Preventivni kontrola logu (pomala masina)

[Peky]

Logfile of random's system information tool 1.10 (written by random/random)
Run by Radek at 2015-12-13 09:20:27
Systém Microsoft Windows XP Professional Service Pack 3
System drive E: has 181 GB (59%) free of 305 GB
Total RAM: 2014 MB (72% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:20:37, on 13.12.2015
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\Program Files\Google\Update\GoogleUpdate.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
E:\Program Files\Intel\AMT\LMS.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
E:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
E:\WINDOWS\RTHDCPL.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Program Files\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Radek\Dokumenty\Downloads\RSIT (1).exe
E:\Program Files\trend micro\Radek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "E:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [TrueImageMonitor.exe] E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] E:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://E:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - E:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - E:\Program Files\ICQ7.7\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9240389625
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - E:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Active Management Technology LMS Service (LMS) - Intel - E:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - E:\Program Files\Skype\Updater\Updater.exe

--
End of file - 6017 bytes

======Scheduled tasks folder======

E:\WINDOWS\tasks\Adobe Flash Player Updater.job - E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - E:\Program Files\Google\Update\GoogleUpdate.exe /c
E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - E:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"=E:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2006-10-19 1183656]
"AcronisTimounterMonitor"=E:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [2006-10-19 1958800]
"Acronis Scheduler2 Service"=E:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe [2006-10-17 87584]
"RTHDCPL"=E:\WINDOWS\RTHDCPL.EXE [2012-06-06 20065936]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=E:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=E:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
E:\WINDOWS\system32\Ati2evxx.dll [2005-05-04 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
E:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - E:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=E:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
relog_ap

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\Attractel\Zoiper\Zoiper.exe"="E:\Program Files\Attractel\Zoiper\Zoiper.exe:*:Enabled:Zoiper"
"E:\Program Files\ICQ7.7\ICQ.exe"="E:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"
"E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="E:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"E:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="E:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"E:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="E:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"E:\Documents and Settings\Radek\Local Settings\Temp\Rar$EXa0.050\winbox.exe"="E:\Documents and Settings\Radek\Local Settings\Temp\Rar$EXa0.050\winbox.exe:*:Enabled:winbox"
"E:\Documents and Settings\Radek\Local Settings\Temp\Rar$EXa0.410\winbox.exe"="E:\Documents and Settings\Radek\Local Settings\Temp\Rar$EXa0.410\winbox.exe:*:Enabled:winbox"
"C:\ntb\winbox.exe"="C:\ntb\winbox.exe:*:Enabled:winbox"
"E:\Program Files\SecondLifeViewer\SLVoice.exe"="E:\Program Files\SecondLifeViewer\SLVoice.exe:*:Enabled:SLVoice"
"E:\Program Files\Skype\Phone\Skype.exe"="E:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\Program Files\Google\Chrome\Application\chrome.exe"="E:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome"
"E:\WINDOWS\system32\dpvsetup.exe"="E:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"E:\WINDOWS\system32\rundll32.exe"="E:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\Program Files\ICQ7.7\ICQ.exe"="E:\Program Files\ICQ7.7\ICQ.exe:*:Enabled:ICQ7.7"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=E:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=E:\WINDOWS\system32\l3codeca.acm
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2015-12-13 09:20:27 ----D---- E:\rsit

