Wolna praca IE

(Jacek Janus) #1

Witam mam problem z wolno działającym IE.Często programy anty spyware znajdują róznego rodzaju szpiegi lub koniki

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:15:12, on 2008-07-01

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\System32\smss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\aestsrv.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

C:\Windows\system32\CTsvcCDA.exe

C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Windows\System32\svchost.exe

C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnsscomm.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\svchost.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Dell Support Center\bin\sprtsvc.exe

C:\Windows\system32\svchost.exe

C:\Windows\System32\svchost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\ntvdm.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Users`\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\System32\rundll32.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Windows\explorer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\Taskmgr.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F3 - REG:win.ini: load=C:\YDPDict\watch.exe

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O4 - HKLM…\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM…\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “c:\Program Files\Java\jre1.6.0\bin\jusched.exe”

O4 - HKLM…\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM…\Run: [DELL Webcam Manager] “C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe” /s

O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start

O4 - HKLM…\Run: [RoxWatchTray] “C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”

O4 - HKLM…\Run: [PCMService] “C:\Program Files\Dell\MediaDirect\PCMService.exe”

O4 - HKLM…\Run: [dscactivate] “C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe”

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM…\Run: [iSUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr

O4 - HKLM…\Run: [DellSupportCenter] “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [iSTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”

O4 - HKLM…\Run: [VolPanel] “C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe” /r

O4 - HKLM…\Run: [MSConfig] “C:\Windows\System32\msconfig.exe” /auto

O4 - HKLM…\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKCU…\Run: [uTorrent] “C:\Users`\Program Files\uTorrent\uTorrent.exe”

O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKCU…\Run: [DellSupportCenter] “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter

O4 - HKCU…\Run: [iSUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler

O4 - HKUS\S-1-5-19…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)

O4 - HKUS\S-1-5-19…\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)

O4 - HKUS\S-1-5-20…\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: Send image to &Bluetooth Device… - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device… - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: GFI LANguard N.S.S. 5.0 attendant service - GFI Software Ltd. - C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe

O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: SSWP - Sysinternals - http://www.sysinternals.com - C:\Users`\AppData\Local\Temp\SSWP.exe

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

O23 - Service: ZYQMEAE - Sysinternals - http://www.sysinternals.com - C:\Users`\AppData\Local\Temp\ZYQMEAE.exe

End of file - 13305 bytes

(Kambor4) #2

>>Hijack>>scan(Do a system scan only)>>zaznacz je >>Fix checked.

Daj log z Combofix

(Leon$) #3

tych wpisów tak się nie usuwa

start >> uruchom >> cmd

sc stop ZYQMEAE >> Enter

sc delete ZYQMEAE >> Enter

:slight_smile:

(Jacek Janus) #4

ComboFix 08-07-05.1 - ` 2008-07-06 19:20:24.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.840 [GMT 2:00]

Running from: C:\Users`\Downloads\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Windows\system32\AutoRun.inf

.

((((((((((((((((((((((((( Files Created from 2008-06-06 to 2008-07-06 )))))))))))))))))))))))))))))))

.

2008-07-05 23:52 . 2008-07-05 23:52

2008-07-05 22:54 . 2008-07-05 22:54

2008-07-05 22:54 . 2008-07-05 22:54

2008-07-05 22:54 . 2008-07-05 22:54

2008-07-05 22:54 . 2008-07-05 22:54

2008-07-05 22:54 . 2008-07-05 22:54

2008-07-05 22:54 . 2008-07-05 22:54

2008-07-05 22:54 . 2008-07-05 22:54

2008-07-05 22:54 . 2008-07-05 22:54

2008-07-05 22:49 . 2008-07-05 22:50 36,429,824 --a------ C:\Windows\System32\ZTCUQAELEYG

