logi.rar

Komputer wysyła cały czas pakiety.

Proszę, oto logi.

  • logi.rar
    • ComboFix.txt
    • Catchme.log


Download file - link to post

logi.rar > ComboFix.txt

ComboFix 08-02-13.2 - Nec 2008-02-13 13:32:02.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.504 [GMT 1:00]
Running from: C:\Documents and Settings\Nec\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nec\Pulpit\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE
C:\-1728244975
C:\d.exe
C:\hljsdsm.exe
C:\orffkeks.exe
C:\WINDOWS\system32\drivers\blpbcoyv.dat
c:\windows\system32\drivers\fhgxtvbf.dat
C:\WINDOWS\system32\drivers\Hlp72.sys
C:\WINDOWS\system32\jkghje.dll
C:\WINDOWS\system32\LogCrypt.dll
C:\xjoukm.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-13 09:41 . 2008-02-13 09:41 & lt; DIR & gt; d-------- C:\Program Files\Ashampoo
2008-02-13 00:31 . 2008-02-13 10:35 & lt; DIR & gt; d-------- C:\Program Files\NetMeter
2008-02-13 00:17 . 2008-02-13 00:17 & lt; DIR & gt; d-------- C:\Deckard
2008-02-12 20:19 . 2008-02-12 20:19 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 20:19 . 2008-02-12 20:19 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-02-12 20:13 . 2008-02-12 20:27 250 --a------ C:\WINDOWS\gmer.ini
2008-02-12 18:04 . 2008-02-12 18:05 & lt; DIR & gt; d-------- C:\Program Files\Microsoft AntiSpyware
2008-02-12 17:58 . 2008-02-12 17:58 & lt; DIR & gt; d-------- C:\Program Files\Alwil Software
2008-02-12 17:51 . 2008-02-12 20:19 & lt; DIR & gt; d-------- C:\Program Files\Lavasoft
2008-02-11 22:24 . 2008-02-11 22:24 & lt; DIR & gt; d-------- C:\Documents and Settings\Nec\Dane aplikacji\Disney Interactive Studios
2008-02-11 22:10 . 2008-02-11 22:10 83 --a------ C:\WINDOWS\PL CD Wwp.INI
2008-02-11 21:39 . 2008-02-13 12:06 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys
2008-02-11 21:38 . 2008-02-11 21:38 29 --a------ C:\WINDOWS\system32\eupoodre.tmp
2008-02-11 18:15 . 2008-02-11 18:15 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Skype
2008-02-11 18:15 . 2008-02-11 18:15 & lt; DIR & gt; d-------- C:\Documents and Settings\Nec\Dane aplikacji\skypePM
2008-02-11 18:15 . 2008-02-11 18:15 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-02-09 20:20 . 2008-02-09 20:20 618 --a------ C:\WINDOWS\eReg.dat
2008-02-09 20:15 . 1998-10-07 12:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2008-02-09 20:14 . 2008-02-09 20:14 & lt; DIR & gt; d-------- C:\Documents and Settings\Nec\WINDOWS
2008-02-09 20:14 . 1997-04-16 18:42 297,984 --a------ C:\WINDOWS\uninst.exe
2008-02-08 23:20 . 2008-02-08 23:45 369 --a------ C:\WINDOWS\pdf2word.INI
2008-02-08 23:02 . 2004-12-07 09:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-02-08 23:02 . 2006-01-30 11:32 5,632 --a------ C:\WINDOWS\system32\pxc25pm.dll
2008-02-08 23:01 . 2008-02-12 18:48 & lt; DIR & gt; d-------- C:\Program Files\ABBYY PDF Transformer 2.0
2008-02-07 19:27 . 2008-02-07 19:27 & lt; DIR & gt; d-------- C:\WINDOWS\SHELLNEW
2008-02-07 17:23 . 2006-05-19 01:55 444,796 -rahs---- C:\bootmgr
2008-02-07 17:23 . 2008-02-07 18:26 8,192 -ra-s---- C:\BOOTSECT.BAK
2008-02-07 14:28 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-02-07 14:27 . 2008-02-07 14:27 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Ahead
2008-02-07 14:27 . 2001-07-06 14:41 569,344 --------- C:\WINDOWS\system32\imagr5.dll
2008-02-07 14:27 . 2001-07-06 12:44 544,768 --------- C:\WINDOWS\system32\imagx5.dll
2008-02-07 14:27 . 2001-07-06 18:24 283,920 --------- C:\WINDOWS\system32\ImagXpr5.dll
