Problém s přepínáním a samovolnému zavírání oken

[iby5ek]

Dobrý den,
na mém notebooku se poslední dobou dějí "divné věci". Během psaní ve Wordu nebo Excelu se samovolně minimalizují nebo zneaktivňují okna. Trvá dlouho než počítač naběhne po startu a i během činnosti občas na chvíli zamrzne.
Přikládám log z RSIT:


Logfile of random's system information tool 1.06 (written by random/random)
Run by Karel at 2013-04-02 14:25:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 1 GB (16%) free of 10 GB
Total RAM: 255 MB (54% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\ASC6_PerformanceMonitor.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-07-24 63048]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6]
C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe [2012-09-24 490880]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe /minimized /regrun []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Tenda W311U.lnk]
C:\PROGRA~1\Tenda\W311U\UI.exe [2009-06-29 2125824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Karel^Nabídka Start^Programy^Po spuštění^WinMySQLadmin.lnk]
C:\apache\mysql\bin\WINMYS~1.EXE [2001-11-03 1167872]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
IO Control.lnk - C:\Program Files\Agilent\IO Libraries\bin\iprocsvr.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
NDAS Device Management.lnk - C:\Program Files\NDAS\System\ndasmgmt.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2011-10-26 87424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\apache\Apache.exe"="C:\apache\Apache.exe:*:Enabled:Apache"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Agilent\IO Libraries\bin\siclland.exe"="C:\Program Files\Agilent\IO Libraries\bin\siclland.exe:*:Enabled:32-bit SICL LAN Server"
"C:\Program Files\Agilent\IO Libraries\bin\portmap.exe"="C:\Program Files\Agilent\IO Libraries\bin\portmap.exe:*:Enabled:32-bit SICL port mapper"
"C:\Program Files\Mozilla Firefox\plugin-container.exe"="C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Disabled:Plugin Container for Firefox"
"C:\Program Files\D4\D4.exe"="C:\Program Files\D4\D4.exe:*:Enabled:Dimension 4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2013-04-02 14:25:26 ----D---- C:\Program Files\trend micro
2013-04-02 14:25:19 ----D---- C:\rsit

======List of files/folders modified in the last 1 months======

2013-04-02 14:25:26 ----RD---- C:\Program Files
2013-04-02 14:25:20 ----D---- C:\WINDOWS\Prefetch
2013-04-02 14:18:59 ----D---- C:\Program Files\Mozilla Firefox
2013-04-02 13:42:42 ----AD---- C:\WINDOWS\system32
2013-04-02 13:42:40 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-04-02 13:42:21 ----D---- C:\WINDOWS\Temp
2013-04-02 13:38:07 ----D---- C:\WINDOWS
2013-04-01 21:06:14 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-04-01 20:52:43 ----D---- C:\Documents and Settings\Karel\Data aplikací\Media Player Classic
2013-04-01 20:30:27 ----D---- C:\Instal
2013-04-01 20:11:15 ----SHD---- C:\WINDOWS\Installer
2013-04-01 20:11:11 ----D---- C:\Config.Msi
2013-04-01 20:10:53 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-04-01 20:10:52 ----HD---- C:\WINDOWS\inf
2013-04-01 18:34:20 ----D---- C:\Program Files\D4
2013-04-01 18:29:00 ----D---- C:\Download
2013-04-01 18:21:53 ----D---- C:\WINDOWS\network diagnostic
2013-04-01 17:14:39 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-04-01 17:13:46 ----D---- C:\WINDOWS\system32\CatRoot2
2013-04-01 16:53:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2013-04-01 16:53:42 ----RD---- C:\Program Files\Skype
2013-04-01 16:53:42 ----D---- C:\Program Files\Common Files
2013-04-01 16:53:36 ----D---- C:\Documents and Settings\Karel\Data aplikací\Skype
2013-04-01 16:49:23 ----D---- C:\Program Files\gbWebCam-Lite
2013-03-31 23:11:23 ----SD---- C:\WINDOWS\Tasks
2013-03-31 15:50:51 ----D---- C:\tmp
2013-03-31 15:45:19 ----D---- C:\WINDOWS\Help
2013-03-17 12:52:55 ----D---- C:\WINDOWS\Minidump
2013-03-17 12:52:55 ----D---- C:\WINDOWS\Debug

