proszę o sprawdzenie loga i pomoc co usunąc
od kilku dni walcze z róźnymi trojanami i wyskakująco co jakiś czas nie zawsze stronną WWW w IE kiedy sie otwiera odrazu mam jakieś trojany, co usunąc źeby nie wyskaiwała ta strona, proszę o pomoc
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\anty\kavmm.exe
C:\Uźytki\Outpost Firewall\outpost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Programy\PDVDServ.exe
C:\Programy\Amoumain.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Neostrada TP\taskbaricon.exe
C:\anty\kav.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Programy 3\Opera.exe
F:\programy\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – c:\programy 2\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 – HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [RemoteControl] C:\Programy\PDVDServ.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 – HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe
O4 – HKLM\..\Run: [KAV50] "C:\anty\kav.exe" –run –n PersonalPro –v 5.0.0.0
O4 – HKLM\..\Run: [CloneCDTray] "D:\Programy 2\CloneCD\CloneCDTray.exe" /s
O4 – HKLM\..\Run: [Outpost Firewall] C:\Uźytki\Outpost Firewall\outpost.exe /waitservice
O4 – HKLM\..\Run: [OutpostFeedBack] C:\Uźytki\Outpost Firewall\feedback.exe /dump:os_startup
O4 – HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 – HKLM\..\Run: [KonektorTP] "f:\retro\konektortp.exe" tray
O4 – HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
O4 – HKCU\..\Run: [Malware Sweeper] C:\Uźytki\Malware Sweeper\MalSwep.exe /STARTUP
O4 – Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 – Global Startup: Microsoft Office.lnk = D:\Biuro\Office\OSA9.EXE
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 – Extra button: Outpost Firewall Pro Quick Tune – {44627E97–789B–40d4–B5C2–58BD171129A1} – C:\Uźytki\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 – Extra button: (no name) – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra button: Trashcan – {072F3B8A–2DA2–40e2–B841–88899F240200} – C:\UŻYTKI\OUTPOS~1\TRASH.EXE (file missing) (HKCU)
O9 – Extra 'Tools' menuitem: Show Trashcan – {072F3B8A–2DA2–40e2–B841–88899F240200} – C:\UŻYTKI\OUTPOS~1\TRASH.EXE (file missing) (HKCU)
O16 – DPF: {33331111–1111–1111–1111–611111193423} –
O16 – DPF: {33331111–1111–1111–1111–611111193429} –
O16 – DPF: {33331111–1111–1111–1111–615111193427} –
O16 – DPF: {33331111–1131–1111–1111–611111193428} –
O16 – DPF: {43331111–1111–1111–1111–611111195622} –
O16 – DPF: {5D86DDB5–BDF9–441B–9E9E–D4730F4EE499} (BDSCANONLINE Control) – http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 – DPF: {6E5A37BF–FD42–463A–877C–4EB7002E68AE} (Housecall ActiveX 6.5) – http://eu–housecall.trendmicro–europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 – DPF: {EF791A6B–FC12–4C68–99EF–FB9E207A39E6} (McFreeScan Class) – http://download.mcafee.com/molbin/iss–loc/mcfscan/2,1,0,4708/mcfscan.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{3E307B79–9A1C–4211–A930–6EB98323C543}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLM\System\CS1\Services\Tcpip\..\{3E307B79–9A1C–4211–A930–6EB98323C543}: NameServer = 194.204.152.34 217.98.63.164
O20 – AppInit_DLLs: C:\UŻYTKI\OUTPOS~1\wl_hook.dll
O21 – SSODL: SystemCheck2 – {54645654–2225–4455–44A1–9F4543D34546} – C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: KLBLMain – Kaspersky Lab – C:\anty\kavmm.exe
O23 – Service: Outpost Firewall Service (OutpostFirewall) – Agnitum Ltd. – C:\Uźytki\Outpost Firewall\outpost.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\anty\kavmm.exe
C:\Uźytki\Outpost Firewall\outpost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Programy\PDVDServ.exe
C:\Programy\Amoumain.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\PROGRA~1\NEOSTR~1\CnxMon.exe
C:\Program Files\Neostrada TP\taskbaricon.exe
C:\anty\kav.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
C:\Program Files\Neostrada TP\NeostradaTP.exe
C:\Program Files\Neostrada TP\ComComp.exe
C:\Program Files\Neostrada TP\Watch.exe
C:\Programy 3\Opera.exe
F:\programy\hijackthis\HijackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://szukaj.wp.pl
R0 – HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neostrada.pl
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.pl/
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl/
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Neostrada TP
R0 – HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
R3 – URLSearchHook: Search Class – {08C06D61–F1F3–4799–86F8–BE1A89362C85} – C:\PROGRA~1\NEOSTR~1\SEARCH~1.DLL
