ComboFix 09-04-13.A2 - Robert 2009-04-13 17:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.511.226 [GMT 2:00]
Uruchomiony z: c:\documents and settings\Robert\Pulpit\ComboFix.exe
Użyto następujących komend :: c:\documents and settings\Robert\Pulpit\CFScript.txt
* Utworzono nowy punkt przywracania
FILE ::
c:\program files\AntispywareBot\AntispywareBot.exe
c:\program files\AntispywareBot\AntispywareBot.srv.exe
.
((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\IE4 Error Log.txt
.
((((((((((((((((((((((((( Pliki utworzone od 2009-03-13 do 2009-04-13 )))))))))))))))))))))))))))))))
.
2009-04-13 11:33 . 2009-04-13 13:31 -------- d-----w c:\windows\LastGood
2009-04-12 14:51 . 2009-04-12 14:51 -------- d-----w c:\documents and settings\Robert\Dane aplikacji\Gadu-Gadu
2009-04-12 14:50 . 2009-04-12 14:53 -------- d-----w c:\documents and settings\Robert\Gadu-Gadu
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 13:36 . 2009-04-13 13:25 -------- d-----w c:\program files\Winamp
2009-04-13 09:56 . 2009-04-12 11:52 -------- d—a-w c:\documents and settings\All Users\Dane aplikacji\TEMP
2009-04-13 09:37 . 2001-10-26 19:15 49492 ----a-w c:\windows\system32\perfc015.dat
2009-04-13 09:37 . 2001-10-26 19:15 355486 ----a-w c:\windows\system32\perfh015.dat
2009-04-13 09:33 . 2009-04-12 11:44 -------- d-----w c:\program files\Neostrada TP
2009-04-13 07:28 . 2009-04-12 11:49 -------- d-----w c:\program files\Spyware Doctor
2009-04-12 19:03 . 2009-04-12 19:03 -------- d-----w c:\program files\ICeQ
2009-04-12 14:51 . 2009-04-12 14:50 -------- d-----w c:\program files\Gadu-Gadu
2009-04-12 13:46 . 2009-04-12 13:46 -------- d-----w c:\program files\Xvid
2009-04-12 13:46 . 2009-04-12 13:39 -------- d-----w c:\program files\Real Alternative
2009-04-12 13:46 . 2009-04-12 13:39 -------- d-----w c:\program files\Media Player Classic
2009-04-12 13:41 . 2009-04-12 13:41 -------- d-----w c:\program files\K-Lite Codec Pack
2009-04-12 13:41 . 2009-04-12 13:40 -------- d-----w c:\program files\AC3Filter
2009-04-12 13:40 . 2009-04-12 13:40 -------- d-----w c:\program files\MarBit
2009-04-12 12:59 . 2009-04-12 11:49 66952 ----a-w c:\windows\system32\drivers\iksysflt.sys
2009-04-12 12:59 . 2009-04-12 11:49 81288 ----a-w c:\windows\system32\drivers\iksyssec.sys
2009-04-12 12:59 . 2009-04-12 11:49 40840 ----a-w c:\windows\system32\drivers\ikfilesec.sys
2009-04-12 11:49 . 2009-04-12 11:49 -------- d-----w c:\documents and settings\Robert\Dane aplikacji\PC Tools
2009-04-12 11:45 . 2009-04-12 11:45 -------- d-----w c:\program files\Thomson
2009-04-12 11:45 . 2009-04-12 11:39 -------- d–h--w c:\program files\InstallShield Installation Information
2009-04-12 11:40 . 2009-04-12 11:39 -------- d-----w c:\program files\AVerTV2K
2009-04-12 11:39 . 2009-04-12 11:39 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-12 11:32 . 2009-04-12 11:32 12328 ----a-w c:\documents and settings\Robert\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT
2009-04-12 11:27 . 2009-04-12 11:27 -------- d-----w c:\program files\microsoft frontpage
2009-04-12 11:25 . 2009-04-12 11:25 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-04-12 11:25 . 2009-04-12 11:25 -------- d-----w c:\program files\Usługi online
2009-04-12 11:22 . 2009-04-12 11:22 21856 ----a-w c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe” [2004-08-04 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
