Wirusy: w32.gammima i w32.gammima.ag

**Posty:** 22 · przez **lili661** 03 Mar 2009, 17:44

Witam. Mam taki mały problem, właśnie z tymi dwoma wirusami...
Mam zainstalowanego Nortona i zawsze po rozruchu systemu znajduje mi właśnie tego wirusa. Niby go blokuje, ale pojawia się od nowa cały czas.
Normalnie bym się tym nie przejmowała, bo nic specjalnego się przez niego nie dzieje, ale dzisiaj mnie to zaciekawiłam, wpisałam jego nazwę w google i wyskoczyło mi, ze to wirus kradnący hasła i loginy do gier komputerowych i tym podobne. A, że jestem miłośniczką zarówno RPG jak i FPS to wiadomo, ze mam kilka kont, i szczerze mówiąc się trochę wystrachałam :1:

wrzucam logi z combofixa:

Kod: Zaznacz wszystko: ComboFix 09-03-02.03 - Martynka 2009-03-03 20:08:03.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1045.18.2047.1364 [GMT 4.5:30] Uruchomiony z: c:\documents and settings\Martynka\Pulpit\PROGRAMY\ComboFix.exe AV: Norton Internet Security *On-access scanning disabled* (Updated) FW: Norton Internet Security *enabled* * Utworzono nowy punkt przywracania UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !! . ((((((((((((((((((((((((( Pliki utworzone od 2009-02-03 do 2009-03-03 ))))))))))))))))))))))))))))))) . 2009-02-28 09:49 . 2009-02-28 09:49 <DIR> d-------- c:\program files\Youtube Downloader 2009-02-27 17:20 . 2009-02-09 19:56 67,584 --a------ c:\windows\system32\ff_vfw.dll 2009-02-27 17:20 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest 2009-02-26 16:20 . 2009-02-26 16:20 940,794 --a------ c:\windows\system32\LoopyMusic.wav 2009-02-26 16:20 . 2009-02-26 16:20 146,650 --a------ c:\windows\system32\BuzzingBee.wav 2009-02-26 16:19 . 2009-02-26 16:19 <DIR> d-------- c:\windows\system32\Lang 2009-02-25 12:49 . 2009-02-25 12:49 <DIR> d-------- c:\program files\Common Files\DirectX 2009-02-25 12:47 . 2009-02-25 12:47 <DIR> d-------- c:\documents and settings\Martynka\Dane aplikacji\Mumble 2009-02-25 12:03 . 2009-02-25 12:47 <DIR> d-------- c:\program files\Mumble 2009-02-25 04:54 . 2009-02-25 04:54 <DIR> d-------- c:\documents and settings\Martynka\Dane aplikacji\Hewlett-Packard 2009-02-25 04:54 . 2009-02-26 04:57 522 --a------ C:\hpfr3420.xml 2009-02-25 04:53 . 2008-04-13 23:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys 2009-02-25 04:53 . 2008-04-13 23:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys 2009-02-24 21:02 . 2009-02-24 21:02 <DIR> d-------- c:\windows\Sun 2009-02-24 19:58 . 2009-02-24 19:58 <DIR> d-------- c:\documents and settings\Martynka\Dane aplikacji\Media Player Classic 2009-02-24 17:57 . 2009-02-24 17:57 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\NVIDIA 2009-02-24 17:18 . 2009-02-27 17:27 <DIR> d-------- c:\program files\Total Commander 2009-02-24 17:18 . 2009-02-27 17:28 655 --a------ c:\windows\wincmd.ini 2009-02-24 17:18 . 2008-07-29 07:04 545 --a------ c:\windows\UC.PIF 2009-02-24 17:18 . 2008-07-29 07:04 545 --a------ c:\windows\RAR.PIF 2009-02-24 17:18 . 2008-07-29 07:04 545 --a------ c:\windows\PKZIP.PIF 2009-02-24 17:18 . 2008-07-29 07:04 545 --a------ c:\windows\PKUNZIP.PIF 2009-02-24 17:18 . 2008-07-29 07:04 545 --a------ c:\windows\NOCLOSE.PIF 2009-02-24 17:18 . 2008-07-29 07:04 545 --a------ c:\windows\LHA.PIF 2009-02-24 17:18 . 2008-07-29 07:04 545 --a------ c:\windows\ARJ.PIF 2009-02-24 17:08 . 2009-02-24 17:08 <DIR> d-------- c:\documents and settings\Martynka\Dane aplikacji\KeePass 2009-02-24 16:48 . 2009-02-24 16:48 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-02-24 16:48 . 2009-02-28 12:31 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy 2009-02-24 16:25 . 