LOG z hijacka prosze o propozycje :D
Logfile of HijackThis v1.97.7
Scan saved at 10:06:24, on 2005–03–25
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\rundll32.exe
C:\windows\system32\rk.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\SK–KOT\Pulpit\Pliki install\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O1 – Hosts: 69.50.166.11 www.google.com
O1 – Hosts: 69.50.166.11 google.com
O1 – Hosts: 69.50.166.11 www.google.co.uk
O1 – Hosts: 69.50.166.11 google.co.uk
O1 – Hosts: 69.50.166.11 www.google.ca
O1 – Hosts: 69.50.166.11 google.ca
O1 – Hosts: 69.50.166.11 www.google.es
O1 – Hosts: 69.50.166.11 google.es
O1 – Hosts: 69.50.166.11 www.google.de
O1 – Hosts: 69.50.166.11 google.de
O1 – Hosts: 69.50.166.11 www.google.fr
O1 – Hosts: 69.50.166.11 google.fr
O1 – Hosts: 69.50.166.11 www.google.com.au
O1 – Hosts: 69.50.166.11 google.com.au
O1 – Hosts: 69.50.166.14 www.yahoo.com
O1 – Hosts: 69.50.166.14 yahoo.com
O1 – Hosts: 69.50.166.12 www.msn.com
O1 – Hosts: 69.50.166.12 msn.com
O1 – Hosts: 69.50.166.12 search.msn.com
O1 – Hosts: 69.50.166.12 www.go.com
O1 – Hosts: 69.50.166.12 go.com
O1 – Hosts: 69.50.166.13 astalavista.com
O1 – Hosts: 69.50.166.13 www.astalavista.com
O1 – Hosts: 69.50.166.13 astalavista.box.sk
O1 – Hosts: 69.50.166.13 cracks.am
O1 – Hosts: 69.50.166.13 www.cracks.am
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\nem220.dll (file missing)
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: (no name) – {FFF5092F–7172–4018–827B–FA5868FB0478} – C:\WINDOWS\System32\azesearch.ocx (file missing)
O3 – Toolbar: AZESearch toolbar – {A6790AA5–C6C7–4BCF–A46D–0FDAC4EA90EB} – C:\WINDOWS\System32\azesearch.ocx (file missing)
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 – HKLM\..\Run: [salm] c:\temp\salm.exe
O4 – HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 – HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 – HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Hnnwiwyt] C:\Program Files\Sjpk\Diqedbr.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 – HKLM\..\Run: [mpaloxen] C:\WINDOWS\mpaloxen.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM\..\Run: [OSS] c:\windows\system32\rk.exe –boot
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge–c18.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_61.cab
O16 – DPF: {3334504D–9980–0010–8000–00AA00389B71} – http://download.microsoft.com/download/0/C/8/0C8EDFAB–30BC–4792–898E–2DABE27B2C4D/mp43dmo.CAB
O16 – DPF: {4B4513E2–4E57–43DF–9496–FCD37E9DFA64} (GameDesire Sea Battle) – http://67.15.101.3/g_bin/pl/navy_2_0_0_17.cab
O16 – DPF: {69FD62B1–0216–4C31–8D55–840ED86B7C8F} (HbInstObj) – http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbies&Diamonds) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {D7BF3304–138B–4DD5–86EE–491BB6A2286C} (CParamWr Class) – http://toolbar.azesearch.com/install/azesearch.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{DB88BCCD–A881–4E1A–BB78–4188824C7D1D}: NameServer = 213.199.225.14,192.168.100.1
Scan saved at 10:06:24, on 2005–03–25
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\rundll32.exe
C:\windows\system32\rk.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\SK–KOT\Pulpit\Pliki install\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: (no name) – _{CFBFAE00–17A6–11D0–99CB–00C04FD64497} – (no file)
O1 – Hosts: 69.50.166.11 www.google.com
O1 – Hosts: 69.50.166.11 google.com
O1 – Hosts: 69.50.166.11 www.google.co.uk
O1 – Hosts: 69.50.166.11 google.co.uk
O1 – Hosts: 69.50.166.11 www.google.ca
