chciałbym pozbyć się spyware'u

[skoda]

Witam !
Od kilku dni pojawiąją mi się ikony na pulpicie :
- Error Cleaner
- Privacy Protector
- Maleware&Spyware Deleter
Mam różne alerty systemu o ataku na system
Na początku miałem także tapete czerwoną z napisem "Your Privacy is in Danger"
Pytanie brzmi co robić ? ( średnio jestem w tym obeznany zazwyczaj Kaspersky wystarczał) Prosze o pomoc, można pisać także na Gadu-Gadu lub na maila

Oto Log z ComboFixa

Kod: Zaznacz wszystko


ComboFix 08-03-04.2 - Admin 2008-03-04 18:04:42.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1045.18.1395 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Pulpit\Walka z wirami\ComboFix\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Admin\Pulpit\Error Cleaner.url
C:\Documents and Settings\Admin\Pulpit\Privacy Protector.url
C:\Documents and Settings\Admin\Pulpit\Spyware&Malware Protection.url
C:\Documents and Settings\Admin\Ulubione\Error Cleaner.url
C:\Documents and Settings\Admin\Ulubione\Privacy Protector.url
C:\Documents and Settings\Admin\Ulubione\Spyware&Malware Protection.url

.
(((((((((((((((((((((((((   Files Created from 2008-02-04 to 2008-03-04  )))))))))))))))))))))))))))))))
.

