Microsoft.com nie odnaleziono serwera

Wiem ktoś jak rozwiązać ten problem? Tak samo jest ze stronką Avasta. na żadnej przeglądarce te dwie strony nie działają. proszę o szybką odpowiedź bo chcę zassać Windowsa 7 :smiley: :smiley: :smiley: :smiley: :smiley: :smiley: :smiley:

Nie wiem po co tak szczerzysz zęby. :stuck_out_tongue:

To może być Conficker, który zwyczajowo blokuje tego typu strony, a to śmieszne nie jest…

Poza tym Windowsa 7 to kupić musisz, a nie pobrać…

Pokaż logi z narzędzi:

:arrow: OTL

Przestawiasz w nim Processes i Modules na All oraz wklejasz w dolne białe okienko Custom Scans/Fixes :

Klikasz Run Scan.

:arrow: System Repair Engineer

:arrow: GMER

Zawartość logów wklejasz na wklej.org, wklej.to lub nopaste.pl, a w poście dajesz link.

UP

Ale może chce przetestować 7 przed zakupem, a ma taką możliwość LEGALNIE.

Topic

Wklej logi to będziemy więcej wiedzieć

ComboFix 09-12-25.01 - Mikołaj 2009-12-25 18:13:27.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.1.1250.48.1045.18.511.297 [GMT 1:00]

Uruchomiony z: c:\documents and settings\Mikołaj\Pulpit\ComboFix.exe

Użyto następujących komend :: c:\documents and settings\Mikołaj\Pulpit\CFScript.txt

.

/wow section - STAGE 4

((((((((((((((((((((((((((((((((((((((( Usunięto )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\MIKOAJ~1\USTAWI~1\Temp\d .exe

c:\docume~1\MIKOAJ~1\USTAWI~1\Temp\d .exe

c:\program files\Adobe\acrotray .exe

c:\program files\adobe\acrotray.exe

c:\windows\system32\ctfmon .exe

c:\windows\system32\hdashcut .exe

c:\windows\system32\ieuinit.inf

c:\windows\system32\muzapp.exe

c:\windows\system32\nerocheck .exe

c:\windows\system32\qyi .exe

c:\windows\Tasks\At1.job

c:\windows\Tasks\At12.job

Zainfekowana kopia c:\windows\system32\lsass.exe została znaleziona. Problem naprawiono

Plik odzyskano z - c:\windows\ServicePackFiles\i386\lsass.exe

c:\windows\system32\services.exe . . . jest zainfekowany!!

c:\windows\system32\svchost.exe . . . jest zainfekowany!!

Zainfekowana kopia c:\windows\explorer.exe została znaleziona. Problem naprawiono

Plik odzyskano z - c:\windows\ServicePackFiles\i386\explorer.exe

.

((((((((((((((((((((((((((((((((((((((( Sterowniki/Usługi )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_SSHNAS

((((((((((((((((((((((((( Pliki utworzone od 2009-11-25 do 2009-12-25 )))))))))))))))))))))))))))))))

.

2009-12-23 10:51 . 2009-12-23 10:51 -------- d-----w- C:\Uptade Cinu95

2009-12-15 16:20 . 2003-03-24 08:00 68096 -c–a-w- c:\windows\system32\dllcache\dpnhupnp.dll

2009-12-15 16:20 . 2003-03-24 08:00 68096 ----a-w- c:\windows\system32\dpnhupnp.dll

2009-12-15 12:49 . 2009-12-15 12:49 -------- d-----w- c:\program files\Cisco

2009-12-12 19:50 . 2009-12-12 19:50 -------- d-----w- c:\documents and settings\Kasia\Dane aplikacji\Gadu-Gadu 10

2009-12-12 19:49 . 2009-12-12 19:50 -------- d-----w- c:\documents and settings\Kasia\Dane aplikacji\PCToolsFirewallPlus

2009-12-12 19:28 . 2009-11-23 12:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys

2009-12-12 19:28 . 2009-11-09 10:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys

2009-12-12 19:28 . 2009-10-30 10:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys

2009-12-12 19:27 . 2009-12-20 14:53 -------- d—a-w- c:\documents and settings\All Users\Dane aplikacji\TEMP

2009-12-12 19:27 . 2009-12-12 19:28 -------- d-----w- c:\program files\Common Files\PC Tools

2009-12-12 19:27 . 2009-11-24 07:54 56512 ----a-w- c:\windows\system32\drivers\pctNdis.sys

2009-12-12 19:27 . 2009-11-10 16:11 70408 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys

2009-12-12 19:27 . 2009-08-14 12:44 32552 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys

2009-12-12 19:27 . 2009-10-16 15:55 115216 ----a-w- c:\windows\system32\drivers\pctplfw.sys

2009-12-12 16:20 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-12 16:20 . 2009-12-12 16:20 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Malwarebytes

2009-12-12 16:20 . 2009-12-03 15:13 18520 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-12 16:20 . 2009-12-13 12:23 -------- d-----w- c:\program files\Malwarebytes’ Anti-Malware

2009-12-12 12:19 . 2009-12-12 12:22 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\NCH Swift Sound

2009-12-12 12:19 . 2009-12-12 12:21 -------- d-----w- c:\program files\NCH Swift Sound

2009-12-10 19:11 . 2009-12-11 15:15 -------- d-----w- C:\found.000

2009-12-10 15:42 . 2009-08-19 04:18 107864 ----a-w- c:\windows\system32\tsccvid.dll

2009-12-10 15:42 . 2009-12-10 15:42 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\TechSmith

2009-12-10 15:42 . 2009-12-10 15:42 -------- d-----w- c:\program files\QuickTime

2009-12-10 15:42 . 2009-12-10 15:42 -------- d-----w- c:\program files\Common Files\TechSmith Shared

2009-12-10 14:48 . 2008-09-16 19:23 168448 ----a-w- c:\windows\system32\unrar.dll

2009-12-10 14:48 . 2004-05-18 18:16 39936 ----a-w- c:\windows\system32\huffyuv.dll

2009-12-10 14:48 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll

2009-12-10 14:48 . 2009-01-28 21:25 2246163 ----a-w- c:\windows\system32\x264vfw.dll

2009-12-10 14:48 . 2006-04-02 12:47 630784 ----a-w- c:\windows\system32\vp7vfw.dll

2009-12-10 14:48 . 2004-12-10 08:03 438272 ----a-w- c:\windows\system32\vp6vfw.dll

2009-12-10 14:48 . 2008-12-11 00:33 86016 ----a-w- c:\windows\system32\dpl100.dll

2009-12-10 14:48 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll

2009-12-10 14:48 . 2008-11-06 16:33 684032 ----a-w- c:\windows\system32\divx.dll

2009-12-10 14:48 . 2009-02-09 18:56 67584 ----a-w- c:\windows\system32\ff_vfw.dll

2009-12-10 14:48 . 2009-12-10 14:49 -------- d-----w- c:\program files\K-Lite Codec Pack

2009-12-09 20:34 . 2009-12-09 20:34 -------- d-----w- c:\windows\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\free-downloads.net

2009-12-09 20:34 . 2009-12-09 20:34 -------- d-----w- c:\windows\system32\config\systemprofile\Ustawienia lokalne\Dane aplikacji\Conduit

2009-12-05 14:37 . 2009-12-05 14:37 -------- d-----w- c:\windows\system32\bits

2009-12-05 14:02 . 2009-12-05 14:55 -------- d–h--w- c:\windows$hf_mig$

.

(((((((((((((((((((((((((((((((((((((((( Sekcja Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-25 17:46 . 2001-10-26 16:15 80766 ----a-w- c:\windows\system32\perfc015.dat

2009-12-25 17:46 . 2001-10-26 16:15 461658 ----a-w- c:\windows\system32\perfh015.dat

2009-12-25 12:07 . 2009-02-01 12:43 -------- d-----w- c:\program files\Nowe Gadu-Gadu

2009-12-15 12:49 . 2008-06-15 15:04 -------- d–h--w- c:\program files\InstallShield Installation Information

2009-12-12 16:25 . 2008-08-11 18:54 -------- d-----w- c:\program files\Winamp

2009-12-12 16:25 . 2008-06-15 17:26 -------- d-----w- c:\program files\Lexmark Fax Solutions

2009-12-12 16:25 . 2008-06-15 17:24 -------- d-----w- c:\program files\Lexmark 3300 Series

2009-12-12 16:25 . 2008-06-15 15:20 -------- d-----w- c:\program files\Gadu-Gadu

2009-12-07 07:09 . 2008-06-15 17:25 -------- d-----w- c:\program files\Lx_cats

2009-12-03 19:45 . 2009-04-27 06:31 -------- d-----w- c:\program files\Common Files\Adobe

2009-12-03 18:51 . 2009-10-23 16:39 -------- d-----w- c:\program files\Opera 10.10 Beta

