Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:33:14, on 20.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\čendis\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\čendis\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\čendis\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Documents and Settings\čendis\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\čendis\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\čendis\Dokumenty\Downloads\hijackthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://novinky.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O4 - HKLM\..\Run: [SMail] "C:\Program Files\Seznam\Postak\Postak.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\čendis\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D24EF69E-2C35-4420-BCFD-0F0A81A45629}: NameServer = 192.168.0.1
O20 - AppInit_DLLs:
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1ca07a5980f6728) (gupdate1ca07a5980f6728) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
--
End of file - 5713 bytes
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
prosím o kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: prosím o kontrolu
Ahoj,rapidně mě klesla rychlost internetu,tak jsem nevěděl jestli tam není nějakej neřádNaughty píše:Ahoj,
radky kde je (no file) fixni v HJT. Chybi firewall, jinak sem v logu nic zavazneho neobjevil. Nejake problemy?
Nevím čím to je tak jsem zkoušel log
firewall je v XP
Re: prosím o kontrolu
DDS (Ver_09-12-01.01) - NTFSx86Naughty píše:stahni DDS ( http://download.bleepingcomputer.com/sUBs/dds.scr ) na plochu,
- spust
- otevrou se ti dva textove soubory -> na forum zkopiruj jen obsah "DDS"
win fw u xp = zadny fw
Zkousel si kontaktovat i poskytovatele netu - jestli ti neusekl rychlost?
Run by źendis at 16:47:07,27 on st 20.01.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.609 [GMT 1:00]
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Seznam\Postak\Postak.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\čendis\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\čendis\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\čendis\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\čendis\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\čendis\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\čendis\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\čendis\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\čendis\Dokumenty\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://novinky.cz/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &S-Rank: {b71b15cf-3093-459c-b764-aeb2486f2273} - c:\program files\seznam\postak\SRank.dll
TB: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\čendis\local settings\data aplikací\google\update\GoogleUpdate.exe" /c
mRun: [SMail] "c:\program files\seznam\postak\Postak.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {D24EF69E-2C35-4420-BCFD-0F0A81A45629} = 192.168.0.1
AppInit_DLLs:
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
============= SERVICES / DRIVERS ===============
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-12 11608]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-12 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-12 108289]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-7-29 56816]
S2 gupdate1ca07a5980f6728;Google Update Service (gupdate1ca07a5980f6728);c:\program files\google\update\GoogleUpdate.exe [2009-7-18 133104]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys --> c:\windows\system32\drivers\nmwcdnsu.sys [?]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys --> c:\windows\system32\drivers\nmwcdnsuc.sys [?]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2009-12-28 32377]
=============== Created Last 30 ================
2010-01-20 15:14:35 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-20 15:14:03 0 d-----w- c:\program files\Free Download Manager
2010-01-20 15:14:03 0 d-----w- c:\docume~1\endis~1\dataap~1\Free Download Manager
2010-01-20 15:13:55 0 d--h--r- c:\documents and settings\čendis\Recent
2010-01-19 21:12:23 0 d-----w- c:\program files\FreshDevices
2010-01-19 20:15:52 0 d-----w- c:\program files\FlashGet
2010-01-18 15:19:37 3174400 ----a-w- c:\documents and settings\čendis\ntuser.dat
2010-01-13 07:46:38 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-09 16:39:05 0 d-----w- c:\program files\DVD Decrypter
2010-01-09 16:28:28 0 d-----w- c:\program files\common files\PC SOFT
2010-01-02 14:31:40 0 d-----w- c:\program files\FlashGet Network
2010-01-02 14:21:23 289 ----a-w- c:\windows\ADStahovac.INI
2010-01-02 14:21:22 0 d-----w- c:\program files\AD Stahovač souborů
2010-01-02 14:19:49 0 d-----w- c:\program files\LeechGet 2009
2009-12-29 14:53:17 0 d-----w- c:\program files\MSXML 4.0
2009-12-28 15:55:19 32377 ----a-w- c:\windows\system32\drivers\prodigy.sys
2009-12-28 15:55:07 0 d-----w- c:\program files\NSS
2009-12-28 14:42:20 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-28 14:42:18 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-28 14:42:16 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-28 13:57:06 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-28 13:56:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-28 13:55:22 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-12-28 13:55:07 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-12-28 13:55:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-12-28 13:54:54 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-28 13:52:05 0 d-----w- c:\docume~1\alluse~1\dataap~1\Nokia
2009-12-24 17:31:24 190715347 ----a-w- C:\The.Taking.of.PDTS.x264.CZ-CtrlHD.part10.rar
2009-12-24 16:45:18 838860800 ----a-w- C:\The.Taking.of.PDTS.x264.CZ-CtrlHD.part09.rar
2009-12-24 16:44:32 838860800 ----a-w- C:\The.Taking.of.PDTS.x264.CZ-CtrlHD.part08.rar
2009-12-24 16:29:33 838860800 ----a-w- C:\The.Taking.of.PDTS.x264.CZ-CtrlHD.part07.rar
2009-12-24 15:53:08 838860800 ----a-w- C:\The.Taking.of.PDTS.x264.CZ-CtrlHD.part06.rar
2009-12-24 15:38:48 838860800 ----a-w- C:\The.Taking.of.PDTS.x264.CZ-CtrlHD.part05.rar
2009-12-24 15:35:49 838860800 ----a-w- C:\The.Taking.of.PDTS.x264.CZ-CtrlHD.part04.rar
2009-12-24 14:43:20 838860800 ----a-w- C:\The.Taking.of.PDTS.x264.CZ-CtrlHD.part03.rar
2009-12-24 14:43:17 838860800 ----a-w- C:\The.Taking.of.PDTS.x264.CZ-CtrlHD.part02.rar
2009-12-24 14:43:15 838860800 ----a-w- C:\The.Taking.of.PDTS.x264.CZ-CtrlHD.part01.rar
2009-12-23 11:36:00 0 d-----w- c:\docume~1\alluse~1\dataap~1\SpeedBit
2009-12-23 11:17:11 0 d-----w- c:\docume~1\endis~1\dataap~1\VitySoft
==================== Find3M ====================
2009-12-28 13:56:35 44510 ----a-w- c:\windows\system32\perfc005.dat
2009-12-28 13:56:35 307454 ----a-w- c:\windows\system32\perfh005.dat
2009-12-13 10:13:03 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-10-29 07:43:54 916480 ----a-w- c:\windows\system32\wininet.dll
============= FINISH: 16:47:58,11 ===============
Poskyrovatele jsem zkoušel,u nich všechno ok
Přispějete na provoz fóra?