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2012-09-30 3026]
R1 ndasfat;NDAS FAT File System Service; C:\WINDOWS\system32\DRIVERS\ndasfat.sys [2009-02-10 416232]
R1 ndasrofs;NDAS ROFS File System Service; C:\WINDOWS\system32\DRIVERS\ndasrofs.sys [2009-02-10 783848]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\System32\DRIVERS\p3.sys [2008-04-14 46592]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.5.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2012-04-05 21419]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\System32\drivers\LMIRfsDriver.sys []
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [2002-09-23 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [2002-09-23 55936]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter; C:\WINDOWS\System32\DRIVERS\DUBE100B.sys [2006-05-26 18560]
R3 Edspport;EDSP Port Driver; C:\WINDOWS\System32\DRIVERS\es56cvmp.sys [2001-10-24 595647]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 lmimirr;lmimirr; C:\WINDOWS\System32\DRIVERS\lmimirr.sys [2008-07-24 10144]
R3 maestro;ESS Maestro 3 Audio Driver (WDM); C:\WINDOWS\system32\drivers\es198x.sys [2001-08-17 174464]
R3 ndasbus;NDAS Bus Driver; C:\WINDOWS\system32\DRIVERS\ndasbus.sys [2009-02-10 121320]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 smimini;smimini; C:\WINDOWS\System32\DRIVERS\smiminib.sys [2001-08-17 58368]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys []
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\System32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 actser;actser; C:\WINDOWS\system32\drivers\actser.sys [2004-08-23 29440]
S3 bdacap;PC-DTV Receiver; C:\WINDOWS\system32\drivers\bdacap.sys [2006-02-14 217728]
S3 Bridge;Most MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 CV2K1;CommView Network Monitor; C:\WINDOWS\system32\DRIVERS\cv2k1.sys []
S3 GemCCID;GemCCID; C:\WINDOWS\System32\Drivers\GemCCID.sys [2008-04-04 87424]
S3 GLHIDKBFILTER;GLHIDKBFILTER; C:\WINDOWS\System32\DRIVERS\GLKbFilter.sys [2006-01-06 11264]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\System32\DRIVERS\MPE.sys [2008-04-13 15232]
S3 MSIRCOMM;Microsoft IR Communications Driver; C:\WINDOWS\system32\DRIVERS\MSIRCOMM.sys [2008-04-13 22016]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 ndasscsi;NDAS SCSI Miniport Driver; C:\WINDOWS\system32\DRIVERS\ndasscsi.sys [2009-02-10 276968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2012-01-09 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2012-01-09 23168]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2002-09-23 5888]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt2870.sys [2008-08-28 627072]
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\System32\DRIVERS\rt73.sys []
S3 Ser2pl;Prolific2 Serial port driver; C:\WINDOWS\system32\DRIVERS\ser2pl.sys [2008-08-14 48640]
S3 siusbmod;siusbmod; C:\WINDOWS\system32\DRIVERS\siusbmod.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\System32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SQTECH930B;iCam Tracer CCD; C:\WINDOWS\System32\Drivers\Capt930b.sys [2005-11-24 305053]
S3 streamip;BDA IPSink; C:\WINDOWS\System32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2012-01-09 8192]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-13 30208]
S3 Usblink;Usblink Driver; C:\WINDOWS\System32\Drivers\ulink.sys [2003-06-03 40060]
S3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2012-01-09 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdvancedSystemCareService6;Advanced SystemCare Service 6; C:\Program Files\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-31 464256]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2011-10-26 374152]
R2 ndassvc;NDAS Service; C:\Program Files\NDAS\System\ndassvc.exe [2009-02-10 411112]
R2 PHPGeekUtil;PHPGeekUtil; c:\apache\APACHE.EXE [2002-01-25 20480]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 xmengine service;CryptoPlus XME Engine Service; C:\WINDOWS\system32\xmesrv.exe [2010-06-08 34696]
S2 MySql;MySql; C:/apache/mysql/bin/mysqld-nt.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-09 129976]
S4 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2011-10-26 136584]
S4 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2010-11-08 390528]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
sys
Předem díky za odpovědi

[Rudy]

Zdravím!
Poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[iby5ek]

Zdravím,
přikládám log. Na začátku skenu nastal problém s využitím paměti ale nakonec test doběhl.


