prosím vás o kontrolu logu

Zpráva

B_B · #1 Příspěvek od **B_B** » 08 čer 2014 15:54

Dobrý den vám všem, dostal jsem do ruky od tchána PC, jestli bych se nepokusil ho uvést do schůdného stavu. A to se mi tedy nedaří, jelikož cokoliv spustit na něm stále trvá nehoráznou dobu. Chtěl bych vás tedy požádat o kontrolu logu, zda-li neodhalíte nějakou komplikaci. Díky moc za váš čas !

Logfile of random's system information tool 1.10 (written by random/random)
Run by Josef Martinko at 2014-06-08 16:42:37
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 123 GB (81%) free of 153 GB
Total RAM: 446 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:43:17, on 8.6.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Aclient\AClient.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Aclient\AClntUsr.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Josef Martinko\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Josef Martinko.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Aclient\AClntUsr.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Aclient\AClient.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 3019 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AClntUsr"=C:\Program Files\Aclient\AClntUsr.EXE [2014-06-08 180224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Aclient\AClntUsr.EXE"="C:\Program Files\Aclient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm

======List of files/folders created in the last 1 month======

2014-06-08 16:42:53 ----D---- C:\Program Files\trend micro
2014-06-08 16:42:37 ----D---- C:\rsit
2014-06-08 16:16:59 ----D---- C:\Documents and Settings\Josef Martinko\Data aplikací\Malwarebytes
2014-06-08 16:12:57 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2014-06-08 16:12:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2014-06-08 16:12:57 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2014-06-08 16:12:57 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2014-06-08 15:01:21 ----A---- C:\WINDOWS\system32\lagarith.dll
2014-06-08 15:01:20 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2014-06-08 15:01:20 ----A---- C:\WINDOWS\system32\xvidcore.dll
2014-06-08 15:01:20 ----A---- C:\WINDOWS\system32\x264vfw.dll
2014-06-08 15:01:19 ----A---- C:\WINDOWS\system32\unrar.dll
2014-06-08 15:01:16 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2014-06-08 15:01:13 ----D---- C:\Program Files\K-Lite Codec Pack
2014-06-08 15:00:09 ----A---- C:\WINDOWS\system32\d3d9caps.dat

======List of files/folders modified in the last 1 month======

2014-06-08 16:42:53 ----RD---- C:\Program Files
2014-06-08 16:30:20 ----D---- C:\WINDOWS\Temp
2014-06-08 16:17:00 ----D---- C:\WINDOWS\system32\drivers
2014-06-08 16:16:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-06-08 15:10:45 ----SHD---- C:\WINDOWS\Installer
2014-06-08 15:08:14 ----D---- C:\WINDOWS\Prefetch
2014-06-08 15:05:09 ----SD---- C:\WINDOWS\Tasks
2014-06-08 15:01:21 ----D---- C:\WINDOWS\system32
2014-06-08 14:57:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-08 14:56:27 ----D---- C:\Program Files\Aclient
2014-06-08 14:56:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-06-08 14:56:16 ----D---- C:\WINDOWS
2014-06-08 14:56:13 ----D---- C:\WINDOWS\system32\CatRoot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-07-25 176640]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AClient;Altiris Client Service; C:\Program Files\Aclient\AClient.exe [2004-08-23 4845644]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-06 116648]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-06 116648]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 08 čer 2014 16:05

Zdravím!
Spusťte nejprve tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

B_B · #3 Příspěvek od **B_B** » 08 čer 2014 16:18

Také zdravim, a děkuji že jste se mě ujal

# AdwCleaner v3.212 - Report created 08/06/2014 at 17:12:46
# Updated 05/06/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Josef Martinko - JOSEF
# Running from : C:\Documents and Settings\Josef Martinko\Dokumenty\Downloads\adwcleaner_3.212.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Crawler
Folder Deleted : C:\Program Files\QuestDns
Folder Deleted : C:\Program Files\Red Sky
Folder Deleted : C:\Program Files\ShoppingReport2
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\Premium
Folder Deleted : C:\Documents and Settings\All Users\Data aplikací\QuestDns
Folder Deleted : C:\Documents and Settings\user\Local Settings\Data aplikací\DownTango
Folder Deleted : C:\Documents and Settings\user\Data aplikací\BabSolution
Folder Deleted : C:\Documents and Settings\user\Data aplikací\Babylon
Folder Deleted : C:\Documents and Settings\user\Data aplikací\BabylonToolbar
Folder Deleted : C:\Documents and Settings\user\Data aplikací\ShoppingReport2
Folder Deleted : C:\Documents and Settings\user\Nabídka Start\Programy\DownTango
Folder Deleted : C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\9nix3p2r.default\Extensions\ffxtlbr@babylon.com
[!] Folder Deleted : C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
File Deleted : C:\Documents and Settings\user\Plocha\DownTango.lnk
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
File Deleted : C:\Documents and Settings\user\Data aplikací\Mozilla\Firefox\Profiles\9nix3p2r.default\user.js
File Deleted : C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v6.0.2900.5512

