Problem z reklamiarzami i trojanami nie moge usunac

ramirez1 · 15 Listopad 2007 20:19

vast informuje mnie ze takie pliki sa zarażone

C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\ac8zt2\main_uninstaller.exe(reklamiarz)

C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\ac8zt2\msmdev.dll(koń trojański)

oto log z :

SmitFraudFix v2.253


Scan done at 21:02:37,67, 2007-11-15

Run from C:\Documents and Settings\Waciciel\Pulpit\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Wersja 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode


»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» Killing process



»»»»»»»»»»»»»»»»»»»»»»»» hosts



127.0.0.1 localhost


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix


S!Ri's WS2Fix: LSP not Found.



»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix


GenericRenosFix by S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files



»»»»»»»»»»»»»»»»»»»»»»»» DNS


HKLM\SYSTEM\CCS\Services\Tcpip\..\{DCF6F354-FF84-42F4-866D-86BD14AEBA14}: NameServer=217.30.129.149 217.30.137.200

HKLM\SYSTEM\CS1\Services\Tcpip\..\{DCF6F354-FF84-42F4-866D-86BD14AEBA14}: NameServer=217.30.129.149 217.30.137.200



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!Attention, following keys are not inevitably infected!


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning


Registry Cleaning done. 


»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!Attention, following keys are not inevitably infected!


SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll



»»»»»»»»»»»»»»»»»»»»»»»» End


[/code]

log z hijackthis

Logfile of HijackThis v1.99.1 Scan saved at 21:14:12, on 2007-11-15 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\DialNet\winpppoverethernet.exe C:\WINDOWS\VM305_STI.EXE C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\DialNet\WrOS.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Tlen.pl\tlen.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Documents and Settings\Właściciel\Pulpit\hijackthis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/ R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: MSVPS System - {3CE12841-9438-48A0-9DA9-D3D2D3D562CC} - C:\WINDOWS\oprevpfm.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O3 - Toolbar: The bbrsep - {422CA3AF-86F1-4607-88E2-BBBD4E9371EB} - C:\WINDOWS\bonsws.dll O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM…\Run: [nwiz] nwiz.exe /install O4 - HKLM…\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM…\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM…\Run: [sunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” O4 - HKLM…\Run: [a-winpoet-service] “C:\Program Files\DialNet\winpppoverethernet.exe” O4 - HKLM…\Run: [z-wrdialer] “C:\Program Files\DialNet\wrdialer.exe” O4 - HKLM…\Run: [bigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM…\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU…\Run: [z-WrDialer] C:\Program Files\DialNet\WrDialer.exe O4 - HKCU…\Run: [DAEMON Tools] “C:\Program Files\DAEMON Tools\daemon.exe” -lang 1033 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows … 5155010187 O17 - HKLM\System\CCS\Services\Tcpip…{DCF6F354-FF84-42F4-866D-86BD14AEBA14}: NameServer = 217.30.129.149 217.30.137.200 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O21 - SSODL: ddkret - {87125943-74DA-43BB-BF63-08E6B75F9875} - C:\WINDOWS\ddkret.dll O21 - SSODL: nopctrl - {861F1FEE-AF48-4743-A657-2F98DDE669C0} - (no file) O21 - SSODL: msmhost - {E5980181-2080-4833-87BC-20158B58EF60} - C:\WINDOWS\msmhost.dll (file missing) O21 - SSODL: msmdev - {E50A01B4-6343-4848-A7D6-E578CE33FA95} - C:\WINDOWS\msmdev.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: WinPPPoverEthernet - Fine Point Technologies, Inc. - C:\Program Files\DialNet\WrOS.EXE

Gutek · 15 Listopad 2007 20:23

usuń wpisy HJT

Daj log z ComboFix

ramirez1 · 15 Listopad 2007 20:35

ale alerty z Avasta nadal wyskakuja nie moze usunac tego

ComboFix 07-11-08.1 - Właściciel 2007-11-15 21:32:54.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1040 [GMT 1:00] Running from: C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\dat.txt C:\WINDOWS\rs.txt C:\WINDOWS\search_res.txt C:\WINDOWS\setup.exe . ((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))) . 2007-11-15 21:31 51,200 --a–c— C:\WINDOWS\NirCmd.exe 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 1,336 --a–c— C:\WINDOWS\system32\tmp.reg 2007-11-15 20:32 43,352 --a–c— C:\WINDOWS\system32\wups2.dll 2007-11-15 20:29 2007-11-15 20:29 2007-11-15 20:22 51,232 --a–c— C:\wwdc.exe 2007-11-14 18:51 204,800 --a–c— C:\WINDOWS\ddkret.dll 2007-11-14 18:51 192,512 --a–c— C:\WINDOWS\bonsws.dll 2007-11-14 18:51 143,360 --a–c— C:\WINDOWS\sawkip.exe 2007-11-10 20:47 98,304 --a–c— C:\WINDOWS\system32\qttask.exe 2007-11-10 20:45 2007-11-10 18:43 2007-11-10 18:43 2007-11-10 17:13 2007-11-10 17:07 2007-11-10 17:04 2007-11-03 16:18 2007-11-02 07:38 86,016 --a–c— C:\WINDOWS\unvise32.exe 2007-11-02 07:37 685,816 --a–c— C:\WINDOWS\system32\drivers\sptd.sys 2007-11-02 07:32 2007-11-01 19:01 2007-11-01 12:07 2007-11-01 11:21 47,616 -ra–c— C:\WINDOWS\system32\DCU112k.exe 2007-10-25 20:22 2007-10-25 19:49 2007-10-25 19:16 2007-10-25 19:14 2007-10-25 18:27 249,856 -----c— C:\WINDOWS\Setup1.exe 2007-10-25 18:27 73,216 --a–c— C:\WINDOWS\ST6UNST.EXE 2007-10-24 19:45 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-10-23 08:36 2007-10-21 13:40 2007-10-21 13:40 2007-10-21 13:40 391,688 --a–c— C:\WINDOWS\system32\drivers\usbVM305.sys 2007-10-21 13:40 176,128 --a–c— C:\WINDOWS\amcap.exe 2007-10-21 13:40 81,920 --a–c— C:\WINDOWS\system32\VM305STI.dll 2007-10-21 13:40 57,344 --a------ C:\WINDOWS\vm305_sti.exe 2007-10-21 13:40 54,784 --a–c— C:\WINDOWS\system32\vfwwdm32.dll 2007-10-21 13:40 54,784 --a–c— C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2007-10-21 09:45 2007-10-21 09:43 2007-10-21 09:43 2007-10-21 09:43 2007-10-21 09:33 2007-10-21 09:04 2007-10-21 09:04 2007-10-21 09:03 2007-10-20 21:00 22,752 --a–c— C:\WINDOWS\system32\spupdsvc.exe 2007-10-20 20:23 2007-10-20 19:25 2007-10-20 19:25 221,184 --a–c— C:\WINDOWS\system32\wmpns.dll 2007-10-20 19:03 2007-10-20 19:03 2007-10-20 18:39 30,336 --a–c— C:\WINDOWS\system32\drivers\fpd.sys 2007-10-20 18:38 2007-10-17 11:56 2007-10-17 11:56 2007-10-17 11:56 2007-10-17 09:27 2007-10-17 09:24 2007-10-17 09:22 1,408 --a–c— C:\WINDOWS\mozver.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-15 16:03 --------- dc----w C:\Program Files\eMule 2007-11-01 18:28 --------- dc-h–w C:\Program Files\InstallShield Installation Information 2007-10-25 18:49 --------- dc----w C:\Program Files\Common Files\InstallShield 2007-10-25 16:05 94,416 -c–a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 16:05 93,264 -c–a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 16:03 23,152 -c–a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 16:01 42,912 -c–a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 15:58 26,624 -c–a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-25 15:24 815,480 -c–a-w C:\WINDOWS\system32\aswBoot.exe 2007-10-25 15:14 95,608 -c–a-w C:\WINDOWS\system32\AVASTSS.scr 2007-10-21 16:50 --------- dc----w C:\Program Files\Odkurzacz 2007-10-21 07:41 --------- dc----w C:\Program Files\Winamp 2007-10-21 07:40 504,832 ----a-w C:\WINDOWS\system32\winlogon.exe 2007-10-20 18:03 --------- dc----w C:\Program Files\Lexmark 2300 Series 2007-10-16 19:48 --------- dc----w C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu 2007-10-16 19:43 --------- dc----w C:\Program Files\Gadu-Gadu 2007-10-16 19:42 --------- dc----w C:\Program Files\Lavasoft 2007-10-16 19:42 --------- dc----w C:\Program Files\CCleaner 2007-10-16 19:42 --------- dc----w C:\Documents and Settings\Właściciel\Dane aplikacji\Lavasoft 2007-10-16 19:37 --------- dc----w C:\Program Files\Alwil Software 2007-10-16 19:32 --------- dc----w C:\Program Files\AvRack 2007-10-16 19:19 --------- dc----w C:\Program Files\Realtek Sound Manager 2007-10-16 19:15 --------- dc----w C:\Program Files\AMD 2007-10-16 19:06 --------- dc----w C:\Program Files\microsoft frontpage 2007-10-16 19:04 --------- dc----w C:\Program Files\Usługi online 2007-09-24 07:05 132,904 -c–a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2007-09-24 07:05 11,304 -c–a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2007-09-20 07:59 972,072 -c–a-w C:\WINDOWS\UNRecode.exe 2007-09-20 07:55 972,072 -c–a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-09-20 07:55 95,600 -c–a-w C:\WINDOWS\system32\NeroCo.dll 2007-09-17 00:10 356,352 -c–a-w C:\WINDOWS\system32\nvusmb.exe 2007-09-17 00:10 356,352 -c–a-w C:\WINDOWS\system32\nvunrm.exe 2007-09-17 00:10 356,352 -c–a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-09-16 23:07 81,920 -c–a-w C:\WINDOWS\system32\nvwddi.dll 2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-09-16 23:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-09-16 23:07 753,664 -c–a-w C:\WINDOWS\system32\nvcplui.exe 2007-09-16 23:07 6,853,088 -c–a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-09-16 23:07 6,746,112 -c–a-w C:\WINDOWS\system32\nvoglnt.dll 2007-09-16 23:07 6,344,704 -c–a-w C:\WINDOWS\system32\nvdisps.dll 2007-09-16 23:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-09-16 23:07 5,509,120 -c–a-w C:\WINDOWS\system32\nvdispsr.dll 2007-09-16 23:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-09-16 23:07 458,752 -c–a-w C:\WINDOWS\system32\nvmccssr.dll 2007-09-16 23:07 45,056 -c–a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-09-16 23:07 442,368 -c–a-w C:\WINDOWS\system32\nvappbar.exe 2007-09-16 23:07 425,984 -c–a-w C:\WINDOWS\system32\keystone.exe 2007-09-16 23:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-09-16 23:07 36,864 -c–a-w C:\WINDOWS\system32\nvcodins.dll 2007-09-16 23:07 36,864 -c–a-w C:\WINDOWS\system32\nvcod.dll 2007-09-16 23:07 356,352 -c–a-w C:\WINDOWS\system32\nvudisp.exe 2007-09-16 23:07 356,352 -c–a-w C:\WINDOWS\nvudisp.exe 2007-09-16 23:07 335,872 -c–a-w C:\WINDOWS\system32\nvwrses.dll 2007-09-16 23:07 335,872 -c–a-w C:\WINDOWS\system32\nvwrsel.dll 2007-09-16 23:07 327,680 -c–a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-09-16 23:07 327,680 -c–a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-09-16 23:07 327,680 -c–a-w C:\WINDOWS\system32\nvrshe.dll 2007-09-16 23:07 327,680 -c–a-w C:\WINDOWS\system32\nvrsar.dll 2007-09-16 23:07 323,584 -c–a-w C:\WINDOWS\system32\nvwrspt.dll 2007-09-16 23:07 323,584 -c–a-w C:\WINDOWS\system32\nvwrsit.dll 2007-09-16 23:07 319,488 -c–a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-09-16 23:07 319,488 -c–a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-09-16 23:07 315,392 -c–a-w C:\WINDOWS\system32\nvwrsru.dll 2007-09-16 23:07 315,392 -c–a-w C:\WINDOWS\system32\nvwrshu.dll 2007-09-16 23:07 311,296 -c–a-w C:\WINDOWS\system32\nvwrsde.dll 2007-09-16 23:07 307,200 -c–a-w C:\WINDOWS\system32\nvexpbar.dll 2007-09-16 23:07 303,104 -c–a-w C:\WINDOWS\system32\nvwrstr.dll 2007-09-16 23:07 303,104 -c–a-w C:\WINDOWS\system32\nvwrssl.dll 2007-09-16 23:07 303,104 -c–a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-09-16 23:07 3,629,056 -c–a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-09-16 23:07 3,551,232 -c–a-w C:\WINDOWS\system32\nvvitvs.dll 2007-09-16 23:07 3,334,144 -c–a-w C:\WINDOWS\system32\nvgames.dll 2007-09-16 23:07 3,166,208 -c–a-w C:\WINDOWS\system32\nvgamesr.dll 2007-09-16 23:07 299,008 -c–a-w C:\WINDOWS\system32\nvwrssk.dll 2007-09-16 23:07 299,008 -c–a-w C:\WINDOWS\system32\nvwrsno.dll 2007-09-16 23:07 294,912 -c–a-w C:\WINDOWS\system32\nvwrssv.dll 2007-09-16 23:07 294,912 -c–a-w C:\WINDOWS\system32\nvwrspl.dll 2007-09-16 23:07 294,912 -c–a-w C:\WINDOWS\system32\nvwrsda.dll 2007-09-16 23:07 290,816 -c–a-w C:\WINDOWS\system32\nvwrsth.dll 2007-09-16 23:07 286,720 -c–a-w C:\WINDOWS\system32\nvwrseng.dll 2007-09-16 23:07 286,720 -c–a-w C:\WINDOWS\system32\nvwrscs.dll 2007-09-16 23:07 286,720 -c–a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-09-16 23:07 282,624 -c–a-w C:\WINDOWS\system32\nvwrsar.dll 2007-09-16 23:07 282,624 -c–a-w C:\WINDOWS\system32\nvrsfr.dll 2007-09-16 23:07 282,624 -c–a-w C:\WINDOWS\system32\nvrses.dll 2007-09-16 23:07 282,624 -c–a-w C:\WINDOWS\system32\nvrsel.dll 2007-09-16 23:07 278,528 -c–a-w C:\WINDOWS\system32\nvwrshe.dll 2007-09-16 23:07 278,528 -c–a-w C:\WINDOWS\system32\nvrsit.dll 2007-09-16 23:07 278,528 -c–a-w C:\WINDOWS\system32\nvrsde.dll 2007-09-16 23:07 274,432 -c–a-w C:\WINDOWS\system32\nvrspt.dll 2007-09-16 23:07 274,432 -c–a-w C:\WINDOWS\system32\nvrsnl.dll 2007-09-16 23:07 274,432 -c–a-w C:\WINDOWS\system32\nvrsesm.dll 2007-09-16 23:07 270,336 -c–a-w C:\WINDOWS\system32\nvrsru.dll 2007-09-16 23:07 266,240 -c–a-w C:\WINDOWS\system32\nvrsptb.dll 2007-09-16 23:07 266,240 -c–a-w C:\WINDOWS\system32\nvrsja.dll 2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrstr.dll 2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrssl.dll 2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrssk.dll 2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrsko.dll 2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrshu.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-10-25 17:20] “nwiz”=“nwiz.exe” [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-09-17 00:07] “SoundMan”=“SOUNDMAN.EXE” [2004-12-22 10:09 C:\WINDOWS\soundman.exe] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] “a-winpoet-service”=“C:\Program Files\DialNet\winpppoverethernet.exe” [2007-01-18 09:26] “z-wrdialer”=“C:\Program Files\DialNet\wrdialer.exe” [2007-01-18 12:18] “BigDog305”=“C:\WINDOWS\VM305_STI.exe” [2007-04-09 15:46] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-09-17 00:07] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “z-WrDialer”=“C:\Program Files\DialNet\WrDialer.exe” [2007-01-18 12:18] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-29 16:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “ddkret”= {CBC45C5D-7DC9-4069-B71E-26BA62041B63} - C:\WINDOWS\ddkret.dll [2007-11-14 11:45 204800] R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys R3 FPD;Fine Point Packet Service;??\C:\WINDOWS\system32\drivers\fpd.sys R3 WrKPoET2000;WrKPoET2000;??\C:\Program Files\DialNet\WrKPoET2000.sys R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys R3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-15 21:34:25 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog305 = C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???0???@??? scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-15 21:35:07 . — E O F —

Gutek · 15 Listopad 2007 20:39

Wklej do Notatnika:

>>Plik>>Zapisz jako… >>> CFScript (najwygodniej będzie, jeśli zapiszesz w takiej lokalizacji, by ikonka CFScript.txt znalazła się obok ikonki ComboFix.exe )

Przeciągnij i upuść plik CFScript.txt na plik ComboFix.exe (czyli ikonkę CFScript.txt na ikonkę ComboFix.exe )

– podobnie jak na tym obrazku –>

(jeśli pojawi się pytanie " 1 or 2" - to wpisz 1 i naciśnij ENTER) Ma się rozpocząć usuwanie. (i powstanie log)

Po restarcie usuń ręcznie folder C: ** Qoobox**.

Po tym nowy log z Combo

ramirez1 · 15 Listopad 2007 20:43

doszlo jeszcze to

C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\ac8zt2\msmhost.dll

C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\ac8zt2\nsduo.dll

C:\DOCUME~1\WACICI~1\USTAWI~1\Temp\ac8zt2\rmv.exe

zarażone tez niby jakies syfy

Złączono Posta : 15.11.2007 (Czw) 22:13

ComboFix 07-11-08.1 - Właściciel 2007-11-15 22:02:38.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1109 [GMT 1:00]

Running from: C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 )))))))))))))))))))))))))))))))

.

2007-11-15 21:31 51,200 --a–c— C:\WINDOWS\NirCmd.exe

2007-11-15 21:01

2007-11-15 21:01 1,336 --a–c— C:\WINDOWS\system32\tmp.reg

2007-11-15 20:32 43,352 --a–c— C:\WINDOWS\system32\wups2.dll

2007-11-15 20:29

2007-11-15 20:22 51,232 --a–c— C:\wwdc.exe

2007-11-14 18:51 204,800 --a–c— C:\WINDOWS\ddkret.dll

2007-11-14 18:51 192,512 --a–c— C:\WINDOWS\bonsws.dll

2007-11-14 18:51 143,360 --a–c— C:\WINDOWS\sawkip.exe

2007-11-10 20:47 98,304 --a–c— C:\WINDOWS\system32\qttask.exe

2007-11-10 20:45

2007-11-10 18:43

2007-11-10 17:13

2007-11-10 17:07

2007-11-10 17:04

2007-11-03 16:18

2007-11-02 07:38 86,016 --a–c— C:\WINDOWS\unvise32.exe

2007-11-02 07:37 685,816 --a–c— C:\WINDOWS\system32\drivers\sptd.sys

2007-11-02 07:32

2007-11-01 19:01

2007-11-01 12:07

2007-11-01 11:21 47,616 -ra–c— C:\WINDOWS\system32\DCU112k.exe

2007-10-25 20:22

2007-10-25 19:49

2007-10-25 19:16

2007-10-25 19:14

2007-10-25 18:27 249,856 -----c— C:\WINDOWS\Setup1.exe

2007-10-25 18:27 73,216 --a–c— C:\WINDOWS\ST6UNST.EXE

2007-10-24 19:45 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys

2007-10-23 08:36

2007-10-21 13:40

2007-10-21 13:40 391,688 --a–c— C:\WINDOWS\system32\drivers\usbVM305.sys

2007-10-21 13:40 176,128 --a–c— C:\WINDOWS\amcap.exe

2007-10-21 13:40 81,920 --a–c— C:\WINDOWS\system32\VM305STI.dll

2007-10-21 13:40 57,344 --a------ C:\WINDOWS\vm305_sti.exe

2007-10-21 13:40 54,784 --a–c— C:\WINDOWS\system32\vfwwdm32.dll

2007-10-21 13:40 54,784 --a–c— C:\WINDOWS\system32\dllcache\vfwwdm32.dll

2007-10-21 09:45

2007-10-21 09:43

2007-10-21 09:33

2007-10-21 09:04

2007-10-21 09:03

2007-10-20 21:00 22,752 --a–c— C:\WINDOWS\system32\spupdsvc.exe

2007-10-20 20:23

2007-10-20 19:25

2007-10-20 19:25 221,184 --a–c— C:\WINDOWS\system32\wmpns.dll

2007-10-20 19:03

2007-10-20 18:39 30,336 --a–c— C:\WINDOWS\system32\drivers\fpd.sys

2007-10-20 18:38

2007-10-17 11:56

2007-10-17 09:27

2007-10-17 09:24

2007-10-17 09:22 1,408 --a–c— C:\WINDOWS\mozver.dat

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2007-11-15 16:03 --------- dc----w C:\Program Files\eMule

2007-11-01 18:28 --------- dc-h–w C:\Program Files\InstallShield Installation Information

2007-10-25 18:49 --------- dc----w C:\Program Files\Common Files\InstallShield

2007-10-25 16:05 94,416 -c–a-w C:\WINDOWS\system32\drivers\aswmon2.sys

2007-10-25 16:05 93,264 -c–a-w C:\WINDOWS\system32\drivers\aswmon.sys

2007-10-25 16:03 23,152 -c–a-w C:\WINDOWS\system32\drivers\aswRdr.sys

2007-10-25 16:01 42,912 -c–a-w C:\WINDOWS\system32\drivers\aswTdi.sys

2007-10-25 15:58 26,624 -c–a-w C:\WINDOWS\system32\drivers\aavmker4.sys

2007-10-25 15:24 815,480 -c–a-w C:\WINDOWS\system32\aswBoot.exe

2007-10-25 15:14 95,608 -c–a-w C:\WINDOWS\system32\AVASTSS.scr

2007-10-21 16:50 --------- dc----w C:\Program Files\Odkurzacz

2007-10-21 07:41 --------- dc----w C:\Program Files\Winamp

2007-10-21 07:40 504,832 ----a-w C:\WINDOWS\system32\winlogon.exe

2007-10-20 18:03 --------- dc----w C:\Program Files\Lexmark 2300 Series

2007-10-16 19:48 --------- dc----w C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu

2007-10-16 19:43 --------- dc----w C:\Program Files\Gadu-Gadu

2007-10-16 19:42 --------- dc----w C:\Program Files\Lavasoft

2007-10-16 19:42 --------- dc----w C:\Program Files\CCleaner

2007-10-16 19:42 --------- dc----w C:\Documents and Settings\Właściciel\Dane aplikacji\Lavasoft

2007-10-16 19:37 --------- dc----w C:\Program Files\Alwil Software

2007-10-16 19:32 --------- dc----w C:\Program Files\AvRack

2007-10-16 19:19 --------- dc----w C:\Program Files\Realtek Sound Manager

2007-10-16 19:15 --------- dc----w C:\Program Files\AMD

2007-10-16 19:06 --------- dc----w C:\Program Files\microsoft frontpage

2007-10-16 19:04 --------- dc----w C:\Program Files\Usługi online

2007-09-24 07:05 132,904 -c–a-w C:\WINDOWS\system32\drivers\imagesrv.sys

2007-09-24 07:05 11,304 -c–a-w C:\WINDOWS\system32\drivers\imagedrv.sys

2007-09-20 07:59 972,072 -c–a-w C:\WINDOWS\UNRecode.exe

2007-09-20 07:55 972,072 -c–a-w C:\WINDOWS\UNNeroMediaHome.exe

2007-09-20 07:55 95,600 -c–a-w C:\WINDOWS\system32\NeroCo.dll

2007-09-17 00:10 356,352 -c–a-w C:\WINDOWS\system32\nvusmb.exe

2007-09-17 00:10 356,352 -c–a-w C:\WINDOWS\system32\nvunrm.exe

2007-09-17 00:10 356,352 -c–a-w C:\WINDOWS\system32\NVUNINST.EXE

2007-09-16 23:07 81,920 -c–a-w C:\WINDOWS\system32\nvwddi.dll

2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll

2007-09-16 23:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll

2007-09-16 23:07 753,664 -c–a-w C:\WINDOWS\system32\nvcplui.exe

2007-09-16 23:07 6,853,088 -c–a-w C:\WINDOWS\system32\drivers\nv4_mini.sys

2007-09-16 23:07 6,746,112 -c–a-w C:\WINDOWS\system32\nvoglnt.dll

2007-09-16 23:07 6,344,704 -c–a-w C:\WINDOWS\system32\nvdisps.dll

2007-09-16 23:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll

2007-09-16 23:07 5,509,120 -c–a-w C:\WINDOWS\system32\nvdispsr.dll

2007-09-16 23:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll

2007-09-16 23:07 458,752 -c–a-w C:\WINDOWS\system32\nvmccssr.dll

2007-09-16 23:07 45,056 -c–a-w C:\WINDOWS\system32\nvmccsrs.dll

2007-09-16 23:07 442,368 -c–a-w C:\WINDOWS\system32\nvappbar.exe

2007-09-16 23:07 425,984 -c–a-w C:\WINDOWS\system32\keystone.exe

2007-09-16 23:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll

2007-09-16 23:07 36,864 -c–a-w C:\WINDOWS\system32\nvcodins.dll

2007-09-16 23:07 36,864 -c–a-w C:\WINDOWS\system32\nvcod.dll

2007-09-16 23:07 356,352 -c–a-w C:\WINDOWS\system32\nvudisp.exe

2007-09-16 23:07 356,352 -c–a-w C:\WINDOWS\nvudisp.exe

2007-09-16 23:07 335,872 -c–a-w C:\WINDOWS\system32\nvwrses.dll

2007-09-16 23:07 335,872 -c–a-w C:\WINDOWS\system32\nvwrsel.dll

2007-09-16 23:07 327,680 -c–a-w C:\WINDOWS\system32\nvwrsfr.dll

2007-09-16 23:07 327,680 -c–a-w C:\WINDOWS\system32\nvwrsesm.dll

2007-09-16 23:07 327,680 -c–a-w C:\WINDOWS\system32\nvrshe.dll

2007-09-16 23:07 327,680 -c–a-w C:\WINDOWS\system32\nvrsar.dll

2007-09-16 23:07 323,584 -c–a-w C:\WINDOWS\system32\nvwrspt.dll

2007-09-16 23:07 323,584 -c–a-w C:\WINDOWS\system32\nvwrsit.dll

2007-09-16 23:07 319,488 -c–a-w C:\WINDOWS\system32\nvwrsptb.dll

2007-09-16 23:07 319,488 -c–a-w C:\WINDOWS\system32\nvwrsnl.dll

2007-09-16 23:07 315,392 -c–a-w C:\WINDOWS\system32\nvwrsru.dll

2007-09-16 23:07 315,392 -c–a-w C:\WINDOWS\system32\nvwrshu.dll

2007-09-16 23:07 311,296 -c–a-w C:\WINDOWS\system32\nvwrsde.dll

2007-09-16 23:07 307,200 -c–a-w C:\WINDOWS\system32\nvexpbar.dll

2007-09-16 23:07 303,104 -c–a-w C:\WINDOWS\system32\nvwrstr.dll

2007-09-16 23:07 303,104 -c–a-w C:\WINDOWS\system32\nvwrssl.dll

2007-09-16 23:07 303,104 -c–a-w C:\WINDOWS\system32\nvwrsfi.dll

2007-09-16 23:07 3,629,056 -c–a-w C:\WINDOWS\system32\nvvitvsr.dll

2007-09-16 23:07 3,551,232 -c–a-w C:\WINDOWS\system32\nvvitvs.dll

2007-09-16 23:07 3,334,144 -c–a-w C:\WINDOWS\system32\nvgames.dll

2007-09-16 23:07 3,166,208 -c–a-w C:\WINDOWS\system32\nvgamesr.dll

2007-09-16 23:07 299,008 -c–a-w C:\WINDOWS\system32\nvwrssk.dll

2007-09-16 23:07 299,008 -c–a-w C:\WINDOWS\system32\nvwrsno.dll

2007-09-16 23:07 294,912 -c–a-w C:\WINDOWS\system32\nvwrssv.dll

2007-09-16 23:07 294,912 -c–a-w C:\WINDOWS\system32\nvwrspl.dll

2007-09-16 23:07 294,912 -c–a-w C:\WINDOWS\system32\nvwrsda.dll

2007-09-16 23:07 290,816 -c–a-w C:\WINDOWS\system32\nvwrsth.dll

2007-09-16 23:07 286,720 -c–a-w C:\WINDOWS\system32\nvwrseng.dll

2007-09-16 23:07 286,720 -c–a-w C:\WINDOWS\system32\nvwrscs.dll

2007-09-16 23:07 286,720 -c–a-w C:\WINDOWS\system32\nvnt4cpl.dll

2007-09-16 23:07 282,624 -c–a-w C:\WINDOWS\system32\nvwrsar.dll

2007-09-16 23:07 282,624 -c–a-w C:\WINDOWS\system32\nvrsfr.dll

2007-09-16 23:07 282,624 -c–a-w C:\WINDOWS\system32\nvrses.dll

2007-09-16 23:07 282,624 -c–a-w C:\WINDOWS\system32\nvrsel.dll

2007-09-16 23:07 278,528 -c–a-w C:\WINDOWS\system32\nvwrshe.dll

2007-09-16 23:07 278,528 -c–a-w C:\WINDOWS\system32\nvrsit.dll

2007-09-16 23:07 278,528 -c–a-w C:\WINDOWS\system32\nvrsde.dll

2007-09-16 23:07 274,432 -c–a-w C:\WINDOWS\system32\nvrspt.dll

2007-09-16 23:07 274,432 -c–a-w C:\WINDOWS\system32\nvrsnl.dll

2007-09-16 23:07 274,432 -c–a-w C:\WINDOWS\system32\nvrsesm.dll

2007-09-16 23:07 270,336 -c–a-w C:\WINDOWS\system32\nvrsru.dll

2007-09-16 23:07 266,240 -c–a-w C:\WINDOWS\system32\nvrsptb.dll

2007-09-16 23:07 266,240 -c–a-w C:\WINDOWS\system32\nvrsja.dll

2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrstr.dll

2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrssl.dll

2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrssk.dll

2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrsko.dll

2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrshu.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-10-25 17:20]

“nwiz”=“nwiz.exe” [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe]

“NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-09-17 00:07]

“SoundMan”=“SOUNDMAN.EXE” [2004-12-22 10:09 C:\WINDOWS\soundman.exe]

“SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11]

“a-winpoet-service”=“C:\Program Files\DialNet\winpppoverethernet.exe” [2007-01-18 09:26]

“z-wrdialer”=“C:\Program Files\DialNet\wrdialer.exe” [2007-01-18 12:18]

“BigDog305”=“C:\WINDOWS\VM305_STI.exe” [2007-04-09 15:46]

“NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-09-17 00:07]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“z-WrDialer”=“C:\Program Files\DialNet\WrDialer.exe” [2007-01-18 12:18]

“DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-29 16:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

“ddkret”= {CBC45C5D-7DC9-4069-B71E-26BA62041B63} - C:\WINDOWS\ddkret.dll [2007-11-14 11:45 204800]

R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys

R3 FPD;Fine Point Packet Service;??\C:\WINDOWS\system32\drivers\fpd.sys

R3 WrKPoET2000;WrKPoET2000;??\C:\Program Files\DialNet\WrKPoET2000.sys

R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys

R3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys

S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

.

**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-11-15 22:03:57

Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes …

scanning hidden autostart entries …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

BigDog305 = C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???0???@???

scanning hidden files …

scan completed successfully

hidden files: 0

**************************************************************************

.

Completion time: 2007-11-15 22:04:42

.

— E O F —

Gutek · 15 Listopad 2007 22:19

ramirez1 · 16 Listopad 2007 16:32

ComboFix 07-11-08.1 - Właściciel 2007-11-15 22:02:38.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1109 [GMT 1:00] Running from: C:\Documents and Settings\Właściciel\Pulpit\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-15 to 2007-11-15 ))))))))))))))))))))))))))))))) . 2007-11-15 21:31 51,200 --a–c— C:\WINDOWS\NirCmd.exe 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 1,336 --a–c— C:\WINDOWS\system32\tmp.reg 2007-11-15 20:32 43,352 --a–c— C:\WINDOWS\system32\wups2.dll 2007-11-15 20:29 2007-11-15 20:29 2007-11-15 20:22 51,232 --a–c— C:\wwdc.exe 2007-11-14 18:51 204,800 --a–c— C:\WINDOWS\ddkret.dll 2007-11-14 18:51 192,512 --a–c— C:\WINDOWS\bonsws.dll 2007-11-14 18:51 143,360 --a–c— C:\WINDOWS\sawkip.exe 2007-11-10 20:47 98,304 --a–c— C:\WINDOWS\system32\qttask.exe 2007-11-10 20:45 2007-11-10 18:43 2007-11-10 18:43 2007-11-10 17:13 2007-11-10 17:07 2007-11-10 17:04 2007-11-03 16:18 2007-11-02 07:38 86,016 --a–c— C:\WINDOWS\unvise32.exe 2007-11-02 07:37 685,816 --a–c— C:\WINDOWS\system32\drivers\sptd.sys 2007-11-02 07:32 2007-11-01 19:01 2007-11-01 12:07 2007-11-01 11:21 47,616 -ra–c— C:\WINDOWS\system32\DCU112k.exe 2007-10-25 20:22 2007-10-25 19:49 2007-10-25 19:16 2007-10-25 19:14 2007-10-25 18:27 249,856 -----c— C:\WINDOWS\Setup1.exe 2007-10-25 18:27 73,216 --a–c— C:\WINDOWS\ST6UNST.EXE 2007-10-24 19:45 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-10-23 08:36 2007-10-21 13:40 2007-10-21 13:40 2007-10-21 13:40 391,688 --a–c— C:\WINDOWS\system32\drivers\usbVM305.sys 2007-10-21 13:40 176,128 --a–c— C:\WINDOWS\amcap.exe 2007-10-21 13:40 81,920 --a–c— C:\WINDOWS\system32\VM305STI.dll 2007-10-21 13:40 57,344 --a------ C:\WINDOWS\vm305_sti.exe 2007-10-21 13:40 54,784 --a–c— C:\WINDOWS\system32\vfwwdm32.dll 2007-10-21 13:40 54,784 --a–c— C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2007-10-21 09:45 2007-10-21 09:43 2007-10-21 09:43 2007-10-21 09:43 2007-10-21 09:33 2007-10-21 09:04 2007-10-21 09:04 2007-10-21 09:03 2007-10-20 21:00 22,752 --a–c— C:\WINDOWS\system32\spupdsvc.exe 2007-10-20 20:23 2007-10-20 19:25 2007-10-20 19:25 221,184 --a–c— C:\WINDOWS\system32\wmpns.dll 2007-10-20 19:03 2007-10-20 19:03 2007-10-20 18:39 30,336 --a–c— C:\WINDOWS\system32\drivers\fpd.sys 2007-10-20 18:38 2007-10-17 11:56 2007-10-17 11:56 2007-10-17 11:56 2007-10-17 09:27 2007-10-17 09:24 2007-10-17 09:22 1,408 --a–c— C:\WINDOWS\mozver.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-15 16:03 --------- dc----w C:\Program Files\eMule 2007-11-01 18:28 --------- dc-h–w C:\Program Files\InstallShield Installation Information 2007-10-25 18:49 --------- dc----w C:\Program Files\Common Files\InstallShield 2007-10-25 16:05 94,416 -c–a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 16:05 93,264 -c–a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 16:03 23,152 -c–a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 16:01 42,912 -c–a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 15:58 26,624 -c–a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-25 15:24 815,480 -c–a-w C:\WINDOWS\system32\aswBoot.exe 2007-10-25 15:14 95,608 -c–a-w C:\WINDOWS\system32\AVASTSS.scr 2007-10-21 16:50 --------- dc----w C:\Program Files\Odkurzacz 2007-10-21 07:41 --------- dc----w C:\Program Files\Winamp 2007-10-21 07:40 504,832 ----a-w C:\WINDOWS\system32\winlogon.exe 2007-10-20 18:03 --------- dc----w C:\Program Files\Lexmark 2300 Series 2007-10-16 19:48 --------- dc----w C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu 2007-10-16 19:43 --------- dc----w C:\Program Files\Gadu-Gadu 2007-10-16 19:42 --------- dc----w C:\Program Files\Lavasoft 2007-10-16 19:42 --------- dc----w C:\Program Files\CCleaner 2007-10-16 19:42 --------- dc----w C:\Documents and Settings\Właściciel\Dane aplikacji\Lavasoft 2007-10-16 19:37 --------- dc----w C:\Program Files\Alwil Software 2007-10-16 19:32 --------- dc----w C:\Program Files\AvRack 2007-10-16 19:19 --------- dc----w C:\Program Files\Realtek Sound Manager 2007-10-16 19:15 --------- dc----w C:\Program Files\AMD 2007-10-16 19:06 --------- dc----w C:\Program Files\microsoft frontpage 2007-10-16 19:04 --------- dc----w C:\Program Files\Usługi online 2007-09-24 07:05 132,904 -c–a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2007-09-24 07:05 11,304 -c–a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2007-09-20 07:59 972,072 -c–a-w C:\WINDOWS\UNRecode.exe 2007-09-20 07:55 972,072 -c–a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-09-20 07:55 95,600 -c–a-w C:\WINDOWS\system32\NeroCo.dll 2007-09-17 00:10 356,352 -c–a-w C:\WINDOWS\system32\nvusmb.exe 2007-09-17 00:10 356,352 -c–a-w C:\WINDOWS\system32\nvunrm.exe 2007-09-17 00:10 356,352 -c–a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-09-16 23:07 81,920 -c–a-w C:\WINDOWS\system32\nvwddi.dll 2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-09-16 23:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-09-16 23:07 753,664 -c–a-w C:\WINDOWS\system32\nvcplui.exe 2007-09-16 23:07 6,853,088 -c–a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-09-16 23:07 6,746,112 -c–a-w C:\WINDOWS\system32\nvoglnt.dll 2007-09-16 23:07 6,344,704 -c–a-w C:\WINDOWS\system32\nvdisps.dll 2007-09-16 23:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-09-16 23:07 5,509,120 -c–a-w C:\WINDOWS\system32\nvdispsr.dll 2007-09-16 23:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-09-16 23:07 458,752 -c–a-w C:\WINDOWS\system32\nvmccssr.dll 2007-09-16 23:07 45,056 -c–a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-09-16 23:07 442,368 -c–a-w C:\WINDOWS\system32\nvappbar.exe 2007-09-16 23:07 425,984 -c–a-w C:\WINDOWS\system32\keystone.exe 2007-09-16 23:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-09-16 23:07 36,864 -c–a-w C:\WINDOWS\system32\nvcodins.dll 2007-09-16 23:07 36,864 -c–a-w C:\WINDOWS\system32\nvcod.dll 2007-09-16 23:07 356,352 -c–a-w C:\WINDOWS\system32\nvudisp.exe 2007-09-16 23:07 356,352 -c–a-w C:\WINDOWS\nvudisp.exe 2007-09-16 23:07 335,872 -c–a-w C:\WINDOWS\system32\nvwrses.dll 2007-09-16 23:07 335,872 -c–a-w C:\WINDOWS\system32\nvwrsel.dll 2007-09-16 23:07 327,680 -c–a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-09-16 23:07 327,680 -c–a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-09-16 23:07 327,680 -c–a-w C:\WINDOWS\system32\nvrshe.dll 2007-09-16 23:07 327,680 -c–a-w C:\WINDOWS\system32\nvrsar.dll 2007-09-16 23:07 323,584 -c–a-w C:\WINDOWS\system32\nvwrspt.dll 2007-09-16 23:07 323,584 -c–a-w C:\WINDOWS\system32\nvwrsit.dll 2007-09-16 23:07 319,488 -c–a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-09-16 23:07 319,488 -c–a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-09-16 23:07 315,392 -c–a-w C:\WINDOWS\system32\nvwrsru.dll 2007-09-16 23:07 315,392 -c–a-w C:\WINDOWS\system32\nvwrshu.dll 2007-09-16 23:07 311,296 -c–a-w C:\WINDOWS\system32\nvwrsde.dll 2007-09-16 23:07 307,200 -c–a-w C:\WINDOWS\system32\nvexpbar.dll 2007-09-16 23:07 303,104 -c–a-w C:\WINDOWS\system32\nvwrstr.dll 2007-09-16 23:07 303,104 -c–a-w C:\WINDOWS\system32\nvwrssl.dll 2007-09-16 23:07 303,104 -c–a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-09-16 23:07 3,629,056 -c–a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-09-16 23:07 3,551,232 -c–a-w C:\WINDOWS\system32\nvvitvs.dll 2007-09-16 23:07 3,334,144 -c–a-w C:\WINDOWS\system32\nvgames.dll 2007-09-16 23:07 3,166,208 -c–a-w C:\WINDOWS\system32\nvgamesr.dll 2007-09-16 23:07 299,008 -c–a-w C:\WINDOWS\system32\nvwrssk.dll 2007-09-16 23:07 299,008 -c–a-w C:\WINDOWS\system32\nvwrsno.dll 2007-09-16 23:07 294,912 -c–a-w C:\WINDOWS\system32\nvwrssv.dll 2007-09-16 23:07 294,912 -c–a-w C:\WINDOWS\system32\nvwrspl.dll 2007-09-16 23:07 294,912 -c–a-w C:\WINDOWS\system32\nvwrsda.dll 2007-09-16 23:07 290,816 -c–a-w C:\WINDOWS\system32\nvwrsth.dll 2007-09-16 23:07 286,720 -c–a-w C:\WINDOWS\system32\nvwrseng.dll 2007-09-16 23:07 286,720 -c–a-w C:\WINDOWS\system32\nvwrscs.dll 2007-09-16 23:07 286,720 -c–a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-09-16 23:07 282,624 -c–a-w C:\WINDOWS\system32\nvwrsar.dll 2007-09-16 23:07 282,624 -c–a-w C:\WINDOWS\system32\nvrsfr.dll 2007-09-16 23:07 282,624 -c–a-w C:\WINDOWS\system32\nvrses.dll 2007-09-16 23:07 282,624 -c–a-w C:\WINDOWS\system32\nvrsel.dll 2007-09-16 23:07 278,528 -c–a-w C:\WINDOWS\system32\nvwrshe.dll 2007-09-16 23:07 278,528 -c–a-w C:\WINDOWS\system32\nvrsit.dll 2007-09-16 23:07 278,528 -c–a-w C:\WINDOWS\system32\nvrsde.dll 2007-09-16 23:07 274,432 -c–a-w C:\WINDOWS\system32\nvrspt.dll 2007-09-16 23:07 274,432 -c–a-w C:\WINDOWS\system32\nvrsnl.dll 2007-09-16 23:07 274,432 -c–a-w C:\WINDOWS\system32\nvrsesm.dll 2007-09-16 23:07 270,336 -c–a-w C:\WINDOWS\system32\nvrsru.dll 2007-09-16 23:07 266,240 -c–a-w C:\WINDOWS\system32\nvrsptb.dll 2007-09-16 23:07 266,240 -c–a-w C:\WINDOWS\system32\nvrsja.dll 2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrstr.dll 2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrssl.dll 2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrssk.dll 2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrsko.dll 2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrshu.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-10-25 17:20] “nwiz”=“nwiz.exe” [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-09-17 00:07] “SoundMan”=“SOUNDMAN.EXE” [2004-12-22 10:09 C:\WINDOWS\soundman.exe] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] “a-winpoet-service”=“C:\Program Files\DialNet\winpppoverethernet.exe” [2007-01-18 09:26] “z-wrdialer”=“C:\Program Files\DialNet\wrdialer.exe” [2007-01-18 12:18] “BigDog305”=“C:\WINDOWS\VM305_STI.exe” [2007-04-09 15:46] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-09-17 00:07] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “z-WrDialer”=“C:\Program Files\DialNet\WrDialer.exe” [2007-01-18 12:18] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-29 16:09] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] “ddkret”= {CBC45C5D-7DC9-4069-B71E-26BA62041B63} - C:\WINDOWS\ddkret.dll [2007-11-14 11:45 204800] R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys R3 FPD;Fine Point Packet Service;??\C:\WINDOWS\system32\drivers\fpd.sys R3 WrKPoET2000;WrKPoET2000;??\C:\Program Files\DialNet\WrKPoET2000.sys R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys R3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-15 22:03:57 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog305 = C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???0???@??? scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-15 22:04:42 . — E O F —

Gutek · 16 Listopad 2007 17:54

Pobierz The Avenger. Wypakuj => uruchom => zaznacz opcję Input script manually => kliknij w taką lupkę => w okienku, które się otworzy wklej:

kliknij klawisz Done => teraz kliknij na zielone światełko => powinna pojawić się pewna informacja i kliknij OK (teraz restart).

ramirez1 · 16 Listopad 2007 18:26

ComboFix 07-11-08.1 - Właściciel 2007-11-16 19:17:19.5 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1045.18.1013 [GMT 1:00] Running from: D:\Instalki\Komp\naprawa\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2007-10-16 to 2007-11-16 ))))))))))))))))))))))))))))))) . 2007-11-15 23:10 2007-11-15 21:31 51,200 --a–c— C:\WINDOWS\NirCmd.exe 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 2007-11-15 21:01 1,336 --a–c— C:\WINDOWS\system32\tmp.reg 2007-11-15 20:32 43,352 --a–c— C:\WINDOWS\system32\wups2.dll 2007-11-15 20:29 2007-11-15 20:29 2007-11-15 20:22 51,232 --a–c— C:\wwdc.exe 2007-11-14 18:51 204,800 --a–c— C:\WINDOWS\ddkret.dll 2007-11-14 18:51 192,512 --a–c— C:\WINDOWS\bonsws.dll 2007-11-14 18:51 143,360 --a–c— C:\WINDOWS\sawkip.exe 2007-11-10 20:47 98,304 --a–c— C:\WINDOWS\system32\qttask.exe 2007-11-10 20:45 2007-11-10 18:43 2007-11-10 18:43 2007-11-10 17:13 2007-11-10 17:07 2007-11-10 17:04 2007-11-03 16:18 2007-11-02 07:38 86,016 --a–c— C:\WINDOWS\unvise32.exe 2007-11-02 07:37 685,816 --a–c— C:\WINDOWS\system32\drivers\sptd.sys 2007-11-02 07:32 2007-11-01 19:01 2007-11-01 12:07 2007-11-01 11:21 47,616 -ra–c— C:\WINDOWS\system32\DCU112k.exe 2007-10-25 20:22 2007-10-25 19:49 2007-10-25 19:16 2007-10-25 19:14 2007-10-25 18:27 249,856 -----c— C:\WINDOWS\Setup1.exe 2007-10-25 18:27 73,216 --a–c— C:\WINDOWS\ST6UNST.EXE 2007-10-24 19:45 26,496 --a–c— C:\WINDOWS\system32\dllcache\usbstor.sys 2007-10-23 08:36 2007-10-21 13:40 2007-10-21 13:40 2007-10-21 13:40 391,688 --a–c— C:\WINDOWS\system32\drivers\usbVM305.sys 2007-10-21 13:40 176,128 --a–c— C:\WINDOWS\amcap.exe 2007-10-21 13:40 81,920 --a–c— C:\WINDOWS\system32\VM305STI.dll 2007-10-21 13:40 57,344 --a------ C:\WINDOWS\vm305_sti.exe 2007-10-21 13:40 54,784 --a–c— C:\WINDOWS\system32\vfwwdm32.dll 2007-10-21 13:40 54,784 --a–c— C:\WINDOWS\system32\dllcache\vfwwdm32.dll 2007-10-21 09:45 2007-10-21 09:43 2007-10-21 09:43 2007-10-21 09:43 2007-10-21 09:33 2007-10-21 09:04 2007-10-21 09:04 2007-10-21 09:03 2007-10-20 21:00 22,752 --a–c— C:\WINDOWS\system32\spupdsvc.exe 2007-10-20 20:23 2007-10-20 19:25 2007-10-20 19:25 221,184 --a–c— C:\WINDOWS\system32\wmpns.dll 2007-10-20 19:03 2007-10-20 19:03 2007-10-20 18:39 30,336 --a–c— C:\WINDOWS\system32\drivers\fpd.sys 2007-10-20 18:38 2007-10-17 11:56 2007-10-17 11:56 2007-10-17 11:56 2007-10-17 09:27 2007-10-17 09:24 2007-10-17 09:22 1,408 --a–c— C:\WINDOWS\mozver.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-16 17:58 --------- dc----w C:\Program Files\eMule 2007-11-01 18:28 --------- dc-h–w C:\Program Files\InstallShield Installation Information 2007-10-25 18:49 --------- dc----w C:\Program Files\Common Files\InstallShield 2007-10-25 16:05 94,416 -c–a-w C:\WINDOWS\system32\drivers\aswmon2.sys 2007-10-25 16:05 93,264 -c–a-w C:\WINDOWS\system32\drivers\aswmon.sys 2007-10-25 16:03 23,152 -c–a-w C:\WINDOWS\system32\drivers\aswRdr.sys 2007-10-25 16:01 42,912 -c–a-w C:\WINDOWS\system32\drivers\aswTdi.sys 2007-10-25 15:58 26,624 -c–a-w C:\WINDOWS\system32\drivers\aavmker4.sys 2007-10-25 15:24 815,480 -c–a-w C:\WINDOWS\system32\aswBoot.exe 2007-10-25 15:14 95,608 -c–a-w C:\WINDOWS\system32\AVASTSS.scr 2007-10-21 16:50 --------- dc----w C:\Program Files\Odkurzacz 2007-10-21 07:41 --------- dc----w C:\Program Files\Winamp 2007-10-21 07:40 504,832 ----a-w C:\WINDOWS\system32\winlogon.exe 2007-10-20 18:03 --------- dc----w C:\Program Files\Lexmark 2300 Series 2007-10-16 19:48 --------- dc----w C:\Documents and Settings\Właściciel\Dane aplikacji\Gadu-Gadu 2007-10-16 19:43 --------- dc----w C:\Program Files\Gadu-Gadu 2007-10-16 19:42 --------- dc----w C:\Program Files\Lavasoft 2007-10-16 19:42 --------- dc----w C:\Program Files\CCleaner 2007-10-16 19:42 --------- dc----w C:\Documents and Settings\Właściciel\Dane aplikacji\Lavasoft 2007-10-16 19:37 --------- dc----w C:\Program Files\Alwil Software 2007-10-16 19:32 --------- dc----w C:\Program Files\AvRack 2007-10-16 19:19 --------- dc----w C:\Program Files\Realtek Sound Manager 2007-10-16 19:15 --------- dc----w C:\Program Files\AMD 2007-10-16 19:06 --------- dc----w C:\Program Files\microsoft frontpage 2007-10-16 19:04 --------- dc----w C:\Program Files\Usługi online 2007-09-24 07:05 132,904 -c–a-w C:\WINDOWS\system32\drivers\imagesrv.sys 2007-09-24 07:05 11,304 -c–a-w C:\WINDOWS\system32\drivers\imagedrv.sys 2007-09-20 07:59 972,072 -c–a-w C:\WINDOWS\UNRecode.exe 2007-09-20 07:55 972,072 -c–a-w C:\WINDOWS\UNNeroMediaHome.exe 2007-09-20 07:55 95,600 -c–a-w C:\WINDOWS\system32\NeroCo.dll 2007-09-17 00:10 356,352 -c–a-w C:\WINDOWS\system32\nvusmb.exe 2007-09-17 00:10 356,352 -c–a-w C:\WINDOWS\system32\nvunrm.exe 2007-09-17 00:10 356,352 -c–a-w C:\WINDOWS\system32\NVUNINST.EXE 2007-09-16 23:07 81,920 -c–a-w C:\WINDOWS\system32\nvwddi.dll 2007-09-16 23:07 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll 2007-09-16 23:07 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll 2007-09-16 23:07 753,664 -c–a-w C:\WINDOWS\system32\nvcplui.exe 2007-09-16 23:07 6,853,088 -c–a-w C:\WINDOWS\system32\drivers\nv4_mini.sys 2007-09-16 23:07 6,746,112 -c–a-w C:\WINDOWS\system32\nvoglnt.dll 2007-09-16 23:07 6,344,704 -c–a-w C:\WINDOWS\system32\nvdisps.dll 2007-09-16 23:07 5,783,040 ----a-w C:\WINDOWS\system32\nv4_disp.dll 2007-09-16 23:07 5,509,120 -c–a-w C:\WINDOWS\system32\nvdispsr.dll 2007-09-16 23:07 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll 2007-09-16 23:07 458,752 -c–a-w C:\WINDOWS\system32\nvmccssr.dll 2007-09-16 23:07 45,056 -c–a-w C:\WINDOWS\system32\nvmccsrs.dll 2007-09-16 23:07 442,368 -c–a-w C:\WINDOWS\system32\nvappbar.exe 2007-09-16 23:07 425,984 -c–a-w C:\WINDOWS\system32\keystone.exe 2007-09-16 23:07 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll 2007-09-16 23:07 36,864 -c–a-w C:\WINDOWS\system32\nvcodins.dll 2007-09-16 23:07 36,864 -c–a-w C:\WINDOWS\system32\nvcod.dll 2007-09-16 23:07 356,352 -c–a-w C:\WINDOWS\system32\nvudisp.exe 2007-09-16 23:07 356,352 -c–a-w C:\WINDOWS\nvudisp.exe 2007-09-16 23:07 335,872 -c–a-w C:\WINDOWS\system32\nvwrses.dll 2007-09-16 23:07 335,872 -c–a-w C:\WINDOWS\system32\nvwrsel.dll 2007-09-16 23:07 327,680 -c–a-w C:\WINDOWS\system32\nvwrsfr.dll 2007-09-16 23:07 327,680 -c–a-w C:\WINDOWS\system32\nvwrsesm.dll 2007-09-16 23:07 327,680 -c–a-w C:\WINDOWS\system32\nvrshe.dll 2007-09-16 23:07 327,680 -c–a-w C:\WINDOWS\system32\nvrsar.dll 2007-09-16 23:07 323,584 -c–a-w C:\WINDOWS\system32\nvwrspt.dll 2007-09-16 23:07 323,584 -c–a-w C:\WINDOWS\system32\nvwrsit.dll 2007-09-16 23:07 319,488 -c–a-w C:\WINDOWS\system32\nvwrsptb.dll 2007-09-16 23:07 319,488 -c–a-w C:\WINDOWS\system32\nvwrsnl.dll 2007-09-16 23:07 315,392 -c–a-w C:\WINDOWS\system32\nvwrsru.dll 2007-09-16 23:07 315,392 -c–a-w C:\WINDOWS\system32\nvwrshu.dll 2007-09-16 23:07 311,296 -c–a-w C:\WINDOWS\system32\nvwrsde.dll 2007-09-16 23:07 307,200 -c–a-w C:\WINDOWS\system32\nvexpbar.dll 2007-09-16 23:07 303,104 -c–a-w C:\WINDOWS\system32\nvwrstr.dll 2007-09-16 23:07 303,104 -c–a-w C:\WINDOWS\system32\nvwrssl.dll 2007-09-16 23:07 303,104 -c–a-w C:\WINDOWS\system32\nvwrsfi.dll 2007-09-16 23:07 3,629,056 -c–a-w C:\WINDOWS\system32\nvvitvsr.dll 2007-09-16 23:07 3,551,232 -c–a-w C:\WINDOWS\system32\nvvitvs.dll 2007-09-16 23:07 3,334,144 -c–a-w C:\WINDOWS\system32\nvgames.dll 2007-09-16 23:07 3,166,208 -c–a-w C:\WINDOWS\system32\nvgamesr.dll 2007-09-16 23:07 299,008 -c–a-w C:\WINDOWS\system32\nvwrssk.dll 2007-09-16 23:07 299,008 -c–a-w C:\WINDOWS\system32\nvwrsno.dll 2007-09-16 23:07 294,912 -c–a-w C:\WINDOWS\system32\nvwrssv.dll 2007-09-16 23:07 294,912 -c–a-w C:\WINDOWS\system32\nvwrspl.dll 2007-09-16 23:07 294,912 -c–a-w C:\WINDOWS\system32\nvwrsda.dll 2007-09-16 23:07 290,816 -c–a-w C:\WINDOWS\system32\nvwrsth.dll 2007-09-16 23:07 286,720 -c–a-w C:\WINDOWS\system32\nvwrseng.dll 2007-09-16 23:07 286,720 -c–a-w C:\WINDOWS\system32\nvwrscs.dll 2007-09-16 23:07 286,720 -c–a-w C:\WINDOWS\system32\nvnt4cpl.dll 2007-09-16 23:07 282,624 -c–a-w C:\WINDOWS\system32\nvwrsar.dll 2007-09-16 23:07 282,624 -c–a-w C:\WINDOWS\system32\nvrsfr.dll 2007-09-16 23:07 282,624 -c–a-w C:\WINDOWS\system32\nvrses.dll 2007-09-16 23:07 282,624 -c–a-w C:\WINDOWS\system32\nvrsel.dll 2007-09-16 23:07 278,528 -c–a-w C:\WINDOWS\system32\nvwrshe.dll 2007-09-16 23:07 278,528 -c–a-w C:\WINDOWS\system32\nvrsit.dll 2007-09-16 23:07 278,528 -c–a-w C:\WINDOWS\system32\nvrsde.dll 2007-09-16 23:07 274,432 -c–a-w C:\WINDOWS\system32\nvrspt.dll 2007-09-16 23:07 274,432 -c–a-w C:\WINDOWS\system32\nvrsnl.dll 2007-09-16 23:07 274,432 -c–a-w C:\WINDOWS\system32\nvrsesm.dll 2007-09-16 23:07 270,336 -c–a-w C:\WINDOWS\system32\nvrsru.dll 2007-09-16 23:07 266,240 -c–a-w C:\WINDOWS\system32\nvrsptb.dll 2007-09-16 23:07 266,240 -c–a-w C:\WINDOWS\system32\nvrsja.dll 2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrstr.dll 2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrssl.dll 2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrssk.dll 2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrsko.dll 2007-09-16 23:07 258,048 -c–a-w C:\WINDOWS\system32\nvrshu.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “avast!”=“C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe” [2007-10-25 17:20] “nwiz”=“nwiz.exe” [2007-09-17 00:07 C:\WINDOWS\system32\nwiz.exe] “NvMediaCenter”=“C:\WINDOWS\system32\NvMcTray.dll” [2007-09-17 00:07] “SoundMan”=“SOUNDMAN.EXE” [2004-12-22 10:09 C:\WINDOWS\soundman.exe] “SunJavaUpdateSched”=“C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe” [2007-09-25 00:11] “a-winpoet-service”=“C:\Program Files\DialNet\winpppoverethernet.exe” [2007-01-18 09:26] “z-wrdialer”=“C:\Program Files\DialNet\wrdialer.exe” [2007-01-18 12:18] “BigDog305”=“C:\WINDOWS\VM305_STI.exe” [2007-04-09 15:46] “NvCplDaemon”=“C:\WINDOWS\system32\NvCpl.dll” [2007-09-17 00:07] “Ashampoo FireWall”=“C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe” [2007-04-05 14:57] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] “z-WrDialer”=“C:\Program Files\DialNet\WrDialer.exe” [2007-01-18 12:18] “DAEMON Tools”=“C:\Program Files\DAEMON Tools\daemon.exe” [2007-08-29 16:09] R2 TopWinPoETDriver;WinPoET PPPoE Optimized Driver;C:\WINDOWS\system32\DRIVERS\WrKPoET2000.sys R3 FPD;Fine Point Packet Service;??\C:\WINDOWS\system32\drivers\fpd.sys R3 WrKPoET2000;WrKPoET2000;??\C:\Program Files\DialNet\WrKPoET2000.sys R3 WRSWanDD;WinPoET PPPoE Adapter;C:\WINDOWS\system32\DRIVERS\WrKPoETNic2000.sys R3 ZSMC0305;A4 TECH PC Camera V;C:\WINDOWS\system32\Drivers\usbVM305.sys S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3;C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe . ************************************************************************** catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-11-16 19:22:51 Windows 5.1.2600 Dodatek Service Pack 2 NTFS scanning hidden processes … C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe [2248] 0x889153D0 scanning hidden autostart entries … HKLM\Software\Microsoft\Windows\CurrentVersion\Run BigDog305 = C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???0???@??? scanning hidden files … scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2007-11-16 19:23:26 . — E O F —

Gutek · 16 Listopad 2007 19:29

pokaż mi log z Silenta

Pobierz program SDFix