Lagování Mozilla Firefox

[goman]

Nevím čím to je, ale v Chrome i v Opera je vše v pořádku, ale když používám Mozzilu Thunderbird, tak se neustále tento prohlížeč seká. Jakoby něco stále natahoval a řešil. Nová stránka najede, ale musí mvždy čekat cca 5 sekund, než je možné se stránkou pracovat. V jiných prohlížečích, jak bylo psáno to nedělá. Může to být například nějakým rozšířením do mozzily či spíše vir?
PC jsme projel Combofixem viz log:

ComboFix 10-05-02.03 - goman 03.05.2010 15:33:43.8.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2940.2266 [GMT 2:00]
Spuštěný z: c:\documents and settings\goman\Dokumenty\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate

c:\windows\system32\proquota.exe . . . chybí !!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-03 do 2010-05-03 )))))))))))))))))))))))))))))))
.

2010-04-26 13:13 . 2010-04-26 13:13 20480 ----a-w- c:\windows\updatesrv.exe
2010-04-14 11:22 . 2010-04-14 11:22 -------- d-----w- c:\program files\MozBackup

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 12:34 . 2009-01-21 22:36 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-03 09:52 . 2009-09-18 09:05 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-01 07:48 . 2009-01-19 21:00 -------- d-----w- c:\program files\Opera
2010-03-29 17:42 . 2010-03-29 17:42 -------- d-----w- c:\program files\Common Files\Skype
2010-03-29 14:55 . 2008-08-19 10:58 84030 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 14:55 . 2008-08-19 10:58 440828 ----a-w- c:\windows\system32\perfh005.dat
2010-03-15 06:01 . 2010-03-15 06:00 -------- d-----w- c:\program files\SEO PowerSuite
2010-03-10 06:17 . 2008-08-19 10:58 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 12:51 . 2009-01-19 19:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-25 06:18 . 2008-08-19 10:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-08-19 10:58 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2008-04-14 08:06 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:08 . 2008-04-14 08:06 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-12 10:03 . 2010-03-24 13:14 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2008-08-19 10:58 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-08-19 10:58 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-04-22_08.23.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-01 07:48 . 2010-05-01 07:48 2644480 c:\windows\Installer\7b4ea18.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\goman\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-01-21 133104]
"EssentialPIM"="c:\program files\EssentialPIM\EssentialPIM.exe" [2008-10-29 1558016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-05-27 360448]
"SmoothView"="c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-03 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-03 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-03 141848]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-29 98304]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Toshiba_rizeno_spotreby"="c:\windows\system32\TPSMain.exe" [2008-07-30 266240]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Updates"="c:\windows\updatesrv.exe" [2010-04-26 20480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"c:\\Programy\\QIP\\qip.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Programy\\Strong DC 2.21\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.9.2009 7:23 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11.9.2009 7:26 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11.9.2009 7:24 735960]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.3.2007 12:22 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.2.2007 12:15 134016]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [19.8.2008 13:48 5888]
R3 RTL8187B;Síťový adaptér Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0;c:\windows\system32\drivers\RTL8187B.sys [19.8.2008 13:48 288000]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [6.2.2010 22:29 90112]
S3 cglptnt;cglptnt;c:\totalcmd\CGLPTNT.SYS [18.1.2009 13:14 7888]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [19.8.2008 13:40 110080]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15.10.2009 8:24 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15.10.2009 8:24 8320]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [19.8.2008 13:46 154624]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [6.2.2010 22:32 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [6.2.2010 22:32 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [6.2.2010 22:32 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [6.2.2010 22:32 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [6.2.2010 22:32 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [6.2.2010 22:32 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [6.2.2010 22:32 115752]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-05-03 c:\windows\Tasks\User_Feed_Synchronization-{F0E89B01-7AF9-4FD8-AC0F-08A614EDC650}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: mfcr.cz\adis
Trusted Zone: mfcr.cz\adisepo
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://jeremenko.volnet.cz/cab/OCXChecker_8198.cab
FF - ProfilePath - c:\documents and settings\goman\Data aplikací\Mozilla\Firefox\Profiles\ldjs367c.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 15:38
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