2008-07-05 22:34 . 2008-07-05 22:34

2008-07-05 21:37 . 2008-07-05 21:37

2008-07-05 21:37 . 2008-07-05 21:37 52,736 --a------ C:\Windows\ipuninst.exe

2008-07-02 00:42 . 2008-07-06 10:27

2008-07-01 23:37 . 2008-07-06 10:43

2008-07-01 23:37 . 2008-07-06 19:17

2008-07-01 23:37 . 2008-07-06 10:43

2008-07-01 23:37 . 2008-07-06 19:17

2008-07-01 23:37 . 2008-07-01 23:37 141,312 --a------ C:\Windows\System32\drivers\sp_rsdrv2.sys

2008-07-01 23:14 . 2008-07-01 23:14

2008-07-01 23:11 . 2007-01-18 14:00 3,968 --a------ C:\Windows\System32\drivers\AvgArCln.sys

2008-07-01 17:30 . 2008-07-01 17:30 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2008-07-01 13:36 . 2008-07-01 13:36

2008-07-01 11:09 . 2008-01-19 09:35 4,875,776 --a------ C:\Windows\System32\NlsData0009.dll

2008-07-01 11:08 . 2008-01-19 09:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll

2008-07-01 11:07 . 2008-01-19 09:32 5,714,432 --a------ C:\Windows\System32\logon.scr

2008-07-01 11:06 . 2008-01-19 08:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL

2008-07-01 11:05 . 2008-01-19 09:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll

2008-07-01 11:05 . 2008-01-19 09:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll

2008-07-01 11:05 . 2008-01-19 09:36 218,624 --a------ C:\Windows\System32\wdscore.dll

2008-07-01 11:05 . 2008-01-19 09:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll

2008-07-01 11:05 . 2008-01-19 09:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe

2008-07-01 11:04 . 2008-01-19 09:34 305,152 --a------ C:\Windows\System32\msdelta.dll

2008-07-01 11:04 . 2008-01-19 09:34 258,560 --a------ C:\Windows\System32\dpx.dll

2008-07-01 11:04 . 2008-01-19 09:34 246,784 --a------ C:\Windows\System32\drvstore.dll

2008-07-01 11:04 . 2008-01-19 09:35 35,328 --a------ C:\Windows\System32\mspatcha.dll

2008-07-01 11:04 . 2006-11-02 11:39 6,656 --a------ C:\Windows\System32\kbd106.dll

2008-06-29 22:16 . 2008-06-29 22:16

2008-06-29 19:57 . 2008-06-29 19:57

2008-06-29 19:47 . 2008-06-29 19:47

2008-06-29 19:47 . 2008-06-29 19:47 0 --a------ C:\Windows\DXT6958.tmp

2008-06-29 19:44 . 2008-06-29 19:44 0 --a------ C:\Windows\DXT9DA2.tmp

2008-06-29 19:44 . 2008-06-29 19:44 0 --a------ C:\Windows\DXT9D72.tmp

2008-06-29 19:42 . 2008-06-29 19:42

2008-06-29 19:28 . 2008-06-29 19:28

2008-06-29 10:32 . 1999-12-13 01:01 44,032 --------- C:\Windows\System32\CTSVCCDA.EXE

2008-06-29 10:32 . 1999-11-18 01:00 25,088 --------- C:\Windows\System32\CTSVCCTL.EXE

2008-06-28 22:23 . 2008-07-06 19:28 4 --a------ C:\Windows\System32\msdbcrpt.kar.{de6af992-0620-498f-922f-79ce716e7a55}

2008-06-28 22:23 . 2008-07-06 19:28 4 --a------ C:\Windows\System32\fsdbcrpt.kar.{de6af992-0620-498f-922f-79ce716e7a55}

2008-06-28 22:19 . 2008-06-28 22:19

2008-06-28 22:16 . 2008-06-28 22:16

2008-06-28 14:15 . 2008-06-28 14:15

2008-06-28 14:15 . 2008-07-05 22:29

2008-06-28 14:15 . 2008-06-10 21:22 81,288 --a------ C:\Windows\System32\drivers\iksyssec.sys

2008-06-28 14:15 . 2008-06-02 15:19 66,952 --a------ C:\Windows\System32\drivers\iksysflt.sys

2008-06-28 14:15 . 2008-06-02 15:19 42,376 --a------ C:\Windows\System32\drivers\ikfilesec.sys