2008-03-03 23:31 . 2008-03-03 23:31   <DIR>   d--------   C:\Program Files\Riva
2008-03-03 23:31 . 2008-03-03 23:31   <DIR>   d--------   C:\Program Files\Common Files\SWF Studio
2008-03-03 22:50 . 2008-03-03 22:50   <DIR>   d--------   C:\Program Files\Apple Software Update
2008-03-03 22:50 . 2008-03-03 22:50   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-03-03 19:28 . 2008-03-03 19:28   <DIR>   d--------   C:\Program Files\Lavasoft
2008-03-03 19:28 . 2008-03-03 19:28   <DIR>   d--------   C:\Documents and Settings\Admin\Dane aplikacji\Lavasoft
2008-03-02 21:46 . 2008-03-02 17:05   319,488   --a------   C:\WINDOWS\btrklfr.dll
2008-03-02 21:46 . 2008-03-02 17:05   282,624   --a------   C:\WINDOWS\apdqnxp.dll
2008-03-02 21:46 . 2008-03-02 17:05   172,032   --a------   C:\WINDOWS\enlfxgw.dll
2008-03-02 21:46 . 2008-03-02 17:05   81,920   --a------   C:\WINDOWS\fqspogw.exe
2008-03-01 11:26 . 2008-03-03 22:46   54,156   --ah-----   C:\WINDOWS\QTFont.qfn
2008-03-01 11:26 . 2008-03-01 11:26   1,409   --a------   C:\WINDOWS\QTFont.for
2008-02-27 19:46 . 2008-02-27 19:46   <DIR>   d--------   C:\Program Files\Microsoft Works
2008-02-27 19:44 . 2008-02-27 19:44   <DIR>   d--------   C:\Program Files\Microsoft.NET
2008-02-27 19:42 . 2008-02-27 19:45   <DIR>   d--------   C:\WINDOWS\SHELLNEW
2008-02-27 19:20 . 2006-10-26 19:56   32,592   --a------   C:\WINDOWS\system32\msonpmon.dll
2008-02-27 19:14 . 2008-02-27 19:47   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-02-26 19:56 . 2008-02-26 19:56   <DIR>   d--------   C:\Program Files\Techland
2008-02-25 21:23 . 2008-02-25 21:30   <DIR>   d--------   C:\Tlen_pliki
2008-02-24 17:28 . 2008-02-24 17:28   <DIR>   d--------   C:\Program Files\Sierra On-Line
2008-02-24 17:27 . 2008-02-24 17:27   <DIR>   d--------   C:\Documents and Settings\Admin\WINDOWS
2008-02-24 17:27 . 1997-05-12 17:53   314,368   --a------   C:\WINDOWS\IsUninst.exe
2008-02-24 17:27 . 2008-02-24 17:28   425   --a------   C:\WINDOWS\SIERRA.INI
2008-02-24 17:24 . 2008-02-24 17:24   86,528   --a------   C:\WINDOWS\bnetunin.exe
2008-02-24 17:24 . 2008-02-24 17:24   61,440   --a------   C:\WINDOWS\diabunin.exe
2008-02-23 12:12 . 2008-02-23 12:14   <DIR>   d--------   C:\Documents and Settings\Admin\Dane aplikacji\Moje pliki gry Władca Pierścieni, Król Nazguli
2008-02-23 11:44 . 2008-02-23 11:45   <DIR>   d--------   C:\Documents and Settings\Admin\Dane aplikacji\My Battle for Middle-earth(tm) II Files
2008-02-22 19:16 . 2008-02-22 19:55   <DIR>   d--------   C:\Documents and Settings\Admin\Dane aplikacji\Moje pliki zapisu Bitwy o Śródziemie
2008-02-22 18:31 . 2008-02-28 17:59   <DIR>   d--------   C:\Program Files\Common Files\Adobe
2008-02-22 18:03 . 2008-02-22 18:26   <DIR>   d--------   C:\Documents and Settings\Admin\Dane aplikacji\AdobeUM
2008-02-17 17:44 . 2008-02-17 17:44   <DIR>   d--------   C:\Program Files\Iteral
2008-02-17 17:43 . 2008-02-17 17:43   <DIR>   d--------   C:\Documents and Settings\Admin\Dane aplikacji\skypePM
2008-02-17 17:43 . 2008-02-17 17:43   32   --a------   C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-02-17 17:39 . 2008-02-17 17:39   <DIR>   d--------   C:\Program Files\Common Files\Skype
2008-02-16 12:01 . 1998-10-07 12:54   327,168   --a------   C:\WINDOWS\IsUn0415.exe
2008-02-15 15:47 . 2008-02-15 15:47   52,736   --a------   C:\WINDOWS\ipuninst.exe
2008-02-13 17:52 . 2008-02-13 17:52   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2008-02-13 17:52 . 2006-10-04 15:06   1,197,294   -----c---   C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-02-13 17:52 . 2006-10-04 15:06   764,868   -----c---   C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-02-13 17:52 . 2006-10-04 15:06   217,118   -----c---   C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-02-13 17:50 . 2008-02-13 17:51   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2008-02-11 22:25 . 2007-10-12 15:14   3,734,536   --a------   C:\WINDOWS\system32\d3dx9_36.dll