2009-02-24 23:03 <DIR> d-------- c:\documents and settings\Martynka\Dane aplikacji\Nowe Gadu-Gadu 2009-02-24 16:24 . 2009-02-24 16:24 <DIR> d-------- c:\program files\Nowe Gadu-Gadu 2009-02-24 16:03 . 2009-02-24 16:03 <DIR> d-------- c:\program files\CCleaner 2009-02-24 16:00 . 2009-02-24 16:00 <DIR> d-------- c:\documents and settings\Martynka\Dane aplikacji\Neo-Modus.com 2009-02-24 15:59 . 2009-02-24 15:59 724,992 --a------ c:\windows\iun6002.exe 2009-02-24 15:57 . 2009-02-24 15:58 <DIR> d-------- c:\windows\system32\URTTemp 2009-02-24 15:18 . 2009-02-24 15:18 <DIR> d-------- c:\program files\Ashampoo 2009-02-24 15:18 . 2009-02-24 15:18 <DIR> d-------- c:\documents and settings\Martynka\Dane aplikacji\Ashampoo 2009-02-24 15:18 . 2009-02-24 15:18 <DIR> d-------- c:\documents and settings\All Users\Dane aplikacji\ashampoo 2009-02-24 15:07 . 2009-02-24 15:07 82,380 --a------ c:\windows\system32\drivers\AFS2K.SYS 2009-02-24 15:04 . 2009-02-24 15:04 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard 2009-02-24 15:03 . 2003-03-19 07:20 1,060,864 --a------ c:\windows\system32\mfc71.dll 2009-02-24 15:03 . 2003-03-18 21:12 1,047,552 --a------ c:\windows\system32\mfc71u.dll 2009-02-24 15:02 . 2009-02-24 15:07 <DIR> d-------- c:\program files\Hewlett-Packard 2009-02-24 15:01 . 2009-02-24 15:07 20,458 --a------ c:\windows\hpoins01.dat 2009-02-24 15:01 . 2003-04-07 11:01 16,622 --------- c:\windows\hpomdl01.dat 2009-02-24 14:53 . 2009-02-24 14:53 <DIR> d-------- c:\program files\A4Tech 2009-02-24 14:36 . 2008-04-14 21:50 159,232 --a------ c:\windows\system32\ptpusd.dll 2009-02-24 14:36 . 2008-04-13 23:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-02-24 14:36 . 2008-04-13 23:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys 2009-02-24 14:36 . 2001-10-26 16:29 5,632 --a------ c:\windows\system32\ptpusb.dll 2009-02-24 14:29 . 2009-02-24 14:29 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-02-24 14:06 . 2009-02-24 14:14 <DIR> d-------- C:\Downloads 2009-02-24 05:38 . 2009-02-24 05:38 <DIR> d-------- c:\program files\PhotoFiltre 2009-02-24 05:32 . 2009-03-03 18:49 <DIR> d-------- c:\program files\Mozilla Thunderbird 2009-02-24 05:32 . 2009-02-24 05:32 <DIR> d-------- c:\documents and settings\Martynka\Dane aplikacji\Thunderbird 2009-02-24 05:28 . 2009-02-24 05:28 <DIR> d-------- c:\program files\Java 2009-02-24 05:28 . 2009-02-24 05:28 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-24 05:28 . 2009-02-24 05:28 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-24 05:17 . 2009-02-24 05:17 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-02-24 05:17 . 2008-09-16 23:53 168,448 --a------ c:\windows\system32\unrar.dll 2009-02-24 05:15 . 2009-02-25 22:00 <DIR> d-------- c:\program files\FlashGet 2009-02-24 00:39 . 2008-04-13 23:15 60,032 --a------ c:\windows\system32\drivers\USBAUDIO.sys 2009-02-24 00:39 . 2008-04-13 23:15 60,032 --a--c--- c:\windows\system32\dllcache\usbaudio.sys 2009-02-24 00:39 . 2008-04-13 23:15 32,128 --a------ c:\windows\system32\drivers\usbccgp.sys 2009-02-24 00:39 . 2008-04-13 23:15 32,128 --a--c--- c:\windows\system32\dllcache\usbccgp.sys 2009-02-24 00:39 . 2008-04-14 21:50 21,504 --a------ c:\windows\system32\hidserv.dll 2009-02-24 00:39 . 2008-04-14 21:50 21,504 --a--c--- c:\windows\system32\dllcache\hidserv.dll 2009-02-24 00:34 . 2009-02-24 00:35 <DIR> d-------- c:\documents and settings\Martynka\Dane aplikacji\Ventrilo 2009-02-24 00:34 . 2009-02-24 00:34 <DIR> d-------- c:\documents and settings\Martynka\Dane aplikacji\Gadu-Gadu 2009-02-24 00:30 . 2009-02-23 21:28 <DIR> d-------- c:\documents and settings\Martynka\Gadu-Gadu 2009-02-24 00:17 . 