ComboFix 13-04-02.01 - Karel 02.04.2013 19:06:58.2.1 - x86
Spuštěný z: G:\ComboFix.exe
.
ADS - system32: deleted 12 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\My.ini
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\hwinterface.sys
c:\windows\System32\MSMAsk32.ocx
c:\windows\system32\SET36.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET3E.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Legacy_hwinterface
-------\Service_hwinterface
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-02 do 2013-04-02 )))))))))))))))))))))))))))))))
.
.
2013-04-02 16:41 . 2013-04-02 16:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sophos
2013-04-02 16:40 . 2013-04-02 16:40 73728 ----a-r- c:\documents and settings\Karel\Data aplikací\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-02 16:40 . 2013-04-02 16:40 73728 ----a-r- c:\documents and settings\Karel\Data aplikací\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-02 16:40 . 2013-04-02 16:40 73728 ----a-r- c:\documents and settings\Karel\Data aplikací\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-04-02 16:39 . 2013-04-02 16:39 -------- d-----w- c:\program files\Sophos
2013-04-02 12:25 . 2013-04-02 12:25 -------- d-----w- c:\program files\trend micro
2013-04-02 12:25 . 2013-04-02 12:25 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-02 19:47 . 2013-03-02 19:47 46592 ----a-w- c:\windows\system32\MSMASK32.oca
2013-03-02 19:47 . 2013-03-02 19:47 25600 ----a-w- c:\windows\system32\mscomm32.oca
2013-03-02 19:47 . 2013-03-02 19:47 18944 ----a-w- c:\windows\system32\PICCLP32.oca
2013-03-02 19:47 . 2013-03-02 19:47 17920 ----a-w- c:\windows\system32\SYSINFO.oca
2013-03-02 19:47 . 2013-03-02 19:47 62976 ----a-w- c:\windows\system32\MCI32.oca
2013-03-02 19:47 . 2013-03-02 19:47 43520 ----a-w- c:\windows\system32\msmapi32.oca
2013-03-02 19:47 . 2013-03-02 19:47 22528 ----a-w- c:\windows\system32\MSWINSCK.oca
2013-03-02 19:47 . 2013-03-02 19:47 156672 ----a-w- c:\windows\system32\MSCHART.oca
2013-03-02 19:47 . 2013-03-02 19:47 61440 ----a-w- c:\windows\system32\RICHTX32.oca
2013-03-02 19:47 . 2013-03-02 19:47 29184 ----a-w- c:\windows\system32\msinet.oca
2013-03-02 19:47 . 2013-03-02 19:47 61952 ----a-w- c:\windows\system32\DBGRID32.oca
2013-03-02 19:47 . 2013-03-02 19:47 51200 ----a-w- c:\windows\system32\COMCT232.oca
2013-03-02 19:47 . 2013-03-02 19:47 75776 ----a-w- c:\windows\system32\MSFLXGRD.oca
2013-03-02 19:47 . 2013-03-02 19:47 66048 ----a-w- c:\windows\system32\DBLIST32.oca
2013-03-02 19:47 . 2013-03-02 19:47 42496 ----a-w- c:\windows\system32\TABCTL32.oca
2013-03-01 18:30 . 2013-03-01 18:30 238080 ----a-w- c:\windows\system32\comctl32.oca
2013-01-30 14:02 . 2013-02-02 18:17 24736 ----a-w- c:\windows\system32\normaliz.dll
2009-09-04 16:01 . 2009-09-04 16:01 525656 -c--a-w- c:\program files\DXSETUP.exe
2009-09-04 16:01 . 2009-09-04 16:01 94024 -c--a-w- c:\program files\DSETUP.dll
2009-09-04 16:01 . 2009-09-04 16:01 1691464 -c--a-w- c:\program files\dsetup32.dll
2012-09-09 09:51 . 2012-09-09 09:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
IO Control.lnk - c:\program files\Agilent\IO Libraries\bin\iprocsvr.exe [2011-3-19 122880]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NDAS Device Management.lnk - c:\program files\NDAS\System\ndasmgmt.exe [2009-2-10 341480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-10-26 15:24 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Tenda W311U.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Tenda W311U.lnk
backup=c:\windows\pss\Tenda W311U.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Karel^Nabídka Start^Programy^Po spuštění^WinMySQLadmin.lnk]
path=c:\documents and settings\Karel\Nabídka Start\Programy\Po spuštění\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6]
