VIRULENT
(Olek T)
1 Lipiec 2006 13:08
#1
Mam problem z Google. Za każdym razem gdy klikam w wyniki wyszukiwania jakiś spyware przekierowuje mnie na strony typu: oldhetaira.com , cosavista.net , casinocaesar.com , robogold.biz i inne zagraniczne wyszukiwarki. Na innych wyszukiwarkach (poza Google) nie ma takiego problemu.
Ad-Aware ani Spybot nie pomagają.
Tego się po prostu nie da usunąć z kompa! :evil:
Jeśli ktoś wie, jak sobie z tym poradzić, to proszę o pomoc.
Logi z Hijacka i Silent:
Logfile of HijackThis v1.99.1 Scan saved at 13:44:46, on 06-07-01 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\PROGRAM FILES\NEOSTRADA TP\CNXMON.EXE C:\PROGRAM FILES\NEOSTRADA TP\TASKBARICON.EXE D:\AVG ANTIVIRUS\AVGCC.EXE D:\AVG ANTIVIRUS\AVGEMC.EXE D:\AVG ANTIVIRUS\AVGAMSVR.EXE C:\MOJE DOKUMENTY\OLEK\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll O4 - HKLM…\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe O4 - HKLM…\Run: [AVG7_CC] D:\AVGANT~1\AVGCC.EXE /STARTUP O4 - HKLM…\Run: [AVG7_EMC] D:\AVGANT~1\AVGEMC.EXE O4 - HKLM…\Run: [AVG7_AMSVR] D:\AVGANT~1\AVGAMSVR.EXE O4 - HKLM…\Run: [dmhmt.exe] C:\WINDOWS\SYSTEM\dmhmt.exe O4 - HKLM…\RunServices: [schedulingAgent] mstask.exe O4 - Startup: MRU-Blaster Silent Clean.lnk = D:\MRU Blaster\MRU-Blaster\mrublaster.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_03) -
“Silent Runners.vbs”, revision 46, http://www.silentrunners.org/ Operating System: Windows 98 Output limited to non-default values, except where indicated by “{++}” Startup items buried in registry: --------------------------------- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++} “WooCnxMon” = “C:\PROGRA~1\NEOSTR~1\CnxMon.exe” [","] “WOOWATCH” = “C:\PROGRA~1\NEOSTR~1\Watch.exe” [“France Télécom R&D”] “WOOTASKBARICON” = “C:\PROGRA~1\NEOSTR~1\TaskbarIcon.exe” [“France Télécom R&D”] “AVG7_CC” = “D:\AVGANT~1\AVGCC.EXE /STARTUP” [“GRISOFT, s.r.o.”] “AVG7_EMC” = “D:\AVGANT~1\AVGEMC.EXE” [“GRISOFT, s.r.o.”] “AVG7_AMSVR” = “D:\AVGANT~1\AVGAMSVR.EXE” [“GRISOFT, s.r.o.”] “dmhmt.exe” = “C:\WINDOWS\SYSTEM\dmhmt.exe” [null data] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\ {++} “SchedulingAgent” = “mstask.exe” [MS] HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}(Default) = (no title provided) -> {HKLM…CLSID} = “SSVHelper Class” \InProcServer32(Default) = “C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll” [“Sun Microsystems, Inc.”] HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\ “{BB7DF450-F119-11CD-8465-00AA00425D90}” = “Microsoft Access Custom Icon Handler” -> {HKLM…CLSID} = (no title provided) \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office\soa800.dll” [MS] “{00020D75-0000-0000-C000-000000000046}” = “Microsoft Exchange” -> {HKLM…CLSID} = “Skrzynka odbiorcza” \InProcServer32(Default) = “C:\Program Files\Windows Messaging\mlshext.dll” [MS] “{59850401-6664-101B-B21C-00AA004BA90B}” = “Microsoft Office Binder Explode” -> {HKLM…CLSID} = “Microsoft Office Binder Explode” \InProcServer32(Default) = “C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\UNBIND.DLL” [MS] “{0006F045-0000-0000-C000-000000000046}” = “Microsoft Outlook Custom Icon Handler” -> {HKLM…CLSID} = “Rozszerzenie ikon plików programu” \InProcServer32(Default) = “C:\Program Files\Microsoft Office\Office\olkfstub.dll” [MS] “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Shell Extension” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “D:\AVG Antivirus\avgse.dll” [“GRISOFT, s.r.o.”] “{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}” = “AVG7 Find Extension” -> {HKLM…CLSID} = “AVG7 Find Extension Class” \InProcServer32(Default) = “D:\AVG Antivirus\avgse.dll” [“GRISOFT, s.r.o.”] HKLM\Software\Classes*\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “D:\AVG Antivirus\avgse.dll” [“GRISOFT, s.r.o.”] HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ WinZip(Default) = “{E0D79304-84BE-11CE-9641-444553540000}” -> {HKLM…CLSID} = “WinZip” \InProcServer32(Default) = “C:\PROGRA~1\WINZIP\WZSHLSTB.DLL” [“WinZip