Gość: mariusz IP: *.neoplus.adsl.tpnet.pl 28.12.04, 13:16 Jak go usunąć? Mks nie może skasowac pliku, próbowałem sam go skasować wyskakuje komunikat `Nie można usunąc WinServAd: odmowa dostępu. Prosz o pomoc z gory dziękuje pozdr Odpowiedz Link Zgłoś Obserwuj wątek Podgląd Opublikuj
netsec Re: Adware.Winadd 28.12.04, 15:10 Zacznij od odinstalowania śmieci w Panelu sterowania Dodaj/usuń Programy. Odpowiedz Link Zgłoś
Gość: mariusz Re: Adware.Winadd IP: *.neoplus.adsl.tpnet.pl 28.12.04, 16:38 Odinstalowałem,co dalej? Odpowiedz Link Zgłoś
netsec Re: Adware.Winadd 29.12.04, 09:24 Co dokładnie odisntalowałeś? Wklej log z HJ. Odpowiedz Link Zgłoś
Gość: mariusz Re: Adware.Winadd IP: *.neoplus.adsl.tpnet.pl 29.12.04, 15:42 To mój log z HJ. Logfile of HijackThis v1.99.0 Scan saved at 15:42:11, on 2004-12-29 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\System32\sstray.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\taskbaricon.exe C:\WINDOWS\System32\G-VGA.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Windows ServeAd\WinServAd.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\Program Files\Windows ServeAd\WinServSuit.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\wuauclt.exe C:\Documents and Settings\mmm.MMML-\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis1.99.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32 \NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32 \NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KonektorTP] "c:\program files\konektortp\konektortp.exe" tray O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" - atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int164815.exe -auto O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - HKCU\..\Run: [Steam] "c:\gry\valve\steam\steam.exe" -silent O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4 \PCAlert4.exe O16 - DPF: IEToolbarCab - http://www.asiantoolbar.com/DailyToolbar.CAB O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_15.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_ site.cab?1098359306794 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67135BDA-6546-4426-BC94-BB5AF5005231} (GameDesire Checkers) - http://67.15.101.3/g_bin/pl/checkers_2_0_0_15.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_34.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A1FE3DE0-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Demon) - http://67.15.101.3/g_bin/pl/demon_2_0_0_18.cab O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_28.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_26.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.101.3/g_bin/pl/slots80_2_0_0_20.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en- us/tools/mcfscan/2,0,0,4404/mcfscan.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/pl/billard9_2_0_0_21.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{15DCC01F-CBF8-4CCF-B307-12CD71FA321C}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip\..\{15DCC01F-CBF8-4CCF-B307-12CD71FA321C}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe Odpowiedz Link Zgłoś
netsec Re: Adware.Winadd 29.12.04, 16:14 Zamknij Internet Explorer i usuń w HJ te pozycje: O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int164815.exe -auto O4 - HKCU\..\Run: [Steam] "c:\gry\valve\steam\steam.exe" -silent O16 - DPF: IEToolbarCab - www.asiantoolbar.com/DailyToolbar.CAB Po tym uruchom kompa i przeczytaj ten wątek: forum.gazeta.pl/forum/72,2.html?f=430&w=18815131 Dodatkowo: Zainstaluj Ad-aware 1.05 SE przed skanowaniem sprawdzaj aktualizacje i raz w tygodniu skanouj system. Zainstaluj SpyBot Search & Destroy również przed skanowaniem należy aktualizować. Należy pamiętać, że aktualizacje zostają pobrane dopiero po zaznaczeniu pozycji na liście dostępnych aktualizacji. Przed instalacją programu zapoznaj się z instrukcja PL online: spybot.safer-networking.de/pl/tutorial/index.html Polecam zmianę domyślnej przeglądarki na Firefox www.firefox.pl Dodatkowo zaktualizuj Sun Javę do najnowszej wersji: java.sun.com/webapps/download/AutoDL?BundleId=9723 Koniecznie zainstaluj SpywareBlaster 3.2 zabezpieczy cię przed kolejnymi niespodziankami. Opis: forum.gazeta.pl/forum/72,2.html?f=23618&w=16148176&wv.x=2&a=18183530 Konfiguracja: forum.gazeta.pl/forum/72,2.html?f=23618&w=16148176&wv.x=2&a=18214375 Tak przed tym wszystkim zainstaluj przynajmniej serwis pack 1 dla XP lub SP2 :) Odpowiedz Link Zgłoś
