Gość: T0SIA
IP: *.icpnet.pl
18.02.05, 19:34
ratujcie... ad-aware nie usuwa pewnego smiecia, ktorego zlapalam. Wszystkie
wirki chyba udalo mi sie usunac, tylko ta jedna rzecz mnie drazni:
"Possible Browser Hijack attempt"
mam win XP
pomozcie.. co z tym fantem zrobic?
HijackThis ukazuje taki log:
Logfile of HijackThis v1.99.0
Scan saved at 19:24:17, on 2005-02-18
Platform: Windows XP Dodatek SP. 1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\PROGRA~1\Atguard\iamapp.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\mozilla.org\Mozilla\Mozilla.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Atguard\iamserv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\Program Files\Gadu-Gadu\gg.exe
C:\Program Files\Winamp\winamp.exe
E:\instalki\antyszpiegusy\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\SMOCZYCA\USTAWI~1\Temp\se.dll/sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
res://C:\DOCUME~1\SMOCZYCA\USTAWI~1\Temp\se.dll/sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings,ProxyServer = w3cache.icm.edu.pl:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\PROGRAM FILES\ACROBAT 6.0 CE\READER\ACTIVEX\ACROIEHELPER.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Zasobnik systemowy] SysTray.Exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iamapp] C:\PROGRA~1\Atguard\iamapp.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Titanium
Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [sp] rundll32
C:\DOCUME~1\SMOCZYCA\USTAWI~1\Temp\se.dll,DllInstall
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program
Files\mozilla.org\Mozilla\Mozilla.exe" -turbo
O4 - Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program
Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED
PROGRAM FILES\GOOGLENAV.DLL/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED
PROGRAM FILES\GOOGLENAV.DLL/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page -
res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED
PROGRAM FILES\GOOGLENAV.DLL/cmsimilar.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) -
www.errorguard.com/installation/Install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
a1540.g.akamai.net/7/1540/52/20041101/qtinstall.info.apple.com/pthalo/us/win/QuickTimeInstaller.exe
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} (Google Activate) -
toolbar.google.com/data/pl/deleon/1.1.62-deleon/GoogleNav.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class)
- www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {E7544C6C-CFD6-43EA-B4E9-360CEE20BDF7} (MainControl Class) -
bezpieczenstwo.onet.pl/skaner/SkanerOnline.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) -
www5.incredimail.com/contents/setup/downloader_sp1/imloader.cab
O23 - Service: WRQ IAM - WRQ, Inc. - C:\Program Files\Atguard\iamserv.exe
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service - Unknown - C:\Program Files\Panda
Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre - Unknown - C:\Program Files\Panda Software\Panda
Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt - Unknown - C:\Program Files\Panda Software\Panda
Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service - Unknown - C:\Program
Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - C:\Program Files\Panda
Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service - Unknown - C:\Program Files\Panda
Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service - Panda Software Internacional -
C:\Program Files\Panda Software\Panda Titanium