GRY-Online.pl --> Archiwum Forum

spyware ktorego nie moge usunac

16.03.2005
20:33
smile
[1]

amoreg1234 [ użytkownik ]

spyware ktorego nie moge usunac

kiedy skanuje sobie kompa ad-awarem to wykrywa mi tam troche tego syfu (w rejestrze) i kiedy chce to usunac - proces zatrzymuje sie (tak na 1/3 paska) i nic sie nie dzieje, nie moge nic zrobic

to samo staje sie kiedy skanuje spy-botem

jest jakis inny sposob ?

ps : jezeli powiecie mi o HJT to przy okazji dajcie mi jakies forum gdzie mi ktos powie co mam wywalic konkretnie :)

16.03.2005
21:08
[2]

amoreg1234 [ użytkownik ]

ap

16.03.2005
22:05
smile
[3]

Gayardo [ Konsul ]

usun ad-aware i zainstaluj innego antuwirusa albo nowasza wersje ad-aware

16.03.2005
22:18
[4]

amoreg1234 [ użytkownik ]

to nic nie da - kazdy inny program reaguje tak samo na te COOLWEBSEARCH

16.03.2005
22:51
[5]

Bilbo_B [ crazy Hobbit ]

A próbowałes CWS Shredder ??
https://nowe.pl/modules/mydownloads/singlefile.php?cid=31&lid=177

Wypowiedź została zmodyfikowana przez jej autora [2005-03-16 22:47:53]

16.03.2005
22:52
[6]

negroz [ ]

zawsze ostatecznie można format - zawsze działa :)

16.03.2005
23:17
[7]

fanlegii79 [ Konsul ]

po pierwsze to dzialaj w trybie awaryjnym
po drugie to spy-bot
po trzecie cws
po czwarte to hjt, wklej na tym ofrum mysle ze ktos ci pomoze. Ja zerkne jak nie zapomne.

17.03.2005
12:44
[8]

amoreg1234 [ użytkownik ]

Logfile of HijackThis v1.99.1
Scan saved at 12:42:45, on 2005-03-17
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = https://targetclicks.net/srch.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://searchmaid.com/bar/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.searchmaid.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.searchmaid.com/search.php?qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.searchmaid.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.searchmaid.com/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = https://www.searchmaid.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = https://www.searchmaid.com/
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: AcroIEHlprObj Class - ‹06849E9F-C8D7-4D59-B87D-784B7D6BE0B3› - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Name - ‹4D57E5E1-2928-44FC-A4B1-44C9D0D11A71› - C:\WINDOWS\System32\msnql.dll (file missing)
O2 - BHO: IeCatch2 Class - ‹A5366673-E8CA-11D3-9CD9-0090271D075B› - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - ‹BDF3E430-B101-42AD-A544-FADC6B084872› - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - ‹C333CF63-767F-4831-94AC-E683D962C63C› - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: FlashGet Bar - ‹E0E899AB-F487-11D5-8D29-0050BA6940E3› - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: FreshBar - ‹06ABAA2D-34AB-4902-A326-409BD9B9A7A5› - C:\WINDOWS\System32\docntrop.dll
O3 - Toolbar: Norton AntiVirus - ‹42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6› - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - ‹8E718888-423F-11D2-876E-00A0C9082467› - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Virtual Maid - ‹77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C› - C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - ‹08B0E5C0-4FCB-11CF-AAA5-00401C608501› - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - ‹08B0E5C0-4FCB-11CF-AAA5-00401C608501› - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: FlashGet - ‹D6E814A0-E0C5-11d4-8D29-0050BA6940E3› - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - ‹D6E814A0-E0C5-11d4-8D29-0050BA6940E3› - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Microsoft AntiSpyware helper - ‹37861E4A-288D-4C65-90F4-9391A0D0786F› - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - ‹37861E4A-288D-4C65-90F4-9391A0D0786F› - (no file) (HKCU)
O16 - DPF: ‹6414512B-B978-451D-A0D8-FCFDF33E833C› (WUWebControl Class) - https://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110385657081
O17 - HKLM\System\CCS\Services\Tcpip\..\‹91F7856C-03E1-489D-B9ED-D787C55BCEBE›: NameServer = 69.50.184.84,195.225.176.37
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe







zrobilem to co pisales i zamieszczam loga , moglby ktos rzucic okiem ? ?

