:OTL
MOD - [2011-11-28 20:42:14 | 000,262,144 | ---- | M] () -- C:\Users\RAFA~1\AppData\Local\Temp\tmp73.exe
MOD - [2011-11-28 20:42:14 | 000,147,456 | ---- | M] () -- C:\Users\RAFA~1\AppData\Local\Temp\tmp78.exe
MOD - [2009-03-30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
MOD - [2008-01-27 04:53:14 | 000,200,704 | -HS- | M] () -- C:\Windows\SysWOW64\wmphk32.exe
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
FF:
64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_10 2.dll File not found
FF:
64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
O2:
64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoo ds.dll (facemoods.com BHO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsT lbr.dll (facemoods.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8:
64bit: - Extra context menu item: Block frame with Ad Muncher -
http://www.admuncher.com/request_wil...=menu_ie_frame File not found
O8:
64bit: - Extra context menu item: Block image with Ad Muncher -
http://www.admuncher.com/request_wil...=menu_ie_image File not found
O8:
64bit: - Extra context menu item: Block link with Ad Muncher -
http://www.admuncher.com/request_wil...d=menu_ie_link File not found
O8:
64bit: - Extra context menu item: Don't filter page with Ad Muncher -
http://www.admuncher.com/request_wil...enu_ie_exclude File not found
O8:
64bit: - Extra context menu item: Report page to the Ad Muncher developers -
http://www.admuncher.com/request_wil...menu_ie_report File not found
O8 - Extra context menu item: Block frame with Ad Muncher -
http://www.admuncher.com/request_wil...=menu_ie_frame File not found
O8 - Extra context menu item: Block image with Ad Muncher -
http://www.admuncher.com/request_wil...=menu_ie_image File not found
O8 - Extra context menu item: Block link with Ad Muncher -
http://www.admuncher.com/request_wil...d=menu_ie_link File not found
O8 - Extra context menu item: Don't filter page with Ad Muncher -
http://www.admuncher.com/request_wil...enu_ie_exclude File not found
O8 - Extra context menu item: Report page to the Ad Muncher developers -
http://www.admuncher.com/request_wil...menu_ie_report File not found
O18:
64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:
64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:
64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:
64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:
64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
:Files
C:\Windows\SysWow64\wmphk32.exe
C:\Windows\DAODx.exe
C:\Users\RAFA~1\AppData\Local\Temp\tmp73.exe
C:\Users\RAFA~1\AppData\Local\Temp\tmp78.exe
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
Wirus
jodlak napisał
Zasady postowania
Odpowiedź z cytatem
Zakładki