Czy ktoś miał styczność z tym wirusem? Nie Wiem jak się go pozbyć. Może ktoś mi pomoże? Czytałem niby co i jak, ale to chyba trzeba się znać i wiedzieć co w logu jest nie tak i co usunąć. Ja się nie znam. Przesówałem już log na ikonkęc Combofixa i coś tam się robiło, coś naprawiło, nie wyskakuje już tak jak wczeąśniej (pokazywało się kilka okien, przeglądarka internetowa, chciało ściagać coś z neta, pokazywało, że mam mase wirusów na kompie i skanowało system) ale nadal pokazuje sie okienko, żebym włączył "ochrone". Gdy klikne X wyłącza się na pół godziny i włącza znów. Bardzo prosze o pomoc, bo już nie moge wytrzymać. Pozdrawiam.
Log z Combofix:
ComboFix 08-08-30.03 - Chłopaki 2008-09-01 7:55:07.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1624 [GMT 2:00]
Running from: D:\Combofix\ComboFix.exe
Command switches used :: D:\Combofix\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-08-01 to 2008-09-01 )))))))))))))))))))))))))))))))
.
2008-09-01 07:49 . 2008-09-01 07:49 102,400 --a------ C:\WINDOWS\system32\ypwzidgz.exe
2008-08-31 23:45 . 2008-08-31 23:45 86,016 --a------ C:\WINDOWS\system32\kpibmjgn.exe
2008-08-31 19:26 . 2008-08-31 19:26 <DIR> d-------- C:\Documents and Settings\Chłopaki
2008-08-31 19:26 . <DIR> C:\Documents and Settings\Ch-opaki\Ustawienia lokalne
2008-08-31 19:26 . <DIR> C:\Documents and Settings\Ch-opaki\Ustawienia lokalne
2008-08-31 19:24 . 2008-08-31 19:24 90,112 --a------ C:\WINDOWS\system32\zuzgjuju.exe
2008-08-31 17:56 . 2008-08-31 17:56 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\vcpyradi
2008-08-31 17:56 . 2008-08-31 17:56 115,204 --a------ C:\WINDOWS\system32\msxml71.dll
2008-08-31 17:56 . 2008-08-31 17:56 90,112 --a------ C:\WINDOWS\system32\hkzmxuxo.exe
2008-08-31 14:47 . 2008-08-31 14:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-31 14:47 . 2008-08-31 14:47 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-31 00:31 . 1999-12-29 16:59 391,168 --a------ C:\WINDOWS\system\LTKRN11N.DLL
2008-08-31 00:31 . 1999-12-29 17:02 284,672 --a------ C:\WINDOWS\system\LFCMP11n.DLL
2008-08-31 00:31 . 1999-12-29 16:59 117,760 --a------ C:\WINDOWS\system\LTFIL11N.DLL
2008-08-31 00:31 . 2003-06-16 15:10 86,016 --a------ C:\WINDOWS\system\G726.ax
2008-08-31 00:31 . 2003-04-01 13:57 73,728 --a------ C:\WINDOWS\system32\SDVC03.drv
2008-08-31 00:31 . 2003-07-22 18:50 18,088 --a------ C:\WINDOWS\system32\drivers\SDVC05.sys
2008-08-31 00:31 . 2003-07-11 17:49 2,455 --a------ C:\WINDOWS\system32\drivers\SDVC05.INF
2008-08-30 13:31 . 2008-08-30 13:31 46,344 --a------ C:\WINDOWS\h_eJay5.inf
2008-08-29 00:47 . 2008-08-13 19:10 168,448 --a------ C:\WINDOWS\system32\sav.cpl
2008-08-22 11:32 . 2008-08-22 11:32 <DIR> d-------- C:\Python24
2008-08-20 21:01 . 2008-08-20 21:01 0 -ra------ C:\logwmemory.bin
2008-08-17 01:12 . 2008-08-17 01:12 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-17 01:01 . 2008-08-17 01:06 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-10 18:59 . 2008-08-10 18:59 <DIR> d-------- C:\WINDOWS\system32\{app}
2008-08-09 02:22 . 2008-08-16 14:34 <DIR> d-a------ C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-08-07 22:57 . 2008-08-07 22:57 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-01 05:58 102,400 ----a-w C:\WINDOWS\system32\kjmderup.exe
2008-08-30 22:31 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-13 05:19 --------- d-----w C:\Program Files\neostrada tp
2008-07-21 14:01 --------- d-----w C:\Program Files\VID_0E8F&PID_0012
2008-07-21 14:01 --------- d-----w C:\Program Files\USB Vibration
2008-07-20 21:45 --------- d-----w C:\Program Files\Asprate
2008-07-18 16:25 --------- d-----w C:\Program Files\VDOTool
2008-07-17 17:02 48,155 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-07-17 17:02 1,582 ----a-w C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-07-15 15:26 --------- d-----w C:\Program Files\Skype
2008-07-15 15:26 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-15 15:26 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Skype
2008-07-12 21:39 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-11 10:12 --------- d-----w C:\Program Files\HP
2008-07-09 19:45 --------- d-----w C:\Program Files\Ubisoft
2008-07-09 18:04 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
2008-07-09 09:07 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\POP3Profiles
2008-07-08 14:32 108,144 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-07 20:33 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 08:45 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-04 19:26 --------- d-----w C:\Program Files\Eset
2008-06-24 16:24 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 15:41 662,016 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:42 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-03 12:55 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
.
