Bardzo proszę o pomoc w usunięciu privacy danger a konkretnie chodzi mi o osunięci białego tła na pulpicie? Oto link do loga z combo fix’a. http://wklej.org/id/746ecdfd2f

Wklej do Notatnika :

File::

C:\WINDOWS\vadokmxt.dll 

C:\WINDOWS\dpevflbg.dll 

C:\WINDOWS\olgdqarf.exe 

C:\WINDOWS\wxvgsdbq.exe

C:\WINDOWS\system32\myss_sb.dll

C:\WINDOWS\system32\myss_sb_uninstall.exe

C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe

C:\WINDOWS\system32\AdssiteSocial-uninstall.exe

C:\WINDOWS\system32\{f00f9764-1705-232e-247d-6b81002fffd0}.dll

C:\WINDOWS\system32\{f00f9764-1705-232e-247d-6b81002fffd0}.dll-uninst.exe


Registry::

[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\*0]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6156A32A-C512-4e23-AA9A-2315F4265681}] 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69F6B03E-853A-45A9-819B-C863DF0EA100}] 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72FE7933-DEDA-479E-9831-918E5A4E585F}] 

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b0613a79-f14a-224c-a49f-6c5de1f6cf5a}] 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 

"{D3C5B940-BC27-4E3C-A37B-E09C7A57EC40}"=-

[-HKEY_CLASSES_ROOT\clsid\{d3c5b940-bc27-4e3c-a37b-e09c7a57ec40}] 

[-HKEY_CLASSES_ROOT\dpevflbg.1] 

[-HKEY_CLASSES_ROOT\TypeLib\{6C07A794-0D7E-4A84-B33A-33F68BD30BC0}] 

[-HKEY_CLASSES_ROOT\dpevflbg] 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 

"PowerBar"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 

"vadokmxt"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnlLbY]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare] 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95244ec0-a4b0-11dc-aabf-00500447d821}]

Uwaga: Po wklejeniu do Notatnika usuń * gwiazdkę z tekstu!

>>Plik>>Zapisz jako… >>> CFScript

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe

–>

Ma się rozpocząć usuwanie. (i powstanie log). Daj ten log, który powstanie w trakcie usuwania.

Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:** Qoobox**.

jessi

ComboFix 08-04-28.2 - Yataman 2008-04-29 12:37:10.5 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1491 [GMT 2:00]

Running from: C:\Documents and Settings\Yataman\Pulpit\ComboFix.exe

Command switches used :: C:\Documents and Settings\Yataman\Pulpit\CFScript.txt

* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED

FILE ::

C:\WINDOWS\dpevflbg.dll

C:\WINDOWS\olgdqarf.exe

C:\WINDOWS\system32{f00f9764-1705-232e-247d-6b81002fffd0}.dll

C:\WINDOWS\system32{f00f9764-1705-232e-247d-6b81002fffd0}.dll-uninst.exe

C:\WINDOWS\system32\AdssiteSocial-uninstall.exe

C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe

C:\WINDOWS\system32\myss_sb.dll

C:\WINDOWS\system32\myss_sb_uninstall.exe

C:\WINDOWS\vadokmxt.dll

C:\WINDOWS\wxvgsdbq.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\WINDOWS\dpevflbg.dll

C:\WINDOWS\olgdqarf.exe

C:\WINDOWS\system32{f00f9764-1705-232e-247d-6b81002fffd0}.dll-uninst.exe

C:\WINDOWS\system32{f00f9764-1705-232e-247d-6b81002fffd0}.dll

C:\WINDOWS\system32\AdssiteSocial-uninstall.exe

C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe

C:\WINDOWS\system32\myss_sb.dll

C:\WINDOWS\system32\myss_sb_uninstall.exe

C:\WINDOWS\vadokmxt.dll

C:\WINDOWS\wxvgsdbq.exe

.

((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))

.

