Komunikat CriticalSystemError :/

shin87 · 10 Grudzień 2007 15:45

Witam. Mam ten sam problem co niedawno kolega dwrchuck. Również wyskakuje mi komunikat :

Critical System Error

Your browser was infected by Troja.Win32.Obfuscated.gx

You need to clean your system immediately, in other case it can be crashed soon.

Click to download the high-tech antispyware protection software!

O to log z combofix.

ComboFix 07-12-09.1 - SPEED 2007-12-10 16:36:19.4 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.673 [GMT 1:00] Running from: F:\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 ))))))))))))))))))))))))))))))) . 2007-12-10 16:29 . 2007-12-10 16:29 2007-12-09 22:17 . 2007-11-19 14:14 2007-12-09 22:17 . 2007-11-19 14:14 2007-12-09 22:17 . 2007-11-19 14:14 2007-12-09 22:17 . 2007-11-19 14:14 2007-12-09 22:17 . 2007-11-19 14:14 2007-12-09 22:17 . 2007-11-19 14:14 2007-12-09 22:17 . 2007-11-19 14:14 2007-12-09 21:56 . 2007-12-09 21:56 2007-12-09 21:14 . 2007-12-09 21:14 2007-12-09 19:46 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2007-12-09 19:46 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2007-12-09 19:46 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2007-12-09 19:46 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2007-12-09 19:46 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2007-12-09 19:46 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2007-12-09 19:46 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2007-12-09 19:46 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2007-12-09 14:57 . 2004-08-04 01:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2007-12-09 09:03 . 2004-08-04 00:44 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2007-12-09 09:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2007-12-09 09:03 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys 2007-12-09 09:03 . 2001-10-26 17:29 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2007-12-09 08:52 . 2007-12-09 09:39 1,800 --a------ C:\WINDOWS\system32\tmp.reg 2007-12-09 00:02 . 2007-12-09 00:02 2007-12-09 00:02 . 2007-12-09 00:02 2007-12-08 23:31 . 2007-12-08 23:31 2007-12-08 23:31 . 2007-12-08 23:31 2007-12-08 23:31 . 2007-12-08 23:31 2007-12-08 23:29 . 2007-12-08 23:29 2007-12-08 23:15 . 2007-12-08 23:15 2007-12-08 23:15 . 2007-12-08 23:15 2007-12-08 23:12 . 2007-12-08 23:12 233,472 --a------ C:\WINDOWS\windivx.dll 2007-12-05 11:53 . 2007-12-05 11:53 2007-12-03 15:15 . 2007-12-03 15:15 2007-12-02 19:54 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl 2007-12-02 19:53 . 2007-12-02 19:53 2007-12-02 19:50 . 2007-12-02 19:50 2007-11-29 21:46 . 1999-08-03 10:50 172,032 --a------ C:\WINDOWS\system32\binkw32.dll 2007-11-27 18:44 . 2007-11-27 18:44 2007-11-27 16:24 . 2007-11-27 16:24 2007-11-27 16:23 . 2007-11-27 16:23 2007-11-27 16:16 . 2007-11-27 16:16 2007-11-24 20:30 . 2007-11-24 20:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2007-11-24 20:30 . 2007-11-24 20:30 1,409 --a------ C:\WINDOWS\QTFont.for 2007-11-24 08:53 . 2007-11-24 08:53 2007-11-23 22:45 . 2007-11-23 22:45 2007-11-23 15:54 . 2007-11-23 15:54 2007-11-22 22:40 . 2001-08-03 10:46 189,440 --a------ C:\WINDOWS\system32\LXTESUI.DLL 2007-11-22 21:37 . 2007-11-22 21:37 2007-11-21 19:23 . 2007-11-21 19:23 81,920 --a------ C:\WINDOWS\system32\frapsvid.dll 2007-11-20 22:04 . 2007-12-05 17:14 1,139 --a------ C:\WINDOWS\bestplayer.ini 2007-11-20 22:04 . 2007-12-05 17:14 37 --a------ C:\WINDOWS\bestplayer.bpp 2007-11-20 22:04 . 2007-12-05 17:14 0 --a------ C:\WINDOWS\bestplayer.bbt 2007-11-20 19:30 . 2007-11-20 19:30 427 --a------ C:\WINDOWS\ODBC.INI 2007-11-20 19:28 . 2007-11-20 19:28 2007-11-20 19:26 . 2007-11-20 19:26 2007-11-20 19:17 . 2007-12-02 19:52 1,277 --a------ C:\WINDOWS\mozver.dat 2007-11-20 19:09 . 2007-11-20 19:09 2007-11-20 19:07 . 2007-11-23 15:54 706 --a------ C:\WINDOWS\Thps3.INI 2007-11-20 19:02 . 2007-11-20 19:02 2007-11-20 19:02 . 2007-11-20 19:02 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll 2007-11-20 18:58 . 2007-11-20 18:59 2007-11-20 18:49 . 2007-11-20 18:50 2007-11-20 18:47 . 2007-11-20 18:47 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-11-20 18:41 . 2007-11-20 18:41 2007-11-20 18:40 . 2007-11-20 18:40 0 --a------ C:\WINDOWS\nsreg.dat 2007-11-20 18:34 . 2007-11-20 18:34 2007-11-20 18:33 . 2007-12-09 15:05 1,516 --a------ C:\WINDOWS\unins000.dat 2007-11-20 18:32 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys 2007-11-20 18:32 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys 2007-11-20 18:31 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2007-11-20 18:30 . 