------- Sigcheck -------
2007-06-13 15:23 1883136 39bc8e8190dff8dcbd04bdcd81d0f0bb C:\WINDOWS\explorer.exe
2007-06-13 15:12 1034752 8db0650b211425b9cdb7d1c4a8f6b482 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 00:44 1033728 379098a96e6c165b659de7e4328010ea C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:23 1883136 39bc8e8190dff8dcbd04bdcd81d0f0bb C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D023EBF-70B8-45A6-9ED5-556515FA0FE4}]
2008-04-17 09:44 398776 --a------ C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msgact"="C:\WINDOWS\system32\zuzgjuju.exe" [2008-08-31 19:24 90112]
"strutilwin"="C:\WINDOWS\system32\kpibmjgn.exe" [2008-08-31 23:45 86016]
"ActStrSmart"="C:\WINDOWS\system32\ypwzidgz.exe" [2008-09-01 07:49 102400]
"ApiGen"="C:\WINDOWS\system32\kjmderup.exe" [2008-09-01 07:58 102400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-05-04 18:42 949376]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43 7630848]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"A0sDxmazM1"="C:\Documents and Settings\All Users\Dane aplikacji\vcpyradi\nmzezsjo.exe" [2008-08-31 17:56 65536]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= D:\szablony html\lekkiSzablon\index.html
FriendlyName=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msvideo9"= SDVC03.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^Dual.lnk]
path=C:\Documents and Settings\Chłopaki\Menu Start\Programy\Autostart\Dual.lnk
backup=C:\WINDOWS\pss\Dual.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^lsass.exe]
path=C:\Documents and Settings\Chłopaki\Menu Start\Programy\Autostart\lsass.exe
backup=C:\WINDOWS\pss\lsass.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^No-IP DUC.lnk]
path=C:\Documents and Settings\Chłopaki\Menu Start\Programy\Autostart\No-IP DUC.lnk
backup=C:\WINDOWS\pss\No-IP DUC.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^Registration Assassin's Creed.LNK]
path=C:\Documents and Settings\Chłopaki\Menu Start\Programy\Autostart\Registration Assassin's Creed.LNK
backup=C:\WINDOWS\pss\Registration Assassin's Creed.LNKStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^Stardock ObjectDock.lnk]
path=C:\Documents and Settings\Chłopaki\Menu Start\Programy\Autostart\Stardock ObjectDock.lnk
backup=C:\WINDOWS\pss\Stardock ObjectDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^UberIcon.lnk]
path=C:\Documents and Settings\Chłopaki\Menu Start\Programy\Autostart\UberIcon.lnk
backup=C:\WINDOWS\pss\UberIcon.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^Ubisoft register.lnk]
path=C:\Documents and Settings\Chłopaki\Menu Start\Programy\Autostart\Ubisoft register.lnk
backup=C:\WINDOWS\pss\Ubisoft register.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^Y'z Shadow.lnk]
path=C:\Documents and Settings\Chłopaki\Menu Start\Programy\Autostart\Y'z Shadow.lnk
backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Chłopaki^Menu Start^Programy^Autostart^Y'z ToolBar.lnk]
path=C:\Documents and Settings\Chłopaki\Menu Start\Programy\Autostart\Y'z ToolBar.lnk
backup=C:\WINDOWS\pss\Y'z ToolBar.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]
--a------ 2007-02-28 14:18 2351864 D:\programy\aqq\AQQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-05-05 11:20 289088 C:\Program Files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 D:\programy\deamon tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EdHTML]
--a------ 2003-03-24 17:38 1443328 D:\programy\edhtml\EdHTML.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gainward]
--a------ 2006-09-13 09:58 2154496 C:\Program Files\VDOTool\TBPANEL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-03-11 21:34 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 15:43 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Odkurzacz-MCD]
--a------ 2008-03-03 14:44 266240 D:\programy\odkurzacz\odk_mcd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-06-03 15:08 21718312 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2005-09-07 15:35 716800 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2005-05-20 03:11 925696 C:\Program Files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UiDscStr]
--a------ 2008-08-31 17:56 90112 C:\WINDOWS\system32\hkzmxuxo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOTASKBARICON]
--------- 2004-10-14 15:55 32768 C:\PROGRA~1\NEOSTR~1\GestMAJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WOOWATCH]
--------- 2004-08-23 13:49 20480 C:\PROGRA~1\NEOSTR~1\Watch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--------- 2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 15:43 1519616 C:\WINDOWS\system32\nwiz.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\GRY\\cs 1,6\\Counter-Strike 1.6 + Half-Life\\hl.exe"=
"D:\\GRY\\cs\\Counter-Strike Source\\hl2.exe"=
"D:\\GRY\\Soldat\\Soldat.exe"=
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-09-15 11:07]
S3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-09-19 11:03]
S3 SDVC05;USB SDVC05;C:\WINDOWS\system32\Drivers\SDVC05.sys [2003-07-22 18:50]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2008-08-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-01 07:58:03
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\kjmderup.exe 102400 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Eset\pr_imon.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\savedump.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\FTRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2008-09-01 8:00:18 - machine was rebooted [Chopaki]
ComboFix-quarantined-files.txt 2008-09-01 06:00:14
ComboFix2.txt 2008-09-01 05:50:37
ComboFix3.txt 2008-08-31 21:46:14
ComboFix4.txt 2008-08-31 17:25:41
Pre-Run: 18,364,624,896 bajtów wolnych
Post-Run: 18,352,676,864 bajt˘w wolnych
220 --- E O F --- 2008-08-22 09:16:42