Divné chování PC - myš a klávesnice

Zpráva

MH · #1 Příspěvek od MH » 04 pro 2010 20:53

Ahoj, prosím o kontrolu logu jestli problém s tím, že sama od sebe pise klavesnice a klika mys nedělá vir. Všelijak náhodne. uz jsem zkusil nějaké softy na kontrolu a pročištění, ale dělá to pořád, a to i když vyndám baterky z myši i klavesnice.
Log z Combofix:
ComboFix 10-12-03.03 - wencaS 04.12.2010 16:40:21.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1017 [GMT 1:00]
Spuštěný z: c:\documents and settings\wencaS\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\d.ini
c:\windows\system32\Chip.dll
c:\windows\system32\Pvt.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-04 do 2010-12-04 )))))))))))))))))))))))))))))))
.

2010-12-04 08:24 . 2010-12-04 08:24 1409 ----a-w- c:\windows\QTFont.for
2010-12-03 19:58 . 2010-12-03 19:58 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-26 17:39 . 2010-11-26 17:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Panasonic
2010-11-26 17:32 . 2007-06-14 19:57 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2010-11-26 17:32 . 2005-04-30 21:41 49152 ----a-w- c:\windows\system32\setupsvc.dll
2010-11-26 17:32 . 2007-06-14 19:57 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2010-11-26 17:32 . 2006-12-18 20:42 8704 ----a-w- c:\windows\system32\BHARegister.dll
2010-11-26 17:32 . 2006-02-20 02:17 33408 ----a-w- c:\windows\system32\drivers\cdrbsdrv.sys
2010-11-26 17:32 . 2010-11-26 17:32 -------- d-----w- c:\program files\Panasonic
2010-11-18 10:09 . 2010-11-18 10:09 -------- d-----w- c:\documents and settings\All Users\Data aplikací\ReviverSoft
2010-11-18 10:09 . 2010-11-18 10:09 -------- d-----w- c:\documents and settings\wencaS\Data aplikací\ProgSense
2010-11-18 10:09 . 2010-12-02 01:41 -------- d-----w- C:\downloads
2010-11-18 10:09 . 2010-11-18 10:09 -------- d-----w- c:\documents and settings\wencaS\Data aplikací\GrabPro
2010-11-18 10:08 . 2010-11-18 10:09 -------- d-----w- c:\documents and settings\wencaS\Local Settings\Data aplikací\OpenCandy
2010-11-18 10:08 . 2010-11-18 10:08 -------- d-----w- c:\documents and settings\wencaS\Data aplikací\OpenCandy
2010-11-18 10:08 . 2010-12-02 01:41 -------- d-----w- c:\documents and settings\wencaS\Data aplikací\Orbit
2010-11-18 10:08 . 2010-11-18 10:09 -------- d-----w- c:\program files\Orbitdownloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 16:16 . 2010-09-23 16:16 29352 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2010-09-23 14:35 . 2010-09-23 14:35 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2010-09-15 02:50 . 2010-06-03 09:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2010-06-03 09:47 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-14 13:16 . 2010-09-14 13:16 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="c:\documents and settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-02-04 26624]
"PowerArchiver Tray"="c:\program files\PowerArchiver\PASTARTER.EXE" [2007-03-20 140328]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"uTorrent"="c:\program files\uTorrent\utorrent.exe" [2010-11-21 394104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2009-06-04 5777408]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-02-02 917504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"SW20"="c:\windows\system32\sw20.exe" [2006-05-18 208896]
"SW24"="c:\windows\system32\sw24.exe" [2006-05-17 69632]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-01-18 208896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 172032]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 40960]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2010-11-03 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonuiwencaS.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" /s