Gość: mariusz Re: Adware.Winadd IP: *.neoplus.adsl.tpnet.pl 29.12.04, 19:09 czesc wykasowałem i poinstalowałem programy,a co do Winxp to mój kod zaczyna się od FCKGW i wszystko jasne. Dzięki za pomoc pozdrawiam Odpowiedz Link Zgłoś
Gość: mariusz Re: Adware.Winadd IP: *.neoplus.adsl.tpnet.pl 30.12.04, 00:05 A Adware.winadd nadal siedzi w windows,jak się go pozbyć????. Odpowiedz Link Zgłoś
netsec Re: Adware.Winadd 30.12.04, 11:28 Wyłącz przywracanie systemu. support.microsoft.com/default.aspx?scid=kb;pl;310405 Upewnij się, że opcja Pokaż wszystkie pliki w Eksploratorze Windows jest włączona. a. Kliknij przycisk Start, kliknij polecenie Mój komputer, kliknij menu Narzędzia, a następnie kliknij polecenie Opcje folderów. Kliknij kartę Widok. b. W sekcji Ustawienia zaawansowane kliknij pozycję Pokaż ukryte pliki i foldery. c. W sekcji Ustawienia zaawansowane kliknij, aby wyczyścić pole wyboru Ukryj chronione pliki systemu operacyjnego (zalecane). Uruchom komputer w trybie awaryjnym: support.microsoft.com/default.aspx?scid=KB;PL;315222 Znajdź i usuń pliki WinAdTool.exe , WinRatchet.exe i WinServAd.exe . Po tym uruchom komputer w normalny sposób i przeskanuj SPYBOT? Na koniec wklej aktualny log z HJ. Odpowiedz Link Zgłoś
Gość: mariusz Re: Adware.Winadd IP: *.neoplus.adsl.tpnet.pl 30.12.04, 21:25 Logfile of HijackThis v1.99.0 Scan saved at 21:25:10, on 2004-12-30 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\sstray.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\taskbaricon.exe C:\WINDOWS\System32\G-VGA.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\System32\wuauclt.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\mmm.MMML-\Ustawienia lokalne\Temp\Katalog tymczasowy 1 dla hijackthis1.99.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32 \NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32 \NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [KonektorTP] "c:\program files\konektortp\konektortp.exe" tray O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" - atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05 \bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4 \PCAlert4.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841- 88899F240200} - C:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (file missing) (HKCU) O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_15.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_ site.cab?1098359306794 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67135BDA-6546-4426-BC94-BB5AF5005231} (GameDesire Checkers) - http://67.15.101.3/g_bin/pl/checkers_2_0_0_15.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_34.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A1FE3DE0-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Demon) - http://67.15.101.3/g_bin/pl/demon_2_0_0_18.cab O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_28.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_26.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.101.3/g_bin/pl/slots80_2_0_0_20.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en- us/tools/mcfscan/2,0,0,4404/mcfscan.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/pl/billard9_2_0_0_21.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{15DCC01F-CBF8-4CCF-B307-12CD71FA321C}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip\..\{15DCC01F-CBF8-4CCF-B307-12CD71FA321C}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files Odpowiedz Link Zgłoś
netsec Re: Adware.Winadd 30.12.04, 21:35 Miałes to usunąc i co? O4 - HKLM\..\Run: [Windows ServeAd] C:\Program Files\Windows ServeAd\WinServAd.exe Odpowiedz Link Zgłoś