2008-06-28 14:15 . 2008-06-02 15:19 29,576 --a------ C:\Windows\System32\drivers\kcom.sys

2008-06-28 14:04 . 2008-05-16 01:18 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys

2008-06-28 14:03 . 2008-06-28 14:03

2008-06-28 13:30 . 2008-06-28 13:30

2008-06-28 13:30 . 2008-06-28 13:30

2008-06-18 13:04 . 2008-06-18 13:04

2008-06-17 11:43 . 2008-06-17 11:43

2008-06-17 11:40 . 2008-06-17 11:43

2008-06-17 11:27 . 2008-06-17 11:27

2008-06-17 10:15 . 2008-06-17 10:15 0 --a------ C:\Windows\nsreg.dat

2008-06-14 18:48 . 2008-04-23 06:42 428,544 --a------ C:\Windows\System32\EncDec.dll

2008-06-14 18:48 . 2008-04-23 06:42 293,376 --a------ C:\Windows\System32\psisdecd.dll

2008-06-14 18:48 . 2008-04-23 06:41 218,624 --a------ C:\Windows\System32\psisrndr.ax

2008-06-14 18:48 . 2008-01-19 09:33 80,896 --a------ C:\Windows\System32\MSNP.ax

2008-06-14 18:48 . 2008-01-19 09:33 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax

2008-06-14 18:48 . 2008-04-23 06:41 57,856 --a------ C:\Windows\System32\MSDvbNP.ax

2008-06-14 00:45 . 2008-06-14 00:45

2008-06-14 00:45 . 2008-06-14 00:45

2008-06-13 13:18 . 2008-06-13 13:18

2008-06-13 11:44 . 2008-06-13 11:44

2008-06-13 10:25 . 2008-06-13 10:25

2008-06-13 10:25 . 2008-06-13 10:25

2008-06-13 10:24 . 2008-06-13 10:25

2008-06-13 10:24 . 2008-06-13 10:25

2008-06-12 20:17 . 2008-06-17 11:43

2008-06-12 20:07 . 2004-11-08 11:00 523,024 --------- C:\Windows\System32\msxml.dll

2008-06-12 20:06 . 2008-06-17 10:38

2008-06-11 19:40 . 2008-06-11 19:40

2008-06-11 19:40 . 2008-06-11 19:40

2008-06-11 18:45 . 2008-06-11 18:45

2008-06-11 14:01 . 2008-07-06 12:11

2008-06-10 19:58 . 2008-06-10 19:58

2008-06-10 15:25 . 2008-06-13 19:09

2008-06-10 15:25 . 2008-06-13 17:50

2008-06-06 13:06 . 2008-06-06 13:06

2008-06-06 13:06 . 1998-10-07 12:54 327,168 --a------ C:\Windows\IsUn0415.exe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-07-06 17:22 --------- d-----w C:\Users`\AppData\Roaming\uTorrent

2008-07-06 17:21 --------- d—a-w C:\ProgramData\TEMP

2008-07-06 16:23 --------- d-----w C:\ProgramData\Roxio

2008-07-06 10:02 --------- d-----w C:\Users`\AppData\Roaming\Skype

2008-07-06 07:54 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-07-06 07:46 --------- d-----w C:\Program Files\Google

2008-07-06 07:16 --------- d-----w C:\Users`\AppData\Roaming\skypePM

2008-07-05 20:50 26,955 ----a-w C:\Users`\AppData\Roaming\nvModes.dat

2008-07-01 13:27 --------- d-----w C:\ProgramData\Creative

2008-07-01 11:55 --------- d-----w C:\ProgramData\NVIDIA

2008-07-01 11:50 174 --sha-w C:\Program Files\desktop.ini

2008-07-01 11:37 --------- d-----w C:\Program Files\Windows Sidebar

2008-07-01 11:37 --------- d-----w C:\Program Files\Windows Photo Gallery

2008-07-01 11:37 --------- d-----w C:\Program Files\Windows Mail

2008-07-01 11:37 --------- d-----w C:\Program Files\Windows Journal

2008-07-01 11:37 --------- d-----w C:\Program Files\Windows Defender

2008-07-01 11:37 --------- d-----w C:\Program Files\Windows Collaboration

2008-07-01 11:37 --------- d-----w C:\Program Files\Windows Calendar

2008-07-01 11:22 82,432 ----a-w C:\Windows\System32\axaltocm.dll

2008-07-01 11:22 101,888 ----a-w C:\Windows\System32\ifxcardm.dll

2008-06-29 20:29 --------- d-----w C:\Program Files\Microsoft Games

2008-06-29 08:35 --------- d–h--w C:\Program Files\Creative Installation Information