c:\windows\updatesrv.exe [4076] 0x8A220DA0

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-4037202737-1680048596-2828639714-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e3,b9,c8,fa,3f,f7,c7,a7,4e,86,0a,b5,20,f7,8b,f5,b7,b4,c4,c4,e9,24,6e,
06,49,0c,f8,d6,02,0e,6b,67,4f,d9,26,e7,da,97,e4,09,46,9b,e5,5f,24,06,e8,4f,\
"??"=hex:29,50,d7,01,31,c1,22,80,d9,a1,3c,46,8c,bf,86,c0

[HKEY_USERS\S-1-5-21-4037202737-1680048596-2828639714-1005\Software\SecuROM\License information*]
"datasecu"=hex:96,d8,e0,c8,c2,63,a6,29,9e,58,f5,b1,fa,8c,c8,e6,d3,50,c5,f0,c2,
19,4c,c0,9a,40,2f,8b,c8,29,ae,e6,f0,19,fd,06,88,29,8a,6f,3a,28,ee,f6,25,d1,\
"rkeysecu"=hex:25,68,30,d2,ee,c6,28,f1,be,0b,76,f2,3b,58,83,2a
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2824)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Celkový čas: 2010-05-03 15:41:41
ComboFix-quarantined-files.txt 2010-05-03 13:41
ComboFix2.txt 2010-04-22 08:26
ComboFix3.txt 2010-02-05 06:46
ComboFix4.txt 2010-02-04 12:02

Před spuštěním: Volných bajtů: 12 856 885 248
Po spuštění: Volných bajtů: 12 810 104 832

- - End Of File - - 864B62D778CA00C7411160DAA2F08C0F

[Rudy]

Přesuňte ComboFix na plochu. Stáhněte soubor, který jsem vám poslal v příloze a rozbalte jej rovněž na plochu. Pak otevřte poznámkový blok a zkopírujte do něj:

FCopy::
c:\documents and settings\goman\plocha\proquota.exe | c:\windows\system32\proquota.exe

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustgí a vykoná příkazy ze skriptu.



Po akci otestujte soubor c:\windows\updatesrv.exe online na http://www.virustotal.com. výsledek oznamte.

[goman]

Ahoj, výsledek z Combofixu:
ComboFix 10-05-02.03 - goman 04.05.2010 8:36.9.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2940.1902 [GMT 2:00]
Spuštěný z: c:\documents and settings\goman\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\goman\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\documents and settings\goman\plocha\proquota.exe --> c:\windows\system32\proquota.exe
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-04 do 2010-05-04 )))))))))))))))))))))))))))))))
.

2010-05-04 06:36 . 2010-05-04 06:36 -------- d-----w- c:\windows\LastGood
2010-05-04 06:36 . 2008-04-14 12:00 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2010-05-04 06:36 . 2008-04-14 12:00 50176 ----a-w- c:\windows\system32\proquota.exe
2010-04-26 13:13 . 2010-04-26 13:13 20480 ----a-w- c:\windows\updatesrv.exe
2010-04-14 11:22 . 2010-04-14 11:22 -------- d-----w- c:\program files\MozBackup

