
OTL:
http://wklej.org/id/136506/
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKCU..\Run: [cdoosoft] C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\herss.exe File not found
O32 - AutoRun File - [2009-08-18 11:22:19 | 00,000,061 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-08-18 11:22:19 | 00,000,061 | RHS- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-08-18 11:22:19 | 00,000,061 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008-11-09 03:32:49 | 00,000,041 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008-05-01 13:21:49 | 01,418,544 | R--- | M] () - H:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008-02-26 15:51:29 | 00,000,067 | R--- | M] () - H:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{121d9600-7c6a-11de-9ccd-806d6172696f}\Shell\AutoRun\command - "" = F:\q1alx.exe -- File not found
O33 - MountPoints2\{121d9600-7c6a-11de-9ccd-806d6172696f}\Shell\open\Command - "" = F:\q1alx.exe -- File not found
O33 - MountPoints2\{121d9601-7c6a-11de-9ccd-806d6172696f}\Shell\AutoRun\command - "" = G:\q1alx.exe -- File not found
O33 - MountPoints2\{121d9601-7c6a-11de-9ccd-806d6172696f}\Shell\open\Command - "" = G:\q1alx.exe -- File not found
O33 - MountPoints2\{5f096f34-8994-11de-b1df-806d6172696f}\Shell\AutoRun\command - "" = F:\m1eqos3.exe -- File not found
O33 - MountPoints2\{5f096f34-8994-11de-b1df-806d6172696f}\Shell\open\Command - "" = F:\m1eqos3.exe -- File not found
O33 - MountPoints2\{83a73ee0-79fd-11de-8f9d-00148526be43}\Shell\AutoRun\command - "" = p0ijj.bat
O33 - MountPoints2\{83a73ee0-79fd-11de-8f9d-00148526be43}\Shell\open\Command - "" = p0ijj.bat
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db1b3e60-05ac-11de-a5d3-00001cd72a97}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""
:Commands
[emptytemp]
[start explorer]
[Reboot]
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cdoosoft not found.
File C:\autorun.inf not found.
File D:\autorun.inf not found.
File E:\autorun.inf not found.
File move failed. G:\Autorun.inf scheduled to be moved on reboot.
File move failed. H:\Autorun.exe scheduled to be moved on reboot.
File move failed. H:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{121d9600-7c6a-11de-9ccd-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{121d9600-7c6a-11de-9ccd-806d6172696f}\ not found.
File F:\q1alx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{121d9600-7c6a-11de-9ccd-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{121d9600-7c6a-11de-9ccd-806d6172696f}\ not found.
File F:\q1alx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{121d9601-7c6a-11de-9ccd-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{121d9601-7c6a-11de-9ccd-806d6172696f}\ not found.
File G:\q1alx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{121d9601-7c6a-11de-9ccd-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{121d9601-7c6a-11de-9ccd-806d6172696f}\ not found.
File G:\q1alx.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f096f34-8994-11de-b1df-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f096f34-8994-11de-b1df-806d6172696f}\ not found.
File F:\m1eqos3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5f096f34-8994-11de-b1df-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5f096f34-8994-11de-b1df-806d6172696f}\ not found.
File F:\m1eqos3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83a73ee0-79fd-11de-8f9d-00148526be43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83a73ee0-79fd-11de-8f9d-00148526be43}\ not found.
File p0ijj.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{83a73ee0-79fd-11de-8f9d-00148526be43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83a73ee0-79fd-11de-8f9d-00148526be43}\ not found.
File p0ijj.bat not found.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db1b3e60-05ac-11de-a5d3-00001cd72a97}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db1b3e60-05ac-11de-a5d3-00001cd72a97}\ not found.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"SuperHidden"|dword:00000001 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"Hidden"|dword:00000001 /E : value set successfully!
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\\"ShowSuperHidden"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\\"CheckedValue"|dword:00000001 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\ deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden\\@|"" /E : value set successfully!
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 20748661 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 5915892 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Ustawienia lokalne\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_4ac.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 65536 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 25,62 mb
OTL by OldTimer - Version 3.0.10.7 log created on 08192009_080616
Files\Folders moved on Reboot...
File\Folder G:\Autorun.inf not found!
File\Folder H:\Autorun.exe not found!
File\Folder H:\autorun.inf not found!
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_4ac.dat moved successfully.
Registry entries deleted on Reboot...
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - AutoRun File - [2008-11-09 03:32:49 | 00,000,041 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008-05-01 13:21:49 | 01,418,544 | R--- | M] () - H:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008-02-26 15:51:29 | 00,000,067 | R--- | M] () - H:\autorun.inf -- [ UDF ]
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 3 gości