2008-06-29 08:29 409,600 ----a-w C:\Windows\System32\wrap_oal.dll

2008-06-29 08:29 114,688 ----a-w C:\Windows\System32\OpenAL32.dll

2008-06-29 07:11 --------- d-----w C:\Program Files\WinTV

2008-06-28 22:30 --------- d-----w C:\Users`\AppData\Roaming\BearShare

2008-06-28 11:27 --------- d-----w C:\Program Files\Common Files\Symantec Shared

2008-06-28 11:25 --------- d-----w C:\ProgramData\Symantec

2008-06-18 11:43 --------- d-----w C:\Users`\AppData\Roaming\Roxio

2008-06-15 11:13 --------- d-----w C:\Program Files\BearShare Applications

2008-06-14 17:34 722 ----a-w C:\Users`\AppData\Roaming\wklnhst.dat

2008-06-13 17:51 --------- d-----w C:\ProgramData{CFAB4006-0AE0-414D-866A-DCB2C46553CF}

2008-06-13 17:51 --------- d-----w C:\Program Files\Modem Diagnostic Tool

2008-06-13 17:50 --------- d-----w C:\Users`\AppData\Roaming\LimeWire

2008-06-13 06:22 --------- d-----w C:\Program Files\Yahoo!

2008-06-10 20:14 --------- d-----w C:\ProgramData\Dell

2008-06-10 15:59 --------- d-----w C:\Users`\AppData\Roaming\GHISLER

2008-06-10 15:58 --------- d-----w C:\Program Files\MoorHunt

2008-06-10 08:55 --------- d-----w C:\ProgramData\HPSSUPPLY

2008-05-15 20:26 --------- d-----w C:\Program Files\Common Files\Onet.pl

2008-05-15 20:25 --------- d-----w C:\Users`\AppData\Roaming\Flircik

2008-05-15 20:25 --------- d-----w C:\Users`\AppData\Roaming\AutoUpdate

2008-05-10 01:33 113,664 ----a-w C:\Windows\system32\drivers\rmcast.sys

2008-04-29 03:54 181,760 ----a-w C:\Windows\System32\fsquirt.exe

2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll

2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll

2007-12-26 19:36 32 ----a-w C:\Users\All Users\ezsid.dat

2007-12-26 19:36 32 ----a-w C:\ProgramData\ezsid.dat

2007-11-20 19:07 76 --sh–r C:\Windows\CT4CET.bin

2008-01-17 17:16 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-01-17 17:16 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-01-17 17:16 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“uTorrent”=“C:\Users`\Program Files\uTorrent\uTorrent.exe” [2008-02-08 19:34 219952]

“DellSupportCenter”=“C:\Program Files\Dell Support Center\bin\sprtcmd.exe” [2007-11-15 11:23 202544]

“ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” [2006-03-20 19:34 213936]

“WMPNSCFG”=“C:\Program Files\Windows Media Player\WMPNSCFG.exe” [2008-01-19 09:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ECenter”=“C:\Dell\E-Center\EULALauncher.exe” [2007-05-25 08:03 17920]

“SynTPEnh”=“C:\Program Files\Synaptics\SynTP\SynTPEnh.exe” [2007-04-28 02:35 857648]

“OEM02Mon.exe”=“C:\Windows\OEM02Mon.exe” [2007-08-29 07:54 36864]

“SunJavaUpdateSched”=“c:\Program Files\Java\jre1.6.0\bin\jusched.exe” [2007-11-20 20:59 77824]

“UpdReg”=“C:\Windows\UpdReg.EXE” [2000-05-11 01:00 90112]