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2010 23:39 691696]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [27.2.2010 17:33 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [21.6.2008 4:54 66600]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [20.10.2009 19:19 50704]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24 1365288]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2.2.2010 12:21 1043784]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [4.2.2010 14:47 65576]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.7.2010 9:31 136176]
S2 Nexus Server;Nexus Server (Carbon Coder);c:\program files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe [5.2.2010 14:58 700548]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2.2.2010 18:16 1684736]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-12-04 c:\windows\Tasks\Automatic troubleshooting.job
- c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2010-02-02 11:28]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-25 08:31]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-25 08:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.msi.com/index.php?func=html&name=liveupdate_star
uInternet Connection Wizard,ShellNext = hxxp://shop.symantecstore.com/servlet/PromoServlet?promoID=1173800&NOS=Y8f55MnnamD8Fpjj8hCwhCzdEeCDjwM%2BGADDdfdm%2BgCDVwXq3gRDv4hACDFGGl6CSMtktgJPBBX6xKCGVHPTR2GPY&SASSERVER=lcsitemain.symantec.com&TRANSID=%2F10097711%2FAITgu78334AAF10E109C2&GUID=8936BE4102011DF95AD90E6BA61B37E&SSLT=4096&oslang=iso:CZE&oslocale=iso:CZE&vendid=0&vendtag=&epid={08936be4-1020-11df-95ad-90e6ba61b37e}
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Data aplikací\LangSoft\WebIE.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\
FF - prefs.js: keyword.URL - hxxp://www.google.cz/search?ie=utf-8&oe=utf-8& ... cs&aq=t&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - Extension: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Extension: Tab Scope: tabscope@xuldev.org - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\tabscope@xuldev.org
FF - Extension: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Extension: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Extension: Favicon Picker 2: {446c03e0-2c35-11db-a98b-0800200c9a66} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Extension: GrayModern2: {eb46c787-131a-4eb7-9b93-7f62ca550917} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{eb46c787-131a-4eb7-9b93-7f62ca550917}
FF - Extension: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Extension: Automatic Save Folder: asf@mangaheart.org - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\asf@mangaheart.org
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: FxIF: {11483926-db67-4190-91b1-ef20fcec5f33} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
FF - Extension: Firebug: firebug@software.joehewitt.com - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\firebug@software.joehewitt.com
FF - Extension: SQLite Manager: SQLiteManager@mrinalkant.blogspot.com - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\SQLiteManager@mrinalkant.blogspot.com
FF - Extension: Autotrans: autotrans@glennpow - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\autotrans@glennpow
FF - Extension: Past Modern: {81514210-E22A-4e69-93D5-E1EFD45B4620} - c:\documents and settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://s5.travian.cz http://s6.travian.cz http://s7.travian.cz http://s8.travian.cz http://s9.travian.cz http://s10.travian.cz http://s11.travian.cz http://s12.travian.cz http://s13.travian.cz http://s14.travian.cz http://s15.travian.cz http://speed.travian.cz http://s1.travian.sk http://s2.travian.sk http://s3.travian.sk http://s4.travian.sk http://s5.travian.sk http://s6.travian.sk http://s7.travian.sk http://s8.travian.sk http://s9.travian.sk http://s10.travian.sk http://speed.travian.sk
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-PC Translator - c:\docume~1\wencaS\LOCALS~1\Temp\UN32.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 16:45
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1780)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Celkový čas: 2010-12-04 16:49:42
ComboFix-quarantined-files.txt 2010-12-04 15:49

