Problem z dostępem do serwerów - prośba o pomoc

Dla specjalistów Bezpieczeństwo
#1

Witam serdecznie,

od paru dni (tygodni?) mam ogromny problem z dostępem do niektórych stron internetowych. Co dziwne problem dotyczy tylko i wyłącznie serwerów stricte ‘programowych’ (nie wiem jaka jest na to profesjonalnie nazwa :wink:

Microsoft, windows, avg, gdata itp.

Ze stronami typu onet, interia itp wszystko huczy i buczy.

Problem zauważyłam dopiero w momencie kiedy pojawiły się ‘szmery’ w aktualizacji GData InternetSecurity (wyskakujące okienko z informacja, ze aktualizacja jest niemożliwa itd).

Dzisiaj ‘odkryłam’ ze miałam zainstalowany niejaki McAfeeScan… i tak naprawdę wyskakujące okienko dotyczyło niemożności pobrania aktualizacji właśnie do tego programu (co jednocześnie czyniło niemożliwym pobieranie aktualizacji do GDaty, oraz - jak się teraz okazało - niemożliwośc wejścia do jakiejkolwiek strony związanej z oprogramowaniem itp.)

Odinstalowałam obydwa programy, zainstalowałam na nowo (tylko) GDate i…nic :frowning:

Dalej otwiera mi bez problemu ‘powszechne’ strony, a te stricte ‘programowe’ (zwal jak zwal :wink: niestety dalej odbijają się echem :frowning:

W innym forum uzyskałam info o ‘daniu loga hijack’ (pisze roównież tutaj, gdyż kwestia nieco mnie drażni i może gdzieś szybciej uda mi się znaleźc rozwiązanie)…nie ukrywam, iż jestem zielona w tych sprawach, ale trochę posznupałam po necie i…loga już mam, i - mam nadzieje - dobrze doczytałam co i jak zatem OTL… http://www.wklejto.pl/53304 (wcześniej był tutaj log hijackThis)

Niestety w kwestiach tego typu jestem kompletnym laikiem (baba! :wink: dlatego bardzo proszę o pomoc :slight_smile:

Z góry dziękuję

#2

tolkamala , przeczytaj ten temat i popraw tytuł oraz błędy. Na forum używamy polskiej pisowni. Inaczej temat zostanie usunięty. Przeczytaj regulamin forum.

zasady-wklejania-logow-forum-tytulowania-tematow-t253052.html

#3

Wykonaj pełny skan Dr. Web CureIt

#4

problem w tym, ze nie łączy się ze stroną :frowning:

Jak przy wszystkich innych stronach wyskakuje mi >>Firefox nie może odnaleźć serwera ftp.drweb.com.

Można jakoś inaczej?

#5

Przez IE też nie idzie?

#6

Tez nie :frowning:

#7

Spróbuj - http://ftp.drweb.com/pub/drweb/cureit/

#8

Pobierz stąd - już ma zmienioną nazwę, by nie uległ zarazeniu.

>http://www.speedyshare.com/files/19930120/launch.com

jessi

#9

To najprawdopodobniej biblioteka Confickera, lecz OTL nie zawsze widzi jego usługę.

Wykonaj nowy log OTL z opcji Run Scan uprzednio wklejając w niego ten tekst:

Doklej również log z GMER.

Przed uruchomieniem powyższych narzędzi odinstaluj (jeśli posiadasz) wszelkie programy tworzące wirtualne napędy (Daemon Tools, Alcohol itp.) oraz usuń instalowany przez nie sterownik SPTD narzędziem SPTDInst z opcji Uninstall (jeśli będzie zszarzałe, to OK).

#10

Nie wchodzi :frowning:

#11

http://www.speedyshare.com/files/19930120/launch.com - a jessi?

Daj log z OTL wg instrukcji deFco247

#12

deFco247 , nie strasz tylu osób robakiem Kido. Mi to wygląda na rootkit’a. Miałem dokładnie takie same objawy. Syf lubi siedzieć w Tempie. Skanery ci go nie wykryją - wirus nimi steruje. Możesz śledzić rootkit’a w GMER’ze.

