Strona 1 z 1

Mysz działa jedynie kilka sekund.

: 11 lis 2010, 18:26
autor: welll1
Otóż pędząc z pomocom wujowi trafiłem na dość dziwny problem.
Mysz jakiś A4Tech na usb.
Mianowicie mysz działa tylko przez kilka sekund od pojawienia się okienka logowania XP (SP3), długość działania wydaje się być losowa. W pewnym momencie ekran tak jakby mignie chociaż nie zawsze i mysz przestaje reagować. Przełączenie do innego portu USB czasem pomaga na kolejne kilka sekund, czasem nie daje reakcji, a czasem wywali dymek że nie może rozpoznać urządzenia HID itd.
Mysz sprawna bo na moim komputerze śmiga normalnie.
KIS nic nie wykrywa i nie krzyczy.
Reinstall sterowników choć uciążliwy z samą klawiaturą bo żadnej myszki nie łapie nie daje efektów.
Tryb awaryjny również nie pozwala na obsługę myszy.
Przywracanie systemu też nie pomogło.
Przejściówka na PS2 również nie pomaga.
Problem pojawił się gdzieś ponad tydzień temu, zainstalowane w przybliżonym czasie programy:
Google Chrome, Google Earth, Update Javy


Log z Combofixa:

Kod: Zaznacz cały

ComboFix 10-11-10.04 - User 2010-11-11  17:17:18.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1250.48.1045.18.1023.412 [GMT 1:00]
Uruchomiony z: c:\documents and settings\User\Moje dokumenty\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Menu Start\HP Image Zone .lnk
c:\windows\system32\ati2evxx(10).dll
c:\windows\system32\ati2evxx(11).dll
c:\windows\system32\ati2evxx(12).dll
c:\windows\system32\ati2evxx(13).dll
c:\windows\system32\ati2evxx(14).dll
c:\windows\system32\ati2evxx(15).dll
c:\windows\system32\ati2evxx(16).dll
c:\windows\system32\ati2evxx(17).dll
c:\windows\system32\ati2evxx(18).dll
c:\windows\system32\ati2evxx(19).dll
c:\windows\system32\ati2evxx(20).dll
c:\windows\system32\ati2evxx(21).dll
c:\windows\system32\ati2evxx(22).dll
c:\windows\system32\ati2evxx(23).dll
c:\windows\system32\ati2evxx(24).dll
c:\windows\system32\ati2evxx(25).dll
c:\windows\system32\ati2evxx(26).dll
c:\windows\system32\ati2evxx(27).dll
c:\windows\system32\ati2evxx(28).dll
c:\windows\system32\ati2evxx(29).dll
c:\windows\system32\ati2evxx(30).dll
c:\windows\system32\ati2evxx(31).dll
c:\windows\system32\ati2evxx(32).dll
c:\windows\system32\ati2evxx(33).dll
c:\windows\system32\ati2evxx(34).dll
c:\windows\system32\ati2evxx(35).dll
c:\windows\system32\ati2evxx(36).dll
c:\windows\system32\ati2evxx(37).dll
c:\windows\system32\ati2evxx(38).dll
c:\windows\system32\ati2evxx(39).dll
c:\windows\system32\ati2evxx(40).dll
c:\windows\system32\ati2evxx(41).dll
c:\windows\system32\ati2evxx(42).dll
c:\windows\system32\ati2evxx(43).dll
c:\windows\system32\ati2evxx(44).dll
c:\windows\system32\ati2evxx(45).dll
c:\windows\system32\ati2evxx(46).dll
c:\windows\system32\ati2evxx(47).dll
c:\windows\system32\ati2evxx(48).dll
c:\windows\system32\ati2evxx(49).dll
c:\windows\system32\ati2evxx(50).dll
c:\windows\system32\ati2evxx(51).dll
c:\windows\system32\ati2evxx(52).dll
c:\windows\system32\ati2evxx(53).dll
c:\windows\system32\ati2evxx(54).dll
c:\windows\system32\ati2evxx(55).dll
c:\windows\system32\ati2evxx(56).dll
c:\windows\system32\ati2evxx(57).dll
c:\windows\system32\ati2evxx(58).dll
c:\windows\system32\ati2evxx(59).dll
c:\windows\system32\ati2evxx(60).dll
c:\windows\system32\ati2evxx(61).dll
c:\windows\system32\ati2evxx(7).dll
c:\windows\system32\ati2evxx(8).dll
c:\windows\system32\ati2evxx(9).dll
c:\windows\system32\msconfig.exe

