Mysz działa jedynie kilka sekund


(welll1) #1

Otóż pędząc z pomocom wujowi trafiłem na dość dziwny problem.

Mysz jakiś A4Tech na usb.

Mianowicie mysz działa tylko przez kilka sekund od pojawienia się okienka logowania XP (SP3), długość działania wydaje się być losowa. W pewnym momencie ekran tak jakby mignie chociaż nie zawsze i mysz przestaje reagować. Przełączenie do innego portu USB czasem pomaga na kolejne kilka sekund, czasem nie daje reakcji, a czasem wywali dymek że nie może rozpoznać urządzenia HID itd.

Mysz sprawna bo na moim komputerze śmiga normalnie.

KIS nic nie wykrywa i nie krzyczy.

Reinstall sterowników choć uciążliwy z samą klawiaturą bo żadnej myszki nie łapie nie daje efektów.

Tryb awaryjny również nie pozwala na obsługę myszy.

Przywracanie systemu też nie pomogło.

Przejściówka na PS2 również nie pomaga.

Problem pojawił się gdzieś ponad tydzień temu, zainstalowane w przybliżonym czasie programy:

Google Chrome, Google Earth, Update Javy

Log z Combofixa:

ComboFix 10-11-10.04 - User 2010-11-11 17:17:18.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1250.48.1045.18.1023.412 [GMT 1:00]

Uruchomiony z: c:\documents and settings\User\Moje dokumenty\Downloads\ComboFix.exe

.


((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.