#13

strona podana przez jessi wchodzi…cos z tym mam zrobic?

czy zabrac sie za OTL’a wg instrukcji deFco247?

#14

PC174 , ja nie straszę nim…

Dlatego też oprócz OTL-a proszę o log GMER, bo nigdy nic nie wiadomo.

Ponadto Conficker w zasadzie też tworzy usługę ukrytą, czyli “rootkitopodobną”.

Tak.

#15

gdzie ma wpisac podany tekst to OTL’a? w puste okienko na dole? (jestem laikiem w tych sprawach, prosze pamietac :slight_smile:

log GMER’a…cos takiego?

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit quick scan 2010-01-11 17:03:00

Windows 5.1.2600 Dodatek Service Pack 2

Running: 7s2ok30p.exe; Driver: D:\DOCUME~1\Marek\USTAWI~1\Temp\pxtdypog.sys



---- Devices - GMER 1.0.15 ----


Device \Driver\Tcpip \Device\Ip GDTdiIcpt.sys (G DATA Software AG)

Device \Driver\Tcpip \Device\Tcp GDTdiIcpt.sys (G DATA Software AG)

Device \Driver\Tcpip \Device\Udp GDTdiIcpt.sys (G DATA Software AG)

Device \Driver\Tcpip \Device\RawIp GDTdiIcpt.sys (G DATA Software AG)


---- EOF - GMER 1.0.15 ----
#16

Akurat w jego interfejsie nie ma innego miejsca na wklejanie tekstu. :stuck_out_tongue:

Tak, tam gdzie podałaś.

#17

hmmm…cos takiego?

OTL logfile created on: 2010-01-11 17:14:17 - Run 2

OTL by OldTimer - Version 3.1.23.0 Folder = D:\Documents and Settings\Marek\Moje dokumenty\Pobieranie

Windows XP Professional Edition Dodatek Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd


1 022,00 Mb Total Physical Memory | 442,00 Mb Available Physical Memory | 43,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 69,00% Paging File free

Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]


%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files

Drive C: | 58,59 Gb Total Space | 49,60 Gb Free Space | 84,64% Space Free | Partition Type: NTFS

Drive D: | 51,39 Gb Total Space | 3,69 Gb Free Space | 7,18% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

Drive I: | 39,06 Gb Total Space | 5,63 Gb Free Space | 14,42% Space Free | Partition Type: NTFS

Drive J: | 6,64 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF


Computer Name: MOMO

Current User Name: Marek

Logged in as Administrator.


Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard


[color=#E56717]========== Processes (SafeList) ==========[/color]


PRC - [2010-01-11 17:01:47 | 00,293,376 | ---- | M] () -- D:\Documents and Settings\Marek\Moje dokumenty\Pobieranie\7s2ok30p.exe

PRC - [2010-01-11 11:45:41 | 00,543,744 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Marek\Moje dokumenty\Pobieranie\OTL.exe

PRC - [2010-01-07 08:05:23 | 00,908,248 | ---- | M] (Mozilla Corporation) -- D:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009-11-12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Szajbus Iwonka\iTunesHelper.exe

PRC - [2009-11-12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- D:\Program Files\iPod\bin\iPodService.exe

PRC - [2009-09-07 09:24:36 | 00,923,208 | ---- | M] (G Data Software AG) -- D:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe

PRC - [2009-09-03 22:17:14 | 03,342,336 | ---- | M] (Electronic Arts) -- D:\Program Files\Electronic Arts\EADM\Core.exe

PRC - [2009-08-28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) -- D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

PRC - [2009-08-24 13:17:44 | 01,123,400 | ---- | M] (G Data Software AG) -- D:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

PRC - [2009-08-24 13:17:42 | 01,045,576 | ---- | M] (G DATA Software AG) -- D:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe

PRC - [2009-08-24 13:17:42 | 00,397,896 | ---- | M] (G Data Software AG) -- D:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe

PRC - [2009-08-03 13:49:26 | 01,538,352 | ---- | M] (G Data Software AG) -- D:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe

PRC - [2009-07-30 12:33:30 | 01,244,760 | ---- | M] (G Data Software AG) -- D:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe

PRC - [2009-07-27 03:03:58 | 00,300,616 | ---- | M] (G Data Software AG) -- D:\Program Files\Common Files\G DATA\GDScan\GDScan.exe

PRC - [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- D:\Program Files\Bonjour\mDNSResponder.exe

PRC - [2006-02-24 11:58:14 | 00,868,352 | R--- | M] (Sony Ericsson Mobile Communications AB) -- D:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe

PRC - [2005-10-26 16:17:24 | 00,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe

PRC - [2005-09-22 15:01:54 | 00,053,248 | ---- | M] (Hewlett-Packard Company) -- D:\Program Files\Common Files\LightScribe\LSSrvc.exe

PRC - [2005-08-10 07:54:34 | 00,385,024 | R--- | M] (Teleca Software Solutions) -- D:\Program Files\Common Files\Teleca Shared\Generic.exe

PRC - [2005-08-06 00:07:30 | 00,061,440 | ---- | M] (ATI Technologies Inc.) -- D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

PRC - [2005-08-04 04:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- D:\WINDOWS\system32\ati2evxx.exe

PRC - [2005-06-08 16:45:04 | 00,278,528 | ---- | M] (Teleca Software Solutions AB) -- D:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe

PRC - [2004-10-27 07:49:14 | 00,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\SOUNDMAN.EXE

PRC - [2004-08-03 23:44:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe



[color=#E56717]========== Modules (SafeList) ==========[/color]


MOD - [2010-01-11 11:45:41 | 00,543,744 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\Marek\Moje dokumenty\Pobieranie\OTL.exe

MOD - [2004-08-03 23:42:34 | 01,050,624 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll



[color=#E56717]========== Win32 Services (SafeList) ==========[/color]


SRV - [2009-11-12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- D:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)

SRV - [2009-08-28 19:42:54 | 00,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009-08-24 13:17:42 | 01,045,576 | ---- | M] (G DATA Software AG) [Auto | Running] -- D:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)

SRV - [2009-08-24 13:17:42 | 00,397,896 | ---- | M] (G Data Software AG) [Auto | Running] -- D:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)

SRV - [2009-08-03 13:49:26 | 01,538,352 | ---- | M] (G Data Software AG) [On_Demand | Running] -- D:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe -- (GDFwSvc)

SRV - [2009-07-30 12:33:30 | 01,244,760 | ---- | M] (G Data Software AG) [Auto | Running] -- D:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe -- (AVKWCtl)

SRV - [2009-07-27 03:03:58 | 00,300,616 | ---- | M] (G Data Software AG) [On_Demand | Running] -- D:\Program Files\Common Files\G DATA\GDScan\GDScan.exe -- (GDScan)

SRV - [2008-12-12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- D:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)

SRV - [2005-09-22 15:01:54 | 00,053,248 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- D:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)

SRV - [2005-08-05 20:05:00 | 00,516,096 | ---- | M] () [Auto | Stopped] -- D:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)

SRV - [2005-08-04 04:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- D:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)

SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2004-08-03 23:44:02 | 00,162,155 | RHS- | M] () [Auto | Stopped] -- D:\WINDOWS\system32\fkmsf.dll -- (edxhmzp)

SRV - [2003-02-20 18:19:38 | 00,032,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state)



[color=#E56717]========== Driver Services (SafeList) ==========[/color]


DRV - [2010-01-10 17:35:53 | 00,068,976 | ---- | M] (G Data Software) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\GRD.sys -- (GRD)

DRV - [2010-01-10 17:26:00 | 00,034,632 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)

DRV - [2009-12-06 21:03:23 | 00,028,400 | ---- | M] () [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)

DRV - [2009-10-28 15:31:21 | 00,053,320 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)

DRV - [2009-10-28 15:30:38 | 00,022,528 | ---- | M] (G DATA Software AG) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc)

DRV - [2009-10-28 15:30:37 | 00,051,784 | ---- | M] (G DATA Software AG) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)

DRV - [2009-10-28 15:30:34 | 00,027,720 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- D:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)

DRV - [2009-05-18 14:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GearAspiWDM)

