velmi pomalý comp a web

[jarda.otta]

velmi pomalý comp a web.Otevírání oken snad několik minut. Vyčistil jsem Cleanerem,Advanced systemCare kde našel spoustu škodlivéhosoftware a chyb v registrech,poté Malwarebyte kde našel 32 hrozeb.Vše jsem dal odstrnit.Rychlost se poněkus zlepšila ale není to ještě ono.Prosím o kontrolu logu z Rsit.Přikládám log z Malwarebytes a nakonec Rsit.Děkuji za ochotu.Jaroslav Otta
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4119

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

20.5.2010 15:28:11
mbam-log-2010-05-20 (15-28-11).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 209861
Uplynulý čas: 3 hodina(y), 5 minuta(y), 4 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 16
Infikované hodnoty registru: 2
Infikované datové položky registru: 3
Infikované složky: 3
Infikované soubory: 8

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{dabf362d-d442-4402-9208-ca9ed70dd01e} (Adware.Advantage) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ac3a9ef-c0f8-41d4-b4e2-b7cebb794151} (Adware.Advantage) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{862def42-89aa-49fa-ae1f-8a84b1b08a17} (Adware.Advantage) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f6e4845d-1d13-4bc0-942d-b9191524cc48} (Adware.Advantage) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{602d9049-b4ac-4a25-bf75-a9b54d747cba} (Adware.Advantage) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wyyo Service (Adware.Wyyo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\runtime (Rootkit.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{0494d0d9-f8e0-41ad-92a3-14154ece70ac} (Adware.MywaySearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
C:\Program Files\Advantage (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\MyWay (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Wyyo (Adware.Zwangi) -> Quarantined and deleted successfully.

Infikované soubory:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\AdVantage.htm (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\AdVUninst.exe (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\ffext.mod (Adware.Advantage) -> Quarantined and deleted successfully.
C:\Program Files\Advantage\TR.dll (Adware.Advantage) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8_exception.nls (Trojan.Tibs) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ipv6monl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\smdat32m.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


[size=150]Rsit[/size]
Logfile of random's system information tool 1.06 (written by random/random)
Run by Ladislav Kopecký at 2010-05-21 12:29:31
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 2 GB (10%) free of 19 GB
Total RAM: 503 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:56, on 21.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpamBayes\bin\sb_tray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ladislav Kopecký\Plocha\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Ladislav Kopecký.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Startup: SpamBayes Tray Icon.lnk = C:\Program Files\SpamBayes\bin\sb_tray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: GEMINI IBS 31 ZIBA Applet Security - https://www1.netbanka.cz/ZIBAIBS32/bin/ ... .3.0.1.cab
O16 - DPF: GEMINI IBS 31 ZIBA Applet Utilities - https://www1.netbanka.cz/ZIBAIBS32/bin/ ... .99.99.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {672EE252-D813-4F5E-81BB-5DD163DD4FA5} (Active602XMLFiller Control) - https://www.mojedatovaschranka.cz/stati ... b?3,14,8,0
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe

--
End of file - 7486 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{8939BEE2-AE3C-44E3-A406-553410EABB63}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2009-07-02 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2009-07-02 491520]
Locked

