ComboFix.txt

Prośba o sprawdzenie loga.

Proszę o sprawdzenie loga.


ComboFix 12-08-20.02 - Kasia 2012-08-21 18:59:44.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.48.1045.18.1983.920 [GMT 2:00]
Uruchomiony z: f:\pobrania fox\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Cloud Antivirus Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802}
.
UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.
.
((((((((((((((((((((((((((((((((((((((( Usuni?to )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Dane aplikacji\TEMP
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\windows\system32\SET104.tmp
c:\windows\system32\SET106.tmp
c:\windows\system32\SETF3.tmp
c:\windows\system32\SETF5.tmp
.
.
((((((((((((((((((((((((( Pliki utworzone od 2012-07-21 do 2012-08-21 )))))))))))))))))))))))))))))))
.
.
2012-08-20 06:27 . 2011-03-10 16:04 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2012-08-10 12:48 . 2012-08-10 12:48 -------- d-----w- c:\program files\Common Files\Adobe
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files\Mozilla Firefox\Plugins\nppdf32.dll
2012-07-26 19:35 . 2012-07-26 19:35 63488 ----a-w- c:\windows\xobglu16.dll
2012-07-26 19:35 . 2012-07-26 19:35 23552 ----a-w- c:\windows\xobglu32.dll
2012-07-24 09:47 . 2012-07-24 09:48 -------- d-----w- c:\windows\system32\GroupPolicy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 13:55 . 2012-04-06 12:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-16 13:55 . 2011-07-11 23:13 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 05:02 . 2012-07-13 05:02 120616 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2012-07-13 05:02 . 2012-07-13 05:02 179112 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2012-07-13 05:02 . 2012-07-13 05:02 114728 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2012-07-13 05:02 . 2012-07-13 05:02 101544 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2012-07-13 05:02 . 2012-07-13 05:02 149032 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2012-07-12 09:18 . 2012-07-12 09:18 206632 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
2012-07-06 13:58 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2011-07-11 22:08 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 18:22 . 2006-03-02 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-07-02 17:38 . 2006-03-02 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:38 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:38 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2012-06-27 13:51 . 2012-06-27 13:51 92840 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
2012-06-27 13:51 . 2012-06-27 13:51 286376 ----a-w- c:\windows\system32\drivers\NNSProt.sys
2012-06-27 13:51 . 2012-06-27 13:51 153000 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2012-06-27 13:51 . 2012-06-27 13:51 106536 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
2012-06-27 13:51 . 2012-06-27 13:51 51496 ----a-w- c:\windows\system32\drivers\NNSpihs.sys
2012-06-27 13:51 . 2012-06-27 13:51 104104 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
2012-06-27 13:51 . 2012-06-27 13:51 93992 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
2012-06-27 13:51 . 2012-06-27 13:51 122664 ----a-w- c:\windows\system32\drivers\NNSIds.sys
2012-06-27 13:51 . 2012-06-27 13:51 82472 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
2012-06-27 13:51 . 2012-06-27 13:51 120744 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
2012-06-05 15:49 . 2008-04-14 17:20 1372672 ------w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2006-03-02 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:35 . 2011-08-11 08:33 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-04 04:32 . 2006-03-02 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2011-07-11 22:09 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-07-11 22:09 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2011-07-11 22:09 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-08-06 17:24 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-07-11 22:09 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2011-07-11 22:09 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2006-03-02 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 17:24 16408 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-07-11 22:09 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-07-11 22:09 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:19 . 2009-08-06 17:23 18968 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:18 . 2011-08-11 08:33 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2011-08-11 08:33 18160 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2006-03-02 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-05-24 21:18 . 2012-05-24 21:18 4472832 ----a-w- c:\windows\system32\GPhotos.scr
2012-05-24 08:48 . 2012-06-08 11:22 21376 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2012-07-17 19:14 . 2011-10-24 20:33 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyœlne, prawid?owe wpisy nie s? pokazane
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" c:\program files\NetMeter\NetMeter.exe " = " c:\program files\NetMeter\NetMeter.exe " [2007-08-11 331264]
" SUPERAntiSpyware " = " c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe " [2012-07-23 4777856]
