prosim o preventivku

[dinospages]

mam zde pc kdde byl nainstalovan pouze internet exporer.
nelze prehravat cvidea zrejme starym flash playerem, tak sje mse pokusil stahnout novy ale nic nejde stahnout pise to ze zabecpeceni je m,oc velke, tak jsem nainstaloval mozillu tam to zaclo stahovat ale po te to na uvedenem miste neni ????

log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Jirka at 2010-02-12 20:44:37
Microsoft Windows XP Home Edition Service Pack 3
System drive H: has 285 GB (93%) free of 305 GB
Total RAM: 2046 MB (73% free)

HijackThis download failed

======Scheduled tasks folder======

H:\WINDOWS\tasks\User_Feed_Synchronization-{EC9760FD-67FB-4C0F-87FB-B232E30CA4D5}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - H:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - H:\Program Files\Stylish Profile\enlbrdr.dll [2010-01-07 185344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2C688203-7EB3-4327-9995-1CB417BA23F9} - BS.Player ControlBar - H:\Program Files\BS.Player ControlBar\BSToolbar.dll [2008-08-13 757192]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - H:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2009-10-19 1345336]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"GEST"== []
"StartCCC"=H:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"avast!"=H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"WinampAgent"=H:\Program Files\Winamp\winampa.exe []
"RTHDCPL"=H:\WINDOWS\RTHDCPL.EXE [2008-10-28 17331200]
"Alcmtr"=H:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"SweetIM"=H:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-10-20 111928]
"KernelFaultCheck"=H:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=H:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"EPSON SX100 Series"=H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE [2008-02-05 188928]
"MSMSGS"=H:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ICQ"=~H:\Program Files\ICQ6.5\ICQ.exe silent []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=H:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe [2008-03-25 218496]

H:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - H:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
H:\WINDOWS\system32\Ati2evxx.dll [2007-06-06 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"H:\Program Files\ICQ6.5\ICQ.exe"="H:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"H:\Program Files\Messenger\msmsgs.exe"="H:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-02-12 20:44:37 ----D---- H:\rsit
2010-02-12 20:44:37 ----D---- H:\Program Files\trend micro
2010-02-12 20:38:19 ----D---- H:\Documents and Settings\Jirka\Data aplikací\Mozilla
2010-02-12 20:38:10 ----D---- H:\Program Files\Mozilla Firefox
2010-02-10 12:55:22 ----HDC---- H:\WINDOWS\$NtUninstallKB978262$
2010-02-10 12:55:18 ----HDC---- H:\WINDOWS\$NtUninstallKB971468$
2010-02-10 12:54:24 ----HDC---- H:\WINDOWS\$NtUninstallKB978037$
2010-02-10 12:54:20 ----HDC---- H:\WINDOWS\$NtUninstallKB975713$
2010-02-10 12:54:16 ----HDC---- H:\WINDOWS\$NtUninstallKB978251$
2010-02-10 12:54:12 ----HDC---- H:\WINDOWS\$NtUninstallKB975560$
2010-02-10 12:54:07 ----HDC---- H:\WINDOWS\$NtUninstallKB977914$
2010-02-10 12:54:01 ----HDC---- H:\WINDOWS\$NtUninstallKB978706$
2010-02-10 12:53:52 ----HDC---- H:\WINDOWS\$NtUninstallKB977165$
2010-01-16 20:36:14 ----D---- H:\Program Files\Stylish Profile
2010-01-13 13:40:01 ----HDC---- H:\WINDOWS\$NtUninstallKB955759$
2010-01-13 13:39:54 ----HDC---- H:\WINDOWS\$NtUninstallKB972270$

