VIRY.CZ

gmer 2:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-26 14:28:25
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ALENAJ~1\LOCALS~1\Temp\uxlyrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA7BAC5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA7BAB16]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xAA7BB0CA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA7BAFF4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA7BA6EC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA7BABF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA7BA62C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA7BA690]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA7BAD10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAA7BB198]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA7BACD0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA7BAE50]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAA7C74FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAA7C7322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAA7C745C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntkrnlpa.exe!ZwLoadDriver 80579608 7 Bytes JMP AA7C7460 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805A076A 7 Bytes JMP AA7C7326 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CEE 5 Bytes JMP AA7C34BA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B66 5 Bytes JMP AA7C4972 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F8 7 Bytes JMP AA7C7502 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT C:\WINDOWS\system32\services.exe[708] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\Program Files\Microsoft Expression\Web 3\en\ASPPGS\usrctl.tem\UserCtrl.ascx 61 bytes
File C:\Program Files\Microsoft Expression\Web 3\en\ASPPGS\usrctl.tem\USRCTL.INF 206 bytes
File C:\Program Files\Microsoft Expression\Web 3\en\WebPartPages\spstd7.tem\spstd7.aspx 0 bytes
File C:\Program Files\Microsoft Expression\Web 3\en\WebPartPages\spstd7.tem\SPSTD7.GIF 0 bytes
File C:\Program Files\Microsoft Expression\Web 3\en\WebPartPages\spstd7.tem\SPSTD7.INF 0 bytes

---- EOF - GMER 1.0.15 ----

Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.


Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

• Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
• Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

• Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
• Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
  
  Záložka Čistič
• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
  OK Zavřít

V logu nevidím firewall, doinstalujte Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

O.K. díky moc za Vaši pomoc

Nemáte zač

Tak jsem zjistil že mi to pravděpodobně zavirovalo flashku, takže jsem spustil ještě jednou combofix a zase to něco smazalo. Podíváte se na to prosím?

ComboFix 10-02-25.02 - Alena Jelínková 26.02.2010 15:33:51.7.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.495.180 [GMT 1:00]
Spuštěný z: c:\documents and settings\Alena Jelínková\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\srchasst\nls302en.lex
c:\windows\system32\drivers\hnitoy.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-26 do 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-26 07:25 . 2010-02-26 07:25 -------- d-----w- c:\windows\system32\DRM
2010-02-25 21:52 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-25 21:52 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-25 21:52 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-25 21:52 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-25 21:52 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-25 21:52 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-25 21:52 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-25 21:52 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-25 21:52 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-25 21:37 . 2010-02-25 21:37 -------- d-----w- c:\program files\Common Files\PCSuite
2010-02-25 21:37 . 2010-02-25 21:37 -------- d-----w- c:\program files\Common Files\Nokia
2010-02-25 21:35 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-02-25 21:35 . 2010-02-25 21:35 -------- d-----w- c:\program files\PC Connectivity Solution
2010-02-25 21:12 . 2010-02-25 21:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 14:04 . 2010-02-25 14:27 -------- d-----w- C:\cobra
1601-01-01 00:00 . 1601-01-01 00:00 -------- d-----w- c:\windows\LastGood.Tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 07:30 . 2001-10-25 15:00 85208 ----a-w- c:\windows\system32\perfc005.dat
2010-02-26 07:30 . 2001-10-25 15:00 442312 ----a-w- c:\windows\system32\perfh005.dat
2010-02-25 21:52 . 2008-10-13 11:48 -------- d-----w- c:\program files\Alwil Software
2010-02-25 21:37 . 2008-11-03 19:22 -------- d-----w- c:\program files\Nokia
2010-02-25 21:35 . 2008-11-03 19:26 -------- d-----w- c:\program files\DIFX
2010-02-25 21:24 . 2008-10-14 11:55 -------- d-----w- c:\program files\Java
2010-02-25 21:22 . 2008-10-14 11:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-25 21:14 . 2008-10-13 13:24 -------- d-----w- c:\program files\CCleaner
2010-02-25 18:06 . 2009-11-13 13:35 -------- d-----w- c:\program files\ICQToolbar
2010-02-21 18:18 . 2008-10-16 16:17 -------- d-----w- c:\program files\Oberon Media
2010-02-15 10:11 . 2009-11-07 13:12 -------- d-----w- c:\program files\IKEA HomePlanner
2010-02-11 10:51 . 2008-10-29 10:23 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-04 19:04 . 2008-10-16 15:11 -------- d-----w- c:\program files\dm
2010-01-22 16:05 . 2010-01-22 16:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-21 17:25 . 2008-10-13 11:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 12:12 . 2010-01-21 11:42 -------- d-----w- c:\program files\Microsoft Expression
2010-01-21 12:01 . 2010-01-21 12:01 -------- d-----w- c:\program files\WPF Toolkit
2010-01-21 12:00 . 2010-01-21 11:59 -------- d-----w- c:\program files\Microsoft SDKs
2010-01-14 12:14 . 2010-01-14 12:14 575880 ----a-w- c:\windows\system32\RmActivate_isv.exe
2010-01-14 12:14 . 2010-01-14 12:14 567176 ----a-w- c:\windows\system32\RmActivate.exe
2010-01-14 12:14 . 2010-01-14 12:14 562064 ----a-w- c:\windows\system32\SecProc_isv.dll
2010-01-14 12:14 . 2010-01-14 12:14 558984 ----a-w- c:\windows\system32\SecProc.dll
2010-01-14 12:14 . 2010-01-14 12:14 362888 ----a-w- c:\windows\system32\RmActivate_ssp.exe
2010-01-14 12:14 . 2010-01-14 12:14 361872 ----a-w- c:\windows\system32\RmActivate_ssp_isv.exe
2010-01-14 12:14 . 2010-01-14 12:14 339336 ----a-w- c:\windows\system32\msdrm.dll
2010-01-14 12:14 . 2010-01-14 12:14 192912 ----a-w- c:\windows\system32\SecProc_ssp_isv.dll
2010-01-14 12:14 . 2010-01-14 12:14 192904 ----a-w- c:\windows\system32\SecProc_ssp.dll
2009-12-31 16:50 . 2008-04-13 22:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2008-04-14 06:52 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-10-13 10:16 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2008-04-14 08:06 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:11 . 2008-04-14 06:07 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-04 18:22 . 2008-04-13 22:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-24 08:09 . 2009-05-24 08:08 69664 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 16206848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-19 110592]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Zoner\\inShop 3\\DataExchange.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.2.2010 22:52 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.2.2010 22:52 19024]
R2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\drivers\p1c1394.sys [26.5.2009 14:04 23168]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
FF - ProfilePath - c:\documents and settings\Alena Jelínková\Data aplikací\Mozilla\Firefox\Profiles\xy7uwfz5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&prtn=ob&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-HijackThis - c:\program files\trend micro\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 15:54
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2208)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\RTHDCPL.EXE
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclToBTSrv.exe
.
**************************************************************************
.
Celkový čas: 2010-02-26 16:10:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-02-26 15:10