O1 – Hosts: 69.50.166.11 google.ca
O1 – Hosts: 69.50.166.11 www.google.es
O1 – Hosts: 69.50.166.11 google.es
O1 – Hosts: 69.50.166.11 www.google.de
O1 – Hosts: 69.50.166.11 google.de
O1 – Hosts: 69.50.166.11 www.google.fr
O1 – Hosts: 69.50.166.11 google.fr
O1 – Hosts: 69.50.166.11 www.google.com.au
O1 – Hosts: 69.50.166.11 google.com.au
O1 – Hosts: 69.50.166.14 www.yahoo.com
O1 – Hosts: 69.50.166.14 yahoo.com
O1 – Hosts: 69.50.166.12 www.msn.com
O1 – Hosts: 69.50.166.12 msn.com
O1 – Hosts: 69.50.166.12 search.msn.com
O1 – Hosts: 69.50.166.12 www.go.com
O1 – Hosts: 69.50.166.12 go.com
O1 – Hosts: 69.50.166.13 astalavista.com
O1 – Hosts: 69.50.166.13 www.astalavista.com
O1 – Hosts: 69.50.166.13 astalavista.box.sk
O1 – Hosts: 69.50.166.13 cracks.am
O1 – Hosts: 69.50.166.13 www.cracks.am
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\nem220.dll (file missing)
O2 – BHO: (no name) – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: (no name) – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: (no name) – {A5366673–E8CA–11D3–9CD9–0090271D075B} – C:\PROGRA~1\FlashGet\jccatch.dll
O2 – BHO: (no name) – {FFF5092F–7172–4018–827B–FA5868FB0478} – C:\WINDOWS\System32\azesearch.ocx (file missing)
O3 – Toolbar: AZESearch toolbar – {A6790AA5–C6C7–4BCF–A46D–0FDAC4EA90EB} – C:\WINDOWS\System32\azesearch.ocx (file missing)
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FlashGet\fgiebar.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 – HKLM\..\Run: [salm] c:\temp\salm.exe
O4 – HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 – HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 – HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [Hnnwiwyt] C:\Program Files\Sjpk\Diqedbr.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\Avast4\ashmaisv.exe
O4 – HKLM\..\Run: [mpaloxen] C:\WINDOWS\mpaloxen.exe
O4 – HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM\..\Run: [OSS] c:\windows\system32\rk.exe –boot
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 – Global Startup: WlanUtility.lnk = C:\Program Files\MicroStar\WLANUtility\WlanUtility.exe
O8 – Extra context menu item: Download All by FlashGet – C:\Program Files\FlashGet\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\Program Files\FlashGet\jc_link.htm
O9 – Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 – Extra button: FlashGet (HKLM)
O9 – Extra 'Tools' menuitem: &FlashGet (HKLM)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge–c18.cab
O16 – DPF: {1A781DED–C22D–4153–3213–A3211E29DF13} (GameDesire Card Games) – http://67.15.101.3/g_bin/pl/cards_2_0_0_61.cab
O16 – DPF: {3334504D–9980–0010–8000–00AA00389B71} – http://download.microsoft.com/download/0/C/8/0C8EDFAB–30BC–4792–898E–2DABE27B2C4D/mp43dmo.CAB
O16 – DPF: {4B4513E2–4E57–43DF–9496–FCD37E9DFA64} (GameDesire Sea Battle) – http://67.15.101.3/g_bin/pl/navy_2_0_0_17.cab
O16 – DPF: {69FD62B1–0216–4C31–8D55–840ED86B7C8F} (HbInstObj) – http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbies&Diamonds) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 – DPF: {BFA1F11D–3121–AFE1–4112–894323212DAC} (GameDesire Word Games) – http://67.15.101.3/g_bin/pl/words_2_0_0_36.cab
O16 – DPF: {D27CDB6E–AE6D–11CF–96B8–444553540000} (Shockwave Flash Object) – http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 – DPF: {D7BF3304–138B–4DD5–86EE–491BB6A2286C} (CParamWr Class) – http://toolbar.azesearch.com/install/azesearch.cab
