3problemy:privacy_danger,otwierająca przeglądarka,połączenie

MyLastDay · 11 Kwiecień 2008 13:29

Mam 3 problemy :

Po usunięciu śmiecia Priwacy Danger programem SDFix został mi biały pulpit i nieda się go zmienić.
Automatycznie otwiera mi sie przeglądarka Internet Explorer i ładuje sie przez 10 sec jakaś strona , poczym przeglądarka sama się zaraz wyłącza (moją domyślną przeglądarką jest Mozilla Firefox ).
4 razy pojawia się okno Próba Połączenia z Internetem (moge wtedy wybrać albo praca w trybie offline albo ponów próbę) wyłączam te okna i za jakiś czas znowu same wyskakują (dodam , że jak modem jest odłączony też to wyskakuje).

Oto logi z ComboFix i HijackThis:

ComboFix 08-04-09.9 - Zygmunt 2008-04-11 14:27:27.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.685 [GMT 2:00]

Running from: C:\Documents and Settings\Zygmunt\Pulpit\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

Files Created from 2008-03-11 to 2008-04-11

C:\WINDOWS\Start Menu

C:\WINDOWS\Favorites

C:\WINDOWS\Application Data

C:\WINDOWS\ERUNT

C:\SDFix

C:\Documents and Settings\Zygmunt\Dane aplikacji\TmpRecentIcons

C:\WINDOWS\system32\GroupPolicy

C:\WINDOWS\system32\fccbASKa.dll_old

C:\Documents and Settings\All Users\Dane aplikacji\vuduvyfw

C:\WINDOWS\system32\zwlgxkhm.exe

C:\Program Files\bho.exe

C:\Program Files\Winamp Toolbar

C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar

C:\Program Files\Opera

C:\Program Files\Profiles

C:\Program Files\Replays

C:\Program Files\Tracks.dat

C:\Program Files\mxmania.dat

C:\Documents and Settings\Neo\Dane aplikacji\supporterrorjunk

Find3M Report

C:\Documents and Settings\Zygmunt\Dane aplikacji\OpenOffice.org2

C:\Program Files\Neostrada TP

C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search Destroy

C:\Program Files\Spybot - Search Destroy

C:\Documents and Settings\Zygmunt\Dane aplikacji\Skype

C:\Documents and Settings\Neo\Dane aplikacji\Winamp

C:\Program Files\InstallShield Installation Information

C:\Program Files\iPod

C:\Program Files\HiScores.sav

C:\Program Files\eMule

C:\Documents and Settings\Neo\Dane aplikacji\GetRightToGo

C:\WINDOWS\system32\drivers\secdrv.sys

C:\Documents and Settings\Neo\Dane aplikacji\teamspeak2

C:\Program Files\Winamp Remote

C:\Documents and Settings\All Users\Dane aplikacji\OrbNetworks

C:\Documents and Settings\Zygmunt\Dane aplikacji\Winamp

C:\Documents and Settings\Neo\Dane aplikacji\Media Player Classic

C:\Documents and Settings\Neo\Dane aplikacji\GDIPFONTCACHEV1.DAT

C:\Documents and Settings\Zygmunt\Dane aplikacji\Ahead

C:\Program Files\Zenographics

C:\Program Files\Hewlett-Packard

C:\Program Files\Gimnazjum_testy_2007

C:\WINDOWS\unins002.exe

C:\Program Files\L2eXistence_Installer_v1.0.exe

C:\Program Files\Uninstall_CDS.exe

C:\Program Files\ReadMe_FR.txt

C:\Program Files\ReadMe_EN.txt

C:\Program Files\ReadMe_DU.txt

Reg Loading Points

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“PcSync”=“D:\Nokia PC Suite 6\PcSync2.exe” [2005-04-20 09:57 847872]

“Orb”=“C:\Program Files\Winamp Remote\bin\OrbTray.exe” [2008-01-07 22:02 495616]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]

“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search Destroy\TeaTimer.exe” [2008-01-28 12:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2005-11-09 00:00 128920]

“RemoteControl”=“C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe” [2003-12-08 17:35 32768]

“InCD”=“C:\Program Files\Ahead\InCD\InCD.exe” [2004-09-07 15:25 1400944]

