log.rar

Proszę o sprawdzenie logów.

Witam. Ostatnio zauważyłem, że pojawiły mi się jakie¶ nieznane mi procesy. Zał±czam logi: Z góry dzięki.

  • log.rar
    • ComboFix.txt
    • hijackthis.log


Download file - link to post

log.rar > ComboFix.txt

ComboFix 09-03-10.01 - Pawe? 2009-03-10 22:26:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1045.18.1023.644 [GMT 1:00]
Uruchomiony z: c:\documents and settings\Pawe?\Pulpit\ComboFix.exe
AV: Kaspersky Anti-Virus Personal *On-access scanning disabled* (Updated)
* Utworzono nowy punkt przywracania

UWAGA - TEN KOMPUTER NIE MA ZAINSTALOWANEJ KONSOLI ODZYSKIWANIA !!
.

((((((((((((((((((((((((((((((((((((((( Usuni?to )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pthreadGC2.dll

.
((((((((((((((((((((((((( Pliki utworzone od 2009-02-10 do 2009-03-10 )))))))))))))))))))))))))))))))
.

2009-03-10 20:41 . 2009-03-10 20:41 & lt; DIR & gt; d-------- c:\windows\LastGood
2009-03-09 18:22 . 2009-03-09 18:22 & lt; DIR & gt; d-------- c:\documents and settings\Pawe?\Dane aplikacji\CyberLink
2009-03-08 13:12 . 2009-03-08 13:12 & lt; DIR & gt; d-------- c:\program files\Common Files\DirectX
2009-03-07 08:01 . 2009-03-09 21:08 174 --a------ c:\windows\wcx_ftp.ini
2009-03-07 08:00 . 2009-03-07 08:00 & lt; DIR & gt; d-------- c:\program files\totalcmd
2009-03-07 08:00 . 2002-11-04 05:50 545 --a------ c:\windows\UC.PIF
2009-03-07 08:00 . 2002-11-04 05:50 545 --a------ c:\windows\RAR.PIF
2009-03-07 08:00 . 2002-11-04 05:50 545 --a------ c:\windows\PKZIP.PIF
2009-03-07 08:00 . 2002-11-04 05:50 545 --a------ c:\windows\PKUNZIP.PIF
2009-03-07 08:00 . 2002-11-04 05:50 545 --a------ c:\windows\NOCLOSE.PIF
2009-03-07 08:00 . 2002-11-04 05:50 545 --a------ c:\windows\LHA.PIF
2009-03-07 08:00 . 2002-11-04 05:50 545 --a------ c:\windows\ARJ.PIF
2009-03-07 08:00 . 2009-03-10 10:03 318 --a------ c:\windows\wincmd.ini
2009-03-06 20:51 . 2009-03-06 20:51 198,656 --a------ c:\windows\system32\Comdlg32.ocx
2009-03-06 10:48 . 2009-03-06 10:48 & lt; DIR & gt; d-------- c:\program files\office
2009-03-04 17:23 . 2009-03-04 17:23 & lt; DIR & gt; d-------- c:\windows\Sun
2009-02-14 13:06 . 2001-08-17 20:13 27,165 --a------ c:\windows\system32\drivers\fetnd5.sys
2009-02-14 13:06 . 2001-08-17 20:13 27,165 --a--c--- c:\windows\system32\dllcache\fetnd5.sys