2008-02-11 22:25 . 2007-10-12 15:14   1,374,232   --a------   C:\WINDOWS\system32\D3DCompiler_36.dll
2008-02-11 22:25 . 2007-10-02 09:56   444,776   --a------   C:\WINDOWS\system32\d3dx10_36.dll
2008-02-11 22:25 . 2007-10-22 03:39   267,272   --a------   C:\WINDOWS\system32\xactengine2_10.dll
2008-02-10 18:41 . 2004-08-03 23:14   359,040   --a------   C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-02-10 18:19 . 2008-03-02 13:28   <DIR>   d--------   C:\Program Files\FlashGet
2008-02-10 12:40 . 2008-02-10 12:40   <DIR>   dr-h-----   C:\Documents and Settings\Admin\Dane aplikacji\SecuROM
2008-02-10 12:25 . 2008-02-10 12:25   <DIR>   d--------   C:\Program Files\OpenAL
2008-02-10 12:25 . 2008-02-10 12:25   413,696   --a------   C:\WINDOWS\system32\wrap_oal.dll
2008-02-10 12:25 . 2008-02-10 12:25   110,592   --a------   C:\WINDOWS\system32\OpenAL32.dll
2008-02-09 21:02 . 2008-02-09 21:02   <DIR>   d--------   C:\Documents and Settings\Admin\Dane aplikacji\Creative
2008-02-09 21:00 . 2008-02-09 21:01   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\Creative
2008-02-09 20:57 . 2000-05-22 09:58   647,872   ---------   C:\WINDOWS\system32\Mscomct2.ocx
2008-02-09 20:57 . 2006-10-06 07:17   53,248   ---------   C:\WINDOWS\Ctregrun.exe
2008-02-09 20:57 . 2003-06-12 23:25   7,062   --a------   C:\WINDOWS\system32\audiopid.vxd
2008-02-09 20:56 . 2007-06-11 02:01   142,656   -ra------   C:\WINDOWS\system32\drivers\V0380Afx.sys
2008-02-09 20:56 . 2007-05-22 02:20   114,688   -ra------   C:\WINDOWS\system32\V0380Afx.dll
2008-02-09 20:56 . 2007-04-02 08:28   94,976   -ra------   C:\WINDOWS\system32\drivers\V0380Aud.sys
2008-02-09 20:54 . 2008-02-09 20:54   <DIR>   d--------   C:\Program Files\muvee Technologies
2008-02-09 20:54 . 2008-02-09 20:54   <DIR>   d--------   C:\Program Files\Common Files\muvee Technologies
2008-02-09 20:54 . 2006-08-30 07:10   158,456   ---------   C:\WINDOWS\system32\pxwma.dll
2008-02-09 20:54 . 2006-08-30 07:10   36,528   ---------   C:\WINDOWS\system32\drivers\PxHelp20.sys
2008-02-09 20:54 . 2006-08-30 07:10   2,560   ---------   C:\WINDOWS\system32\drivers\cdralw2k.sys
2008-02-09 20:54 . 2006-08-30 07:10   2,432   ---------   C:\WINDOWS\system32\drivers\cdr4_xp.sys
2008-02-09 20:53 . 2008-02-09 20:53   <DIR>   d--------   C:\Documents and Settings\All Users\Dane aplikacji\muvee Technologies
2008-02-09 20:52 . 2008-02-09 20:52   428,176   --a------   C:\bin0.bin
2008-02-09 20:52 . 2008-02-09 20:52   191,553   --a------   C:\subafsfile0.bin
2008-02-09 20:51 . 2008-02-09 20:51   80   -r-hs----   C:\WINDOWS\CT4CET.bin
2008-02-09 20:50 . 2008-02-09 20:50   <DIR>   d--------   C:\Program Files\Common Files\Reallusion
2008-02-09 20:50 . 2008-02-09 20:50   <DIR>   d--------   C:\Documents and Settings\All Users\Documents
2008-02-09 20:49 . 2007-02-14 12:27   5,627,904   --a------   C:\WINDOWS\system32\LiveCamVirtual.ocx
2008-02-09 20:49 . 2007-01-15 17:57   31,616   --a------   C:\WINDOWS\system32\drivers\livecamv.sys
2008-02-09 20:48 . 2008-02-09 20:48   <DIR>   d--------   C:\Program Files\Common Files\Creative
2008-02-09 20:48 . 2008-02-09 20:48   <DIR>   d--------   C:\Documents and Settings\Admin\Dane aplikacji\InstallShield
2008-02-09 20:48 . 2003-03-19 06:19   1,060,864   ---------   C:\WINDOWS\system32\MFC71.DLL
2008-02-09 20:46 . 2008-02-09 20:57   <DIR>   d--------   C:\Program Files\Creative
2008-02-09 20:39 . 2008-02-09 20:39   27,617   --a------   C:\bez tytułu.JPG
2008-02-09 20:10 . 2008-02-09 20:10   <DIR>   d--------   C:\Program Files\Game Graphic Studio
2008-02-09 17:30 . 2006-10-26 19:58   30,512   --a------   C:\WINDOWS\system32\mdimon.dll
2008-02-09 17:30 . 2008-02-09 17:30   421   --a------   C:\WINDOWS\ODBC.INI
2008-02-09 17:23 . 2006-12-15 17:19   258,048   -ra------   C:\WINDOWS\system32\hpzids01.dll
2008-02-09 17:23 . 2006-12-30 15:49   117,760   --a------   C:\WINDOWS\system32\hpzll4v2.dll
2008-02-05 09:27 . 2008-03-04 00:13   69   --a------   C:\WINDOWS\NeroDigital.ini