" Gadwin PrintScreen " = " c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe " [2010-10-14 487424]
" Nowe Gadu-Gadu " = " c:\program files\Nowe Gadu-Gadu\gg.exe " [2009-10-28 11539048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" RTHDCPL " = " RTHDCPL.EXE " [2007-01-30 16116224]
" SkyTel " = " SkyTel.EXE " [2006-05-16 2879488]
" HomeKeyLogger " = " d:\homekeylogger\KeyLogger.exe " [2011-07-03 33280]
" NvCplDaemon " = " c:\windows\system32\NvCpl.dll " [2011-10-08 16744256]
" NvMediaCenter " = " NvMCTray.dll " [2011-10-08 203072]
" boincmgr " = " c:\program files\BOINC\boincmgr.exe " [2012-05-15 3663024]
" boinctray " = " c:\program files\BOINC\boinctray.exe " [2012-05-15 70832]
" PSUAMain " = " c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe " [2012-07-13 37152]
" Adobe ARM " = " c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe " [2012-07-27 919008]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\system32\CTFMON.EXE " [2008-04-14 15360]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
" EditLevel " = 0 (0x0)
" NoCommonGroups " = 0 (0x0)
" NoRecentDocsNetHood " = 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
" {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} " = " c:\program files\SUPERAntiSpyware\SASSEH.DLL " [2011-08-04 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@= " "
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" %windir%\\Network Diagnostic\\xpnetdiag.exe " =
" f:\\Ares\\Ares.exe " =
" c:\\Program Files\\Nowe Gadu-Gadu\\gg.exe " =
.
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2012-06-27 82472]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2012-06-27 120744]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2012-06-27 122664]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2012-06-27 93992]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2012-06-27 104104]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2012-06-27 286376]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2012-06-27 153000]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2012-06-27 106536]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2012-07-12 206632]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2012-06-27 92840]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2012-07-13 179112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2010-06-29 116608]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\advanced systemcare 5\ASCService.exe [2012-06-08 913792]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 140064]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-07-14 2253120]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2012-07-13 149032]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2012-07-13 101544]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2012-07-13 114728]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2012-07-13 120616]
R2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2012-08-20 46280]
R3 R5BaseSmc;USB Token Holder Service;c:\windows\system32\drivers\smccard.sys [2011-10-05 12800]
S2 AdvancedSystemCareService;Advanced SystemCare Service;f:\advanced systemcare 4\ASCService.exe -- & gt; f:\advanced systemcare 4\ASCService.exe [?]
S2 gupdate;Us?uga Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-06 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 250056]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-12-28 36608]
S3 gupdatem;Us?uga Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-11-06 136176]
S3 License Management Service SON;License Management Service SON;c:\program files\Common Files\esonopress Shared\Service\Licence Manager SON.exe [2011-10-03 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-05 113120]
S3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [2011-09-09 38536]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [2012-06-27 51496]
.
Zawartoœae folderu 'Zaplanowane zadania'
.
2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 13:55]
.
2012-08-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cd0ce4344a392e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-06 19:31]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-11-06 19:31]
.
.
------- Skan uzupe?niaj?cy -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa & ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Kasia\Dane aplikacji\Mozilla\Firefox\Profiles\vsr668xd.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (pl)
FF - prefs.js: browser.startup.homepage - www.google.pl
.
- - - - USUNI?TO PUSTE WPISY - - - -
.
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-21 19:03
Windows 5.1.2600 Dodatek Service Pack 3 NTFS
.
skanowanie ukrytych procesów ...
.
skanowanie ukrytych wpisów autostartu ...
.
skanowanie ukrytych plików ...
.
skanowanie pomyœlnie uko?czone
ukryte pliki: 0
.
**************************************************************************
.
--------------------- Pliki DLL ?adowane pod uruchomionymi procesami ---------------------
.
- - - - - - - & gt; 'winlogon.exe'(1524)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Czas uko?czenia: 2012-08-21 19:05:05
ComboFix-quarantined-files.txt 2012-08-21 17:05
.
Przed: 9 992 658 944 bajtów wolnych
Po: 10 026 409 984 bajtów wolnych
.
- - End Of File - - 325FFA4D510C1450EBF1A718E37DEB69


Pobierz plik - link do postu