMT 1:00]
Spuštěný z: c:\documents and settings\Hana Pojmonová\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Hana Pojmonová\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 101123-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\atapi.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-23 do 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-22 20:09 . 2010-11-22 20:09 18432 ---ha-w- c:\documents and settings\Hana Pojmonová\indjjsf.exe
2010-11-22 16:13 . 2010-11-22 16:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Alwil Software
2010-11-22 15:58 . 2010-11-22 15:58 -------- d-----w- C:\rsit
2010-11-22 15:58 . 2010-11-22 15:58 -------- d-----w- c:\program files\trend micro
2010-11-22 15:54 . 2010-11-22 15:54 -------- d-----w- c:\documents and settings\Hana Pojmonová\Local Settings\Data aplikací\GHISLER
2010-11-22 15:47 . 2010-11-22 15:47 -------- d-----w- c:\documents and settings\Hana Pojmonová\Data aplikací\HEXelon
2010-11-22 15:42 . 2010-11-22 15:42 -------- d-----w- c:\program files\TC UP
2010-11-22 14:58 . 2010-11-22 14:58 -------- d-----w- c:\program files\Yahoo!
2010-11-22 14:58 . 2010-11-22 14:58 -------- d-----w- c:\program files\CCleaner
2010-11-18 18:31 . 2010-11-18 18:31 19456 ---ha-w- c:\documents and settings\Hana Pojmonová\fxyw.exe
2010-11-17 17:22 . 2010-11-17 17:22 -------- d-----w- c:\documents and settings\Hana Pojmonová\Data aplikací\BSplayer
2010-11-17 14:59 . 2010-11-17 14:59 -------- d-----w- c:\program files\Conduit
2010-11-17 14:59 . 2010-11-17 14:59 -------- d-----w- c:\documents and settings\Hana Pojmonová\Local Settings\Data aplikací\Conduit
2010-11-17 14:59 . 2010-11-17 14:59 -------- d-----w- c:\documents and settings\Hana Pojmonová\Data aplikací\BSplayer Pro
2010-11-17 14:59 . 2010-11-17 14:59 -------- d-----w- c:\program files\Webteh
2010-11-15 18:43 . 2010-11-15 18:43 19456 ---ha-w- c:\documents and settings\Hana Pojmonová\bgmap.exe
2010-11-13 18:58 . 2010-11-13 18:58 91136 --sh--r- c:\documents and settings\Hana Pojmonová\Data aplikací\juzjf.exe
2010-11-04 10:58 . 2010-11-04 10:58 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2010-11-04 10:58 . 2010-11-04 10:58 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