2007-11-20 18:30 2007-11-20 18:30 . 2005-03-25 06:10 139,776 --------- C:\WINDOWS\system32\CNMLM75.DLL 2007-11-20 18:30 . 2005-03-25 06:00 8,704 --a------ C:\WINDOWS\system32\CNMVS75.DLL 2007-11-20 18:29 . 2007-11-20 18:29 2007-11-20 18:29 . 2005-03-08 19:17 90,112 -ra------ C:\WINDOWS\system32\CNMCP75.exe 2007-11-20 18:20 . 2003-08-10 01:32 14,336 -ra------ C:\WINDOWS\system32\drivers\NetMotCM.sys 2007-11-20 11:34 . 2007-11-20 11:34 2007-11-19 16:20 . 2007-11-19 16:20 2007-11-19 15:54 . 2007-11-19 15:54 2007-11-19 15:53 . 2007-11-19 15:53 2007-11-19 15:53 . 2007-11-19 15:53 2007-11-19 15:37 . 2007-11-19 15:37 2007-11-19 15:26 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll 2007-11-19 15:26 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui 2007-11-19 15:26 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui 2007-11-19 15:26 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui 2007-11-19 15:26 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui 2007-11-19 15:24 . 2007-11-19 15:24 2007-11-19 15:22 . 2007-11-19 15:22 2007-11-19 15:22 . 2007-11-19 15:22 2007-11-19 15:22 . 2007-09-26 19:37 3,036,456 --a------ C:\WINDOWS\system32\BCGCBPRO860u80.dll 2007-11-19 15:22 . 2006-03-17 12:45 1,757,184 --a------ C:\WINDOWS\system32\imagX7.dll 2007-11-19 15:22 . 2006-03-17 12:45 802,816 --a------ C:\WINDOWS\system32\imagXRA7.dll 2007-11-19 15:22 . 2006-03-17 12:45 497,296 --a------ C:\WINDOWS\system32\imagXpr7.dll 2007-11-19 15:22 . 2006-03-17 15:49 368,640 --a------ C:\WINDOWS\system32\TwnLib4.dll 2007-11-19 15:22 . 2006-03-17 12:45 258,048 --a------ C:\WINDOWS\system32\imagXR7.dll 2007-11-19 15:22 . 2007-09-26 19:37 33,576 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll 2007-11-19 15:15 . 2007-11-19 15:15 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-19 13:57 --------- d-----w C:\Program Files\ATI Technologies 2007-11-19 13:48 --------- d–h--w C:\Program Files\InstallShield Installation Information 2007-11-19 13:47 --------- d-----w C:\Program Files\VIA 2007-11-19 13:47 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-19 13:33 --------- d-----w C:\Program Files\Alwil Software 2007-11-19 13:25 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-19 13:24 --------- d-----w C:\Program Files\Usługi online . ((((((((((((((((((((((((((((( snapshot_2007-12-09_21.30.41,60 ))))))))))))))))))))))))))))))))))))))))) . + 2007-12-09 22:09:58 2,310,144 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\2558e7ebef2c28488ad975bd9638db88\System.Web.Mobile.ni.dll + 2007-12-09 22:10:06 1,945,600 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ec552930aaac5d42aff720297ebca4d6\System.Web.Services.ni.dll + 2007-12-09 22:09:28 11,845,632 ----a-w C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\5d22d426e067964db72672ee959b9766\System.Web.ni.dll + 2007-12-10 15:30:14 16,384 ----a-w C:\WINDOWS\TEMP\Perflib_Perfdata_6dc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE~\Browser Helper Objects{D0995F82-90C7-4C78-9B4C-C1700FB8B120}] 2007-12-08 23:12 233472 --a------ C:\WINDOWS\windivx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\ctfmon.exe” [2004-08-04 00:44] “DAEMON Tools”=“F:\Programy\DAEMON Tools\daemon.exe” [2007-04-03 23:29] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “SkyTel”=“SkyTel.EXE” [2006-05-16 11:04 C:\WINDOWS\SkyTel.exe] “RTHDCPL”=“RTHDCPL.EXE” [2007-02-26 08:03 C:\WINDOWS\RTHDCPL.EXE] “StartCCC”=“C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe” [2006-11-10 12:35] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 01:11] “Windows Defender”=“C:\Program Files\Windows Defender\MSASCui.exe” [2006-11-03 19:20] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-12-04 14:00] “SDFix”=“F:\Programy\SDFix\RunThis.bat /second” [] [HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] “CTFMON.EXE”=“C:\WINDOWS\system32\CTFMON.EXE” [2004-08-04 00:44] C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys S3 AdWatchDrv;AW Realtime Driver;??\C:\WINDOWS\system32\drivers\AWRTPD.sys . Contents of the ‘Scheduled Tasks’ folder “2007-12-10 15:33:12 C:\WINDOWS\Tasks\MP Scheduled Scan.job” - C:\Program Files\Windows Defender\MpCmdRun.exe . ************************************************************************** catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-10 16:37:30 Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI scanning hidden processes … scanning hidden autostart entries … scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-12-10 16:37:56 C:\ComboFix2.txt … 2007-12-09 22:24 . — E O F —