17.03.2005
16:05
[9]

amoreg1234 [ użytkownik ]

17.03.2005
16:08
smile
[10]

Babiczka [ Konsul ]

spy-sweeper zalatwi sprawe !

17.03.2005
16:23
[11]

amoreg1234 [ użytkownik ]

niestety nie zalatwi ;)

17.03.2005
16:45
[12]

fanlegii79 [ Konsul ]

Po pierwsze wyglada mi to na cws.about blanc czy jak mu tam. Otiwerasz ie a tam stronka mimo ze w pasku adresu jest about blank. Go sie da wykurzyc chyba tylko cwshredder. Linie do sksowania maja s na pocztku, te z o na poczatku to tez raczej mzona chyba ze wiesz co to za soft

sR1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = https://targetclicks.net/srch.php?qq=%s
sR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
sR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
sR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://searchmaid.com/bar/index.html
sR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
sR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.searchmaid.com/
sR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.searchmaid.com/search.php?qq=%s
sR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
sR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
sR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.searchmaid.com/
sR1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = about:blank
sR1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
sR1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
sR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
sR0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
sR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.searchmaid.com/search.php?qq=%s
sR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = https://www.searchmaid.com/
sR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = https://www.searchmaid.com/
F2 - REG:system.ini: Shell=explorer.exe, msmsgs.exe
O2 - BHO: AcroIEHlprObj Class - ‹06849E9F-C8D7-4D59-B87D-784B7D6BE0B3› - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
sO2 - BHO: Name - ‹4D57E5E1-2928-44FC-A4B1-44C9D0D11A71› - C:\WINDOWS\System32\msnql.dll (file missing)
O2 - BHO: IeCatch2 Class - ‹A5366673-E8CA-11D3-9CD9-0090271D075B› - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: NAV Helper - ‹BDF3E430-B101-42AD-A544-FADC6B084872› - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: TGTSoft Explorer Toolbar Changer - ‹C333CF63-767F-4831-94AC-E683D962C63C› - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dll
O3 - Toolbar: FlashGet Bar - ‹E0E899AB-F487-11D5-8D29-0050BA6940E3› - C:\PROGRA~1\FLASHGET\fgiebar.dll
sO3 - Toolbar: FreshBar - ‹06ABAA2D-34AB-4902-A326-409BD9B9A7A5› - C:\WINDOWS\System32\docntrop.dll
O3 - Toolbar: Norton AntiVirus - ‹42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6› - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - ‹8E718888-423F-11D2-876E-00A0C9082467› - C:\WINDOWS\System32\msdxm.ocx
sO3 - Toolbar: Virtual Maid - ‹77B2F8DE-CB3F-4b6b-839B-807DD1ADBA1C› - C:\PROGRA~1\VIRTUA~1\VIRTUA~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksport do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - ‹08B0E5C0-4FCB-11CF-AAA5-00401C608501› - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - ‹08B0E5C0-4FCB-11CF-AAA5-00401C608501› - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: FlashGet - ‹D6E814A0-E0C5-11d4-8D29-0050BA6940E3› - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - ‹D6E814A0-E0C5-11d4-8D29-0050BA6940E3› - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Microsoft AntiSpyware helper - ‹37861E4A-288D-4C65-90F4-9391A0D0786F› - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - ‹37861E4A-288D-4C65-90F4-9391A0D0786F› - (no file) (HKCU)
oO16 - DPF: ‹6414512B-B978-451D-A0D8-FCFDF33E833C› (WUWebControl Class) - https://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1110385657081
O17 - HKLM\System\CCS\Services\Tcpip\..\‹91F7856C-03E1-489D-B9ED-D787C55BCEBE›: NameServer = 69.50.184.84,195.225.176.37
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\System32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\System32\vmnat.exe

i to by bylo na tyle. osbiscie mialem koma na ktorym byl miedzy innymi cws. about blank i skonczylo sie reinstalka.
BTW. dzial ci ten antyvirus?

17.03.2005
16:46
[13]

fanlegii79 [ Konsul ]

No tak zostalo jedno o i tak w dodatku w zlym miejscu. Oczywsice winupdate nie wycinaj.

17.03.2005
17:47
[14]

amoreg1234 [ użytkownik ]

ok zaraz powyrzucam

a zapomnialem dodac to co najdziwniejesze, ze najnowszy CWS mi NIC NIE ZNAJDUJE :/

masz na mysli nortona ?? dziala ;]

© 2000-2025 GRY-OnLine S.A.