======List of files/folders modified in the last 1 month======

2015-12-13 09:20:34 ----D---- E:\WINDOWS\Prefetch
2015-12-13 09:20:31 ----D---- E:\Program Files\trend micro
2015-12-13 09:18:27 ----D---- E:\WINDOWS\Debug
2015-12-13 09:18:27 ----D---- E:\WINDOWS
2015-12-13 09:17:58 ----D---- E:\WINDOWS\Temp
2015-12-13 09:17:08 ----A---- E:\WINDOWS\system32\log.txt
2015-12-10 07:32:09 ----N---- E:\WINDOWS\SchedLgU.Txt
2015-12-10 07:19:55 ----D---- E:\WINDOWS\system32\CatRoot2
2015-12-06 08:21:14 ----SHD---- E:\WINDOWS\Installer
2015-12-05 07:50:09 ----RD---- E:\Program Files
2015-12-05 07:49:44 ----SD---- E:\WINDOWS\Tasks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 snapman;Acronis Snapshots Manager; E:\WINDOWS\system32\DRIVERS\snapman.sys [2013-05-23 114048]
R0 timounter;Acronis True Image Backup Archive Explorer; E:\WINDOWS\system32\DRIVERS\timntr.sys [2013-05-23 395744]
R1 intelppm;Řadič procesoru Intel; E:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; E:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R2 tifsfilter;Acronis True Image FS Filter; E:\WINDOWS\system32\DRIVERS\tifsfilt.sys [2013-05-23 39264]
R3 ati2mtag;ati2mtag; E:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-05-04 1133056]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; E:\WINDOWS\system32\DRIVERS\e1k5132.sys [2008-06-05 144480]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; E:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); E:\WINDOWS\system32\drivers\RtkHDAud.sys [2012-06-19 6141584]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; E:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-14 12288]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; E:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 kbdhid;Ovladač klávesnice standardu HID; E:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 Ambfilt;Ambfilt; E:\WINDOWS\system32\drivers\Ambfilt.sys [2009-11-18 1691480]
S3 gdrv;gdrv; \??\E:\WINDOWS\gdrv.sys []
S3 HidUsb;Ovladač třídy standardu HID; E:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 Monfilt;Monfilt; E:\WINDOWS\system32\drivers\Monfilt.sys [2009-11-18 1395800]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); E:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbaudio;Ovladač zvukové karty USB (WDM); E:\WINDOWS\system32\drivers\usbaudio.sys [2013-07-17 60160]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; E:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbscan;Ovladač skeneru USB; E:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; E:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; E:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; E:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; E:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 AcrSch2Svc;Acronis Scheduler2 Service; E:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [2006-10-17 230944]
R2 Ati HotKey Poller;Ati HotKey Poller; E:\WINDOWS\system32\Ati2evxx.exe [2005-05-04 364544]
R2 LMS;Intel(R) Active Management Technology LMS Service; E:\Program Files\Intel\AMT\LMS.exe [2006-06-28 98304]
S2 ATI Smart;ATI Smart; E:\WINDOWS\system32\ati2sgag.exe [2005-05-03 516096]
S2 gupdate;Služba Google Update (gupdate); E:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-03 144200]
S2 SkypeUpdate;Skype Updater; E:\Program Files\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; E:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11 269000]
S3 aspnet_state;ASP.NET State Service; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; E:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; E:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); E:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-03 144200]
S3 idsvc;Windows CardSpace; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; E:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; E:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; E:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; E:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; E:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
diky Peky

[Roli]

Zdravím, v HJT fixni :

O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

HJT najdeš zde :

E:\Program Files\trend micro\Radek.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :

Služba Google Update (gupdate)
Služba Google Update (gupdatem)

dvojklikem se otevře karta kde nejprve službu zastav tlačítkem Zastavit u položky Typ spouštění vyber Zakázáno a klik na OK.


V Naplánovaných úlohách smaž Google Update bude to tam několikrát.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu AdwCleaner,

ukonči všechny programy včetně prohlížeče a dvojklikem jej spusť,

objeví se okno kde vlevo nahoře klikni na Scan.

Po dokončení skenu klikni na Clean,

proběhne restart PC kdy dojde ke smazání nepořádku.

Po té mi sem zkopíruj Report.


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[Peky]

ok, tady to je , google update se mne nepodarilo smaznout

# AdwCleaner v5.024 - Logfile created 13/12/2015 at 18:20:45
# Updated 07/12/2015 by Xplode
# Database : 2015-12-13.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Radek - ZUZKA
# Running from : E:\Documents and Settings\Radek\Dokumenty\Downloads\adwcleaner_5.024.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****

[-] File Deleted : E:\Documents and Settings\Zuzka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage
[-] File Deleted : E:\Documents and Settings\Zuzka\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - E:\AdwCleaner\AdwCleaner[C3].txt - [1296 bytes] ##########