O16 – DPF: {FDDBE2B8–6602–4AD8–946D–94C5A32FA6C1} (GameDesire Pool 8) – http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{DB88BCCD–A881–4E1A–BB78–4188824C7D1D}: NameServer = 213.199.225.14,192.168.100.1
Odpowiedzi: 1
Wylacz przywracanie
Sciagnij LSP–FIX
Zakoncz procesy:
MediaAccK.exe
MediaAccess.exe
optimize.exe
rk.exe
Odinstaluj z Dodaj/Usun: Media Access i Internet Optimizer
Otoworz LSP–FIX, zaznacz "I know ..." i przenies do prawego ona pliki New.Net, Finish
Pozbadz sie wpisów oraz pogrubionych plikow/katalogow z dysku:
Recznie usun z HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks >> {CFBFAE00–17A6–11D0–99CB–00C04FD64497}
Sciagnij LSP–FIX
Zakoncz procesy:
MediaAccK.exe
MediaAccess.exe
optimize.exe
rk.exe
Odinstaluj z Dodaj/Usun: Media Access i Internet Optimizer
Otoworz LSP–FIX, zaznacz "I know ..." i przenies do prawego ona pliki New.Net, Finish
Pozbadz sie wpisów oraz pogrubionych plikow/katalogow z dysku:
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.freeze.com
O1 – Hosts: 69.50.166.11 www.google.com
O1 – Hosts: 69.50.166.11 google.com
O1 – Hosts: 69.50.166.11 www.google.co.uk
O1 – Hosts: 69.50.166.11 google.co.uk
O1 – Hosts: 69.50.166.11 www.google.ca
O1 – Hosts: 69.50.166.11 google.ca
O1 – Hosts: 69.50.166.11 www.google.es
O1 – Hosts: 69.50.166.11 google.es
O1 – Hosts: 69.50.166.11 www.google.de
O1 – Hosts: 69.50.166.11 google.de
O1 – Hosts: 69.50.166.11 www.google.fr
O1 – Hosts: 69.50.166.11 google.fr
O1 – Hosts: 69.50.166.11 www.google.com.au
O1 – Hosts: 69.50.166.11 google.com.au
O1 – Hosts: 69.50.166.14 www.yahoo.com
O1 – Hosts: 69.50.166.14 yahoo.com
O1 – Hosts: 69.50.166.12 www.msn.com
O1 – Hosts: 69.50.166.12 msn.com
O1 – Hosts: 69.50.166.12 search.msn.com
O1 – Hosts: 69.50.166.12 www.go.com
O1 – Hosts: 69.50.166.12 go.com
O1 – Hosts: 69.50.166.13 astalavista.com
O1 – Hosts: 69.50.166.13 www.astalavista.com
O1 – Hosts: 69.50.166.13 astalavista.box.sk
O1 – Hosts: 69.50.166.13 cracks.am
O1 – Hosts: 69.50.166.13 www.cracks.am
O2 – BHO: (no name) – {00000010–6F7D–442C–93E3–4A4827C2E4C8} – C:\WINDOWS\nem220.dll (file missing)
O2 – BHO: (no name) – {4A2AACF3–ADF6–11D5–98A9–00E018981B9E} – C:\Program Files\NewDotNet\newdotnet6_38.dll
O2 – BHO: (no name) – {FFF5092F–7172–4018–827B–FA5868FB0478} – C:\WINDOWS\System32\azesearch.ocx (file missing)
O3 – Toolbar: AZESearch toolbar – {A6790AA5–C6C7–4BCF–A46D–0FDAC4EA90EB} – C:\WINDOWS\System32\azesearch.ocx (file missing)
x
O4 – HKLM\..\Run: [salm] c:\temp\salm.exe
O4 – HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 – HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe
O4 – HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 – HKLM\..\Run: [Hnnwiwyt] C:\Program Files\Sjpk\Diqedbr.exe
O4 – HKLM\..\Run: [mpaloxen] C:\WINDOWS\mpaloxen.exe
O4 – HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,NewDotNetStartup –s
O4 – HKLM\..\Run: [OSS] c:\windows\system32\rk.exe –boot
O9 – Extra button: Related (HKLM)
O9 – Extra 'Tools' menuitem: Show &Related Links (HKLM)
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O10 – Hijacked Internet access by New.Net
O16 – DPF: {15AD4789–CDB4–47E1–A9DA–992EE8E6BAD6} – ms–its:mhtml:file://c:\nosuxxx.mht!http://www.kazaalite.pl/stats/xaw.chm::/bridge–c18.cab
O16 – DPF: {69FD62B1–0216–4C31–8D55–840ED86B7C8F} (HbInstObj) – http://installs.hotbar.com/installs/hotbar/programs/hotbar.cab
O16 – DPF: {D7BF3304–138B–4DD5–86EE–491BB6A2286C} (CParamWr Class) – http://toolbar.azesearch.com/install/azesearch.cab
Recznie usun z HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks >> {CFBFAE00–17A6–11D0–99CB–00C04FD64497}
Strona 1 / 1