nejdou žádné internetové prohlížeče, prosím o pomoc

[deathmiss]

nefunguje mi IE, Firefox ani chrome a většina programů nejde aktualizovat...prosím o kontrolu, děkuji.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Adriana at 2010-08-03 14:42:35
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (3%) free of 38 GB
Total RAM: 383 MB (24% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Úklid 1 kliknutím.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-01-26 1230288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2009-01-29 1088296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-07-14 520192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object - C:\PROGRA~1\TEXTware\QUICKF~1\PlugIns\IEHelp.dll [2003-06-30 337920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-07-01 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-07-01 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler Toolbar - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-01-26 1230288]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll [2009-07-14 520192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2007-10-14 921600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-06-27 3584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0x91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Quake III Arena\quake3.exe"="C:\Program Files\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\AviSynth 2.5\BitLord\BitLord.exe"="C:\Program Files\AviSynth 2.5\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-08-03 14:31:19 ----D---- C:\WINDOWS\system32\PreInstall
2010-08-03 14:31:15 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2010-08-03 14:31:14 ----HD---- C:\WINDOWS\$hf_mig$
2010-08-03 14:26:40 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2010-08-03 14:26:31 ----D---- C:\WINDOWS\LastGood
2010-08-03 13:48:31 ----D---- C:\Program Files\WGA cracked v. 1.5.532
2010-08-03 13:15:04 ----D---- C:\rsit
2010-08-03 13:05:04 ----HDC---- C:\WINDOWS\$NtUninstallWIC$
2010-08-03 12:46:24 ----D---- C:\Program Files\FileHippo.com

======List of files/folders modified in the last 1 months======

2010-08-03 14:42:42 ----HD---- C:\WINDOWS\inf
2010-08-03 14:42:34 ----D---- C:\WINDOWS
2010-08-03 14:41:31 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-03 14:39:58 ----D---- C:\WINDOWS\Prefetch
2010-08-03 14:31:19 ----D---- C:\WINDOWS\system32
2010-08-03 14:29:33 ----D---- C:\Documents and Settings\Adriana\Data aplikací\Mozilla
2010-08-03 14:26:51 ----D---- C:\WINDOWS\SoftwareDistribution
2010-08-03 14:26:48 ----D---- C:\WINDOWS\Temp
2010-08-03 14:26:48 ----D---- C:\WINDOWS\Help
2010-08-03 14:26:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-08-03 14:07:44 ----D---- C:\Program Files
2010-08-03 13:59:16 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-08-03 13:44:40 ----A---- C:\WINDOWS\system32\winlogon.exe
2010-08-03 13:42:02 ----SHD---- C:\WINDOWS\Installer
2010-08-03 13:42:01 ----HD---- C:\Config.Msi
2010-08-03 12:37:57 ----D---- C:\Program Files\Mozilla Thunderbird
2010-08-03 12:21:44 ----D---- C:\Avenger
2010-08-03 12:21:11 ----D---- C:\WINDOWS\system32\drivers
2010-08-02 22:40:31 ----A---- C:\WINDOWS\wincmd.ini
2010-07-23 22:31:54 ----D---- C:\Documents and Settings\Adriana\Data aplikací\DNA
2010-07-23 22:12:49 ----D---- C:\Program Files\Mozilla Firefox
2010-07-23 22:12:12 ----D---- C:\Documents and Settings\Adriana\Data aplikací\uTorrent
2010-07-23 22:12:07 ----D---- C:\Byliny
2010-07-23 22:06:18 ----D---- C:\Documents and Settings\Adriana\Data aplikací\Media Player Classic
2010-07-23 22:05:44 ----D---- C:\Program Files\CCleaner
2010-07-23 22:04:14 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-07-23 22:04:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-07-23 21:55:15 ----SHD---- C:\System Volume Information
2010-07-23 21:55:15 ----D---- C:\WINDOWS\system32\Restore
2010-07-23 21:36:09 ----D---- C:\Documents and Settings\Adriana\Data aplikací\Spyware Terminator
2010-07-23 21:35:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-07-23 19:53:30 ----D---- C:\Program Files\DNA
2010-07-22 21:52:18 ----D---- C:\DVD
2010-07-22 19:56:45 ----D---- C:\Documents and Settings\Adriana\Data aplikací\MSN6
2010-07-18 20:35:23 ----D---- C:\Documents and Settings\Adriana\Data aplikací\Skype
2010-07-18 19:39:09 ----D---- C:\Documents and Settings\Adriana\Data aplikací\skypePM
2010-07-16 21:52:34 ----A---- C:\WINDOWS\NeroDigital.ini
2010-07-12 22:32:53 ----D---- C:\A Foto
2010-07-12 22:32:22 ----D---- C:\A složka
2010-07-12 20:08:35 ----D---- C:\Hever
2010-07-11 10:00:58 ----D---- C:\MP2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\System32\DRIVERS\agp440.sys [2004-08-04 42368]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2007-03-08 43528]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\System32\DRIVERS\p3.sys [2004-08-17 46336]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2009-03-15 56268]