“NeroFilterCheck”=“C:\WINDOWS\system32\NeroCheck.exe” [2001-07-09 11:50 155648]

“PCSuiteTrayApplication”=“D:\Nokia PC Suite 6\LaunchApplication.exe” [2005-03-22 09:39 167936]

“DataLayer”=“C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe” [2005-03-31 09:30 1106944]

“WooCnxMon”=“C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [2003-10-16 19:07 24576]

“SpeedTouch USB Diagnostics”=“C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 12:38 866816]

“WOOWATCH”=“C:\PROGRA~1\NEOSTR~1\Watch.exe” [2003-10-16 19:07 20480]

“WOOTASKBARICON”=“C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 19:07 53248]

“QuickTime Task”=“C:\Program Files\QuickTime Alternative\qttask.exe” [2006-09-24 03:24 282624]

“iTunesHelper”=“C:\Program Files\iTunes\iTunesHelper.exe” [2006-09-25 14:54 229952]

“OrderReminder”=“C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe” [2006-01-30 18:00 98304]

“WinampAgent”=“D:\Winamp\winampa.exe” [2008-04-01 20:49 36352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

“WIAWizardMenu”=“C:\WINDOWS\system32\sti_ci.dll” [2004-08-04 00:44 137216]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44 15360]

C:\Documents and Settings\Zygmunt\Menu Start\Programy\Autostart\

OpenOffice.org 2.0.2.lnk - C:\Program Files\OpenOffice.org 2.0.2\program\quickstart.exe [2006-03-12 01:12:44 393216]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 07:05:26 29696]

Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

“SynchronousMachineGroupPolicy”= 0 (0x0)

“SynchronousUserGroupPolicy”= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]

Source= file:///C:\WINDOWS\privacy_danger\index.htm

FriendlyName= Privacy Protection

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

“SysCD”= {36348a0a-8379-4191-b902-7ae8d929e9ab} - C:\WINDOWS\Resources\SysCD.dll [2008-04-10 15:32 12838]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJCULef]

mlJCULef.dll

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\eMule\emule.exe”=

“C:\Program Files\WUUP!\WUUP.exe”=

“C:\Program Files\iTunes\iTunes.exe”=

“C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAGENT.EXE”=

“C:\PROGRA~1\COMMON~1\MICROW~1\eScanRAD\ESCANRAD.EXE”=

“C:\WINDOWS\system32\sessmgr.exe”=

“C:\Program Files\Media Player Classic\mplayerc.exe”=

“C:\Program Files\Mozilla Firefox\firefox.exe”=

“C:\Program Files\Internet Explorer\IEXPLORE.EXE”=

“C:\Program Files\JLC’s Software\Internet TV\Internet TV.exe”=

“D:\Winamp\winamp.exe”=

“C:\Program Files\Winamp Remote\bin\Orb.exe”=

“C:\Program Files\Winamp Remote\bin\OrbTray.exe”=

“C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=

“D:\Program Files\Wolfenstein - Enemy Territory\ETDED.exe”=

“D:\pc\igi2.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

R2 eScan-trayicos;eScan Server-Updater;C:\PROGRA~1\eScan\TRAYSSER.EXE [2006-07-31 04:08]

R3 SiS7012;Service for AC’97 Sample Driver (WDM);C:\WINDOWS\system32\drivers\sis7012.sys [2001-10-11 08:51]

S2 KAVMonitorService;eScan Monitor Service;C:\PROGRA~1\eScan\avpm.exe []

S3 SNPP106;PC Camera (6029 CIF);C:\WINDOWS\system32\DRIVERS\snpp106.sys [2002-12-05 17:58]

.

Contents of the ‘Scheduled Tasks’ folder

“2008-04-10 19:00:00 C:\WINDOWS\Tasks\AFB3D4A691844626.job”

c:\docume~1\neo\daneap~1\suppor~1\anti active live.exe

“2008-02-12 15:38:14 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job”

C:\Program Files\Apple Software Update\SoftwareUpdate.exe

.

