Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:40:05, on 3-4-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\stacsv.exe
C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files\PANDORA.TV\PanService\PanProcess.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Citrix\ICA Client\redirector.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Google\Google+ Auto Backup\Google+ Auto Backup.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://cag.o2.cz/vpn/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: CtxIEInterceptorBHO - {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files\Citrix\ICA Client\IEInterceptor.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\redirector.exe" /startup
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [Google+ Auto Backup] "C:\Program Files\Google\Google+ Auto Backup\Google+ Auto Backup.exe" /autostart
O4 - HKCU\..\Run: [Zoner Photo Studio Autoupdate] C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE
O4 - HKCU\..\Run: [Kies3PDLR.exe] C:\Program Files\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe Run Kies3
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.dell.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Corporation - C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\stacsv.exe
--
End of file - 9767 bytes
# DelFix v10.6 - Logfile created 03/04/2014 at 20:30:08
# Updated 11/11/2013 by Xplode
# Username : xp - CX
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
~ Removing disinfection tools ...
Deleted : C:\Qoobox
Deleted : C:\_OTL
Deleted : C:\Combofix
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Documents and Settings\xp\Plocha\RK_Quarantine
Deleted : C:\Program Files\Trend Micro\Hijackthis
Deleted : C:\ComboFix.txt
Deleted : C:\TDSSKiller.2.8.16.0_02.04.2014_15.07.54_log.txt
Deleted : C:\TDSSKiller.2.8.16.0_02.04.2014_15.09.38_log.txt
Deleted : C:\TDSSKiller.3.0.0.26_02.04.2014_15.11.21_log.txt
Deleted : C:\Documents and Settings\xp\Plocha\adwcleaner (3).exe
Deleted : C:\Documents and Settings\xp\Plocha\ComboFix.exe
Deleted : C:\Documents and Settings\xp\Plocha\JRT.exe
Deleted : C:\Documents and Settings\xp\Plocha\HiJackThis.lnk
Deleted : C:\Documents and Settings\xp\Plocha\RogueKiller (1).exe
Deleted : C:\Documents and Settings\xp\Dokumenty\Downloads\adwcleaner (1).exe
Deleted : C:\Documents and Settings\xp\Dokumenty\Downloads\adwcleaner (2).exe
Deleted : C:\Documents and Settings\xp\Dokumenty\Downloads\adwcleaner.exe
Deleted : C:\Documents and Settings\xp\Dokumenty\Downloads\aswmbr.exe
Deleted : C:\Documents and Settings\xp\Dokumenty\Downloads\HijackThis.msi
Deleted : C:\Documents and Settings\xp\Dokumenty\Downloads\RogueKiller.exe
Deleted : C:\Documents and Settings\xp\Dokumenty\Downloads\tdsskiller.zip
Deleted : C:\Documents and Settings\xp\Dokumenty\Downloads\TFC (1).exe
Deleted : C:\Documents and Settings\xp\Dokumenty\Downloads\TFC.exe
Deleted : C:\WINDOWS\grep.exe
Deleted : C:\WINDOWS\PEV.exe
Deleted : C:\WINDOWS\NIRCMD.exe
Deleted : C:\WINDOWS\MBR.exe
Deleted : C:\WINDOWS\SED.exe
Deleted : C:\WINDOWS\SWREG.exe
Deleted : C:\WINDOWS\SWSC.exe
Deleted : C:\WINDOWS\SWXCACLS.exe
Deleted : C:\WINDOWS\Zip.exe
Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\HijackThis
Deleted : HKLM\SOFTWARE\OldTimer Tools
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe
Deleted : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
~ Cleaning system restore ...
Deleted : RP #1 [Kontrolní bod systému | 02/27/2014 19:57:05]
Deleted : RP #2 [zoek.exe restore point | 02/27/2014 22:15:41]
Deleted : RP #3 [Software Distribution Service 3.0 | 03/01/2014 07:16:58]
Deleted : RP #4 [Software Distribution Service 3.0 | 03/02/2014 10:11:08]
Deleted : RP #5 [Software Distribution Service 3.0 | 03/03/2014 16:55:42]
Deleted : RP #6 [Software Distribution Service 3.0 | 03/04/2014 17:55:05]
Deleted : RP #7 [Software Distribution Service 3.0 | 03/05/2014 20:26:53]
Deleted : RP #8 [Software Distribution Service 3.0 | 03/07/2014 06:31:36]
Deleted : RP #9 [Software Distribution Service 3.0 | 03/08/2014 20:01:44]
Deleted : RP #10 [Software Distribution Service 3.0 | 03/10/2014 06:48:39]
Deleted : RP #11 [Software Distribution Service 3.0 | 03/11/2014 06:58:03]
Deleted : RP #12 [Software Distribution Service 3.0 | 03/12/2014 22:01:01]
Deleted : RP #13 [Software Distribution Service 3.0 | 03/14/2014 07:23:40]
Deleted : RP #14 [Software Distribution Service 3.0 | 03/15/2014 21:11:44]
Deleted : RP #15 [Software Distribution Service 3.0 | 03/17/2014 06:37:59]
Deleted : RP #16 [Software Distribution Service 3.0 | 03/18/2014 19:17:50]
Deleted : RP #17 [Software Distribution Service 3.0 | 03/19/2014 20:49:12]
Deleted : RP #18 [Software Distribution Service 3.0 | 03/21/2014 06:38:13]
Deleted : RP #19 [Software Distribution Service 3.0 | 03/22/2014 08:06:55]
Deleted : RP #20 [Je nainstalován ovladač tiskárny Foxit Reader PDF Printer Drive | 03/23/2014 09:12:52]
Deleted : RP #21 [Software Distribution Service 3.0 | 03/23/2014 09:13:42]
Deleted : RP #22 [Software Distribution Service 3.0 | 03/23/2014 17:56:58]
Deleted : RP #23 [Installed Samsung Kies3 | 03/24/2014 08:53:22]
Deleted : RP #24 [Installed Windows XP winusb0100. | 03/24/2014 10:26:15]
Deleted : RP #25 [Software Distribution Service 3.0 | 03/24/2014 23:01:11]
Deleted : RP #26 [Installed Windows XP Wdf01009. | 03/25/2014 17:03:03]
Deleted : RP #27 [Installed Windows XP winusb0200. | 03/25/2014 17:03:20]
Deleted : RP #28 [Instalace nepodepsaného ovladače | 03/25/2014 17:05:44]
Deleted : RP #29 [Software Distribution Service 3.0 | 03/26/2014 06:20:35]
Deleted : RP #30 [Software Distribution Service 3.0 | 03/27/2014 06:38:29]
Deleted : RP #31 [Software Distribution Service 3.0 | 03/28/2014 07:06:34]
Deleted : RP #32 [Kontrolní bod systému | 03/29/2014 08:55:42]
Deleted : RP #33 [Software Distribution Service 3.0 | 03/29/2014 09:06:33]
Deleted : RP #34 [Software Distribution Service 3.0 | 03/30/2014 18:27:52]
Deleted : RP #35 [Software Distribution Service 3.0 | 03/31/2014 22:37:43]
Deleted : RP #36 [Software Distribution Service 3.0 | 04/02/2014 05:36:59]
Deleted : RP #37 [Software Distribution Service 3.0 | 04/03/2014 05:56:49]
New restore point created !
########## - EOF - ##########
Jinak jsem si nechal pustit smtp od forpsi ale nepoznam jestli mi spamuje ucet, snad ne
muj email spamuje...prosim o kontrolu logu Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: muj email spamuje...prosim o kontrolu logu
Pokud nebudou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 79 hostů