proszę o sprawdzenie log
Logfile of HijackThis v1.99.0
Scan saved at 15:51:10, on 2005–06–06
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\pywrsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\YYRJENC.EXE
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\pywrdll.exe
C:\WINDOWS\pywrenc.EXE
C:\program files\tvs\tvs_b.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\AVERTV2K\QuickTV.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\antywir\Nowy folder\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {0AD937E7–2F37–4873–A05E–548A67EF1D0E} – (no file)
O2 – BHO: inExplorer Search – {4E7BD74F–2B8D–469E–8AA5–A930F887B531} – C:\PROGRA~1\INEXPL~1\INEXPL~1.DLL
O2 – BHO: FlashEnhancer Ext – {5EDB03AF–0341–4e96–9E9B–3171522E4BAF} – c:\Program Files\Fla\fla.dll
O2 – BHO: Xbrowse Class – {AC109D01–32D6–4EB5–8300–D3C5EBAC7C83} – C:\Documents and Settings\All Users\Dane aplikacji\x2ff\x2ff.dll
O2 – BHO: Xbrowse Class – {D319662B–D5BF–4538–ADF3–8D3E36362608} – C:\Documents and Settings\All Users\Dane aplikacji\x0ff\x0ff.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: inExplorer Search – {4E7BD74F–2B8D–469E–8AA5–A930F887B531} – C:\PROGRA~1\INEXPL~1\INEXPL~1.DLL
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [Sysnet] C:\Documents and Settings\KLIENT\Pulpit\snuninst.exe
O4 – HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 – HKLM\..\Run: [YYRJENC] C:\WINDOWS\YYRJENC.EXE
O4 – HKLM\..\Run: [pywrdll] C:\WINDOWS\pywrdll.exe
O4 – HKLM\..\Run: [pywrenc] C:\WINDOWS\pywrenc.EXE
O4 – HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 – HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: QuickTV.lnk = C:\Program Files\AVERTV2K\QuickTV.exe
O4 – Global Startup: TeleSA.lnk = C:\Program Files\AVer Teletext\AVerSA.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c403.cab
O16 – DPF: {85D1F3B2–2A21–11D7–97B9–0010DC2A6243} (SecureLogin class) – http://secure2.comned.com/signuptemplates/securelogin–devel.cab
O16 – DPF: {ABD45F35–2E4C–44C0–A075–6EF1DE75398E} (ClearStream Accelerator) – http://cdn.riversoftware.net/x0ff.cab
O23 – Service: avast! iAVS4 Control Service – Unknown – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – Unknown – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 – Service: LexBce Server – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Panda Process Protection Service – Unknown – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service – Unknown – C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 – Service: Panda IManager Service – Panda Software Internacional – C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 – Service: Windows VisFx Components – Unknown – C:\WINDOWS\pywrsvc.exe
Scan saved at 15:51:10, on 2005–06–06
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\pywrsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\YYRJENC.EXE
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\pywrdll.exe
C:\WINDOWS\pywrenc.EXE
C:\program files\tvs\tvs_b.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\AVERTV2K\QuickTV.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\antywir\Nowy folder\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: (no name) – {0AD937E7–2F37–4873–A05E–548A67EF1D0E} – (no file)
O2 – BHO: inExplorer Search – {4E7BD74F–2B8D–469E–8AA5–A930F887B531} – C:\PROGRA~1\INEXPL~1\INEXPL~1.DLL
O2 – BHO: FlashEnhancer Ext – {5EDB03AF–0341–4e96–9E9B–3171522E4BAF} – c:\Program Files\Fla\fla.dll
O2 – BHO: Xbrowse Class – {AC109D01–32D6–4EB5–8300–D3C5EBAC7C83} – C:\Documents and Settings\All Users\Dane aplikacji\x2ff\x2ff.dll
O2 – BHO: Xbrowse Class – {D319662B–D5BF–4538–ADF3–8D3E36362608} – C:\Documents and Settings\All Users\Dane aplikacji\x0ff\x0ff.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: inExplorer Search – {4E7BD74F–2B8D–469E–8AA5–A930F887B531} – C:\PROGRA~1\INEXPL~1\INEXPL~1.DLL
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [Sysnet] C:\Documents and Settings\KLIENT\Pulpit\snuninst.exe