**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-11 14:32:27

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE

C:\Program Files\Common Files\MicroWorld\Agent\MWAGENT.EXE

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\OpenOffice.org 2.0.2\program\soffice.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\OpenOffice.org 2.0.2\program\soffice.bin

C:\Program Files\Microsoft Office\Office10\MSOFFICE.EXE

C:\Program Files\Winamp Toolbar\winampTbServer.exe

HijackThis

Logfile of HijackThis v1.99.1

Scan saved at 14:59:36, on 2008-04-11

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\eScan\TRAYSSER.EXE

C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE

C:\Program Files\Common Files\MicroWorld\Agent\MWAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

C:\Program Files\Ahead\InCD\InCD.exe

D:\Nokia PC Suite 6\LaunchApplication.exe

C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

C:\PROGRA~1\NEOSTR~1\CnxMon.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

D:\Winamp\winampa.exe

D:\Nokia PC Suite 6\PcSync2.exe

C:\Program Files\Winamp Remote\bin\OrbTray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search Destroy\TeaTimer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE

C:\Program Files\OpenOffice.org 2.0.2\program\soffice.exe

C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe

C:\Program Files\OpenOffice.org 2.0.2\program\soffice.BIN

C:\Program Files\Microsoft Office\Office10\msoffice.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Microsoft Office\Office10\WINWORD.EXE

C:\Program Files\Neostrada TP\NeostradaTP.exe

C:\Program Files\Neostrada TP\ComComp.exe

C:\Program Files\Neostrada TP\Watch.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Zygmunt\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wm … Ojg5lid=2

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll

O4 - HKLM…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [RemoteControl] “C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe”

O4 - HKLM…\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM…\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM…\Run: [PCSuiteTrayApplication] D:\Nokia PC Suite 6\LaunchApplication.exe -onlytray

O4 - HKLM…\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe

O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe

O4 - HKLM…\Run: [speedTouch USB Diagnostics] “C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe” /icon

O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe

O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe

O4 - HKLM…\Run: [QuickTime Task] “C:\Program Files\QuickTime Alternative\qttask.exe” -atboottime

O4 - HKLM…\Run: [iTunesHelper] “C:\Program Files\iTunes\iTunesHelper.exe”

O4 - HKLM…\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe

O4 - HKLM…\Run: [WinampAgent] D:\Winamp\winampa.exe

O4 - HKLM…\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu

O4 - HKCU…\Run: [PcSync] D:\Nokia PC Suite 6\PcSync2.exe /NoDialog

O4 - HKCU…\Run: [Orb] “C:\Program Files\Winamp Remote\bin\OrbTray.exe” /background

O4 - HKCU…\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU…\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search Destroy\TeaTimer.exe

O4 - Startup: OpenOffice.org 2.0.2.lnk = C:\Program Files\OpenOffice.org 2.0.2\program\quickstart.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: Eksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip…{07BE1C65-671C-488E-AC4C-F5CAD29E3EF7}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip…{75B03587-3CC8-40CA-8587-F4AE4329C9A1}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip…{A4BA2F78-5D8A-4653-B385-B56FCE3516F1}: NameServer = 194.204.159.1 217.98.63.164

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS2\Services\Tcpip…{07BE1C65-671C-488E-AC4C-F5CAD29E3EF7}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CS3\Services\Tcpip…{07BE1C65-671C-488E-AC4C-F5CAD29E3EF7}: NameServer = 208.67.220.220,208.67.222.222

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

O20 - Winlogon Notify: mlJCULef - mlJCULef.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O21 - SSODL: SysCD - {36348a0a-8379-4191-b902-7ae8d929e9ab} - C:\WINDOWS\Resources\SysCD.dll

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: eScan Monitor Service (KAVMonitorService) - Unknown owner - C:\PROGRA~1\eScan\avpm.exe (file missing)

O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE

Proszę poradzcie mi coś na to bo nie da się kożystać z komputera.

huber2t · 11 Kwiecień 2008 13:37

Fix w hijackthis:

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

C:\WINDOWS\system32\zwlgxkhm.exe

C:\Program Files\bho.exe

C:\Documents and Settings\All Users\Dane aplikacji\vuduvyfw

C:\WINDOWS\system32\fccbASKa.dll_old


Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJCULef]

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe)

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

Powinno się rozpocząć usuwanie i powstanie log, daj ten log na forum.

