log combofix

[kkbronek]

ComboFix 14-11-15.01 - samsung 2014-11-15 10:16:49.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.48.1045.18.3066.1970 [GMT 1:00]
Uruchomiony z: D:\combofix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Pliki utworzone od 2014-10-15 do 2014-11-15 )))))))))))))))))))))))))))))))
.
.
2014-11-15 09:24 . 2014-11-15 09:25 -------- d-----w- c:\users\samsung\AppData\Local\temp
2014-11-15 09:24 . 2014-11-15 09:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-14 20:07 . 2014-11-14 20:07 -------- d-----w- c:\users\samsung\AppData\Roaming\SUPERAntiSpyware.com
2014-11-14 20:06 . 2014-11-15 09:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2014-11-14 20:06 . 2014-11-14 20:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-11-13 17:26 . 2014-10-10 01:00 146432 ----a-w- c:\windows\system32\msaudite.dll
2014-11-13 17:26 . 2014-10-09 23:22 619520 ----a-w- c:\windows\system32\adtschema.dll
2014-11-13 17:26 . 2014-10-10 01:01 449536 ----a-w- c:\windows\system32\termsrv.dll
2014-11-13 17:26 . 2014-10-10 01:00 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2014-11-13 17:24 . 2014-08-27 00:55 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-11-13 17:24 . 2014-08-27 00:55 1249280 ----a-w- c:\windows\system32\msxml3.dll
2014-11-13 17:23 . 2014-09-19 00:50 278528 ----a-w- c:\windows\system32\schannel.dll
2014-11-13 17:23 . 2014-10-24 01:04 67072 ----a-w- c:\windows\system32\packager.dll
2014-11-13 17:20 . 2014-08-12 02:25 729600 ----a-w- c:\windows\system32\IMJP10K.DLL
2014-11-13 17:17 . 2014-10-03 01:17 316928 ----a-w- c:\windows\system32\audiosrv.dll
2014-11-13 17:16 . 2014-10-03 01:18 274432 ----a-w- c:\windows\system32\AUDIOKSE.dll
2014-11-13 17:16 . 2014-10-03 01:17 170496 ----a-w- c:\windows\system32\EncDump.dll
2014-11-13 17:16 . 2014-10-03 01:17 396800 ----a-w- c:\windows\system32\AudioEng.dll
2014-11-13 17:16 . 2014-10-18 01:08 564224 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-13 17:09 . 2014-10-12 23:34 2054656 ----a-w- c:\windows\system32\win32k.sys
2014-11-12 19:24 . 2014-11-12 19:24 -------- d-sh--w- c:\windows\system32\%APPDATA%
2014-11-09 14:31 . 2014-11-09 14:31 -------- d-----w- c:\users\samsung\AppData\Local\Deployment
2014-11-08 10:26 . 2014-11-08 11:03 371803512 ----a-w- c:\users\samsung\BackupRegistry(20141108).reg
2014-11-08 09:51 . 2014-11-08 09:51 -------- d-----w- c:\program files\Yamicsoft
2014-11-02 10:01 . 2014-11-02 10:01 -------- d-----w- c:\users\samsung\AppData\Local\Ad1 Ltd
2014-11-01 12:10 . 2013-09-10 02:47 63576 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2014-11-01 10:52 . 2014-11-08 16:29 -------- d-----w- C:\Download
2014-11-01 10:44 . 2014-11-02 09:11 -------- d-----w- c:\users\samsung\AppData\Local\Torpedo
2014-11-01 10:21 . 2014-11-01 11:45 -------- d-----w- c:\users\samsung\AppData\Local\Radio Canyon
2014-11-01 10:20 . 2014-11-01 10:20 -------- d-----w- c:\users\samsung\AppData\Local\globalUpdate
2014-11-01 10:19 . 2014-11-01 10:21 -------- d-----w- c:\users\samsung\AppData\Roaming\NapiProjekt
2014-11-01 10:19 . 2014-11-01 10:19 -------- d-----w- c:\users\samsung\AppData\Roaming\OpenCandy
2014-10-26 09:55 . 2014-10-26 09:55 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2014-10-26 09:55 . 2014-10-26 10:17 -------- d-----w- c:\program files\Common Files\Symantec Shared
2014-10-26 09:53 . 2014-10-26 19:14 -------- d-----w- c:\windows\system32\drivers\NIS
2014-10-26 09:53 . 2014-10-26 09:53 -------- d-----w- c:\program files\Norton Internet Security
2014-10-26 09:48 . 2014-10-26 09:48 -------- d-----w- c:\windows\system32\drivers\NST
2014-10-26 09:48 . 2014-10-26 09:48 -------- d-----w- c:\program files\Norton Identity Safe
2014-10-26 08:29 . 2014-10-26 08:29 -------- d-----w- c:\programdata\PCSettings
2014-10-24 09:13 . 2014-11-08 11:11 -------- d-----w- c:\programdata\USBSecurity
2014-10-21 17:19 . 2014-10-21 17:19 -------- d-----w- c:\programdata\Stylus Studio
2014-10-21 17:17 . 2014-10-21 17:17 -------- d-----w- c:\users\samsung\AppData\Roaming\Stylus Studio
2014-10-21 04:06 . 2014-11-02 09:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2014-10-19 07:07 . 2014-10-19 07:07 -------- d-----w- c:\program files\CCleaner
2014-10-18 05:48 . 2014-06-15 22:18 1131664 ----a-w- c:\windows\system32\dfshim.dll