2006-01-23 11:51 466,944 --a------ c:\windows\system32\CapabilityTable.exe 2009-02-24 00:17 . 2006-01-23 11:48 176,128 --------- c:\windows\system32\nvuide.exe 2009-02-24 00:17 . 2005-06-29 23:26 1,537 --------- c:\windows\system32\nvide.nvu 2009-02-24 00:16 . 2006-01-23 11:48 176,128 --a------ c:\windows\system32\nvusmb.exe 2009-02-24 00:16 . 2006-01-23 11:48 176,128 --a------ c:\windows\system32\nvunrm.exe 2009-02-24 00:16 . 2005-10-27 18:10 101,632 --a------ c:\windows\system32\drivers\nvtcp.sys 2009-02-24 00:16 . 2005-09-23 23:21 3,632 --a------ c:\windows\system32\nvnrm.nvu 2009-02-24 00:16 . 2005-12-08 11:06 1,864 --a------ c:\windows\system32\nvsmb.nvu 2009-02-24 00:15 . 2009-02-24 00:15 <DIR> d-------- c:\program files\Marvell 2009-02-24 00:07 . 2001-08-18 01:29 3,072 --a------ c:\windows\system32\drivers\audstub.sys 2009-02-24 00:06 . 2008-04-15 01:05 58,880 --a------ c:\windows\system32\drivers\redbook.sys 2009-02-24 00:05 . 2009-02-24 00:06 <DIR> d-------- C:\INSTALKI 2009-02-24 00:05 . 2008-04-15 02:21 152,064 --a------ c:\windows\system32\irftp.exe 2009-02-24 00:05 . 2008-04-14 03:54 88,192 --a------ c:\windows\system32\drivers\irda.sys 2009-02-24 00:05 . 2008-04-15 02:20 77,312 --a------ c:\windows\system32\usbui.dll 2009-02-24 00:05 . 2008-04-15 02:20 28,672 --a------ c:\windows\system32\irmon.dll 2009-02-24 00:05 . 2001-08-18 01:21 19,584 --a------ c:\windows\system32\drivers\rasirda.sys 2009-02-24 00:05 . 2001-08-18 01:21 18,688 --a------ c:\windows\system32\drivers\irsir.sys 2009-02-24 00:05 . 2008-04-15 02:21 8,192 --a------ c:\windows\system32\wshirda.dll 2009-02-24 00:05 . 2001-08-18 01:16 6,400 --a------ c:\windows\system32\drivers\enum1394.sys 2009-02-24 00:03 . 2009-02-24 00:03 <DIR> dr-h----- c:\documents and settings\Default User\Ustawienia lokalne 2009-02-24 00:03 . 2009-02-24 00:03 <DIR> d-------- c:\documents and settings\Default User\Ulubione 2009-02-24 00:03 . 2009-02-23 23:17 <DIR> d--h----- c:\documents and settings\Default User\Szablony 2009-02-24 00:03 . 2009-02-24 00:03 <DIR> d-------- c:\documents and settings\Default User\Pulpit 2009-02-24 00:03 . 2009-02-24 00:03 <DIR> d-------- c:\documents and settings\Default User\Moje dokumenty 2009-02-24 00:03 . 2009-02-24 00:03 <DIR> dr------- c:\documents and settings\Default User\Menu Start 2009-02-24 00:03 . 2009-02-24 00:03 <DIR> d-------- c:\documents and settings\All Users\Ulubione 2009-02-24 00:03 . 2009-02-24 00:03 <DIR> d--h----- c:\documents and settings\All Users\Szablony 2009-02-24 00:03 . 2009-02-24 16:25 <DIR> d-------- c:\documents and settings\All Users\Pulpit 2009-02-24 00:03 . 2009-02-23 23:23 <DIR> dr------- c:\documents and settings\All Users\Menu Start 2009-02-24 00:03 . 2009-02-24 00:01 <DIR> dr------- c:\documents and settings\All Users\Dokumenty 2009-02-24 00:03 . 2008-04-14 21:21 146,432 --a------ c:\windows\system\WINSPOOL.DRV 2009-02-24 00:02 . 2008-04-14 23:26 2,033,887 --a--c--- c:\windows\system32\dllcache\NT5.CAT 2009-02-24 00:01 . 2009-03-03 20:07 <DIR> d-------- c:\windows\system32\CatRoot2 2009-02-24 00:01 . 2009-02-23 23:28 <DIR> d-------- c:\windows\system32\CatRoot 2009-02-24 00:01 . 2009-02-24 00:03 <DIR> dr-h----- c:\documents and settings\Default User\Dane aplikacji 2009-02-24 00:01 . 2009-02-23 23:21 <DIR> d--h----- c:\documents and settings\Default User 2009-02-24 00:01 . 2009-02-27 04:57 <DIR> dr-h----- c:\documents and settings\All Users\Dane aplikacji 2009-02-24 00:01 . 2009-02-23 23:19 <DIR> d-------- c:\documents and settings\All Users 2009-02-24 00:01 . 2009-02-23 23:26 <DIR> d-------- C:\Documents and Settings 2009-02-24 00:00 . 