Skocz do zawartości


Zdjęcie

wirus (strona która się cały czas otwiera


  • Zaloguj się, aby dodać odpowiedź
8 odpowiedzi w tym temacie

#1 peterek0

peterek0
  • Użytkownicy
  • 7 postów

Napisano 31 styczeń 2010 - 18:24

Cześć
niewiem co się dzieje ale od czasu do czasu jak wchodzę w przeglądarkę to otwiera się nowa karta z tą stroną: http://www.bet365.co...iate=365_043965
co robić? jak trzeba wkleje logi z combi fix i hijackthis
  • 0


#2 Fenris

Fenris
  • Użytkownicy
  • 350 postów

Napisano 31 styczeń 2010 - 18:44

A czymś skanowałeś komputer?
  • 0
Intel Core2Duo E7400-2.80GHz @ 3.80GHz Pentagram Karakorum
OCZ 4GB (2x2GB) 800MHz CL4 Reaper
Asus HD4870 512MB DDR5
MSI P45 NEO-F
Tacens Sagitta LUX
Chieftec Green Angel 500W

Są dwie grupy użytkowników: Ci, którzy robią kopie zapasowe i ci, którzy zaczną robić kopie zapasowe.

#3 peterek0

peterek0
  • Użytkownicy
  • 7 postów

Napisano 31 styczeń 2010 - 19:09

a-squared coś takiego i zlnalaz jakiegos trojana ale mowi ze nieda się go usunąć
  • 0

#4 Evon

Evon
  • Użytkownicy
  • 852 postów

Napisano 02 luty 2010 - 17:51

pobierz combofix, uruchom i wrzuć nam Loga z niego
  • 0

#5 Atmosk

Atmosk
  • Użytkownicy
  • 2 postów

Napisano 02 luty 2010 - 20:21

Witam
Mam taki sam problem, także otwiera mi się strona http://www.bet365.co...iate=365_043965, skanowałem wieloma programami ale nic nie pomaga. Oto log z combofixa :

ComboFix 10-02-01.05 - Ja 2010-02-02  19:22:16.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1250.48.1045.18.4091.2666 [GMT 1:00]
Uruchomiony z: c:\users\Ja\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\temp
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

----- BITS: Możliwe zainfekowane strony -----

hxxp://download.xbox.com:80
.
(((((((((((((((((((((((((   Pliki utworzone od 2010-01-02 do 2010-02-02  )))))))))))))))))))))))))))))))
.

