virus - facebook vir

[Jencek]

Dobrý den,

jak tak koukám, tak nejsem první ani poslední, komu se povedlo dostat do pc tenhle virus.

Předem děkuji za ochotu.

[Jencek]

zde je log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by jencek at 2011-10-31 11:23:40
Microsoft® Windows Vista™ Home Basic
System drive C: has 96 GB (48%) free of 200 GB
Total RAM: 3070 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:23:42, on 31.10.2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\jencek\Desktop\RSIT.exe
C:\Program Files\trend micro\jencek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WheelMouse] C:\MSI\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD2414DB-7A07-433A-A74C-36E2660AD8F0}: NameServer = 93.153.117.1,62.141.0.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{DD2414DB-7A07-433A-A74C-36E2660AD8F0}: NameServer = 93.153.117.1,62.141.0.2
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

--
End of file - 2778 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-02 1004136]
"WheelMouse"=C:\MSI\ADVANC~1\wh_exec.exe [2007-09-13 90112]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"=oobefldr.dll,ShowWelcomeCenter []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoHotStart"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"NoHotStart"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-10-31 11:15:52 ----D---- C:\rsit
2011-10-31 11:15:52 ----D---- C:\Program Files\trend micro
2011-10-31 10:38:18 ----D---- C:\totalcmd
2011-10-31 10:38:18 ----A---- C:\Windows\UC.PIF
2011-10-31 10:38:18 ----A---- C:\Windows\RAR.PIF
2011-10-31 10:38:18 ----A---- C:\Windows\PKZIP.PIF
2011-10-31 10:38:18 ----A---- C:\Windows\PKUNZIP.PIF
2011-10-31 10:38:18 ----A---- C:\Windows\NOCLOSE.PIF
2011-10-31 10:38:18 ----A---- C:\Windows\LHA.PIF
2011-10-31 10:38:18 ----A---- C:\Windows\ARJ.PIF
2011-10-31 10:36:14 ----D---- C:\Program Files\WinRAR
2011-10-31 01:52:13 ----A---- C:\Windows\ntbtlog.txt
2011-10-29 23:53:26 ----D---- C:\Program Files\EA Sports
2011-10-26 16:22:46 ----D---- C:\Users\jencek\AppData\Roaming\QIP
2011-10-24 16:21:47 ----D---- C:\ProgramData\Fraus
2011-10-24 16:19:04 ----D---- C:\Program Files\SMART Technologies Inc
2011-10-24 16:18:03 ----D---- C:\Program Files\Flexilearn
2011-10-23 23:51:21 ----D---- C:\ProgramData\EA Core
2011-10-23 13:51:26 ----D---- C:\Program Files\Xvid
2011-10-23 13:50:27 ----D---- C:\Program Files\ShoppingReport2
2011-10-23 13:50:20 ----D---- C:\ProgramData\ClickPotatoLiteSA
2011-10-23 13:50:20 ----D---- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2011-10-23 13:50:20 ----D---- C:\Program Files\ClickPotatoLite
2011-10-21 00:03:29 ----D---- C:\Program Files\vShare.tv plugin
2011-10-18 23:08:24 ----D---- C:\Program Files\Electronic Arts
2011-10-07 16:18:01 ----D---- C:\Users\jencek\AppData\Roaming\NVIDIA
2011-10-07 15:35:06 ----D---- C:\ProgramData\NVIDIA Corporation
2011-10-07 15:30:24 ----D---- C:\NVIDIA

