Bardzo proszę o pomoc w usunięciu privacy danger a konkretnie chodzi mi o osunięci białego tła na pulpicie? Oto link do loga z combo fix’a. http://wklej.org/id/746ecdfd2f
Wklej do Notatnika :
File::
C:\WINDOWS\vadokmxt.dll
C:\WINDOWS\dpevflbg.dll
C:\WINDOWS\olgdqarf.exe
C:\WINDOWS\wxvgsdbq.exe
C:\WINDOWS\system32\myss_sb.dll
C:\WINDOWS\system32\myss_sb_uninstall.exe
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
C:\WINDOWS\system32\{f00f9764-1705-232e-247d-6b81002fffd0}.dll
C:\WINDOWS\system32\{f00f9764-1705-232e-247d-6b81002fffd0}.dll-uninst.exe
Registry::
[-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\*0]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6156A32A-C512-4e23-AA9A-2315F4265681}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{69F6B03E-853A-45A9-819B-C863DF0EA100}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{72FE7933-DEDA-479E-9831-918E5A4E585F}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b0613a79-f14a-224c-a49f-6c5de1f6cf5a}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D3C5B940-BC27-4E3C-A37B-E09C7A57EC40}"=-
[-HKEY_CLASSES_ROOT\clsid\{d3c5b940-bc27-4e3c-a37b-e09c7a57ec40}]
[-HKEY_CLASSES_ROOT\dpevflbg.1]
[-HKEY_CLASSES_ROOT\TypeLib\{6C07A794-0D7E-4A84-B33A-33F68BD30BC0}]
[-HKEY_CLASSES_ROOT\dpevflbg]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"vadokmxt"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\opnnlLbY]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95244ec0-a4b0-11dc-aabf-00500447d821}]
Uwaga: Po wklejeniu do Notatnika usuń * gwiazdkę z tekstu!
>>Plik>>Zapisz jako… >>> CFScript
Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe
–>
Ma się rozpocząć usuwanie. (i powstanie log). Daj ten log, który powstanie w trakcie usuwania.
Jeśli pójdzie dobrze, to: Po restarcie usuń ręcznie folder C:** Qoobox**.
jessi
ComboFix 08-04-28.2 - Yataman 2008-04-29 12:37:10.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1491 [GMT 2:00]
Running from: C:\Documents and Settings\Yataman\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Yataman\Pulpit\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED
FILE ::
C:\WINDOWS\dpevflbg.dll
C:\WINDOWS\olgdqarf.exe
C:\WINDOWS\system32{f00f9764-1705-232e-247d-6b81002fffd0}.dll
C:\WINDOWS\system32{f00f9764-1705-232e-247d-6b81002fffd0}.dll-uninst.exe
C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\myss_sb.dll
C:\WINDOWS\system32\myss_sb_uninstall.exe
C:\WINDOWS\vadokmxt.dll
C:\WINDOWS\wxvgsdbq.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\dpevflbg.dll
C:\WINDOWS\olgdqarf.exe
C:\WINDOWS\system32{f00f9764-1705-232e-247d-6b81002fffd0}.dll-uninst.exe
C:\WINDOWS\system32{f00f9764-1705-232e-247d-6b81002fffd0}.dll
C:\WINDOWS\system32\AdssiteSocial-uninstall.exe
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
C:\WINDOWS\system32\myss_sb.dll
C:\WINDOWS\system32\myss_sb_uninstall.exe
C:\WINDOWS\vadokmxt.dll
C:\WINDOWS\wxvgsdbq.exe
.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.