======List of files/folders modified in the last 1 months======

2010-02-12 20:44:46 ----D---- H:\WINDOWS\Prefetch
2010-02-12 20:44:37 ----RD---- H:\Program Files
2010-02-12 20:38:21 ----D---- H:\WINDOWS
2010-02-12 20:29:12 ----D---- H:\WINDOWS\Temp
2010-02-12 20:26:12 ----HD---- H:\WINDOWS\inf
2010-02-12 20:26:09 ----D---- H:\WINDOWS\system32\CatRoot2
2010-02-12 17:05:12 ----A---- H:\WINDOWS\SchedLgU.Txt
2010-02-12 17:05:06 ----D---- H:\Documents and Settings\Jirka\Data aplikací\ICQ
2010-02-12 10:22:11 ----A---- H:\WINDOWS\wincmd.ini
2010-02-10 12:56:37 ----D---- H:\WINDOWS\system32
2010-02-10 12:55:21 ----HD---- H:\WINDOWS\$hf_mig$
2010-02-10 12:55:20 ----RSHDC---- H:\WINDOWS\system32\dllcache
2010-02-10 12:55:20 ----D---- H:\WINDOWS\system32\drivers
2010-02-10 12:55:20 ----A---- H:\WINDOWS\imsins.BAK
2010-02-08 21:31:15 ----D---- H:\WINDOWS\Help
2010-02-01 20:26:20 ----A---- H:\WINDOWS\system32\MRT.exe
2010-01-31 18:25:43 ----D---- H:\WINDOWS\Network Diagnostic
2010-01-22 05:44:06 ----D---- H:\Program Files\Internet Explorer
2010-01-22 05:42:36 ----D---- H:\WINDOWS\system32\cs-cz
2010-01-22 05:42:28 ----D---- H:\WINDOWS\ie7updates
2010-01-15 06:14:42 ----SD---- H:\WINDOWS\Tasks
2010-01-13 13:42:29 ----D---- H:\WINDOWS\AppPatch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; H:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; H:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; H:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Řadič procesoru Intel; H:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; H:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; H:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 aswRdr;aswRdr; H:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; H:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-06 2155520]
R3 HdAudAddService;ATI Function Driver for High Definition Audio Service; H:\WINDOWS\system32\drivers\AtiHdAud.sys [2006-12-28 84992]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; H:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); H:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-10-31 4942336]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; H:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; H:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; H:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; H:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; H:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; H:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 gdrv;gdrv; \??\H:\WINDOWS\gdrv.sys []
S3 GMSIPCI;GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; H:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; H:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; H:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S4 IntelIde;IntelIde; H:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 Ati HotKey Poller;Ati HotKey Poller; H:\WINDOWS\system32\Ati2evxx.exe [2007-06-06 483328]
R2 avast! Antivirus;avast! Antivirus; H:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R3 avast! Mail Scanner;avast! Mail Scanner; H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; H:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S2 ATI Smart;ATI Smart; H:\WINDOWS\system32\ati2sgag.exe [2007-06-06 520192]
S3 aspnet_state;ASP.NET State Service; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; H:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; h:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; h:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; H:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; h:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[dinospages]

uz to vidim ve spravci stahovani to pise malwarereoval ze to zakazal ale nikde ho nevidim nainstalovaneho

[motji]

Dobrý večer

Otestujte na www.virustotal.com
H:\Program Files\Stylish Profile\enlbrdr.dll
-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky


Stáhněte SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe
-program spusťte a postupujte podle instrukcí. Log vložte zde

[dinospages]

virustotal:
http://www.virustotal.com/cs/analisis/1 ... 1265346453

security check: (hodilo mi to tam dve chyby beham toho analyzovani)

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
avast! Antivirus
``````````````````````````````
Anti-malware/Other Utilities Check:
Adobe Flash Player 10
Adobe Reader 7.0.9 - Czech
Out of date Adobe Reader installed!
``````````````````````````````
Process Check:
objlist.exe by Laurent
Alwil Software Avast4 aswUpdSv.exe
Alwil Software Avast4 ashServ.exe
Alwil Software Avast4 ashDisp.exe
Alwil Software Avast4 ashMaiSv.exe
Alwil Software Avast4 ashWebSv.exe
``````````````````````````````
DNS Vulnerability Check:
[color]nslookup.exe missing![/color]
Unknown. This method cannot test your vulnerability to DNS cache poisoning.

`````````End of Log```````````

[motji]

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

[dinospages]

opet to dvakrat hodilo chybu :
exeption processing message c0000013 Parameters 75b4bf7c 4 75b4bf7c 75b4bf7c


ale combo dojelb az do konce:

ComboFix 10-02-12.01 - Jirka 13.02.2010 13:08:56.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1597 [GMT 1:00]
Spuštěný z: h:\documents and settings\Jirka\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100212-2] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\program files\ICQ6.5\ICQLRun.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-13 do 2010-02-13 )))))))))))))))))))))))))))))))
.

