Proszę o sprawdzenie loga.

03.11.05, 21:19
Logfile of HijackThis v1.99.1
Scan saved at 20:32:42, on 2005-11-03
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\Cream Software\Supelek NxG\FMN.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\f\Pulpit\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.vobis.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
www.google.pl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
F2 - REG:system.ini: Shell=explorer.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Skrót do strony właściwości High Definition Audio]
HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -
atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-
Virus Personal\avpcc.exe" /wait
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft
AntiSpyware\gcasServ.exe"
O4 - HKLM\..\RunOnce: [washindex] C:\Program
Files\Washer\washidx.exe "Default User"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [Forget-Me-kNot NxG] "C:\Program Files\Cream
Software\Supelek NxG\FMN.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program
Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Gadu-Gadu] "C:\Program Files\Gadu-Gadu\gg.exe" /tray
O4 - HKCU\..\RunOnce: [washindex] C:\Program
Files\Washer\washidx.exe "Default User"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840
\dslmon.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program
files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&ksport do programu Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=www.vobis.pl/
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093505591781
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
a840.g.akamai.net/7/840/537/2005102501/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer
Class) - acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2DCB5897-FCFB-425F-B75E-
DB622E40CAEE}: NameServer = 194.204.152.34 217.98.63.164
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner -
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
Personal\avpcc.exe" /service (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner -
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus
Personal\avpm.exe" /service (file missing)
O23 - Service: kavsvc - Unknown owner - C:\Program Files\Kaspersky
Lab\Kaspersky Anti-Virus Personal\kavsvc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program
Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

    • Gość: Kolobos Re: Proszę o sprawdzenie loga. IP: *.warszawa.sdi.tpnet.pl 03.11.05, 22:20
      Wyglada ok.
      • bruke Re: Proszę o sprawdzenie loga. 03.11.05, 22:39
        Dziękuję bardzo, niemniej powiedź mi dlaczego Anti...robak - www.gdata.pl po
        skanowaniu informuje mnie, że"Plik hosts wydaje się być zmodyfikowanym przez
        wirusa... itd." i ewentualnie co mam tu zrobić.
        • bruke Re: Proszę o sprawdzenie loga. 05.11.05, 08:43
          Kolobos jednak proszę o odpowiedź. Może nie chcesz mi powiedzieć, żeby
          wymienioną szczepionkę AntiVirenKit nazwać ostatnim członem tej nazwy i ją
          odinstalować, bo raczej nie zrobiłem sobie krzywdy kupując rok temu komputer /a
          to powiedzenie bardzo mi sie spodobało/? Serdecznie pozdrawiam.
          • Gość: Kolobos Re: Proszę o sprawdzenie loga. IP: *.warszawa.sdi.tpnet.pl 05.11.05, 11:23
            Czemu mu sie tak wydaje? Wklej zawartosc pliku hosts na forum.