2014-10-18 05:48 . 2014-06-13 18:22 81560 ----a-w- c:\windows\system32\mscories.dll
2014-10-18 05:48 . 2014-06-13 18:22 156824 ----a-w- c:\windows\system32\mscorier.dll
2014-10-17 16:04 . 2014-10-17 16:04 -------- d-----w- c:\users\samsung\AppData\Local\Macromedia
2014-10-17 03:41 . 2014-09-04 23:27 143360 ----a-w- c:\windows\system32\drivers\fastfat.sys
2014-10-16 19:07 . 2014-10-16 19:07 -------- d-----w- c:\users\samsung\AppData\Local\Mozilla
2014-10-16 19:07 . 2014-11-13 17:04 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-13 17:26 . 2014-05-18 10:24 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-13 17:26 . 2014-05-18 10:24 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-25 09:40 . 2014-09-25 09:40 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-09-25 09:40 . 2014-09-25 09:40 26328 ----a-w- c:\windows\system32\drivers\ggsomc.sys
2014-09-25 09:40 . 2014-09-25 09:40 13528 ----a-w- c:\windows\system32\drivers\ggflt.sys
2014-09-09 06:24 . 2014-09-27 07:23 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-23 01:03 . 2014-08-29 16:12 297984 ----a-w- c:\windows\system32\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2014-05-18 39408]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-11-13 6697752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2014-06-06 15:14 12017368 ----a-w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-10 21:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-10-01 08:43 22065760 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2009-02-13 08:03 1833504 ----a-w- c:\program files\Realtek\Audio\HDA\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2009-03-12 13:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2014-05-18 17:38 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-08-28 02:52 1049896 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2008-12-03 20:15 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-07-22 142648]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
yksvcs REG_MULTI_SZ yksvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-28 18:02 1089352 ----a-w- c:\program files\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-18 17:26]
.
2014-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-18 10:25]
.
2014-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-05-18 10:25]
.
2014-11-14 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 44f89fed-6103-4a6a-a9d5-9e70e06cbf46.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-11-15 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 57e81374-7d25-49a9-ad68-d3d6283a8575.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
2014-11-15 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d67e9577-cf4f-49f7-95b2-0dbbaf2a19b6.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://www.google.pl/
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=SMSN
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\samsung\AppData\Roaming\Mozilla\Firefox\Profiles\qof0s5m3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pl/
.
- - - - USUNIĘTO PUSTE WPISY - - - -
.
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, Dostępne tylko dla zarejestrowanych użytkowników
Rootkit scan 2014-11-15 10:25
Windows 6.0.6002 Service Pack 2 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyślnie ukończone
ukryte pliki: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NCO]
"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2014.7.8.23\NST.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2014.7.8.23\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\21.6.0.32\NIS.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NIS\1506000.020\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files\Norton Internet Security\Engine\21.6.0.32"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Czas ukończenia: 2014-11-15 10:27:58
ComboFix-quarantined-files.txt 2014-11-15 09:27
.
Przed: 94 585 327 616 bajtów wolnych
Po: 95 349 993 472 bajtów wolnych
.
- - End Of File - - A90D99F24F6BADBF9BF2DC1998F0145C
61A349592C4728853F4A90FF78F7628E

-- 15 lis 2014, 10:41 --

[djarta]

Powód używania ComboFixa i przede wszystkim powód sprawdzania logów?
ComboFix niczego nie wykrył, log też jest czysty.