ComboFix 15-12-12.01 - Radek 13.12.2015 18:47:21.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2014.1320 [GMT 1:00]
Spuštěný z: e:\documents and settings\Radek\Dokumenty\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
e:\documents and settings\Radek\Local Settings\Data aplikací\Adobe\gccheck.exe
e:\documents and settings\Radek\Local Settings\Data aplikací\Adobe\GTB.exe
e:\documents and settings\Radek\Local Settings\Data aplikací\Adobe\gtbcheck.exe
e:\windows\system32\SET5D.tmp
e:\windows\system32\SET62.tmp
e:\windows\system32\SETB6.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2015-11-13 do 2015-12-13 )))))))))))))))))))))))))))))))
.
.
2015-12-13 17:19 . 2015-12-13 17:20 -------- d-----w- E:\AdwCleaner
2015-12-13 08:20 . 2015-12-13 08:20 -------- d-----w- E:\rsit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-13 17:11 . 2013-05-22 20:49 796864 ----a-w- e:\windows\system32\FlashPlayerApp.exe
2015-12-13 17:11 . 2013-05-22 20:49 142528 ----a-w- e:\windows\system32\FlashPlayerCPLApp.cpl
2014-08-21 20:16 . 2014-08-21 20:00 10137600 ----a-w- e:\program files\GUTB.tmp
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="e:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-10-19 1183656]
"AcronisTimounterMonitor"="e:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2006-10-19 1958800]
"Acronis Scheduler2 Service"="e:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-10-17 87584]
"RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Attractel\\Zoiper\\Zoiper.exe"=
"e:\\Program Files\\ICQ7.7\\ICQ.exe"=
"e:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"e:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\SecondLifeViewer\\SLVoice.exe"=
"e:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"e:\\WINDOWS\\system32\\dpvsetup.exe"=
.
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;e:\windows\system32\drivers\e1k5132.sys [22.5.2013 15:57 144480]
S2 SkypeUpdate;Skype Updater;e:\program files\Skype\Updater\Updater.exe [11.12.2014 10:30 315496]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfilt.sys [5.2.2015 22:27 1691480]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-10 06:21 1000264 ----a-w- e:\program files\Google\Chrome\Application\47.0.2526.80\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2015-12-13 e:\windows\Tasks\Adobe Flash Player Updater.job
- e:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-22 17:11]
.
2015-12-13 e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- e:\program files\Google\Update\GoogleUpdate.exe [2013-05-22 23:35]
.
2015-12-05 e:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- e:\program files\Google\Update\GoogleUpdate.exe [2013-05-22 23:35]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = "e:\program files\Outlook Express\msimn.exe"
IE: E&xportovat do aplikace Microsoft Excel - e:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - e:\program files\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.1.254 192.168.33.5 192.168.33.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-12-13 18:49
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_20_0_0_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="e:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_20_0_0_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
e:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(924)
e:\windows\system32\relog_ap.dll
.
Celkový čas: 2015-12-13 18:51:26
ComboFix-quarantined-files.txt 2015-12-13 17:51
.
Před spuštěním: Volných bajtů: 190 177 255 424
Po spuštění: Volných bajtů: 190 154 338 304
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 536D80CCAF00AB1A880FDE8A12FF0CC4
413FC2A0C716421B3158746D63736515

[Roli]

Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Stáhni a spusť OTMoveIt

do levého okna aplikace pod Paste Instructions for Items to be Moved zkopíruj tento text:

Kód: Vybrat vše

:processes
explorer.exe       

:files
e:\program files\GUTB.tmp
e:\windows\Tasks\GoogleUpdateTaskMachineCore.job
e:\windows\Tasks\GoogleUpdateTaskMachineUA.job

:commands
[purity]
[emptytemp]
[start explorer]

klikni na MoveIt! a v pravém zeleném okně aplikace se Ti objeví info o provedene akci, obsah okna zkopíruj sem,

pokud aplikace bude požadovat restart, klikni na YES

v tom případě sem zkopíruj obsah logu uloženého na C:\_OTMoveIt\MovedFiles\

[Peky]

ok, tady to je. Pris psusteni Pc se mne zacalo zobrazovat meny vyberu spusteni XPecek (mohu to odstranit ?)

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
e:\program files\GUTB.tmp moved successfully.
e:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
e:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Radek
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Google Chrome cache emptied: 23391845 bytes
->Flash cache emptied: 662 bytes

User: Zuzka
->Temp folder emptied: 41695631 bytes
->Temporary Internet Files folder emptied: 319212048 bytes
->Google Chrome cache emptied: 453892997 bytes
->Flash cache emptied: 1212 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 799,00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 12152015_205944

Files moved on Reboot...

Registry entries deleted on Reboot...

[Roli]

Pris psusteni Pc se mne zacalo zobrazovat meny vyberu spusteni XPecek (mohu to odstranit ?)

Ano

Znovu spusť OTMoveIt a nahoře v aplikaci klini na CleanUP!

tímto po sobě uklidí.

Pak dej vědět jak se PC chová.

[Peky]

perfektni diky

co mam smazat z boot loaderu ?

[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

[Roli]

timeout=2 přepiš na timeout=30

Smaž :

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug

Oprav :

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

na :

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect


Nebo tam zkopíruj rovnou tohle :

[Boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect


P.S. možná by stálo za to so původní boot.ini zálohovat.