logi.rar

Komputer wysyła cały czas pakiety.

Dołączam log z combofix oraz sdfix w trybie awaryjnym. W folderze C:\Documents and Settings\Nec\WINDOWS nie było nic, usunąłem go. Dziękuje za zainteresowanie.

  • logi.rar
    • ComboFix.txt
    • Report.txt


Download file - link to post

logi.rar > ComboFix.txt

ComboFix 08-02-13.2 - Nec 2008-02-13 14:45:17.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.499 [GMT 1:00]
Running from: C:\Documents and Settings\Nec\Pulpit\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nec\Pulpit\CFScript.txt
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]

FILE
C:\WINDOWS\system32\jkghje.dll
.

((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.

2008-02-13 13:38 . 2008-02-13 13:38 4,291 --a------ C:\logi.rar
2008-02-13 13:35 . 2008-02-13 14:44 & lt; DIR & gt; d-------- C:\program jakis
2008-02-13 09:41 . 2008-02-13 09:41 & lt; DIR & gt; d-------- C:\Program Files\Ashampoo
2008-02-13 00:31 . 2008-02-13 10:35 & lt; DIR & gt; d-------- C:\Program Files\NetMeter
2008-02-13 00:17 . 2008-02-13 00:17 & lt; DIR & gt; d-------- C:\Deckard
2008-02-12 20:19 . 2008-02-12 20:19 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-12 20:19 . 2008-02-12 20:19 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Lavasoft
2008-02-12 20:13 . 2008-02-12 20:27 250 --a------ C:\WINDOWS\gmer.ini
2008-02-12 18:04 . 2008-02-12 18:05 & lt; DIR & gt; d-------- C:\Program Files\Microsoft AntiSpyware
2008-02-12 17:58 . 2008-02-12 17:58 & lt; DIR & gt; d-------- C:\Program Files\Alwil Software
2008-02-12 17:51 . 2008-02-12 20:19 & lt; DIR & gt; d-------- C:\Program Files\Lavasoft
2008-02-11 22:24 . 2008-02-11 22:24 & lt; DIR & gt; d-------- C:\Documents and Settings\Nec\Dane aplikacji\Disney Interactive Studios
2008-02-11 22:10 . 2008-02-11 22:10 83 --a------ C:\WINDOWS\PL CD Wwp.INI
2008-02-11 21:39 . 2008-02-13 12:06 16,768 --a------ C:\WINDOWS\system32\tcpip_patcher.sys
2008-02-11 21:38 . 2008-02-11 21:38 29 --a------ C:\WINDOWS\system32\eupoodre.tmp
2008-02-11 18:15 . 2008-02-11 18:15 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Skype
2008-02-11 18:15 . 2008-02-11 18:15 & lt; DIR & gt; d-------- C:\Documents and Settings\Nec\Dane aplikacji\skypePM
2008-02-11 18:15 . 2008-02-11 18:15 32 --a------ C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat
2008-02-09 20:20 . 2008-02-09 20:20 618 --a------ C:\WINDOWS\eReg.dat
2008-02-09 20:15 . 1998-10-07 12:54 327,168 --a------ C:\WINDOWS\IsUn0415.exe
2008-02-09 20:14 . 1997-04-16 18:42 297,984 --a------ C:\WINDOWS\uninst.exe
2008-02-08 23:20 . 2008-02-08 23:45 369 --a------ C:\WINDOWS\pdf2word.INI
2008-02-08 23:02 . 2004-12-07 09:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-02-08 23:02 . 2006-01-30 11:32 5,632 --a------ C:\WINDOWS\system32\pxc25pm.dll
2008-02-08 23:01 . 2008-02-12 18:48 & lt; DIR & gt; d-------- C:\Program Files\ABBYY PDF Transformer 2.0
2008-02-07 19:27 . 2008-02-07 19:27 & lt; DIR & gt; d-------- C:\WINDOWS\SHELLNEW
2008-02-07 17:23 . 2006-05-19 01:55 444,796 -rahs---- C:\bootmgr
2008-02-07 17:23 . 2008-02-07 18:26 8,192 -ra-s---- C:\BOOTSECT.BAK
2008-02-07 14:28 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-02-07 14:27 . 2008-02-07 14:27 & lt; DIR & gt; d-------- C:\Program Files\Common Files\Ahead
2008-02-07 14:27 . 2001-07-06 14:41 569,344 --------- C:\WINDOWS\system32\imagr5.dll
2008-02-07 14:27 . 2001-07-06 12:44 544,768 --------- C:\WINDOWS\system32\imagx5.dll
2008-02-07 14:27 . 2001-07-06 18:24 283,920 --------- C:\WINDOWS\system32\ImagXpr5.dll
2008-02-07 14:27 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-02-07 14:27 . 2001-06-26 08:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2008-02-07 14:19 . 2008-02-07 14:19 & lt; DIR & gt; d-------- C:\WINDOWS\Performance
2008-02-07 14:19 . 2008-02-07 14:19 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Corporation
2008-02-07 14:10 . 2008-02-07 16:17 2,147 --a------ C:\WINDOWS\diagwrn.xml
2008-02-07 14:10 . 2008-02-07 16:17 1,887 --a------ C:\WINDOWS\diagerr.xml
2008-02-06 12:13 . 2008-02-06 12:15 & lt; DIR & gt; d-------- C:\Program Files\Star Downloader
2008-01-31 12:35 . 2001-08-17 21:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2008-01-31 12:35 . 2001-08-17 21:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys
2008-01-25 11:36 . 2004-08-03 23:44 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-01-25 11:35 . 2008-01-25 11:35 & lt; DIR & gt; d-------- C:\Program Files\MSXML 6.0
2008-01-25 11:30 . 2008-01-25 11:30 & lt; DIR & gt; d-------- C:\Program Files\MSXML 4.0
2008-01-24 14:31 . 2008-01-25 11:36 & lt; DIR & gt; d--h----- C:\WINDOWS\$hf_mig$
2008-01-22 22:54 . 2007-07-30 19:19 38,232 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-22 22:54 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-22 22:54 . 2007-07-30 19:20 30,040 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-22 22:54 . 2007-07-30 19:18 21,336 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-19 22:41 . 2008-01-19 22:41 & lt; DIR & gt; d-------- C:\Program Files\Clever Age
