medload – kako ga zbrisem?
Medload je malo bolj zahrbten in z iskanjem po registru žal ne bo šlo.
Poskusi najprej še s kakim drugim antispywarom, Adware, SpyBot S&D, MS Antispyware, če pa ne bo šlo, bo treba pa na roke poiskat in pobrisat naslednje stvari :
V registru (briši točno to, če nisi sigurna raje ne briši nič)
Poišči ključ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
in zbriši vse vrednosti, katere obstajajo od telih :
“loads.exe” = “%Windir%\medload.exe”
“sixtysix” = “[PATH TO ORIGINAL FILE]”
“popuppers” = “[PATH TO ORIGINAL FILE]”
“popuppers64” = “[PATH TO ORIGINAL FILE]”
“seeve.exe” = “[PATH TO ORIGINAL FILE]”
ključ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
briši vrednosti
“(Default)” = “%Windir%\system32\objsafe.tlb”
“(Default)” = “%Windir%\Downloaded Program Files\m67m.ocx”
ključ HKEY_CURRENT_USER\Software\WinRAR SFX\
briši
“%ProgramFiles%\joystick networks\setup” = “%ProgramFiles%\joystick networks\setup”
“%UserProfile%\Desktop” = “UserProfile%\Desktop”
ključ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
briši
“media-motor” = “%Windir%\unstall.exe”
Poišči še vse te ključe, če najdeš kakega, ga pobriši
HKEY_CLASSES_ROOT\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}
HKEY_CLASSES_ROOT\CLSID\{E0CE16CB-741C-4B24-8D04-A817856E07F4}
HKEY_CLASSES_ROOT\Interface\{3E4BCF50-865B-4EF4-A0BC-BF57229EA525}
HKEY_CLASSES_ROOT\Interface\{5F08A37A-11BB-4FCE-9AE4-21897CABAA7E}
HKEY_CLASSES_ROOT\Interface\{64A5BD22-8D8A-4193-9CF8-7DB5212ABB17}
HKEY_CLASSES_ROOT\Interface\{674A6BD5-317A-49CF-9647-1E085E660CE0}
HKEY_CLASSES_ROOT\Interface\{79D6F884-C4C3-4CC8-9430-D8C17B47FF0E}
HKEY_CLASSES_ROOT\Interface\{9F61CFDF-5C79-4D35-B4DA-766B28367223}
HKEY_CLASSES_ROOT\Interface\{AD29366C-63AA-4FF3-944F-91AD7193BCA2}
HKEY_CLASSES_ROOT\Interface\{E832FFDE-8ED2-47B7-BE50-729A238040A0}
HKEY_CLASSES_ROOT\Interface\{A9136CFD-FD01-41B8-9969-0B37720ED8AB}
HKEY_CLASSES_ROOT\Interface\{B2EEDA99-DA99-4D0D-9F7F-143C30521388}
HKEY_CLASSES_ROOT\TypeLib\{78A163D2-2358-464D-807B-0E2A078C7727}
HKEY_CLASSES_ROOT\TypeLib\{466C63AC-F26E-49F1-861A-E07DA768A46A}
HKEY_CLASSES_ROOT\IObjSafety.DemoCtl
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\
Distribution Units\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Uninstall\media-motor
HKEY_LOCAL_MACHINE\SOFTWARE\mm
HKEY_ALL_USERS%\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\ZoneMap\Domains\media-motor.net
HKEY_ALL_USERS%\Software\Microsoft\Windows\CurrentVersion\
Internet Settings\ZoneMap\Domains\popuppers.com
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
ModuleUsage\C:/WINDOWS/Downloaded Program Files/m67m.ocx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
ModuleUsage\C:/WINDOWS/system32/objsafe.tlb
To je bilo v registru, nato se lotiš datotek in map na disku.
Zbriši te mape, če jih najdeš
\Program Files\MyWebSearch
\Program Files\Games\
\Program Files\CashBack\
\Program Files\NaviSearch\
\Program Files\BullsEye Network\
\Program Files\Viewpoint\
\Program Files\MyDailyHoroscope\
\Program Files\Date Manager\
in te datoteke, če jih najdeš
\WINDOWS\medload.exe
\WINDOWS\updatetc.exe
\WINDOWS\System32\winb2s32.dll
\WINDOWS\System32\nvms.dll
\WINDOWS\System32\mscb.dll
\WINDOWS\System32\msbe.dll
\WINDOWS\System32\odgcsu.exe
Na konci zbriši vse začasne internetne datoteke, vse v začasni mapi documents and settings\tvoj_uporabnik\local settings\temp in še vse vse v mapi \Windows\Temp.
In to je to…
ok, tule je:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\minilog.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Uporabnik\Desktop\HijackThis.exe
O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 – HKLM\..\Run: [ATIPTA] “C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe”
O4 – HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 – HKLM\..\Run: [nod32kui] “C:\Program Files\Eset\nod32kui.exe” /WAITSERVICE
O4 – HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 – HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 – HKLM\..\Run: [THGuard] “C:\Program Files\TrojanHunter 4.2\THGuard.exe”
O4 – HKCU\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
O4 – Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O8 – Extra context menu item: I&zvoz v Microsoft Excel – res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 – Extra button: Raziskovanje – {92780B25-18CC-41C8-B9BE-3C9C571A8263} – C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133945489034
O17 – HKLM\System\CCS\Services\Tcpip\..\{40D1F396-095D-4B4D-8190-4821BECFB0B8}: NameServer = 213.172.243.171
O17 – HKLM\System\CCS\Services\Tcpip\..\{C85CBEAE-0DB8-4BF9-8C1F-8290F929DF2C}: NameServer = 217.72.64.10 217.72.64.11
O23 – Service: Adobe LM Service – Unknown owner – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: Amsidekvad – Unknown owner – (no file)
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: ewido security suite control – ewido networks – C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 – Service: ewido security suite guard – ewido networks – C:\Program Files\ewido\security suite\ewidoguard.exe
O23 – Service: InstallDriver Table Manager (IDriverT) – Macrovision Corporation – C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 – Service: TrueVector Basic Logging Client (minilog) – Zone Labs Inc. – C:\WINDOWS\system32\ZoneLabs\minilog.exe
O23 – Service: NOD32 Kernel Service (NOD32krn) – Eset – C:\Program Files\Eset\nod32krn.exe
O23 – Service: StarWind iSCSI Service (StarWindService) – Rocket Division Software – C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 – Service: TrueVector Internet Monitor (vsmon) – Zone Labs Inc. – C:\WINDOWS\system32\ZoneLabs\vsmon.exe
lp
Forum je zaprt za komentiranje.