Witam jest to mó pierwszy posti niewiem czy dobrze trafilem najwyzej prosze o przeniesienie
Prosze was o sprawdzenie logów z HJTInstall (przed i po) oraz z ComboFix poniewaz mialem wirusy 3 ikony na pulpicie
Error Cleaner, Privacy Protector, Spyware&Malware
daje logi w zalacznikach yyy nie moge dodac w zalacznikach pisze ze Rozszezenie TXT jest zabronione wiec przekopiuje
LOG PRZED :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:49, on 2008-05-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Ares\Ares.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
D:\Program Files\BitComet\BitComet.exe
C:\Program Files\DNA\btdna.exe
D:\Program Files\BitTorresnt\bittorrent.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Rhythm - {191BDFC1-2D14-4CC6-8C83-A4A3AF9F99D2} - C:\WINDOWS\nldfmtapgpv.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: gktxaspm - {10B9E92F-421E-44B2-A093-9DE0F3FAB2BC} - C:\WINDOWS\gktxaspm.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM…\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM…\Run: [QuickTime Task] “D:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [AVP] “D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe”
O4 - HKLM…\Run: [advap32] C:\DOCUME~1\Andrzej\USTAWI~1\Temp\stdcons.exe/r
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU…\Run: [DAEMON Tools Lite] “D:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 - HKCU…\Run: [ares] “D:\Program Files\Ares\Ares.exe” -h
O4 - HKCU…\Run: [bitComet] “D:\Program Files\BitComet\BitComet.exe” /tray
O4 - HKCU…\Run: [bitTorrent DNA] “C:\Program Files\DNA\btdna.exe”
O4 - HKCU…\Run: [bitTorrent] “D:\Program Files\BitTorresnt\bittorrent.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Dodaj do blokowanych banerów - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O21 - SSODL: pxgdslro - {4CB33790-6C9C-4E05-8EDB-6E7A8B665737} - C:\WINDOWS\pxgdslro.dll
O21 - SSODL: gnowmebk - {C70C2B01-E336-4C3A-8A13-18B1FA1EEFC5} - C:\WINDOWS\gnowmebk.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - d:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
–
End of file - 7725 bytes
-----------------------------------LOG PO---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02:07, on 2008-05-17
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Ares\Ares.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
D:\Program Files\BitComet\BitComet.exe
C:\Program Files\DNA\btdna.exe
D:\Program Files\BitTorresnt\bittorrent.exe
C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: QXK Rhythm - {191BDFC1-2D14-4CC6-8C83-A4A3AF9F99D2} - C:\WINDOWS\nldfmtapgpv.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: gktxaspm - {10B9E92F-421E-44B2-A093-9DE0F3FAB2BC} - C:\WINDOWS\gktxaspm.dll
O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM…\Run: [nwiz] nwiz.exe /install
O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”
O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM…\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM…\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”
O4 - HKLM…\Run: [QuickTime Task] “D:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM…\Run: [AVP] “D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe”
O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU…\Run: [DAEMON Tools Lite] “D:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun
O4 - HKCU…\Run: [ares] “D:\Program Files\Ares\Ares.exe” -h
O4 - HKCU…\Run: [bitComet] “D:\Program Files\BitComet\BitComet.exe” /tray
O4 - HKCU…\Run: [bitTorrent DNA] “C:\Program Files\DNA\btdna.exe”
O4 - HKCU…\Run: [bitTorrent] “D:\Program Files\BitTorresnt\bittorrent.exe”
O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)
O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)
O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Dodaj do blokowanych banerów - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O21 - SSODL: pxgdslro - {4CB33790-6C9C-4E05-8EDB-6E7A8B665737} - C:\WINDOWS\pxgdslro.dll
O21 - SSODL: gnowmebk - {C70C2B01-E336-4C3A-8A13-18B1FA1EEFC5} - C:\WINDOWS\gnowmebk.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - d:\Program Files\Ares\chatServer.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
–
End of file - 7830 bytes
------------------------------LOG Z COMBOFIX------------------------------------------
ComboFix 08-05-15.3 - Andrzej 2008-05-17 20:43:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1462 [GMT 2:00]
Running from: C:\Documents and Settings\Andrzej\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Andrzej\Pulpit\CFScript.txt
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
FILE ::
C:\WINDOWS\admggxp.dll
C:\WINDOWS\bdmnopx.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Andrzej\Dane aplikacji.#
C:\Documents and Settings\Andrzej\Pulpit\Error Cleaner.url
C:\Documents and Settings\Andrzej\Pulpit\Privacy Protector.url
C:\Documents and Settings\Andrzej\Pulpit\SpywareMalware Protection.url
C:\Documents and Settings\Andrzej\Ulubione\Error Cleaner.url
C:\Documents and Settings\Andrzej\Ulubione\Privacy Protector.url
C:\Documents and Settings\Andrzej\Ulubione\SpywareMalware Protection.url
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\rs.txt
.