((((((((((((((((((((((((((((( SnapShot@2010-11-23_04.18.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-23 18:44 . 2010-11-23 18:44 16384 c:\windows\Temp\Perflib_Perfdata_5cc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"M3000Mnt"="M3000Rmv.dll " [X]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-15 16862720]
"AzMixerSel"="c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe" [2006-07-17 53248]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-24 1044480]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-13 821768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0hxd66k.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0hxd66k.exe
backup=c:\windows\pss\0hxd66k.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0pfl60n.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0pfl60n.exe
backup=c:\windows\pss\0pfl60n.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0zu0lg0.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0zu0lg0.exe
backup=c:\windows\pss\0zu0lg0.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^15k7brh.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\15k7brh.exe
backup=c:\windows\pss\15k7brh.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^1yze3a1.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\1yze3a1.exe
backup=c:\windows\pss\1yze3a1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^66k81wh.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\66k81wh.exe
backup=c:\windows\pss\66k81wh.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^6douu5v.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\6douu5v.exe
backup=c:\windows\pss\6douu5v.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^6s86e3a.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\6s86e3a.exe
backup=c:\windows\pss\6s86e3a.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^70aaqg0.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\70aaqg0.exe
backup=c:\windows\pss\70aaqg0.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^bg8703ek5f.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\bg8703ek5f.exe
backup=c:\windows\pss\bg8703ek5f.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^c1yo1klq.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\c1yo1klq.exe
backup=c:\windows\pss\c1yo1klq.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^fqlgmm3yy.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\fqlgmm3yy.exe
backup=c:\windows\pss\fqlgmm3yy.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^g81sdezf66w.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\g81sdezf66w.exe
backup=c:\windows\pss\g81sdezf66w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^grniojf66w.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\grniojf66w.exe
backup=c:\windows\pss\grniojf66w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^j5k7brh3.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\j5k7brh3.exe
backup=c:\windows\pss\j5k7brh3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^jkf081mx.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\jkf081mx.exe
backup=c:\windows\pss\jkf081mx.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^l03c6duk5.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\l03c6duk5.exe
backup=c:\windows\pss\l03c6duk5.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^mhn66e3a1w.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\mhn66e3a1w.exe
backup=c:\windows\pss\mhn66e3a1w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^n0jo81lghm8.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\n0jo81lghm8.exe
backup=c:\windows\pss\n0jo81lghm8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^q3cxnoz081g.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\q3cxnoz081g.exe
backup=c:\windows\pss\q3cxnoz081g.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qgmm3yy7.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qgmm3yy7.exe
backup=c:\windows\pss\qgmm3yy7.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qlr66i86u8.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qlr66i86u8.exe
backup=c:\windows\pss\qlr66i86u8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qmrnddze86g.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qmrnddze86g.exe
backup=c:\windows\pss\qmrnddze86g.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qq6m8703u.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qq6m8703u.exe
backup=c:\windows\pss\qq6m8703u.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s0o31gb0m7.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s0o31gb0m7.exe
backup=c:\windows\pss\s0o31gb0m7.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s1zjfabg.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s1zjfabg.exe
backup=c:\windows\pss\s1zjfabg.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s3o1klq8703.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s3o1klq8703.exe
backup=c:\windows\pss\s3o1klq8703.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^tu6ag3w5.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\tu6ag3w5.exe
backup=c:\windows\pss\tu6ag3w5.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^ty86k870.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\ty86k870.exe
backup=c:\windows\pss\ty86k870.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^u5vgrsnt60.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\u5vgrsnt60.exe
backup=c:\windows\pss\u5vgrsnt60.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^up081whidtu.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\up081whidtu.exe
backup=c:\windows\pss\up081whidtu.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^w2xyt03k0lw.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\w2xyt03k0lw.exe
backup=c:\windows\pss\w2xyt03k0lw.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^wx1oo6u0.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\wx1oo6u0.exe
backup=c:\windows\pss\wx1oo6u0.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^x081epqlr.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\x081epqlr.exe
backup=c:\windows\pss\x081epqlr.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^xsjzzffgbr.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\xsjzzffgbr.exe
backup=c:\windows\pss\xsjzzffgbr.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^y5k7brh3ez.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\y5k7brh3ez.exe
backup=c:\windows\pss\y5k7brh3ez.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^yejuk780c.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\yejuk780c.exe
backup=c:\windows\pss\yejuk780c.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^zuva86m81y.exe]
path=c:\documents and settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\zuva86m81y.exe
backup=c:\windows\pss\zuva86m81y.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-11 16:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-14 03:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-14 03:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-14 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-14 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
2008-09-23 04:53 6144 ----a-w- c:\program files\Acer\WR_PopUp\ProductReg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 14:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 18:29 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"mnmsrvc"=3 (0x3)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)
"gusvc"=3 (0x3)
"GoogleDesktopManager-080708-050100"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Documents and Settings\\Hana Pojmonová\\Plocha\\P1753577.JPG-www.facebook.exe"= c:\\WINDOWS\\nvsvc32.exe
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.6.2009 17:49 114768]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.6.2009 17:49 20560]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [25.4.2009 18:19 151936]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [30.11.2008 1:09 96856]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=0&o=xph&d=0409&m=aoa110
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {53AA6D19-10CE-49B0-BF55-A09F866BDB1E} = 192.168.150.237,194.228.2.1
FF - ProfilePath - c:\documents and settings\Hana Pojmonová\Data aplikací\Mozilla\Firefox\Profiles\9d2kfv4h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&q=
FF - component: c:\documents and settings\Hana Pojmonová\Data aplikací\Mozilla\Firefox\Profiles\9d2kfv4h.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Hana Pojmonová\Data aplikací\Mozilla\Firefox\Profiles\9d2kfv4h.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 19:46
Windows 5.1.2600 Service Pack 3 FAT NTAPI