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 12:34 . 2009-01-21 22:36 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-03 09:52 . 2009-09-18 09:05 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-01 07:48 . 2009-01-19 21:00 -------- d-----w- c:\program files\Opera
2010-03-29 17:42 . 2010-03-29 17:42 -------- d-----w- c:\program files\Common Files\Skype
2010-03-29 14:55 . 2008-08-19 10:58 84030 ----a-w- c:\windows\system32\perfc005.dat
2010-03-29 14:55 . 2008-08-19 10:58 440828 ----a-w- c:\windows\system32\perfh005.dat
2010-03-15 06:01 . 2010-03-15 06:00 -------- d-----w- c:\program files\SEO PowerSuite
2010-03-10 06:17 . 2008-08-19 10:58 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-06 12:51 . 2009-01-19 19:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-25 06:18 . 2008-08-19 10:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-08-19 10:58 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2008-04-14 08:06 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:08 . 2008-04-14 08:06 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-12 10:03 . 2010-03-24 13:14 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:35 . 2008-08-19 10:58 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-08-19 10:58 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( SnapShot_2010-04-22_08.23.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-04 06:36 . 2001-06-13 23:00 47888 c:\windows\LastGood\system32\proquota.exe
+ 2010-05-01 07:48 . 2010-05-01 07:48 2644480 c:\windows\Installer\7b4ea18.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2009-10-19 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2009-10-19 15:15 1345336 ----a-w- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2009-10-19 1345336]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-12 65536]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\goman\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-01-21 133104]
"EssentialPIM"="c:\program files\EssentialPIM\EssentialPIM.exe" [2008-10-29 1558016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1024000]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-05-27 360448]
"SmoothView"="c:\program files\TOSHIBA\Nástroj TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-03 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-03 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-03 141848]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-29 98304]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-25 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-13 1603152]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Toshiba_rizeno_spotreby"="c:\windows\system32\TPSMain.exe" [2008-07-30 266240]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Updates"="c:\windows\updatesrv.exe" [2010-04-26 20480]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
"c:\\Programy\\QIP\\qip.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Programy\\Strong DC 2.21\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [11.9.2009 7:23 108792]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [11.9.2009 7:26 96408]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [11.9.2009 7:24 735960]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [26.3.2007 12:22 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [19.2.2007 12:15 134016]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [19.8.2008 13:48 5888]
R3 RTL8187B;Síťový adaptér Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0;c:\windows\system32\drivers\RTL8187B.sys [19.8.2008 13:48 288000]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [6.2.2010 22:29 90112]
S3 cglptnt;cglptnt;c:\totalcmd\CGLPTNT.SYS [18.1.2009 13:14 7888]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [19.8.2008 13:40 110080]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [15.10.2009 8:24 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [15.10.2009 8:24 8320]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [19.8.2008 13:46 154624]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [6.2.2010 22:32 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [6.2.2010 22:32 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [6.2.2010 22:32 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [6.2.2010 22:32 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [6.2.2010 22:32 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [6.2.2010 22:32 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [6.2.2010 22:32 115752]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]

2010-05-04 c:\windows\Tasks\User_Feed_Synchronization-{F0E89B01-7AF9-4FD8-AC0F-08A614EDC650}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://search.qip.ru
uSearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: mfcr.cz\adis
Trusted Zone: mfcr.cz\adisepo
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
DPF: {ADACAA8F-3595-47FE-9C31-9C7471B9BEC7} - hxxp://jeremenko.volnet.cz/cab/OCXChecker_8198.cab
FF - ProfilePath - c:\documents and settings\goman\Data aplikací\Mozilla\Firefox\Profiles\ldjs367c.default\
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-04 08:39
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

c:\windows\updatesrv.exe [4076] 0x8A220DA0

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-4037202737-1680048596-2828639714-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e3,b9,c8,fa,3f,f7,c7,a7,4e,86,0a,b5,20,f7,8b,f5,b7,b4,c4,c4,e9,24,6e,
06,49,0c,f8,d6,02,0e,6b,67,4f,d9,26,e7,da,97,e4,09,46,9b,e5,5f,24,06,e8,4f,\
"??"=hex:29,50,d7,01,31,c1,22,80,d9,a1,3c,46,8c,bf,86,c0