c:\windows\system32\midimap.dll . . . jest zainfekowany!!

.
(((((((((((((((((((((((((   Pliki utworzone od 2010-10-11 do 2010-11-11  )))))))))))))))))))))))))))))))
.

2010-11-11 16:30 . 2010-11-11 16:30	--------	d-----w-	c:\windows\system32\xircom
2010-11-11 16:30 . 2010-11-11 16:30	--------	d-----w-	c:\windows\system32\wbem\snmp
2010-11-11 16:30 . 2010-11-11 16:30	--------	d-----w-	c:\windows\system32\oobe
2010-11-11 16:30 . 2010-11-11 16:30	--------	d-----w-	c:\windows\srchasst
2010-11-11 16:30 . 2010-11-11 16:30	--------	d-----w-	c:\windows\msagent
2010-11-11 15:30 . 2010-11-11 15:30	--------	d-----w-	c:\program files\A4Tech
2010-11-11 15:21 . 2001-10-26 11:57	12160	----a-w-	c:\windows\system32\drivers\mouhid.sys
2010-11-11 15:20 . 2008-04-13 21:15	10368	----a-w-	c:\windows\system32\drivers\hidusb.sys
2010-10-28 23:43 . 2010-10-28 23:43	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\McAfee Security Scan
2010-10-23 18:54 . 2010-10-23 18:54	--------	d-----w-	c:\documents and settings\LocalService\Dane aplikacji\McAfee
2010-10-22 01:57 . 2010-10-22 01:57	--------	d-----w-	c:\windows\system32\Adobe
2010-10-21 00:19 . 2010-10-21 00:19	--------	d-----w-	c:\documents and settings\All Users\Dane aplikacji\McAfee
2010-10-21 00:19 . 2010-11-05 00:54	--------	d-----w-	c:\program files\McAfee Security Scan
2010-10-13 21:47 . 2010-10-13 21:47	--------	d-----w-	c:\program files\Common Files\Adobe

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 03:50 . 2010-05-05 08:45	472808	----a-w-	c:\windows\system32\deployJava1.dll
2010-09-15 01:29 . 2009-12-03 01:57	73728	----a-w-	c:\windows\system32\javacpl.cpl
2010-08-16 01:28 . 2010-06-15 00:40	790528	----a-w-	c:\windows\system32\xvidcore.dll
2010-08-16 01:28 . 2009-12-02 20:24	134144	----a-w-	c:\windows\system32\xvidvfw.dll
2010-06-03 15:23 . 2009-12-19 04:22	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[-] 2008-06-16 . 030DC4D48CC2B894FEE2F390D8E66AD5 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-06-16 . 335813EACD16E84F3047A3326F6E5473 . 549888 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2008-06-16 . 37ED43F3DEC4400586554D61C3129478 . 112128 . . [5.4.3790.5512] . . c:\windows\system32\wuauclt.exe

[-] 2008-06-16 . 7F059A93D251284A8BC758327ECD3D69 . 724992 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2008-06-16 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-06-16 . 737739FACEAD60683AA8D7FF7602FD14 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2008-07-07 . 04404B7F25984558AD3390BF84C4EB95 . 2153472 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe

[-] 2007-07-11 . CE594E18FE0D0AF804F1F3694921CE62 . 642560 . . [5.1.2600.3099] . . c:\windows\system32\user32.dll