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1372)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Celkový čas: 2010-11-23 19:50:56 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-23 18:50
ComboFix2.txt 2010-11-23 16:01
ComboFix3.txt 2010-11-23 14:23
ComboFix4.txt 2010-11-23 04:25

Před spuštěním: 6 598 074 368
Po spuštění: 6 576 381 952

- - End Of File - - 0754EAEA4FAAB29ECECD7977F7F66FDF

Klikněte na Avenger v mém podpisu a stáhněte tento program.
Vložte skript umístěný níže a klikněte na tlačítko "Execute" Poté restartujte PC a vložte sem log co na Vás vyskočí + aktuální log z RSIT

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: could not open file "c:\documents and settings\Hana Pojmonová\indjjsf.exe"
Deletion of file "c:\documents and settings\Hana Pojmonová\indjjsf.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "c:\documents and settings\Hana Pojmonová\fxyw.exe"
Deletion of file "c:\documents and settings\Hana Pojmonová\fxyw.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "c:\documents and settings\Hana Pojmonová\bgmap.exe"
Deletion of file "c:\documents and settings\Hana Pojmonová\bgmap.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "c:\documents and settings\Hana Pojmonová\Data aplikací\juzjf.exe"
Deletion of file "c:\documents and settings\Hana Pojmonová\Data aplikací\juzjf.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Error: could not open file "C:\Documents and Settings\Hana Pojmonová\Plocha\P1753577.JPG-www.facebook.exe"
Deletion of file "C:\Documents and Settings\Hana Pojmonová\Plocha\P1753577.JPG-www.facebook.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Hana Pojmonová at 2010-11-25 05:30:53
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 6 GB (41%) free of 15 GB
Total RAM: 1012 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:31:13, on 25.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\HANAPO~1\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Hana Pojmonová\Plocha\RSIT.exe
C:\Program Files\trend micro\Hana Pojmonová.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 9&m=aoa110
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{53AA6D19-10CE-49B0-BF55-A09F866BDB1E}: NameServer = 192.168.150.237,194.228.2.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 4787 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-15 16862720]
"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2006-07-17 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-24 1044480]
"LManager"=C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE [2008-05-13 821768]
"M3000Mnt"=M3000Rmv.dll ,WinMainRmv /StartStillMnt []
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-11 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
C:\Program Files\Acer\WR_PopUp\ProductReg.exe [2008-09-23 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2009-04-10 37888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0hxd66k.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0hxd66k.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0pfl60n.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0pfl60n.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^0zu0lg0.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\0zu0lg0.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^15k7brh.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\15k7brh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^1yze3a1.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\1yze3a1.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^66k81wh.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\66k81wh.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^6douu5v.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\6douu5v.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^6s86e3a.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\6s86e3a.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^70aaqg0.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\70aaqg0.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^bg8703ek5f.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\bg8703ek5f.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^c1yo1klq.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\c1yo1klq.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^fqlgmm3yy.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\fqlgmm3yy.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^g81sdezf66w.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\g81sdezf66w.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^grniojf66w.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\grniojf66w.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^j5k7brh3.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\j5k7brh3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^jkf081mx.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\jkf081mx.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^l03c6duk5.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\l03c6duk5.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^mhn66e3a1w.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\mhn66e3a1w.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^n0jo81lghm8.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\n0jo81lghm8.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^q3cxnoz081g.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\q3cxnoz081g.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qgmm3yy7.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qgmm3yy7.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qlr66i86u8.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qlr66i86u8.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qmrnddze86g.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qmrnddze86g.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^qq6m8703u.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\qq6m8703u.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s0o31gb0m7.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s0o31gb0m7.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s1zjfabg.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s1zjfabg.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^s3o1klq8703.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\s3o1klq8703.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^tu6ag3w5.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\tu6ag3w5.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^ty86k870.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\ty86k870.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^u5vgrsnt60.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\u5vgrsnt60.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^up081whidtu.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\up081whidtu.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^w2xyt03k0lw.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\w2xyt03k0lw.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^wx1oo6u0.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\wx1oo6u0.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^x081epqlr.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\x081epqlr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^xsjzzffgbr.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\xsjzzffgbr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^y5k7brh3ez.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\y5k7brh3ez.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^yejuk780c.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\yejuk780c.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hana Pojmonová^Nabídka Start^Programy^Po spuštění^zuva86m81y.exe]
C:\Documents and Settings\Hana Pojmonová\Nabídka Start\Programy\Po spuštění\zuva86m81y.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2
"MpfService"=2
"mnmsrvc"=3
"McSysmon"=3
"McShield"=2
"McProxy"=2
"McODS"=3
"McNASvc"=2
"mcmscsvc"=2
"McAfee SiteAdvisor Service"=2
"gusvc"=3
"GoogleDesktopManager-080708-050100"=3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-14 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Hana Pojmonová\Plocha\P1753577.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-11-25 05:25:44 ----D---- C:\Avenger
2010-11-25 05:25:43 ----A---- C:\avenger.txt
2010-11-23 19:50:57 ----A---- C:\ComboFix.txt
2010-11-22 21:22:38 ----A---- C:\Boot.bak
2010-11-22 21:22:14 ----RASHD---- C:\cmdcons
2010-11-22 21:18:55 ----A---- C:\WINDOWS\zip.exe
2010-11-22 21:18:55 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-11-22 21:18:55 ----A---- C:\WINDOWS\SWSC.exe
2010-11-22 21:18:55 ----A---- C:\WINDOWS\SWREG.exe
2010-11-22 21:18:55 ----A---- C:\WINDOWS\sed.exe
2010-11-22 21:18:55 ----A---- C:\WINDOWS\PEV.exe
2010-11-22 21:18:55 ----A---- C:\WINDOWS\NIRCMD.exe
2010-11-22 21:18:55 ----A---- C:\WINDOWS\MBR.exe
2010-11-22 21:18:55 ----A---- C:\WINDOWS\grep.exe
2010-11-22 21:18:52 ----SHD---- C:\System Volume Information
2010-11-22 21:18:08 ----D---- C:\WINDOWS\ERDNT
2010-11-22 21:17:50 ----D---- C:\Qoobox
2010-11-22 17:13:11 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-11-22 17:07:51 ----RA---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\BG0Ai.txt
2010-11-22 16:58:01 ----D---- C:\rsit
2010-11-22 16:58:01 ----D---- C:\Program Files\trend micro
2010-11-22 16:47:15 ----D---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\HEXelon
2010-11-22 16:42:31 ----D---- C:\Program Files\TC UP
2010-11-22 15:58:56 ----D---- C:\Program Files\Yahoo!
2010-11-22 15:58:45 ----D---- C:\Program Files\CCleaner
2010-11-21 19:23:41 ----RA---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\k6jLC.txt
2010-11-17 18:22:23 ----D---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\BSplayer
2010-11-17 15:59:32 ----D---- C:\Program Files\Conduit
2010-11-17 15:59:11 ----D---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\BSplayer Pro
2010-11-17 15:59:05 ----D---- C:\Program Files\Webteh
2010-11-13 19:58:42 ----RSH---- C:\Documents and Settings\Hana Pojmonová\Data aplikací\juzjf.exe

