Bylo by možné se mi na to kouknout?? Jen chci upozornit, že v době vytváření logu je server plně zatížen a lidé jsou připojeni k terminálu. Děkuji za ochotu...
Logfile of HijackThis v1.99.1
Scan saved at 9:29:09, on 12.3.2007
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\Documents and Settings\Administrator\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\serverappliance\appmgr.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\system32\serverappliance\elementmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\ntfrs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\GAMSERV\SpySer.exe
C:\WINDOWS\system32\serverappliance\srvcsurg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\lserver.exe
C:\WINDOWS\System32\wins.exe
C:\WINDOWS\System32\GAMSERV\gamscm.exe
C:\Program Files\Exchsrvr\bin\exmgmt.exe
C:\WINDOWS\system32\gamserv\gamdrv.exe
C:\WINDOWS\system32\gamserv\gamserv.exe
C:\WINDOWS\system32\gamserv\gamevent.exe
C:\WINDOWS\system32\gamserv\gamevlog.exe
C:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Exchsrvr\bin\store.exe
C:\Program Files\Exchsrvr\bin\emsmta.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\winlogon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Plocha\hijackthis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = res://shdoclc.dll/hardAdmin.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.0.0.100:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Broken Internet access because of LSP provider 'c:\documents and settings\administrator\windows\system32\mswsock.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskU ... ctivex.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bos.local
O17 - HKLM\Software\..\Telephony: DomainName = bos.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{079B8F11-2F74-4F2C-B198-91F98AC781B1}: NameServer = 127.0.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bos.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{079B8F11-2F74-4F2C-B198-91F98AC781B1}: NameServer = 127.0.0.1
O20 - Winlogon Notify: dimsntfy - dimsntfy.dll (file missing)
O23 - Service: Služba vyhledávání zkušeností aplikací (AeLookupSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Služba brány aplikačního rozhraní (ALG) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Správa aplikací (AppMgmt) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (file missing)
O23 - Service: Zvuk systému Windows (AudioSrv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Prohledávání počítačů (Browser) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Šifrování (CryptSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Spouštěč procesů serveru DCOM (DcomLaunch) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Systém souborů DFS (Dfs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\Dfssvc.exe (file missing)
O23 - Service: Klient DHCP (Dhcp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Server DHCP (DHCPServer) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\tcpsvcs.exe (file missing)
O23 - Service: Služba správy pro Správce logických disků (dmadmin) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Správce logických disků (dmserver) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Server DNS (DNS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\dns.exe (file missing)
O23 - Service: Klient DNS (Dnscache) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Zasílání zpráv o chybách (ERSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Protokol událostí (Eventlog) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - Service: Fax - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Mylex Global Array Manager Server (gamscm) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\GAMSERV\gamscm.exe (file missing)
O23 - Service: Nápověda a odborná pomoc (helpsvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Mezisíťové zasílání zpráv (IsmServ) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\ismserv.exe (file missing)
O23 - Service: Centrum distribuce klíčů modulu Kerberos (kdc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Server (lanmanserver) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Pracovní stanice (lanmanworkstation) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Podpora rozhraní NetBIOS nad protokolem TCP/IP (LmHosts) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Služba Publikování FTP (MSFtpsvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: Přihlašování k síti (Netlogon) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Síťová připojení (Netman) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Sledování umístění v síti (NLA) (Nla) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Služba replikace souborů (NtFrs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\ntfrs.exe (file missing)
O23 - Service: Zprostředkovatel zabezpečení NT LM (NtLmSsp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Vyměnitelné úložiště (NtmsSvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\services.exe (file missing)
O23 - Service: Služby IPSEC (PolicyAgent) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Chráněné úložiště (ProtectedStorage) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Správce automatického připojení pomocí vzdáleného přístupu (RasAuto) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Správce vzdáleného přístupu (RasMan) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Vzdálený registr (RemoteRegistry) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Lokátor vzdáleného volání procedur (RPC) (RpcLocator) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Vzdálené volání procedur (RPC) (RpcSs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Poskytovatel výsledné sady zásad (RSoPProv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\RSoPProv.exe (file missing)
O23 - Service: Pomocník pro práci se speciální konzolou pro správu (sacsvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Správce zabezpečení účtů (SamSs) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Smart Card (SCardSvr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\SCardSvr.exe (file missing)
O23 - Service: Plánovač úloh (Schedule) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Sekundární přihlašování (seclogon) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Oznamování systémových událostí (SENS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Brána Firewall / Sdílení připojení k Internetu (ICS) (SharedAccess) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Rozpoznávání hardwaru (ShellHWDetection) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Jednoduché služby TCP/IP (SimpTcp) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\tcpsvcs.exe (file missing)
O23 - Service: SNMP - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: Zachytávání pro službu SNMP (SNMPTRAP) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Zařazování tisku (Spooler) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: SpySer - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\GAMSERV\SpySer.exe (file missing)
O23 - Service: Microsoft Software Shadow Copy Provider (swprv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Výstrahy a protokolování výkonu (SysmonLog) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Telefonní subsystém (TapiSrv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Terminálová služba (TermService) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Správa licencí Terminálového serveru (TermServLicensing) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\lserver.exe (file missing)
O23 - Service: Klient služby sledování distribuovaných propojení (TrkWks) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Správce odesílání (uploadmgr) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Nepřerušitelný zdroj napájení (UPS) (UPS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Stínová kopie svazku (VSS) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: Systémový čas (W32Time) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Služba Publikování na webu (W3SVC) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Služba WinHTTP WPAD (WinHttpAutoProxySvc) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Služba WMI (winmgmt) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: WINS - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\wins.exe (file missing)
O23 - Service: Služba sériového čísla přenosného zařízení (WmdmPmSN) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Rozšíření ovladače WMI (Wmi) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\system32\svchost.exe (file missing)
O23 - Service: Konfigurace bezdrátových zařízení (WZCSVC) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Služba pro síťová ustanovení (xmlprov) - Unknown owner - C:\Documents and Settings\Administrator\WINDOWS\System32\svchost.exe (file missing)
Chyba s RPC... kontrola?
text byl smazan... nevesel se sem celej log...
Naposledy upravil(a) kubiseg dne 12 bře 2007 13:06, celkem upraveno 1 x.
jeste jednou dekuji za shlednuti a sem pripojuji jeste log z mwav :)
- Přílohy
-
- MWAV.zip
- log
- (40.92 KiB) Staženo 54 x
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 98 hostů