2012-09-24 20:59 490880 ----a-w- c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"STICAP"=c:\windows\Twain_32\iCam Tracer CCD\SnapTrap.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\apache\\Apache.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Agilent\\IO Libraries\\bin\\siclland.exe"=
"c:\\Program Files\\Agilent\\IO Libraries\\bin\\portmap.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
R0 ndasfs;ndasfs;c:\windows\system32\drivers\ndasfs.sys [10.2.2009 12:49 285160]
R1 ndasfat;NDAS FAT File System Service;c:\windows\system32\drivers\ndasfat.sys [10.2.2009 12:49 416232]
R1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\drivers\ndasrofs.sys [10.2.2009 12:49 783848]
R1 oreans32;oreans32;c:\windows\system32\drivers\oreans32.sys [27.3.2007 19:57 33824]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [10.2.2013 14:25 464256]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [9.10.2010 13:38 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 18:46 12856]
R2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [25.1.2002 6:30 20480]
R2 xmengine service;CryptoPlus XME Engine Service;c:\windows\system32\xmesrv.exe [9.10.2009 10:00 34696]
R3 maestro;ESS Maestro 3 Audio Driver (WDM);c:\windows\system32\drivers\es198x.sys [22.2.2007 16:09 174464]
R3 smimini;smimini;c:\windows\system32\drivers\smiminib.sys [22.2.2007 16:10 58368]
S3 bdacap;PC-DTV Receiver;c:\windows\system32\drivers\bdacap.sys [28.2.2007 22:33 217728]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys --> c:\windows\system32\DRIVERS\cv2k1.sys [?]
S3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100B.sys [24.8.2009 21:02 18560]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [14.5.2010 22:16 87424]
S3 GLHIDKBFILTER;GLHIDKBFILTER;c:\windows\system32\drivers\GLKbFilter.sys [28.2.2007 22:33 11264]
S3 siusbmod;siusbmod;c:\windows\system32\DRIVERS\siusbmod.sys --> c:\windows\system32\DRIVERS\siusbmod.sys [?]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;c:\program files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [13.2.2013 14:14 153080]
S3 SQTECH930B;iCam Tracer CCD;c:\windows\system32\drivers\Capt930b.sys [8.1.2011 17:26 305053]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [4.4.2007 19:08 40060]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-02 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2013-02-10 19:33]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: business24.cz\www
Trusted Zone: servis24.cz\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\8m5i4400.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2010-11-28 22:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: dom.disable_window_status_change - true
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-InterVideo WinDVD - c:\windows\IsUn0405.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-02 20:02
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-1202660629-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DEA2476F-749C-6796-8F01-D41D06B6F613}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaobhbafcinmimpfag"=hex:6b,61,64,67,6c,6b,61,6a,6b,62,65,6c,6a,70,66,64,67,66,
66,6c,6f,66,00,7c
"haidbgcndmmoeedg"=hex:6a,61,64,67,69,6c,70,6f,70,66,65,6d,6c,63,63,67,6c,67,
65,65,00,df
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(2936)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\NDAS\System\ndassvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\Agilent\IO Libraries\bin\iproc82357.exe
c:\program files\Agilent\IO Libraries\bin\iproc488.exe
.
**************************************************************************
.
Celkový čas: 2013-04-02 20:16:00 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-04-02 18:15
.
Před spuštěním: 1 327 407 104
Po spuštění: 1 278 341 120
.
- - End Of File - - E5E23AAF357A68CF77EF25444FE9E528