c:\documents and settings\All Users\Menu Start\HP Image Zone .lnk

c:\windows\system32\ati2evxx(10).dll

c:\windows\system32\ati2evxx(11).dll

c:\windows\system32\ati2evxx(12).dll

c:\windows\system32\ati2evxx(13).dll

c:\windows\system32\ati2evxx(14).dll

c:\windows\system32\ati2evxx(15).dll

c:\windows\system32\ati2evxx(16).dll

c:\windows\system32\ati2evxx(17).dll

c:\windows\system32\ati2evxx(18).dll

c:\windows\system32\ati2evxx(19).dll

c:\windows\system32\ati2evxx(20).dll

c:\windows\system32\ati2evxx(21).dll

c:\windows\system32\ati2evxx(22).dll

c:\windows\system32\ati2evxx(23).dll

c:\windows\system32\ati2evxx(24).dll

c:\windows\system32\ati2evxx(25).dll

c:\windows\system32\ati2evxx(26).dll

c:\windows\system32\ati2evxx(27).dll

c:\windows\system32\ati2evxx(28).dll

c:\windows\system32\ati2evxx(29).dll

c:\windows\system32\ati2evxx(30).dll

c:\windows\system32\ati2evxx(31).dll

c:\windows\system32\ati2evxx(32).dll

c:\windows\system32\ati2evxx(33).dll

c:\windows\system32\ati2evxx(34).dll

c:\windows\system32\ati2evxx(35).dll

c:\windows\system32\ati2evxx(36).dll

c:\windows\system32\ati2evxx(37).dll

c:\windows\system32\ati2evxx(38).dll

c:\windows\system32\ati2evxx(39).dll

c:\windows\system32\ati2evxx(40).dll

c:\windows\system32\ati2evxx(41).dll

c:\windows\system32\ati2evxx(42).dll

c:\windows\system32\ati2evxx(43).dll

c:\windows\system32\ati2evxx(44).dll

c:\windows\system32\ati2evxx(45).dll

c:\windows\system32\ati2evxx(46).dll

c:\windows\system32\ati2evxx(47).dll

c:\windows\system32\ati2evxx(48).dll

c:\windows\system32\ati2evxx(49).dll

c:\windows\system32\ati2evxx(50).dll

c:\windows\system32\ati2evxx(51).dll

c:\windows\system32\ati2evxx(52).dll

c:\windows\system32\ati2evxx(53).dll

c:\windows\system32\ati2evxx(54).dll

c:\windows\system32\ati2evxx(55).dll

c:\windows\system32\ati2evxx(56).dll

c:\windows\system32\ati2evxx(57).dll

c:\windows\system32\ati2evxx(58).dll

c:\windows\system32\ati2evxx(59).dll

c:\windows\system32\ati2evxx(60).dll

c:\windows\system32\ati2evxx(61).dll

c:\windows\system32\ati2evxx(7).dll

c:\windows\system32\ati2evxx(8).dll

c:\windows\system32\ati2evxx(9).dll

c:\windows\system32\msconfig.exe


c:\windows\system32\midimap.dll . . . jest zainfekowany!!


.

((((((((((((((((((((((((( Pliki utworzone od 2010-10-11 do 2010-11-11 )))))))))))))))))))))))))))))))

.


2010-11-11 16:30 . 2010-11-11 16:30	--------	d-----w-	c:\windows\system32\xircom

2010-11-11 16:30 . 2010-11-11 16:30	--------	d-----w-	c:\windows\system32\wbem\snmp

2010-11-11 16:30 . 2010-11-11 16:30	--------	d-----w-	c:\windows\system32\oobe

2010-11-11 16:30 . 2010-11-11 16:30	--------	d-----w-	c:\windows\srchasst

2010-11-11 16:30 . 2010-11-11 16:30	--------	d-----w-	c:\windows\msagent

2010-11-11 15:30 . 2010-11-11 15:30	--------	d-----w-	c:\program files\A4Tech

2010-11-11 15:21 . 2001-10-26 11:57	12160	----a-w-	c:\windows\system32\drivers\mouhid.sys

2010-11-11 15:20 . 2008-04-13 21:15	10368	----a-w-	c:\windows\system32\drivers\hidusb.sys

2010-10-28 23:43 . 2010-10-28 23:43	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\McAfee Security Scan

2010-10-23 18:54 . 2010-10-23 18:54	--------	d-----w-	c:\documents and settings\LocalService\Dane aplikacji\McAfee

2010-10-22 01:57 . 2010-10-22 01:57	--------	d-----w-	c:\windows\system32\Adobe

2010-10-21 00:19 . 2010-10-21 00:19	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\McAfee

2010-10-21 00:19 . 2010-11-05 00:54	--------	d-----w-	c:\program files\McAfee Security Scan

2010-10-13 21:47 . 2010-10-13 21:47	--------	d-----w-	c:\program files\Common Files\Adobe


.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-15 03:50 . 2010-05-05 08:45	472808	----a-w-	c:\windows\system32\deployJava1.dll

2010-09-15 01:29 . 2009-12-03 01:57	73728	----a-w-	c:\windows\system32\javacpl.cpl

2010-08-16 01:28 . 2010-06-15 00:40	790528	----a-w-	c:\windows\system32\xvidcore.dll

2010-08-16 01:28 . 2009-12-02 20:24	134144	----a-w-	c:\windows\system32\xvidvfw.dll

2010-06-03 15:23 . 2009-12-19 04:22	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.


------- Sigcheck -------


[-] 2008-06-16 . 030DC4D48CC2B894FEE2F390D8E66AD5 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys


[-] 2008-06-16 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe


[-] 2008-06-16 . 37ED43F3DEC4400586554D61C3129478 . 112128 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe


[-] 2008-06-16 . 7F059A93D251284A8BC758327ECD3D69 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll

[7] 2008-06-16 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[7] 2008-06-16 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


[-] 2008-07-07 . 04404B7F25984558AD3390BF84C4EB95 . 2153472 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe


[-] 2007-07-11 . CE594E18FE0D0AF804F1F3694921CE62 . 642560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll


[-] 2008-06-27 . 4EC7ED41D95D18B3CD1A2BD9DFEFB591 . 1424896 . . [6.00.2900.5512] . . c:\windows\explorer.exe



