Witam mam problem, odkad wywalilem program hots manager, dzieja mi sie dziwne rzeczy, tzn dziala gg, nie dzialaja www.
Jak dam plik hosts z czystego windowsa stronki rowniez nie dzialaja, jak podemienie spowrotem na stary plik host w ktorym mam kilkanascie wpisow, to dzialaja tylko te strony ktore tam sa wpisane, np to forum. Reszta nie dziala np gratka.pl
MOge wkelic loga z hijacka oraz jakasc czesc kody obecnego pliku hosts ktory dziala.
System zesnakowany na spyware i wirusy.
Bardzo prosze o pomoc
System to windows xp.
przeinstalowalbym windowsa ale dvd na gwarancji lezy i nie mam dostepu do zadnego cdroma
Log z hijacka
Logfile of HijackThis v1.99.1
Scan saved at 21:41:19, on 2005-06-06
Platform: Windows XP Dodatek SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\GFI\LANguard Network Security Scanner 6.0\lnssatt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Programy\Tlen.pl\tlen.exe
D:\Programy\BitComet\BitComet.exe
D:\Programy\robo\RoboTaskBarIcon.exe
D:\Programy\Gadu-Gadu\gg.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Programy\The bat 3.01\spampal\spampal.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Programy\totalcmd\TOTALCMD.EXE
C:\Program Files\GetRight\GETRIGHT.EXE
C:\Program Files\GetRight\GETRIGHT.EXE
D:\Programy\totalcmd\TOTALCMD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Programy\lanchat\LANChat.exe
D:\Programy\WinRAR\WinRAR.exe
C:\DOCUME~1\tomq\USTAWI~1\Temp\Rar$EX00.754\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://onet.pl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\PCHEALTH\HELPCTR\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w3cache.tpnet.pl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Programy\robo\RoboForm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: IECatcher Class - {B930BA63-9E5A-11D3-A288-0000E80E2EDE} - D:\Programy\Mass Downloader27\MDHELPER.DLL
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Programy\robo\RoboForm.dll
O4 - HKLM…\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM…\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM…\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM…\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
O4 - HKLM…\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM…\Run: [ATICCC] “C:\Program Files\ATI Technologies\ATI.ACE\cli.exe” runtime
O4 - HKLM…\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM…\Run: [synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKCU…\Run: [Komunikator] D:\Programy\Tlen.pl\tlen.exe
O4 - HKCU…\Run: [bitComet] “D:\Programy\BitComet\BitComet.exe”
O4 - HKCU…\Run: [RoboForm] “D:\Programy\robo\RoboTaskBarIcon.exe”
O4 - HKCU…\Run: [Gadu-Gadu] “D:\Programy\Gadu-Gadu\gg.exe” /tray
O4 - HKCU…\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - Startup: SpamPal.lnk = D:\Programy\The bat 3.01\spampal\spampal.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Personalizuj Menu &4 - file://D:\Programy\robo\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Pobierz &Wszystko używając Mass Downloader’a - D:\Programy\Mass Downloader27\Add_All.htm
O8 - Extra context menu item: Pobierz używając &Mass Downloader’a - D:\Programy\Mass Downloader27\Add_Url.htm
O8 - Extra context menu item: RF Pasek Narzędzi &2 - file://D:\Programy\robo\RoboFormComShowToolbar.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Wypełnij Pola &] - file://D:\Programy\robo\RoboFormComFillForms.html
O8 - Extra context menu item: Zapisz Pola &[ - file://D:\Programy\robo\RoboFormComSavePass.html
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra ‘Tools’ menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - D:\Programy\Mass Downloader27\massdown.exe
O9 - Extra ‘Tools’ menuitem: &Mass Downloader - {0FD01980-CCCB-11D3-80D4-0000E80E2EDE} - D:\Programy\Mass Downloader27\massdown.exe
O9 - Extra button: Wypełnij Pola - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Programy\robo\RoboFormComFillForms.html
O9 - Extra ‘Tools’ menuitem: Wypełnij Pola &] - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Programy\robo\RoboFormComFillForms.html
O9 - Extra button: Zapisz - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Programy\robo\RoboFormComSavePass.html
O9 - Extra ‘Tools’ menuitem: Zapisz Pola &[ - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Programy\robo\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Programy\robo\RoboFormComShowToolbar.html
O9 - Extra ‘Tools’ menuitem: RF Pasek Narzędzi &2 - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Programy\robo\RoboFormComShowToolbar.html
O9 - Extra button: ICQ 4 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra ‘Tools’ menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: ING Bank Online -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v … 5576765854
O16 - DPF: {66D393D5-4D80-497C-9F4F-F3839E090202} (PlayerOCX Control) - http://www.pysoft.com/Downloads/WebCamPlayerOCX.cab
O17 - HKLM\System\CCS\Services\Tcpip…{69489815-1B9A-4479-A1B4-EE0BF569B109}: NameServer = 157.158.1.3,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip…{705D228C-DBDD-4824-8A97-ADCEABABA0E2}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CCS\Services\Tcpip…{A5EA6226-DB81-4BDA-BD67-B441E34B556F}: NameServer = 194.204.159.1,194.204.152.34,157.158.1.3,81.26.0.10
O17 - HKLM\System\CS1\Services\Tcpip…{705D228C-DBDD-4824-8A97-ADCEABABA0E2}: NameServer = 194.204.159.1,194.204.152.34
O17 - HKLM\System\CS2\Services\Tcpip…{69489815-1B9A-4479-A1B4-EE0BF569B109}: NameServer = 157.158.1.3,194.204.152.34
O17 - HKLM\System\CS3\Services\Tcpip…{69489815-1B9A-4479-A1B4-EE0BF569B109}: NameServer = 157.158.1.3,194.204.152.34
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: GFI LANguard N.S.S. 6.0 attendant service - Unknown owner - C:\Program Files\GFI\LANguard Network Security Scanner 6.0\lnssatt.exe" -service (file missing)