Jak usunąć nldfmtapgpv.dll

Dla specjalistów Bezpieczeństwo
#1

Witam jest to mó pierwszy posti niewiem czy dobrze trafilem najwyzej prosze o przeniesienie

Prosze was o sprawdzenie logów z HJTInstall (przed i po) oraz z ComboFix poniewaz mialem wirusy 3 ikony na pulpicie

Error Cleaner, Privacy Protector, Spyware&Malware

daje logi w zalacznikach yyy nie moge dodac w zalacznikach pisze ze Rozszezenie TXT jest zabronione wiec przekopiuje

LOG PRZED :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 20:34:49, on 2008-05-17

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

D:\Program Files\DAEMON Tools Lite\daemon.exe

D:\Program Files\Ares\Ares.exe

C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe

D:\Program Files\BitComet\BitComet.exe

C:\Program Files\DNA\btdna.exe

D:\Program Files\BitTorresnt\bittorrent.exe

C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: QXK Rhythm - {191BDFC1-2D14-4CC6-8C83-A4A3AF9F99D2} - C:\WINDOWS\nldfmtapgpv.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: gktxaspm - {10B9E92F-421E-44B2-A093-9DE0F3FAB2BC} - C:\WINDOWS\gktxaspm.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM…\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM…\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

O4 - HKLM…\Run: [QuickTime Task] “D:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKLM…\Run: [AVP] “D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe”

O4 - HKLM…\Run: [advap32] C:\DOCUME~1\Andrzej\USTAWI~1\Temp\stdcons.exe/r

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”

O4 - HKCU…\Run: [DAEMON Tools Lite] “D:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun

O4 - HKCU…\Run: [ares] “D:\Program Files\Ares\Ares.exe” -h

O4 - HKCU…\Run: [bitComet] “D:\Program Files\BitComet\BitComet.exe” /tray

O4 - HKCU…\Run: [bitTorrent DNA] “C:\Program Files\DNA\btdna.exe”

O4 - HKCU…\Run: [bitTorrent] “D:\Program Files\BitTorresnt\bittorrent.exe”

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Dodaj do blokowanych banerów - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O21 - SSODL: pxgdslro - {4CB33790-6C9C-4E05-8EDB-6E7A8B665737} - C:\WINDOWS\pxgdslro.dll

O21 - SSODL: gnowmebk - {C70C2B01-E336-4C3A-8A13-18B1FA1EEFC5} - C:\WINDOWS\gnowmebk.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - d:\Program Files\Ares\chatServer.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm

End of file - 7725 bytes

-----------------------------------LOG PO---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:02:07, on 2008-05-17

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

D:\Program Files\DAEMON Tools Lite\daemon.exe

D:\Program Files\Ares\Ares.exe

C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe

D:\Program Files\BitComet\BitComet.exe

C:\Program Files\DNA\btdna.exe

D:\Program Files\BitTorresnt\bittorrent.exe

C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PnkBstrB.exe

C:\Program Files\CyberLink\Shared files\RichVideo.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5&lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: QXK Rhythm - {191BDFC1-2D14-4CC6-8C83-A4A3AF9F99D2} - C:\WINDOWS\nldfmtapgpv.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll

O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL

O3 - Toolbar: gktxaspm - {10B9E92F-421E-44B2-A093-9DE0F3FAB2BC} - C:\WINDOWS\gktxaspm.dll

O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM…\Run: [nwiz] nwiz.exe /install

O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM…\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM…\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

O4 - HKLM…\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun

O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe”

O4 - HKLM…\Run: [QuickTime Task] “D:\Program Files\QuickTime\QTTask.exe” -atboottime

O4 - HKLM…\Run: [AVP] “D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe”

O4 - HKCU…\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”

O4 - HKCU…\Run: [DAEMON Tools Lite] “D:\Program Files\DAEMON Tools Lite\daemon.exe” -autorun

O4 - HKCU…\Run: [ares] “D:\Program Files\Ares\Ares.exe” -h

O4 - HKCU…\Run: [bitComet] “D:\Program Files\BitComet\BitComet.exe” /tray

O4 - HKCU…\Run: [bitTorrent DNA] “C:\Program Files\DNA\btdna.exe”