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 17:06   657,440   --sha-w   C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-04 17:06   11,563,808   --sha-w   C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-04 06:08   ---------   d-----w   C:\Program Files\AutoConnect
2008-03-04 00:44   64,556   --sha-w   C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-04 00:44   160,448   --sha-w   C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-03 20:20   ---------   d-----w   C:\Program Files\DAEMON Tools
2008-03-03 16:42   ---------   d-----w   C:\Program Files\Tlen.pl
2008-02-23 18:05   ---------   d--h--w   C:\Program Files\InstallShield Installation Information
2008-02-17 16:46   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Skype
2008-02-17 16:39   ---------   d-----w   C:\Program Files\Skype
2008-02-17 16:39   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-02-16 11:09   12,464   ----a-w   C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-11 21:19   ---------   d-----w   C:\Program Files\The All-Seeing Eye
2008-02-10 11:40   107,888   ----a-w   C:\WINDOWS\system32\CmdLineExt.dll
2008-02-06 19:48   ---------   d-----w   C:\Program Files\Common Files\InstallShield
2008-02-03 18:27   ---------   d-----w   C:\Program Files\directx
2008-02-02 20:54   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Media Player Classic
2008-02-02 19:42   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Hamachi
2008-02-02 19:40   ---------   d-----w   C:\Program Files\UltraISO
2008-02-02 19:32   ---------   d-----w   C:\Program Files\IrfanView
2008-02-02 19:29   ---------   d-----w   C:\Program Files\Real Alternative
2008-02-02 19:29   ---------   d-----w   C:\Program Files\Media Player Classic
2008-02-02 19:29   ---------   d-----w   C:\Program Files\K-Lite Codec Pack
2008-02-02 19:28   ---------   d-----w   C:\Program Files\SubEdit-Player
2008-02-02 18:39   66,872   ----a-w   C:\WINDOWS\system32\PnkBstrA.exe
2008-02-02 18:39   22,328   ----a-w   C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-02-02 18:39   107,832   ----a-w   C:\WINDOWS\system32\PnkBstrB.exe
2008-02-02 17:52   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Nero
2008-02-02 17:51   ---------   d-----w   C:\Program Files\Common Files\Nero
2008-02-02 17:50   ---------   d-----w   C:\Program Files\Nero
2008-02-02 17:50   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-02-02 16:51   ---------   d-----w   C:\Program Files\Kaspersky Lab
2008-02-02 16:51   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab
2008-02-02 16:39   78,415   ----a-w   C:\WINDOWS\system32\drivers\klif.cab
2008-02-02 16:38   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-02-02 16:01   278,984   ----a-w   C:\WINDOWS\system32\drivers\atksgt.sys
2008-02-02 16:01   25,416   ----a-w   C:\WINDOWS\system32\drivers\lirsgt.sys
2008-02-01 21:49   639,224   ----a-w   C:\WINDOWS\system32\drivers\sptd.sys
2008-02-01 17:53   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft
2008-02-01 15:25   ---------   d-----w   C:\Program Files\Netia
2008-02-01 15:08   ---------   d-----w   C:\Documents and Settings\Admin\Dane aplikacji\Talkback
2008-02-01 13:42   23   ----a-w   C:\WINDOWS\system32\drivers\adidsl.cfg
2008-02-01 13:42   ---------   d-----w   C:\Program Files\SAGEM
2008-02-01 13:12   21,275   ----a-w   C:\WINDOWS\system32\drivers\AegisP.sys
2008-02-01 13:12   ---------   d-----w   C:\Program Files\TP-LINK
2008-02-01 13:05   ---------   d-----w   C:\Documents and Settings\All Users\Dane aplikacji\nView_Profiles
2008-02-01 12:51   ---------   d-----w   C:\Program Files\Realtek
2008-02-01 12:32   ---------   d-----w   C:\Program Files\microsoft frontpage
2008-02-01 12:30   ---------   d-----w   C:\Program Files\Usługi online
2008-01-14 12:52   81,920   ----a-w   C:\WINDOWS\system32\frapsvid.dll
2007-12-13 18:09   972,072   ----a-w   C:\WINDOWS\UNNeroMediaHome.exe
2007-12-05 01:53   356,352   ----a-w   C:\WINDOWS\system32\NVUNINST.EXE
2007-12-04 08:59   972,072   ----a-w   C:\WINDOWS\UNRecode.exe
.