[-] 2008-06-27 . 4EC7ED41D95D18B3CD1A2BD9DFEFB591 . 1424896 . . [6.00.2900.5512] . . c:\windows\explorer.exe


[-] 2008-06-16 . C8BDAD4065118558B3DC360FC96D81DB . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll



[-] 2008-07-19 . 2BC05E243B86AA8E569EE3C5D8B3C424 . 2032128 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe

c:\windows\System32\wscntfy.exe ...  - brak elementu !!
c:\windows\System32\ctfmon.exe ...  - brak elementu !!
c:\windows\System32\regsvc.dll ...  - brak elementu !!
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{442AE524-EBA5-4b17-82F3-888D68BC999A}]
2009-11-24 19:27	252416	----a-w-	c:\program files\oovootb\auxi\oovooAu.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A1FB2F9A-D35E-11DD-8935-E46A56D89593}]
2009-11-24 21:35	87512	----a-w-	c:\program files\oovootb\oovoodx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A1FB2F9A-D35E-11DD-8935-E46A56D89593}"= "c:\program files\oovootb\oovoodx.dll" [2009-11-24 87512]

[HKEY_CLASSES_ROOT\clsid\{a1fb2f9a-d35e-11dd-8935-e46a56d89593}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"Gadu-Gadu 10"="d:\documents and settings\User\Moje dokumenty\Gadu-Gadu 10\gg.exe" [2010-10-07 12661344]
"IVONA ControlCenter"="c:\program files\IVONA\IVONA ControlCenter\IVONA ControlCenter.exe" [2010-05-28 1576960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 67072]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-03 30192]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2010-01-13 208616]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-03-23 888832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"WheelMouse"="c:\progra~1\A4Tech\Mouse\Amoumain.exe" [2004-08-25 147456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2008-06-16 124928]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^HP Image Zone - szybkie uruchamianie.lnk]
backup=c:\windows\pss\HP Image Zone - szybkie uruchamianie.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Logitech Desktop Messenger.lnk]
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07	932288	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 02:47	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate]
2010-03-23 23:23	1432064	----a-w-	d:\program files\ALLPlayer\ALLUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08	209153	----a-w-	c:\program files\Avira\AntiVir Desktop\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-02-28 18:40	75048	----a-w-	c:\program files\CyberLink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fotkomat]
2010-08-18 08:05	277504	----a-w-	e:\moje obrazy\3.Rodzinne zdjęcia\15.Moje zdjęcia\Fotkomat\Fotkomat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
2009-01-02 15:12	3399727	----a-w-	d:\program files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
2008-03-20 10:04	2127296	----a-w-	c:\program files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-21 20:53	136176	----atw-	c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-11 22:12	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPLA!]
2010-09-17 16:03	17438712	----a-w-	c:\program files\ipla\ipla.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2009-12-08 20:30	32768	----a-w-	c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
2005-12-07 09:26	489472	----a-w-	c:\program files\Logitech\Video\CameraAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
2004-11-01 16:22	262144	----a-w-	c:\windows\system32\ElkCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
2005-12-07 09:33	73728	----a-w-	c:\program files\Logitech\Video\InstallHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-09-04 21:40	6856704	----a-w-	c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2008-10-13 19:41	50472	------w-	c:\program files\CyberLink\PowerDVD9\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrzyspieszKomputer]
2010-07-21 12:49	871160	----a-w-	c:\program files\Przyspiesz Komputer\PrzyspieszKomputer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-02-16 08:55	87336	------w-	c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-02-04 11:27	23975720	----a-r-	c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
2009-11-25 17:50	2011205	----a-w-	c:\program files\Software Informer\softinfo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
2004-12-22 10:31	266240	----a-w-	c:\program files\WinFast\WFTVFM\WFWIZ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"f:\\Medal of Honor\\MOHAA.EXE"=
"f:\\Medal of Honor PA\\mohpa.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"d:\\Program Files\\Free Download Manager\\fdmwi.exe"=
"d:\\uTorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-12-02 691696]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/12/20 06:10];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-02-28 19:40 87536]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [2010-01-03 75925]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [2010-01-03 36423]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [2010-01-03 10005]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-12-02 108289]
S2 gupdate;Usługa Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-06 136176]
S3 GoogleDesktopManager-051210-111108;Menedżer Google Desktop 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-19 30192]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [2010-01-03 9510]