2010-02-12 19:44 . 2010-02-12 19:45 -------- d-----w- H:\rsit
2010-02-12 19:44 . 2010-02-12 19:44 -------- d-----w- h:\program files\trend micro
2010-02-12 19:38 . 2010-02-12 19:38 0 ----a-w- h:\windows\nsreg.dat
2010-01-22 18:58 . 2010-01-22 18:58 -------- d-----w- h:\documents and settings\Jirka\AppData
2010-01-16 19:36 . 2010-01-16 19:38 -------- d-----w- h:\program files\Stylish Profile

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 12:12 . 2009-03-28 13:54 -------- d-----w- h:\program files\ICQ6.5
2010-01-12 21:37 . 2010-01-12 21:37 -------- d-----w- h:\program files\Microsoft Silverlight
2010-01-05 09:58 . 2008-04-14 12:00 832512 ----a-w- h:\windows\system32\wininet.dll
2010-01-05 09:57 . 2008-04-14 12:00 78336 ----a-w- h:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2008-04-14 12:00 17408 ----a-w- h:\windows\system32\corpol.dll
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- h:\windows\system32\drivers\srv.sys
2009-12-17 07:42 . 2008-11-08 18:49 343552 ----a-w- h:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-04-14 12:00 33280 ----a-w- h:\windows\system32\csrsrv.dll
2009-12-11 08:30 . 2008-04-14 12:00 78052 ----a-w- h:\windows\system32\perfc005.dat
2009-12-11 08:30 . 2008-04-14 12:00 429024 ----a-w- h:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2008-04-14 12:00 2147328 ----a-w- h:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2008-04-14 08:06 2025984 ----a-w- h:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-04-14 12:00 455424 ----a-w- h:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2008-04-14 12:00 1294336 ----a-w- h:\windows\system32\quartz.dll
2009-11-27 17:14 . 2008-04-14 08:51 17920 ----a-w- h:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2008-04-14 12:00 28672 ----a-w- h:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- h:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2008-04-14 12:00 84992 ----a-w- h:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2008-04-14 12:00 11264 ----a-w- h:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2008-04-14 08:51 48128 ----a-w- h:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2008-11-08 19:24 1280480 ----a-w- h:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-11-08 19:24 93424 ----a-w- h:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-11-08 19:24 94160 ----a-w- h:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-11-08 19:32 114768 ----a-w- h:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-11-08 19:32 20560 ----a-w- h:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-11-08 19:24 48560 ----a-w- h:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-11-08 19:24 23120 ----a-w- h:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-11-08 19:24 27408 ----a-w- h:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-11-08 19:24 97480 ----a-w- h:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2008-04-14 12:00 471552 ----a-w- h:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "h:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
2010-01-07 06:51 185344 ----a-w- h:\program files\Stylish Profile\enlbrdr.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- h:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "h:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "h:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="=" [X]
"StartCCC"="h:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avast!"="h:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"SweetIM"="h:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

h:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - h:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\ICQ6.5\\ICQ.exe"=
"h:\\Program Files\\Messenger\\msmsgs.exe"=

S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;h:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - HTTPFILTER
.
Obsah adresáře 'Naplánované úlohy'

2010-02-13 h:\windows\Tasks\User_Feed_Synchronization-{EC9760FD-67FB-4C0F-87FB-B232E30CA4D5}.job
- h:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search13.net/
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - h:\program files\Stylish Profile\ct.htm
FF - ProfilePath - h:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\3i79c73k.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
h:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
h:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
h:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
h:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
HKCU-Run-ICQ - ~h:\program files\ICQ6.5\ICQ.exe
HKLM-Run-WinampAgent - h:\program files\Winamp\winampa.exe



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(668)
h:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-13 13:14:57
ComboFix-quarantined-files.txt 2010-02-13 12:14

Před spuštěním: Volných bajtů: 298 345 521 152
Po spuštění: Volných bajtů: 299 092 639 744

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
h:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - D8E030EECD49A30FDDA9F142AAB162AD

[motji]

Můžete se podívat, jestli máte tento soubor?
h:\windows\system32\nslookup.exe

a nehlásí Vám to také, že chybí disk?

[dinospages]

tak systemovy disk H se chova standartne

ostatni disky : C,E,F,G jsou vymenitelne disky, taky by je to asi chtelo dat pryc, ne???

soubor: nslookup.exe je na danem miste

[motji]

Těmi vyměnitelnými disky myslíte flešky a pod? A vy s nimi startujete systém?
Já teda se v tomto moc nevyznám, ale co jsem googlila, problém by mohl být právě v tom .

Stáhněte SystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

- uložte ho na plochu a spustte.
- do okénka zkopírujte

Kód: Vybrat vše

:filefind
nslookup.exe

- klikněte na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopírujete sem


Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.