2010-02-02 18:29 . 2010-02-02 19:08	--------	d-----w-	c:\users\Ja\AppData\Local\temp
2010-02-02 18:29 . 2010-02-02 18:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-02-02 15:03 . 2010-02-02 15:03	--------	d-----w-	c:\windows\Sun
2010-02-01 20:24 . 2010-02-01 22:38	--------	d-----w-	c:\program files\a-squared Free
2010-01-31 21:52 . 2010-01-31 23:21	--------	d-----w-	c:\users\Ja\AppData\Roaming\Mumble
2010-01-31 21:52 . 2010-02-01 22:40	--------	d-----w-	c:\program files\Mumble
2010-01-31 13:31 . 2010-01-31 13:31	--------	d-----w-	c:\users\Ja\AppData\Roaming\Foxit
2010-01-31 13:31 . 2010-01-31 13:36	--------	d-----w-	c:\program files\Foxit Software
2010-01-31 13:26 . 2010-01-31 13:26	--------	d-----w-	c:\users\Ja\AppData\Roaming\IrfanView
2010-01-31 13:26 . 2010-01-31 13:26	--------	d-----w-	c:\program files\IrfanView
2010-01-31 12:57 . 2010-01-31 12:57	--------	d-----w-	c:\users\Ja\AppData\Local\Stardock
2010-01-30 16:35 . 2010-01-30 16:35	--------	d-----w-	c:\program files\Common Files\Java
2010-01-30 16:34 . 2010-01-30 16:34	411368	----a-w-	c:\windows\system32\deploytk.dll
2010-01-30 16:34 . 2010-01-30 16:34	--------	d-----w-	c:\program files\Java
2010-01-30 10:46 . 2010-01-30 10:46	--------	d-----w-	c:\users\Ja\AppData\Roaming\Malwarebytes
2010-01-30 10:46 . 2010-01-30 10:46	--------	d-----w-	c:\programdata\Malwarebytes
2010-01-29 20:13 . 2010-01-29 22:14	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-01-29 15:26 . 2010-01-30 08:50	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-01-29 15:12 . 2010-01-30 08:50	--------	d-----w-	c:\programdata\Lavasoft
2010-01-29 10:48 . 2010-01-29 10:53	--------	d-----w-	c:\program files\CesarFTP
2010-01-29 08:26 . 2010-01-29 08:26	3948536	----a-w-	c:\windows\system32\ntskrnl.exe
2010-01-27 12:34 . 2010-01-15 13:23	1260800	----a-w-	c:\programdata\avg9\update\backup\avgfrw.exe
2010-01-27 12:34 . 2010-01-15 13:23	3777280	----a-w-	c:\programdata\avg9\update\backup\setup.exe
2010-01-27 07:33 . 2009-10-31 05:45	2614272	----a-w-	c:\windows\explorer.exe
2010-01-27 07:33 . 2009-10-28 06:17	285696	----a-w-	c:\windows\system32\winlogon.exe
2010-01-26 18:10 . 2010-01-26 18:10	--------	d-----w-	c:\users\Ja\AppData\Roaming\Dexpot
2010-01-26 12:07 . 2010-01-26 12:09	--------	d-----w-	c:\users\Ja\AppData\Roaming\teamspeak2
2010-01-26 12:07 . 2010-01-26 12:07	--------	d-----w-	c:\program files\Teamspeak2_RC2
2010-01-25 16:28 . 2010-01-25 16:28	--------	d-----w-	c:\program files\Proxifier
2010-01-25 16:28 . 2009-01-21 13:11	61440	----a-w-	c:\windows\system32\PrxerNsp.dll
2010-01-25 16:28 . 2007-09-26 22:16	73728	----a-w-	c:\windows\system32\PrxerDrv.dll
2010-01-25 16:24 . 2010-01-25 16:25	454656	----a-w-	c:\program files\putty.exe
2010-01-22 15:52 . 2008-03-18 17:55	233888	----a-w-	c:\windows\system32\DreamScene.dll
2010-01-22 15:30 . 2010-01-29 08:25	--------	d-----w-	c:\program files\Sunrise Seven
2010-01-22 13:10 . 2009-12-19 09:02	977920	----a-w-	c:\windows\system32\wininet.dll
2010-01-13 11:29 . 2009-10-19 14:10	108544	----a-w-	c:\windows\system32\t2embed.dll
2010-01-13 11:29 . 2009-10-19 14:10	70656	----a-w-	c:\windows\system32\fontsub.dll
2010-01-05 18:23 . 2010-01-05 18:23	--------	d-----w-	c:\windows\system32\xlive
2010-01-05 17:15 . 2010-01-05 18:23	--------	d-----w-	c:\program files\Microsoft Games for Windows - LIVE
2010-01-05 17:14 . 2008-07-12 07:18	467984	----a-w-	c:\windows\system32\d3dx10_39.dll
2010-01-05 17:14 . 2008-07-12 07:18	1493528	----a-w-	c:\windows\system32\D3DCompiler_39.dll
2010-01-05 17:14 . 2008-07-12 07:18	3851784	----a-w-	c:\windows\system32\D3DX9_39.dll
2010-01-04 12:59 . 2010-01-04 12:59	--------	d-----w-	c:\users\Ja\AppData\Roaming\Stardock
2010-01-04 12:59 . 2010-01-04 12:59	--------	d-----w-	c:\users\Ja\AppData\Local\PackageAware
2010-01-04 12:42 . 2010-01-04 12:42	--------	d-----w-	c:\program files\CCleaner
2010-01-03 23:19 . 2010-02-02 00:42	--------	d-----w-	c:\users\Ja\AppData\Roaming\FileZilla
2010-01-03 23:18 . 2010-02-01 22:40	--------	d-----w-	c:\program files\FileZilla FTP Client