Před spuštěním: 3 801 681 920
Po spuštění: 7 968 178 176

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer /TUTag=T3GJ5G /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /usepmtimer /TUTag=T3GJ5G-BAK

- - End Of File - - C0C193AF731181F106CF53FBE78E9329

#2 Příspěvek od **Rudy** » 05 pro 2010 10:19

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

Collect::
c:\windows\system32\winsys2.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSys2"=-

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

MH · #3 Příspěvek od MH » 06 pro 2010 19:40

Děkuji za radu , provedeno, ted je občas klid, ale občas se opět keys rozběhne a myš rozkliká, divné...Nový log

ComboFix 10-12-04.01 - wencaS 05.12.2010 14:47:10.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.2047.1418 [GMT 1:00]
Spuštěný z: C:\Documents and Settings\wencaS\Plocha\ComboFix.exe
Použité ovládací přepínače :: C:\Documents and Settings\wencaS\Plocha\CFScript.txt
AV: Eset NOD32 Antivirus 2.50 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: Sunbelt Personal Firewall *enabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
* Rezidentní štít AV je zapnutý

file zipped: c:\windows\system32\winsys2.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winsys2.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-05 do 2010-12-05 )))))))))))))))))))))))))))))))
.

2010-12-05 12:59:46 . 2010-12-05 12:59:46 -------- d-----w- C:\Program Files\Haali
2010-12-05 12:59:38 . 2010-12-05 12:59:38 -------- d-----w- C:\Program Files\CoreCodec
2010-12-05 12:54:37 . 2010-12-05 12:54:43 -------- d-----w- C:\Program Files\Combined Community Codec Pack
2010-12-05 08:30:26 . 2010-12-05 08:30:26 1409 ----a-w- C:\WINDOWS\QTFont.for
2010-12-04 19:32:01 . 2010-12-04 19:32:01 -------- d-----w- C:\_OTL
2010-12-04 16:16:25 . 2010-12-04 16:16:25 -------- d-----w- C:\Documents and Settings\wencaS\Data aplikací\Malwarebytes
2010-12-04 16:16:19 . 2010-11-29 16:42:18 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2010-12-04 16:16:18 . 2010-12-04 16:16:18 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2010-12-04 16:16:15 . 2010-11-29 16:42:06 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys
2010-12-04 16:16:14 . 2010-12-04 16:16:19 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware
2010-12-03 19:58:44 . 2010-12-03 19:58:44 -------- d-----w- C:\WINDOWS\system32\wbem\Repository
2010-11-26 17:39:07 . 2010-11-26 17:39:07 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\Panasonic
2010-11-26 17:32:53 . 2007-06-14 19:57:42 145504 ----a-w- C:\WINDOWS\system32\bgsvcgen.exe
2010-11-26 17:32:53 . 2005-04-30 21:41:00 49152 ----a-w- C:\WINDOWS\system32\setupsvc.dll
2010-11-26 17:32:52 . 2007-06-14 19:57:58 59488 ----a-w- C:\WINDOWS\system32\GenSvcInst.exe
2010-11-26 17:32:52 . 2006-12-18 20:42:04 8704 ----a-w- C:\WINDOWS\system32\BHARegister.dll
2010-11-26 17:32:52 . 2006-02-20 02:17:40 33408 ----a-w- C:\WINDOWS\system32\drivers\cdrbsdrv.sys
2010-11-26 17:32:21 . 2010-11-26 17:32:21 -------- d-----w- C:\Program Files\Panasonic
2010-11-18 10:09:13 . 2010-11-18 10:09:13 -------- d-----w- C:\Documents and Settings\All Users\Data aplikací\ReviverSoft
2010-11-18 10:09:09 . 2010-11-18 10:09:09 -------- d-----w- C:\Documents and Settings\wencaS\Data aplikací\ProgSense
2010-11-18 10:09:00 . 2010-12-02 01:41:30 -------- d-----w- C:\downloads
2010-11-18 10:09:00 . 2010-11-18 10:09:00 -------- d-----w- C:\Documents and Settings\wencaS\Data aplikací\GrabPro
2010-11-18 10:08:58 . 2010-11-18 10:09:38 -------- d-----w- C:\Documents and Settings\wencaS\Local Settings\Data aplikací\OpenCandy
2010-11-18 10:08:53 . 2010-11-18 10:08:53 -------- d-----w- C:\Documents and Settings\wencaS\Data aplikací\OpenCandy
2010-11-18 10:08:49 . 2010-12-04 19:31:23 -------- d-----w- C:\Documents and Settings\wencaS\Data aplikací\Orbit

