Downloader.NUSE

przez **Mentos90** » 02 Sty 2008, 17:17

prosze o pomoc..
wklejam loga z ComboFix...i prosze o pomoc... mam jakieś wirusy ale nie moge ich usunać..proszę..ważne...:

LOG z CamboFix'a:

ComboFix 07-12-31.4 - Menti 2008-01-02 16:01:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1045.18.80 [GMT 1:00]
Running from: C:\Documents and Settings\Menti\Moje dokumenty\[email protected]\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Helper
C:\Program Files\Helper\superfinderusa.dll
C:\Program Files\Helper\superfindout.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.

2008-01-02 16:00 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-02 15:20 . 2008-01-02 15:20 4,468,568 --a------ C:\96c1251f0e5b18b482ea1b1659bdf4e3KRN_DATA
2007-12-31 17:07 . 2002-08-29 01:32 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-31 17:06 . 2003-08-25 18:06 182,880 --a------ C:\WINDOWS\system32\iuengine.dll
2007-12-31 17:06 . 2003-08-25 18:06 182,880 --a--c--- C:\WINDOWS\system32\dllcache\iuengine.dll
2007-12-31 01:21 . 2002-08-29 01:32 159,360 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2007-12-31 01:20 . 2007-12-31 01:20 <DIR> d-------- C:\Program Files\VIA Technologies, Inc
2007-12-31 01:20 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2007-12-31 00:57 . 2007-12-31 00:41 170,800 --a------ C:\WINDOWS\system32\drivers\PavProc.sys
2007-12-31 00:57 . 2008-01-02 16:05 152,532 --a------ C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck
2007-12-31 00:57 . 2007-12-31 00:41 31,104 --a------ C:\WINDOWS\system32\drivers\ShlDrv51.sys
2007-12-31 00:57 . 2008-01-02 16:05 1,184 --a------ C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck
2007-12-31 00:43 . 2007-09-21 11:33 71,680 --a------ C:\WINDOWS\system32\drivers\PAVDRV51.SYS
2007-12-31 00:43 . 2007-12-31 00:41 54,832 --a------ C:\WINDOWS\system32\pavcpl.cpl
2007-12-31 00:43 . 2007-09-21 11:33 50,736 --a------ C:\WINDOWS\system32\avldr.dll
2007-12-31 00:43 . 2007-09-21 11:33 17,792 --a------ C:\WINDOWS\system32\drivers\cpoint.sys
2007-12-31 00:43 . 2007-12-31 00:43 179 --a------ C:\WINDOWS\system32\PavCPL.dat
2007-12-31 00:42 . 2007-12-31 00:41 292,400 --a------ C:\WINDOWS\system32\PavSHook.dll
2007-12-31 00:42 . 2007-12-31 00:41 161,328 --a------ C:\WINDOWS\system32\TpUtil.dll
2007-12-31 00:42 . 2007-12-31 00:41 63,024 --a------ C:\WINDOWS\system32\pavipc.dll
2007-12-31 00:41 . 2007-12-31 00:41 142,128 --a------ C:\WINDOWS\system32\drivers\netimflt.sys
2007-12-31 00:41 . 2007-12-31 00:41 1,990 --a------ C:\WINDOWS\system32\drivers\net_m32.inf
2007-12-31 00:37 . 2007-12-30 23:55 560 --a------ C:\WINDOWS\system32\$winnt$.inf
2007-12-31 00:29 . 2007-12-31 00:29 37 --a------ C:\WINDOWS\r007
2007-12-31 00:28 . 2007-12-31 00:28 <DIR> d-------- C:\Documents and Settings\Menti\Dane aplikacji\Gadu-Gadu
2007-12-31 00:15 . 2003-10-16 18:07 32,768 --a------ C:\WINDOWS\system32\WooDial2000.dll
2007-12-31 00:13 . 2004-01-07 08:29 261,964 --a------ C:\WINDOWS\system32\drivers\rtbldep3.bnm
2007-12-31 00:12 . 2007-12-31 00:12 29 --a------ C:\WINDOWS\Kit.ini
2007-12-31 00:09 . 2008-01-01 15:13 <DIR> d-------- C:\Documents and Settings\Menti\Gadu-Gadu
2007-12-31 00:04 . 2007-12-31 00:04 706 --a------ C:\WINDOWS\unins000.dat
2007-12-31 00:03 . 2006-10-22 12:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-12-31 00:03 . 2008-01-02 16:04 88,566 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-31 00:03 . 2006-10-22 12:22 17,056 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-31 00:02 . 2006-10-22 15:06 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-12-31 00:01 . 2007-12-31 00:01 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-30 23:58 . 2007-12-30 23:38 <DIR> d--h----- C:\Documents and Settings\Menti\Ustawienia lokalne
2007-12-30 23:58 . 2007-12-31 00:17 <DIR> dr------- C:\Documents and Settings\Menti\Ulubione
2007-12-30 23:58 . 2007-12-30 23:46 <DIR> d--h----- C:\Documents and Settings\Menti\Szablony
2007-12-30 23:58 . 2008-01-02 16:01 <DIR> d-------- C:\Documents and Settings\Menti\Pulpit
2007-12-30 23:58 . 2007-12-31 00:58 <DIR> dr------- C:\Documents and Settings\Menti\Moje dokumenty
2007-12-30 23:58 . 2007-12-31 00:09 <DIR> dr------- C:\Documents and Settings\Menti\Menu Start
2007-12-30 23:58 . 2007-12-31 00:28 <DIR> dr-h----- C:\Documents and Settings\Menti\Dane aplikacji
2007-12-30 23:57 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Ustawienia lokalne
2007-12-30 23:57 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Ustawienia lokalne
2007-12-30 23:57 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji\Microsoft
2007-12-30 23:57 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji
2007-12-30 23:57 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Dane aplikacji
2007-12-30 23:57 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Cookies
2007-12-30 23:57 . <DIR> C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\Cookies
2007-12-30 23:57 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ustawienia lokalne
2007-12-30 23:57 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Ustawienia lokalne
2007-12-30 23:57 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji\Microsoft
2007-12-30 23:57 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji
2007-12-30 23:57 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Dane aplikacji
