offline
- zrdesing
- Građanin
- Pridružio: 21 Apr 2008
- Poruke: 102
- Gde živiš: Maklosevac, Nasice, Hrvatska
|
Pozdrav svima!
Evo ovako..... Prije koju minutu cim sam ukljucio Online Armor firewall poceo mi je izbacivati da neke internet stranice zele promijenit localhost 127.0.0.1 u sljedece..... evo prilazem i export iz OA firewall-a.
Type,Date/Time,Action,Description
New Host Entry Detected,23.1.2009 22:59:55,Blocked,127.0.0.1 virus-alert-center.com
New Host Entry Detected,23.1.2009 22:59:54,Blocked,127.0.0.1 www.virus-alert-center.com
New Host Entry Detected,23.1.2009 22:59:52,Blocked,127.0.0.1 ultraantivirus2009.com
New Host Entry Detected,23.1.2009 22:59:51,Blocked,127.0.0.1 www.ultraantivirus2009.com
New Host Entry Detected,23.1.2009 22:59:49,Blocked,127.0.0.1 trafikfind.com
New Host Entry Detected,23.1.2009 22:59:48,Blocked,127.0.0.1 www.trafikfind.com
New Host Entry Detected,23.1.2009 22:59:47,Blocked,127.0.0.1 sys-scanner.com
New Host Entry Detected,23.1.2009 22:59:45,Blocked,127.0.0.1 www.sys-scanner.com
New Host Entry Detected,23.1.2009 22:59:44,Blocked,127.0.0.1 spywareinfo.com
New Host Entry Detected,23.1.2009 22:59:42,Blocked,127.0.0.1 www.spywareinfo.com
New Host Entry Detected,23.1.2009 22:59:37,Blocked,127.0.0.1 sgviralscan.com
New Host Entry Detected,23.1.2009 22:59:33,Blocked,127.0.0.1 www.sgviralscan.com
New Host Entry Detected,23.1.2009 22:59:32,Blocked,127.0.0.1 sg9scanner.com
New Host Entry Detected,23.1.2009 22:59:31,Blocked,127.0.0.1 www.sg9scanner.com
New Host Entry Detected,23.1.2009 22:59:28,Blocked,127.0.0.1 scan4plus.com
New Host Entry Detected,23.1.2009 22:59:28,Blocked,127.0.0.1 www.scan4plus.com
New Host Entry Detected,23.1.2009 22:59:25,Blocked,127.0.0.1 pcantivirusscanneronline.com
New Host Entry Detected,23.1.2009 22:59:24,Blocked,127.0.0.1 www.pcantivirusscanneronline.com
New Host Entry Detected,23.1.2009 22:59:20,Blocked,127.0.0.1 myfasterpc.com
New Host Entry Detected,23.1.2009 22:59:19,Blocked,127.0.0.1 www.myfasterpc.com
New Host Entry Detected,23.1.2009 22:59:13,Blocked,127.0.0.1 liveprotectionupdate.cn
New Host Entry Detected,23.1.2009 22:59:12,Blocked,127.0.0.1 www.liveprotectionupdate.cn
New Host Entry Detected,23.1.2009 22:59:07,Blocked,127.0.0.1 isafeantivir.com
New Host Entry Detected,23.1.2009 22:59:06,Blocked,127.0.0.1 www.isafeantivir.com
New Host Entry Detected,23.1.2009 22:58:59,Blocked,127.0.0.1 in5is.com
New Host Entry Detected,23.1.2009 22:58:57,Blocked,127.0.0.1 www.in5is.com
New Host Entry Detected,23.1.2009 22:58:55,Blocked,127.0.0.1 griehe.com
New Host Entry Detected,23.1.2009 22:58:53,Blocked,127.0.0.1 www.griehe.com
New Host Entry Detected,23.1.2009 22:58:11,Blocked,127.0.0.1 defender2008.com
New Host Entry Detected,23.1.2009 22:58:07,Blocked,127.0.0.1 www.defender2008.com
New Host Entry Detected,23.1.2009 22:57:28,Blocked,127.0.0.1 childhe.com
New Host Entry Detected,23.1.2009 22:57:25,Blocked,127.0.0.1 www.childhe.com
New Host Entry Detected,23.1.2009 22:56:17,Blocked,127.0.0.1 astrumavrpro.com
New Host Entry Detected,23.1.2009 22:56:07,Blocked,127.0.0.1 www.astrumavrpro.com
Evo HJT loga.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:40, on 23.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tall Emu\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Tall Emu\Online Armor\oacat.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Tall Emu\Online Armor\oaui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Tall Emu\Online Armor\oahlp.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\Winamp\Winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60327
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe
--
End of file - 5549 bytes
Bilo kakva pomoc u vezi toga. Ja se ispricavam ako sam promasio temu.
|