2009-02-24 00:00 <DIR> d-------- c:\program files\Bonjour 2009-02-24 00:00 . 2009-02-23 23:23 672 --a------ c:\windows\system32\$winnt$.inf . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-03 14:21 --------- d-----w c:\program files\Steam 2009-02-28 11:58 --------- d-----w c:\program files\ALLPlayer 2009-02-28 10:12 --------- d-----w c:\program files\NAPI-PROJEKT 2009-02-28 07:59 --------- d-----r c:\program files\Skype 2009-02-28 05:53 --------- d-----w c:\program files\Windows Media Connect 2 2009-02-27 12:54 --------- d-----w c:\documents and settings\Martynka\Dane aplikacji\Winamp 2009-02-24 14:54 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-24 10:45 --------- d-----w c:\documents and settings\Martynka\Dane aplikacji\Skype 2009-02-24 10:30 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-24 00:47 --------- d-----w c:\program files\DivX 2009-02-23 19:45 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-23 19:31 --------- d-----w c:\program files\Common Files\Adobe 2009-02-23 19:26 --------- d-----w c:\program files\Real Alternative 2009-02-23 19:21 --------- d-----w c:\program files\Common Files\Macrovision Shared 2009-02-23 19:18 --------- d-----w c:\program files\Microsoft.NET 2009-02-23 19:11 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Symantec 2009-02-23 19:10 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF 2009-02-23 19:10 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL 2009-02-23 19:10 36,272 ----a-r c:\windows\system32\drivers\SymIM.sys 2009-02-23 19:10 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS 2009-02-23 19:10 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT 2009-02-23 19:10 --------- d-----w c:\program files\Windows Sidebar 2009-02-23 19:10 --------- d-----w c:\program files\Symantec 2009-02-23 19:10 --------- d-----w c:\program files\NortonInstaller 2009-02-23 19:10 --------- d-----w c:\program files\Norton Internet Security 2009-02-23 19:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\NortonInstaller 2009-02-23 19:10 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Norton 2009-02-23 19:00 --------- d-----w c:\program files\Realtek Sound Manager 2009-02-23 19:00 --------- d-----w c:\program files\AvRack 2009-02-23 18:59 --------- d-----w c:\program files\Realtek AC97 2009-02-23 18:51 --------- d-----w c:\program files\microsoft frontpage 2009-02-23 18:49 --------- d-----w c:\program files\Usługi online 2009-02-23 18:15 --------- d-----w c:\program files\IrfanView 2009-02-23 18:12 --------- d-----w c:\documents and settings\Martynka\Dane aplikacji\skypePM 2009-02-23 18:09 --------- d-----w c:\program files\Common Files\Skype 2009-02-23 18:09 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Skype 2009-02-23 17:49 --------- d-----w c:\program files\Winamp 2009-01-30 14:36 86,073 ----a-w c:\windows\system32\usrfaxa.dll 2009-01-30 14:30 938,496 ----a-w c:\windows\system32\wmnetmgr.dll 2009-01-30 14:30 455,936 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2009-01-30 14:30 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2009-01-30 14:30 138,496 ----a-w c:\windows\system32\drivers\afd.sys 2009-01-30 14:30 100,864 ----a-w c:\windows\system32\logagent.exe 2009-01-30 14:30 1,847,168 ----a-w c:\windows\system32\win32k.sys 2009-01-30 14:29 446,464 ----a-w c:\windows\system32\sqlsrv32.dll 2009-01-30 14:29 286,720 ----a-w c:\windows\system32\gdi32.dll 2009-01-30 14:29 247,326 ----a-w c:\windows\system32\strmdll.dll 2009-01-30 14:29 24,576 ----a-w c:\windows\system32\odbcbcp.dll 2009-01-30 14:29 2,190,464 ----a-w c:\windows\system32\ntoskrnl.exe 2009-01-30 