DLACZEGO NIE CHCE PRZESKANOWAC SYSTEMU?

IP: *.aster.pl 25.07.05, 19:03
Chciałem przeskanowac system pod katem intruzów. W trakcie skanowania
microsoft antispywarem zatrzymuje sie na pliku hotbar.
Próbowałem zatem z mks- vir nie może pobrać bazy danych. Do niedawna nie
było problemu.
Mam Windows XP

Załączam też log

Logfile of HijackThis v1.99.1
Scan saved at 19:02:05, on 2005-07-25
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\brss01a.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\DelFin\PromulGate\PgMonitr.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\AVerTV2K\QuickTV.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
A:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.onet.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-
3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} -
C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} -
C:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL (file missing)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} -
C:\Program Files\MediaLoads Enhanced\ME2.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar2.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar2.dll
O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll
O4 - HKLM\..\Run: [PromulGate] "C:\Program
Files\DelFin\PromulGate\PgMonitr.exe"
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common
files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
lang 1033
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NetDy] C:\WINDOWS\VisualGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV2K\QuickTV.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: komentator - sport.onet.pl/komentator.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
software-dl.real.com/26b2d3b55dcc6839f105/netzip/RdxIE601.cab
O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj) -
installs.hotbar.com/installs/hotbar/programs/hotbar.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) -
launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) -
czat.onet.pl/client/kalambury/NetPunGame1.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) -
install.premiumzone.de/StarInstall.ocx
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program
Files\AntiVirenKit\AVKService.exe (file missing)
O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program
Files\AntiVirenKit\AVKWCtl.exe (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries
Ltd - C:\WINDOWS\System32\brsvc01a.exe
O23
    • neder Re: DLACZEGO NIE CHCE PRZESKANOWAC SYSTEMU? 25.07.05, 19:16
      start w awaryjny, usuwasz z dysku:
      > poprzez dodaj/usuń programy-> hotbar, MyWay, recommended hotfix, instalowałes
      google toolbar? jak nie to wywalasz.
      > VisualGuard.exe -> z C:\WINDOWS\-> opis masz
      tutaj:securityresponse.symantec.com/avcenter/venc/data/w32.netsky.w@mm.html


      w HJ usuwasz:
      > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      > resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.htm
      > R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-
      > 3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
      > O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} -
      > C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
      > O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} -
      > C:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL (file missing)
      > O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
      > Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
      > O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
      > Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll
      > O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
      > C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
      > O4 - HKLM\..\Run: [NetDy] C:\WINDOWS\VisualGuard.exe
      > O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -
      > C:\WINDOWS\web\related.htm
      > O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-
      > 00aa003c157a} - C:\WINDOWS\web\related.htm


      reset i nowy log
    • Gość: Kolobos Re: DLACZEGO NIE CHCE PRZESKANOWAC SYSTEMU? IP: *.warszawa.sdi.tpnet.pl 25.07.05, 19:18
      Log sie nie zmiescil...

      Tutaj masz cos na hotbar:
      www.softpedia.com/get/Internet/Popup-Ad-Spyware-Blockers/HotBar-Adware-Removal-Tool.shtml

      Kasujesz to:

      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      resultsmaster.com/SmartOffers/Services/resultsmaster/ResultsMasterHomeLeftPane.h
      tm
      R3 - URLSearchHook: PerfectNavBHO Class - {00D6A7E7-4A97-456f-848A-
      3B75BF7554D7} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
      O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} -
      C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL (file missing)
      O2 - BHO: Recommended Hotfix - {0421701D-CF13-4E70-ADF0-45A953E7CB8B} -
      C:\Program Files\Recommended Hotfix - 421701D\v15\RH.DLL (file missing)
      O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program
      Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
      O2 - BHO: MediaLoads Enhanced - {85A702BA-EA8F-4B83-AA07-07A5186ACD7E} -
      C:\Program Files\MediaLoads Enhanced\ME2.DLL <- kasujesz caly katalog
      O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
      Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll <- kasujesz caly katalog
      O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -
      C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing) <- to samo
      O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program
      Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll
      O4 - HKLM\..\Run: [PromulGate] "C:\Program
      Files\DelFin\PromulGate\PgMonitr.exe" <- usuwasz caly katalog
      O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common
      files\SearchUpgrader\SearchUpgrader.exe <- to samo
      O4 - HKLM\..\Run: [NetDy] C:\WINDOWS\VisualGuard.exe <- kasujesz plik
      O16 - DPF: {69FD62B1-0216-4C31-8D55-840ED86B7C8F} (HbInstObj) -
      installs.hotbar.com/installs/hotbar/programs/hotbar.cab
      O16 - DPF: {E0B795B4-FD95-4ABD-A375-27962EFCE8CF} (StarInstall Control) -
      install.premiumzone.de/StarInstall.ocx

      Jakby jakiegos dll'a nie dalo sie usunac to wyrejestruj go tak:
      regsvr32 /u C:\jakistam\plik.dll

      Po usunieciu przeskanuj tym:
      download.ewido.net/ewido-setup.exe
      I ponownie MS AntiSpyware.
      • Gość: andrzej Re: DLACZEGO NIE CHCE PRZESKANOWAC SYSTEMU? IP: *.aster.pl 25.07.05, 22:18
        wielkie dzięki. Aktualny log- rzućcie okiem.

        Logfile of HijackThis v1.99.1
        Scan saved at 22:16:18, on 2005-07-25
        Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\brsvc01a.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\System32\brss01a.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\System32\ctfmon.exe
        C:\WINDOWS\System32\cisvc.exe
        C:\Program Files\ewido\security suite\ewidoctrl.exe
        C:\Program Files\ewido\security suite\ewidoguard.exe
        C:\Program Files\D-Tools\daemon.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
        C:\Program Files\AVerTV2K\QuickTV.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
        C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
        C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
        C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
        C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
        C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\Documents and Settings\Andrew\Pulpit\antywirusowe\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
        D:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
        C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -
        lang 1033
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
        Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
        atboottime
        O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
        AntiSpyware\gcasServ.exe"
        O4 - Global Startup: hp psc 1000 series.lnk = ?
        O4 - Global Startup: hpoddt01.exe.lnk = ?
        O4 - Global Startup: QuickTV.lnk = C:\Program Files\AVerTV2K\QuickTV.exe
        O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
        res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
        O9 - Extra button: Badanie - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
        C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
        O16 - DPF: komentator - sport.onet.pl/komentator.cab
        O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) -
        software-dl.real.com/26b2d3b55dcc6839f105/netzip/RdxIE601.cab
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
        www.pandasoftware.com/activescan/as5/asinst.cab
        O16 - DPF: {AB8638BB-79E8-4E9D-ABF2-8F33054E3941} (Guesser Class) -
        czat.onet.pl/client/kalambury/NetPunGame1.dll
        O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) -
        games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
        O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
        bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32
        \Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: AVK Service (AVKService) - Unknown owner - C:\Program
        Files\AntiVirenKit\AVKService.exe (file missing)
        O23 - Service: Strażnik AVK (AVKWCtl) - Unknown owner - C:\Program
        Files\AntiVirenKit\AVKWCtl.exe (file missing)
        O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd -
        C:\WINDOWS\System32\brsvc01a.exe
        O23 - Service: ewido security suite control - ewido networks - C:\Program
        Files\ewido\security suite\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - C:\Program
        Files\ewido\security suite\ewidoguard.exe
        O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program
        Files\iPod\bin\iPodService.exe
        O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies -
        C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
        O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

        • Gość: Kolobos Re: DLACZEGO NIE CHCE PRZESKANOWAC SYSTEMU? IP: *.warszawa.sdi.tpnet.pl 25.07.05, 22:21
          Wyglada ok.
Pełna wersja