Před spuštěním: Volných bajtů: 128 414 789 632
Po spuštění: Volných bajtů: 128 394 027 008

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 9B028AC6A02EF90EBDD7BEEC307DD9D3

Podívám se na to, příště nespouštějte Combofix z vlastní iniciativy, při neodborném použití může poškodit systém!

Je problém flash disk zformátovat?

Není už jsem ho zformátoval.

V tom případě dejte nový log z Combofix.

Ten co jsem poslal Vám nestačí? Ten jsem dělal proto že jsem ten flash dal do jiného kompu a byly tam nějaké skryté složky a soubory. Tak jsem to dal zpatky do toho ntb a spustil jsem combofix.

Dejte nový, jestli tam něco nezůstalo.

nový log:
ComboFix 10-02-25.02 - Alena Jelínková 26.02.2010 18:17:51.8.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.495.124 [GMT 1:00]
Spuštěný z: c:\documents and settings\Alena Jelínková\Plocha\potvora.com
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-01-26 do 2010-02-26 )))))))))))))))))))))))))))))))
.

2010-02-26 07:25 . 2010-02-26 07:25 -------- d-----w- c:\windows\system32\DRM
2010-02-25 21:52 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-25 21:52 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-25 21:52 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-25 21:52 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-25 21:52 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-25 21:52 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-25 21:52 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-25 21:52 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-25 21:52 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-25 21:37 . 2010-02-25 21:37 -------- d-----w- c:\program files\Common Files\PCSuite
2010-02-25 21:37 . 2010-02-25 21:37 -------- d-----w- c:\program files\Common Files\Nokia
2010-02-25 21:35 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-02-25 21:35 . 2010-02-25 21:35 -------- d-----w- c:\program files\PC Connectivity Solution
2010-02-25 21:12 . 2010-02-25 21:11 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-25 14:04 . 2010-02-25 14:27 -------- d-----w- C:\cobra