2007-12-30 23:57 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Cookies
2007-12-30 23:57 . <DIR> C:\Documents and Settings\LocalService.ZARZąDZANIE NT\Cookies
2007-12-30 23:57 . 233,472 C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT
2007-12-30 23:57 . 233,472 C:\Documents and Settings\NetworkService.ZARZąDZANIE NT\NTUSER.DAT
2007-12-30 23:57 . 233,472 C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT
2007-12-30 23:57 . 233,472 C:\Documents and Settings\LocalService.ZARZąDZANIE NT\NTUSER.DAT
2007-12-30 23:56 . 2007-12-30 23:56 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2007-12-30 23:54 . 2002-09-28 23:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2007-12-30 23:53 . 2002-09-28 23:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2007-12-30 23:52 . 2001-10-26 17:29 2,134,528 --a--c--- C:\WINDOWS\system32\dllcache\EXCH_smtpsnap.dll
2007-12-30 23:51 . 2007-12-30 23:51 299,552 --a------ C:\WINDOWS\WMSysPrx.prx
2007-12-30 23:51 . 2007-12-30 23:58 25,065 --a------ C:\WINDOWS\system32\wmpscheme.xml
2007-12-30 23:51 . 2007-12-30 23:51 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2007-12-30 23:51 . 2007-12-30 23:51 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2007-12-30 23:51 . 2007-12-30 23:51 2,596 --a------ C:\WINDOWS\system32\CONFIG.NT
2007-12-30 23:51 . 2007-12-30 23:51 0 --a------ C:\WINDOWS\control.ini
2007-12-30 23:50 . 2007-12-30 23:51 <DIR> d--hs---- C:\Documents and Settings\All Users.WINDOWS\DRM
2007-12-30 23:48 . 2002-09-28 23:00 798,782 --a--c--- C:\WINDOWS\system32\dllcache\srchui.dll
2007-12-30 23:47 . 2007-12-30 23:47 21,856 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-30 23:47 . 2007-12-30 23:47 37 --a------ C:\WINDOWS\vbaddin.ini
2007-12-30 23:47 . 2007-12-30 23:47 36 --a------ C:\WINDOWS\vb.ini
2007-12-30 23:41 . 2001-10-26 17:29 70,144 --a------ C:\WINDOWS\system32\usbui.dll
2007-12-30 23:41 . 2002-09-20 17:18 57,856 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-12-30 23:41 . 2001-08-17 20:13 27,165 --a------ C:\WINDOWS\system32\drivers\fetnd5.sys
2007-12-30 23:41 . 2001-08-17 21:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-12-30 23:40 . 2001-08-17 21:58 27,392 --a------ C:\WINDOWS\system32\drivers\VIAAGP.SYS
2007-12-30 23:40 . 2002-08-29 01:32 9,856 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2007-12-30 23:38 . 2007-12-30 23:38 <DIR> dr-h----- C:\Documents and Settings\Default User.WINDOWS\Ustawienia lokalne
2007-12-30 23:38 . 2007-12-30 23:38 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Ulubione
2007-12-30 23:38 . 2007-12-30 23:46 <DIR> d--h----- C:\Documents and Settings\Default User.WINDOWS\Szablony
2007-12-30 23:38 . 2007-12-30 23:38 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Pulpit
2007-12-30 23:38 . 2007-12-30 23:38 <DIR> d-------- C:\Documents and Settings\Default User.WINDOWS\Moje dokumenty
2007-12-30 23:38 . 2007-12-30 23:38 <DIR> dr------- C:\Documents and Settings\Default User.WINDOWS\Menu Start
2007-12-30 23:38 . 2007-12-30 23:38 <DIR> dr-h----- C:\Documents and Settings\Default User.WINDOWS\Dane aplikacji
2007-12-30 23:38 . 2007-12-30 23:38 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Ulubione
2007-12-30 23:38 . 2007-12-30 23:38 <DIR> d--h----- C:\Documents and Settings\All Users.WINDOWS\Szablony
2007-12-30 23:38 . 2007-12-31 00:15 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Pulpit
2007-12-30 23:38 . 2007-12-30 23:55 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS\Menu Start
2007-12-30 23:38 . 2007-12-30 23:48 <DIR> dr------- C:\Documents and Settings\All Users.WINDOWS\Dokumenty
2007-12-30 23:38 . 2007-12-30 23:38 <DIR> dr-h----- C:\Documents and Settings\All Users.WINDOWS\Dane aplikacji
2007-12-30 23:38 . 2002-09-28 23:00 1,901,593 --a--c--- C:\WINDOWS\system32\dllcache\NT5.CAT
2007-12-29 21:28 . 2007-12-30 19:12 2 --a------ C:\1016968535
2007-12-29 21:25 . 2007-12-30 19:09 58,368 --a------ C:\einmia.exe
2007-12-29 13:38 . 2007-12-29 13:38 10,752 --a------ C:\xfmb.exe
2007-12-29 13:08 . 2007-12-31 00:57 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2007-12-28 23:37 . 2007-12-28 23:37 <DIR> d-------- C:\Program Files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 15:05 152,532 ----a-w C:\WINDOWS\system32\drivers\APPFCONT.DAT
2008-01-02 15:05 1,184 ----a-w C:\WINDOWS\system32\drivers\APPFLTR.CFG
2008-01-02 14:55 --------- d-----w C:\Program Files\Neostrada TP
2007-12-30 23:14 23 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2007-12-30 22:51 558,142 ----a-w C:\WINDOWS\java\Packages\9VHNB13H.ZIP
2007-12-30 22:51 155,995 ----a-w C:\WINDOWS\java\Packages\5JZ1ZRZN.ZIP
2007-12-29 12:10 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 20:37 --------- d-----w C:\Program Files\IVT Corporation
2007-12-28 20:37 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-28 20:33 --------- d-----w C:\Program Files\VIA
2007-12-28 20:14 --------- d-----w C:\Program Files\microsoft frontpage
2007-12-28 20:12 --------- d-----w C:\Program Files\Usługi online
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-09-28 23:00 13312]
"Gadu-Gadu"="D:\Programy\komunikatory\GG\Gadu-Gadu\gg.exe" [2007-04-19 16:43 2101248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-10-22 12:22 86016]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-09-28 23:00 13312]

C:\Documents and Settings\All Users.WINDOWS\Menu Start\Programy\Autostart\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2007-12-28 22:01:55]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
avldr.dll 2007-09-21 11:33 50736 C:\WINDOWS\system32\avldr.dll

R1 APPFLT;App Filter Plugin;C:\WINDOWS\System32\Drivers\APPFLT.SYS [2007-09-21 11:33]
R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\System32\Drivers\DSAFLT.SYS [2007-09-21 11:33]
R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\System32\Drivers\fnetmon.SYS [2007-09-21 11:33]
R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\System32\Drivers\IDSFLT.SYS [2007-09-21 11:33]
R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\System32\Drivers\NETFLTDI.SYS [2007-09-21 11:33]
R1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2007-12-31 00:41]
R1 SMSFLT;SMS Filter Plugin;C:\WINDOWS\System32\Drivers\SMSFLT.SYS [2007-09-21 11:33]
R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\System32\Drivers\WNMFLT.SYS [2007-09-21 11:33]
R2 cpoint;Panda CPoint Driver;C:\WINDOWS\System32\Drivers\cpoint.sys [2007-09-21 11:33]
R2 PavProc;Panda Process Protection Driver;C:\WINDOWS\System32\DRIVERS\PavProc.sys [2007-12-31 00:41]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;C:\WINDOWS\System32\DRIVERS\netimflt.sys [2007-12-31 00:41]

.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 16:04:51
Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-02 16:07:22 - machine was rebooted
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 15:06:51

Downloader.NUSE

Downloader.NUSE

Kto jest na forum