2009-12-02 13:33 . 2009-09-27 14:03 -------- d-----w- c:\documents and settings\All Users\Dane aplikacji\Spybot - Search & Destroy

2009-11-27 16:28 . 2008-08-25 09:10 -------- d-----w- c:\program files\Techland

2009-11-26 20:52 . 2008-08-31 17:36 57536 ----a-w- c:\documents and settings\Kasia\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-11-26 18:01 . 2009-08-16 17:13 -------- d-----w- c:\program files\Speedway Manager 98

2009-11-21 13:24 . 2009-02-24 18:06 249856 ------w- c:\windows\Setup1.exe

2009-11-21 13:24 . 2009-02-24 18:06 73216 ----a-w- c:\windows\ST6UNST.EXE

2009-11-21 08:46 . 2009-11-21 08:46 86016 ----a-w- c:\windows\system32\frapsvid.dll

2009-11-16 15:10 . 2008-12-09 18:17 -------- d—a-w- c:\documents and settings\All Users\Dane aplikacji\Sports Interactive

2009-11-11 19:29 . 2009-11-08 17:43 -------- d-----w- c:\program files\Java

2009-11-11 19:28 . 2009-11-11 19:28 -------- d-----w- c:\program files\Common Files\Java

2009-11-06 09:32 . 2008-09-08 06:24 57536 ----a-w- c:\documents and settings\Aga\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT

2009-11-04 18:49 . 2009-11-04 18:49 -------- d-----w- c:\program files\LogMeIn Hamachi

2009-10-13 16:17 . 2009-04-26 14:28 547 ----a-w- c:\windows\eReg.dat

2002-09-20 16:04 . 2001-10-26 16:49 167403 --sha-r- c:\windows\system32\eezsdvq.dll

.

c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe

c:\program files\Analog Devices\Core\smax4pnp .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe

c:\program files\Common Files\Real\Update_OB\realsched .exe

c:\program files\Creative\Shared Files\camtray .exe

c:\program files\CyberLink\PowerDVD\pdvdserv .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Lexmark 3300 Series\lxccmon .exe

c:\program files\Lexmark Fax Solutions\fm3032 .exe

c:\program files\Malwarebytes' Anti-Malware\mbam .exe

c:\program files\Messenger\msmsgs .exe

c:\program files\Nowe Gadu-Gadu\gg .exe

c:\program files\Nowe Gadu-Gadu\gg .exe

c:\program files\Nowe Gadu-Gadu\gg .exe

c:\program files\Skype\Phone\skype .exe

c:\program files\Sony Ericsson\Mobile2\Application Launcher\application launcher .exe

c:\program files\Winamp\winampa .exe

[/code]

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

------- Sigcheck -------

[-] 2001-10-26 . D137279C76C23AEAFB2B8D94966A4162 . 103936 . . [5.1.2600.0] . . c:\windows\system32\services.exe

[7] 2002-09-20 . 8B6E6BB5D451F8BBC0621203B687D993 . 519168 . . [5.1.2600.1106] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2002-09-20 . 7AC5BDCEC55D356E7E0165833D22F3D4 . 520704 . . [5.1.2600.1106] . . c:\windows\system32\winlogon.exe

[-] 2001-10-26 . C6538D860C60BCA23A78599BB5B0A2E1 . 15872 . . [5.1.2600.0] . . c:\windows\system32\svchost.exe

c:\windows\System32\wscntfy.exe … - brak elementu !!

c:\windows\System32\xmlprov.dll … - brak elementu !!

.

((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

“{ecdee021-0d17-467f-a1ff-c7a115230949}”= “c:\program files\free-downloads.net\tbfre1.dll” [2009-12-02 2166296]

[HKEY_CLASSES_ROOT\clsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_LOCAL_MACHINE~\Browser Helper Objects{ecdee021-0d17-467f-a1ff-c7a115230949}]

2009-12-02 07:38 2166296 ----a-w- c:\program files\free-downloads.net\tbfre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

“{ecdee021-0d17-467f-a1ff-c7a115230949}”= “c:\program files\free-downloads.net\tbfre1.dll” [2009-12-02 2166296]

[HKEY_CLASSES_ROOT\clsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

“{ECDEE021-0D17-467F-A1FF-C7A115230949}”= “c:\program files\free-downloads.net\tbfre1.dll” [2009-12-02 2166296]

[HKEY_CLASSES_ROOT\clsid{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“EA Core”=“d:\program files\Electronic Arts\EADM\Core.exe” [N/A]

“Skype”=“c:\program files\Skype\Phone\Skype.exe” [2008-11-07 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