[HKEY_USERS\S-1-5-21-4037202737-1680048596-2828639714-1005\Software\SecuROM\License information*]
"datasecu"=hex:96,d8,e0,c8,c2,63,a6,29,9e,58,f5,b1,fa,8c,c8,e6,d3,50,c5,f0,c2,
19,4c,c0,9a,40,2f,8b,c8,29,ae,e6,f0,19,fd,06,88,29,8a,6f,3a,28,ee,f6,25,d1,\
"rkeysecu"=hex:25,68,30,d2,ee,c6,28,f1,be,0b,76,f2,3b,58,83,2a
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2692)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Celkový čas: 2010-05-04 08:40:48
ComboFix-quarantined-files.txt 2010-05-04 06:40
ComboFix2.txt 2010-05-03 13:41
ComboFix3.txt 2010-04-22 08:26
ComboFix4.txt 2010-02-05 06:46
ComboFix5.txt 2010-05-04 06:36

Před spuštěním: Volných bajtů: 12 848 762 880
Po spuštění: Volných bajtů: 12 826 214 400

- - End Of File - - 6830915900E849D9E4789CBAF17B0AFA

A výsledek z virustotal:
a-squared 4.5.0.50 2010.05.04 -
AhnLab-V3 2010.05.04.00 2010.05.04 -
AntiVir 8.2.1.224 2010.05.03 TR/Downloader.Gen
Antiy-AVL 2.0.3.7 2010.04.30 -
Authentium 5.2.0.5 2010.05.04 -
Avast 4.8.1351.0 2010.05.03 Win32:Rootkit-gen
Avast5 5.0.332.0 2010.05.03 Win32:Rootkit-gen
AVG 9.0.0.787 2010.05.03 -
BitDefender 7.2 2010.05.04 Trojan.Crypt.DA
CAT-QuickHeal 10.00 2010.05.03 -
ClamAV 0.96.0.3-git 2010.05.04 -
Comodo 4758 2010.05.04 TrojWare.Win32.Trojan.Agent.Gen
DrWeb 5.0.2.03300 2010.05.04 -
eSafe 7.0.17.0 2010.05.03 -
eTrust-Vet 35.2.7466 2010.05.03 -
F-Prot 4.5.1.85 2010.05.03 -
F-Secure 9.0.15370.0 2010.05.04 Trojan.Crypt.DA
Fortinet 4.0.14.0 2010.05.03 -
GData 21 2010.05.04 Win32:Rootkit-gen
Ikarus T3.1.1.80.0 2010.05.04 -
Jiangmin 13.0.900 2010.05.04 -
Kaspersky 7.0.0.125 2010.05.04 -
McAfee 5.400.0.1158 2010.05.04 -
McAfee-GW-Edition 6.8.5 2010.05.04 Heuristic.BehavesLike.Win32.Suspicious.L
Microsoft 1.5703 2010.05.04 -
NOD32 5083 2010.05.03 -
Norman 6.04.12 2010.05.03 -
nProtect 2010-05-03.01 2010.05.03 Trojan.Crypt.DA
Panda 10.0.2.7 2010.05.03 Suspicious file
PCTools 7.0.3.5 2010.05.04 -
Prevx 3.0 2010.05.04 -
Rising 22.46.01.01 2010.05.04 -
Sophos 4.53.0 2010.05.04 -
Sunbelt 6258 2010.05.04 -
Symantec 20091.2.0.41 2010.05.04 -
TheHacker 6.5.2.0.275 2010.05.03 -
TrendMicro 9.120.0.1004 2010.05.04 Mal_DLDER
TrendMicro-HouseCall 9.120.0.1004 2010.05.04 Mal_DLDER
VBA32 3.12.12.4 2010.05.03 -
ViRobot 2010.5.3.2301 2010.05.04 -
VirusBuster 5.0.27.0 2010.05.03 -

[goman]

Nějaké rady?

[Rudy]

Log vypadá čistý. Nastala nějaká změna?

[goman]

Potom se téměř nic nestalo. Pomohlo až přeinstalování prohlížeče ... , ale tak díky za rady

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\updatesrv.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Updates"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.