spysheriff – prosze o sprawdzenie loga
prosze o sprawdzenie loga. tylko prosze nie odsyłajcie mnie do innych tematów, bo ja kompletnie sie na tym nie znam i musze mieć jasno napisane krok po kroku co robić...
Logfile of HijackThis v1.99.1
Scan saved at 12:27:26, on 2005–10–01
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\winstall.exe
C:\winstall.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Juli\USTAWI~1\Temp\Rar$EX01.735\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/pps.php
R1 – HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 – Hosts: auto.search.msn.com 127.0.0.1
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: Norton Internet Security – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Norton Internet Security – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47–1B26–432e–9F84–188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 – DefaultPrefix: http://103.nowfind.biz/gall.php?url=
O13 – WWW Prefix: http://103.nowfind.biz/gall.php?url=
O13 – Home Prefix: http://103.nowfind.biz/gall.php?url=
O13 – Mosaic Prefix: http://103.nowfind.biz/gall.php?url=
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: ISSvc (ISSVC) – Symantec Corporation – C:\Program Files\Norton Internet Security\ISSVC.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:27:26, on 2005–10–01
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\winstall.exe
C:\winstall.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Juli\USTAWI~1\Temp\Rar$EX01.735\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/pps.php
R1 – HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O1 – Hosts: auto.search.msn.com 127.0.0.1
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 – BHO: Norton Internet Security – {9ECB9560–04F9–4bbc–943D–298DDF1699E1} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 – BHO: NAV Helper – {BDF3E430–B101–42AD–A544–FADC6B084872} – C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: Norton Internet Security – {0B53EAC3–8D69–4b9e–9B19–A37C9A5676A7} – C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 – Toolbar: Norton AntiVirus – {42CDD1BF–3FFB–4238–8AD1–7859DF00B1D6} – C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 – HKLM\..\Run: [C–Media Mixer] Mixer.exe /startup
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 – HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 – HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47–1B26–432e–9F84–188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 – HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 – HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.1_01\bin\npjpi141_01.dll
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O12 – Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O13 – DefaultPrefix: http://103.nowfind.biz/gall.php?url=
O13 – WWW Prefix: http://103.nowfind.biz/gall.php?url=
O13 – Home Prefix: http://103.nowfind.biz/gall.php?url=
O13 – Mosaic Prefix: http://103.nowfind.biz/gall.php?url=
O16 – DPF: {9A9307A0–7DA4–4DAF–B042–5009F29E09E1} (ActiveScan Installer Class) – http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\Program Files\AVPersonal\AVGUARD.EXE
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany – C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: Symantec Event Manager (ccEvtMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 – Service: Symantec Network Proxy (ccProxy) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 – Service: Symantec Password Validation (ccPwdSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 – Service: Symantec Settings Manager (ccSetMgr) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 – Service: ISSvc (ISSVC) – Symantec Corporation – C:\Program Files\Norton Internet Security\ISSVC.exe
O23 – Service: Norton AntiVirus Auto–Protect Service (navapsvc) – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: SAVScan – Symantec Corporation – C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 – Service: ScriptBlocking Service (SBService) – Symantec Corporation – C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 – Service: Symantec Network Drivers Service (SNDSrvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 – Service: Symantec SPBBCSvc (SPBBCSvc) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 – Service: Symantec Core LC – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\CCPD–LC\symlcsvc.exe
Odpowiedzi: 1
Przychylam się do prośby o nieodsyłanie do innych tematów – choć było juź o tym tyle razy – i podpowiadam tutaj.
– wyłacz przywracanie systemu wg przepisu z FAQ w tym dziale
– zakończ procesy w menadzerze zadań (alt + ctrl + del)
winstall.exe – jest 2 razy
SpySheriff.exe
– to co powyźej zaznacz w Hijacku i kliknij fix checked
– plik i katalog SpySheriff'a usuwasz z dysku ręcznie
– jeszcze jedno w uruchom wpisujesz: regedit /e log.txt HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
W katalogu Twojego profilu będzie plik tekestowy którego chciałbym zobaczyć
PS. Śmiem twierdzić, źe prawie na pewno nowfind ma ukrytego regeneratora, jeśli nie pomoźe zwykłe wykoszenie wpisów trzeba będzie go poszukać.
– wyłacz przywracanie systemu wg przepisu z FAQ w tym dziale
– zakończ procesy w menadzerze zadań (alt + ctrl + del)
winstall.exe – jest 2 razy
SpySheriff.exe
R1 – HKCU\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://103.nowfind.biz/pps.php
R1 – HKLM\Software\Microsoft\Internet Explorer,Search = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://103.nowfind.biz/pps.php
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://103.nowfind.biz/pps.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php
R1 – HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://103.nowfind.biz/pps.php
R0 – HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://103.nowfind.biz/pps.php
O1 – Hosts: auto.search.msn.com 127.0.0.1
O4 – HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 – HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 – HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O9 – Extra button: Related – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra 'Tools' menuitem: Show &Related Links – {c95fe080–8f5d–11d2–a20b–00aa003c157a} – C:\WINDOWS\web\related.htm
O13 – DefaultPrefix: http://103.nowfind.biz/gall.php?url=
O13 – WWW Prefix: http://103.nowfind.biz/gall.php?url=
O13 – Home Prefix: http://103.nowfind.biz/gall.php?url=
O13 – Mosaic Prefix: http://103.nowfind.biz/gall.php?url=
– to co powyźej zaznacz w Hijacku i kliknij fix checked
– plik i katalog SpySheriff'a usuwasz z dysku ręcznie
– jeszcze jedno w uruchom wpisujesz: regedit /e log.txt HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
W katalogu Twojego profilu będzie plik tekestowy którego chciałbym zobaczyć
PS. Śmiem twierdzić, źe prawie na pewno nowfind ma ukrytego regeneratora, jeśli nie pomoźe zwykłe wykoszenie wpisów trzeba będzie go poszukać.
Strona 1 / 1