[-] 2008-06-16 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll




[-] 2008-07-19 . 2BC05E243B86AA8E569EE3C5D8B3C424 . 2032128 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe


c:\windows\System32\wscntfy.exe ... - brak elementu 

c:\windows\System32\ctfmon.exe ... - brak elementu 

c:\windows\System32\regsvc.dll ... - brak elementu 

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  

REGEDIT4


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{442AE524-EBA5-4b17-82F3-888D68BC999A}]

2009-11-24 19:27	252416	----a-w-	c:\program files\oovootb\auxi\oovooAu.dll


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]

2009-11-24 21:35	87512	----a-w-	c:\program files\oovootb\oovoodx.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files\oovootb\oovoodx.dll" [2009-11-24 87512]


[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]

"Gadu-Gadu 10"="d:\documents and settings\User\Moje dokumenty\Gadu-Gadu 10\gg.exe" [2010-10-07 12661344]

"IVONA ControlCenter"="c:\program files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" [2010-05-28 1576960]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-03 30192]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2010-01-13 208616]

"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-03-23 888832]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 147456]


[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

"nltide_3"="advpack.dll" [2008-06-16 124928]


c:\documents and settings\All Users\Menu Start\Programy\Autostart\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"DisableStatusMessages"= 1 (0x1)


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)


[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSMHelp"= 1 (0x1)

"NoSMMyPictures"= 1 (0x1)

"NoSMConfigurePrograms"= 1 (0x1)

"NoResolveTrack"= 1 (0x1)


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk]

backup=c:\windows\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup


[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk]

backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-20 21:07	932288	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-09-23 02:47	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]

2010-03-23 23:23	1432064	----a-w-	d:\program files\ALLPlayer\ALLUpdate.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]

2009-03-02 11:08	209153	----a-w-	c:\program files\Avira\AntiVir Desktop\avgnt.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]

2009-02-28 18:40	75048	----a-w-	c:\program files\CyberLink\Shared Files\brs.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fotkomat]

2010-08-18 08:05	277504	----a-w-	e:\moje obrazy\3.Rodzinne zdjęcia\15.Moje zdjęcia\Fotkomat\Fotkomat.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]

2009-01-02 15:12	3399727	----a-w-	d:\program files\Free Download Manager\fdm.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]

2008-03-20 10:04	2127296	----a-w-	c:\program files\Gadu-Gadu\gg.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-10-21 20:53	136176	----atw-	c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2005-05-11 22:12	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]

2010-09-17 16:03	17438712	----a-w-	c:\program files\ipla\ipla.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]

2009-12-08 20:30	32768	----a-w-	c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]

2005-12-07 09:26	489472	----a-w-	c:\program files\Logitech\Video\CameraAssistant.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]

2004-11-01 16:22	262144	----a-w-	c:\windows\system32\ElkCtrl.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]

2005-12-07 09:33	73728	----a-w-	c:\program files\Logitech\Video\InstallHelper.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2007-09-04 21:40	6856704	----a-w-	c:\program files\MSN Messenger\msnmsgr.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]

2008-10-13 19:41	50472	------w-	c:\program files\CyberLink\PowerDVD9\Language\Language.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrzyspieszKomputer]

2010-07-21 12:49	871160	----a-w-	c:\program files\Przyspiesz Komputer\PrzyspieszKomputer.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]

2009-02-16 08:55	87336	------w-	c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2009-02-04 11:27	23975720	----a-r-	c:\program files\Skype\Phone\Skype.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]

2009-11-25 17:50	2011205	----a-w-	c:\program files\Software Informer\softinfo.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]

2004-12-22 10:31	266240	----a-w-	c:\program files\WinFast\WFTVFM\WFWIZ.exe


[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"f:\\Medal of Honor\\MOHAA.EXE"=

"f:\\Medal of Honor PA\\mohpa.exe"=

"c:\\Program Files\\ooVoo\\ooVoo.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"d:\\Program Files\\Free Download Manager\\fdmwi.exe"=

"d:\\uTorrent.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443

"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443

"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674

"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674

"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675


R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-12-02 691696]

R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/20 06:10];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-02-28 19:40 87536]

R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2010-01-03 75925]

R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2010-01-03 36423]

R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [2010-01-03 10005]

R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-02 108289]

S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]

S3 GoogleDesktopManager-051210-111108;Menedżer Google Desktop 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-19 30192]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]

S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [2010-01-03 9510]


--- Inne Usługi/Sterowniki w Pamięci ---


*NewlyCreated* - HELPSVC

.