Gość: mariusz Re: Adware.Winadd IP: *.neoplus.adsl.tpnet.pl 30.12.04, 21:44 Logfile of HijackThis v1.99.0 Scan saved at 21:47:12, on 2004-12-30 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\sstray.exe C:\PROGRA~1\NEOSTR~1\CnxMon.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\PROGRA~1\NEOSTR~1\taskbaricon.exe C:\WINDOWS\System32\G-VGA.exe C:\WINDOWS\System32\RUNDLL32.EXE C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe C:\Program Files\MSI\PC Alert 4\PCAlert4.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\McAfee\McAfee Firewall\CPD.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\PROGRA~1\NEOSTR~1\NeostradaTP.exe C:\PROGRA~1\NEOSTR~1\ComComp.exe C:\PROGRA~1\NEOSTR~1\Watch.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\mmm.MMML-\Ustawienia lokalne\Temp\Katalog tymczasowy 2 dla hijackthis1.99.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32 \NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\taskbaricon.exe O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32 \NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" - atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05 \bin\jusched.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4 \PCAlert4.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (file missing) (HKCU) O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841- 88899F240200} - C:\Program Files\Agnitum\Outpost Firewall\TRASH.EXE (file missing) (HKCU) O16 - DPF: {18506D80-9B80-11D4-82C2-0080C8D7ED4A} (GameDesire Roulette) - http://67.15.101.3/g_bin/pl/roulette_2_0_0_15.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {41ACD49D-1974-791A-0981-AA9872721044} (GINBOARDS Class) - http://67.15.101.3/g_bin/pl/boards_2_0_0_15.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_ site.cab?1098359306794 O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {67135BDA-6546-4426-BC94-BB5AF5005231} (GameDesire Checkers) - http://67.15.101.3/g_bin/pl/checkers_2_0_0_15.cab O16 - DPF: {83AFB5CA-ED35-11D4-A452-0080C8D85045} (GameDesire Poker Games) - http://67.15.101.3/g_bin/pl/poker_2_0_0_34.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {A1FE3DE0-CF77-11D4-8340-0080C8D7ED4A} (GameDesire Pinball Demon) - http://67.15.101.3/g_bin/pl/demon_2_0_0_18.cab O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.3/g_bin/pl/slots70_2_0_0_20.cab O16 - DPF: {AC120B1D-9411-4111-AF52-118052D85D45} (GameDesire Darts Games) - http://67.15.101.3/g_bin/pl/darts_2_0_0_28.cab O16 - DPF: {BFA1F11D-3121-AFE1-4112-894323212DAC} (GameDesire Word Games) - http://67.15.101.3/g_bin/pl/words_2_0_0_26.cab O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) - http://skaner.mks.com.pl/SkanerOnline.cab O16 - DPF: {ECEAD8AE-01D6-11D5-9A39-0080C8D85044} (GameDesire Slots 80th) - http://67.15.101.3/g_bin/pl/slots80_2_0_0_20.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en- us/tools/mcfscan/2,0,0,4404/mcfscan.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/pl/billard8_2_0_0_21.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C2} (GameDesire Pool 9) - http://67.15.101.3/g_bin/pl/billard9_2_0_0_21.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C4} (GameDesire Pool Training) - http://67.15.101.3/g_bin/pl/billardt_2_0_0_21.cab O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.3/g_bin/pl/snooker_2_0_0_21.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{15DCC01F-CBF8-4CCF-B307-12CD71FA321C}: NameServer = 194.204.152.34 217.98.63.164 O17 - HKLM\System\CS2\Services\Tcpip\..\{15DCC01F-CBF8-4CCF-B307-12CD71FA321C}: NameServer = 194.204.152.34 217.98.63.164 O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: Symantec Password Validation - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: McAfee Firewall - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE O23 - Service: NVIDIA Disp Odpowiedz Link Zgłoś
Gość: mariusz Re: Adware.Winadd IP: *.neoplus.adsl.tpnet.pl 31.12.04, 11:19 Adwaer.Winadd został usunięty,sprawdzałem Mksm on-line Dzięki za pomoc Wszystkiego dobrego na nowy rok czesc Odpowiedz Link Zgłoś