2008-04-29 10:23 . 2008-04-29 10:23
2008-04-29 10:23 . 2008-04-29 10:23
2008-04-29 07:49 . 2008-04-29 07:49
2008-04-29 07:48 . 2008-04-29 07:48
2008-04-25 10:51 . 2008-04-29 12:38
2008-04-25 10:51 . 2005-06-30 10:09
2008-04-25 10:51 . 2005-06-30 09:16
2008-04-25 10:51 . 2005-06-30 10:09
2008-04-25 10:51 . 2005-06-30 10:09
2008-04-25 10:51 . 2005-06-30 10:09
2008-04-25 10:51 . 2005-06-30 10:09
2008-04-25 10:51 . 2008-04-25 12:42
2008-04-25 10:51 . 2008-04-29 12:36 1,024 --ah----- C:\Documents and Settings\Administrator\NtUser.dat.LOG
2008-04-25 08:28 . 2008-04-25 08:28
2008-04-25 08:24 . 2008-04-28 13:11 633 --a------ C:\WINDOWS\wininit.ini
2008-04-24 14:46 . 2008-04-24 14:46
2008-04-24 14:35 . 2008-04-24 14:18 449,350 --a------ C:\HaxFix.exe
2008-04-24 14:19 . 2008-04-25 12:41
2008-04-24 13:32 . 2008-04-24 13:32
2008-04-24 12:40 . 2008-04-24 12:40
2008-04-24 11:32 . 2008-04-24 11:58
2008-04-24 10:05 . 2008-04-24 10:05 40 --a------ C:\WINDOWS\winDecrypt.INI
2008-04-24 10:00 . 2008-04-24 10:19
2008-04-23 11:08 . 2008-04-23 11:08
2008-04-22 11:07 . 2008-04-22 11:07
2008-04-21 13:20 . 2008-04-21 13:20
2008-04-21 13:14 . 2008-04-21 13:14 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-04-21 13:09 . 2002-08-09 08:00 1,731,584 --a------ C:\WINDOWS\system32\XercesLib.dll
2008-04-21 13:09 . 2002-08-09 08:00 1,500,160 --a------ C:\WINDOWS\system32\CC3260MT.DLL
2008-04-21 13:09 . 2002-08-09 08:00 325,120 --a------ C:\WINDOWS\system32\xercesxmldom.dll
2008-04-21 12:40 . 2008-04-21 12:40
2008-04-17 11:49 . 2008-04-17 11:49
2008-04-16 11:00 . 2008-04-25 12:27
2008-04-16 10:51 . 2008-04-16 10:51
2008-04-11 12:31 . 2008-04-29 12:24
2008-04-11 12:14 . 2008-04-11 12:14
2008-04-11 12:14 . 2008-04-11 12:14
2008-04-11 08:52 . 2008-04-11 08:52 835 --a------ C:\WINDOWS\unins000.dat
2008-04-10 11:33 . 2008-04-10 11:33 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-04-10 11:33 . 2008-04-10 11:33 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-04-08 14:20 . 2008-04-08 14:20
2008-03-31 14:21 . 2008-03-31 14:24
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-29 06:40 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\Azureus
2008-04-28 11:12 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Spybot - Search Destroy
2008-04-24 13:04 --------- d-----w C:\Program Files\Spybot - Search Destroy
2008-04-24 09:57 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Avira
2008-04-21 11:37 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\Vso
2008-04-21 11:37 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\Skype
2008-04-21 11:36 --------- d-----w C:\Program Files\KANKAN
2008-04-21 11:36 --------- d-----w C:\Program Files\IS-PRO
2008-04-21 11:36 --------- d-----w C:\Program Files\Eraser
2008-04-18 10:18 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\skypePM
2008-04-17 10:13 --------- d-----w C:\Program Files\Google
2008-04-17 07:04 --------- d-----w C:\Program Files\NAPI-PROJEKT
2008-04-15 12:52 --------- d-----w C:\Program Files\Azureus
2008-04-11 06:52 72,812 ----a-w C:\WINDOWS\unins000.exe
2008-03-28 10:56 --------- d-----w C:\Program Files\7 Wonders
2008-03-28 10:55 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\7Wonders
2008-03-28 10:54 --------- d-----w C:\Program Files\ReflexiveArcade
2008-03-28 08:54 --------- d-----w C:\Program Files\Nero
2008-03-28 08:53 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-28 08:53 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Nero
2008-03-28 08:31 --------- d–h--w C:\Program Files\InstallShield Installation Information
2008-03-27 07:32 --------- d-----w C:\Program Files\AutoCAD 2006
2008-03-27 07:31 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-27 07:27 --------- d-----w C:\Program Files\Autodesk
2008-03-27 07:10 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Autodesk
2008-03-26 14:06 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\CopyToDvd
2008-03-26 13:38 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\gtk-2.0
2008-03-20 12:05 --------- d-----w C:\Program Files\CovertFront_at
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 13:14 --------- d-----w C:\Program Files\Visual Integrity
2008-03-19 13:06 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\DAEMON Tools
2008-03-19 11:12 --------- d-----w C:\Program Files\PowerISO
2008-03-18 10:20 --------- d-----w C:\Program Files\totalcmd
2008-03-18 07:00 --------- d-----w C:\Program Files\MSXML 6.0
2008-03-17 12:22 --------- d-----w C:\Documents and Settings\Yataman\Dane aplikacji\Autodesk
2008-03-17 11:02 --------- d-----w C:\Program Files\DWG TrueView 2007
2008-03-17 11:01 --------- d-----w C:\Program Files\Microsoft WSE
2008-03-17 10:48 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-10 14:31 --------- d-----w C:\Program Files\Network Print Monitor
2008-03-10 12:45 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Azureus
2008-03-10 06:49 --------- d-----w C:\Program Files\Java
2008-03-04 08:02 --------- d-----w C:\Program Files\Autodesk WHIP!
