SpySheriff i co dalej?
Mam problem. Spyshariff i nie wiem co mam zrobić. Na pulpicie ukazuje mi się napis "your system is infected". Co chwile zalącza jakiś dziwny program. Nie moźna zmienić spowrotem tapety. Co mam zrobić? Z tego co wiem to naleźy zassać HijackThis i walnąć loga. Ale co dalej to nie wiem. Jestem początkującym uźytkownikiem kompa i proszę o pomoc. Proszę pisać krok po kroku co mam zrobić. Z góry dziękuję.
Mój log to:
Logfile of HijackThis v1.99.1
Scan saved at 13:51:46, on 2005–07–21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\symcsvc.exe
C:\WINDOWS\System32\~update.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
D:\Instalki\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4336
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4336
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.1/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [desktop] C:\WINDOWS\System32\desktop.exe
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 – HKLM\..\RunServices: [desktop] C:\WINDOWS\System32\desktop.exe
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120642959953
O16 – DPF: {74D05D43–3236–11D4–BDCD–00C04F9A3B61} (HouseCall Control) – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_36.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GameDesire Slots 80th) – http://67.15.101.3/g_bin/pl/slots80_2_0_0_24.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{8E5A91AE–82A3–4684–9480–FEBBC459E9C0}: NameServer = 217.30.137.200,217.30.129.149
O21 – SSODL: System – {46B23612–179E–4F83–A212–C17912FE9F42} – vr_sys.dll (file missing)
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Mój log to:
Logfile of HijackThis v1.99.1
Scan saved at 13:51:46, on 2005–07–21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\symcsvc.exe
C:\WINDOWS\System32\~update.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
D:\Instalki\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4336
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4336
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.1/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [desktop] C:\WINDOWS\System32\desktop.exe
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 – HKLM\..\RunServices: [desktop] C:\WINDOWS\System32\desktop.exe
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120642959953
O16 – DPF: {74D05D43–3236–11D4–BDCD–00C04F9A3B61} (HouseCall Control) – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_36.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GameDesire Slots 80th) – http://67.15.101.3/g_bin/pl/slots80_2_0_0_24.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{8E5A91AE–82A3–4684–9480–FEBBC459E9C0}: NameServer = 217.30.137.200,217.30.129.149
O21 – SSODL: System – {46B23612–179E–4F83–A212–C17912FE9F42} – vr_sys.dll (file missing)
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Odpowiedzi: 6
Jeszcze:
O4 – HKLM\..\Run: [desktop] C:\WINDOWS\System32\desktop.exe
O4 – HKLM\..\RunServices: [desktop] C:\WINDOWS\System32\desktop.exe
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe
a teraz ???
Logfile of HijackThis v1.99.1
Scan saved at 15:22:04, on 2005–07–21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Instalki\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.1/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [desktop] C:\WINDOWS\System32\desktop.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\RunServices: [desktop] C:\WINDOWS\System32\desktop.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120642959953
O16 – DPF: {74D05D43–3236–11D4–BDCD–00C04F9A3B61} (HouseCall Control) – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_36.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GameDesire Slots 80th) – http://67.15.101.3/g_bin/pl/slots80_2_0_0_24.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{8E5A91AE–82A3–4684–9480–FEBBC459E9C0}: NameServer = 217.30.137.200,217.30.129.149
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 15:22:04, on 2005–07–21
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Instalki\hijackthis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
R1 – HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://192.168.0.1/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 – HKLM\..\Run: [desktop] C:\WINDOWS\System32\desktop.exe
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 – HKLM\..\RunServices: [desktop] C:\WINDOWS\System32\desktop.exe
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120642959953
O16 – DPF: {74D05D43–3236–11D4–BDCD–00C04F9A3B61} (HouseCall Control) – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 – DPF: {83AFB5CA–ED35–11D4–A452–0080C8D85045} (GameDesire Poker Games) – http://67.15.101.3/g_bin/pl/poker_2_0_0_36.cab
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 – DPF: {A9ED6AA2–D9D4–4D71–9586–E293E2E3580B} (GameDesire Marbles&Diamonds&Runes) – http://67.15.101.3/g_bin/pl/marbles_2_0_0_21.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O16 – DPF: {ECEAD8AE–01D6–11D5–9A39–0080C8D85044} (GameDesire Slots 80th) – http://67.15.101.3/g_bin/pl/slots80_2_0_0_24.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{8E5A91AE–82A3–4684–9480–FEBBC459E9C0}: NameServer = 217.30.137.200,217.30.129.149
O23 – Service: AVG7 Alert Manager Server (Avg7Alrt) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 – Service: AVG7 Update Service (Avg7UpdSvc) – GRISOFT, s.r.o. – C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
Jak juz się tapetki pozbyłeś to dobij jeszcze reszte śmiecia.