[riffman]

zdravim

C:\WINDOWS\system32\winlogon.exe otestujte na VIRUSTOTALu

(navod prosty: po nacteni stranky kliknete na tlacitko Prochazet, najdete cestu k vyse zminenemu souboru a kliknete na tlacitko Odeslat soubor, ignorujte pripadne hlasky, ze soubor byl jiz testovan a provedte sken znova; dejte skenerum nejakych deset minut; vysledek sem vlozte at uz zkopirovanim textu, nebo pripadne vlozenim odkazu po ukonceni skenu)

pokud to nepujde, restartujte pocitac, mackejte po startu F8, zvolte Stav nouze s praci v siti

[deathmiss]

Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2010.08.04.02 2010.08.04 -
AntiVir 8.2.4.32 2010.08.04 -
Antiy-AVL 2.0.3.7 2010.08.03 -
Authentium 5.2.0.5 2010.08.04 -
Avast 4.8.1351.0 2010.08.04 -
Avast5 5.0.332.0 2010.08.04 -
AVG 9.0.0.851 2010.08.04 -
BitDefender 7.2 2010.08.04 -
CAT-QuickHeal 11.00 2010.08.04 -
ClamAV 0.96.0.3-git 2010.08.04 -
Comodo 5641 2010.08.04 -
DrWeb 5.0.2.03300 2010.08.04 -
Emsisoft 5.0.0.36 2010.08.04 -
eSafe 7.0.17.0 2010.08.03 -
eTrust-Vet 36.1.7763 2010.08.04 -
F-Prot 4.6.1.107 2010.08.04 -
F-Secure 9.0.15370.0 2010.08.04 -
Fortinet 4.1.143.0 2010.08.04 -
GData 21 2010.08.04 -
Ikarus T3.1.1.84.0 2010.08.04 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.04 -
McAfee 5.400.0.1158 2010.08.04 -
McAfee-GW-Edition 2010.1 2010.08.04 -
Microsoft 1.6004 2010.08.04 -
NOD32 5338 2010.08.03 -
Norman 6.05.11 2010.08.03 -
nProtect 2010-08-04.01 2010.08.04 -
Panda 10.0.2.7 2010.08.03 -
PCTools 7.0.3.5 2010.08.04 -
Prevx 3.0 2010.08.04 -
Rising 22.59.02.00 2010.08.04 -
Sophos 4.56.0 2010.08.04 -
Sunbelt 6682 2010.08.04 -
SUPERAntiSpyware 4.40.0.1006 2010.08.04 -
Symantec 20101.1.1.7 2010.08.04 WS.Reputation.1
TheHacker 6.5.2.1.330 2010.08.04 -
TrendMicro 9.120.0.1004 2010.08.04 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.04 -
VBA32 3.12.12.7 2010.08.02 -
ViRobot 2010.8.3.3969 2010.08.04 -
VirusBuster 5.0.27.0 2010.08.03 -
Rozšiřující informace
File size: 502272 bytes
MD5...: 427e6ded3a2369d3432a683eb489ee14
SHA1..: bf7612516a2a23d57c17913c9db0dd02c25371be
SHA256: be0872874fd83b4652fa29d4123bb5e326624b662b0246f4ab070d09083ec63f
ssdeep: 6144:SYuZlm8LRlBw662R1pqrc7FmxSqVw/T+SN1TrSnmhPnpdcbFIzdFz/N5Wjy
fTNQ3:SVLBhic7Qy1vSneJFDNhp85