.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-02 18:03 . 2009-11-07 13:00	--------	d-----w-	c:\users\Ja\AppData\Roaming\foobar2000
2010-02-02 15:10 . 2009-12-25 21:17	--------	d-----w-	c:\program files\Garena
2010-02-02 13:43 . 2009-11-26 19:13	--------	d-----w-	c:\programdata\Autodesk
2010-02-02 13:43 . 2009-11-26 19:13	--------	d-----w-	c:\program files\Common Files\Autodesk Shared
2010-02-02 10:43 . 2009-07-14 08:07	687828	----a-w-	c:\windows\system32\perfh015.dat
2010-02-02 10:43 . 2009-07-14 08:07	131382	----a-w-	c:\windows\system32\perfc015.dat
2010-02-01 22:40 . 2009-11-07 12:59	--------	d-----w-	c:\program files\foobar2000
2010-02-01 20:43 . 2009-11-08 22:49	--------	d-----w-	c:\program files\Mp3tag
2010-01-30 17:05 . 2009-11-07 12:45	--------	d-----w-	c:\users\Ja\AppData\Roaming\vlc
2010-01-29 07:45 . 2009-11-07 21:22	--------	d-----w-	c:\programdata\avg9
2010-01-28 13:31 . 2009-11-06 18:31	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-01-22 15:05 . 2009-11-30 14:29	--------	d-----w-	c:\program files\Common Files\Steam
2010-01-05 18:18 . 2009-11-08 12:40	--------	d-----w-	c:\programdata\Media Center Programs
2009-12-25 21:13 . 2009-12-25 21:08	66444	----a-w-	c:\windows\War3Unin.dat
2009-12-25 21:10 . 2009-12-25 21:08	2829	----a-w-	c:\windows\War3Unin.pif
2009-12-25 21:10 . 2009-12-25 21:08	139264	----a-w-	c:\windows\War3Unin.exe
2009-12-25 13:18 . 2009-11-06 20:51	--------	d-----w-	c:\program files\Common Files\InstallShield
2009-12-25 12:46 . 2009-12-25 12:46	--------	d-----w-	c:\programdata\InstallShield
2009-12-23 21:33 . 2009-11-07 13:38	--------	d-----w-	c:\program files\Nowe Gadu-Gadu
2009-12-23 21:29 . 2009-12-23 21:29	--------	d-----w-	c:\users\Ja\AppData\Roaming\Qrix
2009-12-23 21:13 . 2009-12-23 21:13	--------	d-----w-	c:\program files\xp-AntiSpy
2009-12-22 13:30 . 2009-12-23 21:29	1331712	----a-w-	c:\users\Ja\AppData\Roaming\Qrix\GG8+\v1\gg8.exe
2009-12-22 08:51 . 2009-11-07 21:22	12464	----a-w-	c:\windows\system32\avgrsstx.dll
2009-12-22 08:51 . 2009-11-07 21:22	28424	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2009-12-22 08:51 . 2009-11-07 21:22	360584	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2009-12-22 08:51 . 2009-11-07 21:22	25608	----a-w-	c:\windows\system32\drivers\AVGIDSwx.sys
2009-12-22 08:51 . 2009-11-07 21:22	333192	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2009-12-22 08:51 . 2009-11-07 21:22	161800	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2009-12-14 13:48 . 2009-11-10 14:16	--------	d-----w-	c:\users\Ja\AppData\Roaming\Audacity
2009-12-13 22:36 . 2009-12-13 22:36	--------	d-----w-	c:\program files\WinSCP
2009-12-12 21:11 . 2009-12-12 21:11	--------	d-----w-	c:\programdata\OpenFM
2009-12-12 21:11 . 2009-12-12 21:11	--------	d-----w-	c:\users\Ja\AppData\Roaming\OpenFM
2009-12-12 16:46 . 2009-11-06 18:43	117704	----a-w-	c:\users\Ja\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-12 15:50 . 2009-12-12 15:50	686400	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2009-12-12 12:22 . 2009-11-06 21:47	--------	d-----w-	c:\program files\Common Files\Adobe
2009-12-11 17:30 . 2009-12-11 17:29	--------	d-----w-	c:\users\Ja\AppData\Roaming\Notepad++
2009-12-11 17:30 . 2009-12-11 17:29	--------	d-----w-	c:\program files\Notepad++
2009-12-05 14:42 . 2009-12-23 21:30	1821696	----a-w-	c:\users\Ja\AppData\Roaming\Qrix\GG8+\v1\adbT.exe
2009-11-26 19:29 . 2009-11-26 19:29	36864	----a-w-	c:\users\Ja\AppData\Roaming\Autodesk\AutoCAD 2010\R18.0\plk\ContextualTabSelectorRules.dll
2009-11-20 18:14 . 2009-12-23 21:29	87552	----a-w-	c:\users\Ja\AppData\Roaming\Qrix\GG8+\v1\NGG_konwerter.exe
2009-11-13 16:31 . 2009-12-23 21:29	1042944	----a-w-	c:\users\Ja\AppData\Roaming\Qrix\GG8+\v1\gg8plus.exe
2009-11-09 18:00 . 2009-11-11 20:01	94208	----a-w-	c:\users\Ja\AppData\Roaming\Nowe Gadu-Gadu\_userdata\nprpjplug.dll
2009-11-09 18:00 . 2009-11-11 20:01	140864	----a-w-	c:\users\Ja\AppData\Roaming\Nowe Gadu-Gadu\_userdata\nppl3260.dll
2009-11-09 18:00 . 2009-11-11 20:01	85504	----a-w-	c:\windows\system32\ff_vfw.dll
2009-11-07 23:00 . 2009-11-06 21:49	691696	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-11-07 21:22 . 2009-11-07 21:22	24856	----a-w-	c:\windows\system32\drivers\avgfwd6x.sys
2009-11-06 21:27 . 2009-11-06 21:27	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2009-11-06 21:27 . 2009-11-06 21:27	686384	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-11-06 18:42 . 2009-11-06 18:42	262144	----a-w-	c:\windows\system32\SBarHook.DLL
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2006-03-14 04:30 . 2006-03-14 04:30	557056	--sha-r-	c:\windows\System32\screensaver\screensaver.exe
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nowe Gadu-Gadu"="c:\program files\Nowe Gadu-Gadu\gg.exe" [2009-08-31 11391592]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-01 13797992]
"OnekeyDM"="c:\program files\Lenovo\OnekeyDM\OnekeyDM.exe" [2009-03-27 335872]
"Lenovo SlideNav"="c:\program files\Lenovo\Lenovo SlideNav\SlidebarNavigator\SlidebarNavigator.exe" [2009-07-15 839680]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-06-16 4077384]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-06-25 5064520]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-20 7625248]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-12 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