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-23 16:16:28 . 2010-09-23 16:16:28 29352 ----a-w- C:\WINDOWS\system32\drivers\ElbyCDIO.sys
2010-09-23 14:35:31 . 2010-09-23 14:35:31 89256 ----a-w- C:\WINDOWS\system32\ElbyCDIO.dll
2010-09-15 02:50:37 . 2010-06-03 09:47:03 472808 ----a-w- C:\WINDOWS\system32\deployJava1.dll
2010-09-15 00:29:49 . 2010-06-03 09:47:03 73728 ----a-w- C:\WINDOWS\system32\javacpl.cpl
2010-09-14 13:16:06 . 2010-09-14 13:16:06 108480 ----a-w- C:\WINDOWS\system32\drivers\AnyDVD.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-12-04_15.46.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-05 08:29:25 . 2010-12-05 08:29:25 16384 C:\WINDOWS\Temp\Perflib_Perfdata_588.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OEXPRESS"="C:\Documents and Settings\All Users\Data aplikací\LangSoft\OETRN.EXE" [2010-02-04 13:59:59 26624]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2007-03-20 20:38:00 140328]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 09:16:20 357696]
"uTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2010-11-21 06:34:05 394104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 06:01:02 17881600]
"Six Engine"="C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" [2009-06-04 14:10:56 5777408]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2010-02-02 19:26:39 917504]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 09:56:54 286720]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22:00 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22:00 1622016]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 01:15:22 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 02:37:40 69632]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22:00 86016]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-11 08:08:52 172032]
"DeviceDiscovery"="C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-02 19:56:10 40960]
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 18:37:40 932288]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 20:57:00 30208]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 09:44:46 248552]
"UpdateReminder"="C:\Program Files\Eset\UpdateReminder.exe" [2010-11-03 16:16:55 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-17 13:49:24 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="logonuiwencaS.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;C:\WINDOWS\system32\drivers\sptd.sys [6.2.2010 23:39:18 691696]
R1 SbFw;SbFw;C:\WINDOWS\system32\drivers\SbFw.sys [27.2.2010 17:33:34 270888]
R1 sbhips;Sunbelt HIPS Driver;C:\WINDOWS\system32\drivers\sbhips.sys [21.6.2008 4:54:54 66600]
R2 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [20.10.2009 19:19:44 50704]
R2 SbPF.Launcher;SbPF.Launcher;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [31.10.2008 7:24:28 95528]
R2 SPF4;Sunbelt Personal Firewall 4;C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [31.10.2008 7:24:28 1365288]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2.2.2010 12:21:56 1043784]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\WINDOWS\system32\drivers\SbFwIm.sys [4.2.2010 14:47:02 65576]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24:44 10064]
S2 gupdate;Služba Google Update (gupdate);C:\Program Files\Google\Update\GoogleUpdate.exe [25.7.2010 9:31:39 136176]
S2 Nexus Server;Nexus Server (Carbon Coder);C:\Program Files\Common Files\Rhozet\Carbon Coder\Kernel\PNXSERVR.exe [5.2.2010 14:58:34 700548]
S3 Ambfilt;Ambfilt;C:\WINDOWS\system32\drivers\Ambfilt.sys [2.2.2010 18:16:34 1684736]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-12-05 C:\WINDOWS\Tasks\Automatic troubleshooting.job
- C:\Program Files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2010-02-02 11:28:06 . 2010-02-02 11:28:06]

2010-12-05 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-25 08:31:39 . 2010-07-25 08:31:31]