“DELL Webcam Manager”=“C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe” [2007-07-27 18:43 118784]

“ISUSScheduler”=“C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” [2006-03-20 19:34 86960]

“RoxWatchTray”=“C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe” [2006-11-05 13:22 221184]

“PCMService”=“C:\Program Files\Dell\MediaDirect\PCMService.exe” [2007-04-16 18:10 184320]

“dscactivate”=“C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe” [2007-11-15 11:24 16384]

“Adobe Reader Speed Launcher”=“C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe” [2007-05-11 05:06 40048]

“TkBellExe”=“C:\Program Files\Common Files\Real\Update_OB\realsched.exe” [2007-12-20 23:09 180269]

“WinampAgent”=“C:\Program Files\Winamp\winampa.exe” [2008-01-16 00:54 37376]

“PWRISOVM.EXE”=“C:\Program Files\PowerISO\PWRISOVM.EXE” [2008-01-20 09:05 217088]

“ISUSPM”=“C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” [2006-03-20 19:34 213936]

“HP Software Update”=“C:\Program Files\HP\HP Software Update\HPWuSchd2.exe” [2007-03-11 21:34 49152]

“Onet.pl AutoUpdate”=“C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe” [2006-02-08 16:40 260096]

“DellSupportCenter”=“C:\Program Files\Dell Support Center\bin\sprtcmd.exe” [2007-11-15 11:23 202544]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2008-05-16 01:19 79224]

“ISTray”=“C:\Program Files\Spyware Doctor\pctsTray.exe” [2008-06-10 21:22 1163656]

“VolPanel”=“C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe” [2006-11-27 09:14 180224]

“MSConfig”=“C:\Windows\System32\msconfig.exe” [2008-01-19 09:33 227840]

“NvSvc”=“C:\Windows\system32\nvsvc.dll” [2007-09-25 10:41 86016]

“NvCplDaemon”=“C:\Windows\system32\NvCpl.dll” [2007-09-25 10:40 8478720]

“NvMediaCenter”=“C:\Windows\system32\NvMcTray.dll” [2007-09-25 10:40 81920]

“NVHotkey”=“C:\Windows\system32\nvHotkey.dll” [2007-09-25 10:40 81920]

“SpywareTerminator”=“C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe” [2008-07-01 23:37 1817600]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [11/3/2006 7:55:50 PM 703280]

Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [11/20/2007 9:00:41 PM 50688]

HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 9:26:24 PM 210520]

QuickSet.lnk - C:\Windows\Installer{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [11/20/2007 9:03:05 PM 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“EnableUIADesktopToggle”= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“msacm.ac3filter”= ac3filter.acm

“msacm.l3codec”= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

“DisableMonitoring”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1500205620-3224671638-30330247-1000]

“EnableNotificationsRef”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

“{2811DF78-A53E-456F-924F-DF464AFC679D}”= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

“{C53007AC-752F-49EF-9442-E6FBB912D340}”= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire

“{3474D7D1-E82B-46A2-9D3F-EF709FD6AEE2}”= C:\Program Files\Cyberlink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD

“{B61C08C7-9461-4161-9C08-A06E555B7300}”= UDP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties

“{98CCA0B3-6A04-4DA3-9633-F216C774D2C7}”= TCP:C:\Program Files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties

"TCP Query User{8AB92150-4014-497B-9E07-0FBED91AAC56}C:\users\\\documents\\downloads\\call of duty\\coduomp.exe"= UDP:C:\users\\documents\downloads\call of duty\coduomp.exe:coduomp.exe

"UDP Query User{793251D4-80D8-4C02-99CA-01B1B295DB09}C:\users\\\documents\\downloads\\call of duty\\coduomp.exe"= TCP:C:\users\\documents\downloads\call of duty\coduomp.exe:coduomp.exe

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]

R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-07-01 23:37]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\system32\aestsrv.exe [2007-08-29 23:25]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]

R2 GFI LANguard N.S.S. 5.0 attendant service;GFI LANguard N.S.S. 5.0 attendant service;C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe [2004-04-08 13:10]