O4 - HKCU…\Run: [bitTorrent] “D:\Program Files\BitTorresnt\bittorrent.exe”

O4 - HKUS\S-1-5-19…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA LOKALNA’)

O4 - HKUS\S-1-5-20…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘USŁUGA SIECIOWA’)

O4 - HKUS\S-1-5-18…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)

O4 - HKUS.DEFAULT…\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)

O4 - Global Startup: ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: Dodaj do blokowanych banerów - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O21 - SSODL: pxgdslro - {4CB33790-6C9C-4E05-8EDB-6E7A8B665737} - C:\WINDOWS\pxgdslro.dll

O21 - SSODL: gnowmebk - {C70C2B01-E336-4C3A-8A13-18B1FA1EEFC5} - C:\WINDOWS\gnowmebk.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - d:\Program Files\Ares\chatServer.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

End of file - 7830 bytes

------------------------------LOG Z COMBOFIX------------------------------------------

ComboFix 08-05-15.3 - Andrzej 2008-05-17 20:43:43.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1462 [GMT 2:00]

Running from: C:\Documents and Settings\Andrzej\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Andrzej\Pulpit\CFScript.txt

* Created a new restore point

* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED!!

FILE ::

C:\WINDOWS\admggxp.dll

C:\WINDOWS\bdmnopx.dll

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Documents and Settings\Andrzej\Dane aplikacji.#

C:\Documents and Settings\Andrzej\Pulpit\Error Cleaner.url

C:\Documents and Settings\Andrzej\Pulpit\Privacy Protector.url

C:\Documents and Settings\Andrzej\Pulpit\SpywareMalware Protection.url

C:\Documents and Settings\Andrzej\Ulubione\Error Cleaner.url

C:\Documents and Settings\Andrzej\Ulubione\Privacy Protector.url

C:\Documents and Settings\Andrzej\Ulubione\SpywareMalware Protection.url

C:\WINDOWS\privacy_danger

C:\WINDOWS\privacy_danger\images\capt.gif

C:\WINDOWS\privacy_danger\images\danger.jpg

C:\WINDOWS\privacy_danger\images\down.gif

C:\WINDOWS\privacy_danger\images\spacer.gif

C:\WINDOWS\privacy_danger\index.htm

C:\WINDOWS\rs.txt

.

((((((((((((((((((((((((( Files Created from 2008-04-17 to 2008-05-17 )))))))))))))))))))))))))))))))

.

2008-05-17 20:34 . 2008-05-17 20:34

2008-05-17 20:28 . 2008-05-17 20:28

2008-05-17 20:00 . 2008-05-17 20:43

2008-05-17 18:04 . 2008-05-17 13:59 217,088 --a------ C:\WINDOWS\nldfmtapgpv.dll

2008-05-17 18:04 . 2008-05-17 13:59 212,992 --a------ C:\WINDOWS\pxgdslro.dll

2008-05-17 18:04 . 2008-05-17 13:59 176,128 --a------ C:\WINDOWS\gnowmebk.dll

2008-05-17 18:04 . 2008-05-17 13:59 155,648 --a------ C:\WINDOWS\gktxaspm.dll

2008-05-17 18:04 . 2008-05-17 13:59 94,208 --a------ C:\WINDOWS\eova.exe

2008-05-17 18:04 . 2008-05-17 13:59 81,920 --a------ C:\WINDOWS\mdtgkswr.exe

2008-05-11 19:05 . 2008-05-11 19:05

2008-05-10 14:45 . 2008-05-10 14:45

2008-05-10 14:31 . 2008-05-11 15:18 23 --a------ C:\WINDOWS\BlendSettings.ini

2008-05-09 14:20 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

2008-05-09 14:20 . 2001-08-17 22:02 9,600 --a–c— C:\WINDOWS\system32\dllcache\hidusb.sys

2008-05-08 22:17 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll

2008-05-08 22:17 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll

2008-05-08 22:17 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll

2008-05-08 22:01 . 2008-05-17 20:24

2008-05-08 22:01 . 2008-05-17 20:53 2,774,048 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat

2008-05-08 22:01 . 2008-05-08 22:10 96,645 --a------ C:\WINDOWS\system32\drivers\klin.dat

2008-05-08 22:01 . 2008-05-08 22:10 87,941 --a------ C:\WINDOWS\system32\drivers\klick.dat