2010-12-05 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-25 08:31:39 . 2010-07-25 08:31:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.msi.com/index.php?func=html&name=liveupdate_star
uInternet Connection Wizard,ShellNext = hxxp://shop.symantecstore.com/servlet/PromoServlet?promoID=1173800&NOS=Y8f55MnnamD8Fpjj8hCwhCzdEeCDjwM%2BGADDdfdm%2BgCDVwXq3gRDv4hACDFGGl6CSMtktgJPBBX6xKCGVHPTR2GPY&SASSERVER=lcsitemain.symantec.com&TRANSID=%2F10097711%2FAITgu78334AAF10E109C2&GUID=8936BE4102011DF95AD90E6BA61B37E&SSLT=4096&oslang=iso:CZE&oslocale=iso:CZE&vendid=0&vendtag=&epid={08936be4-1020-11df-95ad-90e6ba61b37e}
IE: E&xportovat do aplikace Microsoft Office Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Data aplikací\LangSoft\WebIE.dll
LSP: imon.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://www.google.cz/search?ie=utf-8&oe=utf-8& ... cs&aq=t&q=
FF - plugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - Extension: Linkification: {35106bca-6c78-48c7-ac28-56df30b51d2a} - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
FF - Extension: Tab Scope: tabscope@xuldev.org - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\tabscope@xuldev.org
FF - Extension: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Extension: ColorfulTabs: {0545b830-f0aa-4d7e-8820-50a4629a56fe} - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF - Extension: Favicon Picker 2: {446c03e0-2c35-11db-a98b-0800200c9a66} - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a66}
FF - Extension: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Extension: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Extension: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Extension: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Extension: GrayModern2: {eb46c787-131a-4eb7-9b93-7f62ca550917} - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{eb46c787-131a-4eb7-9b93-7f62ca550917}
FF - Extension: SearchPreview: {EF522540-89F5-46b9-B6FE-1829E2B572C6} - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
FF - Extension: Automatic Save Folder: asf@mangaheart.org - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\asf@mangaheart.org
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: FxIF: {11483926-db67-4190-91b1-ef20fcec5f33} - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
FF - Extension: Firebug: firebug@software.joehewitt.com - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\firebug@software.joehewitt.com
FF - Extension: SQLite Manager: SQLiteManager@mrinalkant.blogspot.com - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\SQLiteManager@mrinalkant.blogspot.com
FF - Extension: Autotrans: autotrans@glennpow - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\autotrans@glennpow
FF - Extension: Past Modern: {81514210-E22A-4e69-93D5-E1EFD45B4620} - C:\Documents and Settings\wencaS\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\extensions\{81514210-E22A-4e69-93D5-E1EFD45B4620}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - localfilelinks
FF - user.js: capability.policy.localfilelinks.sites - hxxp://s1.travian.cz http://s2.travian.cz http://s3.travian.cz http://s4.travian.cz http://s5.travian.cz http://s6.travian.cz http://s7.travian.cz http://s8.travian.cz http://s9.travian.cz http://s10.travian.cz http://s11.travian.cz http://s12.travian.cz http://s13.travian.cz http://s14.travian.cz http://s15.travian.cz http://speed.travian.cz http://s1.travian.sk http://s2.travian.sk http://s3.travian.sk http://s4.travian.sk http://s5.travian.sk http://s6.travian.sk http://s7.travian.sk http://s8.travian.sk http://s9.travian.sk http://s10.travian.sk http://speed.travian.sk
FF - user.js: capability.policy.localfilelinks.checkloaduri.enabled - allAccess
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-05 14:53:01
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