O2 – BHO: AcroIEHlprObj Class – {06849E9F–C8D7–4D59–B87D–784B7D6BE0B3} – c:\programy 2\Reader\ActiveX\AcroIEHelper.ocx
O3 – Toolbar: &Radio – {8E718888–423F–11D2–876E–00A0C9082467} – C:\WINDOWS\System32\msdxm.ocx
O4 – HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 – HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 – HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 – HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 – HKLM\..\Run: [RemoteControl] C:\Programy\PDVDServ.exe
O4 – HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 – HKLM\..\Run: [WheelMouse] Amoumain.exe
O4 – HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 – HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\NEOSTR~1\CnxMon.exe
O4 – HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe
O4 – HKLM\..\Run: [WOOTASKBARICON] C:\Program Files\Neostrada TP\taskbaricon.exe
O4 – HKLM\..\Run: [KAV50] "C:\anty\kav.exe" –run –n PersonalPro –v 5.0.0.0
O4 – HKLM\..\Run: [CloneCDTray] "D:\Programy 2\CloneCD\CloneCDTray.exe" /s
O4 – HKLM\..\Run: [Outpost Firewall] C:\Uźytki\Outpost Firewall\outpost.exe /waitservice
O4 – HKLM\..\Run: [OutpostFeedBack] C:\Uźytki\Outpost Firewall\feedback.exe /dump:os_startup
O4 – HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 – HKLM\..\Run: [KonektorTP] "f:\retro\konektortp.exe" tray
O4 – HKCU\..\Run: [supervisor.exe] C:\WINDOWS\supervisor.exe
O4 – HKCU\..\Run: [Malware Sweeper] C:\Uźytki\Malware Sweeper\MalSwep.exe /STARTUP
O4 – Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 – Global Startup: Microsoft Office.lnk = D:\Biuro\Office\OSA9.EXE
O4 – Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800–840\dslmon.exe
O4 – Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 – Extra button: Outpost Firewall Pro Quick Tune – {44627E97–789B–40d4–B5C2–58BD171129A1} – C:\Uźytki\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll
O9 – Extra button: (no name) – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 – {85d1f590–48f4–11d9–9669–0800200c9a66} – %windir%\bdoscandel.exe (file missing)
O9 – Extra button: Trashcan – {072F3B8A–2DA2–40e2–B841–88899F240200} – C:\UŻYTKI\OUTPOS~1\TRASH.EXE (file missing) (HKCU)
O9 – Extra 'Tools' menuitem: Show Trashcan – {072F3B8A–2DA2–40e2–B841–88899F240200} – C:\UŻYTKI\OUTPOS~1\TRASH.EXE (file missing) (HKCU)
O16 – DPF: {33331111–1111–1111–1111–611111193423} –
O16 – DPF: {33331111–1111–1111–1111–611111193429} –
O16 – DPF: {33331111–1111–1111–1111–615111193427} –
O16 – DPF: {33331111–1131–1111–1111–611111193428} –
O16 – DPF: {43331111–1111–1111–1111–611111195622} –
O16 – DPF: {5D86DDB5–BDF9–441B–9E9E–D4730F4EE499} (BDSCANONLINE Control) – http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 – DPF: {6E5A37BF–FD42–463A–877C–4EB7002E68AE} (Housecall ActiveX 6.5) – http://eu–housecall.trendmicro–europe.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 – DPF: {EF791A6B–FC12–4C68–99EF–FB9E207A39E6} (McFreeScan Class) – http://download.mcafee.com/molbin/iss–loc/mcfscan/2,1,0,4708/mcfscan.cab
O17 – HKLM\System\CCS\Services\Tcpip\..\{3E307B79–9A1C–4211–A930–6EB98323C543}: NameServer = 194.204.152.34 217.98.63.164
O17 – HKLM\System\CS1\Services\Tcpip\..\{3E307B79–9A1C–4211–A930–6EB98323C543}: NameServer = 194.204.152.34 217.98.63.164
O20 – AppInit_DLLs: C:\UŻYTKI\OUTPOS~1\wl_hook.dll
O21 – SSODL: SystemCheck2 – {54645654–2225–4455–44A1–9F4543D34546} – C:\WINDOWS\System32\vbsys2.dll (file missing)
O23 – Service: Ati HotKey Poller – ATI Technologies Inc. – C:\WINDOWS\System32\Ati2evxx.exe
O23 – Service: ATI Smart – Unknown owner – C:\WINDOWS\system32\ati2sgag.exe
O23 – Service: KLBLMain – Kaspersky Lab – C:\anty\kavmm.exe
O23 – Service: Outpost Firewall Service (OutpostFirewall) – Agnitum Ltd. – C:\Uźytki\Outpost Firewall\outpost.exe
O23 – Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) – Analog Devices, Inc. – C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
Odpowiedzi: 1
O16 – DPF: {43331111–1111–1111–1111–611111195622} –
O16 – DPF: {33331111–1111–1111–1111–611111193423} –
O16 – DPF: {33331111–1111–1111–1111–611111193429} –
O16 – DPF: {33331111–1111–1111–1111–615111193427} –
O16 – DPF: {33331111–1131–1111–1111–611111193428} –
O21 – SSODL: SystemCheck2 – {54645654–2225–4455–44A1–9F4543D34546} – C:\WINDOWS\System32\vbsys2.dll (file missing)
O9 – Extra button: Trashcan – {072F3B8A–2DA2–40e2–B841–88899F240200} – C:\UŻYTKI\OUTPOS~1\TRASH.EXE (file missing) (HKCU)
O9 – Extra 'Tools' menuitem: Show Trashcan – {072F3B8A–2DA2–40e2–B841–88899F240200} – C:\UŻYTKI\OUTPOS~1\TRASH.EXE (file missing) (HKCU)
Strona 1 / 1