GRY-Online.pl --> Archiwum Forum

Problem z virusem.

11.10.2005
16:26
[1]

kamil_kriss [ fIgHtInG dReAmEr ]

Problem z virusem.

Kiedyś miałałem wirusa :D, ale nie usunąłem go chyba do końca, bo nie mogę używac menedżera zadań, bo pisze, że "został zablokowany, przez administratora" i nie moge zmienic tapety na pulpicie.

Log z HiJacka:

Logfile of HijackThis v1.99.1
Scan saved at 16:22:28, on 2005-10-11
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINXP\System32\smss.exe
D:\WINXP\system32\winlogon.exe
D:\WINXP\system32\services.exe
D:\WINXP\system32\lsass.exe
D:\WINXP\System32\Ati2evxx.exe
D:\WINXP\system32\svchost.exe
D:\WINXP\System32\svchost.exe
D:\WINXP\system32\spoolsv.exe
D:\Program Files\AVPersonal\AVGUARD.EXE
D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\Program Files\Microsoft SQL Server\MSSQL$INSERTGT\Binn\sqlservr.exe
D:\Program Files\usr\MYSQL\bin\mysqld.exe
D:\WINXP\system32\srxTitan.exe
D:\WINXP\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINXP\System32\UAService7.exe
D:\WINXP\system32\ZONELABS\vsmon.exe
D:\WINXP\system32\Ati2evxx.exe
D:\WINXP\Explorer.EXE
D:\WINXP\SOUNDMAN.EXE
D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\AVPersonal\AVGNT.EXE
D:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Program Files\PLANET\Plannet Wireless Lan Configure Utility\RtlWake.exe
D:\Program Files\Weatherscope\Weatherscope.exe
D:\Program Files\WhenUSearch\Search.exe
D:\Program Files\BullsEye Network\bin\bargains.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Gadu-Gadu\gg.exe
D:\Program Files\Peer2Mail\P2M.exe
D:\WINXP\System32\SLEE81.exe
D:\WINXP\System32\SLEE503.exe
D:\Program Files\Steganos Security Suite 6\sss.exe
D:\Program Files\Steganos Security Suite 6\spm.exe
D:\Program Files\Steganos Security Suite 6\safe.exe
D:\Stary dysk\SPRAWY KAMILA.Ł NIE WCHODŹ\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.o2.pl/
O2 - BHO: IE 4.x-5.x BHO in ObjectPascal - ‹49E0E0F0-5C30-11D4-945D-000000000000› - D:\PROGRA~1\MarBit\TOOLS\IEHelper.dll (file missing)
O2 - BHO: (no name) - ‹53707962-6F74-2D53-2644-206D7942484F› - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Plugin Class - ‹56CD20F0-7C09-11D5-A768-0050042307CE› - C:\PlayerIE\playerIE.dll
O2 - BHO: (no name) - ‹A5366673-E8CA-11D3-9CD9-0090271D075B› - (no file)
O2 - BHO: WhenUSearch Helper - ‹BA2325ED-F9EB-4830-8FCE-0BC35B16969B› - D:\Program Files\WhenUSearch\search.dll
O2 - BHO: ADP UrlCatcher Class - ‹F4E04583-354E-4076-BE7D-ED6A80FD66DA› - D:\WINXP\System32\msbe.dll
O3 - Toolbar: (no name) - ‹62999427-33FC-4baf-9C9C-BCE6BD127F08› - (no file)
O3 - Toolbar: Steganos Internet Anonym - ‹00000000-5736-4205-0008-781cd0e19f00› - d:\program files\steganos internet anonym pro 7\siapro7iep.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVGCtrl] D:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [ATICCC] "D:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [wpkontakt] D:\Program Files\Wirtualna Polska\wpkontakt\wpkontakt.exe -autostart
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SSS7] "D:\Program Files\Steganos Security Suite 7\SSS7.exe" -boot
O4 - HKCU\..\Run: [SSS6_Suite] "D:\Program Files\Steganos Security Suite 6\sss.exe" /booting
O4 - HKCU\..\Run: [SSS6_SAFE] "D:\Program Files\Steganos Security Suite 6\safe.exe" /booting
O4 - HKCU\..\Run: [SSS6_SPM] "D:\Program Files\Steganos Security Suite 6\spm.exe" /booting
O4 - Global Startup: WL-8303.lnk = ?
O4 - Global Startup: Weatherscope.lnk = D:\Program Files\Weatherscope\Weatherscope.exe
O4 - Global Startup: PLANET WL-8303.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Download All by FlashGet - D:\PROGRA~1\FLASHG~1\jc_all.htm
O8 - Extra context menu item: Download all by Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download using FlashGet - D:\PROGRA~1\FLASHG~1\jc_link.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://D:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Internet TOOLS - D:\Program Files\MarBit\TOOLS\MBdownload.htm
O8 - Extra context menu item: Download with NetPumper - D:\Program Files\NetPumper_3\AddUrl.htm
O9 - Extra button: SideFind - ‹10E42047-DEB9-4535-A118-B3F6EC39B807› - D:\Program Files\SideFind\sidefind.dll
O9 - Extra button: Run DAP - ‹669695BC-A811-4A9D-8CDF-BA8C795F261C› - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: FlashGet - ‹D6E814A0-E0C5-11d4-8D29-0050BA6940E3› - D:\PROGRA~1\FLASHG~1\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - ‹D6E814A0-E0C5-11d4-8D29-0050BA6940E3› - D:\PROGRA~1\FLASHG~1\flashget.exe
O12 - Plugin for .ace: D:\Program Files\Opera\PLUGINS\NPNetPumper_Application.dll
O12 - Plugin for .exe: D:\Program Files\Opera\PLUGINS\NPNetPumper_Application.dll
O12 - Plugin for .gz: D:\Program Files\Opera\PLUGINS\NPNetPumper_Application.dll
O12 - Plugin for .rar: D:\Program Files\Opera\PLUGINS\NPNetPumper_Application.dll
O12 - Plugin for .zip: D:\Program Files\Opera\PLUGINS\NPNetPumper_Application.dll
O12 - Plugin for ôĺ: D:\Program Files\Opera\PLUGINS\NPNetPumper_Application.dll
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted IP range: 213.159.117.202
O15 - Trusted IP range: 213.159.117.202 (HKLM)
O16 - DPF: ‹31B7EB4E-8B4B-11D1-A789-00A0CC6651A8› (Cult3D ActiveX Player) - https://www.cult3d.com/download/cult.cab
O16 - DPF: ‹39B0684F-D7BF-4743-B050-FDC3F48F7E3B› (FilePlanet Download Control Class) - https://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: ‹F54C1137-5E34-4B95-95A5-BA56D4D8D743› (Secure Delivery) - https://www.gamespot.com/KDX22/download/kdx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\‹F86CD0BF-72B9-464D-BE2C-D85778B1C85D›: NameServer = 194.204.159.1,194.204.152.34
O18 - Protocol: wpmsg - ‹2E0AC5A0-3597-11D6-B3ED-0001021DC1C3› - D:\Program Files\Wirtualna Polska\wpkontakt\url_wpmsg.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINXP\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINXP\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - D:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Boonty Games - BOONTY - D:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: MySql - Unknown owner - D:\Program Files\usr/MYSQL/bin/mysqld.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINXP\System32\nvsvc32.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] (SLEE_503_SERVICE) - Unknown owner - D:\WINXP\System32\SLEE503.exe
O23 - Service: Steganos Live Encryption Engine 8.1 [Service] (SLEE_81_SERVICE) - Unknown owner - D:\WINXP\System32\SLEE81.exe
O23 - Service: Titan FTP Server Daemon (SRTSERVERDAEMON) - Unknown owner - D:\WINXP\system32\srxTitan.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - D:\WINXP\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - D:\WINXP\system32\ZONELABS\vsmon.exe