[dinospages]

tak systemlook nevygeneruje zadnej log (zkousel jsem i na jinem pc)

gmer probehl ale pokazde po kontrole gmerem neslo s pocitacem pracovat
1. log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-14 13:21:55
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: H:\DOCUME~1\Jirka\LOCALS~1\Temp\uwtdypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----


2. log
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-14 13:41:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: H:\DOCUME~1\Jirka\LOCALS~1\Temp\uwtdypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xADA336B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xADA33574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xADA33A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xADA3314C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xADA3364E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xADA3308C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xADA330F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xADA3376E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xADA3372E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xADA338AE]

---- User IAT/EAT - GMER 1.0.15 ----

IAT H:\WINDOWS\system32\services.exe[712] @ H:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002
IAT H:\WINDOWS\system32\services.exe[712] @ H:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

[dinospages]

jo k tem vymenitelnym diskum, tak nevim co to ma znamenat, toto neni moje pc.

Nevim zda li se z nich startuji windowsy, ale nejspis ne

[motji]

A systemlook začne aspon pracovat?

Jak to ted vypadá s počítačem?

[dinospages]

pc se chova standartne do doby nez provedu scan GMERem, stahovani souboru funguje.

omlouvam se systemlook neco vygeneroval:
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 13:14 on 14/02/2010 by Jirka (Administrator - Elevation successful)

========== filefind ==========

Searching for "nslookup.exe"
H:\WINDOWS\system32\dllcache\nslookup.exe --a--c 79360 bytes [12:00 14/04/2008] [12:00 14/04/2008] 77E5BAA1DCDD5CD331B2075752B99A4E
H:\WINDOWS\system32\nslookup.exe --a--- 79360 bytes [12:00 14/04/2008] [12:00 14/04/2008] 77E5BAA1DCDD5CD331B2075752B99A4E

-=End Of File=-

[motji]

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
h:\program files\SweetIM\Toolbars

File::
h:\program files\Stylish Profile\enlbrdr.dll

Dirlook::
h:\program files\Stylish Profile

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"=-
[-HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

DDS::
uDefault_Search_URL = hxxp://search13.net/
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://search13.net/
uCustomizeSearch = hxxp://search13.net/

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:




-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

[dinospages]

ComboFix 10-02-12.01 - Jirka 14.02.2010 15:00:28.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1630 [GMT 1:00]
Spuštěný z: h:\documents and settings\Jirka\Plocha\ComboFix.exe
Použité ovládací přepínače :: h:\documents and settings\Jirka\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100214-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"h:\program files\Stylish Profile\enlbrdr.dll"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

h:\program files\Stylish Profile\enlbrdr.dll
h:\program files\SweetIM\Toolbars
h:\program files\SweetIM\Toolbars\Internet Explorer\ClearHist.exe
h:\program files\SweetIM\Toolbars\Internet Explorer\conf\logger.xml
h:\program files\SweetIM\Toolbars\Internet Explorer\default.xml
h:\program files\SweetIM\Toolbars\Internet Explorer\mgcommon.dll
h:\program files\SweetIM\Toolbars\Internet Explorer\mgconfig.dll
h:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
h:\program files\SweetIM\Toolbars\Internet Explorer\mghooking.dll
h:\program files\SweetIM\Toolbars\Internet Explorer\mglogger.dll
h:\program files\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll
h:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
h:\program files\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\about.html
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\affid.dat
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\basis.xml
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\bing.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\dating.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\find.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\games.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\glitter.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\google.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\help.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\highlight.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\locales.xml
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\music.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\news.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\options.html
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\photos.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\shopping.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\version.txt
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\video.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\web-search.png
h:\program files\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-12 19:44 . 2010-02-12 19:45 -------- d-----w- H:\rsit
2010-02-12 19:44 . 2010-02-12 19:44 -------- d-----w- h:\program files\trend micro
2010-02-12 19:38 . 2010-02-12 19:38 0 ----a-w- h:\windows\nsreg.dat
2010-01-22 18:58 . 2010-01-22 18:58 -------- d-----w- h:\documents and settings\Jirka\AppData
2010-01-16 19:36 . 2010-02-14 14:02 -------- d-----w- h:\program files\Stylish Profile