R0 AVGIDSErHrw7x;AVG9IDSErHr;c:\windows\System32\drivers\AVGIDSwx.sys [2009-11-07 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [2009-11-07 161800]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [2009-11-07 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-11-07 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-11-07 360584]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\System32\drivers\vwififlt.sys [2009-07-14 48128]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-02-01 1858144]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2009-12-22 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2009-12-22 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2009-12-22 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2009-12-22 5832712]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\System32\drivers\AcpiVpc.sys [2009-11-06 21520]
R3 AVGIDSDriverw7x;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSDriver.sys [2009-11-07 122376]
R3 AVGIDSFilterw7x;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSFilter.sys [2009-11-07 30216]
R3 AVGIDSShimw7x;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN7\AVGIDSShim.sys [2009-11-07 21208]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\k57nd60x.sys [2009-06-07 273448]
R3 NETw5s32;Sterownik karty Intel(R) Wireless WiFi Link dla systemu Windows 7 32 Bit;c:\windows\System32\drivers\NETw5s32.sys [2009-09-15 6114816]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [2009-08-11 66592]
R3 usbsmi;Lenovo EasyCamera;c:\windows\System32\drivers\SMIksdrv.sys [2009-11-06 171520]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [2009-11-06 691696]
S3 bpenum;Intel(R) WiMAX Link Enumerator;c:\windows\System32\drivers\bpenum.sys [2009-07-30 56320]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [2009-11-06 29472]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [2009-05-14 4231680]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\drivers\RtsUStor.sys [2009-11-06 171520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
.
------- Skan uzupełniający -------
.
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Wyślij obraz do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
IE: Wyślij stronę do urządzenia &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm
LSP: %SystemRoot%\system32\PrxerDrv.dll
FF - ProfilePath - c:\users\Ja\AppData\Roaming\Mozilla\Firefox\Profiles\hlsvqg0j.default\
FF - prefs.js: browser.startup.homepage - www.google.pl
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\Ja\AppData\Roaming\Nowe Gadu-Gadu\_userdata\npgg.1.dll
FF - plugin: c:\users\Ja\AppData\Roaming\Nowe Gadu-Gadu\_userdata\nppl3260.dll
FF - plugin: c:\users\Ja\AppData\Roaming\Nowe Gadu-Gadu\_userdata\nprpjplug.dll

