Problem z Media Access
Usunalem Media Acces za pomoca spyware Doctor'a ale co zrobie skan to wykrywa mi 92 infekcje naprawia i znowu to samo. Log z Hijacka spawdzilem na poleconej stronce i wyglada w miare czysto.
Logfile of HijackThis v1.99.1
Scan saved at 9:34:26 PM, on 1/28/2006
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Hewlett–Packard\HP Share–to–Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\TaskBar\CTLTray.exe
C:\Program Files\Creative\TaskBar\CTLTask.exe
C:\Program Files\Hewlett–Packard\HP Share–to–Web\hpgs2wnf.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\SolidWorks\swScheduler\swBOEngine.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\awaria\HijackThis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: PCTools Site Guard – {5C8B2A36–3DB1–42A4–A3CB–D426709BBFEB} – C:\PROGRA~1
\SPYWAR~1\tools\iesdsg.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: AcroIEToolbarHelper Class – {AE7CD045–E861–484f–8273–0445EE161910} –
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 – BHO: PCTools Browser Monitor – {B56A7D7D–6927–48C8–A975–17DF180C71AC} –
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 – Toolbar: Adobe PDF – {47833539–D0C5–4125–9FA8–0819E2EAAC93} – C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 – HKLM\..\Run: [Share–to–Web Namespace Daemon] C:\Program Files\Hewlett–Packard\HP
Share–to–Web\hpgs2wnd.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
–Delay
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
O4 – HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
O4 – HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 – Startup: PowerReg Scheduler.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 – Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie
Software\MemTurbo\MemTurbo.exe
O4 – Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0
\Distillr\acrotray.exe
O4 – Global Startup: SolidWorks Task Scheduler Engine.lnk =
D:\SolidWorks\swScheduler\swBOEngine.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} –
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} –
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program
Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683}
– C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation
Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) –
http://www.cult3d.com/download/cult.cab
O16 – DPF: {78AF2F24–A9C3–11D3–BF8C–0060B0FCC122} (AcDcToday Control) –
file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 – DPF: {A3009861–330C–4E10–822B–39D16EC8829D} (CRAVOnline Object) –
http://www.ravantivirus.com/scan/ravonline.cab
O16 – DPF: {AE563720–B4F5–11D4–A415–00108302FDFD} (NOXLATE–BANR) – file://C:\Program
Files\AutoCAD 2002\InstBanr.ocx
O16 – DPF: {B8BE5E93–A60C–4D26–A2DC–220313175592} (ZoneIntro Class) –
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 – DPF: {C6637286–300D–11D4–AE0A–0010830243BD} (InstaFred) – file://C:\Program
Files\AutoCAD 2002\InstFred.ocx
O16 – DPF: {F281A59C–7B65–11D3–8617–0010830243BD} (AcPreview Control) –
file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 – HKLM\System\CCS\Services\Tcpip\..\{02BF9870–EC8E–42E7–A31F–9F86702AC7F4}:
NameServer = 192.168.1.1
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\PROGRAM
FILES\AVPERSONAL\AVGUARD.EXE
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32
\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany –
C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 – Service: C–DillaSrv – C–Dilla Ltd – C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd –
C:\WINDOWS\System32\CTsvcCDA.exe
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – C:\Program
Files\iPod\bin\iPodService.exe
O23 – Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) – Unknown owner – C:\Program
Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" –sSQLEXPRESS (file missing)
O23 – Service: PC Tools Spyware Doctor (SDhelper) – PC Tools – C:\Program Files\Spyware
Doctor\sdhelp.exe
O23 – Service: SolidWorks SolidNetWork License Manager – Unknown owner –
C:\Flexlm\SolidWorks 2005 SolidNetWork License Manager\lmgrd.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 9:34:26 PM, on 1/28/2006
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Hewlett–Packard\HP Share–to–Web\hpgs2wnd.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Creative\TaskBar\CTLTray.exe
C:\Program Files\Creative\TaskBar\CTLTask.exe
C:\Program Files\Hewlett–Packard\HP Share–to–Web\hpgs2wnf.exe
C:\Program Files\Silicon Prairie Software\MemTurbo\MemTurbo.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
D:\SolidWorks\swScheduler\swBOEngine.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\awaria\HijackThis\HijackThis.exe
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = L1cza
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 – BHO: PCTools Site Guard – {5C8B2A36–3DB1–42A4–A3CB–D426709BBFEB} – C:\PROGRA~1
\SPYWAR~1\tools\iesdsg.dll
O2 – BHO: SSVHelper Class – {761497BB–D6F0–462C–B6EB–D4DAF1D92D43} – C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O2 – BHO: AcroIEToolbarHelper Class – {AE7CD045–E861–484f–8273–0445EE161910} –