------- Sigcheck -------

6a603809f598332dbedd535bdbce313e  C:\WINDOWS\system32\drivers\tcpip.sys
-c----w           327,168 2001-08-18 06:24:44  C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
------w           359,040 2004-08-03 22:14:42  C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
----a-w           359,040 2004-08-03 22:14:42  C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CD6E6FC0-7BED-4DE5-B37E-FB7CF0A567DF}]
         C:\WINDOWS\dkxrstqwkx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0D704FAD-66E9-4F0A-BFED-4F665770DDB3}
{C37757F5-7FB4-4273-B3BE-E81667449196}

[HKEY_CLASSES_ROOT\clsid\{c37757f5-7fb4-4273-b3be-e81667449196}]
[HKEY_CLASSES_ROOT\enlfxgw.1]
[HKEY_CLASSES_ROOT\TypeLib\{C23403AF-4F22-48BD-954F-0EFE6D447CD5}]
[HKEY_CLASSES_ROOT\enlfxgw]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:44 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 00:44 1667584]
"AutoConnect"="C:\Program Files\AutoConnect\AutoConnect.exe" [2004-08-28 19:27 295424]
"Komunikator"="C:\Program Files\Tlen.pl\tlen.exe" [2008-01-15 16:09 6290944]
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-11-17 10:42 53341]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-10 11:14 15473664 C:\WINDOWS\RTHDCPL.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 11:48 157592]
"kis"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" [2006-03-24 19:09 139367]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"V0380Mon.exe"="C:\WINDOWS\V0380Mon.exe" [2007-04-05 07:08 32768]
"CloneCDTray"="D:\Programy\CloneCD\CloneCDTray.exe" [2006-09-28 20:21 57344]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-02-01 14:42:50 962661]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"apdqnxp"= {F07FA3F2-6807-4F9D-BAE9-21CEF8028B26} - C:\WINDOWS\apdqnxp.dll [2008-03-02 17:05 282624]
"btrklfr"= {65DF4BE8-CBC4-441C-AC41-A0864FF00A16} - C:\WINDOWS\btrklfr.dll [2008-03-02 17:05 319488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-12-13 19:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NETIANET]
--a------ 2008-02-01 16:24 493568 C:\Program Files\Netia\Net\netianet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU]
--a------ 2006-10-17 16:11 380928 C:\Program Files\TP-LINK\TWCU\TWCU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Programy\\BitComet\\BitComet.exe"=
"D:\\Programy\\Gadu-Gadu\\gg.exe"=
"D:\\Gry\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"D:\\Gry\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\Gry\\Age of Pirates\\ENGINE.exe"=
"D:\\Gry\\Bitwa o Śródziemie\\game.dat"=
"D:\\Gry\\Bitwa o Śródziemie II\\game.dat"=
"D:\\Gry\\Król Nazguli\\game.dat"=
"D:\\Gry\\Neverwinter Nights 2\\nwn2main.exe"=
"D:\\Gry\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"D:\\Gry\\Neverwinter Nights 2\\nwupdate.exe"=
"D:\\Gry\\Neverwinter Nights 2\\nwn2server.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16798:TCP"= 16798:TCP:BitComet 16798 TCP
"16798:UDP"= 16798:UDP:BitComet 16798 UDP

R0 sfdrv02;FrontLine Environment Driver (v2);C:\WINDOWS\system32\drivers\sfdrv02.sys [2006-09-11 12:57]
R0 sfsync05;FrontLine Synchronization Driver (v5);C:\WINDOWS\system32\drivers\sfsync05.sys [2006-11-03 09:21]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;C:\WINDOWS\system32\DRIVERS\livecamv.sys [2007-01-15 17:57]
R3 V0380Afx;Creative Camera VF0380 Audio Effects Driver;C:\WINDOWS\system32\DRIVERS\V0380Afx.sys [2007-06-11 02:01]
R3 V0380Aud;Creative Camera VF0380 Noise Cancellation APO;C:\WINDOWS\system32\DRIVERS\V0380Aud.sys [2007-04-02 08:28]
R3 V0380Dev;Creative Camera VF0380 Driver;C:\WINDOWS\system32\DRIVERS\V0380Vid.sys [2007-07-03 02:00]
R3 V0380Vfx;Creative Camera VF0380 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\V0380Vfx.sys [2006-12-05 06:37]
S2 sfrem02;FrontLine Drivers Auto Removal (v2);C:\WINDOWS\system32\sfrem02.exe svc []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 21:50:57 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 18:06:25
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-04 18:07:10
ComboFix-quarantined-files.txt  2008-03-04 17:07:01
ComboFix2.txt  2008-03-03 21:14:13