[Rudy]

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\windows\system32\drivers\oreans32.sys

Driver::
oreans32

Firefox::
FF - ProfilePath - c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\8m5i4400.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.5.3&q=
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2010-11-28 22:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: dom.disable_window_status_change - true

Regnull::
[HKEY_USERS\S-1-5-21-1960408961-1202660629-842925246-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{DEA2476F-749C-6796-8F01-D41D06B6F613}*]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[iby5ek]

Po vykonání toho skriptu už je hotovo? Popř. co s tím teda bylo prosím?

[Rudy]

Dáte log z posledního skenu a pak se uvidí.

[iby5ek]

Tak tady to je:
ComboFix 13-04-02.01 - Karel 02.04.2013 21:22:51.3.1 - x86
Spuštěný z: c:\documents and settings\Karel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Karel\Plocha\CFScript.txt
.
file zipped: c:\windows\system32\drivers\oreans32.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\oreans32.sys
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_OREANS32
-------\Service_oreans32
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-03-02 do 2013-04-02 )))))))))))))))))))))))))))))))
.
.
2013-04-02 16:41 . 2013-04-02 16:41 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Sophos
2013-04-02 16:40 . 2013-04-02 16:40 73728 ----a-r- c:\documents and settings\Karel\Data aplikací\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-02 16:40 . 2013-04-02 16:40 73728 ----a-r- c:\documents and settings\Karel\Data aplikací\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2013-04-02 16:40 . 2013-04-02 16:40 73728 ----a-r- c:\documents and settings\Karel\Data aplikací\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2013-04-02 16:39 . 2013-04-02 16:39 -------- d-----w- c:\program files\Sophos
2013-04-02 12:25 . 2013-04-02 12:25 -------- d-----w- c:\program files\trend micro
2013-04-02 12:25 . 2013-04-02 12:25 -------- d-----w- C:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-02 19:47 . 2013-03-02 19:47 46592 ----a-w- c:\windows\system32\MSMASK32.oca
2013-03-02 19:47 . 2013-03-02 19:47 25600 ----a-w- c:\windows\system32\mscomm32.oca
2013-03-02 19:47 . 2013-03-02 19:47 18944 ----a-w- c:\windows\system32\PICCLP32.oca
2013-03-02 19:47 . 2013-03-02 19:47 17920 ----a-w- c:\windows\system32\SYSINFO.oca
2013-03-02 19:47 . 2013-03-02 19:47 62976 ----a-w- c:\windows\system32\MCI32.oca
2013-03-02 19:47 . 2013-03-02 19:47 43520 ----a-w- c:\windows\system32\msmapi32.oca
2013-03-02 19:47 . 2013-03-02 19:47 22528 ----a-w- c:\windows\system32\MSWINSCK.oca
2013-03-02 19:47 . 2013-03-02 19:47 156672 ----a-w- c:\windows\system32\MSCHART.oca
2013-03-02 19:47 . 2013-03-02 19:47 61440 ----a-w- c:\windows\system32\RICHTX32.oca
2013-03-02 19:47 . 2013-03-02 19:47 29184 ----a-w- c:\windows\system32\msinet.oca
2013-03-02 19:47 . 2013-03-02 19:47 61952 ----a-w- c:\windows\system32\DBGRID32.oca
2013-03-02 19:47 . 2013-03-02 19:47 51200 ----a-w- c:\windows\system32\COMCT232.oca
2013-03-02 19:47 . 2013-03-02 19:47 75776 ----a-w- c:\windows\system32\MSFLXGRD.oca
2013-03-02 19:47 . 2013-03-02 19:47 66048 ----a-w- c:\windows\system32\DBLIST32.oca
2013-03-02 19:47 . 2013-03-02 19:47 42496 ----a-w- c:\windows\system32\TABCTL32.oca
2013-03-01 18:30 . 2013-03-01 18:30 238080 ----a-w- c:\windows\system32\comctl32.oca
2013-01-30 14:02 . 2013-02-02 18:17 24736 ----a-w- c:\windows\system32\normaliz.dll
2009-09-04 16:01 . 2009-09-04 16:01 525656 -c--a-w- c:\program files\DXSETUP.exe
2009-09-04 16:01 . 2009-09-04 16:01 94024 -c--a-w- c:\program files\DSETUP.dll
2009-09-04 16:01 . 2009-09-04 16:01 1691464 -c--a-w- c:\program files\dsetup32.dll
2012-09-09 09:51 . 2012-09-09 09:51 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
IO Control.lnk - c:\program files\Agilent\IO Libraries\bin\iprocsvr.exe [2011-3-19 122880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-10-26 15:24 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Tenda W311U.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Tenda W311U.lnk