Zawartość folderu 'Zaplanowane zadania'


2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 23:47]


2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 23:47]


2010-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-688789844-2147024339-1001Core.job

- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-11-08 20:53]


2010-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-688789844-2147024339-1001UA.job

- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-11-08 20:53]

.

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.interia.pl/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/keyword/%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&ksport do programu Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000

IE: Pobierz plik wideo we Free Download Manager - file://d:\program files\Free Download Manager\dlfvideo.htm

IE: Pobierz w Free Download Manager - file://d:\program files\Free Download Manager\dllink.htm

IE: Pobierz wszystkie pliki w Free Download Manager - file://d:\program files\Free Download Manager\dlall.htm

IE: Pobierz zaznaczone w Free Download Manager - file://d:\program files\Free Download Manager\dlselected.htm

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\ng1hr5t3.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://www.interia.pl/

FF - prefs.js: keyword.URL - hxxp://search.addthis.com/search?pco=fxe-3.1.0&locale=pl&sl=ub&q=

FF - component: c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\ng1hr5t3.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\dtTransparency.dll

FF - component: c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\ng1hr5t3.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\dtTransparency3.5.dll

FF - component: c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\ng1hr5t3.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\dtTransparency3.6.dll

FF - component: d:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.4.dll

FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\nppl3260.dll

FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\nprpjplug.dll

FF - plugin: c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: d:\program files\VideoLAN\VLC\npvlc.dll


---- FIREFOX - SPOSÓB POSTĘPOWANIA ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - USUNIĘTO PUSTE WPISY - - - -


BHO-{99E00A4C-D35E-11DD-BA95-9B6A56D89593} - (no file)

MSConfigStartUp-ExprOElauncher - d:\program files\ivo\Expressivo Demo\integr\OutlookExpress\ExprOElauncher.exe

MSConfigStartUp-zzGBK - G:\setup.exe




**************************************************************************


catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-11 17:33

Windows 5.1.2600 Dodatek Service Pack 3 NTFS


skanowanie ukrytych procesów ...  


skanowanie ukrytych wpisów autostartu ... 


skanowanie ukrytych plików ...  


skanowanie pomyślnie ukończone

ukryte pliki: 0


**************************************************************************


[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]

"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------


- - - - - - - > 'winlogon.exe'(1068)

c:\windows\system32\sfc_os.dll

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\cscui.dll

c:\windows\system32\COMRes.dll


- - - - - - - > 'lsass.exe'(1124)

c:\windows\system32\scecli.dll


- - - - - - - > 'explorer.exe'(7792)

c:\windows\system32\SHDOCVW.dll

c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

c:\windows\system32\COMRes.dll

c:\windows\System32\cscui.dll

c:\windows\system32\LINKINFO.dll

c:\windows\system32\ntshrui.dll

c:\windows\system32\msi.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

c:\windows\system32\NETSHELL.dll

c:\windows\system32\credui.dll

c:\windows\system32\MSVCP60.dll

c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

d:\progra~1\ALLPLA~1\YOUTUB~1.DLL

c:\windows\system32\VxLibRes.dll

d:\program files\Microsoft Office\OFFICE11\msohev.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe

c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\windows\SOUNDMAN.EXE

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

c:\windows\system32\WISPTIS.EXE

.

**************************************************************************

.

Czas ukończenia: 2010-11-11 17:35:32 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2010-11-11 16:35


Przed: 887 717 888 bajtów wolnych

Po: 826 654 720 bajtów wolnych


WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect


- - End Of File - - 1215F4D2749FD2345F879985CBC90B17

[/code]