DRV - [2005-08-04 04:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2005-06-03 13:47:06 | 00,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)

DRV - [2005-06-03 13:47:04 | 00,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)

DRV - [2005-06-03 13:47:00 | 00,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)

DRV - [2005-06-03 13:46:58 | 00,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)

DRV - [2005-06-03 13:46:52 | 00,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)

DRV - [2005-03-16 07:23:54 | 00,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS)

DRV - [2005-03-04 04:10:26 | 00,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)

DRV - [2004-10-27 06:57:38 | 02,284,864 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2004-08-03 21:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Sterownik NT karty Realtek RTL8139(A/B/C)

DRV - [2003-04-16 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)



[color=#E56717]========== Standard Registry (SafeList) ==========[/color]



[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]


FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010-01-07 08:05:29 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010-01-07 08:05:29 | 00,000,000 | ---D | M]


[2009-10-28 17:28:25 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Marek\Dane aplikacji\Mozilla\Extensions

[2009-10-28 22:24:33 | 00,000,000 | ---D | M] -- D:\Documents and Settings\Marek\Dane aplikacji\Mozilla\Firefox\Profiles\actj3tiw.default\extensions

[2010-01-11 15:27:09 | 00,000,000 | ---D | M] -- D:\Program Files\Mozilla Firefox\extensions

[2010-01-10 17:25:38 | 00,000,000 | ---D | M] (G Data WebFilter) -- D:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}

[2009-10-16 19:45:02 | 00,002,767 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\allegro-pl.xml

[2009-10-16 19:45:02 | 00,001,406 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\fbc-pl.xml

[2009-10-16 19:45:02 | 00,000,917 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\merlin-pl.xml

[2009-10-16 19:45:02 | 00,000,858 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\pwn-pl.xml

[2009-10-16 19:45:02 | 00,001,183 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wikipedia-pl.xml

[2009-10-16 19:45:02 | 00,001,683 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\wp-pl.xml


O1 HOSTS File: (742 bytes) - D:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - D:\Program Files\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - D:\Program Files\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ATICCC] D:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)

O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] D:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] D:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)

O4 - HKLM..\Run: [iTunesHelper] C:\Szajbus Iwonka\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [QuickTime Task] D:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [Sony Ericsson PC Suite] D:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)

O4 - HKLM..\Run: [SoundMan] D:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKCU..\Run: [EA Core] D:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)

O4 - Startup: D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\ATI CATALYST – pasek zadań.lnk = D:\Program Files\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)

O4 - Startup: D:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: E&ksport do programu Microsoft Excel - D:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: ([]msn in Mój komputer)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.107.153.5 89.107.153.6

O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009-09-11 02:00:10 | 00,419,088 | R--- | M] (Electronic Arts) - J:\AutoRun.exe -- [UDF]

O32 - AutoRun File - [2009-09-11 01:57:18 | 00,000,000 | R--D | M] - J:\Autorun -- [UDF]

O32 - AutoRun File - [2009-09-11 02:00:08 | 09,957,376 | R--- | M] () - J:\autorun.dat -- [UDF]

O32 - AutoRun File - [2009-09-11 01:38:34 | 00,000,136 | R--- | M] () - J:\autorun.inf -- [UDF]

O33 - MountPoints2\{1fc46f80-be97-11de-8b33-806d6172696f}\Shell - "" = AutoRun

O33 - MountPoints2\{1fc46f80-be97-11de-8b33-806d6172696f}\Shell\AutoRun\command - "" = J:\AutoRun.exe -- [2009-09-11 02:00:10 | 00,419,088 | R--- | M] (Electronic Arts)

O33 - MountPoints2\{f688c4a2-df6d-11de-a345-00e04cec046c}\Shell - "" = AutoRun

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*


NetSvcs: 6to4 - File not found

NetSvcs: Ias - D:\WINDOWS\system32\ias [2009-10-21 22:31:38 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

NetSvcs: edxhmzp - D:\WINDOWS\system32\fkmsf.dll ()



SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PEVSystemStart - Service

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: procexp90.Sys - Driver

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: sermouse.sys - Driver

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vds - Service

SafeBootMin: vga.sys - Driver

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices


SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: nm - File not found

SafeBootNet: nm.sys - File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PEVSystemStart - Service