Gość: Seba Re: Adware.Winadd IP: *.szczecin.mm.pl 17.01.05, 22:07 Mam problem. Przypatrywałem się postowi Mariusza i ja mam podobny problem, a właściwie kilka. Po skanowaniu mks online wyskoczyło mi kilka ad-warów, których nie mogę skasować: Adware. Winadd, Adware. Admili, Adware. Ncase180 i Adware.180solutions niestety program Adware SE 1,5 Personal nie wywlił mi tego gówna. Bardzo bym prosił Cię o radę. A to mój log: Logfile of HijackThis v1.99.0 Scan saved at 21:55:51, on 2005-01-17 Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.ex e C:\WINDOWS\system32\services.ex e C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\WinTools\WToolsA.exe C:\Program Files\Common Files\WinTools\WSup.exe C:\Program Files\Java\j2re1.4.2_04\bin\jus ched.exe C:\Program Files\Common Files\Real\Update_OB\realsched. exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\WINDOWS\system32\RUNDLL32.EX E C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Gadu-Gadu\gg.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE C:\Program Files\eMule\emule.exe C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Seba\Moje dokumenty\HijackThis.exe R0 - HKCU\Software\Microsoft\Interne t Explorer\Main,Start Page = www.onet.pl/ R0 - HKCU\Software\Microsoft\Interne t Explorer\Toolbar,LinksFolderNam e = R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03 910972} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D 6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper .ocx O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC 94A183} - C:\PROGRA~1 \COMMON~1\WinTools\WToolsB.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04 \bin\jusched.exe O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [Onet.pl AutoUpdate] "C:\Program Files\Common Files\Onet.pl\NewAutoUpdate.exe " /updateexetsr O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched. exe" -osboot O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32 \NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32 \NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [gpoj] C:\WINDOWS\gpoj.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.e xe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [WPA] regedit.exe /s WXMCE_WPA_CRACK.reg O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\W ToolsA.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [spywatch] C:\Program Files\BulletProofSoft.com\Spywa reRemover\SpyWatch.exe /STARTUP O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Offi ce10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C 608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5- 00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F 795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E- 00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE 20BDF7} (MainControl Class) - skaner.mks.com.pl/SkanerOnline.cab O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Panda Firewall Service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe O23 - Service: SoundMAX Agent Service - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe Pozdrawiam Seba Odpowiedz Link Zgłoś
netsec Re: Adware.Winadd 18.01.05, 09:39 Wyłącz przywracanie systemu. Urchom komputer w trybie awaryjnym. Uwaga! Przy starcie do awaryjnego dostaniesz pytanie o wybór konta. NIE wybieraj konta Administratora tylko swoje własne imienne, bo na tym profilu jest syf. Po uruchomieniu komputera w trybie awaryjnym, nie otwieraj Internet Explorera. Na początek odinstaluj (w Dodaj/Usuń programy) fałszywy program antyszpiegowski Spyware Remover, a po tym usuń te pozycje, o ile są u Ciebie: Neo Technology Search Engine Unistall 180 sertchAssistant Web Tools by Hotbar WebRebates(by TopReates.com) Windows Active Windovs AdControl Windows SR2.0 Windows AdTools Windows ServeAd Internet Optimizer Po tym uruchom HiJackThis wykonaj ‘Do a system scan only’ i zaznacz(haczykiem) te pozycje: R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03 910972} - (no file) O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC 94A183} - C:\PROGRA~1\COMMON~1\WinTools\W ToolsB.dll O4 - HKLM\..\Run: [gpoj] C:\WINDOWS\gpoj.exe O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\W ToolsA.exe O4 - HKLM\..\Run: [WPA] regedit.exe /s WXMCE_WPA_CRACK.reg O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\W ToolsA.exe O4 - HKCU\..\Run: [spywatch] C:\Program Files\BulletProofSoft.com\Spywa reRemover\SpyWatch.exe /STARTUP Po tym kliknij FIXCHECKED i powierdź usunięcie TAK/OK. W Opcjach internetowych usuń wszystkie Tymczasowe pliki Internetowe (całą zawartośc offline). Uruchom komputer ponownie. Odpowiedz Link Zgłoś