2008-02-07 14:27 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-02-07 14:27 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-02-07 14:19 . 2008-02-07 14:19 & lt; DIR & gt; d-------- C:\WINDOWS\Performance
2008-02-07 14:19 . 2008-02-07 14:19 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Corporation
2008-02-07 14:10 . 2008-02-07 16:17 2,147 --a------ C:\WINDOWS\diagwrn.xml
2008-02-07 14:10 . 2008-02-07 16:17 1,887 --a------ C:\WINDOWS\diagerr.xml
2008-02-06 12:13 . 2008-02-06 12:15 & lt; DIR & gt; d-------- C:\Program Files\Star Downloader
2008-01-31 12:35 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-01-31 12:35 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-01-25 11:36 . 2004-08-03 23:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-25 11:35 . 2008-01-25 11:35 & lt; DIR & gt; d-------- C:\Program Files\MSXML 6.0
2008-01-25 11:30 . 2008-01-25 11:30 & lt; DIR & gt; d-------- C:\Program Files\MSXML 4.0
2008-01-24 14:31 . 2008-01-25 11:36 & lt; DIR & gt; d--h----- C:\WINDOWS\$hf_mig$
2008-01-22 22:54 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-22 22:54 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-22 22:54 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-22 22:54 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-19 22:41 . 2008-01-19 22:41 & lt; DIR & gt; d-------- C:\Program Files\Clever Age
2008-01-15 21:34 . 2008-01-15 21:34 & lt; DIR & gt; d--h----- C:\WINDOWS\system32\GroupPolicy
2008-01-15 20:32 . 2008-01-15 20:33 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Droppix
2008-01-15 20:32 . 2005-11-09 09:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-01-15 20:32 . 2005-11-09 09:00 462,848 --a------ C:\WINDOWS\system32\HHActiveX.dll
2008-01-15 20:32 . 2005-11-09 09:00 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-01-15 20:32 . 2005-11-09 09:00 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-15 20:00 . 2008-01-15 20:00 & lt; DIR & gt; d-------- C:\WINDOWS\MVUNINST
2008-01-15 20:00 . 2008-01-15 20:00 & lt; DIR & gt; d-------- C:\Program Files\SureThing
2008-01-15 20:00 . 2008-01-15 20:00 & lt; DIR & gt; d-------- C:\Program Files\Common Files\SureThing Shared
2008-01-15 19:37 . 2004-04-23 07:00 116,736 --a------ C:\WINDOWS\system32\CNMLM5y.DLL
2008-01-15 19:37 . 2004-04-23 07:00 7,680 --a------ C:\WINDOWS\system32\CNMVS5y.DLL
2008-01-15 19:14 . 2008-01-15 19:14 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Drivers HeadQuarters
2008-01-15 18:56 . 2008-01-15 18:56 & lt; DIR & gt; d-------- C:\Documents and Settings\Nec\Dane aplikacji\Nero
2008-01-15 18:52 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-15 18:52 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-14 19:01 . 2008-01-14 19:05 & lt; DIR & gt; d-------- C:\Program Files\Gadu-Gadu
2008-01-14 15:07 . 2008-01-14 15:07 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-01-14 15:04 . 2008-01-29 19:38 & lt; DIR & gt; d-------- C:\Program Files\Common Files\LightScribe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 13:16 --------- d-----w C:\Program Files\eMule
2008-02-11 17:50 --------- d-----w C:\Documents and Settings\Nec\Dane aplikacji\Skype
2008-02-11 17:15 --------- d-----w C:\Program Files\Skype
2008-02-09 19:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-08 20:40 --------- d-----w C:\Program Files\CDex_150
2008-02-07 18:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-02-07 13:28 --------- d-----w C:\Program Files\Ahead
2008-02-06 12:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 14:03 --------- d-----w C:\Documents and Settings\Nec\Dane aplikacji\XnView
2008-01-26 19:08 --------- d-----w C:\Documents and Settings\Nec\Dane aplikacji\OpenOffice.org2