R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [2006-11-07 03:37]

R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2006-11-07 01:13]

R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2006-11-07 01:13]

R3 OEM02Dev;Creative Camera OEM002 Driver;C:\Windows\system32\DRIVERS\OEM02Dev.sys [2007-08-29 07:54]

R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\Windows\system32\DRIVERS\OEM02Vfx.sys [2007-08-29 07:55]

S2 HPFECP13;HPFECP13;C:\Windows\system32\drivers\HPFECP13.SYS [1998-09-25 10:55]

S3 AOJD;AOJD;C:\Users`\AppData\Local\Temp\AOJD.exe []

S3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 22:05]

S3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 17:11]

S3 hcw95bda;Hauppauge MOD7700 Tuner Driver;C:\Windows\system32\Drivers\hcw95bda.sys [2007-04-04 20:45]

S3 hcw95rc;Hauppauge MOD7700 IR Driver;C:\Windows\system32\DRIVERS\hcw95rc.sys [2007-04-04 20:48]

S3 IUE;IUE;C:\Users`\AppData\Local\Temp\IUE.exe []

S3 MODRC;Hauppauge Nova-T IR Driver;C:\Windows\system32\DRIVERS\hcw95rc.sys [2007-04-04 20:48]

S3 SSWP;SSWP;C:\Users`\AppData\Local\Temp\SSWP.exe []

S3 ZYQMEAE;ZYQMEAE;C:\Users`\AppData\Local\Temp\ZYQMEAE.exe []

S4 EPGService;EPGService;C:\PROGRA~1\WinTV\EPG Services\System\EPGService.exe [2006-11-28 19:17]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - CATCHME

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-07-06 19:28:40

Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:

ZwClose

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-07-06 19:32:15

ComboFix-quarantined-files.txt 2008-07-06 17:32:06

Pre-Run: 91,871,485,952 bytes free

Post-Run: 91,842,068,480 bytes free

269 — E O F — 2008-07-01 11:25:24

W dniu 06.07.2008 , o godzinie 22:14 został dopisany post przez astaroth1

Po sfixowaniu wpisu O23 - Service: ZYQMEAE - Sysinternals - http://www.sysinternals.com - C:\Users`\AppData\Local\Temp\ZYQMEAE.exe IE zaczął śmigać normalnie ale po uruchomieniu combo fixa znowu się wlecze.

Zrobiłem

start >> uruchom >> cmd

sc stop ZYQMEAE >> Enter

sc delete ZYQMEAE >> Enter

ale wyskakuje odmowa dostępu

załączam loga

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:07:46, on 2008-07-06

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\OEM02Mon.exe

C:\Program Files\Java\jre1.6.0\bin\jusched.exe

C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Dell\MediaDirect\PCMService.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe

C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Users`\Program Files\uTorrent\uTorrent.exe

C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\System32\rundll32.exe

c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Internet Explorer\ieuser.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\conime.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll

O4 - HKLM…\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe

O4 - HKLM…\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM…\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe

O4 - HKLM…\Run: [sunJavaUpdateSched] “c:\Program Files\Java\jre1.6.0\bin\jusched.exe”

O4 - HKLM…\Run: [updReg] C:\Windows\UpdReg.EXE

O4 - HKLM…\Run: [DELL Webcam Manager] “C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe” /s

O4 - HKLM…\Run: [iSUSScheduler] “C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe” -start

O4 - HKLM…\Run: [RoxWatchTray] “C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe”

O4 - HKLM…\Run: [PCMService] “C:\Program Files\Dell\MediaDirect\PCMService.exe”

O4 - HKLM…\Run: [dscactivate] “C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe”

O4 - HKLM…\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe”

O4 - HKLM…\Run: [WinampAgent] “C:\Program Files\Winamp\winampa.exe”

O4 - HKLM…\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM…\Run: [iSUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler

O4 - HKLM…\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM…\Run: [Onet.pl AutoUpdate] C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe /tsr

O4 - HKLM…\Run: [DellSupportCenter] “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter

O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM…\Run: [iSTray] “C:\Program Files\Spyware Doctor\pctsTray.exe”