2008-04-29 10:23 . 2008-04-29 10:23

2008-04-29 10:23 . 2008-04-29 10:23

2008-04-29 07:49 . 2008-04-29 07:49

2008-04-29 07:48 . 2008-04-29 07:48

2008-04-25 10:51 . 2008-04-29 12:38

2008-04-25 10:51 . 2005-06-30 10:09

2008-04-25 10:51 . 2005-06-30 09:16

2008-04-25 10:51 . 2005-06-30 10:09

2008-04-25 10:51 . 2005-06-30 10:09

2008-04-25 10:51 . 2005-06-30 10:09

2008-04-25 10:51 . 2005-06-30 10:09

2008-04-25 10:51 . 2008-04-25 12:42

2008-04-25 10:51 . 2008-04-29 12:36 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG

2008-04-25 08:28 . 2008-04-25 08:28

2008-04-25 08:24 . 2008-04-28 13:11 633 --a------ C:\WINDOWS\wininit.ini

2008-04-24 14:46 . 2008-04-24 14:46

2008-04-24 14:35 . 2008-04-24 14:18 449,350 --a------ C:\HaxFix.exe

2008-04-24 14:19 . 2008-04-25 12:41

2008-04-24 13:32 . 2008-04-24 13:32

2008-04-24 12:40 . 2008-04-24 12:40

2008-04-24 11:32 . 2008-04-24 11:58

2008-04-24 10:05 . 2008-04-24 10:05 40 --a------ C:\WINDOWS\winDecrypt.INI

2008-04-24 10:00 . 2008-04-24 10:19

2008-04-23 11:08 . 2008-04-23 11:08

2008-04-22 11:07 . 2008-04-22 11:07

2008-04-21 13:20 . 2008-04-21 13:20

2008-04-21 13:14 . 2008-04-21 13:14 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg

2008-04-21 13:09 . 2002-08-09 08:00 1,731,584 --a------ C:\WINDOWS\system32\XercesLib.dll

2008-04-21 13:09 . 2002-08-09 08:00 1,500,160 --a------ C:\WINDOWS\system32\CC3260MT.DLL

2008-04-21 13:09 . 2002-08-09 08:00 325,120 --a------ C:\WINDOWS\system32\xercesxmldom.dll

2008-04-21 12:40 . 2008-04-21 12:40

2008-04-17 11:49 . 2008-04-17 11:49

2008-04-16 11:00 . 2008-04-25 12:27

2008-04-16 10:51 . 2008-04-16 10:51

2008-04-11 12:31 . 2008-04-29 12:24

2008-04-11 12:14 . 2008-04-11 12:14

2008-04-11 12:14 . 2008-04-11 12:14

2008-04-11 08:52 . 2008-04-11 08:52 835 --a------ C:\WINDOWS\unins000.dat

2008-04-10 11:33 . 2008-04-10 11:33 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico

2008-04-10 11:33 . 2008-04-10 11:33 1,406 --a------ C:\WINDOWS\system32\Help.ico

2008-04-08 14:20 . 2008-04-08 14:20

2008-03-31 14:21 . 2008-03-31 14:24

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-04-29 06:40 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\Azureus

2008-04-28 11:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search Destroy

2008-04-24 13:04 --------- d-----w C:\Program Files\Spybot - Search Destroy

2008-04-24 09:57 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Avira

2008-04-21 11:37 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\Vso

2008-04-21 11:37 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\Skype

2008-04-21 11:36 --------- d-----w C:\Program Files\KANKAN

2008-04-21 11:36 --------- d-----w C:\Program Files\IS-PRO

2008-04-21 11:36 --------- d-----w C:\Program Files\Eraser

2008-04-18 10:18 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\skypePM

2008-04-17 10:13 --------- d-----w C:\Program Files\Google

2008-04-17 07:04 --------- d-----w C:\Program Files\NAPI-PROJEKT

2008-04-15 12:52 --------- d-----w C:\Program Files\Azureus

2008-04-11 06:52 72,812 ----a-w C:\WINDOWS\unins000.exe

2008-03-28 10:56 --------- d-----w C:\Program Files\7 Wonders

2008-03-28 10:55 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\7Wonders

2008-03-28 10:54 --------- d-----w C:\Program Files\ReflexiveArcade

2008-03-28 08:54 --------- d-----w C:\Program Files\Nero

2008-03-28 08:53 --------- d-----w C:\Program Files\Common Files\Ahead

2008-03-28 08:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero

2008-03-28 08:31 --------- d–h--w C:\Program Files\InstallShield Installation Information

2008-03-27 07:32 --------- d-----w C:\Program Files\AutoCAD 2006

2008-03-27 07:31 --------- d-----w C:\Program Files\Common Files\Autodesk Shared

2008-03-27 07:27 --------- d-----w C:\Program Files\Autodesk

2008-03-27 07:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk

2008-03-26 14:06 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\CopyToDvd

2008-03-26 13:38 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\gtk-2.0

2008-03-20 12:05 --------- d-----w C:\Program Files\CovertFront_at

2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-19 13:14 --------- d-----w C:\Program Files\Visual Integrity