O4 – HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 – HKLM\..\Run: [YYRJENC] C:\WINDOWS\YYRJENC.EXE
O4 – HKLM\..\Run: [pywrdll] C:\WINDOWS\pywrdll.exe
O4 – HKLM\..\Run: [pywrenc] C:\WINDOWS\pywrenc.EXE
O4 – HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 – HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: QuickTV.lnk = C:\Program Files\AVERTV2K\QuickTV.exe
O4 – Global Startup: TeleSA.lnk = C:\Program Files\AVer Teletext\AVerSA.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c403.cab
O16 – DPF: {85D1F3B2–2A21–11D7–97B9–0010DC2A6243} (SecureLogin class) – http://secure2.comned.com/signuptemplates/securelogin–devel.cab
O16 – DPF: {ABD45F35–2E4C–44C0–A075–6EF1DE75398E} (ClearStream Accelerator) – http://cdn.riversoftware.net/x0ff.cab
O23 – Service: avast! iAVS4 Control Service – Unknown – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – Unknown – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 – Service: LexBce Server – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
O23 – Service: Panda Process Protection Service – Unknown – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service – Unknown – C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
O23 – Service: Panda IManager Service – Panda Software Internacional – C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
O23 – Service: Windows VisFx Components – Unknown – C:\WINDOWS\pywrsvc.exe
Odpowiedzi: 6
Przywracanie – OFF
Zakoncz proces:
gglib.exe
Pozbądz się:
Zakoncz proces:
gglib.exe
Pozbądz się:
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
O4 – HKLM\..\Run: [vmtuner] gglib.exe
O18 – Filter: text/html – {F5A997DE–0ABA–46C1–ADC2–775D4EDD4E6C} – C:\WINDOWS\System32\mdkn.dll
O18 – Filter: text/plain – {F5A997DE–0ABA–46C1–ADC2–775D4EDD4E6C} – C:\WINDOWS\System32\mdkn.dll
nie mogę sobie dać rady
Logfile of HijackThis v1.99.0
Scan saved at 22:09:22, on 2005–06–08
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\gglib.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\AVERTV2K\QuickTV.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\antywir\Nowy folder\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [vmtuner] gglib.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: QuickTV.lnk = C:\Program Files\AVERTV2K\QuickTV.exe
O4 – Global Startup: TeleSA.lnk = C:\Program Files\AVer Teletext\AVerSA.exe
O18 – Filter: text/html – {F5A997DE–0ABA–46C1–ADC2–775D4EDD4E6C} – C:\WINDOWS\System32\mdkn.dll
O18 – Filter: text/plain – {F5A997DE–0ABA–46C1–ADC2–775D4EDD4E6C} – C:\WINDOWS\System32\mdkn.dll
O23 – Service: avast! iAVS4 Control Service – Unknown – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – Unknown – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 – Service: LexBce Server – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
Logfile of HijackThis v1.99.0
Scan saved at 22:09:22, on 2005–06–08
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\gglib.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\AVERTV2K\QuickTV.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\antywir\Nowy folder\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKLM\..\Run: [vmtuner] gglib.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: QuickTV.lnk = C:\Program Files\AVERTV2K\QuickTV.exe
O4 – Global Startup: TeleSA.lnk = C:\Program Files\AVer Teletext\AVerSA.exe
O18 – Filter: text/html – {F5A997DE–0ABA–46C1–ADC2–775D4EDD4E6C} – C:\WINDOWS\System32\mdkn.dll
O18 – Filter: text/plain – {F5A997DE–0ABA–46C1–ADC2–775D4EDD4E6C} – C:\WINDOWS\System32\mdkn.dll
O23 – Service: avast! iAVS4 Control Service – Unknown – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – Unknown – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 – Service: LexBce Server – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
Prawie Ci się udało, zostało jeszcze to:
Cały katalog C:\Program Files\Fla wylatuje z dysku
Moźesz jeszcze przejrzeć – http://sarc.com/avcenter/venc/data/adware.flashenhancer.html
Tam masz dokładniejszy wykaz śmieci jakie ten adware zostawia w rejestrze.
