Prosím o kontrolu logu

[OplSSoN]

Logfile of HijackThis v1.99.1
Scan saved at 22:12:30, on 25.12.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVPersonal\AVGUARD.EXE
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\mHotkey.exe
D:\Program Files\AVPersonal\AVGNT.EXE
D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\alerter.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ICQLite\ICQLite.exe
D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\WINDOWS\System32\lprmneth.exe
C:\WINDOWS\System32\osunuxth.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\JO\Plocha\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [MMTray] D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [isrdiag] C:\WINDOWS\System32\isrconf.exe
O4 - HKLM\..\Run: [amcdiag] C:\WINDOWS\System32\amcconf.exe
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [sys32] C:\WINDOWS\alerter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2923259312
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{846E195B-A5BD-4A36-BC9E-A3D260C388F3}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{846E195B-A5BD-4A36-BC9E-A3D260C388F3}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{846E195B-A5BD-4A36-BC9E-A3D260C388F3}: NameServer = 192.168.1.1
O20 - AppInit_DLLs: msisnwcf.dll e1.dll confcon.dll constat.dll confatt.dll attstat.dll confbrw.dll brwstat.dll statisr.dll diagamc.dll statamc.dll wuapsecu.dll diagisr.dll
O20 - Winlogon Notify: attmgr - C:\WINDOWS\SYSTEM32\attmgr32.dll
O20 - Winlogon Notify: brwmgr - C:\WINDOWS\SYSTEM32\brwmgr32.dll
O20 - Winlogon Notify: conmgr - C:\WINDOWS\SYSTEM32\conmgr32.dll
O20 - Winlogon Notify: isrconf - C:\WINDOWS\SYSTEM32\cfgisr.dll
O20 - Winlogon Notify: lprmneth - C:\WINDOWS\System32\lprmneth.dll
O20 - Winlogon Notify: osunuxth - C:\WINDOWS\System32\osunuxth.dll
O20 - Winlogon Notify: wmspmsv1 - C:\WINDOWS\System32\wmspmsv1.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O20 - Winlogon Notify: zlcocard - C:\WINDOWS\System32\zlcocard.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe



dekuji...

[Reklama]

[fredik]

Postupuj podle tohoto návodu s Avengerem. Postup opakuj alespoň 2x za sebou pak sem dej nový log z HJT na kontrolu.

[OplSSoN]

tak uz sem udelal,co ste mi doporucil a tady je novy log

Logfile of HijackThis v1.99.1
Scan saved at 22:31:28, on 25.12.2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
c:\windows\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\mHotkey.exe
D:\Program Files\AVPersonal\AVGNT.EXE
D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
D:\Program Files\AVPersonal\AVGUARD.EXE
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\AVPersonal\AVWUPSRV.EXE
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\JO\Plocha\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [AVGCtrl] D:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKLM\..\Run: [MMTray] D:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [sys32] C:\WINDOWS\alerter.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4ADC518E-B607-11D4-B395-0001020F4519} (SigVer Class) - https://ib24.csob.cz/Comp/signer.cab
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 2923259312
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{846E195B-A5BD-4A36-BC9E-A3D260C388F3}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{846E195B-A5BD-4A36-BC9E-A3D260C388F3}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{846E195B-A5BD-4A36-BC9E-A3D260C388F3}: NameServer = 192.168.1.1
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - D:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - D:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

[fredik]

Ukonči v TaskManageru (zmáčkni zároveň klávesy ctrl+alt+delete) otevře se ti okno a v něm se přepni na záložku Procesy a v ní ukonči:
qttask.exe
msmsgs.exe

Spusť znovu HijackThis a zaškrtni v něm okénka před řádky:
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [p2p networking] p2pnetworking.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

po zaškrtnutí klikni na FixChecked

Bylo by dobré si doinstalovat Firewall, ten co je součástí Windows není dostačující a plnohodnotný (doporučil bych ti asi kerio - je v čestině) a SP2 pro WinXp odkaz na stažení najdeš zde:
Také by stálo za to pouvažovat o používání alternativních prohlížečů na brouzdání po Internetu (Firefox nebo Opera) místo IE.

[OplSSoN]

dekuji za pomoc,
mam jeste jeden mensi problem. Vzdycky po nejake dobe se mi na disku C ukladaji textove dokumenty s nazvem: CLIENT s nejakymi cisly...po cca tydnu jich tam je priblizne 1000. Da se s tim neco delat?

[fredik]

Ještě fixni v HJT toto:
O4 - HKCU\..\Run: [sys32] C:\WINDOWS\alerter.exe

Kde přesně se ti ty soubory vytvářejí na disku, v jakém adresáři?

[OplSSoN]

Ony se ukladaji normalne na disk C...otevru si Tento Pocitac...dam dis C...a tam sou ulozene...

[fredik]

To si tam asi vytváří nějaký program, ale těžko říct který. Já osobně netuším. Můžeš vyzkoušet tento program CCleaner ten slouží na vyčištění od dočasných souborů, možná pomůže on. Případně jestli někdo další bude vědět jak na to tak ti určitě poradí.

[OplSSoN]

Dekuji moc za tvou pomoc

[fredik]

Nemáš zač