======List of files/folders modified in the last 1 months======

2010-11-23 19:47:38 ----A---- C:\WINDOWS\system.ini
2010-11-22 21:22:40 ----RASH---- C:\boot.ini
2010-11-22 21:03:16 ----A---- C:\WINDOWS\win.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-20 44944]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2008-05-20 1312576]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-07 16896]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-14 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-05-20 4800000]
R3 M3000Srv;Acer Crystal Eye webcam Driver; C:\WINDOWS\System32\Drivers\M3000KNT.sys [2008-08-06 151936]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-08-07 111360]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-04-24 225024]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S0 agpCPQ;Filtr Compaq sběrnice AGP; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S0 alim1541;Filtr ALI sběrnice AGP; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S0 amdagp;Ovladač filtru AMD portu AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S0 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2008-04-14 13952]
S0 sisagp;Filtr SIS sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 int15.sys;int15.sys; \??\c:\acernb\int15.sys []
S3 JMCR;JMCR; C:\WINDOWS\system32\DRIVERS\jmcr.sys [2008-07-07 96856]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268288]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-22 136120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Text níže vložte do poznámkového bloku a uložte jako 123.reg a poté tento soubor otevřete a povolte přidání do registru Poté vložte nový log z RSIT. Dále můžete kliknout na MBAM v mém podpisu a udělat scan dle návodu. Zvolte "provést úplný scan" a log vložte opět sem.