O2 – BHO: FlashEnhancer Ext – {5EDB03AF–0341–4e96–9E9B–3171522E4BAF} – c:\Program Files\Fla\fla.dll
Cały katalog C:\Program Files\Fla wylatuje z dysku
Moźesz jeszcze przejrzeć – http://sarc.com/avcenter/venc/data/adware.flashenhancer.html
Tam masz dokładniejszy wykaz śmieci jakie ten adware zostawia w rejestrze.
Logfile of HijackThis v1.99.0
Scan saved at 22:49:32, on 2005–06–06
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\AVERTV2K\QuickTV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\antywir\Nowy folder\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: FlashEnhancer Ext – {5EDB03AF–0341–4e96–9E9B–3171522E4BAF} – c:\Program Files\Fla\fla.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: QuickTV.lnk = C:\Program Files\AVERTV2K\QuickTV.exe
O4 – Global Startup: TeleSA.lnk = C:\Program Files\AVer Teletext\AVerSA.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 – Service: avast! iAVS4 Control Service – Unknown – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – Unknown – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 – Service: LexBce Server – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
Scan saved at 22:49:32, on 2005–06–06
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\AVERTV2K\QuickTV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\antywir\Nowy folder\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: FlashEnhancer Ext – {5EDB03AF–0341–4e96–9E9B–3171522E4BAF} – c:\Program Files\Fla\fla.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: QuickTV.lnk = C:\Program Files\AVERTV2K\QuickTV.exe
O4 – Global Startup: TeleSA.lnk = C:\Program Files\AVer Teletext\AVerSA.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 – Service: avast! iAVS4 Control Service – Unknown – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – Unknown – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 – Service: LexBce Server – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
Logfile of HijackThis v1.99.0
Scan saved at 22:49:32, on 2005–06–06
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\AVERTV2K\QuickTV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\antywir\Nowy folder\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: FlashEnhancer Ext – {5EDB03AF–0341–4e96–9E9B–3171522E4BAF} – c:\Program Files\Fla\fla.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: QuickTV.lnk = C:\Program Files\AVERTV2K\QuickTV.exe
O4 – Global Startup: TeleSA.lnk = C:\Program Files\AVer Teletext\AVerSA.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 – Service: avast! iAVS4 Control Service – Unknown – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – Unknown – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 – Service: LexBce Server – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
Scan saved at 22:49:32, on 2005–06–06
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
C:\Program Files\AVERTV2K\QuickTV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\antywir\Nowy folder\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gogle.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: FlashEnhancer Ext – {5EDB03AF–0341–4e96–9E9B–3171522E4BAF} – c:\Program Files\Fla\fla.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 – HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 – HKCU\..\Run: [Gadu–Gadu] "C:\Program Files\Gadu–Gadu\gg.exe" /tray
O4 – Global Startup: Microtek Scanner Finder.lnk = C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe
O4 – Global Startup: QuickTV.lnk = C:\Program Files\AVERTV2K\QuickTV.exe
O4 – Global Startup: TeleSA.lnk = C:\Program Files\AVer Teletext\AVerSA.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 – Service: avast! iAVS4 Control Service – Unknown – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: Ati HotKey Poller – Unknown – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: avast! Antivirus – Unknown – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 – Service: avast! Web Scanner – ALWIL Software – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 – Service: LexBce Server – Lexmark International, Inc. – C:\WINDOWS\system32\LEXBCES.EXE
Wyłącz przywracanie
Zakończ procesy:
pywrsvc.exe
MediaAccK.exe
YYRJENC.EXE
MediaAccess.exe
pywrdll.exe
pywrenc.EXE
tvs_b.exe
Z dodaj/usun odinstaluj Media Access
Usuń z dysku wyboldowane pliki/katalogi oraz zaptasz wpisy i FIX:
Teraz specjalne usuwanie tego:
Start >> Uruchom >> services.msc, wybierasz z listy usługę Windows VisFx Components i spod własciwosci zatrzymujesz ją.
