avastsvc.exe win32:patched-wq

[Petrásek]

Přeji krásné ráno.
Moc prosím o pomoc, zřejmě ta infekce pochází z Facebooku.
Jsem tu nováčkem, tak jsem se dočetl, že mám dát log z RSIT.


Logfile of random's system information tool 1.09 (written by random/random)
Run by Mornštejn Roman at 2011-07-28 01:08:46
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (34%) free of 153 GB
Total RAM: 1977 MB (77% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\EasyShare Registration Task.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-362288127-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-362288127-725345543-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"=C:\Program Files\Realtek\Audio\InstallShield\AzMixerSel.exe [2006-07-17 53248]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-02-22 1032192]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-06-13 16871936]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-06-17 150040]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-06-17 170520]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-06-17 141848]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-07-24 875016]
"tray_ico"= []
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-02-11 2756488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2011-07-06 449584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\Mornštejn Roman\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-05-11 136176]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Software Kodak EasyShare.lnk - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-06-11 212992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Metin2United US\Metin2client.bin"="C:\Program Files\Metin2United US\Metin2client.bin:*:Enabled:Metin2client"
"E:\Lederion 2011 Client\Metin2.exe"="E:\Lederion 2011 Client\Metin2.exe:*:Enabled:Customizable 2010 Client Launcher"
"C:\Documents and Settings\Mornštejn Roman\Plocha\Microsoft Office\Lederion 2011 Client\Metin2.exe"="C:\Documents and Settings\Mornštejn Roman\Plocha\Microsoft Office\Lederion 2011 Client\Metin2.exe:*:Enabled:Customizable 2010 Client Launcher"
"C:\Program Files\BlueLightMT2\metin2.bin"="C:\Program Files\BlueLightMT2\metin2.bin:*:Enabled:metin2"
"C:\Documents and Settings\Mornštejn Roman\Plocha\Lederion 2011 Client\Metin2.exe"="C:\Documents and Settings\Mornštejn Roman\Plocha\Lederion 2011 Client\Metin2.exe:*:Enabled:Customizable 2010 Client Launcher"
"C:\Documents and Settings\Mornštejn Roman\Plocha\Dark-Revolution2\metin2.exe"="C:\Documents and Settings\Mornštejn Roman\Plocha\Dark-Revolution2\metin2.exe:*:Enabled:metin2"
"C:\Documents and Settings\Mornštejn Roman\Plocha\Microsoft Office\Dark-Revolution2\metin2.exe"="C:\Documents and Settings\Mornštejn Roman\Plocha\Microsoft Office\Dark-Revolution2\metin2.exe:*:Enabled:metin2"
"C:\Documents and Settings\Mornštejn Roman\Local Settings\Temp\7ZipSfx.000\CF_Downloader.exe"="C:\Documents and Settings\Mornštejn Roman\Local Settings\Temp\7ZipSfx.000\CF_Downloader.exe:*:Enabled:PT2Downloader"
"C:\Program Files\CrossFire\CF_G4box.exe"="C:\Program Files\CrossFire\CF_G4box.exe:*:Enabled:PT2Downloader"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Documents and Settings\Mornštejn Roman\Dokumenty\Downloads\Flash-Player.exe"="C:\Documents and Settings\Mornštejn Roman\Dokumenty\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Mornštejn Roman\Dokumenty\Downloads\Flash-Player.exe"
"C:\Program Files\Z8Games\CrossFire\CF_G4box.exe"="C:\Program Files\Z8Games\CrossFire\CF_G4box.exe:*:Enabled:PT2Downloader"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=iyvu9_32.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\Iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"VIDC.PIM1"=pclepim1.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.XFR1"=xfcodec.dll

======List of files/folders created in the last 1 month======

2011-07-28 01:08:46 ----D---- C:\rsit
2011-07-28 01:08:46 ----D---- C:\Program Files\trend micro
2011-07-28 00:49:50 ----D---- C:\Documents and Settings\Mornštejn Roman\Data aplikací\Malwarebytes
2011-07-28 00:49:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-07-28 00:49:40 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-07-28 00:49:37 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-28 00:49:37 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-28 00:40:44 ----D---- C:\Documents and Settings\Mornštejn Roman\Data aplikací\Sammsoft
2011-07-28 00:26:05 ----D---- C:\ComboFix
2011-07-28 00:26:05 ----A---- C:\WINDOWS\system32\CF11619.exe
2011-07-28 00:16:43 ----A---- C:\WINDOWS\system32\CF9784.exe
2011-07-27 23:46:03 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-07-27 23:46:03 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-07-27 23:46:01 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-07-27 23:46:00 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-07-27 23:45:58 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-07-27 23:45:58 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-07-27 23:45:58 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-07-27 23:45:43 ----A---- C:\WINDOWS\system32\avastSS.scr
2011-07-27 23:45:43 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-07-27 23:45:36 ----D---- C:\Program Files\Alwil Software
2011-07-27 18:53:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2011-07-27 17:30:32 ----D---- C:\WINDOWS\temp
2011-07-27 17:29:57 ----A---- C:\WINDOWS\system32\CF28391.exe
2011-07-27 17:10:34 ----A---- C:\WINDOWS\zip.exe
2011-07-27 17:10:34 ----A---- C:\WINDOWS\VFIND.exe
2011-07-27 17:10:34 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-07-27 17:10:34 ----A---- C:\WINDOWS\SWSC.exe
2011-07-27 17:10:34 ----A---- C:\WINDOWS\SWREG.exe
2011-07-27 17:10:34 ----A---- C:\WINDOWS\sed.exe
2011-07-27 17:10:34 ----A---- C:\WINDOWS\NIRCMD.exe
2011-07-27 17:10:34 ----A---- C:\WINDOWS\grep.exe
2011-07-27 17:10:34 ----A---- C:\WINDOWS\fdsv.exe
2011-07-27 17:10:25 ----A---- C:\WINDOWS\system32\CF24564.exe
2011-07-27 17:08:15 ----D---- C:\WINDOWS\ERDNT
2011-07-27 17:07:55 ----D---- C:\Qoobox
2011-07-27 15:38:31 ----D---- C:\Program Files\CCleaner
2011-07-21 19:47:59 ----D---- C:\WINDOWS\system32\appmgmt
2011-07-21 19:02:29 ----D---- C:\WINDOWS\Minidump
2011-07-21 16:43:33 ----D---- C:\Program Files\Z8Games
2011-07-21 09:16:27 ----D---- C:\WINDOWS\ufa
2011-07-21 09:16:27 ----D---- C:\WINDOWS\rpcminer
2011-07-21 09:16:27 ----D---- C:\WINDOWS\phoenix
2011-07-21 09:03:50 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-21 09:02:10 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-21 09:01:48 ----HD---- C:\WINDOWS\update.2
2011-07-21 09:01:38 ----A---- C:\WINDOWS\unrar.exe
2011-07-21 09:01:20 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-21 09:00:58 ----HD---- C:\WINDOWS\update.5.0
2011-07-21 09:00:49 ----A---- C:\WINDOWS\iplist.txt
2011-07-21 08:59:56 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-21 08:58:00 ----D---- C:\WINDOWS\av_ico
2011-07-21 08:56:43 ----HD---- C:\WINDOWS\update.1
2011-07-21 08:56:34 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-21 08:56:34 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-21 08:46:25 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-21 08:46:25 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-21 08:34:07 ----A---- C:\WINDOWS\system32\muweb.dll
2011-07-21 08:34:07 ----A---- C:\WINDOWS\system32\mucltui.dll
2011-07-19 16:23:10 ----D---- C:\Documents and Settings\Mornštejn Roman\Data aplikací\Xfire
2011-07-19 16:23:05 ----D---- C:\Program Files\Xfire
2011-07-19 15:31:15 ----D---- C:\Program Files\CrossFire
2011-07-19 11:51:49 ----D---- C:\Program Files\Microsoft Silverlight
2011-07-14 19:16:40 ----A---- C:\WINDOWS\system32\3ivx.dll
2011-07-14 19:16:39 ----D---- C:\Program Files\Acala DVD 3gp Ripper
2011-07-14 19:11:39 ----D---- C:\Program Files\Launch Manager
2011-07-14 19:10:24 ----A---- C:\WINDOWS\system32\FILTRCOI.DLL
2011-07-14 19:10:24 ----A---- C:\WINDOWS\system32\drivers\DKbFltr.SYS
2011-07-14 19:10:23 ----A---- C:\WINDOWS\UNINST32.EXE
2011-07-14 18:45:22 ----A---- C:\WINDOWS\system32\igxprd32.dll
2011-07-14 18:45:22 ----A---- C:\WINDOWS\system32\igfxtray.exe
2011-07-14 18:45:22 ----A---- C:\WINDOWS\system32\igfxexps.dll
2011-07-14 18:45:21 ----A---- C:\WINDOWS\system32\igxpdv32.dll
2011-07-14 18:45:21 ----A---- C:\WINDOWS\system32\igfxsrvc.dll
2011-07-14 18:45:21 ----A---- C:\WINDOWS\system32\igfxpers.exe
2011-07-14 18:45:21 ----A---- C:\WINDOWS\system32\igfxext.exe
2011-07-14 18:45:21 ----A---- C:\WINDOWS\system32\hccutils.dll
2011-07-14 18:45:21 ----A---- C:\WINDOWS\system32\drivers\igxpmp32.sys
2011-07-14 18:45:20 ----A---- C:\WINDOWS\system32\igxpgd32.dll
2011-07-14 18:45:20 ----A---- C:\WINDOWS\system32\igfxzoom.exe
2011-07-14 18:45:20 ----A---- C:\WINDOWS\system32\igfxsrvc.exe
2011-07-14 18:45:20 ----A---- C:\WINDOWS\system32\igfxcfg.exe
2011-07-14 18:45:20 ----A---- C:\WINDOWS\system32\ig4icd32.dll
2011-07-14 18:45:20 ----A---- C:\WINDOWS\system32\ig4dev32.dll
2011-07-14 18:45:19 ----A---- C:\WINDOWS\system32\igxpdx32.dll
2011-07-14 18:45:19 ----A---- C:\WINDOWS\system32\igfxress.dll
2011-07-14 18:45:19 ----A---- C:\WINDOWS\system32\igfxpph.dll
2011-07-14 18:45:19 ----A---- C:\WINDOWS\system32\igfxdo.dll
2011-07-14 18:45:19 ----A---- C:\WINDOWS\system32\igfxdev.dll
2011-07-14 18:45:19 ----A---- C:\WINDOWS\system32\igfxCoIn_v4957.dll
2011-07-14 18:45:19 ----A---- C:\WINDOWS\system32\hkcmd.exe
2011-07-14 18:45:17 ----A---- C:\WINDOWS\system32\igxpun.exe
2011-07-14 18:44:47 ----A---- C:\WINDOWS\system32\TVWizudlg.exe
2011-07-14 18:44:47 ----A---- C:\WINDOWS\system32\igfxtvcx.dll
2011-07-14 18:44:46 ----D---- C:\WINDOWS\system32\Lang
2011-07-14 18:35:49 ----D---- C:\Driver
2011-07-14 16:05:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-14 16:03:27 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-10 21:46:47 ----AH---- C:\WINDOWS\system32\ezsidmv.dat
2011-07-10 21:46:36 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype Extras
2011-07-10 21:42:15 ----RD---- C:\Program Files\Skype
2011-07-10 21:42:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2011-07-02 13:47:27 ----A---- C:\WINDOWS\system32\srusd.dll
2011-07-02 13:47:27 ----A---- C:\WINDOWS\system32\drivers\serscan.sys
2011-07-02 13:47:26 ----A---- C:\WINDOWS\system32\fnfilter.dll
2011-07-01 19:09:44 ----D---- C:\Program Files\Adobe
2011-07-01 10:42:47 ----D---- C:\Program Files\Opera
2011-06-30 09:04:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$

======List of files/folders modified in the last 1 month======

2011-07-28 01:08:46 ----RD---- C:\Program Files
2011-07-28 00:49:40 ----D---- C:\WINDOWS\system32\drivers
2011-07-28 00:47:41 ----D---- C:\WINDOWS\system32
2011-07-28 00:26:30 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-28 00:17:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-28 00:16:59 ----D---- C:\WINDOWS\Prefetch
2011-07-27 23:45:53 ----D---- C:\WINDOWS\WinSxS
2011-07-27 23:45:50 ----SHD---- C:\WINDOWS\Installer
2011-07-27 23:44:05 ----D---- C:\WINDOWS
2011-07-27 18:12:35 ----D---- C:\Documents and Settings
2011-07-27 16:58:05 ----HD---- C:\WINDOWS\inf
2011-07-27 16:23:45 ----D---- C:\Program Files\O2Micro Flash Memory Card Driver
2011-07-27 16:23:45 ----D---- C:\Program Files\CDBurnerXP
2011-07-27 16:08:03 ----SHD---- C:\System Volume Information
2011-07-27 15:39:33 ----D---- C:\WINDOWS\Debug
2011-07-26 09:03:11 ----A---- C:\WINDOWS\ModemLog_Axesstel USB Modem.txt
2011-07-26 08:38:05 ----D---- C:\Documents and Settings\Mornštejn Roman\Data aplikací\vlc
2011-07-26 08:00:18 ----D---- C:\Program Files\Microsoft Office
2011-07-23 12:02:09 ----A---- C:\WINDOWS\win.ini
2011-07-23 12:00:29 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-07-23 12:00:04 ----RSD---- C:\WINDOWS\assembly
2011-07-21 19:53:58 ----D---- C:\Program Files\Microsoft Works
2011-07-21 19:53:54 ----RSD---- C:\WINDOWS\Fonts
2011-07-21 19:47:44 ----D---- C:\Documents and Settings\Mornštejn Roman\Data aplikací\Skype
2011-07-21 17:18:03 ----D---- C:\Program Files\City Interactive
2011-07-21 14:23:33 ----D---- C:\Documents and Settings\Mornštejn Roman\Data aplikací\dvdcss
2011-07-21 09:04:16 ----D---- C:\WINDOWS\system32\Restore
2011-07-21 09:02:11 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-21 08:56:53 ----A---- C:\boot.ini
2011-07-19 11:52:01 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2011-07-14 19:11:45 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-07-14 18:45:19 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-07-14 18:44:45 ----D---- C:\Program Files\Intel
2011-07-14 16:05:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-14 16:03:41 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-13 09:23:02 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-10 21:46:41 ----D---- C:\Documents and Settings\Mornštejn Roman\Data aplikací\skypePM
2011-07-10 21:42:26 ----D---- C:\Program Files\Common Files
2011-07-08 07:30:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-07-02 11:05:34 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2011-07-01 19:10:00 ----D---- C:\Program Files\Common Files\Adobe

[vyosek]

Zdravim, pekny den preji a vitam vas u nas na foru

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Zvolte moznost 2 a potvrte enterem
• Utilita provede svou cinnost a da log - ten sem vlozte
• Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

[Petrásek]

Děkuji za přivítání, jdu na to, jen jsem zapomněl dodat, že ten problém mám na notebooku který není připojen na net, takže to přenáším klíčenkou, nevadí to doufám.

[vyosek]

Nakaza by se nemela sirit na flash disk

[Petrásek]

Nešíří
Tak log 1


RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Mornštejn Roman [Admin rights]
Mode: Remove -- Date : 07/28/2011 08:47:19

Bad processes: 0

Registry Entries: 3
[] HKLM\[...]\Windows : () -> ACCESS DENIED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[] HKLM\[...]\Windows : () -> ACCESS DENIED

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

Tak log 2

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Mornštejn Roman [Admin rights]
Mode: HOSTSFix -- Date : 07/28/2011 08:48:14

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Tak log 3

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Mornštejn Roman [Admin rights]
Mode: ProxyFix -- Date : 07/28/2011 08:48:47

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

[vyosek]

Fajn, jdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Petrásek]

Na konzolu pro zotavení jsem souhlasil, ale pak mi to napsalo chybu, že není připojen k internetu, mám dát OK

[vyosek]

Ano odsouhlaste, havet obcas internet takhle blokuje

[Petrásek]

Myslíte, že to tak má být?
Už více jak 20 minut tam pouze toto:

NIRCMDC není názvem vnitřního ani vnějšího příkazu,
spustitelného programu nebo dávkového souboru.
MTEE není názvem vnitřního ani vnějšího příkazu,
spustitelného programu nebo dávkového souboru.

a pod tím bliká kurzor.
Mám čekat a vydržet?

[vyosek]

Dejte mu cca 10 min a pokud nic, tak restartujte PC a napiste

[Petrásek]

Tak ani po dalších 25 minutách se nic nedělo, tak ho restartuji.

[vyosek]

OK, pak napiste ci reset probehl v poradku a pujdem dale

[Petrásek]

No, trval podstatně déle nežli obvykle, ale naběhlo to.

[vyosek]

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[Petrásek]

To bude problém, protože to nemám možnost připojit k netu, takže tam dávám vše na klíčence.
Tak se ta aktualizace neprovede, nevadí to?