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: procexp90.Sys - Driver

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: sermouse.sys - Driver

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: UploadMgr - Service

SafeBootNet: vga.sys - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices


[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]


[2010-01-11 16:24:05 | 00,000,000 | --SD | C] -- D:\ComboFix

[2010-01-11 16:17:49 | 00,000,000 | ---D | C] -- D:\WINDOWS\ERDNT

[2010-01-11 16:16:56 | 00,000,000 | ---D | C] -- D:\Qoobox

[2010-01-10 17:26:00 | 00,034,632 | ---- | C] (G Data Software AG) -- D:\WINDOWS\System32\drivers\HookCentre.sys

[2010-01-10 17:24:35 | 00,000,000 | ---D | C] -- D:\Program Files\G Data

[2010-01-10 17:19:12 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Marek\Ustawienia lokalne\Dane aplikacji\GHISLER

[2010-01-10 16:14:55 | 00,000,000 | RH-D | C] -- D:\Documents and Settings\Marek\Recent

[2010-01-10 16:12:13 | 00,000,000 | ---D | C] -- D:\Program Files\CCleaner

[2010-01-07 08:19:46 | 00,000,000 | ---D | C] -- D:\WINDOWS\Minidump

[2010-01-02 19:54:13 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Marek\Dane aplikacji\com.adobe.example.avatarAirApplication.199ED43C2CFEB351CD0244628B93195D7C58F98C.1

[2010-01-02 19:53:59 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\Adobe AIR

[2009-12-31 15:43:22 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Marek\Pulpit\Nowy folder

[2009-12-29 21:24:24 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Marek\Ustawienia lokalne\Dane aplikacji\Identities

[2009-12-29 21:07:01 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Marek\Ustawienia lokalne\Dane aplikacji\Sony Ericsson

[2009-12-29 21:02:30 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Marek\Dane aplikacji\Teleca

[2009-12-29 21:01:43 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Documents

[2009-12-29 21:01:37 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Sony Ericsson

[2009-12-29 21:01:32 | 00,000,000 | ---D | C] -- D:\Program Files\Common Files\Teleca Shared

[2009-12-29 21:01:21 | 00,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Dane aplikacji\Teleca

[2009-12-29 21:01:21 | 00,000,000 | ---D | C] -- D:\Program Files\Sony Ericsson

[2009-12-29 20:49:51 | 00,005,744 | ---- | C] (MCCI) -- D:\WINDOWS\System32\drivers\k750wh.sys

[2009-12-29 20:49:47 | 00,006,144 | ---- | C] (MCCI) -- D:\WINDOWS\System32\drivers\k750cm.sys

[2009-12-29 20:49:03 | 00,000,000 | ---D | C] -- D:\WINDOWS\Downloaded Installations

[2009-12-27 22:31:09 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Marek\Moje dokumenty\FIFA 10

[2009-12-27 21:30:15 | 00,000,000 | ---D | C] -- D:\Program Files\EA Sports

[2009-12-27 02:33:16 | 00,000,000 | ---D | C] -- D:\Documents and Settings\Marek\Pulpit\hacker

[2009-10-22 10:21:06 | 00,000,000 | ---D | M] -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-10-21 22:34:56 | 00,000,000 | ---D | M] -- D:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\Microsoft

[2009-10-21 22:31:41 | 00,000,000 | --SD | M] -- D:\Documents and Settings\NetworkService\Dane aplikacji\Microsoft

[2009-10-21 22:31:41 | 00,000,000 | --SD | M] -- D:\Documents and Settings\LocalService\Dane aplikacji\Microsoft

[2004-11-24 19:25:52 | 00,335,872 | ---- | C] ( ) -- D:\WINDOWS\System32\drvc.dll

[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp ->]


[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]


[2010-01-11 08:41:47 | 00,000,006 | -H-- | M] () -- D:\WINDOWS\tasks\SA.DAT

[2010-01-11 08:41:44 | 00,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat

[2010-01-10 23:05:03 | 03,932,160 | -H-- | M] () -- D:\Documents and Settings\Marek\NTUSER.DAT