“PLP 09 Center”=“d:\program files\EA Sports\FIFA 09\PLP 09 Center.exe” [N/A]

“LXCCCATS”=“c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll” [2005-07-20 73728]

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe” [N/A]

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe” [2009-10-03 35696]

“Adobe_Reader”=“c:\program files\adobe\acrotray.exe” [N/A]

[HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

“CTFMON.EXE”=“c:\windows\System32\CTFMON.EXE” [2002-09-20 13312]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-12-12 233136]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2009-10-29 1074568]

R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-12-12 88040]

R3 PCTFW-DNS;PCTools Firewall - DNS driver;c:\windows\system32\drivers\pctNdis-DNS.sys [2009-12-12 32552]

R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2009-12-12 70408]

R3 pctNDIS;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2009-12-12 56512]

R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-12-12 115216]

S2 degzwzpf;cpzifpndy;c:\windows\system32\svchost.exe -k netsvcs [2001-10-26 15872]

S3 FGUARD32;FGUARD32;d:\program files\Folder Guard\FGUARD32.SYS [2009-09-15 54480]

S3 V0260VID;Live! Cam Vista IM;c:\windows\system32\drivers\V0260Vid.sys [2008-06-15 178913]

S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2009-04-26 721904]

— Inne Usługi/Sterowniki w Pamięci —

*NewlyCreated* - ALG

*NewlyCreated* - IPNAT

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

degzwzpf

.

------- Skan uzupełniający -------

.

uStart Page = hxxp://www.wp.pl/

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensaver - c:\windows\System32\GPhotos.scr/200

IE: Eksport do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

FF - ProfilePath - c:\documents and settings\Mikołaj\Dane aplikacji\Mozilla\Firefox\Profiles\a3gjatwl.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as … ource=3q=

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as … 1098640q=

FF - component: c:\documents and settings\Mikołaj\Dane aplikacji\Mozilla\Firefox\Profiles\a3gjatwl.default\extensions{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - component: c:\program files\Mozilla Firefox\extensions{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll

FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npOggX.dll

FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npdsplay.dll

FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\NPJava11.dll

FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\NPJava12.dll

FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\NPJava13.dll

FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\NPJava14.dll

FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\NPJava32.dll

FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\NPJPI142_15.dll

FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\NPOJI610.dll

FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\NPSWF32.dll

FF - plugin: c:\program files\Opera 10.10 Beta\program\plugins\npwmsdrm.dll

.

        • USUNIĘTO PUSTE WPISY - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

AddRemove-82A44D22-9452-49FB-00FB-CEC7DCAF7E23 - c:\program files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe

AddRemove-Speedway Turbo Sliders Mod - d:\program files\Jollygood Games\Turbo Sliders\uninstall_Speedway.exe

AddRemove-UltraISO_is1 - d:\program files\UltraISO\unins000.exe

AddRemove-MOD F1RL 2009 VERSION 2.1 - d:\program files\rFactor\Uninstalmodf1rl21.exe

AddRemove-World Club Patch 1.2 Graphic - d:\program files\Konami\Pro Evolution Soccer 2008\Uninstal.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-25 18:44

Windows 5.1.2600 Dodatek Service Pack. 1 NTFS

skanowanie ukrytych procesów …

skanowanie ukrytych wpisów autostartu …

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

LXCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCCtime.dll,_RunDLLEntry@16???

skanowanie ukrytych plików …

skanowanie pomyślnie ukończone

ukryte pliki: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys UNKNOWN [0x8238E208]

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk - CLASSPNP.SYS @ 0xf858aaac

\Driver\ACPI - ACPI.sys @ 0xf84ef740

\Driver\atapi - 0x8238e208

IoDeviceObjectType - DeleteProcedure - ntoskrnl.exe @ 0x80559f4b

ParseProcedure - ntoskrnl.exe @ 0x805829d5

\Device\Harddisk0\DR0 - DeleteProcedure - ntoskrnl.exe @ 0x80559f4b

ParseProcedure - ntoskrnl.exe @ 0x805829d5

NDIS: Intel® PRO/1000 MT Network Connection - SendCompleteHandler - NDIS.sys @ 0xf83b8d84

PacketIndicateHandler - NDIS.sys @ 0xf83c5480

SendHandler - NDIS.sys @ 0xf83a6933

Warning: possible MBR rootkit infection !

user kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\degzwzpf]

“ServiceDll”=“c:\windows\System32\eezsdvq.dll”

.