14:29 1,379,840 ----a-w c:\windows\system32\msxml6.dll 2009-01-30 14:29 1,106,944 ----a-w c:\windows\system32\msxml3.dll 2009-01-30 14:27 691,712 ----a-w c:\windows\system32\inetcomm.dll 2009-01-30 14:27 253,952 ----a-w c:\windows\system32\es.dll 2009-01-30 14:27 203,136 ----a-w c:\windows\system32\drivers\RMCast.sys 2008-12-20 23:03 826,368 ----a-w c:\windows\system32\wininet.dll 2008-12-11 00:33 86,016 ----a-w c:\windows\system32\dpl100.dll 2008-12-11 00:33 200,704 ----a-w c:\windows\system32\dtu100.dll 2008-12-09 02:28 593,920 ----a-w c:\windows\system32\dpuGUI11.dll 2008-12-09 02:28 57,344 ----a-w c:\windows\system32\dpv11.dll 2008-12-09 02:28 344,064 ----a-w c:\windows\system32\dpus11.dll 2008-12-09 02:28 294,912 ----a-w c:\windows\system32\dpu11.dll . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Steam"="c:\program files\steam\steam.exe" [2009-02-23 1410296] "Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-02-27 9339496] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-24 148888] "WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800] "nwiz"="nwiz.exe" [2007-04-19 c:\windows\system32\nwiz.exe] "SoundMan"="SOUNDMAN.EXE" [2006-08-03 c:\windows\soundman.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] c:\documents and settings\All Users\Menu Start\Programy\Autostart\ hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 147456] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 28672] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ALLUpdate] --a------ 2008-11-24 20:44 869888 c:\program files\ALLPlayer\ALLUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2009-01-29 14:01 23975720 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2008-08-04 03:32 36352 c:\program files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\FlashGet\\flashget.exe"= R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1002000.007\SymEFA.sys [2009-02-23 309296] R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-02-23 255536] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1002000.007\cchpx86.sys [2009-02-23 362544] R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090225.002\IDSxpx86.sys [2009-02-27 276344] R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-02-23 115560] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936] . Zawartość folderu 'Zaplanowane zadania' 2009-02-25 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1235521443.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 00:52] . . ------- Skan uzupełniający ------- . uStart Page = hxxp://nasza-klasa.pl/ uInternet Settings,ProxyOverride = *.local IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: E&ksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {E38EED9E-1712-441A-B193-9DA649945280} = 194.204.152.34,194.204.159.1 Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll FF - ProfilePath - c:\documents and settings\Martynka\Dane aplikacji\Mozilla\Firefox\Profiles\osf0tvvy.default\ FF - prefs.js: browser.startup.homepage - hxxp://onet.pl FF - component: c:\documents and settings\All Users\Dane aplikacji\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-03 20:09:25 Windows 5.1.2600 Dodatek Service Pack 3 NTFS skanowanie ukrytych procesów ... skanowanie ukrytych wpisów autostartu ... skanowanie ukrytych plików ... skanowanie pomyślnie ukończone ukryte pliki: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.2.0.7\diMaster.dll\" /prefetch:1" . Czas ukończenia: 2009-03-03 20:10:21 ComboFix-quarantined-files.txt 2009-03-03 15:40:19 Przed: 62 325 555 200 bajtów wolnych Po: 62,341,615,616 bajtów wolnych 267 --- E O F --- 2009-02-28 05:51:54