2008-01-21 17:18 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-17 17:40 --------- d-----w C:\Documents and Settings\Nec\Dane aplikacji\GanymedeNet
2008-01-17 17:16 --------- d-----w C:\Program Files\Ganymede
2008-01-06 16:56 --------- d-----w C:\Program Files\BitComet
2008-01-06 15:44 --------- d-----w C:\Documents and Settings\Nec\Dane aplikacji\Azureus
2007-12-30 17:00 --------- d-----w C:\Program Files\KaraFun
2007-12-30 17:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Recisio
2007-12-24 18:08 --------- d-----w C:\Program Files\ParadisePoker
2007-12-21 09:50 --------- d-----w C:\Program Files\CounterPath
2007-12-16 14:36 --------- d-----w C:\Program Files\k700 Remote Profiler
2007-12-14 21:20 --------- d--h--w C:\Program Files\Zero G Registry
2007-12-14 21:06 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-14 21:06 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-12-14 21:05 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2007-12-14 21:05 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2007-12-14 21:05 1,419,232 ----a-w C:\WINDOWS\system32\wdfcoinstaller01005.dll
2007-12-14 20:59 --------- d-----w C:\Program Files\Sony Ericsson
2007-11-22 20:22 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-22 20:22 249,856 ------w C:\WINDOWS\Setup1.exe
2006-11-07 21:33 266,240 ----a-w C:\Program Files\xp-AntiSpy.exe
2006-07-12 10:59 3,278,400 ----a-w C:\Program Files\procexp.exe
2001-02-23 17:22 299,008 ----a-w C:\Program Files\bestplayer1.0.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" ctfmon.exe " = " C:\WINDOWS\system32\ctfmon.exe " [2004-08-03 23:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" Apoint " = " C:\Program Files\Apoint2K\Apoint.exe " [2005-01-28 03:41 135168]
" SunJavaUpdateSched " = " C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe " [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " C:\WINDOWS\system32\CTFMON.EXE " [2004-08-03 23:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]
C:\PROGRA~1\AQQ\AQQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 13:56 17920 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 13:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-11-14 11:54 2131392 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-02-07 07:36 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-02-07 07:40 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-02-07 07:39 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-06-07 18:29 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

S1 wer32;wer32;C:\WINDOWS\system32\jkghje.dll []
S3 AL_WLAN;UGJZ Network Adapter Service;C:\WINDOWS\system32\DRIVERS\AL_WLAN.sys []
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-12-14 22:05]
S3 NRKCTL32;NRKCTL32;C:\Program Files\wcpuid\NRKCTL32.SYS [2002-12-21 19:01]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
S3 NVNRMUSB;Novation ReMOTE USB MIDI WDM Driver;C:\WINDOWS\system32\Drivers\Remote.sys [2005-01-03 12:04]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys []
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 usbstor;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eed94561-228b-11dc-875e-0016fe06a4db}]
\Shell\AutoRun\command - H:\USBNB.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 13:34:01
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-13 13:34:45
ComboFix-quarantined-files.txt 2008-02-13 12:34:22
ComboFix2.txt 2008-02-13 11:08:58
ComboFix3.txt 2008-02-13 09:28:27
ComboFix4.txt 2008-02-13 09:16:17
.
2008-02-10 09:42:48 --- E O F ---

  Search 5 million + Products