--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_USERS\S-1-5-21-448539723-1677128483-725345543-1003\Software\SecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]

“??”=hex:72,9f,65,f8,9e,80,2a,7f,59,18,2d,44,cd,83,4a,46,65,f9,59,d7,b9,64,0d,

67,8f,b5,96,92,15,3a,fa,d2,d5,e6,b0,e4,bb,ed,80,29,3e,e6,d3,6a,85,39,5c,b9,\

“??”=hex:a7,fe,78,bb,4e,31,a4,29,6e,d0,0d,5b,cd,14,57,78

[HKEY_USERS\S-1-5-21-448539723-1677128483-725345543-1003\Software\SecuROM\License information*]

“datasecu”=hex:1a,f0,9f,0d,df,7a,f0,b6,56,25,30,31,0b,71,02,ed,f9,34,8d,de,c0,

e4,1d,c7,3e,2b,5e,cb,50,1a,d7,0f,ed,d3,da,2b,bb,6a,71,65,51,be,b4,f8,28,62,\

“rkeysecu”=hex:d9,8e,11,d0,2c,fd,cd,c6,11,3c,89,67,ec,ac,74,39

.

--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------

              • ‘winlogon.exe’(1080)

c:\windows\System32\ODBC32.dll

c:\windows\system32\Ati2evxx.dll

              • ‘lsass.exe’(1136)

c:\windows\System32\dssenh.dll

              • ‘explorer.exe’(5988)

c:\windows\System32\msi.dll

c:\program files\Microsoft Office\OFFICE11\msohev.dll

.

------------------------ Pozostałe uruchomione procesy ------------------------

.

c:\windows\System32\Ati2evxx.exe

c:\windows\system32\Ati2evxx.exe

c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe

d:\program files\PC Tools Firewall Plus\FWService.exe

c:\program files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

c:\windows\System32\wdfmgr.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\windows\SoftwareDistribution\Download\ce5d704205c9caa38fd4b9a656cd1997\update\update.exe

.

**************************************************************************

.

Czas ukończenia: 2009-12-25 18:52:25 - komputer został uruchomiony ponownie

ComboFix-quarantined-files.txt 2009-12-25 17:52

Przed: 9 986 306 048 bajtów wolnych

Po: 11 023 982 592 bajtów wolnych

winxpsp1_pl_pro_bf.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Professional” /fastdetect

    • End Of File - - 2F8361AC71EDE0232D3ABE3501AA279D

Log z ComboFixa

Tak chce przetestować Windowsa 7. Można bodajże legalnie testować do Marca albo Czerwca. Nie jestem pewien

No więc po pierwsze nie kazałem używać Combofixa.

Po drugie skąd wziąłeś skrypt?

Po trzecie zawartość logów wklejasz na wklej.org, wklej.to lub nopaste.pl, a w poście dajesz tylko link.

Po czwarte masz w systemie istny sajgon :shock:, więc wątpię czy bez kompletnego formatu się to usunie…

Otwórz Notatnik i wklej do niego:

SRPeek::

c:\windows\system32\services.exe

c:\windows\system32\svchost.exe


File::

c:\windows\System32\eezsdvq.dll

c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe

c:\program files\Analog Devices\Core\smax4pnp .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Analog Devices\SoundMAX\smax4 .exe

c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe

c:\program files\Common Files\Real\Update_OB\realsched .exe

c:\program files\Creative\Shared Files\camtray .exe

c:\program files\CyberLink\PowerDVD\pdvdserv .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Gadu-Gadu\gg .exe

c:\program files\Lexmark 3300 Series\lxccmon .exe

c:\program files\Lexmark Fax Solutions\fm3032 .exe

c:\program files\Malwarebytes' Anti-Malware\mbam .exe

c:\program files\Messenger\msmsgs .exe

c:\program files\Nowe Gadu-Gadu\gg .exe

c:\program files\Nowe Gadu-Gadu\gg .exe

c:\program files\Nowe Gadu-Gadu\gg .exe

c:\program files\Skype\Phone\skype .exe

c:\program files\Sony Ericsson\Mobile2\Application Launcher\application launcher .exe

c:\program files\Winamp\winampa .exe


Driver::

degzwzpf


NetSvc::

degzwzpf


Registry::

[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\degzwzpf]

Plik zapisz pod nazwą CFScript , najlepiej w tym samym folderze co Combofix.exe

Przeciągnij i upuść ikonkę CFScript.txt na ikonkę Combofix.exe

Powinno się rozpocząć usuwanie.

_ Potem dajesz log z usuwania Combofix. _