[2010-01-10 23:04:42 | 00,000,292 | -HS- | M] () -- D:\Documents and Settings\Marek\ntuser.ini

[2010-01-10 23:04:34 | 03,755,176 | -H-- | M] () -- D:\Documents and Settings\Marek\Ustawienia lokalne\Dane aplikacji\IconCache.db

[2010-01-10 22:59:38 | 00,095,360 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\System32\dllcache\atapi.sys

[2010-01-10 19:50:38 | 00,000,116 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini

[2010-01-10 19:48:07 | 00,028,672 | ---- | M] () -- D:\Documents and Settings\Marek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010-01-10 17:35:53 | 00,068,976 | ---- | M] (G Data Software) -- D:\WINDOWS\System32\drivers\GRD.sys

[2010-01-10 17:26:00 | 00,034,632 | ---- | M] (G Data Software AG) -- D:\WINDOWS\System32\drivers\HookCentre.sys

[2010-01-10 17:25:58 | 00,001,773 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\G Data InternetSecurity.lnk

[2010-01-10 17:15:36 | 00,002,596 | ---- | M] () -- D:\WINDOWS\System32\CONFIG.NT

[2010-01-10 16:16:04 | 00,094,298 | ---- | M] () -- D:\Documents and Settings\Marek\Moje dokumenty\cc_20100110_161549.reg

[2010-01-10 16:12:14 | 00,001,548 | ---- | M] () -- D:\Documents and Settings\Marek\Pulpit\CCleaner.lnk

[2010-01-10 16:04:11 | 00,000,784 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\EA Download Manager.lnk

[2010-01-09 22:17:24 | 00,000,190 | ---- | M] () -- D:\Documents and Settings\Marek\default.pls

[2010-01-09 12:58:21 | 00,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl

[2010-01-09 12:33:05 | 00,038,912 | ---- | M] () -- D:\Documents and Settings\Marek\Pulpit\momo po opoprawkach.doc

[2009-12-29 21:16:00 | 00,000,000 | ---- | M] () -- D:\WINDOWS\mngui.INI

[2009-12-29 21:01:48 | 00,001,958 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\Sony Ericsson PC Suite.lnk

[2009-12-29 20:49:51 | 00,005,744 | ---- | M] (MCCI) -- D:\WINDOWS\System32\drivers\k750wh.sys

[2009-12-29 20:49:47 | 00,006,144 | ---- | M] (MCCI) -- D:\WINDOWS\System32\drivers\k750cm.sys

[2009-12-27 22:04:31 | 00,001,711 | ---- | M] () -- D:\Documents and Settings\All Users\Pulpit\FIFA 10.lnk

[4 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp ->]


[color=#E56717]========== Files Created - No Company Name ==========[/color]


[2010-01-10 17:25:58 | 00,001,773 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\G Data InternetSecurity.lnk

[2010-01-10 16:15:56 | 00,094,298 | ---- | C] () -- D:\Documents and Settings\Marek\Moje dokumenty\cc_20100110_161549.reg

[2010-01-10 16:12:14 | 00,001,548 | ---- | C] () -- D:\Documents and Settings\Marek\Pulpit\CCleaner.lnk

[2010-01-09 12:19:54 | 00,038,912 | ---- | C] () -- D:\Documents and Settings\Marek\Pulpit\momo po opoprawkach.doc

[2009-12-29 21:16:00 | 00,000,000 | ---- | C] () -- D:\WINDOWS\mngui.INI

[2009-12-29 21:01:47 | 00,001,958 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\Sony Ericsson PC Suite.lnk

[2009-12-27 22:04:31 | 00,001,711 | ---- | C] () -- D:\Documents and Settings\All Users\Pulpit\FIFA 10.lnk

[2009-11-24 20:34:55 | 00,000,232 | ---- | C] () -- D:\WINDOWS\XIIIHoolieDemo.ini

[2009-11-24 20:11:34 | 00,000,232 | ---- | C] () -- D:\WINDOWS\XIIIHooligans.ini

[2009-10-28 15:31:38 | 00,002,596 | ---- | C] () -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Config.nt.bak