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\soundman.exe [2002-03-21 46592]
"IgfxTray"=C:\WINDOWS\System32\igfxtray.exe [2002-03-26 155648]
"HotKeysCmds"=C:\WINDOWS\System32\hkcmd.exe [2002-03-26 106496]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]
"ToolBoxFX"=C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe [2008-02-20 53248]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-10-11 1961984]
"OEXPRESS"=C:\WINDOWS\OETRN.EXE [2009-07-02 26624]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-03-09 26100520]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-02-08 2343632]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Documents and Settings\Ladislav Kopecký\Nabídka Start\Programy\Po spuštění
SpamBayes Tray Icon.lnk - C:\Program Files\SpamBayes\bin\sb_tray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2002-03-26 294912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-09-20 441136]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Alwil Software\Avast4\ashAvast.exe"="C:\Program Files\Alwil Software\Avast4\ashAvast.exe:*:Enabled:avast! Antivirus"
"C:\Program Files\Outlook Express\msimn.exe"="C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\SpamBayes\bin\sb_tray.exe"="C:\Program Files\SpamBayes\bin\sb_tray.exe:*:Enabled:sb_tray"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{69ffef34-4eb8-11dd-be0a-00508da244d9}]
shell\AutoRun\command - F:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2010-05-21 12:29:31 ----D---- C:\rsit
2010-05-20 15:08:52 ----D---- C:\Program Files\PhotoFiltre Studio
2010-05-20 14:28:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2010-05-20 14:21:12 ----D---- C:\Documents and Settings\Ladislav Kopecký\Data aplikací\WinRAR
2010-05-20 14:20:37 ----D---- C:\Program Files\WinRAR
2010-05-20 11:30:21 ----D---- C:\Program Files\IObit
2010-05-20 11:30:21 ----D---- C:\Documents and Settings\Ladislav Kopecký\Data aplikací\IObit
2010-05-20 11:24:48 ----D---- C:\Documents and Settings\Ladislav Kopecký\Data aplikací\Malwarebytes
2010-05-20 11:24:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-05-20 11:24:19 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-05-20 11:16:00 ----A---- C:\WINDOWS\ntbtlog.txt
2010-05-20 10:49:51 ----D---- C:\WINDOWS\pss
2010-05-20 10:26:42 ----D---- C:\Program Files\CCleaner
2010-05-20 10:23:18 ----SHD---- C:\Config.Msi
2010-05-19 09:01:29 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-04-29 17:52:34 ----D---- C:\Program Files\7-Zip

======List of files/folders modified in the last 1 months======

2010-05-21 12:29:38 ----D---- C:\WINDOWS\Prefetch
2010-05-21 12:24:10 ----D---- C:\Documents and Settings\Ladislav Kopecký\Data aplikací\Skype
2010-05-21 12:12:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-21 12:12:05 ----D---- C:\WINDOWS
2010-05-21 12:04:36 ----AD---- C:\WINDOWS\Temp
2010-05-21 11:46:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-21 11:18:19 ----D---- C:\Documents and Settings\Ladislav Kopecký\Data aplikací\skypePM
2010-05-20 22:54:10 ----A---- C:\WINDOWS\TextSpy.ini
2010-05-20 15:31:12 ----D---- C:\WINDOWS\system32\drivers
2010-05-20 15:28:11 ----RD---- C:\Program Files
2010-05-20 15:28:09 ----D---- C:\WINDOWS\system32
2010-05-20 13:17:08 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-20 11:43:26 ----A---- C:\WINDOWS\wincmd.ini
2010-05-20 11:34:29 ----SHD---- C:\System Volume Information
2010-05-20 11:34:29 ----D---- C:\WINDOWS\system32\Restore
2010-05-20 10:35:47 ----D---- C:\WINDOWS\Debug
2010-05-20 10:28:39 ----SHD---- C:\WINDOWS\Installer
2010-05-20 10:17:11 ----HD---- C:\WINDOWS\inf
2010-05-19 09:01:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-19 09:01:53 ----D---- C:\Program Files\Outlook Express
2010-05-19 04:44:35 ----AD---- C:\Program Files\Thunderbird
2010-05-18 22:24:59 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-30 20:51:06 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-28 21:34:55 ----D---- C:\Documents and Settings\Ladislav Kopecký\Data aplikací\U3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 {6080A529-897E-4629-A488-ABA0C29B635E};Intel(R) Graphics Platform (SoftBIOS) Driver; C:\WINDOWS\system32\drivers\ialmsbw.sys [2002-04-05 88320]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 kbfilter;Keyboard Filter Driver; C:\WINDOWS\system32\drivers\kbfilter.sys [2000-09-25 11864]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91};Intel(R) Graphics Chipset (KCH) Driver; C:\WINDOWS\system32\drivers\ialmkchw.sys [2002-04-05 69472]
R3 ALCXWDM;Service for Avance AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2002-03-25 303948]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ialm;ialm; C:\WINDOWS\System32\DRIVERS\ialmnt5.sys [2002-04-05 77277]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 alcan5wn;Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\System32\DRIVERS\alcan5wn.sys [2002-11-12 53168]
S3 alcaudsl;Alcatel Speed Touch ADSL Modem ATM Transport; C:\WINDOWS\System32\DRIVERS\alcaudsl.sys [2002-11-12 748544]
S3 Bridge;Most MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 genmcmn;Scroll Mouse Driver; C:\WINDOWS\System32\DRIVERS\gmfiltr.sys []
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2007-07-16 17432]
S3 kvpndev;Kerio VPN adapter; C:\WINDOWS\System32\DRIVERS\kvpndrv.sys [2005-02-11 61440]
S3 RT2500;RT2500 Wireless Driver; C:\WINDOWS\System32\DRIVERS\RT2500.sys [2004-06-10 191360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 TeamViewer4;TeamViewer 4; C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe [2009-03-23 185640]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 MrayPigeonServer;MrayPigeonServer; C:\WINDOWS\M_Server2006.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Rudy]

