View previous topic :: View next topic |
Author |
Message |
Shewanna Sexy Biatch
Joined: 23 Nov 2003 Posts: 2100 Location: All around baby, all around
|
Posted: Sun Jun 27, 2004 4:51 pm Post subject: Computing |
|
|
Am o kestie aici.. in calculator...
Cum sa scap de SmartSearch? Este o chestie enervanta care se deschide automat cand deschid exploreru..cred ca numele spune tot.
Am incercat sa il detectez cu Search, cu rav online, cu Panda, cu Spyware, cu Adaware si nici unu nu il detecteaza! Deja ma scoate din sarite. Apropo, am cautat si in regedit si nici acolo nu am dat de el Mai am vreo sansa sa scap de el?
Cand am scanat cu hijack, apare o chestie dubioasa pe care il sterg mereu (caci is 100% sigura ca ala ii) dar mereu REapare!!! Imi vine sa ma inec.
Apropo, mereu ma infectez cu TimeSink si Onflow degeaba il sterg de 324 de ori!
Cine se pricepe, il rog sa imi zica ce sa sterg, ca io nu prea ma pricep apropo, ce ii cu Bold, ala ii cel cu pricina!
Logfile of HijackThis v1.97.7
Scan saved at 10:35:19 AM, on 6/27/2004
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\System32\Fmctrl.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Desktop Architect\datray.exe
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\svchost.exe
D:\mIRC\mirc32.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\shewanna1\Local Settings\Temp\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 62.231.124.193:3128
O1 - Hosts: 213.159.117.235 auto.search.msn.com
O2 - BHO: (no name) - {021BB032-80A8-4FB6-B3D5-CF27B1553B95} - C:\WINNT\mslagent\4b_1,0,1,0_mslagent.dll
O2 - BHO: (no name) - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files\Common Files\ReGet Shared\Catcher.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDB57890086B} - C:\WINNT\dial.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {FE6BC4EF-5676-484B-88AE-883323913256} - (no file)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [XPIcons] C:\Program Files\Camtech\XP Icons\XPIcons.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [FmctrlTray] Fmctrl.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Soundmx] \soundmx.exe
O4 - HKCU\..\Run: [WindowBlinds] C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe auto
O4 - HKCU\..\Run: [mslagent] C:\WINNT\mslagent\mslagent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Download using ReGet - C:\Program Files\Common Files\ReGet Shared\CC_Link.htm
O8 - Extra context menu item: Download All by Re&Get - C:\Program Files\Common Files\ReGet Shared\CC_All.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.rav.ro/scan/ravonline.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab _________________ Rap me tender coz im sensitive. |
|
Back to top |
|
|
Reclama
|
Posted: Post subject: Acorda-ne putina atentie |
|
|
|
|
Back to top |
|
|
virus silver member
Joined: 15 May 2003 Posts: 317 Location: Cluj-Napoca
|
Posted: Sun Jun 27, 2004 11:07 pm Post subject: |
|
|
Incearca sa stergi Temporalele, Hystory'ul si Internet Offline Files... Cauta in Add Remove Programs programe suspecte si dezinstaleaza'le, cauta in Programs Files programe suspecte (Foldere Suspecte) si sterge'le. Daca nici asa nu se opreste, sterge Windowsul si Programs Files, reinstaleaza Windowsul pe curat si inainte de a surfa pe Net, instaleaza'tzi un Antivirus Bun (vezi Symantec) si eventual un firewall. Nu mai intra pe site'uri suspecte sau warez... Bafta ! _________________ Time pays us only with a cold and silent grave. |
|
Back to top |
|
|
Alucard Vampire
Joined: 13 Feb 2004 Posts: 326 Location: Hellsing Mansion
|
Posted: Mon Jun 28, 2004 12:18 pm Post subject: |
|
|
cauta pe net CWshreder ... cu ala reusesti ... am avut aceeasi problema. _________________ Un altfel de Ghid PC |
|
Back to top |
|
|
FireEyes Gazda voastra
Joined: 12 May 2003 Posts: 3875 Location: Romania
|
Posted: Mon Jun 28, 2004 4:14 pm Post subject: |
|
|
safe mode, si da-i cu ad-aware pentru spy si ads
si ia un f-prot de dos , si da-i cu el in command prompt only mode la win. _________________ Mihaita
itbox - Telefoane Mobile - Bancuri - Jocuri - Radio Player |
|
Back to top |
|
|
Catalin Manelist Inrait
Joined: 12 May 2003 Posts: 912 Location: UVT-Timisoara/Tg-Jiu
|
Posted: Mon Jun 28, 2004 8:31 pm Post subject: |
|
|
reinstaleaza sistemul .. si dai un format la partitia cu windows`u _________________ Bine a zis , cine a zis , cand a zis si ce a zis ! |
|
Back to top |
|
|
Shewanna Sexy Biatch
Joined: 23 Nov 2003 Posts: 2100 Location: All around baby, all around
|
Posted: Mon Jun 28, 2004 9:11 pm Post subject: |
|
|
Haidatzi mey baieti, altceva mai simplu nu?
Uite am incercat cu CWshredder acela si nimic, e tot aici eu nu stiu sa fac numai chestii simplutze, nu stiu sa umblu prin dos, nu stiu nici macar sa reisntalez Windowsul.
