Problem z plikiem hosts
W moim pliku hosts pojawiaja sie nastepujace wpisy:
127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear–search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr–sch.com
127.0.0.1 sds–qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.isearch.com
127.0.0.1 isearch.com
127.0.0.1 www.idownload.com
127.0.0.1 idownload.com
127.0.0.1 www.mytotalsearch.com
127.0.0.1 mytotalsearch.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.websearch.com
127.0.0.1 websearch.com
127.0.0.1 www.page–not–found.net
127.0.0.1 page–not–found.net
127.0.0.1 www.isearchhere.com
127.0.0.1 isearchhere.com
127.0.0.1 xads.offeroptimizer.comm
127.0.0.1 search.offeroptimizer.com
127.0.0.1 ximages.offeroptimizer.com
127.0.0.1 xlime.offeroptimizer.com
127.0.0.1 xadsj–o.offeroptimizer.com
127.0.0.1 xadsj.offeroptimizer.com
127.0.0.1 www.offeroptimizer.com
127.0.0.1 as.adwave.com
127.0.0.1 sr.adwave.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com EVENT:HOST:127.0.0.1
Nie moge ich usunac, po kazdorazowym usunieciu tych wpisow z pliku po kilku sekundach pojawiaja sie nanowo. Nic nie daje nawet usuniecie pliku...
Te stronki ktore sa w pliku hosts otwieraja mi sie co jakis czas samoczynnie... tragedia...
Przesylam jeszcze loga z Hijacka ale nic nie widze tam zlego...
Logfile of HijackThis v1.99.1
Scan saved at 19:58:43, on 27.10.2005
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Hewlett–Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\wuauclt.exe
D:\pawel\totalcmd\TOTALCMD.EXE
c:\program files\corel\corel graphics 11\programs\coreldrw.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\Paweł\Pulpit\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\System32\HPBPRO.EXE
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\system32\msdxm.ocx
O3 – Toolbar: &Tłumaczenie – {2F7DB8D7–9BE7–4666–901E–F380555BCAC7} – d:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll
O3 – Toolbar: Adobe PDF – {47833539–D0C5–4125–9FA8–0819E2EAAC93} – C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 – HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 – HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 – HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett–Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 – HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett–Packard\Toolbox\hpbpsttp.exe
O4 – HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe"
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 – Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 – Extra button: Create Mobile Favorite – {2EAF5BB1–070F–11D3–9307–00C04FAE2D4F} – C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 – Extra button: (no name) – {2EAF5BB2–070F–11D3–9307–00C04FAE2D4F} – C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 – Extra 'Tools' menuitem: Create Mobile Favorite... – {2EAF5BB2–070F–11D3–9307–00C04FAE2D4F} – C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 – Extra button: (no name) – {94C70A96–012C–4171–98FC–C1971511F20D} – d:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll
O9 – Extra 'Tools' menuitem: @d:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll,–103 – {94C70A96–012C–4171–98FC–C1971511F20D} – d:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121945257265
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{D8E4C86F–F52D–4B01–B505–E5BD421BBD81}: NameServer = 194.204.159.1,194.204.152.34
O21 – SSODL: Totalcmd – {821DF96D–347B–AD01–397D–A5209F742942} – c:\totalcmd\ywnhrf3.dll (file missing)
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: Crypkey License – CrypKey (Canada) Ltd. – C:\WINDOWS\SYSTEM32\crypserv.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe
POMOCY :)
127.0.0.1 www.igetnet.com
127.0.0.1 code.ignphrases.com
127.0.0.1 clear–search.com
127.0.0.1 r1.clrsch.com
127.0.0.1 sds.clrsch.com
127.0.0.1 status.clrsch.com
127.0.0.1 www.clrsch.com
127.0.0.1 clr–sch.com
127.0.0.1 sds–qckads.com
127.0.0.1 status.qckads.com
127.0.0.1 www.qoolaid.com
127.0.0.1 www.qoologic.com
127.0.0.1 www.CLKPrecision.com
127.0.0.1 www.urllogic.com
127.0.0.1 www.clkoptimizer.com
127.0.0.1 www.isearch.com
127.0.0.1 isearch.com
127.0.0.1 www.idownload.com
127.0.0.1 idownload.com
127.0.0.1 www.mytotalsearch.com
127.0.0.1 mytotalsearch.com
127.0.0.1 www.lop.com
127.0.0.1 lop.com
127.0.0.1 www.websearch.com
127.0.0.1 websearch.com
127.0.0.1 www.page–not–found.net
127.0.0.1 page–not–found.net
127.0.0.1 www.isearchhere.com
127.0.0.1 isearchhere.com
127.0.0.1 xads.offeroptimizer.comm
127.0.0.1 search.offeroptimizer.com
127.0.0.1 ximages.offeroptimizer.com
127.0.0.1 xlime.offeroptimizer.com
127.0.0.1 xadsj–o.offeroptimizer.com
127.0.0.1 xadsj.offeroptimizer.com
127.0.0.1 www.offeroptimizer.com
127.0.0.1 as.adwave.com
127.0.0.1 sr.adwave.com
127.0.0.1 www.adwave.com
127.0.0.1 adwave.com EVENT:HOST:127.0.0.1
Nie moge ich usunac, po kazdorazowym usunieciu tych wpisow z pliku po kilku sekundach pojawiaja sie nanowo. Nic nie daje nawet usuniecie pliku...