2008-05-08 22:01 . 2008-05-17 20:12 65,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat

2008-05-08 22:01 . 2008-05-17 15:53 36,164 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx

2008-05-08 22:01 . 2008-05-17 15:53 7,808 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx

2008-05-07 18:57 . 2008-05-07 18:57 0 --a------ C:\WINDOWS\Infob.dat

2008-05-07 18:57 . 2008-05-07 18:57 0 --a------ C:\WINDOWS\Infoa.dat

2008-05-07 18:51 . 2008-05-07 18:52

2008-05-07 16:13 . 2008-05-07 16:13

2008-05-07 16:13 . 2008-05-17 20:50

2008-05-07 16:07 . 2008-05-17 20:36

2008-05-07 16:07 . 2008-05-07 16:07 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll

2008-05-07 15:59 . 2008-05-17 20:43

2008-04-28 17:56 . 2008-04-28 17:58

2008-04-25 17:16 . 2008-04-25 17:16

2008-04-24 15:51 . 2008-04-24 15:51

2008-04-24 15:51 . 2005-05-24 21:24 169,534 --a------ C:\WINDOWS\SFO.ICO

2008-04-18 21:48 . 2008-04-18 21:48

2008-04-18 21:48 . 2008-04-18 21:49

2008-04-18 19:27 . 2008-04-18 19:27

2008-04-18 19:27 . 2008-05-09 14:23 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll

2008-04-18 19:19 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-05-17 18:09 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft

2008-05-10 12:49 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-05-08 20:24 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\AdobeUM

2008-04-15 15:33 --------- d-----w C:\Program Files\Common Files\SWF Studio

2008-04-11 15:16 2,368 ----a-w C:\WINDOWS\system32\SVKP.sys

2008-04-05 10:27 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Hamachi

2008-04-04 19:29 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe

2008-04-04 19:29 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys

2008-04-04 19:29 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe

2008-03-31 16:27 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard

2008-03-31 16:27 --------- d-----w C:\Program Files\AGEIA Technologies

2008-03-31 14:09 --------- d-----w C:\Program Files\Valve

2008-03-30 12:29 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Apple Computer

2008-03-30 12:21 --------- d-----w C:\Program Files\Apple Software Update

2008-03-30 12:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple Computer

2008-03-30 12:21 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Apple

2008-03-30 11:57 921,600 ----a-w C:\WINDOWS\system32\vorbisenc.dll

2008-03-30 11:57 9,216 ----a-w C:\WINDOWS\system32\cpuinf32.dll

2008-03-30 11:57 892,928 ----a-w C:\WINDOWS\system32\iconv.dll

2008-03-30 11:57 45,056 ----a-w C:\WINDOWS\system32\ogg.dll

2008-03-30 11:57 391,168 ----a-w C:\WINDOWS\system32\i263_32.drv

2008-03-30 11:57 245,760 ----a-w C:\WINDOWS\system32\mplvpx.dll

2008-03-30 11:57 237,568 ----a-w C:\WINDOWS\system32\OggDS.dll

2008-03-30 11:57 188,416 ----a-w C:\WINDOWS\system32\vorbis.dll

2008-03-30 11:57 1,415,680 ----a-w C:\WINDOWS\system32\WMV9VCM.dll

2008-03-30 11:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe

2008-03-27 15:41 --------- d-----w C:\Program Files\Common Files\Adobe

2008-03-27 14:40 --------- d-----w C:\Program Files\Java

2008-03-27 14:38 --------- d-----w C:\Program Files\Common Files\Java

2008-03-25 08:59 --------- d-----w C:\Program Files\Hamachi

2008-03-25 08:58 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys

2008-03-25 04:52 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:52 178,976 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-22 09:28 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Gadu-Gadu

2008-03-21 19:20 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys

2008-03-21 19:18 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\DAEMON Tools

2008-03-21 19:15 --------- d-----w C:\Program Files\ZyDAS Technology Corporation

2008-03-21 19:07 --------- d-----w C:\Program Files\Warblade

2008-03-21 12:54 --------- d-----r C:\Documents and Settings\Andrzej\Dane aplikacji\Brother