Przywracanie wyłączyć, to ubić:
Przywracanie wyłączyć, to ubić:
C:\WINDOWS\System32\symcsvc.exe
C:\WINDOWS\System32\~update.exe (nie wiem co robi tutaj ta tylda w nazwie. Poszukaj tego pliku na dysku i sprawdz własciwości)
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4336
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4336
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
O4 – HKLM\..\Run: [desktop] C:\WINDOWS\System32\desktop.exe
O4 – HKLM\..\RunServices: [desktop] C:\WINDOWS\System32\desktop.exe
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe
(HouseCall Control) – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O21 – SSODL: System – {46B23612–179E–4F83–A212–C17912FE9F42} – vr_sys.dll (file missing)
Jak juz się tapetki pozbyłeś to dobij jeszcze reszte śmiecia.
Przywracanie wyłączyć, to ubić:
Przywracanie wyłączyć, to ubić:
C:\WINDOWS\System32\symcsvc.exe
C:\WINDOWS\System32\~update.exe (nie wiem co robi tutaj ta tylda w nazwie. Poszukaj tego pliku na dysku i sprawdz własciwości)
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4336
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4336
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
O4 – HKLM\..\Run: [desktop] C:\WINDOWS\System32\desktop.exe
O4 – HKLM\..\RunServices: [desktop] C:\WINDOWS\System32\desktop.exe
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe
(HouseCall Control) – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O21 – SSODL: System – {46B23612–179E–4F83–A212–C17912FE9F42} – vr_sys.dll (file missing)
Jak juz się tapetki pozbyłeś to dobij jeszcze reszte śmiecia.
Przywracanie wyłączyć, to ubić:
Przywracanie wyłączyć, to ubić:
C:\WINDOWS\System32\symcsvc.exe
C:\WINDOWS\System32\~update.exe (nie wiem co robi tutaj ta tylda w nazwie. Poszukaj tego pliku na dysku i sprawdz własciwości)
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchcentral.cc/search.php?v=4&aff=4336
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchcentral.cc/index.php?v=4&aff=4336
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = blank.htm
O4 – HKLM\..\Run: [desktop] C:\WINDOWS\System32\desktop.exe
O4 – HKLM\..\RunServices: [desktop] C:\WINDOWS\System32\desktop.exe
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O16 – DPF: {14A3221B–1678–1982–A355–7263B1281987} – ms–its:mhtml:file://C:\foo.mht!http://82.179.170.82/e9xr2.chm::/file.exe
(HouseCall Control) – http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O21 – SSODL: System – {46B23612–179E–4F83–A212–C17912FE9F42} – vr_sys.dll (file missing)
Znalazłem narzędzie do usunięcia tego goowienka :)
bierzcie i niszczcie tego Sheriffa :)
link : http://www.trendmicro.com/spyware–scan/
bierzcie i niszczcie tego Sheriffa :)
link : http://www.trendmicro.com/spyware–scan/
Strona 1 / 1