[2009-10-28 15:31:38 | 00,001,734 | ---- | C] () -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\Autoexec.nt.bak

[2009-10-28 15:31:38 | 00,000,742 | ---- | C] () -- D:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\hosts.bak

[2009-10-22 17:33:25 | 00,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini

[2009-10-22 12:04:01 | 00,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll

[2009-10-22 10:10:24 | 00,363,520 | ---- | C] () -- D:\WINDOWS\System32\psisdecd.dll

[2009-10-22 10:10:20 | 00,162,155 | RHS- | C] () -- D:\WINDOWS\System32\fkmsf.dll

[2009-10-21 23:24:36 | 00,000,427 | ---- | C] () -- D:\WINDOWS\ODBC.INI

[2009-10-21 23:10:58 | 00,028,672 | ---- | C] () -- D:\Documents and Settings\Marek\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009-10-21 23:10:25 | 00,000,130 | ---- | C] () -- D:\Documents and Settings\Marek\Ustawienia lokalne\Dane aplikacji\fusioncache.dat

[2009-10-21 22:57:57 | 00,156,672 | ---- | C] () -- D:\WINDOWS\System32\RTLCPAPI.dll

[2008-12-19 15:15:58 | 04,338,246 | ---- | C] () -- D:\WINDOWS\System32\libavcodec.dll

[2008-12-17 17:41:18 | 00,884,237 | ---- | C] () -- D:\WINDOWS\System32\ff_x264.dll

[2008-12-17 17:22:58 | 00,093,184 | ---- | C] () -- D:\WINDOWS\System32\ff_wmv9.dll

[2008-12-17 17:22:48 | 00,057,344 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll

[2008-12-17 17:17:34 | 00,239,247 | ---- | C] () -- D:\WINDOWS\System32\ff_theora.dll

[2008-12-17 16:59:54 | 00,560,802 | ---- | C] () -- D:\WINDOWS\System32\libmplayer.dll

[2008-12-11 11:27:02 | 00,000,547 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll.manifest

[2004-10-03 17:50:54 | 00,129,024 | ---- | C] () -- D:\WINDOWS\System32\ff_mpeg2enc.dll

[2003-04-16 13:00:00 | 00,028,400 | ---- | C] () -- D:\WINDOWS\System32\drivers\secdrv.sys


[color=#E56717]========== Custom Scans ==========[/color]



[color=#A23BEC]< %systemdrive%\*.* >[/color]

[2010-01-11 08:41:41 | 16,106,12736 | -HS- | M] () -- D:\pagefile.sys


[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List >[/color]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"5942:TCP" = 5942:TCP:*:Enabled:posiy


[color=#E56717]========== Alternate Data Streams ==========[/color]


@Alternate Data Stream - 16 bytes -> D:\Documents and Settings\Marek\Moje dokumenty\Shareaza Downloads:Shareaza.GUID

< End of report >
#18

Zawartość logów wklejasz na wklej.org, wklej.to lub nopaste.pl, a w poście dajesz link.

Skoro używałaś Combofixa, to dlaczego o tym nie piszesz?

Pokaż log z tamtego skanowania.

W białe dolne okno Custom Scans/Fixes w OTL wklej:

Run Fix. Restart, jeśli będzie potrzebny.

Potem log z usuwania oraz nowy log robiony opcją Run Scan.

Tuż po restarcie wykonaj również to:

Otwórz Notatnik i wklej do niego:

Plik zapisz jako typ wszystkie pliki pod nazwą plik.bat -> uruchom powstały plik.

Koniecznie zaktualizuj system do stanu Service Pack 3.

#19

Ok, od teraz zawartośc logów będę wklejc przez podane namiary :slight_smile:

Co do combofix…jest blokowany przez GDatę (wyskakuje błąd)

Za resztę zaraz się zabieram - to jest dla mnie nowośc więc mam nadzieję, że niczego nie spapram :slight_smile:

#20

Podczas pobierania i skanowania Combofixem należy wyłączyć wszelkie antywirusy i firewalle.

Nowego skanu już jednak nie uruchamiaj, bo nie jest potrzebny.