-\\ Google Chrome v35.0.1916.114

[ File : C:\Documents and Settings\Josef Martinko\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : dhkplhfnhceodhffomolpfigojocbpcb

*************************

AdwCleaner[R0].txt - [2707 octets] - [08/06/2014 17:11:44]
AdwCleaner[S0].txt - [2676 octets] - [08/06/2014 17:12:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2736 octets] ##########

#4 Příspěvek od **Rudy** » 08 čer 2014 16:57

Dejte nový log RSIT.

B_B · #5 Příspěvek od **B_B** » 08 čer 2014 17:01

Logfile of random's system information tool 1.10 (written by random/random)
Run by Josef Martinko at 2014-06-08 17:59:27
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 123 GB (81%) free of 153 GB
Total RAM: 446 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:59:48, on 8.6.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Aclient\AClntUsr.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Aclient\AClient.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Josef Martinko\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Josef Martinko.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Aclient\AClntUsr.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Aclient\AClient.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 2909 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AClntUsr"=C:\Program Files\Aclient\AClntUsr.EXE [2014-06-08 180224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Aclient\AClntUsr.EXE"="C:\Program Files\Aclient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm

======List of files/folders created in the last 1 month======

2014-06-08 17:12:11 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-06-08 17:10:13 ----D---- C:\AdwCleaner
2014-06-08 16:42:53 ----D---- C:\Program Files\trend micro
2014-06-08 16:42:37 ----D---- C:\rsit
2014-06-08 16:16:59 ----D---- C:\Documents and Settings\Josef Martinko\Data aplikací\Malwarebytes
2014-06-08 16:12:57 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2014-06-08 16:12:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2014-06-08 16:12:57 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2014-06-08 16:12:57 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2014-06-08 15:01:21 ----A---- C:\WINDOWS\system32\lagarith.dll
2014-06-08 15:01:20 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2014-06-08 15:01:20 ----A---- C:\WINDOWS\system32\xvidcore.dll
2014-06-08 15:01:20 ----A---- C:\WINDOWS\system32\x264vfw.dll
2014-06-08 15:01:19 ----A---- C:\WINDOWS\system32\unrar.dll
2014-06-08 15:01:16 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2014-06-08 15:01:13 ----D---- C:\Program Files\K-Lite Codec Pack
2014-06-08 15:00:09 ----A---- C:\WINDOWS\system32\d3d9caps.dat

======List of files/folders modified in the last 1 month======

2014-06-08 17:59:14 ----D---- C:\WINDOWS\system32\drivers
2014-06-08 17:15:46 ----D---- C:\Program Files\Aclient
2014-06-08 17:15:43 ----D---- C:\WINDOWS\Temp
2014-06-08 17:14:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-06-08 17:13:07 ----RD---- C:\Program Files
2014-06-08 17:12:11 ----D---- C:\WINDOWS\system32
2014-06-08 16:16:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-06-08 15:10:45 ----SHD---- C:\WINDOWS\Installer
2014-06-08 15:08:14 ----D---- C:\WINDOWS\Prefetch
2014-06-08 15:05:09 ----SD---- C:\WINDOWS\Tasks
2014-06-08 14:57:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-08 14:56:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-06-08 14:56:16 ----D---- C:\WINDOWS
2014-06-08 14:56:13 ----D---- C:\WINDOWS\system32\CatRoot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-07-25 176640]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AClient;Altiris Client Service; C:\Program Files\Aclient\AClient.exe [2004-08-23 4845644]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-06 116648]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-06 116648]

-----------------EOF-----------------

#6 Příspěvek od **Rudy** » 08 čer 2014 18:10

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

:commands
[Purity]
[Emptytemp]
[Emptyflash]

a klikněte na >MoveIt!<. Po skenu restartujte PC a dejte nový log RSIT.

B_B · #7 Příspěvek od **B_B** » 08 čer 2014 18:26

Bohužel, po spuštění Oldtimeru,vložení a odkliknuti move it, zmizí z plochy ikony, lista a PC zamrzne...

