Hosts i www


(Tomento) #1

Witam mam problem, odkad wywalilem program hots manager, dzieja mi sie dziwne rzeczy, tzn dziala gg, nie dzialaja www.

Jak dam plik hosts z czystego windowsa stronki rowniez nie dzialaja, jak podemienie spowrotem na stary plik host w ktorym mam kilkanascie wpisow, to dzialaja tylko te strony ktore tam sa wpisane, np to forum. Reszta nie dziala np gratka.pl

MOge wkelic loga z hijacka oraz jakasc czesc kody obecnego pliku hosts ktory dziala.

System zesnakowany na spyware i wirusy.

Bardzo prosze o pomoc

System to windows xp.

przeinstalowalbym windowsa ale dvd na gwarancji lezy i nie mam dostepu do zadnego cdroma

Log z hijacka

Logfile of HijackThis v1.99.1

Scan saved at 21:41:19, on 2005-06-06

Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Executive Software\Diskeeper\DkService.exe

C:\Program Files\GFI\LANguard Network Security Scanner 6.0\lnssatt.exe

C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Mixer.exe

C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\DU Meter\DUMeter.exe

C:\Program Files\ATI Technologies\ATI.ACE\cli.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

D:\Programy\Tlen.pl\tlen.exe

D:\Programy\BitComet\BitComet.exe

D:\Programy\robo\RoboTaskBarIcon.exe

D:\Programy\Gadu-Gadu\gg.exe

C:\Program Files\Messenger\msmsgs.exe

D:\Programy\The bat 3.01\spampal\spampal.exe

C:\WINDOWS\system32\wscntfy.exe

D:\Programy\totalcmd\TOTALCMD.EXE

C:\Program Files\GetRight\GETRIGHT.EXE

C:\Program Files\GetRight\GETRIGHT.EXE

D:\Programy\totalcmd\TOTALCMD.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

D:\Programy\lanchat\LANChat.exe

D:\Programy\WinRAR\WinRAR.exe

C:\DOCUME~1\tomq\USTAWI~1\Temp\Rar$EX00.754\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.tpnet.pl:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Programy\robo\RoboForm.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - D:\Programy\Mass Downloader27\MDHELPER.DLL

O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Programy\robo\RoboForm.dll

O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM..\Run: [C-Media Mixer] Mixer.exe /startup

O4 - HKLM..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe

O4 - HKLM..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe

O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime

O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM..\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon

O4 - HKCU..\Run: [Komunikator] D:\Programy\Tlen.pl\tlen.exe

O4 - HKCU..\Run: [bitComet] "D:\Programy\BitComet\BitComet.exe"

O4 - HKCU..\Run: [RoboForm] "D:\Programy\robo\RoboTaskBarIcon.exe"

O4 - HKCU..\Run: [Gadu-Gadu] "D:\Programy\Gadu-Gadu\gg.exe" /tray

O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: SpamPal.lnk = D:\Programy\The bat 3.01\spampal\spampal.exe

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Personalizuj Menu &4 - file://D:\Programy\robo\RoboFormComCustomizeIEMenu.html

O8 - Extra context menu item: Pobierz &Wszystko używając Mass Downloader'a - D:\Programy\Mass Downloader27\Add_All.htm

O8 - Extra context menu item: Pobierz używając &Mass Downloader'a - D:\Programy\Mass Downloader27\Add_Url.htm

O8 - Extra context menu item: RF Pasek Narzędzi &2 - file://D:\Programy\robo\RoboFormComShowToolbar.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O8 - Extra context menu item: Wypełnij Pola &] - file://D:\Programy\robo\RoboFormComFillForms.html

O8 - Extra context menu item: Zapisz Pola &[ - file://D:\Programy\robo\RoboFormComSavePass.html

O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll

O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll

O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - D:\Programy\Mass Downloader27\massdown.exe

O9 - Extra 'Tools' menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - D:\Programy\Mass Downloader27\massdown.exe

O9 - Extra button: Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Programy\robo\RoboFormComFillForms.html

O9 - Extra 'Tools' menuitem: Wypełnij Pola &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Programy\robo\RoboFormComFillForms.html

O9 - Extra button: Zapisz - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Programy\robo\RoboFormComSavePass.html

O9 - Extra 'Tools' menuitem: Zapisz Pola &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Programy\robo\RoboFormComSavePass.html

O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Programy\robo\RoboFormComShowToolbar.html

O9 - Extra 'Tools' menuitem: RF Pasek Narzędzi &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Programy\robo\RoboFormComShowToolbar.html

O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: ING Bank Online -

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 5576765854

O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab

O17 - HKLM\System\CCS\Services\Tcpip..{69489815-1B9A-4479-A1B4-EE0BF569B109}: NameServer = 157.158.1.3,194.204.152.34

O17 - HKLM\System\CCS\Services\Tcpip..{705D228C-DBDD-4824-8A97-ADCEABABA0E2}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CCS\Services\Tcpip..{A5EA6226-DB81-4BDA-BD67-B441E34B556F}: NameServer = 194.204.159.1,194.204.152.34,157.158.1.3,81.26.0.10

O17 - HKLM\System\CS1\Services\Tcpip..{705D228C-DBDD-4824-8A97-ADCEABABA0E2}: NameServer = 194.204.159.1,194.204.152.34

O17 - HKLM\System\CS2\Services\Tcpip..{69489815-1B9A-4479-A1B4-EE0BF569B109}: NameServer = 157.158.1.3,194.204.152.34

O17 - HKLM\System\CS3\Services\Tcpip..{69489815-1B9A-4479-A1B4-EE0BF569B109}: NameServer = 157.158.1.3,194.204.152.34

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe

O23 - Service: GFI LANguard N.S.S. 6.0 attendant service - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 6.0\lnssatt.exe" -service (file missing)


(Kuz5) #2

Wklej wszystko co sie znajduje w pliku host

C:\WINDOWS\system32\drivers\etc


(Tomento) #3

no wiec chwilowo jestem w pracy ale wczoraj patrzalem i tam jest tylko 127.0.0.1 localhost

i wtedy nie dzialaja www

Wracajac dostarego hosts w ktorym mam wpisy z tego programu co mialem kiedys ( jakos host manager ktory mi zrobil wpisyz ulubionych ) to dzialaja www ale tylko te z wpisow, dlategoto jest dla mnei zagadka.

Chwilowo nie moge sprawdzic bo jestem w pracy ale chetnie proozmawiam jka wroce na gg poniewaz gg tez mi dziala ( uzywa ip ) moje gg 11065