C:\WINDOWS\system32\wbem\wmiprvse.exe [1848] 0x894D0DA0

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="C:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(1468)
C:\WINDOWS\system32\imon.dll
C:\Program Files\Eset\pr_imon.dll
.
Celkový čas: 2010-12-05 14:56:20
ComboFix-quarantined-files.txt 2010-12-05 13:56:15
ComboFix2.txt 2010-12-04 15:49:45

Před spuštěním: 7 763 595 264
Po spuštění: 7 755 198 464

- - End Of File - - 0E32128A464DEC148138CF9F8270D574

#4 Příspěvek od **Rudy** » 06 pro 2010 20:22

Log již vypadá čistý. Zkuste ještě sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .

MH · #5 Příspěvek od MH » 07 pro 2010 21:28

Log z AVP Tool

Automatická kontrola: dokončeno před 16 min. (události: 24, objekty: 161626, čas: 00:33:44)
7.12.2010 18:46:58 Úloha byla spuštěna
7.12.2010 18:56:27 Zjištěno: Trojan-Downloader.Win32.Banload.bdxx C:\Documents and Settings\wencaS\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\Cache(3)\5E1A2273d01/QIP Infium PafoPack 9040/Plugins/Weather/updPlugin.exe
7.12.2010 18:57:28 Odstraněno: Trojan-Downloader.Win32.Banload.bdxx C:\Documents and Settings\wencaS\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\kv39ga1a.default\Cache(3)\5E1A2273d01
7.12.2010 19:06:39 Zjištěno: Trojan-Downloader.Win32.Banload.bdxx C:\Program Files\QIP\QIP Infium PafoPack\Plugins\Weather\updPlugin.exe
7.12.2010 19:06:50 Odstraněno: Trojan-Downloader.Win32.Banload.bdxx C:\Program Files\QIP\QIP Infium PafoPack\Plugins\Weather\updPlugin.exe
7.12.2010 19:06:59 Zjištěno: Trojan-Downloader.Win32.Banload.bdxx C:\Program Files\QIP\QIP Infium PafoPack_old\backup\Plugins\Weather\updPlugin.exe
7.12.2010 19:07:09 Odstraněno: Trojan-Downloader.Win32.Banload.bdxx C:\Program Files\QIP\QIP Infium PafoPack_old\backup\Plugins\Weather\updPlugin.exe
7.12.2010 19:07:16 Zjištěno: Trojan-Downloader.Win32.Banload.bdxx C:\Program Files\QIP\QIP Infium PafoPack_old\Plugins\Weather\updPlugin.exe
7.12.2010 19:07:25 Odstraněno: Trojan-Downloader.Win32.Banload.bdxx C:\Program Files\QIP\QIP Infium PafoPack_old\Plugins\Weather\updPlugin.exe
7.12.2010 19:10:05 Zjištěno: Trojan.Win32.Vilsel.aqtg C:\Program Files\totalcmd\Keygen.exe
7.12.2010 19:10:10 Odstraněno: Trojan.Win32.Vilsel.aqtg C:\Program Files\totalcmd\Keygen.exe
7.12.2010 19:13:55 Zjištěno: Packed.Win32.Krap.hc C:\System Volume Information\_restore{55C753F8-E8A1-406A-A52E-5641C2CCAD70}\RP253\A0035372.exe
7.12.2010 19:13:55 Zjištěno: Packed.Win32.Krap.hc C:\System Volume Information\_restore{55C753F8-E8A1-406A-A52E-5641C2CCAD70}\RP253\A0035371.exe
7.12.2010 19:14:11 Odstraněno: Packed.Win32.Krap.hc C:\System Volume Information\_restore{55C753F8-E8A1-406A-A52E-5641C2CCAD70}\RP253\A0035372.exe
7.12.2010 19:14:17 Zjištěno: Trojan-Downloader.Win32.Banload.bdxx C:\System Volume Information\_restore{55C753F8-E8A1-406A-A52EA1-406A-A52E-5641C2CCAD70}\RP256\A0035806.exe
7.12.2010 19:14:49 Odstraněno: Trojan.Win32.Vilsel.aqtg C:\System Volume Information\_restore{55C753F8-E8A1-406A-A52E-5641C2CCAD70}\RP256\A0035807.exe
7.12.2010 19:20:42 Úloha byla dokončena -5641C2CCAD70}\RP256\A0035804.exe
7.12.2010 19:14:17 Zjištěno: Trojan-Downloader.Win32.Banload.bdxx C:\System Volume Information\_restore{55C753F8-E8A1-406A-A52E-5641C2CCAD70}\RP256\A0035805.exe
7.12.2010 19:14:18 Odstraněno: Packed.Win32.Krap.hc C:\System Volume Information\_restore{55C753F8-E8A1-406A-A52E-5641C2CCAD70}\RP253\A0035371.exe
7.12.2010 19:14:19 Zjištěno: Trojan-Downloader.Win32.Banload.bdxx C:\System Volume Information\_restore{55C753F8-E8A1-406A-A52E-5641C2CCAD70}\RP256\A0035806.exe
7.12.2010 19:14:24 Odstraněno: Trojan-Downloader.Win32.Banload.bdxx C:\System Volume Information\_restore{55C753F8-E8A1-406A-A52E-5641C2CCAD70}\RP256\A0035804.exe
7.12.2010 19:14:24 Zjištěno: Trojan.Win32.Vilsel.aqtg C:\System Volume Information\_restore{55C753F8-E8A1-406A-A52E-5641C2CCAD70}\RP256\A0035807.exe
7.12.2010 19:14:28 Odstraněno: Trojan-Downloader.Win32.Banload.bdxx C:\System Volume Information\_restore{55C753F8-E8A1-406A-A52E-5641C2CCAD70}\RP256\A0035805.exe
7.12.2010 19:14:32 Odstraněno: Trojan-Downloader.Win32.Banload.bdxx C:\System Volume Information\_restore{55C753F8-E8

#6 Příspěvek od **Rudy** » 07 pro 2010 22:14

Ještě něco bylo smazáno. Změnilo se něco?

MH · #7 Příspěvek od MH » 09 pro 2010 10:32

Děkuji za pomoc, po dením testování, se PC chová standartně a "neblbne" asi opravdu jakýsi trojan byl usazen.

#8 Příspěvek od **Rudy** » 09 pro 2010 18:39

Nemáte zač!

VIRY.CZ

Divné chování PC - myš a klávesnice

Divné chování PC - myš a klávesnice

Re: Divné chování PC - myš a klávesnice

Re: Divné chování PC - myš a klávesnice

Re: Divné chování PC - myš a klávesnice

Re: Divné chování PC - myš a klávesnice

Re: Divné chování PC - myš a klávesnice

Re: Divné chování PC - myš a klávesnice

Re: Divné chování PC - myš a klávesnice