Computing, Inc.”] AVG7 Shell Extension(Default) = “{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}” -> {HKLM…CLSID} = “AVG7 Shell Extension Class” \InProcServer32(Default) = “D:\AVG Antivirus\avgse.dll” [“GRISOFT, s.r.o.”] Active Desktop and Wallpaper: ----------------------------- Active Desktop is disabled at this entry: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState HKCU\Control Panel\Desktop\ “Wallpaper” = “C:\WINDOWS\EmPwn.bmp” WIN.INI & SYSTEM.INI launch points: ----------------------------------- SYSTEM.INI [boot] “SCRNSAVE.EXE=C:\WINDOWS\SYSTEM\PODWOD~1.SCR” (Pod wodą.scr) [MS] Startup items in “Startup” & “All Users…Startup” folders: ----------------------------------------------------------- C:\WINDOWS\Menu Start\Programy\Autostart “MRU-Blaster Silent Clean” -> shortcut to: “D:\MRU Blaster\MRU-Blaster\mrublaster.exe -silent” [null data] Enabled Scheduled Tasks: ------------------------ “Uruchomienie aplikacji dostrajania” -> launches: “walign” [MS] Winsock2 Service Provider DLLs: ------------------------------- Namespace Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++} 000000000001\LibraryPath = “C:\WINDOWS\SYSTEM\rnr20.dll” [MS] Transport Service Providers HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++} 00000000000#\PackedCatalogItem (contains) DLL [Company Name], (at) # range: C:\WINDOWS\SYSTEM\mswsosp.dll [MS], 1 C:\WINDOWS\SYSTEM\msafd.dll [MS], 2 - 4 C:\WINDOWS\SYSTEM\rsvpsp.dll [MS], 5 - 6 Toolbars, Explorer Bars, Extensions: ------------------------------------ Explorer Bars Dormant Explorer Bars in “View, Explorer Bar” menu HKLM\Software\Classes\CLSID{EFA24E63-B078-11D0-89E4-00C04FC9E26E}(Default) = “Pasek kanałów” Implemented Categories{00021493-0000-0000-C000-000000000046}\ [vertical bar] InProcServer32(Default) = “C:\WINDOWS\SYSTEM\BROWSEUI.DLL” [MS] HKLM\Software\Classes\CLSID{01002DB2-8170-4D9B-A8B1-DDC9DD114E03}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL” ["$"] HKLM\Software\Classes\CLSID{5BF498C0-931E-4A4F-B33F-456D07137EAA}(Default) = “Volet Wanadoo” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL” ["$"] HKLM\Software\Classes\CLSID{3BAF4A27-C764-4E1A-A6F4-62F7A7E5E51C}(Default) = “ToolBand Class” Implemented Categories{00021494-0000-0000-C000-000000000046}\ [horizontal bar] InProcServer32(Default) = “C:\PROGRAM FILES\NEOSTRADA TP\AUDIENCE\AUDIENCE.DLL” ["$"] Extensions (Tools menu items, main toolbar menu buttons) HKLM\Software\Microsoft\Internet Explorer\Extensions\ {08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ “MenuText” = “Sun Java Console” “CLSIDExtension” = “{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}” -> {HKLM…CLSID} = “Java Plug-in” \InProcServer32(Default) = “C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL” [“Sun Microsystems, Inc.”] Miscellaneous IE Hijack Points ------------------------------ HKLM\Software\Microsoft\Internet Explorer\Version = (invalid data) The Internet Explorer version cannot be found! C:\WINDOWS\INF\IERESET.INF (used to “Reset Web Settings”) The contents of IERESET.INF cannot be reliably checked! Added lines (compared with English-language version): [strings]: START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ” [strings]: MS_START_PAGE_URL=“http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome ” Missing lines (compared with English-language version): [strings]: 2 lines ---------- + This report excludes default entries except where indicated. + To see *everywhere* the script checks and *everything* it finds, launch it from a command prompt or a shortcut with the -all parameter. + The search for DESKTOP.INI DLL launch points on all local fixed drives took 50 seconds. + The search for all Registry CLSIDs containing dormant Explorer Bars took 29 seconds. ---------- (total run time: 146 seconds)
w awaryjnym z wyłączonym przywracaniem systemu kasujesz pogrubiony plik + wpis w hjt