[riffman]

stahnete a ulozte na plochu ComboFix

pote spustte aplikaci pod uctem s administratorskym opravnenim (nikoli pod uctem s omezenym opravnenim)

v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano:



dale muze dojit k varovani ohledne rezidentniho stitu vaseho antiviru a upozorneni na nenainstalovanou konzoli pro zotaveni; tu zatim neinstalujte.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, deaktivujte jeho rezidentni stit, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim Combofixu s rezidentem antispyware


po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

[deathmiss]

ComboFix 10-08-04.05 - Adriana 05.08.2010 17:54:39.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.383.178 [GMT 2:00]
Spuštěný z: c:\documents and settings\Adriana\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Data aplikací\hpe814.dll
c:\windows\system32\auto.exe
c:\windows\system32\winlogon.bak

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-05 do 2010-08-05 )))))))))))))))))))))))))))))))
.

2010-08-03 12:31 . 2010-08-03 12:57 -------- d--h--w- c:\windows\$hf_mig$
2010-08-03 11:54 . 2006-06-27 03:40 3584 -c----w- c:\windows\system32\dllcache\WgaLogon.dll
2010-08-03 11:54 . 2006-06-27 03:40 12800 -c----w- c:\windows\system32\dllcache\WgaTray.exe
2010-08-03 11:48 . 2010-08-03 11:48 -------- d-----w- c:\program files\WGA cracked v. 1.5.532
2010-08-03 11:15 . 2010-08-03 11:15 -------- d-----w- C:\rsit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-05 09:36 . 2010-02-25 17:48 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-08-04 22:20 . 2009-12-26 17:59 -------- d-----w- c:\program files\Google
2010-08-03 11:44 . 2002-09-23 12:00 502272 ----a-w- c:\windows\system32\winlogon.exe
2010-07-23 20:05 . 2008-11-13 22:41 -------- d-----w- c:\program files\CCleaner
2010-07-23 20:04 . 2007-10-14 13:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-23 17:53 . 2008-11-03 18:04 -------- d-----w- c:\program files\DNA
2010-07-01 19:51 . 2010-07-01 19:51 -------- d-----w- c:\program files\Common Files\Java
2010-07-01 19:49 . 2010-07-01 19:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-01 19:49 . 2010-07-01 19:49 -------- d-----w- c:\program files\Java
2010-06-30 20:15 . 2010-06-30 20:15 -------- d-----w- c:\program files\Xvid
2010-06-30 20:14 . 2010-06-30 20:14 -------- d-----w- c:\program files\FDRLab
.

------- Sigcheck -------

[-] 2010-08-03 . 427E6DED3A2369D3432A683EB489EE14 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\winlogon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-10-14 921600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OEXPRESS"=c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE
"Sony Ericsson PC Companion"="c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /systray /nologon
"BitTorrent DNA"="c:\program files\DNA\btdna.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"CloneCDElbyCDFL"="c:\program files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"SoundMan"=SOUNDMAN.EXE
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Quake III Arena\\quake3.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\AviSynth 2.5\\BitLord\\BitLord.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [31.12.2008 14:41 141312]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [7.5.2010 18:36 90112]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [7.5.2010 18:22 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [7.5.2010 18:22 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [7.5.2010 18:22 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [7.5.2010 18:23 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [7.5.2010 18:23 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [7.5.2010 18:23 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [7.5.2010 18:23 109864]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-08-05 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]