((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))
.
2008-05-17 20:34 . 2008-05-17 20:34
2008-05-17 20:28 . 2008-05-17 20:28
2008-05-17 20:00 . 2008-05-17 20:43
2008-05-17 18:04 . 2008-05-17 13:59 217,088 --a------ C:\WINDOWS\nldfmtapgpv.dll
2008-05-17 18:04 . 2008-05-17 13:59 212,992 --a------ C:\WINDOWS\pxgdslro.dll
2008-05-17 18:04 . 2008-05-17 13:59 176,128 --a------ C:\WINDOWS\gnowmebk.dll
2008-05-17 18:04 . 2008-05-17 13:59 155,648 --a------ C:\WINDOWS\gktxaspm.dll
2008-05-17 18:04 . 2008-05-17 13:59 94,208 --a------ C:\WINDOWS\eova.exe
2008-05-17 18:04 . 2008-05-17 13:59 81,920 --a------ C:\WINDOWS\mdtgkswr.exe
2008-05-11 19:05 . 2008-05-11 19:05
2008-05-10 14:45 . 2008-05-10 14:45
2008-05-10 14:31 . 2008-05-11 15:18 23 --a------ C:\WINDOWS\BlendSettings.ini
2008-05-09 14:20 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-05-09 14:20 . 2001-08-17 22:02 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys
2008-05-08 22:17 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-05-08 22:17 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-05-08 22:17 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-05-08 22:01 . 2008-05-17 20:24
2008-05-08 22:01 . 2008-05-17 20:53 2,774,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-08 22:01 . 2008-05-08 22:10 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-08 22:01 . 2008-05-08 22:10 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-08 22:01 . 2008-05-17 20:12 65,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-08 22:01 . 2008-05-17 15:53 36,164 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-08 22:01 . 2008-05-17 15:53 7,808 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-07 18:57 . 2008-05-07 18:57 0 --a------ C:\WINDOWS\Infob.dat
2008-05-07 18:57 . 2008-05-07 18:57 0 --a------ C:\WINDOWS\Infoa.dat
2008-05-07 18:51 . 2008-05-07 18:52
2008-05-07 16:13 . 2008-05-07 16:13
2008-05-07 16:13 . 2008-05-17 20:50
2008-05-07 16:07 . 2008-05-17 20:36
2008-05-07 16:07 . 2008-05-07 16:07 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2008-05-07 15:59 . 2008-05-17 20:43
2008-04-28 17:56 . 2008-04-28 17:58
2008-04-25 17:16 . 2008-04-25 17:16
2008-04-24 15:51 . 2008-04-24 15:51
2008-04-24 15:51 . 2005-05-24 21:24 169,534 --a------ C:\WINDOWS\SFO.ICO
2008-04-18 21:48 . 2008-04-18 21:48
2008-04-18 21:48 . 2008-04-18 21:49
2008-04-18 19:27 . 2008-04-18 19:27
2008-04-18 19:27 . 2008-05-09 14:23 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-18 19:19 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-17 18:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft
2008-05-10 12:49 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-05-08 20:24 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\AdobeUM
2008-04-15 15:33 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-04-11 15:16 2,368 ----a-w C:\WINDOWS\system32\SVKP.sys
2008-04-05 10:27 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Hamachi
2008-04-04 19:29 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-04-04 19:29 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-04 19:29 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-03-31 16:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-31 16:27 --------- d-----w C:\Program Files\AGEIA Technologies
2008-03-31 14:09 --------- d-----w C:\Program Files\Valve
2008-03-30 12:29 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Apple Computer
2008-03-30 12:21 --------- d-----w C:\Program Files\Apple Software Update
2008-03-30 12:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer
2008-03-30 12:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple
2008-03-30 11:57 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll
2008-03-30 11:57 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll
2008-03-30 11:57 892,928 ----a-w C:\WINDOWS\system32\iconv.dll
2008-03-30 11:57 45,056 ----a-w C:\WINDOWS\system32\ogg.dll
2008-03-30 11:57 391,168 ----a-w C:\WINDOWS\system32\i263_32.drv
2008-03-30 11:57 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll
2008-03-30 11:57 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll
2008-03-30 11:57 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll
2008-03-30 11:57 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll
2008-03-30 11:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-27 15:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-27 14:40 --------- d-----w C:\Program Files\Java
2008-03-27 14:38 --------- d-----w C:\Program Files\Common Files\Java
2008-03-25 08:59 --------- d-----w C:\Program Files\Hamachi
2008-03-25 08:58 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-22 09:28 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Gadu-Gadu
2008-03-21 19:20 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-21 19:18 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\DAEMON Tools
2008-03-21 19:15 --------- d-----w C:\Program Files\ZyDAS Technology Corporation
2008-03-21 19:07 --------- d-----w C:\Program Files\Warblade
2008-03-21 12:54 --------- d-----r C:\Documents and Settings\Andrzej\Dane aplikacji\Brother
2008-03-21 12:47 --------- d-----w C:\Program Files\Brother
2008-03-21 12:44 --------- d-----w C:\Program Files\Nuance
2008-03-21 12:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield
2008-03-21 12:43 --------- d-----w C:\Program Files\ScanSoft
2008-03-21 12:43 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-21 12:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Brother
2008-03-21 11:54 --------- d-----w C:\Program Files\MSXML 4.0
2008-03-21 11:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files
2008-03-21 10:32 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-21 10:32 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Ahead
2008-03-21 10:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead
2008-03-21 10:31 --------- d-----w C:\Program Files\Nero
2008-03-21 10:31 --------- d-----w C:\Program Files\CyberLink
2008-03-21 10:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-03-21 10:24 --------- d-----w C:\Program Files\MarBit
2008-03-21 10:24 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-21 10:22 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-21 10:22 --------- d-----w C:\Program Files\Microsoft Works
2008-03-21 10:04 15,600 ----a-w C:\WINDOWS\gdrv.sys
2008-03-21 10:03 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-03-21 10:03 --------- d-----w C:\Program Files\Realtek
2008-03-21 10:03 --------- d-----w C:\Program Files\DIFX
2008-03-21 10:01 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\InstallShield
2008-03-21 09:56 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-21 09:55 --------- d-----w C:\Program Files\Usługi online
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE~\Browser Helper Objects{191BDFC1-2D14-4CC6-8C83-A4A3AF9F99D2}]
2008-05-17 13:59 217088 --a------ C:\WINDOWS\nldfmtapgpv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
“{10B9E92F-421E-44B2-A093-9DE0F3FAB2BC}”= “C:\WINDOWS\gktxaspm.dll” [2008-05-17 13:59 155648]
[HKEY_CLASSES_ROOT\clsid{10b9e92f-421e-44b2-a093-9de0f3fab2bc}]
[HKEY_CLASSES_ROOT\gktxaspm.1]
[HKEY_CLASSES_ROOT\TypeLib{A998690B-A72F-4E3B-8AA0-BE953DCCEF4B}]
[HKEY_CLASSES_ROOT\gktxaspm]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44 15360]