#8 Příspěvek od **Rudy** » 08 čer 2014 19:23

B_B píše:Bohužel, po spuštění Oldtimeru,vložení a odkliknuti move it, zmizí z plochy ikony, lista a PC zamrzne...

Tak to má být, OTM vypíná explorer. Na displeji by mělo zůstat pouze okno OTM, který pracuje.

B_B · #9 Příspěvek od **B_B** » 08 čer 2014 20:25

opravdu ten Oldtimer zamrzal. Dokud jsem manualně nezavřel okno Chrome, tak nešel a padal. Každopádně věc se podařila. Jen po novém náběhu PC a vytvoření logu Mi zůstala jen plocha s tapetou. Pomohl až další restart. BTW: Malware bytes mi tu od sedmi večer už bloknul čtvrtou příchozí IP adresu.

Logfile of random's system information tool 1.10 (written by random/random)
Run by Josef Martinko at 2014-06-08 21:20:35
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 126 GB (82%) free of 153 GB
Total RAM: 446 MB (8% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:20:44, on 8.6.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Aclient\AClntUsr.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Aclient\AClient.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Josef Martinko\Plocha\RSIT.exe
C:\Program Files\trend micro\Josef Martinko.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Aclient\AClntUsr.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Aclient\AClient.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 3143 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AClntUsr"=C:\Program Files\Aclient\AClntUsr.EXE [2014-06-08 180224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Aclient\AClntUsr.EXE"="C:\Program Files\Aclient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm

======List of files/folders created in the last 1 month======

2014-06-08 19:12:32 ----D---- C:\_OTM
2014-06-08 17:12:11 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-06-08 17:10:13 ----D---- C:\AdwCleaner
2014-06-08 16:42:53 ----D---- C:\Program Files\trend micro
2014-06-08 16:42:37 ----D---- C:\rsit
2014-06-08 16:16:59 ----D---- C:\Documents and Settings\Josef Martinko\Data aplikací\Malwarebytes
2014-06-08 16:12:57 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2014-06-08 16:12:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2014-06-08 16:12:57 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2014-06-08 16:12:57 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2014-06-08 15:01:21 ----A---- C:\WINDOWS\system32\lagarith.dll
2014-06-08 15:01:20 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2014-06-08 15:01:20 ----A---- C:\WINDOWS\system32\xvidcore.dll
2014-06-08 15:01:20 ----A---- C:\WINDOWS\system32\x264vfw.dll
2014-06-08 15:01:19 ----A---- C:\WINDOWS\system32\unrar.dll
2014-06-08 15:01:16 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2014-06-08 15:01:13 ----D---- C:\Program Files\K-Lite Codec Pack
2014-06-08 15:00:09 ----A---- C:\WINDOWS\system32\d3d9caps.dat

======List of files/folders modified in the last 1 month======

2014-06-08 21:20:39 ----D---- C:\WINDOWS\Prefetch
2014-06-08 21:19:01 ----D---- C:\WINDOWS\Temp
2014-06-08 21:18:40 ----D---- C:\Program Files\Aclient
2014-06-08 21:11:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-06-08 21:11:30 ----SHD---- C:\RECYCLER
2014-06-08 21:11:28 ----D---- C:\WINDOWS\system32
2014-06-08 21:10:55 ----SD---- C:\WINDOWS\Tasks
2014-06-08 18:50:19 ----D---- C:\WINDOWS\system32\drivers
2014-06-08 17:13:07 ----RD---- C:\Program Files
2014-06-08 16:16:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-06-08 15:10:45 ----SHD---- C:\WINDOWS\Installer
2014-06-08 14:57:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-08 14:56:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-06-08 14:56:16 ----D---- C:\WINDOWS
2014-06-08 14:56:13 ----D---- C:\WINDOWS\system32\CatRoot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-07-25 176640]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AClient;Altiris Client Service; C:\Program Files\Aclient\AClient.exe [2004-08-23 4845644]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-06 116648]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-06 116648]

-----------------EOF-----------------

#10 Příspěvek od **Rudy** » 08 čer 2014 20:35

Dvouklikem na soubor C:\Program Files\trend micro\Josef Martinko.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

B_B · #11 Příspěvek od **B_B** » 08 čer 2014 20:47

Logfile of random's system information tool 1.10 (written by random/random)
Run by Josef Martinko at 2014-06-08 21:45:15
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 126 GB (82%) free of 153 GB
Total RAM: 446 MB (10% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:45:38, on 8.6.2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Aclient\AClntUsr.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Aclient\AClient.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Josef Martinko\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Josef Martinko.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [AClntUsr] C:\Program Files\Aclient\AClntUsr.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Aclient\AClient.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