2010-08-05 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uInternet Settings,ProxyServer = 219.93.178.162:3128
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: c:\windows\System32\imon.dll
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Adriana\Data aplikací\Mozilla\Firefox\Profiles\zcwqy6eo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-05 18:00
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-08-05 18:03:44
ComboFix-quarantined-files.txt 2010-08-05 16:03

Před spuštěním: 3 021 901 824
Po spuštění: 2 996 998 144

- - End Of File - - A343D70196E000803A1B970527C00163

[riffman]

c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\winlogon.exe

oba otestujte na Virustotalu a vysledky sem

[deathmiss]

c:\windows\system32\winlogon.exe

Antivirus Version Last Update Result
AhnLab-V3 2010.08.05.03 2010.08.05 -
AntiVir 8.2.4.32 2010.08.05 -
Antiy-AVL 2.0.3.7 2010.08.03 -
Authentium 5.2.0.5 2010.08.05 -
Avast 4.8.1351.0 2010.08.05 -
Avast5 5.0.332.0 2010.08.05 -
AVG 9.0.0.851 2010.08.05 -
BitDefender 7.2 2010.08.05 -
CAT-QuickHeal 11.00 2010.08.05 -
ClamAV 0.96.0.3-git 2010.08.05 -
Comodo 5656 2010.08.05 -
DrWeb 5.0.2.03300 2010.08.05 -
Emsisoft 5.0.0.36 2010.08.05 -
eSafe 7.0.17.0 2010.08.05 -
eTrust-Vet 36.1.7768 2010.08.05 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.05 -
Fortinet 4.1.143.0 2010.08.05 -
GData 21 2010.08.05 -
Ikarus T3.1.1.84.0 2010.08.05 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.05 -
McAfee 5.400.0.1158 2010.08.05 -
McAfee-GW-Edition 2010.1 2010.08.05 -
Microsoft 1.6004 2010.08.05 -
NOD32 5344 2010.08.05 -
Norman 6.05.11 2010.08.05 -
nProtect 2010-08-05.01 2010.08.05 -
Panda 10.0.2.7 2010.08.05 -
PCTools 7.0.3.5 2010.08.04 -
Prevx 3.0 2010.08.05 -
Rising 22.59.03.04 2010.08.05 -
Sophos 4.56.0 2010.08.05 -
Sunbelt 6690 2010.08.05 -
SUPERAntiSpyware 4.40.0.1006 2010.08.05 -
Symantec 20101.1.1.7 2010.08.05 WS.Reputation.1
TheHacker 6.5.2.1.334 2010.08.05 -
TrendMicro 9.120.0.1004 2010.08.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.05 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.8.4.3971 2010.08.05 -
VirusBuster 5.0.27.0 2010.08.05 -
Additional information
File size: 502272 bytes
MD5...: 427e6ded3a2369d3432a683eb489ee14
SHA1..: bf7612516a2a23d57c17913c9db0dd02c25371be
SHA256: be0872874fd83b4652fa29d4123bb5e326624b662b0246f4ab070d09083ec63f
ssdeep: 6144:SYuZlm8LRlBw662R1pqrc7FmxSqVw/T+SN1TrSnmhPnpdcbFIzdFz/N5Wjy
fTNQ3:SVLBhic7Qy1vSneJFDNhp85
PEiD..: -