            • bruke Re: Proszę o sprawdzenie loga. 05.11.05, 14:48
              Anti...robak - www.gdata.pl /powtarzam/ pisze:"Plik hosts wydaje się być
              zmodyfikowanym przez wirusa. W większości przypadków z adresem 127.0.0.1
              powinien być związany tylko localhost. Czy chcesz otworzyć ten plik..." Oto on:
              #
              # This MVPS HOSTS file is a free download from: #
              # www.mvps.org/winhelp2002/ #
              # #
              # Notes: the browser does not read this "#" symbol #
              # You can create your own notes, after the # symbol #
              # This *must* be the first line: 127.0.0.1 localhost #
              # ********************************************************#
              # ------------------Updated: 06-06-04---------------------#
              # ********************************************************#
              # Entries marked with Parasite or Trojan comments should #
              # be placed in the Internet Explorer Restricted Zone. #
              # mvps.org/winhelp2002/restricted.htm #
              # #
              # Entries with other comments are searchable via Google. #
              # #
              # Disclaimer: this file is free to use, however it is NOT #
              # permitted to post on any other site without permission. #
              127.0.0.1 localhost
              # [Misc Add-ons][A - Z]
              127.0.0.1 abcsearch.com
              127.0.0.1 admin.abcsearch.com
              127.0.0.1 www3.abcsearch.com #[Browseraid]
              127.0.0.1 www.abcsearch.com
              127.0.0.1 abc517.net #[Trojan.Mitglieder.H]
              127.0.0.1 acestats.com
              127.0.0.1 www.acestats.com
              127.0.0.1 actualnames.com #[Parasite.ActualNames]
              127.0.0.1 www.actualnames.com
              127.0.0.1 ad-up.com
              127.0.0.1 www.ad-up.com
              127.0.0.1 adatom.com
              127.0.0.1 aesp.adatom.com
              127.0.0.1 adbest.com
              127.0.0.1 adserv.adbonus.com
              127.0.0.1 www.adbonus.com
              127.0.0.1 www.adblaster2.info #[Restricted Zone site]
              127.0.0.1 ad2.adcept.net
              127.0.0.1 ad3.adcept.net
              127.0.0.1 www.adcept.net
              127.0.0.1 adcomplete.com
              127.0.0.1 www.adcomplete.com
              127.0.0.1 www.adcopy.info
              127.0.0.1 ads.adcorps.com
              127.0.0.1 ads.addynamix.com
              127.0.0.1 pt.server1.adexit.com
              127.0.0.1 www.adexit.com
              127.0.0.1 www.ad4ever.com
              127.0.0.1 ads.adfuzz.com
              127.0.0.1 www2.adhost.com
              127.0.0.1 www.addme.com
              127.0.0.1 te.adlandpro.com
              127.0.0.1 classic.adlink.de
              127.0.0.1 regio.adlink.de
              127.0.0.1 west.adlink.de
              127.0.0.1 www.adminder.com
              127.0.0.1 adsfac.net
              127.0.0.1 www.adonweb.com
              127.0.0.1 www.adrelevance.com #[NetRatings]
              127.0.0.1 adroar.com
              127.0.0.1 ads.adroar.com
              127.0.0.1 delta.adroar.com
              127.0.0.1 iads.adroar.com #[Adware.AdRoar]
              127.0.0.1 lists.adroar.com
              127.0.0.1 www.adroar.com
              127.0.0.1 ads.adsag.com
              127.0.0.1 img.adsag.com
              127.0.0.1 publishers.adscholar.com
              127.0.0.1 adserv.com
              127.0.0.1 www.adserv.com
              127.0.0.1 www.adtoolsinc.com
              127.0.0.1 www.adtrader.com
              127.0.0.1 survey.advantageresearch.com
              127.0.0.1 ad.adver.com.tw
              127.0.0.1 ads.advertise.net
              127.0.0.1 advertisingvision.com #[Adware.Advision]