2008-03-01 13:02 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-28 11:24 720,896 ----a-w C:\WINDOWS\iun6002ev.exe
2008-02-27 08:55 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-07 11:16 47,360 ----a-w C:\Documents and Settings\Yataman\Dane aplikacji\pcouffin.sys
2008-01-30 12:28 32 ----a-w C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2004-10-01 14:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“ctfmon.exe”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“IgfxTray”=“C:\WINDOWS\system32\igfxtray.exe” [2002-10-15 23:18 155648]
“Gtwatch”=“C:\WINDOWS\gtwatch.exe” [2001-08-24 12:18 45056]
“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe” [2008-02-22 05:25 144784]
“JobHisInit”=“C:\Program Files\RMClient\JobHisInit.exe” [2005-08-01 15:22 151552]
“MplSetUp”=“C:\Program Files\RMClient\MplSetUp.exe” [2000-11-04 05:09 40960]
“UnlockerAssistant”=“C:\Program Files\Unlocker\UnlockerAssistant.exe” [2008-03-01 07:10 15872]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“C:\WINDOWS\System32\CTFMON.EXE” [2004-08-04 00:44 15360]
C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 03:48:00 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 02:01:00 734872]
Przyspieszenie uruchomienia programu AutoCAD.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 15:18:22 10872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
“NoEncryptOnMove”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
“VIDC.YV12”= yv12vfw.dll
[HKLM~\startupfolder\C:^Documents and Settings^Yataman^Menu Start^Programy^Autostart^Bearshare Ultra Accelerator.lnk]
path=C:\Documents and Settings\Yataman\Menu Start\Programy\Autostart\Bearshare Ultra Accelerator.lnk
backup=C:\WINDOWS\pss\Bearshare Ultra Accelerator.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
–a------ 2008-01-17 18:51 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
–a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
–a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb]
–a------ 2007-10-23 02:47 360448 C:\Program Files\Winamp Remote\bin\OrbTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
--------- 2004-04-21 11:26 86016 C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
–a------ 2008-01-20 09:05 217088 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
–a------ 2004-11-02 21:24 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-02-01 17:22 21898024 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
-ra------ 2003-04-25 02:53 54784 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
C:\WINDOWS\system32{f00f9764-1705-232e-247d-6b81002fffd0}.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
–a------ 2007-10-10 07:28 36352 C:\Program Files\Winamp\winampa.exe
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“C:\Program Files\Gadu-Gadu\gg.exe”=
“C:\Program Files\Winamp Remote\bin\Orb.exe”=
“C:\Program Files\Winamp Remote\bin\OrbTray.exe”=
“C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe”=
“%windir%\Network Diagnostic\xpnetdiag.exe”=
“C:\Program Files\Azureus\Azureus.exe”=
“C:\Program Files\Skype\Phone\Skype.exe”=
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
“1947:TCP”= 1947:TCP:HASP SRM
“1947:UDP”= 1947:UDP:HASP SRM
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 19:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
S3 GT681x;%GrandTechICNameNT%;C:\WINDOWS\system32\DRIVERS\GT681x.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\Setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{5f03a629-c436-11dc-aadf-00500447d821}]
\Shell\AutoRun\command - G:\Setup.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-29 12:38:43
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes …
scanning hidden autostart entries …
scanning hidden files …
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-29 12:41:14
ComboFix-quarantined-files.txt 2008-04-29 10:40:56
ComboFix2.txt 2008-04-29 09:06:49
Pre-Run: 8,924,028,928 bajtów wolnych
Post-Run: 8,916,111,360 bajtów wolnych
214 — E O F — 2008-04-14 06:04:40
Log wygląda na prawie czysty — zrób jeszcze tylko to:
Do Notatnika wklej:
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spa_start]
Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na: “Wszystkie pliki” >>> Zapisz jako FIX.REG >>>
plik uruchom (dwuklik i OK- zgódź się na dodanie do Rejestru).
Zrestartuj komputer.
jessi
Mi pomogło i dzięki bardzo za pomoc!