Ještě udělejte sken ComboFix a dejte log.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[jarda.otta]

děkuji za pomoc. Ke kamarádovi se dostanu až zitra dopoledne a dám sem ten log z combofix. Děkuji.
zde je porozatím část logu z MWAV co jsme dělali minulí týden na začátku než jsem kontaktoval fórum.

21 V 2010 15:33:42 - ***** Prohledávání registrů a souborů na přítomnost Adware/Spyware *****
21 V 2010 15:33:42 - Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\LADISL~1\LOCALS~1\Temp\spydb.avs, Size: 942705]...
21 V 2010 15:33:42 - Indexed Spyware Databases Successfully Created...

21 V 2010 16:35:36 - System found infected with kazaa Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{66FC8717-EFA7-4546-8C4A-E224F3A80C76})! Action taken: Ponecháno, neodstraněno!.
21 V 2010 16:35:36 - System found infected with MediaAdVantage Spyware/Adware (HKEY_CLASSES_ROOT\AppID\{69E0089F-28BC-4BB5-862B-E2B07C3B83C6})! Action taken: Ponecháno, neodstraněno!.
21 V 2010 16:35:36 - System found infected with MediaAdVantage Spyware/Adware (HKEY_CLASSES_ROOT\AppID\{69E0089F-28BC-4BB5-862B-E2B07C3B83C6})! Action taken: Ponecháno, neodstraněno!.
21 V 2010 16:35:37 - Offending Key found: HKLM\Software\Kazaa !!!
21 V 2010 16:35:37 - Objekt "kazaa Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

21 V 2010 16:35:37 - Offending Key found: HKCU\Software\Kazaa !!!
21 V 2010 16:35:37 - Objekt "kazaa Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

21 V 2010 16:35:37 - Offending Key found: HKCR\TR.TRFactory !!!
21 V 2010 16:35:37 - Objekt "MediaAdVantage Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

21 V 2010 16:35:38 - Offending Key found: HKCR\TR.TRFactory.1 !!!
21 V 2010 16:35:38 - Objekt "MediaAdVantage Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

21 V 2010 16:35:38 - Offending file found: C:\WINDOWS\iun6002.exe
21 V 2010 16:35:38 - System found infected with Spyware.NetScreenWatch Spyware/Adware (iun6002.exe)! Action taken: Ponecháno, neodstraněno!.

21 V 2010 16:35:38 - Offending file found: C:\WINDOWS\system32\ban_list.txt
21 V 2010 16:35:38 - System found infected with combo Spyware/Adware (ban_list.txt)! Action taken: Ponecháno, neodstraněno!.

21 V 2010 16:35:38 - Offending file found: C:\WINDOWS\system32\start.cdi
21 V 2010 16:35:38 - System found infected with Cydoor Spyware/Adware (start.cdi)! Action taken: Ponecháno, neodstraněno!.

21 V 2010 16:35:38 - Offending Folder found: C:\Program Files\Kazaa
21 V 2010 16:35:38 - Objekt "kazaa Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.

[Rudy]

Nalezeny zbytky Spyware. Uvidíme, co ukáže CF.

[jarda.otta]

spustil jsem combofix dle instrukcí.vypnul antivir a firewall.Combofix nalezl několik havětí, ale po restartu systému se začal vytvářet log report.Byla výzva abych nespouštěl jiné aplikace.Ale ta hláška že vytváří log report trvala příliš dlouho.Cca 35 minut a nic se nedělo,tak jsem musel natvrdo restartovat.Nešel ani restart přes start/restartopvat počítač.Tak nevím jak postupovat dál.Děkuji.
P.S. a ještě k výše vypsanému části logu z MWAV.
Uvedené, popsané a neodstraněné hrozby v logu v mém pc skutečně jsou. Ale když jednotlivé soubory testuji na www.virustotal.com, tak tam nic nalezeno není, tak jak si to mám vysvětlit? Jinak pc po combofixu výrazně zrychlil.

[Rudy]

Podívejte se po souboru C:\combofix.txt. Měl by v něm být log. Obsah toho souboru sem zkopírujte.