              127.0.0.1 www.advertisingvision.com
              127.0.0.1 adviva.com
              127.0.0.1 www.adviva.com
              127.0.0.1 ads.adviva.net
              127.0.0.1 adstats.adviva.net
              127.0.0.1 tracker.affistats.com #[msvrl.dll]
              127.0.0.1 www.affiliate.net #[Barnes & Noble]
              127.0.0.1 www.affiliatefuel.com
              127.0.0.1 banners.affiliatefuel.com
              127.0.0.1 affiliatetarget.com
              127.0.0.1 www.affiliatetarget.com
              127.0.0.1 www.affiliatetracking.net
              127.0.0.1 our.affiliatetracking.net
              127.0.0.1 www.affiliatetracking.com
              127.0.0.1 partner.ah-ha.com #[Troj/Subsear-A][Adware-SSF.dr]
              127.0.0.1 crs.akamai.com
              127.0.0.1 ads.as4x.tmcs.akadns.net #[Ticketmaster]
              127.0.0.1 bantam.ai.net
              127.0.0.1 fiona.ai.net
              127.0.0.1 ads.amazingmedia.com
              127.0.0.1 bohema.amillo.net #[Trojan.Mitglieder.H]
              127.0.0.1 ads.antionline.com
              127.0.0.1 ads.mm.ap.org
              127.0.0.1 junior.apk.net
              127.0.0.1 images.atweb.com
              127.0.0.1 banner.arttoday.com
              127.0.0.1 associmg.com #[amazon.com]
              127.0.0.1 armbender.com #[UCSearch.ucUCSearch][W32.Adclicker.F.Trojan]
              127.0.0.1 www.armbender.com #[UCSearch.ArmBender]
              127.0.0.1 audiogalaxy.com
              127.0.0.1 www.audiogalaxy.com #[Restricted Zone site]
              127.0.0.1 adserving.autotrader.com
              127.0.0.1 www.aweber.com
              # B
              127.0.0.1 bar.baidu.com #[Parasite.ClientMan]
              127.0.0.1 www.banner-mania.com
              127.0.0.1 www.bannerspace.com #[Restricted Zone site]
              127.0.0.1 www2.bannerspace.com
              127.0.0.1 www3.bannerspace.com
              127.0.0.1 www5.bannerspace.com
              127.0.0.1 www6.bannerspace.com
              127.0.0.1 www7.bannerspace.com
              127.0.0.1 bannerswap.com
              127.0.0.1 www.bannerswap.com
              127.0.0.1 www.bidclix.com
              127.0.0.1 bidclix.net
              127.0.0.1 www.bidclix.net
              127.0.0.1 ads.bigfoot.com
              127.0.0.1 bigtracker.com
              127.0.0.1 bigticker.bighits.net
              127.0.0.1 bounty.bighits.net
              127.0.0.1 bighits.net #[Restricted Zone site]
              127.0.0.1 www.bighits.net
              127.0.0.1 counter.bizland.com
              127.0.0.1 webads.bizservers.com
              127.0.0.1 www.black-hole.co.uk #[Restricted Zone site]
              127.0.0.1 www.blazehits.net #[gonnasearch.com]
              127.0.0.1 ads.bluemongoose.com
              127.0.0.1 ads.bmais.net #[bluemountain]
              127.0.0.1 bookedspace.com #[Parasite.BookedSpace]
              127.0.0.1 www.bookedspace.com #[Adware.Bookedspace]
              127.0.0.1 www1.boomerank.com
              127.0.0.1 boomerank.com
              127.0.0.1 citi.bridgetrack.com #[Tracking Service]
              127.0.0.1 rccl.bridgetrack.com
              127.0.0.1 www.broadcastpc.tv #[Adware.Broadcastpc]
              127.0.0.1 www.browserplugin.com #[WebHlprObj Class]
              127.0.0.1 install.browsertoolbar.com #[Backdoor.Autoupder][BrowserToolbar]
              127.0.0.1 www2.browsertoolbar.com #[TROJ_SUA.A]
              127.0.0.1 www.browsertoolbar.com #[Parasite.BrowserToolbar]
              127.0.0.1 browserwise.com #[Parasite.Xupiter][Xupiter.BrowserWise]
              127.0.0.1 www.browserwise.com
              127.0.0.1 ads.bugnet.com
              127.0.0.1 www.buildtraffic.com
              # C
              127.0.0.1 casalemedia.com