Prosiłbym o szybką pomoc. Jak coś jeszcze mam zrobić to pisać. Z góry dziękuję.

Leon1 · 10 Grudzień 2007 16:04

Zastosuj SmitfraudFix z opcji 2 http://www.searchengines.pl/index.php?showtopic=31936&st=0#entry367345

shin87 · 10 Grudzień 2007 16:08

już to robiłem. a teraz jak chcę to mi pokazuje że reebots are missing lol.

nazwa trojana to: Troja.Win32.Obfuscated.gx.

pojawia się gdy klikam na obojętnie jakie foldery. Gdy klikam ok to chce mi ściągać jakiś chyba lewy program antywirusowy.

Leon1 · 10 Grudzień 2007 16:29

Spróbuj tym http://www.kaspersky.pl/virusscanner.html

albo tym http://www.pandasecurity.com/homeusers/solutions/activescan/?sitepanda=particulares

Jesteś tego pewien ja widzę w uruchamianiu SDFix a to nie to samo co SmitfraudFix

shin87 · 10 Grudzień 2007 21:32

jestem pewien używałem dwóch.

ściągnełem kasperskiego, zeskanowałem, usunąłem co mi znalazło i komunikat się nie pojawia. ciekawe jak długo będzie działać…

jakby coś jeszcze było trzeba sprawdzić i znalazłby się ktoś chętny pomóc to proszę pisać

arekmalek · 11 Grudzień 2007 15:28

Pobierz SDFix i użyj w trybie awaryjnym i wklej raport.

Daj log z combofix Combofix

Użyj też jeśli zainstalowałeś “fake” program:

RogueScanFix

RogueFix

RogueRemover