---- FIREFOX - SPOSÓB POSTĘPOWANIA ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - USUNIĘTO PUSTE WPISY - - - -

HKCU-Run-AdobeBridge - (no file)



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x872E6856]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
 SecurityProcedure -> 0x865dee88
user & kernel MBR OK 

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine]
"ImagePath"="\??\c:\users\Ja\AppData\Local\Temp\NXPF9EA.tmp"
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Czas ukończenia: 2010-02-02  20:10:32
ComboFix-quarantined-files.txt  2010-02-02 19:10

Przed: 30 807 433 216 bajtów wolnych
Po: 32 623 996 928 bajtów wolnych

- - End Of File - - BFB6E96652DB55904122EB143AC1AD99

  • 0

#6 Evon

Evon
  • Użytkownicy
  • 852 postów

Napisano 02 luty 2010 - 22:41

poczytaj tu: http://www.res.wsc.m...oting/popup.php
  • 0

#7 Demerzel

Demerzel
  • Użytkownicy
  • 63 postów

Napisano 03 luty 2010 - 12:20

Cześć
niewiem co się dzieje ale od czasu do czasu jak wchodzę w przeglądarkę to otwiera się nowa karta z tą stroną: http://www.bet365.co...iate=365_043965
co robić? jak trzeba wkleje logi z combi fix i hijackthis

Pererek0, jak widzę masz Vistę. Poczytaj artykuł o tym systemie który znajdziesz tutaj: http://hakin9.org/pl/artykuly/4
Konkretnie mam na myśli ten:
http://hakin9.org/ap...2&portal_id=113
  • 0

#8 Atmosk

Atmosk
  • Użytkownicy
  • 2 postów

Napisano 03 luty 2010 - 19:34

poczytaj tu: http://www.res.wsc.m...oting/popup.php


Wykonałem wszystko według instrukcji ale niestety nie pomogło ;/ Jedyne co pozostaje to chyba formatowanie.
  • 0

#9 Demerzel

Demerzel
  • Użytkownicy
  • 63 postów

Napisano 03 luty 2010 - 22:50

Rzuć okiem na to zanim zrobisz format. Może to będzie Twój ostatni.
  • 0


Użytkownicy przeglądający ten temat: 0

0 użytkowników, 0 gości, 0 anonimowych