backup=c:\windows\pss\Tenda W311U.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Karel^Nabídka Start^Programy^Po spuštění^WinMySQLadmin.lnk]
path=c:\documents and settings\Karel\Nabídka Start\Programy\Po spuštění\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 6]
2012-09-24 20:59 490880 ----a-w- c:\program files\IObit\Advanced SystemCare 6\ASCTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"STICAP"=c:\windows\Twain_32\iCam Tracer CCD\SnapTrap.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\apache\\Apache.exe"=
"c:\\Program Files\\Miranda IM\\miranda32.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Agilent\\IO Libraries\\bin\\siclland.exe"=
"c:\\Program Files\\Agilent\\IO Libraries\\bin\\portmap.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
R0 ndasfs;ndasfs;c:\windows\system32\drivers\ndasfs.sys [10.2.2009 12:49 285160]
R1 ndasfat;NDAS FAT File System Service;c:\windows\system32\drivers\ndasfat.sys [10.2.2009 12:49 416232]
R1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\drivers\ndasrofs.sys [10.2.2009 12:49 783848]
R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare 6\ASCService.exe [10.2.2013 14:25 464256]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 18:46 12856]
R3 maestro;ESS Maestro 3 Audio Driver (WDM);c:\windows\system32\drivers\es198x.sys [22.2.2007 16:09 174464]
R3 smimini;smimini;c:\windows\system32\drivers\smiminib.sys [22.2.2007 16:10 58368]
S3 bdacap;PC-DTV Receiver;c:\windows\system32\drivers\bdacap.sys [28.2.2007 22:33 217728]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys --> c:\windows\system32\DRIVERS\cv2k1.sys [?]
S3 DUBE100B;D-Link DUB-E100 USB 2.0 Fast Ethernet Adapter;c:\windows\system32\drivers\DUBE100B.sys [24.8.2009 21:02 18560]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [14.5.2010 22:16 87424]
S3 GLHIDKBFILTER;GLHIDKBFILTER;c:\windows\system32\drivers\GLKbFilter.sys [28.2.2007 22:33 11264]
S3 siusbmod;siusbmod;c:\windows\system32\DRIVERS\siusbmod.sys --> c:\windows\system32\DRIVERS\siusbmod.sys [?]
S3 SQTECH930B;iCam Tracer CCD;c:\windows\system32\drivers\Capt930b.sys [8.1.2011 17:26 305053]
S3 Usblink;Usblink Driver;c:\windows\system32\drivers\ulink.sys [4.4.2007 19:08 40060]
.
Obsah adresáře 'Naplánované úlohy'
.
2013-04-02 c:\windows\Tasks\ASC6_PerformanceMonitor.job
- c:\program files\IObit\Advanced SystemCare 6\Monitor.exe [2013-02-10 19:33]
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: business24.cz\www
Trusted Zone: servis24.cz\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\8m5i4400.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2010-11-28 22:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.switch.threshold - 1000000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: dom.disable_window_status_change - true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-02 21:54
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySql]
"ImagePath"="C:/apache/mysql/bin/mysqld-nt.exe"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
- - - - - - - > 'explorer.exe'(3032)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\program files\LogMeIn\x86\LMIGuardianSvc.exe
c:\program files\NDAS\System\ndassvc.exe
c:\apache\APACHE.EXE
c:\windows\system32\xmesrv.exe
c:\apache\APACHE.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-04-02 22:05:08 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-04-02 20:04
ComboFix2.txt 2013-04-02 18:16
.
Před spuštěním: 1 114 124 288
Po spuštění: 1 101 041 664
.
- - End Of File - - DCC6EE84BE785DD03EA9E3D03ACA0EB5
Nahr nˇ probŘhlo ŁspŘçnŘ

[Rudy]

Vše smazáno. Nastala nějaká změna?

[iby5ek]

Zatím změnu nevidím. Ještě zkusím proskenovat přes Kaspersky virus removal tool. Odpoledne napíšu

[iby5ek]

Tak ani Kaspersky nic nenašel, takže pravděpodobně už všechno v pořádku. Díky za pomoc!

EDIT: počítač už takhle pomalu dosluhuje a výkon není nic moc. Proto mám problémy s antiviry (avast, McAfee, AVG, Avira), které mi vždy počítač přetíží. Neznáte nějaký jiný antivirus nebo kombinaci nástrojů pro zabezpečení a prevenci notebooku?

[Rudy]

Váš problém bude v malém disku a tím nedostatku volného místa. 10GB je pro WinXP opravdu málo. Jinak jste měl v systému trojáky a rootkity. Po virové stránce máte nyní čisto.