2008-03-19 13:06 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\DAEMON Tools

2008-03-19 11:12 --------- d-----w C:\Program Files\PowerISO

2008-03-18 10:20 --------- d-----w C:\Program Files\totalcmd

2008-03-18 07:00 --------- d-----w C:\Program Files\MSXML 6.0

2008-03-17 12:22 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\Autodesk

2008-03-17 11:02 --------- d-----w C:\Program Files\DWG TrueView 2007

2008-03-17 11:01 --------- d-----w C:\Program Files\Microsoft WSE

2008-03-17 10:48 --------- d-----w C:\Program Files\Common Files\InstallShield

2008-03-10 14:31 --------- d-----w C:\Program Files\Network Print Monitor

2008-03-10 12:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Azureus

2008-03-10 06:49 --------- d-----w C:\Program Files\Java

2008-03-04 08:02 --------- d-----w C:\Program Files\Autodesk WHIP!

2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll

2008-02-28 11:24 720,896 ----a-w C:\WINDOWS\iun6002ev.exe

2008-02-27 08:55 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll

2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll

2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll

2008-02-07 11:16 47,360 ----a-w C:\Documents and Settings\Yataman\Dane aplikacji\pcouffin.sys

2008-01-30 12:28 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat

2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2002-10-15 23:18 155648]

“Gtwatch”=“C:\WINDOWS\gtwatch.exe” [2001-08-24 12:18 45056]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 05:25 144784]

“JobHisInit”=“C:\Program Files\RMClient\JobHisInit.exe” [2005-08-01 15:22 151552]

“MplSetUp”=“C:\Program Files\RMClient\MplSetUp.exe” [2000-11-04 05:09 40960]

“UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2008-03-01 07:10 15872]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360]

C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\

Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 03:48:00 40048]

Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 02:01:00 734872]

Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 15:18:22 10872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

“NoEncryptOnMove”= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

“VIDC.YV12”= yv12vfw.dll

[HKLM~\startupfolder\C:^Documents and Settings^Yataman^Menu Start^Programy^Autostart^Bearshare Ultra Accelerator.lnk]

path=C:\Documents and Settings\Yataman\Menu Start\Programy\Autostart\Bearshare Ultra Accelerator.lnk

backup=C:\WINDOWS\pss\Bearshare Ultra Accelerator.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

–a------ 2008-01-17 18:51 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]

–a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

–a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]

–a------ 2007-10-23 02:47 360448 C:\Program Files\Winamp Remote\bin\OrbTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]

--------- 2004-04-21 11:26 86016 C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

–a------ 2008-01-20 09:05 217088 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]

–a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]

-ra------ 2003-04-25 02:53 54784 C:\WINDOWS\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]

C:\WINDOWS\system32{f00f9764-1705-232e-247d-6b81002fffd0}.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

–a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

“%windir%\system32\sessmgr.exe”=

“C:\Program Files\Gadu-Gadu\gg.exe”=

“C:\Program Files\Winamp Remote\bin\Orb.exe”=

“C:\Program Files\Winamp Remote\bin\OrbTray.exe”=

“C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=

“%windir%\Network Diagnostic\xpnetdiag.exe”=

“C:\Program Files\Azureus\Azureus.exe”=

“C:\Program Files\Skype\Phone\Skype.exe”=

[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

“1947:TCP”= 1947:TCP:HASP SRM

“1947:UDP”= 1947:UDP:HASP SRM

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]

S3 GT681x;%GrandTechICNameNT%;C:\WINDOWS\system32\DRIVERS\GT681x.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]

\Shell\AutoRun\command - I:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5f03a629-c436-11dc-aadf-00500447d821}]

\Shell\AutoRun\command - G:\Setup.exe

.

**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-04-29 12:38:43

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2008-04-29 12:41:14

ComboFix-quarantined-files.txt 2008-04-29 10:40:56

ComboFix2.txt 2008-04-29 09:06:49

Pre-Run: 8,924,028,928 bajtów wolnych

Post-Run: 8,916,111,360 bajtów wolnych

214 — E O F — 2008-04-14 06:04:40

Log wygląda na prawie czysty — zrób jeszcze tylko to:

Do Notatnika wklej:

Windows Registry Editor Version 5.00


[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]

Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: “Wszystkie pliki” >>> Zapisz jako FIX.REG >>>

plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru).

Zrestartuj komputer.

jessi

Mi pomogło i dzięki bardzo za pomoc!