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 14:03 . 2009-10-30 18:22 -------- d-----w- h:\program files\SweetIM
2010-02-13 12:12 . 2009-03-28 13:54 -------- d-----w- h:\program files\ICQ6.5
2010-01-12 21:37 . 2010-01-12 21:37 -------- d-----w- h:\program files\Microsoft Silverlight
2010-01-05 09:58 . 2008-04-14 12:00 832512 ------w- h:\windows\system32\wininet.dll
2010-01-05 09:57 . 2008-04-14 12:00 78336 ----a-w- h:\windows\system32\ieencode.dll
2010-01-05 09:57 . 2008-04-14 12:00 17408 ----a-w- h:\windows\system32\corpol.dll
2009-12-31 16:50 . 2008-04-14 12:00 353792 ----a-w- h:\windows\system32\drivers\srv.sys
2009-12-17 07:42 . 2008-11-08 18:49 343552 ----a-w- h:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2008-04-14 12:00 33280 ----a-w- h:\windows\system32\csrsrv.dll
2009-12-11 08:30 . 2008-04-14 12:00 78052 ----a-w- h:\windows\system32\perfc005.dat
2009-12-11 08:30 . 2008-04-14 12:00 429024 ----a-w- h:\windows\system32\perfh005.dat
2009-12-09 10:11 . 2008-04-14 12:00 2147328 ------w- h:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2008-04-14 08:06 2025984 ------w- h:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2008-04-14 12:00 455424 ----a-w- h:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:14 . 2008-04-14 12:00 1294336 ----a-w- h:\windows\system32\quartz.dll
2009-11-27 17:14 . 2008-04-14 08:51 17920 ----a-w- h:\windows\system32\msyuv.dll
2009-11-27 16:09 . 2008-04-14 12:00 28672 ----a-w- h:\windows\system32\msvidc32.dll
2009-11-27 16:09 . 2001-10-24 12:25 8704 ----a-w- h:\windows\system32\tsbyuv.dll
2009-11-27 16:09 . 2008-04-14 12:00 84992 ----a-w- h:\windows\system32\avifil32.dll
2009-11-27 16:09 . 2008-04-14 12:00 11264 ----a-w- h:\windows\system32\msrle32.dll
2009-11-27 16:09 . 2008-04-14 08:51 48128 ----a-w- h:\windows\system32\iyuv_32.dll
2009-11-24 23:54 . 2008-11-08 19:24 1280480 ----a-w- h:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2008-11-08 19:24 93424 ----a-w- h:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2008-11-08 19:24 94160 ----a-w- h:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-11-08 19:32 114768 ----a-w- h:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-11-08 19:32 20560 ----a-w- h:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2008-11-08 19:24 48560 ----a-w- h:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2008-11-08 19:24 23120 ----a-w- h:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2008-11-08 19:24 27408 ----a-w- h:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2008-11-08 19:24 97480 ----a-w- h:\windows\system32\AvastSS.scr
2009-11-21 16:03 . 2008-04-14 12:00 471552 ----a-w- h:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of h:\program files\Stylish Profile ----

2010-01-16 19:36 . 2010-01-16 19:38 77232 ----a-w- h:\program files\Stylish Profile\uninstall.exe
2010-01-07 06:51 . 2010-01-07 06:51 185344 ----a-w- h:\program files\Stylish Profile\enlbrdr.dll
2010-01-07 06:28 . 2010-01-07 06:28 27347 ----a-w- h:\program files\Stylish Profile\tommain.js
2009-11-09 04:10 . 2009-11-09 04:10 115 ----a-w- h:\program files\Stylish Profile\ct.htm
2009-11-09 04:10 . 2009-11-09 04:10 6030 ----a-w- h:\program files\Stylish Profile\hoticon.ico
2009-11-09 04:10 . 2009-11-09 04:10 41396 ----a-w- h:\program files\Stylish Profile\tomapi.js


((((((((((((((((((((((((((((( SnapShot@2010-02-13_12.14.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-14 13:11 . 2010-02-14 13:11 16384 h:\windows\Temp\Perflib_Perfdata_564.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="h:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"avast!"="h:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"RTHDCPL"="RTHDCPL.EXE" [2008-10-28 17331200]
"SweetIM"="h:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="h:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

h:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - h:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"h:\\Program Files\\ICQ6.5\\ICQ.exe"=
"h:\\Program Files\\Messenger\\msmsgs.exe"=

R1 aswSP;avast! Self Protection;h:\windows\system32\drivers\aswSP.sys [8.11.2008 20:32 114768]
R2 aswFsBlk;aswFsBlk;h:\windows\system32\drivers\aswFsBlk.sys [8.11.2008 20:32 20560]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-14 h:\windows\Tasks\User_Feed_Synchronization-{EC9760FD-67FB-4C0F-87FB-B232E30CA4D5}.job
- h:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://search13.net/
IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - h:\program files\Stylish Profile\ct.htm
FF - ProfilePath - h:\documents and settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\3i79c73k.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - h:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
h:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
h:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
h:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
h:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
h:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
h:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 15:03
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(668)
h:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-14 15:04:17
ComboFix-quarantined-files.txt 2010-02-14 14:04
ComboFix2.txt 2010-02-13 12:14

Před spuštěním: Volných bajtů: 299 087 282 176
Po spuštění: Volných bajtů: 299 055 087 616

- - End Of File - - 5ED2E0245FC5242EC4D50A12D6E1F268