przez Nawoz1993 07 Paź 2010, 15:29
przez Andziorka 07 Paź 2010, 16:04
przez wojtas 07 Paź 2010, 23:00
:OTL
MOD - [2010-09-23 18:19:04 | 000,045,134 | ---- | M] (MyWebSearch.com) -- C:\Program Files\MyWebSearch\bar\3.bin\MWSOESTB.DLL
SRV - [2010-09-23 18:19:04 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE -- (MyWebSearchService)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZNfox000&ptb=qZxsYoVGmVJuhgGDagjCmw
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL (MyWebSearch.com)
FF - prefs.js..browser.search.selectedEngine: "My Web Search"
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZNfox000&ptb=qZxsYoVGmVJuhgGDagjCmw&psa=&ind=2010092312&ptnrS=ZNfox000&si=&st=kwd&n=77cf9318&searchfor="
O2 - BHO: (MyWebSearch Search Assistant BHO) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\3.bin\MWSSRCAS.DLL (MyWebSearch.com)
O2 - BHO: (mwsBar BHO) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKLM\..\Toolbar: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (MyWebSearch.com)
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL (MyWebSearch.com)
O4 - HKLM..\Run: [My Web Search Bar Search Scope Monitor] C:\Program Files\MyWebSearch\bar\3.bin\M3SRCHMN.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [api32] C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\apiqq.exe ()
O4 - HKCU..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKCU..\Run: [nod32] C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\nodqq.exe ()
O32 - AutoRun File - [2010-10-07 20:47:29 | 000,000,063 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010-09-04 12:48:36 | 000,000,063 | RHS- | M] () - D:\AUTORUN.FCB -- [ NTFS ]
O32 - AutoRun File - [2010-10-07 20:47:29 | 000,000,063 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{6acd020d-c1de-11df-a46a-0050ba029190}\Shell\AutoRun\command - "" = G:\12gn6id2.exe -- File not found
O33 - MountPoints2\{6acd020d-c1de-11df-a46a-0050ba029190}\Shell\open\Command - "" = G:\12gn6id2.exe -- File not found
O33 - MountPoints2\{7c51e222-c1e8-11df-abd3-806d6172696f}\Shell\AutoRun\command - "" = D:\12gn6id2.exe -- [2010-05-11 15:32:04 | 000,112,128 | RHS- | M] ()
O33 - MountPoints2\{7c51e222-c1e8-11df-abd3-806d6172696f}\Shell\open\Command - "" = D:\12gn6id2.exe -- [2010-05-11 15:32:04 | 000,112,128 | RHS- | M] ()
:Files
C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\nodqq0.dll
C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\nodqq1.dll
C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\niytu1x6.default\searchplugins\mywebsearch.xml
C:\Program Files\MyWebSearch
C:\Program Files\DAEMON Tools Toolbar
C:\WINDOWS\System32\f3PSSavr.scr
12gn6id2.exe /alldrives
autorun.inf /alldrives
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""
:Commands
[emptytemp]
[emptyflash]
[clearallrestorepoints]
przez wojtas 08 Paź 2010, 16:29
przez Nawoz1993 09 Paź 2010, 02:19
przez wojtas 09 Paź 2010, 09:12
przez Nawoz1993 09 Paź 2010, 10:59
przez wojtas 09 Paź 2010, 17:23
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Metin2\metin2.bin"=-
"C:\Program Files\Metin2\metin2client.bin"=-
"C:\Program Files\BitComet\BitComet.exe"=-
"C:\Program Files\Gadu-Gadu\gg.exe"=-
"C:\Program Files\Nowe Gadu-Gadu\gg.exe"=-
"C:\Program Files\Counter-Strike 1.6\hl.exe"=-
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 64 gości
pomoscie ;]