Uruchom HijackThis
![n ->](https://forum.instalki.pl/images/smilies/013.gif)
Do a system scan only
![n ->](https://forum.instalki.pl/images/smilies/013.gif)
w okienku programu pokaże się log
![n ->](https://forum.instalki.pl/images/smilies/013.gif)
zaznacz kratki przy podanych wpisach
![n ->](https://forum.instalki.pl/images/smilies/013.gif)
klikasz
Fix checked- Kod: Zaznacz wszystko
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Policies\Explorer\Run: []
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Wylecz pamięci przenośne
Flash Disinfector lub sformatuj
W OTL wklej:
:Processes
Explorer.exe
:OTL
O32 - AutoRun File - File not found - -- [ NTFS ]
O32 - AutoRun File - [2009-09-14 13:45:20 | 00,000,080 | RHS- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-08-09 20:10:38 | 00,000,080 | RHS- | M] () - E:\AUTORUN.FCB -- [ NTFS ]
O32 - AutoRun File - [2009-09-14 13:45:20 | 00,000,080 | RHS- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2009-09-14 08:37:58 | 00,000,080 | RHS- | M] () - F:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{43fe892a-0582-11dd-a6b5-806d6172696f}\Shell\AutoRun\command - "" = d1vmq.exe
O33 - MountPoints2\{43fe892a-0582-11dd-a6b5-806d6172696f}\Shell\open\Command - "" = d1vmq.exe
O33 - MountPoints2\{43fe892b-0582-11dd-a6b5-806d6172696f}\Shell\AutoRun\command - "" = d1vmq.exe
O33 - MountPoints2\{43fe892b-0582-11dd-a6b5-806d6172696f}\Shell\open\Command - "" = d1vmq.exe
O33 - MountPoints2\{eb399782-088e-11dd-8733-001a73f0ba3c}\Shell\AutoRun\command - "" = d1vmq.exe
O33 - MountPoints2\{eb399782-088e-11dd-8733-001a73f0ba3c}\Shell\open\Command - "" = d1vmq.exe
:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]
:Files
C:\d1vmq.exe
D:\d1vmq.exe
E:\d1vmq.exe
F:\d1vmq.exe
:Commands
[emptytemp]
[start explorer]
[Reboot]
Klikasz
Run Fix. Dajesz log z usuwania + nowy log OTL