Te stronki ktore sa w pliku hosts otwieraja mi sie co jakis czas samoczynnie... tragedia...
Przesylam jeszcze loga z Hijacka ale nic nie widze tam zlego...
Logfile of HijackThis v1.99.1
Scan saved at 19:58:43, on 27.10.2005
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Hewlett–Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\D–Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\wuauclt.exe
D:\pawel\totalcmd\TOTALCMD.EXE
c:\program files\corel\corel graphics 11\programs\coreldrw.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\Paweł\Pulpit\HijackThis.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\System32\HPBPRO.EXE
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\system32\msdxm.ocx
O3 – Toolbar: &Tłumaczenie – {2F7DB8D7–9BE7–4666–901E–F380555BCAC7} – d:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll
O3 – Toolbar: Adobe PDF – {47833539–D0C5–4125–9FA8–0819E2EAAC93} – C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 – HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 – HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 – HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 – HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\System32\keyhook.exe
O4 – HKLM\..\Run: [RAM Idle Professional] C:\Program Files\RAM Idle\RAM_XP.exe
O4 – HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett–Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 – HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett–Packard\Toolbox\hpbpsttp.exe
O4 – HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett–Packard\HP Software Update\HPWuSchd2.exe"
O4 – HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 – HKLM\..\Run: [nwiz] nwiz.exe /install
O4 – HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 – HKLM\..\Run: [DAEMON Tools–1033] "C:\Program Files\D–Tools\daemon.exe" –lang 1033
O4 – HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 – HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 – HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 – HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 – Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: Spyware Doctor – {2D663D1A–8670–49D9–A1A5–4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 – Extra button: Create Mobile Favorite – {2EAF5BB1–070F–11D3–9307–00C04FAE2D4F} – C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 – Extra button: (no name) – {2EAF5BB2–070F–11D3–9307–00C04FAE2D4F} – C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 – Extra 'Tools' menuitem: Create Mobile Favorite... – {2EAF5BB2–070F–11D3–9307–00C04FAE2D4F} – C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 – Extra button: (no name) – {94C70A96–012C–4171–98FC–C1971511F20D} – d:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll
O9 – Extra 'Tools' menuitem: @d:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll,–103 – {94C70A96–012C–4171–98FC–C1971511F20D} – d:\Program Files\Russkij Translator\InternetTranslatorRusPol.dll
O9 – Extra button: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O9 – Extra 'Tools' menuitem: Messenger – {FB5F1910–F110–11d2–BB9E–00C04F795683} – C:\Program Files\Messenger\MSMSGS.EXE
O16 – DPF: {6414512B–B978–451D–A0D8–FCFDF33E833C} (WUWebControl Class) – http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121945257265
O16 – DPF: {92ECE6FA–AC2E–4042–BFAE–0C8608E52A43} (SignActivX Control) – https://www.bph.pl/pi/components/SignActivX.cab
O16 – DPF: {E7544C6C–CFD6–43EA–B4E9–360CEE20BDF7} (MainControl Class) – http://skaner.mks.com.pl/SkanerOnline.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{D8E4C86F–F52D–4B01–B505–E5BD421BBD81}: NameServer = 194.204.159.1,194.204.152.34
O21 – SSODL: Totalcmd – {821DF96D–347B–AD01–397D–A5209F742942} – c:\totalcmd\ywnhrf3.dll (file missing)
O23 – Service: Adobe LM Service – Adobe Systems – C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 – Service: avast! iAVS4 Control Service (aswUpdSv) – Unknown owner – C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 – Service: avast! Antivirus – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 – Service: avast! Mail Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 – Service: avast! Web Scanner – Unknown owner – C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 – Service: Crypkey License – CrypKey (Canada) Ltd. – C:\WINDOWS\SYSTEM32\crypserv.exe
O23 – Service: NVIDIA Display Driver Service (NVSvc) – NVIDIA Corporation – C:\WINDOWS\System32\nvsvc32.exe
O23 – Service: Pml Driver HPZ12 – HP – C:\WINDOWS\System32\HPZipm12.exe
POMOCY :)
Odpowiedzi: 1
W innym topicu wspomniałem o Spy Sweeperze, który, jak sądzę jest jednym z najlepszch, (jeśli nie najlepszm) obecnie softem do usuwania i ochrony komputera przed robalami.Z tego adresu http://www.webroot.com/consumer/products/spysweeper/ moźna ściągnąć bezpłatną (trial) wersję Spy Sweepera, updatować bazę robali i przez jakiś czas czuć się bezpiecznie. Drodzy Modowie, widzę jak często mordujecie się z trwialnymi i wciąź powtarzanymi prośbami o analizy logów, wołaniami o pomoc w kaźdym nowym topicu, jeden podobny do drugiego, i mam związku z tym niewielką propozycję, moźe w "przyklejonych" tematach dodać topic o programach związanych z bezpieczeństwem w Sieci, software do usuwania spyware, virusów, firewal'e z linkami do wersji trial i być moźe ranking np. TOP 3, co podejrzewam Wam ulźyło by w pracy na forum, i pomogło userom w wyborze właściwej aplikacji .
Mój TOP Spy Sweeper 4.5 i ZoneAlarm Security Suite 6.x
Pozdrowienia :)
Mój TOP Spy Sweeper 4.5 i ZoneAlarm Security Suite 6.x
Pozdrowienia :)
Strona 1 / 1