help :)
prosba do kogos kto ma troche wolnego czasu i duuuuzo cierpliwosci :)
przed paroma dniami sciagnelam sobie przypadkiem jakies spyware/adware, wyskoczyla czerwona tepeta, ze mam syware na dysku, komp zwiariowal, ale powalczylam z nimi juz troche, wiekszosc usunelam. tylko problem w tym,ze po pierwsze sa pliki ktore za nic nie chca sie usunac, a po drugie niektore uparcie pojawiaja sie pomimo ze je usuwam (np c:/windows/system32/guard.tmp ) do tego dochodzi blad programu VCMain.exe i VCClient.exe ktory wyskakuje przy uruchamianiu sysemu i brak mozliwosci zmiany tapety (odpowiednie przyciski we wlasciwosciach ekranu sa po prostu nieaktywne). nie wspomne juz o milionie reklam wyskakujacych na ekranie :) .
bylabym wdzieczna za pomoc, ale odrazu ostrzegam, ze jestem laikiem co do tego i prosilabym o instrukcje jak dla blondynki totalnej (ktora nie jestem :P ) pozdrawiam
przed paroma dniami sciagnelam sobie przypadkiem jakies spyware/adware, wyskoczyla czerwona tepeta, ze mam syware na dysku, komp zwiariowal, ale powalczylam z nimi juz troche, wiekszosc usunelam. tylko problem w tym,ze po pierwsze sa pliki ktore za nic nie chca sie usunac, a po drugie niektore uparcie pojawiaja sie pomimo ze je usuwam (np c:/windows/system32/guard.tmp ) do tego dochodzi blad programu VCMain.exe i VCClient.exe ktory wyskakuje przy uruchamianiu sysemu i brak mozliwosci zmiany tapety (odpowiednie przyciski we wlasciwosciach ekranu sa po prostu nieaktywne). nie wspomne juz o milionie reklam wyskakujacych na ekranie :) .
bylabym wdzieczna za pomoc, ale odrazu ostrzegam, ze jestem laikiem co do tego i prosilabym o instrukcje jak dla blondynki totalnej (ktora nie jestem :P ) pozdrawiam
Odpowiedzi: 3
wiem, ze FAQ jest, ale moj problem polega na tym,ze ja nie do konca rozumiem i tak co mam zrobic :P, bo w zyciu takimi rzeczami sie nie zajmowalam. dlatego prosze o cierpliwosc w tlumaczeniu krok po kroku co mam robic. HijackThis juz mam, oto co mi napisal :]
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Program Files\Messenger\msmsgs.exe
D:\szkółka ukochana\WordWeb\wweb32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\agata\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 – REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll (file missing)
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 – HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 – HKCU\..\Run: [qwzu] C:\PROGRA~1\COMMON~1\qwzu\qwzum.exe
O4 – Startup: WordWeb.lnk = ?
O8 – Extra context menu item: Download All by FlashGet – C:\PROGRA~1\FLASHGET\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\PROGRA~1\FLASHGET\jc_link.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O17 – HKLM\System\CCS\Services\Tcpip\..\{4EC081B2–3FDB–4D46–9FC3–B068F622EFED}: NameServer = 194.204.159.1,194.204.152.34
O20 – Winlogon Notify: IPConfTSP – C:\WINDOWS\system32\en4sl1h71.dll (file missing)
O23 – Service: hpdj – HP – C:\DOCUME~1\agata\USTAWI~1\Temp\hpdj.exe
O23 – Service: InCD Helper (InCDsrv) – Ahead Software AG – C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 – Service: Panda Pavkre (Pavkre) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 – Service: Panda PavProt (PavProt) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 – Service: Panda Preventium+ Service (PREVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
co dalej? /nie lubie robic z siebie debila, ale niestety tutaj nie mam wyjscia.../
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\Program Files\Messenger\msmsgs.exe
D:\szkółka ukochana\WordWeb\wweb32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Gadu–Gadu\gg.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Documents and Settings\agata\Pulpit\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F3 – REG:win.ini: run=C:\WINDOWS\inet20003\services.exe
F2 – REG:system.ini: UserInit=C:\WINDOWS\regedit /s C:\pav.reg,C:\WINDOWS\System32\pavdr.exe,C:\WINDOWS\System32\userinit.exe,
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O3 – Toolbar: FlashGet Bar – {E0E899AB–F487–11D5–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\fgiebar.dll (file missing)
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 – HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd.exe
O4 – HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 – HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett–Packard\Digital Imaging\bin\hpotdd01.exe
O4 – HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 – HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 – HKCU\..\Run: [qwzu] C:\PROGRA~1\COMMON~1\qwzu\qwzum.exe
O4 – Startup: WordWeb.lnk = ?
O8 – Extra context menu item: Download All by FlashGet – C:\PROGRA~1\FLASHGET\jc_all.htm
O8 – Extra context menu item: Download using FlashGet – C:\PROGRA~1\FLASHGET\jc_link.htm
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 – Extra button: FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O9 – Extra 'Tools' menuitem: &FlashGet – {D6E814A0–E0C5–11d4–8D29–0050BA6940E3} – C:\PROGRA~1\FLASHGET\flashget.exe
O17 – HKLM\System\CCS\Services\Tcpip\..\{4EC081B2–3FDB–4D46–9FC3–B068F622EFED}: NameServer = 194.204.159.1,194.204.152.34
O20 – Winlogon Notify: IPConfTSP – C:\WINDOWS\system32\en4sl1h71.dll (file missing)
O23 – Service: hpdj – HP – C:\DOCUME~1\agata\USTAWI~1\Temp\hpdj.exe
O23 – Service: InCD Helper (InCDsrv) – Ahead Software AG – C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Panda Firewall Service (PAVFIRES) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 – Service: Panda Function Service (PAVFNSVR) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 – Service: Panda Pavkre (Pavkre) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 – Service: Panda PavProt (PavProt) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 – Service: Panda Process Protection Service (PavPrSrv) – Panda Software – C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 – Service: Panda anti–virus service (PAVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 – Service: Panda Preventium+ Service (PREVSRV) – Panda Software – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 – Service: Panda IManager Service (PSIMSVC) – Panda Software Internacional – C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
O23 – Service: SymWMI Service (SymWSC) – Symantec Corporation – C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
co dalej? /nie lubie robic z siebie debila, ale niestety tutaj nie mam wyjscia.../
Istnieje jeszcze na tym forum FAQ?? Zdaje mi sie źe tak
http://forum.centrumxp.pl/viewtopic.php?t=33126
http://forum.centrumxp.pl/viewtopic.php?t=33126
Wklej loga z programu hijackthis. Instrukcja jest w tym dziale :)
Strona 1 / 1