2008-03-21 12:47 --------- d-----w C:\Program Files\Brother

2008-03-21 12:44 --------- d-----w C:\Program Files\Nuance

2008-03-21 12:44 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\InstallShield

2008-03-21 12:43 --------- d-----w C:\Program Files\ScanSoft

2008-03-21 12:43 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-03-21 12:43 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Brother

2008-03-21 11:54 --------- d-----w C:\Program Files\MSXML 4.0

2008-03-21 11:22 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Kaspersky Lab Setup Files

2008-03-21 10:32 --------- d-----w C:\Program Files\Common Files\Ahead

2008-03-21 10:32 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\Ahead

2008-03-21 10:32 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Ahead

2008-03-21 10:31 --------- d-----w C:\Program Files\Nero

2008-03-21 10:31 --------- d-----w C:\Program Files\CyberLink

2008-03-21 10:31 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero

2008-03-21 10:24 --------- d-----w C:\Program Files\MarBit

2008-03-21 10:24 --------- d-----w C:\Program Files\K-Lite Codec Pack

2008-03-21 10:22 --------- d-----w C:\Program Files\Microsoft.NET

2008-03-21 10:22 --------- d-----w C:\Program Files\Microsoft Works

2008-03-21 10:04 15,600 ----a-w C:\WINDOWS\gdrv.sys

2008-03-21 10:03 315,392 ----a-w C:\WINDOWS\HideWin.exe

2008-03-21 10:03 --------- d-----w C:\Program Files\Realtek

2008-03-21 10:03 --------- d-----w C:\Program Files\DIFX

2008-03-21 10:01 --------- d-----w C:\Documents and Settings\Andrzej\Dane aplikacji\InstallShield

2008-03-21 09:56 --------- d-----w C:\Program Files\microsoft frontpage

2008-03-21 09:55 --------- d-----w C:\Program Files\Usługi online

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{191BDFC1-2D14-4CC6-8C83-A4A3AF9F99D2}]

2008-05-17 13:59 217088 --a------ C:\WINDOWS\nldfmtapgpv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{10B9E92F-421E-44B2-A093-9DE0F3FAB2BC}”= “C:\WINDOWS\gktxaspm.dll” [2008-05-17 13:59 155648]

[HKEY_CLASSES_ROOT\clsid{10b9e92f-421e-44b2-a093-9de0f3fab2bc}]

[HKEY_CLASSES_ROOT\gktxaspm.1]

[HKEY_CLASSES_ROOT\TypeLib{A998690B-A72F-4E3B-8AA0-BE953DCCEF4B}]

[HKEY_CLASSES_ROOT\gktxaspm]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-03 23:44 15360]

“BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}”=“C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe” [2007-06-27 20:03 152872]

“DAEMON Tools Lite”=“D:\Program Files\DAEMON Tools Lite\daemon.exe” [2008-02-14 01:09 486856]

“ares”=“D:\Program Files\Ares\Ares.exe” [2007-05-04 02:32 961024]

“BitComet”=“D:\Program Files\BitComet\BitComet.exe” [2008-05-05 11:02 2334520]

“BitTorrent DNA”=“C:\Program Files\DNA\btdna.exe” [2008-05-07 16:13 289088]

“BitTorrent”=“D:\Program Files\BitTorresnt\bittorrent.exe” [2008-05-07 16:35 587568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-11-06 11:30 8523776]

“nwiz”=“nwiz.exe” [2007-11-06 11:30 1626112 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-11-06 11:30 81920]

“RTHDCPL”=“RTHDCPL.EXE” [2007-07-05 10:08 16380416 C:\WINDOWS\RTHDCPL.exe]

“RemoteControl”=“C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe” [2005-12-07 23:57 30208]

“NeroFilterCheck”=“C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe” [2007-03-01 16:57 153136]

“BrMfcWnd”=“C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe” [2007-03-12 15:51 663552]

“ControlCenter3”=“C:\Program Files\Brother\ControlCenter3\brctrcen.exe” [2007-01-26 16:58 65536]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 05:25 144784]

“QuickTime Task”=“D:\Program Files\QuickTime\QTTask.exe” [2007-06-29 06:24 286720]

“AVP”=“D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe” [2007-06-28 12:51 218376]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-03 23:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

ZDWLan Utility.lnk - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2008-03-21 21:15:29 487424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