i z hijackthisa

Kod: Zaznacz wszystko: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:14:20, on 2009-03-03 Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\program files\steam\steam.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Nowe Gadu-Gadu\gg.exe C:\Program Files\Nowe Gadu-Gadu\spellchecker_gg.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\system32\imapi.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://nasza-klasa.pl/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent O4 - HKCU\..\Run: [Nowe Gadu-Gadu] "C:\Program Files\Nowe Gadu-Gadu\gg.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{E38EED9E-1712-441A-B193-9DA649945280}: NameServer = 194.204.152.34,194.204.159.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 7305 bytes

Prosze o pomoc!!

**Posty:** 18165 · przez **wojtas** 03 Mar 2009, 23:49

w jakich plikach Ci wykrywa?

1. Ściągnij OTMoveIt i go włacz i odpal go z opcji CleanUp

oraz skasuj folder C:\Qoobox
2. wykonaj optymalizację windowsa
3.sciagnij ATF_Cleaner
zaznacz
Windows Temp
All users Temp
Temporary internet files
Recycle Bin
i wcisnij EMPTY SELECTED
4.Wyłącz przywracanie systemu ( właściwości mój komputer-zakładka przywracanie - wyłącz przywracanie na wszystkich dyskach). Po chwili włącz je powrotem
5. Wykonaj skan Dr. Web CureIt
6. Przeskanuj obszar mojego komputera http://www.kaspersky.pl/virusscanner.html (uruchom przez IE) Daj raport z niego na forum.

i tym:

FixIEDef.