“MPlayer2_FixUp”=“c:\windows\inf\unregmp2.exe” [2004-08-04 208896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“WooCnxMon”=“c:\progra~1\NEOSTR~1\CnxMon.exe” [2003-10-16 24576]
“SpeedTouch USB Diagnostics”=“c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe” [2004-01-26 866816]
“WOOWATCH”=“c:\progra~1\NEOSTR~1\Watch.exe” [2003-10-16 20480]
“WOOTASKBARICON”=“c:\progra~1\NEOSTR~1\TaskbarIcon.exe” [2003-10-16 53248]
“ISTray”=“c:\program files\Spyware Doctor\pctsTray.exe” [2009-04-12 1168264]
“WinampAgent”=“c:\program files\Winamp\winampa.exe” [2006-11-21 35328]
“SoundMan”=“SOUNDMAN.EXE” [2004-06-18 c:\windows\SOUNDMAN.EXE]
[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE” [2004-08-04 15360]
c:\documents and settings\All Users\Menu Start\Programy\Autostart\
QuickTV.lnk - c:\program files\AVerTV2K\QuickTV.exe [2009-04-12 163840]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
“DisableTaskMgr”= 1 (0x1)
“DisableRegistryTools”= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
“AntiVirusDisableNotify”=dword:00000001
“FirewallDisableNotify”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
“AntiVirusOverride”=dword:00000001
“FirewallOverride”=dword:00000001
“UacDisableNotify”=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
“AntiVirusOverride”=dword:00000001
“AntiVirusDisableNotify”=dword:00000001
“FirewallDisableNotify”=dword:00000001
“FirewallOverride”=dword:00000001
“UpdatesDisableNotify”=dword:00000001
“UacDisableNotify”=dword:00000001
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
“EnableFirewall”= 0 (0x0)
[HKLM~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
“%windir%\system32\sessmgr.exe”=
“e:\Aasasa\mbam-setup.exe”=
“c:\PROGRA~1\NEOSTR~1\shell.exe”= c:\PROGRA~1\NEOSTR~1\Shell.exe
“c:\Program Files\AVerTV2K\AVerTV2K.exe”=
“c:\Program Files\Spyware Doctor\pctsTray.exe”=
S2 CX88XBAR;AVerMedia, AVerTV 303/403 Crossbar;c:\windows\system32\drivers\CX88XBAR.sys [2002-11-15 14592]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2009-04-12 356920]
S3 abp470n5;abp470n5; [x]
— Inne Usługi/Sterowniki w Pamięci —
*NewlyCreated* - BITS
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{6cb9417b-275d-11de-8244-000e50127d69}]
\ShEll\AutOPLAY\commaNd - E:\bkool.exe
\ShEll\AutoRun\command - E:\bkool.exe
\ShEll\ExPLORE\COmmanD - E:\bkool.exe
\ShEll\open\cOmmAnd - E:\bkool.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2{fb0b1128-2760-11de-8df7-806d6172696f}]
\Shell\AutoRun\command - J:\autorun.exe
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.wp.pl/
IE: { - c:\program files\Messenger\msmsgs.exe
TCP: {B309744C-C1B1-43DB-A293-0968531F4125} = 194.204.159.1 217.98.63.164
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 17:28
Windows 5.1.2600 Dodatek Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
skanowanie ukrytych procesów …
skanowanie ukrytych wpisów autostartu …
skanowanie ukrytych plików …
skanowanie pomyślnie ukończone
ukryte pliki: 0
**************************************************************************
.
Czas ukończenia: 2009-04-13 17:30
ComboFix-quarantined-files.txt 2009-04-13 15:30
Przed: 12 160 647 168 bajtów wolnych
Po: 12,383,891,456 bajtów wolnych
WindowsXP-KB310994-SP2-Pro-BootDisk-PLK.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /noexecute=optin /fastdetect
140 — E O F — 2009-04-13 11:36