--
End of file - 2727 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AClntUsr"=C:\Program Files\Aclient\AClntUsr.EXE [2014-06-08 180224]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Aclient\AClntUsr.EXE"="C:\Program Files\Aclient\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"VIDC.LAGS"=lagarith.dll
"VIDC.X264"=x264vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm

======List of files/folders created in the last 1 month======

2014-06-08 21:45:15 ----D---- C:\rsit
2014-06-08 17:12:11 ----A---- C:\WINDOWS\system32\sqlite3.dll
2014-06-08 17:10:13 ----D---- C:\AdwCleaner
2014-06-08 16:42:53 ----D---- C:\Program Files\trend micro
2014-06-08 16:16:59 ----D---- C:\Documents and Settings\Josef Martinko\Data aplikací\Malwarebytes
2014-06-08 16:12:57 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2014-06-08 16:12:57 ----D---- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Malwarebytes
2014-06-08 16:12:57 ----A---- C:\WINDOWS\system32\drivers\mbamchameleon.sys
2014-06-08 16:12:57 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2014-06-08 15:01:21 ----A---- C:\WINDOWS\system32\lagarith.dll
2014-06-08 15:01:20 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2014-06-08 15:01:20 ----A---- C:\WINDOWS\system32\xvidcore.dll
2014-06-08 15:01:20 ----A---- C:\WINDOWS\system32\x264vfw.dll
2014-06-08 15:01:19 ----A---- C:\WINDOWS\system32\unrar.dll
2014-06-08 15:01:16 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2014-06-08 15:01:13 ----D---- C:\Program Files\K-Lite Codec Pack
2014-06-08 15:00:09 ----A---- C:\WINDOWS\system32\d3d9caps.dat

======List of files/folders modified in the last 1 month======

2014-06-08 21:45:11 ----D---- C:\WINDOWS\Prefetch
2014-06-08 21:43:27 ----D---- C:\WINDOWS\Temp
2014-06-08 21:43:25 ----D---- C:\Program Files\Aclient
2014-06-08 21:41:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-06-08 21:11:30 ----SHD---- C:\RECYCLER
2014-06-08 21:11:28 ----D---- C:\WINDOWS\system32
2014-06-08 21:10:55 ----SD---- C:\WINDOWS\Tasks
2014-06-08 18:50:19 ----D---- C:\WINDOWS\system32\drivers
2014-06-08 17:13:07 ----RD---- C:\Program Files
2014-06-08 16:16:54 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-06-08 15:10:45 ----SHD---- C:\WINDOWS\Installer
2014-06-08 14:57:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-08 14:56:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-06-08 14:56:16 ----D---- C:\WINDOWS
2014-06-08 14:56:13 ----D---- C:\WINDOWS\system32\CatRoot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-09-21 2278784]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2008-07-25 176640]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AClient;Altiris Client Service; C:\Program Files\Aclient\AClient.exe [2004-08-23 4845644]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-06 116648]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-06 116648]

-----------------EOF-----------------

#12 Příspěvek od **Rudy** » 08 čer 2014 21:31

Log je již OK. Nastala nějaká změna?

B_B · #13 Příspěvek od **B_B** » 08 čer 2014 21:53

PC se mi zdá více použitelné (vzhledem ke stáří), avšak Malware Bytes stále jednou za čas zahlásí, že bloknul nějakou příchozí IP adresu. Každopádně děkuji za vaší veškerou pomoc.

#14 Příspěvek od **Rudy** » 09 čer 2014 16:49

To je jen oznámení antiviru, že zablokoval něco, co se vám snaží dostat do PC a není žádoucí. Pokud je jeho akceúspěšná, je vše v pořádku. Nemáte zač!

VIRY.CZ

prosím vás o kontrolu logu

prosím vás o kontrolu logu

Re: prosím vás o kontrolu logu

Re: prosím vás o kontrolu logu

Re: prosím vás o kontrolu logu

Re: prosím vás o kontrolu logu

Re: prosím vás o kontrolu logu

Re: prosím vás o kontrolu logu

Re: prosím vás o kontrolu logu

Re: prosím vás o kontrolu logu

Re: prosím vás o kontrolu logu

Re: prosím vás o kontrolu logu

Re: prosím vás o kontrolu logu

Re: prosím vás o kontrolu logu

Re: prosím vás o kontrolu logu