
OTL.txt
http://wklej.org/id/607205/
Extras.txt:
http://wklej.org/id/607206/
 
				
 
				:OTL
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
[2011-08-25 18:55:13 | 000,000,000 | -H-D | C] -- C:\Windows\update.8.1
[2011-08-22 13:03:10 | 000,000,000 | ---D | C] -- C:\Windows\ufa
[2011-08-22 13:03:10 | 000,000,000 | ---D | C] -- C:\Windows\rpcminer
[2011-08-22 13:03:10 | 000,000,000 | ---D | C] -- C:\Windows\phoenix
[2011-08-22 12:13:16 | 000,000,000 | -H-D | C] -- C:\Windows\update.7.1
[2011-08-22 12:08:01 | 000,000,000 | -H-D | C] -- C:\Windows\update.2
[2011-08-22 11:51:45 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0
[2011-08-22 11:42:11 | 000,000,000 | ---D | C] -- C:\Windows\av_ico
[2011-08-22 11:40:23 | 000,000,000 | -H-D | C] -- C:\Windows\update.1
[2011-08-22 11:40:17 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-12-0-lnk
[2011-08-22 11:40:17 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-12-0
[2011-08-22 12:08:20 | 000,000,734 | ---- | C] () -- C:\Windows\System32\drivers\etc\hîsts
[2011-08-22 13:03:09 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar
[2011-08-22 13:03:09 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar
[2011-08-22 13:03:09 | 000,182,617 | ---- | C] () -- C:\Windows\ufa.rar
[2011-08-22 12:08:20 | 000,000,734 | ---- | C] () -- C:\Windows\System32\drivers\etc\hîsts
[2011-08-22 11:52:10 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist
[2011-08-22 11:52:09 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar
[2011-08-22 11:52:09 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011-08-22 11:47:53 | 000,000,222 | ---- | C] () -- C:\Windows\info1
[2011-08-22 11:43:39 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
:Commands
[emptyflash]
[emptytemp]
[resethosts]
[Reboot]
 
	
:OTL
SRV - File not found [Auto | Stopped] -- -- (avgwd)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [On_Demand | Stopped] -- -- (AVG Security Toolbar Service)
SRV - [2010-01-15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
DRV - [2011-04-14 21:28:30 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011-04-05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011-03-16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011-03-01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011-02-22 08:12:50 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011-02-10 07:53:42 | 000,021,968 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011-02-10 07:53:40 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011-01-07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.ask.com/?l=dis&o=41647997&gct=hp [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4e3657a0&v=7.007.026.001&i=23&tp=ab&iy=&ychte=us&lng=pl&q="
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18 - Protocol\Handler\linkscanner - No CLSID value found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O34 - HKLM BootExecute: (E:\OSCAR\AVG\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (E:\OSCAR\AVG\avgrsx.exe /sync /restart)
[2011-10-07 16:23:50 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2011-10-07 16:23:50 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2011-08-22 11:52:09 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe
[2011-08-22 11:43:39 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok
:Files
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
"BootExecute"=hex(7):61,00,75,00,74,00,6f,00,63,00,68,00,65,00,63,00,6b,00,20,\
00,61,00,75,00,74,00,6f,00,63,00,68,00,6b,00,20,00,2a,00,00,00,00,00
:Commands
[emptytemp]
[resethosts]
 
	

 
	
Files to delete:
C:\Windows\loader2.exe_ok
C:\Windows\unrar.exe
:Files
C:\Windows\loader2.exe_ok
C:\Windows\unrar.exe
:Commands
[emptytemp]
[resethosts]
 
	

127.0.0.1 localhost
::1 localhost
 
	
 
	


 
	





Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 11 gości