Jeśli wszystko pójdzie dobrze, to po restarcie usuń ręcznie folder C: \Qoobox

MyLastDay · 11 Kwiecień 2008 15:35

Niestety nie pomogło , nadal to samo, oto logi z ComboFix i HijackThis:

ComboFix 08-04-09.9 - Zygmunt 2008-04-11 17:07:24.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.689 [GMT 2:00]

Running from: C:\Documents and Settings\Zygmunt\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Zygmunt\Pulpit\CFScript.txt

FILE ::

C:\Documents and Settings\All Users\Dane aplikacji\vuduvyfw

C:\Program Files\bho.exe

C:\WINDOWS\system32\fccbASKa.dll_old

C:\WINDOWS\system32\zwlgxkhm.exe

Other Deletions

C:\Program Files\bho.exe

C:\WINDOWS\system32\fccbASKa.dll_old

C:\WINDOWS\system32\zwlgxkhm.exe

Files Created from 2008-03-11 to 2008-04-11

C:\Documents and Settings\GoťŠ\Ustawienia lokalne

C:\WINDOWS\Start Menu

C:\WINDOWS\Favorites

C:\WINDOWS\Application Data

C:\WINDOWS\ERUNT

C:\SDFix

C:\Documents and Settings\Zygmunt\Dane aplikacji\TmpRecentIcons

C:\WINDOWS\system32\GroupPolicy

C:\Documents and Settings\All Users\Dane aplikacji\vuduvyfw

C:\Program Files\Winamp Toolbar

C:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar

C:\Program Files\Opera

C:\Program Files\Profiles

C:\Program Files\Replays

C:\Program Files\Tracks.dat

C:\Program Files\mxmania.dat

C:\Documents and Settings\Neo\Dane aplikacji\supporterrorjunk

Find3M Report

C:\Documents and Settings\Zygmunt\Dane aplikacji\OpenOffice.org2

C:\Program Files\Neostrada TP

C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search & Destroy

C:\Program Files\Spybot - Search & Destroy

C:\Documents and Settings\Zygmunt\Dane aplikacji\Skype

C:\Documents and Settings\Neo\Dane aplikacji\Winam

C:\Program Files\InstallShield Installation Information

C:\Program Files\iPod

C:\Program Files\HiScores.sav

C:\Program Files\eMule

C:\Documents and Settings\Neo\Dane aplikacji\GetRightToGo

C:\WINDOWS\system32\drivers\secdrv.sys

C:\Documents and Settings\Neo\Dane aplikacji\teamspeak2

C:\Program Files\Winamp Remote

C:\Documents and Settings\All Users\Dane aplikacji\OrbNetwork

C:\Documents and Settings\Zygmunt\Dane aplikacji\Winamp

C:\Documents and Settings\Neo\Dane aplikacji\Media Player Classic

C:\Documents and Settings\Neo\Dane aplikacji\GDIPFONTCACHEV1.DAT

C:\Documents and Settings\Zygmunt\Dane aplikacji\Ahead

C:\Program Files\Zenographics

C:\Program Files\Hewlett-Packard

C:\Program Files\Gimnazjum_testy_2007

C:\WINDOWS\unins002.exe

C:\Program Files\L2eXistence_Installer_v1.0.exe

C:\Program Files\Uninstall_CDS.exe

C:\Program Files\ReadMe_FR.txt

C:\Program Files\ReadMe_EN.txt

C:\Program Files\ReadMe_DU.txt

Reg Loading Points

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]

2008-03-20 00:36 1267040 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= “C:\Program Files\Winamp Toolbar\winamptb.dll” [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

“{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}”= C:\Program Files\Winamp Toolbar\winamptb.dll [2008-03-20 00:36 1267040]

[HKEY_CLASSES_ROOT\clsid{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]

[HKEY_CLASSES_ROOT\TypeLib{538CD77C-BFDD-49b0-9562-77419CAB89D1}]

[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“PcSync”=“D:\Nokia PC Suite 6\PcSync2.exe” [2005-04-20 09:57 847872]

“Orb”=“C:\Program Files\Winamp Remote\bin\OrbTray.exe” [2008-01-07 22:02 495616]

“CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]

“SpybotSD TeaTimer”=“C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe” [2008-01-28 12:43 2097488]