.
(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-08 12:03 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-06 19:58 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-08 13:42 --------- d-----w c:\program files\GordianKnot
2009-02-08 13:42 --------- d-----w c:\program files\Gabest
2009-02-08 13:41 --------- d-----w c:\program files\AviSynth 2.5
2009-02-08 13:38 --------- d-----w c:\program files\CyberLink
2009-02-08 13:38 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\CyberLink
2009-02-08 13:29 --------- d-----w c:\program files\GPL MPEG Decoder
2009-02-08 12:52 --------- d-----w c:\program files\FLVPlayer
2009-02-07 08:48 --------- d-----w c:\program files\G DATA Software
2009-02-06 20:52 --------- d-----w c:\program files\ACD Systems
2009-02-06 20:03 --------- d-----w c:\program files\Sun
2009-02-06 20:02 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-06 20:02 --------- d-----w c:\program files\Java
2009-02-05 18:27 --------- d-----w c:\program files\Winamp
2009-02-04 12:07 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-02-04 12:07 22,328 ----a-w c:\documents and settings\Pawe?\Dane aplikacji\PnkBstrK.sys
2009-02-04 12:07 2,250,024 ----a-w c:\windows\system32\pbsvc.exe
2009-02-04 11:43 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-02-04 11:11 --------- d-----w c:\program files\Common Files\Adobe
2009-02-03 13:55 --------- d-----w c:\documents and settings\Pawe?\Dane aplikacji\Thinstall
2009-02-03 13:53 --------- d-----w c:\program files\Common Files\Ahead
2009-02-03 13:53 --------- d-----w c:\program files\Ahead
2009-02-03 13:49 --------- d-----w c:\program files\Real Alternative
2009-02-01 18:03 --------- d-----w c:\program files\DVBViewerTE
2009-02-01 18:02 --------- d-----w c:\program files\TechniSat DVB
2009-01-31 17:09 --------- d-----w c:\program files\Alcohol Soft
2009-01-31 16:20 --------- d-----w c:\documents and settings\Pawe?\Dane aplikacji\Gadu-Gadu
2009-01-31 16:16 --------- d-----w c:\program files\Creative
2009-01-31 13:29 --------- d-----w c:\program files\Gadu-Gadu
2009-01-31 13:17 --------- d-----w c:\program files\ffdshow
2009-01-31 13:14 --------- d-----w c:\program files\Easy RealMedia Tools
2009-01-31 13:14 --------- d-----w c:\program files\AC3Filter
2009-01-31 13:13 --------- d-----w c:\program files\SubEdit-Player
2009-01-31 13:11 --------- d-----w c:\documents and settings\All Users\Dane aplikacji\Kaspersky Anti-Virus Personal
2009-01-31 13:10 --------- d-----w c:\program files\Kaspersky Lab
2009-01-31 11:43 --------- d-----w c:\program files\Haali
2009-01-31 11:24 --------- d-----w c:\program files\microsoft frontpage
2009-01-31 11:23 --------- d-----w c:\program files\Us?ugi online
.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawid?owe wpisy nie s? pokazane
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\system32\ctfmon.exe " [2004-08-04 15360]
" Gadu-Gadu " = " c:\program files\Gadu-Gadu\gg.exe " [2008-03-20 2127296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
" NVRTCLK " = " c:\windows\system32\NVRTCLK\NVRTClk.exe " [2003-12-30 24576]
" NvCplDaemon " = " c:\windows\system32\NvCpl.dll " [2005-01-10 5513216]
" NvMediaCenter " = " c:\windows\system32\NvMcTray.dll " [2005-01-10 86016]
" KAVPersonal50 " = " c:\program files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe " [2004-08-06 127079]
" UpdReg " = " c:\windows\UpdReg.EXE " [2000-05-11 90112]
" Jet Detection " = " c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe " [2001-11-29 28672]
" NeroFilterCheck " = " c:\windows\system32\NeroCheck.exe " [2001-07-09 155648]
" Adobe Reader Speed Launcher " = " c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe " [2008-06-12 34672]
" SunJavaUpdateSched " = " c:\program files\Java\jre6\bin\jusched.exe " [2009-02-06 136600]
" RemoteControl " = " c:\program files\CyberLink\PowerDVD\PDVDServ.exe " [2003-10-31 32768]
" MSConfig " = " c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe " [2004-08-04 159744]
" nwiz " = " nwiz.exe " [2005-01-10 c:\windows\system32\nwiz.exe]
" WINDVDPatch " = " CTHELPER.EXE " [2002-07-02 c:\windows\system32\CTHELPER.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
" CTFMON.EXE " = " c:\windows\system32\CTFMON.EXE " [2004-08-04 15360]

c:\documents and settings\All Users\Menu Start\Programy\Autostart\
Server4PC.lnk - c:\program files\TechniSat DVB\bin\Server4PC.exe [2009-02-01 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
" PnkBstrB " =2 (0x2)
" PnkBstrA " =2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
" DisableMonitoring " =dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
" %windir%\\system32\\sessmgr.exe " =
" c:\\Program Files\\TechniSat DVB\\bin\\Server4PC.exe " =
" d:\\ProgramFiles\\BitComet\\BitComet.exe " =
" d:\\ProgramFiles\\GG\\Gadu-Gadu\\gg.exe " =

R0 AFPAnsi;G-DATA Ukrywacz Ansi;c:\windows\system32\drivers\AFPAnsi.sys [2009-02-07 43904]
R0 FO_PAnt;FotoOffice VirtualDisc Driver;c:\windows\system32\drivers\FO_PAnt.sys [2009-02-07 89216]
R1 Klmc;Klmc;c:\windows\system32\drivers\klmc.sys [2004-08-06 9939]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;c:\windows\system32\drivers\SkyNET.sys [2009-02-01 462212]
.
- - - - USUNI?TO PUSTE WPISY - - - -

HKLM-Run-PathNvidiaTV - c:\program files\Gigabyte\Nvidia\patchnvidiaTVout.exe


.
------- Skan uzupe?niaj?cy -------
.
uStart Page = hxxp://www.google.pl/
TCP: {95D5B289-C132-4E4D-A33C-1B942BFDF39E} = 192.168.1.1
FF - ProfilePath - c:\documents and settings\Pawe?\Dane aplikacji\Mozilla\Firefox\Profiles\reqok5ex.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.pl
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 22:28:53
Windows 5.1.2600 Dodatek Service Pack 2 NTFS

skanowanie ukrytych procesów ...

skanowanie ukrytych wpisów autostartu ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
PathNvidiaTV = c:\program files\Gigabyte\Nvidia\patchnvidiaTVout.exe???@?A?B?C?D?E?F?G?H?I?J?K?L?M?N?O?P?Q?R?S?T?U?V?W?X?Y?Z?[?\?]?^?_?`?a?b?c?d?e?f?g?h?i?j?k?l?m?n?o?p?q?r?s?t?u?v?w?x?y?z?{?|?}?~???? ??? ??? & ! ??0 `?9 Z?d?}?y???? ? ? ? " ? ? ?? " !a?: [?e?~?z???????A?

skanowanie ukrytych plików ...

skanowanie pomyślnie uko?czone
ukryte pliki: 0

**************************************************************************
.
Czas uko?czenia: 2009-03-10 22:30:28
ComboFix-quarantined-files.txt 2009-03-10 21:30:12

Przed: 3 316 269 056 bajtów wolnych
Po: 3,735,060,480 bajtów wolnych

142 --- E O F --- 2009-02-28 15:06:25

  Search 5 million + Products