--- Inne Usługi/Sterowniki w Pamięci ---

*NewlyCreated* - HELPSVC
.
Zawartość folderu 'Zaplanowane zadania'

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 23:47]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-05 23:47]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-688789844-2147024339-1001Core.job
- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-11-08 20:53]

2010-11-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-688789844-2147024339-1001UA.job
- c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Google\Update\GoogleUpdate.exe [2010-11-08 20:53]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.interia.pl/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&ksport do programu Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Pobierz plik wideo we Free Download Manager - file://d:\program files\Free Download Manager\dlfvideo.htm
IE: Pobierz w Free Download Manager - file://d:\program files\Free Download Manager\dllink.htm
IE: Pobierz wszystkie pliki w Free Download Manager - file://d:\program files\Free Download Manager\dlall.htm
IE: Pobierz zaznaczone w Free Download Manager - file://d:\program files\Free Download Manager\dlselected.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\ng1hr5t3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.interia.pl/
FF - prefs.js: keyword.URL - hxxp://search.addthis.com/search?pco=fxe-3.1.0&locale=pl&sl=ub&q=
FF - component: c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\ng1hr5t3.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\dtTransparency.dll
FF - component: c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\ng1hr5t3.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\dtTransparency3.5.dll
FF - component: c:\documents and settings\User\Dane aplikacji\Mozilla\Firefox\Profiles\ng1hr5t3.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\dtTransparency3.6.dll
FF - component: d:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\npgg.4.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\nppl3260.dll
FF - plugin: c:\documents and settings\All Users\Dane aplikacji\Gadu-Gadu 10\_userdata\nprpjplug.dll
FF - plugin: c:\documents and settings\User\Ustawienia lokalne\Dane aplikacji\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\VideoLAN\VLC\npvlc.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - USUNIĘTO PUSTE WPISY - - - -

BHO-{99E00A4C-D35E-11DD-BA95-9B6A56D89593} - (no file)
MSConfigStartUp-ExprOElauncher - d:\program files\ivo\Expressivo Demo\integr\OutlookExpress\ExprOElauncher.exe
MSConfigStartUp-zzGBK - G:\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-11 17:33
Windows 5.1.2600 Dodatek Service Pack 3 NTFS

skanowanie ukrytych procesów ...  

skanowanie ukrytych wpisów autostartu ... 

skanowanie ukrytych plików ...  

skanowanie pomyślnie ukończone
ukryte pliki: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

- - - - - - - > 'winlogon.exe'(1068)
c:\windows\system32\sfc_os.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll

- - - - - - - > 'lsass.exe'(1124)
c:\windows\system32\scecli.dll

- - - - - - - > 'explorer.exe'(7792)
c:\windows\system32\SHDOCVW.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\LINKINFO.dll
c:\windows\system32\ntshrui.dll
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
c:\program files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
d:\progra~1\ALLPLA~1\YOUTUB~1.DLL
c:\windows\system32\VxLibRes.dll
d:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\WISPTIS.EXE
.
**************************************************************************
.
Czas ukończenia: 2010-11-11  17:35:32 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2010-11-11 16:35

Przed: 887 717 888 bajtów wolnych
Po: 826 654 720 bajtów wolnych

WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 1215F4D2749FD2345F879985CBC90B17
EDIT.
Dziwna sprawa, po cofnięciu systemu o ponad 10 dni oraz podłączeniu tej myszki na trzy dni innego komputera problem ustąpił.