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 07:30 . 2001-10-25 15:00 85208 ----a-w- c:\windows\system32\perfc005.dat
2010-02-26 07:30 . 2001-10-25 15:00 442312 ----a-w- c:\windows\system32\perfh005.dat
2010-02-25 21:52 . 2008-10-13 11:48 -------- d-----w- c:\program files\Alwil Software
2010-02-25 21:37 . 2008-11-03 19:22 -------- d-----w- c:\program files\Nokia
2010-02-25 21:35 . 2008-11-03 19:26 -------- d-----w- c:\program files\DIFX
2010-02-25 21:24 . 2008-10-14 11:55 -------- d-----w- c:\program files\Java
2010-02-25 21:22 . 2008-10-14 11:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-25 21:14 . 2008-10-13 13:24 -------- d-----w- c:\program files\CCleaner
2010-02-25 18:06 . 2009-11-13 13:35 -------- d-----w- c:\program files\ICQToolbar
2010-02-21 18:18 . 2008-10-16 16:17 -------- d-----w- c:\program files\Oberon Media
2010-02-15 10:11 . 2009-11-07 13:12 -------- d-----w- c:\program files\IKEA HomePlanner
2010-02-11 10:51 . 2008-10-29 10:23 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-02-04 19:04 . 2008-10-16 15:11 -------- d-----w- c:\program files\dm
2010-01-22 16:05 . 2010-01-22 16:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-21 17:25 . 2008-10-13 11:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 12:12 . 2010-01-21 11:42 -------- d-----w- c:\program files\Microsoft Expression
2010-01-21 12:01 . 2010-01-21 12:01 -------- d-----w- c:\program files\WPF Toolkit
2010-01-21 12:00 . 2010-01-21 11:59 -------- d-----w- c:\program files\Microsoft SDKs
2010-01-14 12:14 . 2010-01-14 12:14 575880 ----a-w- c:\windows\system32\RmActivate_isv.exe
2010-01-14 12:14 . 2010-01-14 12:14 567176 ----a-w- c:\windows\system32\RmActivate.exe
2010-01-14 12:14 . 2010-01-14 12:14 562064 ----a-w- c:\windows\system32\SecProc_isv.dll
2010-01-14 12:14 . 2010-01-14 12:14 558984 ----a-w- c:\windows\system32\SecProc.dll
2010-01-14 12:14 . 2010-01-14 12:14 362888 ----a-w- c:\windows\system32\RmActivate_ssp.exe
2010-01-14 12:14 . 2010-01-14 12:14 361872 ----a-w- c:\windows\system32\RmActivate_ssp_isv.exe
2010-01-14 12:14 . 2010-01-14 12:14 339336 ----a-w- c:\windows\system32\msdrm.dll
2010-01-14 12:14 . 2010-01-14 12:14 192912 ----a-w- c:\windows\system32\SecProc_ssp_isv.dll
2010-01-14 12:14 . 2010-01-14 12:14 192904 ----a-w- c:\windows\system32\SecProc_ssp.dll
2009-12-31 16:50 . 2008-04-13 22:45 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2008-04-14 06:52 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-10-13 10:16 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-04-14 06:51 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2008-04-14 08:06 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-09 10:11 . 2008-04-14 06:07 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-04 18:22 . 2008-04-13 22:47 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-24 08:09 . 2009-05-24 08:08 69664 --sha-w- c:\windows\system32\drivers\fidbox.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-04-17 110592]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-04 16206848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2006-10-17 398944]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-10-19 110592]
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-6-16 49152]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Zoner\\inShop 3\\DataExchange.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [25.2.2010 22:52 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [25.2.2010 22:52 19024]
R2 P1C1394;Phase One 1394 Camera Driver;c:\windows\system32\drivers\p1c1394.sys [26.5.2009 14:04 23168]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
Trusted Zone: mojebanka.cz\etrading
Trusted Zone: mojebanka.cz\www
FF - ProfilePath - c:\documents and settings\Alena Jelínková\Data aplikací\Mozilla\Firefox\Profiles\xy7uwfz5.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&prtn=ob&q=
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-26 18:37
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(4036)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2010-02-26 18:46:59
ComboFix-quarantined-files.txt 2010-02-26 17:46
ComboFix2.txt 2010-02-26 15:10

Před spuštěním: Volných bajtů: 128 391 671 808
Po spuštění: Volných bajtů: 128 356 417 536

- - End Of File - - 3FA769F15504AAEFF2DC913C1ACE1E4B

Odinstalujte ComboFix přes:
Start >> Spustit, zkopírujte do okénka:

ComboFix /Uninstall
stiskněte Enter


Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

• Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
• Po použití program vymažte. Pozor,antiviry ho mohou falešně označit za vir.

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

• Spusťte.
• Klikněte na "CleanUp!". Potvrďte hlášky stiskem "Yes" (Bude následovat restart)

• Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
• Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.
  
  Záložka Čistič
• Dejte analyzovat, po dokončení dejte Spustit Ccleaner.
  
  Záložka Registry
• Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
  OK Zavřít

V logu nevidím firewall, doinstalujte Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523