2008-01-15 21:34 . 2008-01-15 21:34 & lt; DIR & gt; d--h----- C:\WINDOWS\system32\GroupPolicy
2008-01-15 20:32 . 2008-01-15 20:33 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\Droppix
2008-01-15 20:32 . 2005-11-09 09:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-01-15 20:32 . 2005-11-09 09:00 462,848 --a------ C:\WINDOWS\system32\HHActiveX.dll
2008-01-15 20:32 . 2005-11-09 09:00 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2008-01-15 20:32 . 2005-11-09 09:00 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-01-15 20:00 . 2008-01-15 20:00 & lt; DIR & gt; d-------- C:\WINDOWS\MVUNINST
2008-01-15 20:00 . 2008-01-15 20:00 & lt; DIR & gt; d-------- C:\Program Files\SureThing
2008-01-15 20:00 . 2008-01-15 20:00 & lt; DIR & gt; d-------- C:\Program Files\Common Files\SureThing Shared
2008-01-15 19:37 . 2004-04-23 07:00 116,736 --a------ C:\WINDOWS\system32\CNMLM5y.DLL
2008-01-15 19:37 . 2004-04-23 07:00 7,680 --a------ C:\WINDOWS\system32\CNMVS5y.DLL
2008-01-15 19:14 . 2008-01-15 19:14 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\PC Drivers HeadQuarters
2008-01-15 18:56 . 2008-01-15 18:56 & lt; DIR & gt; d-------- C:\Documents and Settings\Nec\Dane aplikacji\Nero
2008-01-15 18:52 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-01-15 18:52 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-01-14 19:01 . 2008-01-14 19:05 & lt; DIR & gt; d-------- C:\Program Files\Gadu-Gadu
2008-01-14 15:07 . 2008-01-14 15:07 & lt; DIR & gt; d-------- C:\Documents and Settings\All Users\Dane aplikacji\LightScribe
2008-01-14 15:04 . 2008-01-29 19:38 & lt; DIR & gt; d-------- C:\Program Files\Common Files\LightScribe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-12 13:16 --------- d-----w C:\Program Files\eMule
2008-02-11 17:50 --------- d-----w C:\Documents and Settings\Nec\Dane aplikacji\Skype
2008-02-11 17:15 --------- d-----w C:\Program Files\Skype
2008-02-09 19:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-08 20:40 --------- d-----w C:\Program Files\CDex_150
2008-02-07 18:20 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Microsoft Help
2008-02-07 13:28 --------- d-----w C:\Program Files\Ahead
2008-02-06 12:26 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-05 14:03 --------- d-----w C:\Documents and Settings\Nec\Dane aplikacji\XnView
2008-01-26 19:08 --------- d-----w C:\Documents and Settings\Nec\Dane aplikacji\OpenOffice.org2
2008-01-21 17:18 --------- d---a-w C:\Documents and Settings\All Users\Dane aplikacji\TEMP
2008-01-17 17:40 --------- d-----w C:\Documents and Settings\Nec\Dane aplikacji\GanymedeNet
2008-01-17 17:16 --------- d-----w C:\Program Files\Ganymede
2008-01-06 16:56 --------- d-----w C:\Program Files\BitComet
2008-01-06 15:44 --------- d-----w C:\Documents and Settings\Nec\Dane aplikacji\Azureus
2007-12-30 17:00 --------- d-----w C:\Program Files\KaraFun
2007-12-30 17:00 --------- d-----w C:\Documents and Settings\All Users\Dane aplikacji\Recisio
2007-12-24 18:08 --------- d-----w C:\Program Files\ParadisePoker
2007-12-21 09:50 --------- d-----w C:\Program Files\CounterPath
2007-12-16 14:36 --------- d-----w C:\Program Files\k700 Remote Profiler
2007-12-14 21:20 --------- d--h--w C:\Program Files\Zero G Registry
2007-12-14 21:06 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2007-12-14 21:06 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2007-12-14 21:05 20,520 ----a-w C:\WINDOWS\system32\drivers\ggsemc.sys
2007-12-14 21:05 13,352 ----a-w C:\WINDOWS\system32\drivers\ggflt.sys
2007-12-14 20:59 --------- d-----w C:\Program Files\Sony Ericsson
2007-11-22 20:22 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-22 20:22 249,856 ------w C:\WINDOWS\Setup1.exe
2006-11-07 21:33 266,240 ----a-w C:\Program Files\xp-AntiSpy.exe
2006-07-12 10:59 3,278,400 ----a-w C:\Program Files\procexp.exe
2001-02-23 17:22 299,008 ----a-w C:\Program Files\bestplayer1.0.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" ctfmon.exe " = " C:\WINDOWS\system32\ctfmon.exe " [2004-08-03 23:44 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" Apoint " = " C:\Program Files\Apoint2K\Apoint.exe " [2005-01-28 03:41 135168]
" SunJavaUpdateSched " = " C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe " [2007-09-25 01:11 132496]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " C:\WINDOWS\system32\CTFMON.EXE " [2004-08-03 23:44 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AQQ]
C:\PROGRA~1\AQQ\AQQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 13:56 17920 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 13:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadu-Gadu]
--a------ 2007-11-14 11:54 2131392 C:\Program Files\Gadu-Gadu\gg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-02-07 07:36 77824 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-02-07 07:40 118784 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-02-07 07:39 94208 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-06-07 18:29 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