              127.0.0.1 as.casalemedia.com
              127.0.0.1 is.casalemedia.com
              127.0.0.1 www.casalemedia.com
              127.0.0.1 casino-on-net.com
              127.0.0.1 www.casino-on-net.com
              127.0.0.1 ads.cbc.ca
              127.0.0.1 ads.cc-dt.com
              127.0.0.1 clickserve.cc-dt.com
              127.0.0.1 cc-dt.com
              127.0.0.1 thunder.cc-dt.com
              127.0.0.1 www.capital-systems.net #[CHM exploit]
              127.0.0.1 adverts.carltononline.com
              127.0.0.1 ads.cars.com
              127.0.0.1 www.cashforclicks.com
              127.0.0.1 www.cashpile.com
              127.0.0.1 www.casinoxo.com #[Restricted Zone site][Trojan]
              127.0.0.1 ads.cdfreaks.com #[Ads.cdfreaks]
              127.0.0.1 mds.centrport.net
              127.0.0.1 stats2.free.cgiserver.net
              127.0.0.1 bannerexchange.cjb.net
              127.0.0.1 coder3862004.cjb.net #[Trojan.Bansap]
              127.0.0.1 cl55.biz #[TROJ_AGENT.AD][CAX Object]
              127.0.0.1 c.clickaire.com #[CWS trojan downloads]
              127.0.0.1 classifieds1000.com
              127.0.0.1 www.classifieds1000.com
              127.0.0.1 ads4.clearchannel.com
              127.0.0.1 clearfind.com
              127.0.0.1 www.clearfind.com #[Restricted Zone site]
              127.0.0.1 hop.clickbank.net #[Restricted Zone site]
              127.0.0.1 zzz.clickbank.net
              127.0.0.1 clickedyclick.com
              127.0.0.1 www.clickexchange.ru
              127.0.0.1 click2boost.com
              127.0.0.1 service.click2boost.com
              127.0.0.1 secure.click2boost.com
              127.0.0.1 www.click2boost.com
              127.0.0.1 servedby.clickexperts.net
              127.0.0.1 www.clicks2you.com
              127.0.0.1 www.clixgalore.com
              127.0.0.1 www1.click-fr.com
              127.0.0.1 www2.click-fr.com
              127.0.0.1 www3.click-fr.com
              127.0.0.1 www4.click-fr.com
              127.0.0.1 www.clickhouse.com
              127.0.0.1 www.clicks4u.com
              127.0.0.1 clicktilluwin.com
              127.0.0.1 www.clicktilluwin.com #[Spyware.Dlder][Trojan.Win32.Dlder]
              127.0.0.1 comclick.com
              127.0.0.1 ct2.comclick.com
              127.0.0.1 fl01.ct2.comclick.com
              127.0.0.1 ihm01.ct2.comclick.com
              127.0.0.1 www.comclick.com #[Restricted Zone site]
              127.0.0.1 survey.confirmit.com
              127.0.0.1 www.thecoolbar.com #[Softomate Toolbar][The Coolbar]
              127.0.0.1 coolshader.com
              127.0.0.1 c.coolshader.com #[Win32.Harnig]
              127.0.0.1 www.coolshader.com
              127.0.0.1 www.count24.de
              127.0.0.1 counted.com
              127.0.0.1 bilbo.counted.com
              127.0.0.1 www.counted.com
              127.0.0.1 www.c
              • Gość: Kolobos Re: Proszę o sprawdzenie loga. IP: *.warszawa.sdi.tpnet.pl 05.11.05, 15:03
                Wszystko jest ok w pliku hosts masz zablokowane rozne zle strony.
              • bruke Re: Proszę o sprawdzenie loga. 05.11.05, 15:11
                Teraz mam problem /czego wcześniej się obawiałem/, bo wpisał się tylko mały
                ułamek /ok. 1/14/ tego pliku, a ja nie umiem jeszcze ich kompresować. Co
                radzisz Kolobos?
                • Gość: Kolobos Re: Proszę o sprawdzenie loga. IP: *.warszawa.sdi.tpnet.pl 05.11.05, 15:13
                  Po co chcesz wklejac reszte? Przeciez juz Ci napisalem o co chodzi.
                  • bruke Re: Proszę o sprawdzenie loga. 05.11.05, 15:23
                    Jeżeli wystarczy tylko wklejona początkowa część tego pliku do oceny, to
                    serdecznie dziękuję i pozdrawiam.
Pełna wersja