oraz z HijackThis

Kod: Zaznacz wszystko

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26:15, on 2008-03-04
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\V0380Mon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AutoConnect\AutoConnect.exe
C:\Program Files\Tlen.pl\tlen.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
D:\Programy\BitComet\BitComet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SubEdit-Player\subedit.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.flashget.com/index_en.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: RDL Rolex - {CD6E6FC0-7BED-4DE5-B37E-FB7CF0A567DF} - C:\WINDOWS\dkxrstqwkx.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Tłumaczenie - {0D704FAD-66E9-4F0A-BFED-4F665770DDB3} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O3 - Toolbar: enlfxgw - {C37757F5-7FB4-4273-B3BE-E81667449196} - C:\WINDOWS\enlfxgw.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [V0380Mon.exe] C:\WINDOWS\V0380Mon.exe
O4 - HKLM\..\Run: [CloneCDTray] "D:\Programy\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AutoConnect] C:\Program Files\AutoConnect\AutoConnect.exe
O4 - HKCU\..\Run: [Komunikator] C:\Program Files\Tlen.pl\tlen.exe
O4 - HKCU\..\Run: [CreativeTaskScheduler] "C:\Program Files\Creative\Shared Files\CTSched.exe" /logon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA LOKALNA')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Programy\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Ściągnij przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Ściągnij wszystko przy pomocy FlashGet'a - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Dodaj do Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Ochrona WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programy\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll,-103 - {B46B0919-62BA-4D99-A5C4-916B57A6805C} - C:\Program Files\Techland\Common\InternetTranslator\InternetTranslator.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Programy\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECF98D1A-2DF7-4568-8DB0-97D77E57270F}: NameServer = 213.241.79.37 83.238.255.76
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O21 - SSODL: apdqnxp - {F07FA3F2-6807-4F9D-BAE9-21CEF8028B26} - C:\WINDOWS\apdqnxp.dll
O21 - SSODL: btrklfr - {65DF4BE8-CBC4-441C-AC41-A0864FF00A16} - C:\WINDOWS\btrklfr.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: FrontLine Drivers Auto Removal (v2) (sfrem02) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem02.exe

--
End of file - 8504 bytes



[/list]

[wojtas]

Wykonaj to co jest podane w tym temacie


zastosuj:

smitfraudfix z opcji 2
(sciagasz -> uruchamiasz-> klikasz dowolny klawisz -> wpisujesz w programie 2 i enter potem czekasz chwile -> gdy wyskoczy pytanie w programie Do you want to clean the registry ? to wpisujesz literke Y i znowu enter i czekasz do wyskoczenia raportu (znak ze skan dobiegł konca)

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka

[skoda]

Wielkie dzięki !
Pomogło na ikonki i alerty jednak czasem jeszcze pojawia mi sie taki komunikat ( który wcześniej mi się nie pojawiał )

http://www.mizo.pl/pliki/4310/ie1.jpg

Można coś z tym zrobić ?

[Dzi@dek]

Wykonaj to co jest podane w tym temacie


zastosuj:

smitfraudfix z opcji 2
(sciagasz -> uruchamiasz-> klikasz dowolny klawisz -> wpisujesz w programie 2 i enter potem czekasz chwile -> gdy wyskoczy pytanie w programie Do you want to clean the registry ? to wpisujesz literke Y i znowu enter i czekasz do wyskoczenia raportu (znak ze skan dobiegł konca)

Zastosuj SDFix . Po pobraniu uruchom go a rozpakuje się do C:\SDFix. Uruchom komputer w trybie awaryjnym (F8 przy stracie systemu). Będąc w awaryjnym uruchom plik RunThis.bat z folderu SDFixa. Zatwierdź czyszczenie przez Y. Poczekaj aż ukończy i komputer zresetuje

Potem wejdz do folderu C:\SDFix wrzuc zawartość pliku Report.txt + log z combofixa oraz z hijacka