“pxgdslro”= {4CB33790-6C9C-4E05-8EDB-6E7A8B665737} - C:\WINDOWS\pxgdslro.dll [2008-05-17 13:59 212992]

“gnowmebk”= {C70C2B01-E336-4C3A-8A13-18B1FA1EEFC5} - C:\WINDOWS\gnowmebk.dll [2008-05-17 13:59 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

“AppInit_DLLs”=D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“vidc.I420”= i263_32.drv

“VIDC.YV12”= yv12vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\uaG40.sys]

@=“Driver”

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

“AntiVirusOverride”=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

“DisableMonitoring”=dword:00000001

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“D:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe”=

“D:\Program Files\EA GAMES\Battlefield 2\BF2.exe”=

“D:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\Valve\hl.exe”=

“D:\Program Files\Nowy folder\LFS.exe”=

“D:\Program Files\Ubisoft\Funatics\The Settlers II - Dziesięciolecie\bin\S2DNG.exe”=

“D:\Program Files\Ares\Ares.exe”=

“C:\Program Files\DNA\btdna.exe”=

“d:\Program Files\BitTorrent\bittorrent.exe”=

“D:\Program Files\BitComet\BitComet.exe”=

“d:\Program Files\BitTorresnt\bittorrent.exe”=

“D:\Program Files\Sierra Entertainment\World in Conflict\wic.exe”=

“D:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe”=

“D:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe”=

“D:\Program Files\Bethesda Softworks\Oblivion\MultiTES4Server_0.2.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“27407:TCP”= 27407:TCP:BitComet 27407 TCP

“27407:UDP”= 27407:UDP:BitComet 27407 UDP

R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2008-04-11 17:16]

R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]

R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 14:44]

S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2008-03-21 12:04]

*Newly Created Service* - CATCHME

.

Contents of the ‘Scheduled Tasks’ folder

“2008-03-30 12:21:38 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”

  • C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-05-17 20:53:00

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-05-17 20:53:55

ComboFix-quarantined-files.txt 2008-05-17 18:53:52

Pre-Run: 46,481,190,912 bajtów wolnych

Post-Run: 47,579,361,280 bajtów wolnych

239 — E O F — 2008-05-17 12:42:27

Z góry dzieki pozdrawiam

#2

Fix w hijackthis:

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\nldfmtapgpv.dll

C:\WINDOWS\pxgdslro.dll

C:\WINDOWS\gnowmebk.dll

C:\WINDOWS\gktxaspm.dll

C:\WINDOWS\eova.exe

C:\WINDOWS\mdtgkswr.exe

C:\DOCUME~1\Andrzej\USTAWI~1\Temp\stdcons.exe


Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{191BDFC1-2D14-4CC6-8C83-A4A3AF9F99D2}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{10B9E92F-421E-44B2-A093-9DE0F3FAB2BC}"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NeroFilterCheck"=-

"SunJavaUpdateSched"=-

"QuickTime Task"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

"pxgdslro"=-

"gnowmebk"=-

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklej.org

#3

Zastosuj się do tego Tematu i zmień tytuł tematu na konkretny inaczej KOSZ

Pozdrawiam Gutek2222

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350

OT-y KOSZ

#4

tu jest log z combofix http://www.wklej.org/id/bbaba6c68e pozdrawiam i prosze o pomoc znowu to wyskoczylo jak rano wlaczylem komputer

#5

Użyj SmitFraudFix wybierz opcji nr 2 , oczywiście w trybie awaryjnym i po tym skan http://www.kaspersky.pl/virusscanner.html

#6

tu jest log z tego programu " SMITFRAUDFIX"

http://www.wklej.org/id/2f3fb847b3

Pozdrawiam (narazie niema zobaczymy czy jutro wyskoczy czy cos )

#7

Daj nowy log z Combofix

#8

log z comkbofix http://www.wklej.org/id/f9a76197b0

#9

Nic nie widać

#10

dzieki wam wszystkim jak mozna jakos plusy postawic czy cos to powiedzcie jak nic mi juz nie wyskakuje pozdrawiam a dla was :

|

|

|

|

#11

Przeskanuj komputer tym (uruchom przez IE) http://www.kaspersky.pl/virusscanner.html Daj raport z niego na forum