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 – BHO: PCTools Browser Monitor – {B56A7D7D–6927–48C8–A975–17DF180C71AC} –
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 – Toolbar: Adobe PDF – {47833539–D0C5–4125–9FA8–0819E2EAAC93} – C:\Program
Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control
Panel\atiptaxx.exe
O4 – HKLM\..\Run: [Share–to–Web Namespace Daemon] C:\Program Files\Hewlett–Packard\HP
Share–to–Web\hpgs2wnd.exe
O4 – HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" –atboottime
O4 – HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 – HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
–Delay
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\TaskBar\CTLTray.exe"
O4 – HKCU\..\Run: [TaskBar] "C:\Program Files\Creative\TaskBar\CTLTask.exe"
O4 – HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 – Startup: PowerReg Scheduler.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 – Global Startup: MemTurbo.lnk = C:\Program Files\Silicon Prairie
Software\MemTurbo\MemTurbo.exe
O4 – Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0
\Distillr\acrotray.exe
O4 – Global Startup: SolidWorks Task Scheduler Engine.lnk =
D:\SolidWorks\swScheduler\swBOEngine.exe
O9 – Extra button: (no name) – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} – C:\Program
Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra 'Tools' menuitem: Sun Java Console – {08B0E5C0–4FCB–11CF–AAA5–00401C608501} –
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} –
C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program
Files\Messenger\msmsgs.exe
O9 – Extra 'Tools' menuitem: Windows Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683}
– C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {17492023–C23A–453E–A040–C7C580BBF700} (Windows Genuine Advantage Validation
Tool) – http://go.microsoft.com/fwlink/?linkid=39204
O16 – DPF: {31B7EB4E–8B4B–11D1–A789–00A0CC6651A8} (Cult3D ActiveX Player) –
http://www.cult3d.com/download/cult.cab
O16 – DPF: {78AF2F24–A9C3–11D3–BF8C–0060B0FCC122} (AcDcToday Control) –
file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 – DPF: {A3009861–330C–4E10–822B–39D16EC8829D} (CRAVOnline Object) –
http://www.ravantivirus.com/scan/ravonline.cab
O16 – DPF: {AE563720–B4F5–11D4–A415–00108302FDFD} (NOXLATE–BANR) – file://C:\Program
Files\AutoCAD 2002\InstBanr.ocx
O16 – DPF: {B8BE5E93–A60C–4D26–A2DC–220313175592} (ZoneIntro Class) –
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 – DPF: {C6637286–300D–11D4–AE0A–0010830243BD} (InstaFred) – file://C:\Program
Files\AutoCAD 2002\InstFred.ocx
O16 – DPF: {F281A59C–7B65–11D3–8617–0010830243BD} (AcPreview Control) –
file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 – HKLM\System\CCS\Services\Tcpip\..\{02BF9870–EC8E–42E7–A31F–9F86702AC7F4}:
NameServer = 192.168.1.1
O23 – Service: AntiVir Service (AntiVirService) – H+BEDV Datentechnik GmbH – C:\PROGRAM
FILES\AVPERSONAL\AVGUARD.EXE
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\system32
\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: AntiVir Update (AVWUpSrv) – H+BEDV Datentechnik GmbH, Germany –
C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 – Service: C–DillaCdaC11BA – Macrovision – C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 – Service: C–DillaSrv – C–Dilla Ltd – C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 – Service: Creative Service for CDROM Access – Creative Technology Ltd –
C:\WINDOWS\System32\CTsvcCDA.exe
O23 – Service: iPod Service (iPodService) – Apple Computer, Inc. – C:\Program
Files\iPod\bin\iPodService.exe
O23 – Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) – Unknown owner – C:\Program
Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" –sSQLEXPRESS (file missing)
O23 – Service: PC Tools Spyware Doctor (SDhelper) – PC Tools – C:\Program Files\Spyware
Doctor\sdhelp.exe
O23 – Service: SolidWorks SolidNetWork License Manager – Unknown owner –
C:\Flexlm\SolidWorks 2005 SolidNetWork License Manager\lmgrd.exe (file missing)
Odpowiedzi: 4
Jakie ? Co konkretnie ?Przebiegły Wacław:
...wykrywa mi 92 infekcje...
Odinstaluj Spyware Doctor,zainstaluj
http://www.searchengines.pl/phpbb203/lofiversion/index.php/t16762.html
zrób update i zrób scan.
http://www.searchengines.pl/phpbb203/lofiversion/index.php/t16762.html
zrób update i zrób scan.
Odinstaluj Spyware Doctor,zainstaluj
http://www.searchengines.pl/phpbb203/lofiversion/index.php/t16762.html
zrób update i zrób scan.
http://www.searchengines.pl/phpbb203/lofiversion/index.php/t16762.html
zrób update i zrób scan.
No, całkiem czysty to on nie jest np. PowerReg Scheduler.
Spróbuj wyłaczyć przywracanie systemu i wtedy uruchomić Doctora, a jeśli to nie przyniesie efektu to jeszcze moźna spróbować uruchomić Doctora w trybie awaryjnym.
Pzdr.
Spróbuj wyłaczyć przywracanie systemu i wtedy uruchomić Doctora, a jeśli to nie przyniesie efektu to jeszcze moźna spróbować uruchomić Doctora w trybie awaryjnym.
Pzdr.
Strona 1 / 1