Your system is infected with dangerous virus


(B2squall) #1

Gdy probuje otworzyc jakikolwiek folder wyskakuje okienko :

System Error!

Your system is infected with dangerous virus!

Note: Strongly recommend to install antispyware program to clean your system and avoid total crash of your computer!

Click OK to download the antispyware. (Recommended)

Log z Hijack This

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 08:50:06, on 2008-05-29

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\Program Files\cFosSpeed\spd.exe

D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

D:\WINDOWS\system32\nvsvc32.exe

D:\WINDOWS\system32\PnkBstrA.exe

D:\Program Files\CyberLink\Shared Files\RichVideo.exe

D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\system32\wbem\wmiapsrv.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

D:\WINDOWS\system32\RUNDLL32.EXE

D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

D:\Program Files\Razer\Diamondback 3G\razerhid.exe

D:\Program Files\D-Tools\daemon.exe

D:\Program Files\cFosSpeed\cFosSpeed.exe

D:\WINDOWS\system32\ctfmon.exe

D:\Program Files\DAEMON Tools Pro\DTProAgent.exe

D:\WINDOWS\system32\devldr32.exe

D:\Program Files\Razer\Diamondback 3G\razertra.exe

D:\Program Files\Razer\Diamondback 3G\razerofa.exe

D:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

D:\PROGRA~1\FREEDO~1\fdm.exe

D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

D:\Program Files\Outlook Express\msimn.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/ ... ch/ie.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - D:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - D:\Program Files\Winamp Toolbar\winamptb.dll

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O2 - BHO: IE LiveTV - {5F841E5A-AA28-4037-BE7A-96E943E91F4D} - D:\WINDOWS\apdogy.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: Video - {95E1D855-9232-48F7-80D9-1ADB65B7939C} - D:\WINDOWS\pokru.dll

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdm2.dll

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - D:\Program Files\Winamp Toolbar\winamptb.dll

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file)

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Earn2Life Bar - {93344865-74BD-4873-BE65-56539D41A65C} - D:\WINDOWS\Downloaded Program Files\Earn2Life.dll

O4 - HKLM..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM..\Run: [Diamondback] D:\Program Files\Razer\Diamondback 3G\razerhid.exe

O4 - HKLM..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM..\Run: [cFosSpeed] D:\Program Files\cFosSpeed\cFosSpeed.exe

O4 - HKCU..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe

O4 - HKCU..\Run: [Gadu-Gadu] "D:\Program Files\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [NVIDIA nTune] "D:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - HKCU..\Run: [steam] "d:\program files\steam\steam.exe" -silent

O4 - HKCU..\Run: [AlcoholAutomount] "D:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU..\Run: [DAEMON Tools Pro Agent] "D:\Program Files\DAEMON Tools Pro\DTProAgent.exe"

O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA LOKALNA')

O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')

O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe

O8 - Extra context menu item: &Winamp Toolbar Search - D:\Documents and Settings\All Users\Dane aplikacji\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - D:\WINDOWS\Downloaded Program Files\Earn2Life.dll

O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - D:\WINDOWS\Downloaded Program Files\Earn2Life.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - D:\Program Files\Paltalk Messenger\Paltalk.exe

O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - D:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - D:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe

O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6\ICQ.exe

O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - D:\Program Files\Free Download Manager\FUM\fumiebtn.dll

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15031/CTSUEng.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} (MksSkanerOnline Class) - http://www.mks.com.pl/skaner/SkanerOnline.cab

O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} (Earn2Life Bar) - http://earn.slbiz2life.com/plugin/Earn2Life.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15033/CTPID.cab

O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - D:\Program Files\cFosSpeed\spd.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 8565 bytes


(huber2t) #2

fix w hijackthis

Pobierz ComboFix, ale nie uruchamiaj

Wklej do notatnika:

File::

D:\WINDOWS\apdogy.dll

D:\WINDOWS\pokru.dll


Folder::

D:\Program Files\ShoppingReport

Plik -> zapisz jako -> CFScript.txt (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę ComboFix.exe tak jak tu ->

02f8f1e3c410a4cc.gif

Rozpocznie się usuwanie i powstanie log, daj ten log na forum.

Logi dajesz na http://www.wklej.org


(Gutek) #3

Zmiana zasad wklejania logów na forum - viewtopic.php?f=16&t=213350


(B2squall) #4

Pomoglo , dziekuje :slight_smile:

Zadnego logu nie ma , nawet w folderze gdzie mam program .


(huber2t) #5

Start --> wyszukaj --> ComboFix.txt


(B2squall) #6

http://www.wklej.org/id/383257d652


(huber2t) #7

Log wyglada na czysty

Usuń ręcznie folder C:\Qoobox ,usuń instalkę Combofix z dysku

Przeczyść komputer Ccleanerem

Wykonaj optymalizację autostartu

Wyłącz przywracanie systemu na wszystkich dyskach. Instrukcja

Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum

Włącz przywracanie systemu.


(B2squall) #8

http://www.wklej.org/id/5c3adc39fd


(Leon$) #9

usuń lub nie decyzja należy do ciebie http://www.viruslist.pl/riskware.html?chapter=articles&id=41

obowiązkowo Wyłącz I włącz przywracanie systemu na wszystkich dyskach.http://support.microsoft.com/kb/310405/pl

usuń ręcznie gdyby były kłopoty pisz

:slight_smile: