Virus - konrola logu

[jmeno1]

To je tedy protokol ze dneška

2014/02/22 12:37:30 +0100 PC Doma MESSAGE Starting protection
2014/02/22 12:37:30 +0100 PC Doma MESSAGE Protection started successfully
2014/02/22 12:37:30 +0100 PC Doma MESSAGE Starting IP protection
2014/02/22 12:38:05 +0100 PC Doma MESSAGE IP Protection started successfully

[jmeno1]

ze včera:
2014/02/21 17:29:50 +0100 PC Doma MESSAGE Starting protection
2014/02/21 17:29:50 +0100 PC Doma MESSAGE Protection started successfully
2014/02/21 17:29:50 +0100 PC Doma MESSAGE Starting IP protection
2014/02/21 17:30:15 +0100 PC Doma MESSAGE IP Protection started successfully
2014/02/21 18:09:19 +0100 PC Doma MESSAGE Executing scheduled update: Daily
2014/02/21 18:12:46 +0100 PC Doma MESSAGE Scheduled update executed successfully: database updated from version v2014.02.20.08 to version v2014.02.21.08
2014/02/21 18:12:46 +0100 PC Doma MESSAGE Starting database refresh
2014/02/21 18:12:46 +0100 PC Doma MESSAGE Stopping IP protection
2014/02/21 18:12:47 +0100 PC Doma MESSAGE IP Protection stopped successfully
2014/02/21 18:13:02 +0100 PC Doma MESSAGE Database refreshed successfully
2014/02/21 18:13:02 +0100 PC Doma MESSAGE Starting IP protection
2014/02/21 18:13:24 +0100 PC Doma MESSAGE IP Protection started successfully

[jmeno1]

vždy po restartu nebo zapnutí PC to hlásí RUNDL (krom toho že AVG hlásí toho trojana) i něco že nelze nalézt oetgsac.dll. Ale to je asi spojeno s tím virem, že?
Ještě dotaz, může se díky stahování ze zavirovaného PC zavirovat i mobil s androidem? Vypadá to, že je zavirovaný taky.......

[cernohous13]

ty protokoly jsou z čeho?

dej mi aktuální RSIT a nový výsledek Rychlé kontroly MBAM

[jmeno1]

ty protokoly jsou z MBAM, zkopírovala jsem ti log, ktrý vyjel po odstranění označených a pak v záložce protokoly - byly tyto dva - ze včera a dneška, tak jsem ti to raději taky zkopírovala. Ten výjezd RSIT mi dělal první den kolega, musím podle vašeho návodu tady.

[jmeno1]

Logfile of random's system information tool 1.06 (written by random/random)
Run by Doma at 2014-02-22 15:02:49
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 73 GB (73%) free of 100 GB
Total RAM: 1022 MB (28% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
MHTBPos00 Class - C:\Program Files\Family Toolbar\tbcore3.dll [2009-05-07 2642432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
MSS+ Identifier - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll [2014-01-16 96128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-30 75232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{774790e9-f9e1-49b5-bd7b-f9f80106bdd6}]
Video Player - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta3071\ie\VideoPlayerV3beta3071.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D62EC836-BF1E-4CAC-81BE-FB9179835D8E}]
CMySite Class - C:\Program Files\Family Toolbar\mhxpcomi.dll [2010-02-18 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E}
10

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-01-13 18084864]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2008-06-19 57344]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-03-28 13684736]
"nwiz"=nwiz.exe /install []
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-03-28 86016]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"AVG_UI"=C:\Program Files\AVG\AVG2013\avgui.exe [2013-11-20 4411952]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-01-08 18706176]
"Zoner Photo Studio Autoupdate"=C:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE [2013-02-18 774168]
"oetqsac"=rundll32 C:\Documents and Settings\Doma\Local Settings\Data aplikací\oetqsac.dll,oetqsac []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-12-04 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\oetqsac]
C:\Documents and Settings\Doma\Local Settings\Data aplikací\oetqsac.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\City Interactive\Heat Wave EN\HeatWave.exe"="C:\Program Files\City Interactive\Heat Wave EN\HeatWave.exe:*:Enabled:HeatWave"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"D:\MotoRacer3\MotoRacer3.exe"="D:\MotoRacer3\MotoRacer3.exe:*:Enabled:Moto Racer 3 PC"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"D:\Alpine Skiing & Ski Jumping\Ski Jumping\skijumping.exe"="D:\Alpine Skiing & Ski Jumping\Ski Jumping\skijumping.exe:*:Disabled:skijumping"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"D:\Alpine Skiing & Ski Jumping\Alpine Skiing\alpineski.exe"="D:\Alpine Skiing & Ski Jumping\Alpine Skiing\alpineski.exe:*:Disabled:alpineski"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\FIFA 12\Game\fifa.exe"="D:\FIFA 12\Game\fifa.exe:*:Disabled:FIFA 12"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\AVG\AVG2013\avgmfapx.exe"="C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG Installer"
"C:\Program Files\Milestone\MotoGP13_Demo\MotoGP13.exe"="C:\Program Files\Milestone\MotoGP13_Demo\MotoGP13.exe:*:Disabled:Launcher"
"C:\DOCUME~1\Doma\LOCALS~1\Temp\weumgw.exe"="C:\DOCUME~1\Doma\LOCALS~1\Temp\weumgw.exe:*:Enabled:weumgw"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:rundll32"
"C:\Program Files\AVG\AVG2013\avgnsx.exe"="C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield"
"C:\Program Files\AVG\AVG2013\avgdiagex.exe"="C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostics 2013"
"C:\Program Files\AVG\AVG2013\avgemcx.exe"="C:\Program Files\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-mail Scanner"
"C:\Program Files\Microsoft Games\Motocross Madness 2 Trial\mcm2.exe"="C:\Program Files\Microsoft Games\Motocross Madness 2 Trial\mcm2.exe:*:Enabled:Microsoft® Motocross Madness 2"
"C:\WINDOWS\explorer.exe"="C:\WINDOWS\explorer.exe:*:Enabled:Průzkumník Windows"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c4a3576-e0f2-11de-a106-00241d91f22b}]
shell\AutoRun\command - I:\Programs\nu2menu\nu2menu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40c76a40-f69b-11e1-afb8-806d6172696f}]
shell\AutoRun\command - F:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53718553-fdc1-11e2-9fd8-00241d91f22b}]
shell\AutoRun\command - G:\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{beba890a-25ea-11df-91a4-00241d91f22b}]
shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d315da41-03e7-11e3-afd0-00241d91f22b}]
shell\AutoRun\command - G:\Setup.exe


======List of files/folders created in the last 1 months======

2014-02-20 18:50:27 ----D---- C:\Documents and Settings\Doma\Data aplikací\Malwarebytes
2014-02-20 18:50:22 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2014-02-20 18:50:21 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-02-20 18:34:39 ----D---- C:\AdwCleaner
2014-02-20 18:26:06 ----D---- C:\WINDOWS\ERUNT
2014-02-20 18:20:47 ----A---- C:\sc-cleaner.txt
2014-02-20 16:22:11 ----D---- C:\Program Files\trend micro
2014-02-20 16:22:10 ----D---- C:\rsit
2014-02-18 17:09:37 ----D---- C:\Program Files\Mozilla Maintenance Service
2014-02-15 15:24:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2916036$
2014-02-15 15:09:45 ----SHD---- C:\Config.Msi
2014-01-25 09:37:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2868626$
2014-01-25 09:33:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2014-01-25 09:32:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2712808$
2014-01-25 09:29:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2479943$
2014-01-25 09:29:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2014-01-25 09:28:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2564958$
2014-01-25 09:27:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2478971$
2014-01-25 09:27:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2758857$
2014-01-25 09:26:57 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$
2014-01-25 09:26:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2834886$
2014-01-25 09:26:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2014-01-25 09:26:41 ----HDC---- C:\WINDOWS\$NtUninstallKB2536276-v2$
2014-01-25 09:26:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$
2014-01-25 09:26:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2631813$
2014-01-25 09:26:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2014-01-25 09:25:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2014-01-25 09:22:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2900986$
2014-01-25 09:22:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$
2014-01-25 09:22:44 ----HDC---- C:\WINDOWS\$NtUninstallKB975558_WM8$
2014-01-25 09:22:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2847311$
2014-01-25 09:22:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2014-01-25 09:22:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2014-01-25 09:22:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2014-01-25 09:19:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2802968$
2014-01-25 09:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2014-01-25 09:18:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2481109$
2014-01-25 09:18:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2898715$
2014-01-25 09:18:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2485663$
2014-01-25 09:18:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2598479$
2014-01-25 09:18:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2014-01-25 09:17:50 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2014-01-25 09:17:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2862335$
2014-01-25 09:17:22 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2014-01-25 09:17:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2014-01-25 09:17:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2834904-v2_WM11$
2014-01-25 09:17:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2780091$
2014-01-25 09:17:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2845187$
2014-01-25 09:16:54 ----HDC---- C:\WINDOWS\$NtUninstallKB2904266$
2014-01-25 09:16:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2347290$
2014-01-25 09:16:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2876217$
2014-01-25 09:16:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2483185$
2014-01-25 09:12:26 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2014-01-25 09:09:08 ----HDC---- C:\WINDOWS\$NtUninstallKB2864063$
2014-01-25 09:09:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2014-01-25 09:08:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2862152$
2014-01-25 09:08:49 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2014-01-25 09:08:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2770660$
2014-01-25 09:08:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2535512$
2014-01-25 09:08:32 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2014-01-25 09:08:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2850869$
2014-01-25 09:04:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2876331$
2014-01-25 09:04:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2859537$
2014-01-25 09:04:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2807986$
2014-01-25 09:04:34 ----HDC---- C:\WINDOWS\$NtUninstallKB2570947$
2014-01-25 09:04:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2884256$
2014-01-25 09:04:20 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2014-01-25 09:04:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2820917$
2014-01-25 09:04:10 ----HDC---- C:\WINDOWS\$NtUninstallKB2603381$
2014-01-25 09:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2893294$
2014-01-25 09:03:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2757638$
2014-01-25 09:03:48 ----HDC---- C:\WINDOWS\$NtUninstallKB2419632$
2014-01-25 09:03:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2508429$
2014-01-25 09:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2653956$
2014-01-25 09:02:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2749655$
2014-01-25 09:02:42 ----HDC---- C:\WINDOWS\$NtUninstallKB971029$
2014-01-25 09:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2506212$
2014-01-25 09:02:26 ----HDC---- C:\WINDOWS\$NtUninstallKB2893984$
2014-01-25 09:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB2892075$
2014-01-25 09:02:09 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
2014-01-25 09:02:02 ----HDC---- C:\WINDOWS\$NtUninstallKB2619339$
2014-01-25 09:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2705219-v2$
2014-01-25 09:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2014-01-25 09:01:41 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2014-01-25 09:01:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$
2014-01-25 09:01:30 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2014-01-25 09:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$
2014-01-25 09:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-01-25 08:57:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2862330$
2014-01-25 08:57:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2813345$
2014-01-25 08:56:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2509553$
2014-01-25 08:56:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$
2014-01-25 08:43:12 ----D---- C:\WINDOWS\system32\MRT
2014-01-25 08:42:38 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$
2014-01-25 08:36:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2478960$
2014-01-25 08:35:30 ----HDC---- C:\WINDOWS\$NtUninstallKB2393802$
2014-01-25 08:35:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2620712$
2014-01-25 08:35:13 ----HDC---- C:\WINDOWS\$NtUninstallKB2566454$
2014-01-25 08:35:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2914368$
2014-01-25 08:34:56 ----HDC---- C:\WINDOWS\$NtUninstallKB2584146$
2014-01-25 08:31:33 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2014-01-24 13:28:53 ----N---- C:\WINDOWS\system32\browserchoice.exe

======List of files/folders modified in the last 1 months======

2014-02-22 15:02:32 ----D---- C:\WINDOWS\system32\drivers
2014-02-22 12:52:33 ----D---- C:\WINDOWS\Temp
2014-02-22 12:38:07 ----D---- C:\WINDOWS\Prefetch
2014-02-22 12:38:00 ----D---- C:\WINDOWS\system32\CatRoot2
2014-02-22 12:36:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2014-02-22 12:32:10 ----D---- C:\WINDOWS\ehome
2014-02-22 12:32:06 ----HD---- C:\WINDOWS\inf
2014-02-22 09:30:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2014-02-21 21:04:27 ----D---- C:\WINDOWS\system32
2014-02-21 21:04:26 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2014-02-21 02:49:03 ----SHD---- C:\WINDOWS\Installer
2014-02-21 02:44:45 ----D---- C:\Program Files
2014-02-20 18:36:16 ----D---- C:\Program Files\Common Files
2014-02-20 18:35:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2014-02-20 18:30:19 ----A---- C:\WINDOWS\NeroDigital.ini
2014-02-20 18:26:27 ----SD---- C:\WINDOWS\Tasks
2014-02-20 18:26:06 ----D---- C:\WINDOWS
2014-02-19 20:52:43 ----AD---- C:\Documents and Settings\All Users\Data aplikací\Temp
2014-02-18 17:09:48 ----D---- C:\Documents and Settings\Doma\Data aplikací\Mozilla
2014-02-18 17:09:30 ----D---- C:\Program Files\Mozilla Firefox
2014-02-18 14:16:04 ----D---- C:\Program Files\McAfee Security Scan
2014-02-16 18:49:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2014-02-15 18:54:53 ----D---- C:\WINDOWS\Microsoft.NET
2014-02-15 18:54:49 ----RSD---- C:\WINDOWS\assembly
2014-02-15 15:22:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-15 15:22:15 ----D---- C:\WINDOWS\WinSxS
2014-02-15 15:14:42 ----A---- C:\WINDOWS\system32\MRT.exe
2014-02-15 15:13:09 ----A---- C:\WINDOWS\imsins.BAK
2014-02-15 15:12:53 ----D---- C:\Program Files\Internet Explorer
2014-02-15 15:12:42 ----D---- C:\WINDOWS\ie8updates
2014-02-06 04:38:36 ----A---- C:\WINDOWS\system32\wininet.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\occache.dll
2014-02-06 00:08:34 ----N---- C:\WINDOWS\system32\jsproxy.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\urlmon.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\url.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\mstime.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\mshtmled.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\mshtml.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\msfeeds.dll
2014-02-06 00:08:34 ----A---- C:\WINDOWS\system32\licmgr10.dll
2014-02-06 00:08:33 ----N---- C:\WINDOWS\system32\iepeers.dll
2014-02-06 00:08:33 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2014-02-06 00:08:33 ----A---- C:\WINDOWS\system32\iertutil.dll
2014-02-06 00:08:33 ----A---- C:\WINDOWS\system32\ieframe.dll
2014-02-06 00:08:33 ----A---- C:\WINDOWS\system32\corpol.dll
2014-02-05 23:24:06 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2014-02-05 22:47:05 ----D---- C:\Documents and Settings\Doma\Data aplikací\Giyxc
2014-02-05 22:43:50 ----D---- C:\WINDOWS\system32\cache
2014-02-04 23:55:46 ----A---- C:\WINDOWS\IE4 Error Log.txt
2014-02-04 19:52:54 ----D---- C:\Documents and Settings\Doma\Data aplikací\Oniszu
2014-01-29 16:21:25 ----HD---- C:\WINDOWS\system32\GroupPolicy
2014-01-25 09:52:35 ----D---- C:\Program Files\Outlook Express
2014-01-25 09:33:08 ----HD---- C:\WINDOWS\$hf_mig$
2014-01-25 09:01:26 ----D---- C:\Program Files\Movie Maker
2014-01-25 08:53:22 ----D---- C:\WINDOWS\system32\XPSViewer
2014-01-25 08:43:12 ----D---- C:\WINDOWS\Debug
2014-01-24 17:05:05 ----D---- C:\WINDOWS\system32\Macromed
2014-01-24 13:15:38 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2013-11-25 208184]
R1 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2013-10-23 22328]
R1 AvgLdx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2013-07-20 171320]
R1 AvgTdiX;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2013-03-21 182072]
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-09-03 54368]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-01-13 5015040]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-03-28 6280416]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2009-03-18 30336]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 a41ctcgk;a41ctcgk; C:\WINDOWS\system32\drivers\a41ctcgk.sys []
S3 androidusb;ADB Interface Driver; C:\WINDOWS\System32\Drivers\fxxandroidusb.sys [2011-03-22 25728]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 qcusbser;USB Device for Legacy Serial Communication; C:\WINDOWS\system32\DRIVERS\FXX\qcusbser.sys [2011-03-22 103424]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2013-08-09 32384]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2013-07-03 14976]
S3 usbser;Nokia USB Serial Port Driver ; C:\WINDOWS\system32\drivers\usbser.sys [2013-08-29 26240]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [2013-07-04 4939312]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [2013-11-20 283136]
R2 ES lite Service;ES lite Service for program management.; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [2008-12-24 68136]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-03-28 163908]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-21 116648]
S2 SafetyNutManager2;SafetyNut Manager; C:\Program Files\Movies Toolbar\SafetyNut\SafetyNutManager.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21 257928]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-10-21 116648]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-01-16 235696]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-01-28 118896]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[jmeno1]

Aktuální mbam log:

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2014.02.21.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Doma :: PC [administrátor]

Ochrana: Povolena

22.2.2014 15:04:04
mbam-log-2014-02-22 (15-04-04).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 254656
Uplynulý čas: 17 minut, 47 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

[cernohous13]

MBAM odinstaluj http://downloads.malwarebytes.org/file/mbam_clean

potřebuji přesnou hlášku AVG o trojanovi

[jmeno1]

Odinstalováno, po odstranění souborů z MBAM AVG nic nevyhodilo }naposledy ráno před odstraněním), nevyskakují reklamy ani nic "divného" v exploreru, jede už i Mozilla. Jestli AVG něco zachytí pošlu. Přílohy s příponou doc a xls nelze vkládat? Udělala bych PrtScr, stejně jako tu hlášku Rundll, která vyskakuje pořád "chyba při načítání C:\Documents and Setting\Doma\Local Settings\Data Aplikací\oetqsac.dll
Díky

[cernohous13]

Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „MoveIt!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\ - dej mi ho sem na kontrolu

Script OTM

Kód: Vybrat vše

:Commands
[resethosts]
[emptytemp]
[emptyflash]
[emptyjava]

:Files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\Documents and Settings\Doma\Local Settings\Data aplikací\oetqsac.dll
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Windows Search.lnk
C:\AdwCleaner
C:\sc-cleaner.txt
C:\rsit

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{774790e9-f9e1-49b5-bd7b-f9f80106bdd6}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"Adobe ARM"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"Zoner Photo Studio Autoupdate"=-
"oetqsac"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\oetqsac]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c4a3576-e0f2-11de-a106-00241d91f22b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40c76a40-f69b-11e1-afb8-806d6172696f}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{53718553-fdc1-11e2-9fd8-00241d91f22b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{beba890a-25ea-11df-91a4-00241d91f22b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d315da41-03e7-11e3-afd0-00241d91f22b}]

:Services
NMIndexingService
NBService

Pak poreferuj o problémech

[jmeno1]

Ahoj tady to je - btw do teď AVG nic nezachytilo
:
All processes killed
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 665607165 bytes
->Temporary Internet Files folder emptied: 155445 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Doma
->Temp folder emptied: 785509464 bytes
->Temporary Internet Files folder emptied: 468516762 bytes
->FireFox cache emptied: 150833785 bytes
->Google Chrome cache emptied: 360101404 bytes
->Flash cache emptied: 16477765 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 34539303 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 194335 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 15579996 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 264498453 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 222547145 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 10752 bytes

Total Files Cleaned = 2 846.00 mb


[EMPTYFLASH]

User: Admin

User: All Users

User: Default User

User: Doma
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

[cernohous13]

ten log není celý - zkontroluj, nebo OTM neproběhlo korektně - případně opakuj v Nouzovém režimu

Přílohy s příponou doc a xls nelze vkládat?

pouze zabalené jako *.rar, *.zip

[jmeno1]

PROMIŇ! JSEM DEBIL! NEZKOPÍROVALA JSEM VŠE! zpráva obsahuje 672647 znaků povolený počet znaků je 100000 - musím to nějak rozdělit

[jmeno1]

snad je to tak dobře

[cernohous13]

Vše OK a debil jsem já, že jsem nejdřív nenechal smazat karanténu ADWCleaneru

Jak se tváří PC? ještě problém?