Co z tego mogę usunąc?

11.10.2005
16:36
[2]

kamil_kriss [ fIgHtInG dReAmEr ]

UPik

11.10.2005
16:55
smile
[3]

...<+DeskA+>... [ Pretorianin ]

KAPCIEM GO!!!!!!!!!:P

11.10.2005
17:38
smile
[4]

kamil_kriss [ fIgHtInG dReAmEr ]

Ale śmieszne....

11.10.2005
17:48
smile
[5]

MasterDD [ :-D ]

Menedzara i inne tego typu blokuje sie prgramami albo w rejestrze.
Jezeli to program - moze masz trojana, albo ktos sie z Toba bawi.

Dla pewnosci sprawdz w rejestrze.
Zobacz czy masz jakies wartosci w tych kluczach :

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Network
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer

Start => Uruchom > regedit

11.10.2005
18:04
smile
[6]

kamil_kriss [ fIgHtInG dReAmEr ]

MasterDD ---> Dzięki, już wszystko działa :P

11.10.2005
18:07
smile
[7]

MasterDD [ :-D ]

W sumie nie ma za co ;)

A mozna wiedziec co bylo?

11.10.2005
19:29
smile
[8]

szuru-buru [ Pretorianin ]

Format C: --->>>>> to jest moja rada (najlepszy sposub na wirusy)!!

11.10.2005
19:38
[9]

kamil_kriss [ fIgHtInG dReAmEr ]

MasterDD -----> Można, jakieś cosie związane z pulpitem (nazwa desktop) i rózne inne nie pamiętam jakie.... ale w sumei to było tego z 6.... aha i nie miałem niektórych "folderów" w rejestrze np. Network

© 2000-2025 GRY-OnLine S.A.