przez nyah2211 » 06 Maj 2012, 15:20
UA: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19
o takiej samej nazwie jak strona do której odwołuje się alert NOD-a ściągnąłem go ponieważ był potrzebny do pobrania aktualizacji gry ,, ............" 
przez kominekl » 06 Maj 2012, 17:33
UA: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0
otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967.html#p107754 i GMER otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967.html#p88736.
przez nyah2211 » 06 Maj 2012, 18:29
UA: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19
przez kominekl » 06 Maj 2012, 20:07
UA: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0
URUCHOM i wklej tam "C:\Users\Nue\Desktop\ComboFix.exe" /uninstall . Malwarebytes Anti-Malware (zła forma instalacji). w oknie Własne opcje skanowania/skrypt wklej:
:OTL
DRV:[b]64bit:[/b] - File not found [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1605787
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=19950&mntrId=8e91b2f200000000000054e6fcd5c7e2c7e2
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {AB79D3B4-AEDB-428a-B504-BAC00521A1C7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=19950&mntrId=8e91b2f200000000000054e6fcd5c7e2c7e2
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=BT4&o=15455&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=H2&apn_dtid=YYYYYYYYPL&apn_uid=26A40688-4E79-4029-903D-40B34C2A1E6D&apn_sauid=E5C1ECF8-74E3-4E2D-816F-ECD22DD299AC
IE - HKCU\..\SearchScopes\{72495190-2F5D-CD65-A572-2DD2EEE8DFC3}: "URL" = http://www.bing.com/s/?q={searchTerms}&iesrc={referrer:source?}&cfg=2-207-0-2jQbU
IE - HKCU\..\SearchScopes\{AB79D3B4-AEDB-428a-B504-BAC00521A1C7}: "URL" = http://www.google-feed.net/results.php?q={searchTerms}&cx=002904446094441487865%3Ate-nlsbrcdy&cof=FORID%3A10&ie=UTF-8&said=&do=search&empty=0&from=1&CID=1
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1605787
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Hotspot Shield Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.order.2: "Ask.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Nue\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Nue\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012-04-19 22:32:48 | 000,000,000 | ---D | M] (uTorrentBar_IT Community Toolbar) -- C:\Users\Nue\AppData\Roaming\mozilla\Firefox\Profiles\ylwzp3zz.default\extensions\{4ae0c3d6-f713-4eed-bc65-25dc3ffdaac1}
[2012-01-26 15:10:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Nue\AppData\Roaming\mozilla\Firefox\Profiles\ylwzp3zz.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012-01-17 16:08:35 | 000,000,000 | ---D | M] (DealBulldog Toolbar) -- C:\Users\Nue\AppData\Roaming\mozilla\Firefox\Profiles\ylwzp3zz.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2012-05-06 17:04:20 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nue\AppData\Roaming\mozilla\Firefox\Profiles\ylwzp3zz.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012-02-21 00:09:47 | 000,000,000 | ---D | M] (Veoh Web Player Community Toolbar) -- C:\Users\Nue\AppData\Roaming\mozilla\Firefox\Profiles\ylwzp3zz.default\extensions\{cd90bf73-20f6-44ef-993d-bb920303bd2e}
[2012-04-19 22:32:44 | 000,000,000 | ---D | M] (mobilewitch Community Toolbar) -- C:\Users\Nue\AppData\Roaming\mozilla\Firefox\Profiles\ylwzp3zz.default\extensions\{fcbf663e-8530-46f8-a880-ac5abe9d2b23}
[2011-04-02 08:34:07 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Nue\AppData\Roaming\mozilla\Firefox\Profiles\ylwzp3zz.default\extensions\[email protected]
[2011-07-21 22:32:46 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Nue\AppData\Roaming\mozilla\Firefox\Profiles\ylwzp3zz.default\extensions\[email protected]
[2010-11-19 13:59:47 | 000,001,737 | ---- | M] () -- C:\Users\Nue\AppData\Roaming\Mozilla\Firefox\Profiles\ylwzp3zz.default\searchplugins\ask.uk.xml
[2010-09-11 19:47:44 | 000,002,565 | ---- | M] () -- C:\Users\Nue\AppData\Roaming\Mozilla\Firefox\Profiles\ylwzp3zz.default\searchplugins\askcom.xml
[2010-01-20 12:14:02 | 000,000,931 | ---- | M] () -- C:\Users\Nue\AppData\Roaming\Mozilla\Firefox\Profiles\ylwzp3zz.default\searchplugins\conduit.xml
[2010-08-15 18:39:11 | 000,010,017 | ---- | M] () -- C:\Users\Nue\AppData\Roaming\Mozilla\Firefox\Profiles\ylwzp3zz.default\searchplugins\mywebsearch.xml
[2011-07-21 22:32:32 | 000,002,291 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2010-08-16 09:49:35 | 000,000,859 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Yahoo.xml
O2:[b]64bit:[/b] - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:[b]64bit:[/b] - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O16:[b]64bit:[/b] - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
@Alternate Data Stream - 508 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:8927A071
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B755D674
:Files
C:\Users\Nue\AppData\Local\Google\Update
$RECYCLE.BIN /alldrives
C:\Windows\temp
C:\Qoobox
C:\Users\Nue\AppData\Roaming\Malwarebytes
C:\ProgramData\Malwarebytes
C:\Windows\SysNative\drivers\mbam.sys
C:\Program Files (x86)\Malwarebytes' Anti-Malware
C:\Windows\tasks\*.job
C:\Users\Nue\Desktop\gmer (1).zip
C:\Users\Nue\Desktop\gmer.zip
C:\Windows\tasks\SA.DAT
C:\Users\Nue\AppData\Local\Temp*.html
:Commands
[emptyflash]
[clearallrestorepoints]
[emptytemp] otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p138589.przez nyah2211 » 06 Maj 2012, 21:08
UA: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19
http://www.wklej.eu/index.php?id=a53d803acaprzez nyah2211 » 07 Maj 2012, 11:46
UA: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.168 Safari/535.19
przez kominekl » 07 Maj 2012, 19:36
UA: Mozilla/5.0 (Windows NT 5.1; rv:12.0) Gecko/20100101 Firefox/12.0
Adobe ARM, Adobe Reader Speed Launcher, Microsoft Windows, Microsoft Windows, Akamai NetSession Interface, AutoStartNPSAgent, Java(tm) Plug-In 2 SSV Helper, Adobe PDF Link Helper, Groove GFS Browser Helper, Java(tm) Plug-In 2 SSV Helper, SMTTB2009 Class, wszystko z zakładki Task Scheduler, Akamai, SkypeUpdate, WinDefend, AODDriver4.01, BlueletAudio, BlueletSCOAudio, BT, BTHidEnum, BTHidMgr, catchme, dump_wmimmc, EagleX64, NPPTNT2, StarOpen, VComm, VcommMgr, VHidMinidrv i C:\Windows\VC.SCR. Akamai NetSession Interface i DealBulldog Toolbar. Zarejestrowani użytkownicy: Bing [Bot]