c:\windows\ServicePackFiles\i386\winlogon.exe
Antivirus Version Last Update Result
AhnLab-V3 2010.08.05.03 2010.08.05 -
AntiVir 8.2.4.32 2010.08.05 -
Antiy-AVL 2.0.3.7 2010.08.03 Trojan/Win32.Patched.gen
Authentium 5.2.0.5 2010.08.05 -
Avast 4.8.1351.0 2010.08.05 -
Avast5 5.0.332.0 2010.08.05 -
AVG 9.0.0.851 2010.08.05 -
BitDefender 7.2 2010.08.05 -
CAT-QuickHeal 11.00 2010.08.05 -
ClamAV 0.96.0.3-git 2010.08.05 -
Comodo 5656 2010.08.05 -
DrWeb 5.0.2.03300 2010.08.05 -
Emsisoft 5.0.0.36 2010.08.05 -
eSafe 7.0.17.0 2010.08.05 Win32.Agent.ha
eTrust-Vet 36.1.7768 2010.08.05 -
F-Prot 4.6.1.107 2010.08.05 -
F-Secure 9.0.15370.0 2010.08.05 -
Fortinet 4.1.143.0 2010.08.05 -
GData 21 2010.08.05 -
Ikarus T3.1.1.84.0 2010.08.05 -
Jiangmin 13.0.900 2010.08.03 -
Kaspersky 7.0.0.125 2010.08.05 -
McAfee 5.400.0.1158 2010.08.05 -
McAfee-GW-Edition 2010.1 2010.08.05 -
Microsoft 1.6004 2010.08.05 -
NOD32 5344 2010.08.05 -
Norman 6.05.11 2010.08.05 -
nProtect 2010-08-05.01 2010.08.05 -
Panda 10.0.2.7 2010.08.05 -
PCTools 7.0.3.5 2010.08.04 -
Prevx 3.0 2010.08.05 -
Rising 22.59.03.04 2010.08.05 -
Sophos 4.56.0 2010.08.05 -
Sunbelt 6690 2010.08.05 -
SUPERAntiSpyware 4.40.0.1006 2010.08.05 -
Symantec 20101.1.1.7 2010.08.05 -
TheHacker 6.5.2.1.334 2010.08.05 -
TrendMicro 9.120.0.1004 2010.08.05 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.05 -
VBA32 3.12.12.8 2010.08.04 -
ViRobot 2010.8.4.3971 2010.08.05 -
VirusBuster 5.0.27.0 2010.08.05 -
Additional information
File size: 502272 bytes
MD5...: 221c29ae1b4cc61d11d8b27de78b2307
SHA1..: b88e9fc2e1205559e3fc8c3b562ec45b56bb2595
SHA256: 70f824164fc862aaaf740dee7d6f77f78d51a27ee1caec344a203f58b7dddbaa
ssdeep: 6144:LYuZlm8LRlBw662R1pqrc7FmxSqVw/T+SN1TrSnmhPnpdcrFIzdFz/N5Wjy
fTNQb:LVLBhic7Qy1vSneJFDNhp81
PEiD..: -

[riffman]

stahnete GMER , rozbalte a spustte


v operacnich systemech Windows Vista a Windows 7 spoustejte aplikaci jako spravce (kliknutim pravym mysitkem na ikonu aplikace a volbou "Spustit jako spravce"

probehne sken, po jehoz ukonceni na vas bafnou vysledky

pote kliknete na Save a ulozite tak log, jehoz obsah sem vlozte

pote dle tohoto navodu absolvujte druhy sken a opet obsah logu sem

[deathmiss]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-08-06 11:52:03
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Adriana\LOCALS~1\Temp\afpirfog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )

---- EOF - GMER 1.0.15 ----

[riffman]

jeste ten druhej sken

[deathmiss]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-06 12:19:49
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Adriana\LOCALS~1\Temp\afpirfog.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1440] USER32.dll!TrackPopupMenu 77D84F16 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2972] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs amon.sys (Amon monitor/Eset )
AttachedDevice \FileSystem\Fastfat \Fat amon.sys (Amon monitor/Eset )

---- EOF - GMER 1.0.15 ----


jo a ještě jsem zapomněla napsat, že po scanu combofixem začaly fungovat prohlížeče:)

[riffman]

bodejt by nezacaly

z hlediska mozne virove infekce je to v poradku, jeste nejake trable?

[deathmiss]

ne už se zdá být vše v pohodě, tak vám mockrát děkuju za pomoc:-)

[riffman]

jeste po mne uklidte ten muj svincik

http://sweb.cz/Marinus/T-Cleaner.exe

stahnout (ignorujte pripadne hlasky vaseho antiviru o infekci, skutecne se o malware nejedna), spustit, v okne potvrdit klepnutim na klavesu A vykonani akce, nechat probehnout