Lasatzi, sper sa scap de el odata si odata.. _________________ Rap me tender coz im sensitive. |
|
Back to top |
|
|
skullpder silver member
Joined: 13 Dec 2003 Posts: 326 Location: Bucuresti
|
Posted: Mon Jun 28, 2004 9:16 pm Post subject: |
|
|
Aia de la Symantec se lauda ca pot sa-l scoata. Eventual daca te pricepi sa gadili registrii poti sa o faci manual, dedsi nu recomand.
citez:
For specific details on each of these steps, read the following instructions.
1. Updating the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.
2. Scanning for and deleting the files
Start your Symantec antivirus program and run a full system scan.
If any files are detected as Adware.SmartSearch, note their names (which will be helpful in step 3), and then click Delete.
--------------------------------------------------------------------------------
Note: If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.
--------------------------------------------------------------------------------
3. Resetting the Internet Explorer Home and Search pages
Start Microsoft Internet Explorer.
Click Tools, and then click Internet Options.
Select the Programs tab.
Click Reset Web Settings.
Make sure that the "Also reset my home page" option is checked.
Click Yes.
Click OK, and then click OK again.
This will reset the Internet Explorer Home and Search pages to their default settings.
4. Deleting the values from the registry
--------------------------------------------------------------------------------
WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
--------------------------------------------------------------------------------
Click Start, and then click Run. (The Run dialog box appears.)
Type regedit
Then click OK. (The Registry Editor opens.)
Navigate to the key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
In the right pane, delete the value:
"SystemEmergency"="<path to file detected as Adware.SmartSearch>"
Navigate to the key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunServices
In the right pane, delete the value:
"SystemEmergency"="<path to file detected as Adware.SmartSearch>"
Navigate to the key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionURLDefaultPrefix
In the right pane, restore the value:
"(Default)"
to its correct value. This value is normally "http://" (without quotes).
Navigate to the key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionURLPrefixes
In the right pane, restore the value:
"www"
to its correct value. This is normally "http://" (without quotes).
Navigate to the key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet Explorer
In the right pane, restore the values:
"Search"
"SearchURL"
to their correct values or delete them.
Navigate to the key:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerMain
In the right pane, restore the values:
"Start Page"
to its correct values or delete them.
Navigate to the key:
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet Explorer
In the right pane, restore the values:
"Search"
"SearchURL"
to their correct values or delete them.
Navigate to the key:
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerMain
In the right pane, restore the values:
"Default_Page_URL"
"Default_Search_URL"
"Search Bar"
to their correct values or delete them.
Exit the Registry Editor.
am incheiat citatul.
Esti sigura ca Ad-aware 6.0 cu update-ul la zi nu stie sa scoata kkt-ul asta? _________________ Cind oamenii sunt liberi sa faca ce vor, de obicei, se imita unul pe altul. |
|
Back to top |
|
|
Alucard Vampire
Joined: 13 Feb 2004 Posts: 326 Location: Hellsing Mansion
|
Posted: Tue Jun 29, 2004 12:07 pm Post subject: |
|
|
This is way to hard .
Mai incearca odata cu CW in safe mode. Vezi ca iti spune sa ai inchise toate browserele ... asa ca te-as sfatui sa il rulezi din start menu/run ... si debifeaza "move to recycle bin instead of deleting them" _________________ Un altfel de Ghid PC |
|
Back to top |
|
|
virus silver member
Joined: 15 May 2003 Posts: 317 Location: Cluj-Napoca
|
Posted: Wed Jun 30, 2004 12:20 pm Post subject: |
|
|
Reinstaleaza WinGoz'ul _________________ Time pays us only with a cold and silent grave. |
|
Back to top |
|
|
Catalin Manelist Inrait
Joined: 12 May 2003 Posts: 912 Location: UVT-Timisoara/Tg-Jiu
|
Posted: Wed Jun 30, 2004 1:25 pm Post subject: |
|
|
asa ziceam si eu virus`ule _________________ Bine a zis , cine a zis , cand a zis si ce a zis ! |
|
Back to top |
|
|
skullpder silver member
Joined: 13 Dec 2003 Posts: 326 Location: Bucuresti
|
Posted: Wed Jun 30, 2004 8:03 pm Post subject: |
|
|
LOL, bravo mah, o invatati de rau pe fata. Shewanna, iti zic io nu trebuie sa instalezi windozu, trebuie sa-ti cumperi alt calculator. _________________ Cind oamenii sunt liberi sa faca ce vor, de obicei, se imita unul pe altul. |
|
Back to top |
|
|
Shewanna Sexy Biatch
Joined: 23 Nov 2003 Posts: 2100 Location: All around baby, all around
|
Posted: Wed Jun 30, 2004 9:22 pm Post subject: |
|
|
Dragii mei baieti priceputi,
Va multumesc pentru sfautrile date, unele le-am incercat si fara rezultat, altele mi-e prea lene.. in viitor cand nu o sa imi fie atat de lene o sa le incerc pe toate. Intre timp am zis hai ca o vreme ma impac cu SmartSearch si il inghit. Se pare ca imi place din e in ce mai mult, m-am obisnuit cu el, nici nu ma mai deranjeaza
Calculatorul meu batran are 7 ani, si deci va datzi seama ca ii un ramolit. Mi-e tare drag. In viitor va trebui sa imi iau altul fi'dca batranu' nu stiu cat o sa mai duca, e plin de virusi n stuff
Mersic mey priceputzilor _________________ Rap me tender coz im sensitive. |
|
Back to top |
|
|
|