O4 - HKLM…\Run: [VolPanel] “C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe” /r

O4 - HKLM…\Run: [MSConfig] “C:\Windows\System32\msconfig.exe” /auto

O4 - HKLM…\Run: [sigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe

O4 - HKLM…\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start

O4 - HKLM…\Run: [spywareTerminator] “C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe”

O4 - HKCU…\Run: [uTorrent] “C:\Users`\Program Files\uTorrent\uTorrent.exe”

O4 - HKCU…\Run: [DellSupportCenter] “C:\Program Files\Dell Support Center\bin\sprtcmd.exe” /P DellSupportCenter

O4 - HKCU…\Run: [iSUSPM] “C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe” -scheduler

O4 - HKCU…\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - Global Startup: Bluetooth.lnk = ?

O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: QuickSet.lnk = ?

O8 - Extra context menu item: Send image to &Bluetooth Device… - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device… - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra ‘Tools’ menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s … wflash.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: AOJD - Unknown owner - C:\Users`\AppData\Local\Temp\AOJD.exe (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe

O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe

O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe

O23 - Service: GFI LANguard N.S.S. 5.0 attendant service - GFI Software Ltd. - C:\Program Files\GFI\LANguard Network Security Scanner 5.0\lnssatt.exe

O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IUE - Unknown owner - C:\Users`\AppData\Local\Temp\IUE.exe (file missing)

O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: SSWP - Unknown owner - C:\Users`\AppData\Local\Temp\SSWP.exe (file missing)

O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

O23 - Service: ZYQMEAE - Unknown owner - C:\Users`\AppData\Local\Temp\ZYQMEAE.exe (file missing)

End of file - 10789 bytes

(huber2t) #5

logi wyglądaja na czyste

usuń ręcznie folder C: \Qoobox , usuń instalkę Combofix z dysku.

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz i włącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

lub

Dr.WEB CureIt!

(Gutek) #6

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=253052

(Jacek Janus) #7

Zrobiłem skan kasperskim ale nic nie znalazł

Dr.WEB CureIt! znalazł: mgclose.dat;C:\Program Files\map&guide professional Version 13\prog;Tool.Prockill;Niewyleczalny.Przeniesiony.;

Antyrootkit znalazł: C:\Windows\system32\Drivers\mchInjDrv.sys,Hidden driver file

Co do loga Hijacka zasugerowano mi aby usunąc te wpisy:

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe

O23 - Service: AOJD - Unknown owner - C:\Users`\AppData\Local\Temp\AOJD.exe (file missing)

O23 - Service: IUE - Unknown owner - C:\Users`\AppData\Local\Temp\IUE.exe (file missing)

O23 - Service: SSWP - Unknown owner - C:\Users`\AppData\Local\Temp\SSWP.exe (file missing)

O23 - Service: ZYQMEAE - Unknown owner - C:\Users`\AppData\Local\Temp\ZYQMEAE.exe (file missing)

(huber2t) #8

Masz racje zaraz je usuniemy

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\Users\`\AppData\Local\Temp\AOJD.exe 

C:\Users\`\AppData\Local\Temp\IUE.exe

C:\Users\`\AppData\Local\Temp\SSWP.exe

C:\Users\`\AppData\Local\Temp\ZYQMEAE.exe


Driver::

AOJD

IUE

ZYQMEAE

SSWP

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, który dasz na forum.

Logi dajesz na http://wklejto.pl a w poście dajesz tylko link

(Jacek Janus) #9

Zrobione oto log

http://wklejto.pl/5243

(Leon$) #10

Log wygląda na czysty

zrób optymalizacje uruchamiania

http://cybertrash.netarteria.pl/cyber/i … 378.0.html

usuń ręcznie folder C: \Qoobox usuń instalkę Combofix z dysku.

:slight_smile:

(Jacek Janus) #11

Znalazłem problem.Był nim utorrent.Kiedy program jest wyłączony IE śmiga.Dzięki wszystkim za pomoc.Czy ktoś może wie czemu torrent zwalnia IE?

(Leon$) #12

po prostu zajmuje łącze

:slight_smile: