W trybie awaryjnym też nie znalazłem
Zrobiłem loga w trybie awaryjnym ale podczas scanu wyświetlał sie komunikat
cssript.exe - nie można znaleźć składnika
uruchomienietej aplikacji nie powiodło się, ponieważ nie znaleziono msvctvrl.dll. ponowne zainstalowanie aplikacji może naprawić problem
po OK szło dalej
ComboFix 08-04-18.3 - GOSC 2008-04-20 13:34:28.4 - FAT32x86 MINIMAL
Running from: D:\Mariusz\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-03-20 to 2008-04-20 )))))))))))))))))))))))))))))))
.
2008-04-20 13:08 . 2008-04-20 13:08 <DIR> d-------- C:\Documents and Settings\Administrator
2008-04-19 21:05 . 2008-04-19 21:05 <DIR> d--hs---- C:\FOUND.000
2008-04-16 22:26 . 2005-01-19 21:13 372,736 -ra------ C:\WINDOWS\system32\LVUI2RC.dll
2008-04-16 22:26 . 2005-01-19 21:14 211,712 -ra------ C:\WINDOWS\system32\drivers\LV561AV.SYS
2008-04-16 22:26 . 2005-01-19 21:10 204,800 -ra------ C:\WINDOWS\system32\LVUI2.dll
2008-04-16 22:26 . 2005-01-19 21:09 204,800 -ra------ C:\WINDOWS\system32\lvcodec2.dll
2008-04-16 22:26 . 2005-01-19 21:06 106,496 -ra------ C:\WINDOWS\system32\lvcoinst.dll
2008-04-16 22:26 . 2005-01-19 21:11 22,016 -ra------ C:\WINDOWS\system32\drivers\LVUSBSta.sys
2008-04-16 22:26 . 2005-01-19 19:30 9,255 --a------ C:\WINDOWS\system32\lvcoinst.ini
2008-04-16 19:19 . 2008-04-16 19:19 256 --a------ C:\WINDOWS\_delis32.ini
2008-04-16 18:59 . 2008-04-16 18:59 <DIR> d-------- C:\Program Files\OpenOffice.org 2.4
2008-04-15 22:36 . 2008-04-15 22:36 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-04-15 21:29 . 2008-04-15 21:29 <DIR> d-------- C:\Documents and Settings\GOSC\Dane aplikacji\DAEMON Tools
2008-04-15 21:29 . 2008-04-15 21:29 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-25 21:07 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-03-25 21:05 . 2008-03-25 21:05 <DIR> d-------- C:\Program Files\MSBuild
2008-03-25 21:05 . 2008-03-25 21:05 <DIR> d-------- C:\Program Files\Microsoft Works
2008-03-25 20:55 . 2008-03-25 20:55 <DIR> d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-03-25 20:50 . 2008-03-25 20:50 <DIR> d-------- C:\Program Files\Word.pl-pl
2008-03-25 20:50 . 2008-03-25 20:50 <DIR> d-------- C:\Program Files\Updates
2008-03-25 20:50 . 2008-03-25 20:50 <DIR> d-------- C:\Program Files\Rosebud.pl-pl
2008-03-25 20:50 . 2008-03-25 20:50 <DIR> d-------- C:\Program Files\Publisher.pl-pl
2008-03-25 20:50 . 2008-03-25 20:50 <DIR> d-------- C:\Program Files\Proofing.pl-pl
2008-03-25 20:50 . 2008-03-25 20:50 <DIR> d-------- C:\Program Files\PowerPoint.pl-pl
2008-03-25 20:50 . 2008-03-25 20:50 <DIR> d-------- C:\Program Files\Outlook.pl-pl
2008-03-25 20:50 . 2008-03-25 20:50 <DIR> d-------- C:\Program Files\OneNote.pl-pl
2008-03-25 20:50 . 2008-03-25 20:50 <DIR> d-------- C:\Program Files\Office64.pl-pl
2008-03-25 20:50 . 2008-03-25 20:50 <DIR> d-------- C:\Program Files\Office.pl-pl
2008-03-25 20:50 . 2008-03-25 20:50 <DIR> d-------- C:\Program Files\InfoPath.pl-pl
2008-03-25 20:50 . 2008-03-25 20:50 <DIR> d-------- C:\Program Files\Groove.pl-pl
2008-03-25 20:50 . 2008-03-25 20:50 <DIR> d-------- C:\Program Files\Excel.pl-pl
2008-03-25 20:49 . 2008-03-25 20:49 <DIR> d-------- C:\Program Files\Enterpriser.WW
2008-03-25 20:49 . 2008-03-25 20:49 <DIR> d-------- C:\Program Files\Catalog
2008-03-25 20:49 . 2008-03-25 20:49 <DIR> d-------- C:\Program Files\Access.pl-pl
2008-03-25 20:49 . 2006-11-27 15:51 463,152 --a------ C:\Program Files\setup.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 18:08 35,840 ----a-w C:\WINDOWS\system32\zlib1.dll
2006-12-26 00:09 29 ----a-w C:\Program Files\#serial.txt
2006-11-27 11:38 2,569 ----a-w C:\Program Files\README.HTM
2003-08-27 09:49 3,424 ----a-w C:\WINDOWS\inf\OTHER\cmiainfo.sys
.
((((((((((((((((((((((((((((( snapshot@2008-04-20_11.23.57.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-20 08:51:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-20 11:10:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 10:40 68856]
"Gadu-Gadu"="D:\Gadu-Gadu\gg.exe" [2007-07-09 08:39 2119104]
"ares"="C:\Program Files\Ares\Ares.exe" [ ]
"NBJ"="C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 21:35 1961984]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:44 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [ ]
"DAEMON Tools Lite"="D:\Mariusz\daemon\DAEMON Tools Lite\daemon.exe" [2008-03-21 10:30 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 11:40 28672]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
"WOOWATCH"="C:\PROGRA~1\NEOSTR~1\Watch.exe" [2003-10-16 18:07 20480]
"WOOTASKBARICON"="C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe" [2003-10-16 18:07 53248]
"WooCnxMon"="C:\PROGRA~1\NEOSTR~1\CnxMon.exe" [2003-10-16 18:07 24576]
"LogitechVideoRepair"="D:\Video\ISStart.exe" [2005-01-19 11:45 458752]
"LogitechVideoTray"="D:\Video\LogiTray.exe" [2005-01-19 11:39 217088]
"adiras"="adiras.exe" []
"Adobe Photo Downloader"="D:\Sony Ericson - album zdjęć\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-25 22:02 185896]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 04:15 75520]
"BearShare"="C:\Program Files\BearShare\BearShare.exe" [ ]
"GrooveMonitor"="D:\Mariusz\Office12\GrooveMonitor.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-08-02 16:35 7110656]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2004-08-04 08:44 159744]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 22:44 15360]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programy^Autostart^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 22:44 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
--a------ 2003-05-21 18:37 229437 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-07-09 08:39 2119104 D:\Gadu-Gadu\gg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-10-23 19:51 233472 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2003-06-25 11:24 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2003-09-01 12:42 176128 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-07-14 21:35 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-08-02 16:35 7110656 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-08-02 16:35 86016 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-08-02 16:35 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Onet.pl AutoUpdate]
C:\Program Files\Common Files\Onet.pl\AutoUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerS]
C:\WINDOWS\PowerS.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 19:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSRaid]
--------- 2004-12-22 17:32 892928 C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiSUSBRG]
--------- 2002-07-12 11:15 106496 C:\WINDOWS\SiSUSBrg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-07-25 22:02 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Gadu-Gadu\\gg.exe"=
"C:\\Program Files\\Wapster\\AQQ\\AQQ.exe"=
"C:\\PROGRA~1\\Wapster\\AQQ\\AQQ.exe"=
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1976:UDP"= 1976:UDP:Windows Media Format SDK (iexplore.exe)
"1977:UDP"= 1977:UDP:Windows Media Format SDK (iexplore.exe)
"1978:UDP"= 1978:UDP:Windows Media Format SDK (iexplore.exe)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f86e96fc-99f1-11dc-9c9d-00142a826474}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-04-19 19:22:14 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-04-13 20:13:42 C:\WINDOWS\Tasks\At1.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-13 20:13:42 C:\WINDOWS\Tasks\At2.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-13 20:13:42 C:\WINDOWS\Tasks\At3.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-13 20:13:42 C:\WINDOWS\Tasks\At4.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-13 20:13:42 C:\WINDOWS\Tasks\At5.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-13 20:13:42 C:\WINDOWS\Tasks\At6.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-13 20:13:42 C:\WINDOWS\Tasks\At7.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-13 20:13:42 C:\WINDOWS\Tasks\At8.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-13 20:13:42 C:\WINDOWS\Tasks\At9.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-13 20:13:42 C:\WINDOWS\Tasks\At10.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-20 08:15:02 C:\WINDOWS\Tasks\At11.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-20 09:15:00 C:\WINDOWS\Tasks\At12.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-20 10:15:02 C:\WINDOWS\Tasks\At13.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-19 11:15:38 C:\WINDOWS\Tasks\At14.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-19 12:15:00 C:\WINDOWS\Tasks\At15.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-19 13:15:00 C:\WINDOWS\Tasks\At16.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-19 14:15:02 C:\WINDOWS\Tasks\At17.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-19 15:15:02 C:\WINDOWS\Tasks\At18.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-19 16:15:02 C:\WINDOWS\Tasks\At19.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-19 17:15:00 C:\WINDOWS\Tasks\At20.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-19 18:15:28 C:\WINDOWS\Tasks\At21.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-19 19:15:02 C:\WINDOWS\Tasks\At22.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-19 20:15:00 C:\WINDOWS\Tasks\At23.job"
- C:\WINDOWS\system32\svrhost.exe
"2008-04-15 21:15:02 C:\WINDOWS\Tasks\At24.job"
- C:\WINDOWS\system32\svrhost.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 13:35:46
Windows 5.1.2600 Dodatek Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-20 13:40:09
ComboFix-quarantined-files.txt 2008-04-20 11:40:08
ComboFix2.txt 2008-04-20 09:24:18
Pre-Run: 2,515,976,192 bajtów wolnych
Post-Run: 2,518,908,928 bajtów wolnych
206