“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-27 20:03 152872]
“DAEMON Tools Lite”=“D:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-02-14 01:09 486856]
“ares”=“D:\Program Files\Ares\Ares.exe” [2007-05-04 02:32 961024]
“BitComet”=“D:\Program Files\BitComet\BitComet.exe” [2008-05-05 11:02 2334520]
“BitTorrent DNA”=“C:\Program Files\DNA\btdna.exe” [2008-05-07 16:13 289088]
“BitTorrent”=“D:\Program Files\BitTorresnt\bittorrent.exe” [2008-05-07 16:35 587568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-11-06 11:30 8523776]
“nwiz”=“nwiz.exe” [2007-11-06 11:30 1626112 C:\WINDOWS\system32\nwiz.exe]
“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-11-06 11:30 81920]
“RTHDCPL”=“RTHDCPL.EXE” [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]
“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-12-07 23:57 30208]
“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 16:57 153136]
“BrMfcWnd”=“C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe” [2007-03-12 15:51 663552]
“ControlCenter3”=“C:\Program Files\Brother\ControlCenter3\brctrcen.exe” [2007-01-26 16:58 65536]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 05:25 144784]
“QuickTime Task”=“D:\Program Files\QuickTime\QTTask.exe” [2007-06-29 06:24 286720]
“AVP”=“D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” [2007-06-28 12:51 218376]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-03-21 21:15:29 487424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
“pxgdslro”= {4CB33790-6C9C-4E05-8EDB-6E7A8B665737} - C:\WINDOWS\pxgdslro.dll [2008-05-17 13:59 212992]
“gnowmebk”= {C70C2B01-E336-4C3A-8A13-18B1FA1EEFC5} - C:\WINDOWS\gnowmebk.dll [2008-05-17 13:59 176128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
“AppInit_DLLs”=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“vidc.I420”= i263_32.drv
“VIDC.YV12”= yv12vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uaG40.sys]
@=“Driver”
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusOverride”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
“DisableMonitoring”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“D:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe”=
“D:\Program Files\EA GAMES\Battlefield 2\BF2.exe”=
“D:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\Valve\hl.exe”=
“D:\Program Files\Nowy folder\LFS.exe”=
“D:\Program Files\Ubisoft\Funatics\The Settlers II - Dziesięciolecie\bin\S2DNG.exe”=
“D:\Program Files\Ares\Ares.exe”=
“C:\Program Files\DNA\btdna.exe”=
“d:\Program Files\BitTorrent\bittorrent.exe”=
“D:\Program Files\BitComet\BitComet.exe”=
“d:\Program Files\BitTorresnt\bittorrent.exe”=
“D:\Program Files\Sierra Entertainment\World in Conflict\wic.exe”=
“D:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe”=
“D:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe”=
“D:\Program Files\Bethesda Softworks\Oblivion\MultiTES4Server_0.2.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“27407:TCP”= 27407:TCP:BitComet 27407 TCP
“27407:UDP”= 27407:UDP:BitComet 27407 UDP
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-04-11 17:16]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 14:44]
S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-03-21 12:04]
*Newly Created Service* - CATCHME
.
Contents of the ‘Scheduled Tasks’ folder
“2008-03-30 12:21:38 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-17 20:53:00
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-17 20:53:55
ComboFix-quarantined-files.txt 2008-05-17 18:53:52
Pre-Run: 46,481,190,912 bajtów wolnych
Post-Run: 47,579,361,280 bajtów wolnych
239 — E O F — 2008-05-17 12:42:27
Z góry dzieki pozdrawiam