S3 AL_WLAN;UGJZ Network Adapter Service;C:\WINDOWS\system32\DRIVERS\AL_WLAN.sys []
S3 ggflt;SEMC USB Flash Driver Filter;C:\WINDOWS\system32\DRIVERS\ggflt.sys [2007-12-14 22:05]
S3 NRKCTL32;NRKCTL32;C:\Program Files\wcpuid\NRKCTL32.SYS [2002-12-21 19:01]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
S3 NVNRMUSB;Novation ReMOTE USB MIDI WDM Driver;C:\WINDOWS\system32\Drivers\Remote.sys [2005-01-03 12:04]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys []
S3 usbscan;Sterownik skanera USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 usbstor;Sterownik magazynu masowego USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eed94561-228b-11dc-875e-0016fe06a4db}]
\Shell\AutoRun\command - H:\USBNB.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 14:48:32
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-02-13 14:50:11 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-13 13:50:01
ComboFix2.txt 2008-02-13 12:34:46
ComboFix3.txt 2008-02-13 11:08:58
ComboFix4.txt 2008-02-13 09:28:27
ComboFix5.txt 2008-02-13 09:16:17
.
2008-02-10 09:42:48 --- E O F ---


logi.rar > Report.txt

SDFix: Version 1.141

Run by Nec on 2008-02-13 at 14:54

Microsoft Windows XP [Wersja 5.1.2600]

Running From: C:\PROGRA~2\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\SYSTEM32\NSPRS.DLL - Deleted
C:\WINDOWS\SYSTEM32\SERAUTH1.DLL - Deleted
C:\WINDOWS\SYSTEM32\SERAUTH2.DLL - Deleted
C:\WINDOWS\SYSTEM32\SSPRS.DLL - Deleted
C:\WINDOWS\SYSTEM32\EUPOODRE.TMP - Deleted





Removing Temp Files...

ADS Check:



Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-13 14:58:36
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0009dd60023e]
" 0016db2dd8fb " =hex:67,0b,46,d2,8a,cf,89,1d,93,f1,b5,e1,33,0a,10,5c
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0009dd60023e]
" 0016db2dd8fb " =hex:67,0b,46,d2,8a,cf,89,1d,93,f1,b5,e1,33,0a,10,5c

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\A\1\5\1c]
" Order " =hex:08,00,00,00,02,00,00,00,b8,01,00,00,01,00,00,00,04,00,00,00,8c,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\PROGRA~2\SDFix\backups\backups.zip

Files with Hidden Attributes:

Thu 7 Feb 2008 355 ...H. --- " C:\Boot.BAK "
Thu 24 Jan 2008 0 A..H. --- " C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT8.tmp "
Mon 11 Feb 2008 0 A.SH. --- " C:\Deckard\System Scanner\backup\WINDOWS\temp\$b17a2e8.tmp "
Mon 11 Feb 2008 60,066 A.SH. --- " C:\Deckard\System Scanner\backup\WINDOWS\temp\$_2341233.TMP "
Tue 12 Feb 2008 43,845 A.SH. --- " C:\Deckard\System Scanner\backup\WINDOWS\temp\$_2341234.TMP "
Thu 7 Feb 2008 0 A..H. --- " C:\Deckard\System Scanner\backup\DOCUME~1\Nec\USTAWI~1\Temp\SetupTempKeyFile.tmp "

Finished!

  Search 5 million + Products