Teraz w Hijacku w Config >> Misc Tools >> Delete an NT service, wklepujesz w okno: Windows VisFx Components, powierdzasz i po ponownym uruchomieniu systemu usuwasz plik
Zakończ procesy:
pywrsvc.exe
MediaAccK.exe
YYRJENC.EXE
MediaAccess.exe
pywrdll.exe
pywrenc.EXE
tvs_b.exe
Z dodaj/usun odinstaluj Media Access
Usuń z dysku wyboldowane pliki/katalogi oraz zaptasz wpisy i FIX:
O2 – BHO: (no name) – {0AD937E7–2F37–4873–A05E–548A67EF1D0E} – (no file)
O2 – BHO: inExplorer Search – {4E7BD74F–2B8D–469E–8AA5–A930F887B531} – C:\PROGRA~1\INEXPL~1\INEXPL~1.DLL
O2 – BHO: FlashEnhancer Ext – {5EDB03AF–0341–4e96–9E9B–3171522E4BAF} – c:\Program Files\Fla\fla.dll
O2 – BHO: Xbrowse Class – {AC109D01–32D6–4EB5–8300–D3C5EBAC7C83} – C:\Documents and Settings\All Users\Dane aplikacji\x2ff\x2ff.dll
O2 – BHO: Xbrowse Class – {D319662B–D5BF–4538–ADF3–8D3E36362608} – C:\Documents and Settings\All Users\Dane aplikacji\x0ff\x0ff.dll
O3 – Toolbar: inExplorer Search – {4E7BD74F–2B8D–469E–8AA5–A930F887B531} – C:\PROGRA~1\INEXPL~1\INEXPL~1.DLL
O4 – HKLM\..\Run: [Sysnet] C:\Documents and Settings\KLIENT\Pulpit\snuninst.exe
O4 – HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 – HKLM\..\Run: [YYRJENC] C:\WINDOWS\YYRJENC.EXE
O4 – HKLM\..\Run: [pywrdll] C:\WINDOWS\pywrdll.exe
O4 – HKLM\..\Run: [pywrenc] C:\WINDOWS\pywrenc.EXE
O4 – HKLM\..\Run: [tvs_b] C:\program files\tvs\tvs_b.exe
O4 – HKLM\..\Run: [FlaCPY] "C:\Program Files\Common Files\Java\flacpy.exe"
O16 – DPF: {15AD6789–CDB4–47E1–A9DA–992EE8E6BAD6} – http://static.windupdates.com/cab/MediaAccessVerisign/ie/bridge–c403.cab
O16 – DPF: {85D1F3B2–2A21–11D7–97B9–0010DC2A6243} (SecureLogin class) – http://secure2.comned.com/signuptemplates/securelogin–devel.cab
O16 – DPF: {ABD45F35–2E4C–44C0–A075–6EF1DE75398E} (ClearStream Accelerator) – http://cdn.riversoftware.net/x0ff.cab
Teraz specjalne usuwanie tego:
O23 – Service: Windows VisFx Components – Unknown – C:\WINDOWS\pywrsvc.exe
Start >> Uruchom >> services.msc, wybierasz z listy usługę Windows VisFx Components i spod własciwosci zatrzymujesz ją.
Teraz w Hijacku w Config >> Misc Tools >> Delete an NT service, wklepujesz w okno: Windows VisFx Components, powierdzasz i po ponownym uruchomieniu systemu usuwasz plik
Strona 1 / 1