Troche inne YOUR COMPUTER IS INFECTED!

didulek00000 · 24 Sierpień 2006 11:32

Witam! na pasku koło zegara pojawiła sie ikonka ( mrogające kółeczko raz jest czerwone przekroslone a raz jest nibieskie z białych znakiem zapytania identyczne jak z pomocy i obsługi technicznej XP ) i jak najade na to bez klikania to wtedy wyswietla sie napis Virus Alert a jak najade na tą ikonke i klikne na nią to wtedy pisze takie coś ( pojawia sie na szarym tle z czerwoną obrobką ) :

YOUR COMPUTER IS INFECTEd!

Criticall System Error!

System detected virus activities.

They may cause critical system failure. Please, use antimalware software to clean and protect your system from parasite programs.

Clik here to get all available software.

Prosze pomózcie mi!

Myszak · 24 Sierpień 2006 11:37

Daj log z Silent Runners – tu masz opis.

Daj log z HijackThis – tu masz opis.

didulek00000 · 24 Sierpień 2006 11:53

Logfile of HijackThis v1.99.1

Scan saved at 13:49:00, on 2006-08-24

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\IntCodec\isamonitor.exe

C:\Program Files\IntCodec\pmsngr.exe

C:\Program Files\D-Tools\daemon.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE

C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

C:\windows\system32\updwebmin.exe

C:\WINDOWS\System32\dxvwkfye.exe

C:\Program Files\njrpbc.exe

C:\Program Files\Winamp\winampa.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\IntCodec\pmmon.exe

C:\Program Files\IntCodec\isamini.exe

C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

C:\WINDOWS\system32\RaConfig.exe

C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll

O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll

O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.4\BitComet_Toolbar.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\IntCodec\iesplugin.dll

O4 - HKLM…\Run: [DAEMON Tools-1033] “C:\Program Files\D-Tools\daemon.exe” -lang 1033

O4 - HKLM…\Run: [EPSON Stylus C43 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 “EPSON Stylus C43 Series” /O6 “USB001” /M “Stylus C43”

O4 - HKLM…\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe

O4 - HKLM…\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM…\Run: [updwebmin] c:\windows\system32\updwebmin.exe

O4 - HKLM…\Run: [tutcdchk2] c:\windows\system32\tutcdchk2.exe

O4 - HKLM…\Run: [Explorer 2238] C:\WINDOWS\System32\dxvwkfye.exe

O4 - HKLM…\Run: [sysTray] C:\Program Files\njrpbc.exe

O4 - HKLM…\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM…\RunServices: [updwebmin] c:\windows\system32\updwebmin.exe

O4 - HKLM…\RunServices: [tutcdchk2] c:\windows\system32\tutcdchk2.exe

O4 - HKCU…\Run: [Gadu-Gadu] “D:\programy\Gadu-Gadu\gg.exe” /tray

O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background

O4 - HKCU…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized

O4 - HKCU…\Run: [AQQ] D:\AQQKOM~1\AQQ\AQQ.exe

O4 - HKCU…\Run: [updwebmin] c:\windows\system32\updwebmin.exe

O4 - HKCU…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

O4 - HKCU…\Run: [tutcdchk2] c:\windows\system32\tutcdchk2.exe

O4 - Global Startup: RaConfig.lnk = C:\WINDOWS\system32\RaConfig.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … xdm485YYPL

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll

O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra ‘Tools’ menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g_bin/pl/cards_2_0_0_68.cab

O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (Ganymede Board Games) - http://67.15.101.3/g_bin/pl/boards_2_0_0_24.cab

O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_39.cab

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab

O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_24.cab

O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll

O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file)

O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\WINDOWS\System32\dxvwkfye.exe

O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - C:\WINDOWS\System32\viruxz.dll

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe

Myszak · 24 Sierpień 2006 12:00

Użyj SmitFraudFix – tu masz opis. --> opcja numer 2.

Potem wklej na forum raport z SmitFraudFix (C:\raport.txt). + nowy log z HijackThis i SilentRunnres.

Myszak · 24 Sierpień 2006 22:01

O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll (file missing) O3 - Toolbar: Protection Bar - {860c2f6b-ca82-4282-9187-beccbb66f0af} - C:\Program Files\IntCodec\iesplugin.dll (file missing) O4 - HKLM…\Run: [updwebmin] c:\windows\system32\updwebmin.exe O4 - HKLM…\Run: [tutcdchk2] c:\windows\system32\tutcdchk2.exe O4 - HKLM…\Run: [Explorer 2238] C:\WINDOWS\System32\dxvwkfye.exe O4 - HKLM…\RunServices: [updwebmin] c:\windows\system32\updwebmin.exe O4 - HKLM…\RunServices: [tutcdchk2] c:\windows\system32\tutcdchk2.exe O4 - HKCU…\Run: [updwebmin] c:\windows\system32\updwebmin.exe O4 - HKCU…\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe O4 - HKCU…\Run: [tutcdchk2] c:\windows\system32\tutcdchk2.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi … xdm485YYPL O21 - SSODL: SysTray.Exbr - {6368D1FC-6F5C-4f1b-B164-E67214F678E9} - (no file) O21 - SSODL: DCOM Server 2238 - {2C1CD3D7-86AC-4068-93BC-A02304BB2238} - C:\WINDOWS\System32\dxvwkfye.exe

Startujesz do trybu awaryjnego i wyłączasz przywracanie systemu.
Pliki/foldery na czerwono skasuj z dysku.
Wpisy skasuj Hijackiem.

Użyj programu Killbox

–> Uruchamiasz zaznaczasz Delete on reboot, w polu full path of file wklej ścieżkę :

c:\windows\system32\updwebmin.exe

c:\windows\system32\tutcdchk2.exe

C:\WINDOWS\System32\dxvwkfye.exe

Klikasz X i reset kompa.

Otwórz notatnik i wklej :

Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “updwebmin”=- “MyWebSearch Email Plugin”=- “tutcdchk2”=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “updwebmin”=- “tutcdchk2”=- “Explorer 2238”=- [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects{202a961f-23ae-42b1-9505-ffe3c818d717}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] “{2C1CD3D7-86AC-4068-93BC-A02304BB2238}”=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “{2C1CD3D7-86AC-4068-93BC-A02304BB2238}”=- [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser{860C2F6B-CA82-4282-9187-BECCBB66F0AF}] [-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar] “{860C2F6B-CA82-4282-9187-BECCBB66F0AF}”=- [-HKEY_LOCAL_MACHINE\Software\Classes\CLSID{860C2F6B-CA82-4282-9187-BECCBB66F0AF}]

Plik --> Zapisz jako --> Zmień rozszerzenie z TXT na Wszystkie pliki --> Zapisz pod nazwą FIX.REG i uruchom go w trybie awaryjnym.