השתלטות על הדפדפן

אני נמצרף כאן את הקובץ: hijacklog Logfile of HijackThis v1.99.0 Scan saved at 05:14:09, on 31/01/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\ibmpmsvc.exe C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\tp4serv.exe C:\WINDOWS\AGRSMMSG.exe C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE C:\WINDOWS\System32\Ati2evxx.exe C:\PROGRA~1\Grisoft\AVG6\avgserv.exe C:\WINDOWS\DvzCommon\DvzMsgr.exe C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe C:\Program Files\Palm\HOTSYNC.EXE C:\WINDOWS\System32\QCONSVC.EXE C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\TEMP\XD2417.EXE C:\WINDOWS\System32\taskmgr.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Ad Nuker\App\pop.exe C:\Program Files\Trend Micro\OfficeScan Client\pccnt.exe C:\Documents and Settings\user1\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe C:\Documents and Settings\user1\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\user1\LOCALS~1\Temp\sp.dll/sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\DOCUME~1\user1\LOCALS~1\Temp\sp.dll/sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: Ad Nuker - {459CAF0F-CA9F-4d69-A1A9-B0699D07AB8A} - C:\WINDOWS\System32\NukerBand.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {9B6494C4-E424-4B08-8682-D774CB109D46} - C:\WINDOWS\System32\onbgoc.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Ad Nuker - {459CAF0F-CA9F-4d69-A1A9-B0699D07AB8A} - C:\WINDOWS\System32\NukerBand.dll O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE O4 - HKLM\..\Run: [BCONSET] regedit /s "C:\Program Files\ThinkPad\ConnectUtilities\bconprof.reg" O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe O4 - HKLM\..\Run: [TP4EX] tp4ex.exe O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\PRISMSVR.EXE" /APPLY O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [kbdpo] C:\WINDOWS\System32\kbdpo.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe O4 - Global Startup: 3Com Wireless 11g PC Card.lnk = C:\Program Files\3Com\3Com OfficeConnect Wireless Utility\3Com Wireless 11g PC Card\Monitor.exe O8 - Extra context menu item: &NukerBand Serach - res://C:\WINDOWS\System32\NukerBand.dll/MENUSEARCH.HTM O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - http://192.114.207.246:81/officescan/console/ClientInstall/WinNTChk.cab O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - http://192.114.207.246:81/officescan/console/ClientInstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - http://192.114.207.246:81/officescan/console/ClientInstall/setup.cab O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - http://192.114.207.246:81/officescan/console/html/AtxEnc.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - http://192.114.207.246:81/officescan/console/ClientInstall/RemoveCtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B814BD62-12E0-4D6F-BC13-C49D3A0CD8DA}: NameServer = 192.168.207.50,192.114.206.1 O18 - Filter: text/html - {C731D192-3801-4C07-BC9E-84C75260482E} - C:\WINDOWS\System32\onbgoc.dll O18 - Filter: text/plain - {C731D192-3801-4C07-BC9E-84C75260482E} - C:\WINDOWS\System32\onbgoc.dll O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: AVG6 Service - GRISOFT s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe O23 - Service: IBM PM Service - Unknown - C:\WINDOWS\System32\ibmpmsvc.exe O23 - Service: OfficeScanNT RealTime Scan - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: OfficeScanNT Personal Firewall - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe O23 - Service: QCONSVC - Unknown - C:\WINDOWS\System32\QCONSVC.EXE O23 - Service: OfficeScanNT Listener - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe

מצאתי בסוף תוכנה יעודית בקישורים בפורום לטיפול בוירוס הזה. about:blank

אני חוששת שבקרוב הוא ישתלט גם על הוואלה ואז לא אוכל אפילו לבדוק אם יש לי עזרה..