======List of files/folders modified in the last 1 month======

2011-10-31 11:15:52 ----RD---- C:\Program Files
2011-10-31 10:50:07 ----D---- C:\Users\jencek\AppData\Roaming\WinRAR
2011-10-31 10:38:18 ----D---- C:\Windows
2011-10-31 10:38:18 ----D---- C:\Users\jencek\AppData\Roaming\GHISLER
2011-10-31 10:26:56 ----SD---- C:\Windows\Downloaded Program Files
2011-10-31 10:26:55 ----D---- C:\Windows\System32
2011-10-31 10:19:55 ----D---- C:\Windows\inf
2011-10-31 10:19:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-31 01:47:29 ----D---- C:\Program Files\Common Files\Adobe
2011-10-31 01:47:13 ----D---- C:\Windows\system32\catroot2
2011-10-31 01:41:18 ----D---- C:\Windows\system32\config
2011-10-31 01:33:20 ----D---- C:\Windows\twain_32
2011-10-31 01:33:20 ----D---- C:\Windows\system32\zh-HK
2011-10-31 01:33:20 ----D---- C:\Windows\system
2011-10-31 01:33:11 ----RSD---- C:\Windows\Media
2011-10-31 01:33:11 ----RD---- C:\Windows\Offline Web Pages
2011-10-31 01:33:11 ----D---- C:\Program Files\MSN
2011-10-31 01:33:11 ----D---- C:\Program Files\Common Files\Services
2011-10-31 01:32:31 ----D---- C:\Windows\Tasks
2011-10-31 01:32:31 ----D---- C:\Windows\tapi
2011-10-31 01:32:31 ----D---- C:\Windows\system32\wbem
2011-10-31 01:32:31 ----D---- C:\Windows\system32\spool
2011-10-31 01:32:31 ----D---- C:\Windows\system32\Msdtc
2011-10-31 01:32:08 ----D---- C:\Windows\system32\drivers\etc
2011-10-31 01:32:08 ----D---- C:\Windows\system32\drivers
2011-10-31 01:32:08 ----D---- C:\Windows\system32\cs-CZ
2011-10-31 01:32:08 ----D---- C:\Windows\system32\CodeIntegrity
2011-10-31 01:32:07 ----SHD---- C:\Windows\Installer
2011-10-31 01:32:07 ----D---- C:\Windows\rescache
2011-10-31 01:32:06 ----RSD---- C:\Windows\assembly
2011-10-31 01:32:06 ----D---- C:\Windows\cs-CZ
2011-10-31 01:32:03 ----RD---- C:\Users
2011-10-31 01:32:03 ----D---- C:\Program Files\WinZip
2011-10-31 01:30:36 ----D---- C:\Windows\registration
2011-10-31 01:30:36 ----D---- C:\Program Files\Common Files
2011-10-31 01:30:28 ----SD---- C:\ProgramData\Microsoft
2011-10-31 01:30:28 ----D---- C:\Windows\system32\XPSViewer
2011-10-31 01:30:28 ----D---- C:\Windows\system32\oobe
2011-10-31 01:30:28 ----D---- C:\Windows\system32\migwiz
2011-10-31 01:30:28 ----D---- C:\Windows\system32\DriverStore
2011-10-31 01:30:28 ----D---- C:\Windows\system32\Boot
2011-10-31 01:30:28 ----D---- C:\Windows\servicing
2011-10-31 01:30:28 ----D---- C:\Windows\PolicyDefinitions
2011-10-31 01:30:28 ----D---- C:\Windows\IME
2011-10-31 01:30:28 ----D---- C:\Windows\AppPatch
2011-10-31 01:30:28 ----D---- C:\Program Files\Windows Sidebar
2011-10-31 01:30:27 ----D---- C:\Program Files\Windows Photo Gallery
2011-10-31 01:30:27 ----D---- C:\Program Files\Windows Media Player
2011-10-31 01:30:27 ----D---- C:\Program Files\Windows Mail
2011-10-31 01:30:27 ----D---- C:\Program Files\Internet Explorer
2011-10-31 01:30:27 ----D---- C:\Program Files\Common Files\System
2011-10-31 01:22:45 ----D---- C:\Program Files\Adobe
2011-10-31 01:02:46 ----SHD---- C:\System Volume Information
2011-10-31 01:01:03 ----D---- C:\Windows\system32\LogFiles
2011-10-30 23:47:35 ----HD---- C:\ProgramData
2011-10-30 23:22:34 ----D---- C:\Windows\system32\Macromed
2011-10-30 23:02:04 ----D---- C:\Windows\Temp
2011-10-30 22:57:42 ----D---- C:\Windows\Prefetch
2011-10-27 16:31:26 ----D---- C:\Program Files\QIP
2011-10-27 14:13:22 ----D---- C:\Program Files\Microsoft Silverlight
2011-10-26 16:22:46 ----D---- C:\Program Files\QIP Infium
2011-10-26 16:22:45 ----D---- C:\Program Files\QIP 2010
2011-10-23 23:51:21 ----D---- C:\ProgramData\Electronic Arts
2011-10-22 21:05:36 ----D---- C:\Program Files\Opera
2011-10-17 16:51:29 ----D---- C:\Program Files\JDownloader
2011-10-13 02:01:07 ----D---- C:\ProgramData\Microsoft Help
2011-10-10 09:11:43 ----D---- C:\Program Files\Google
2011-10-08 00:58:18 ----D---- C:\Users\jencek\AppData\Roaming\vlc
2011-10-07 15:37:23 ----D---- C:\Program Files\NVIDIA Corporation
2011-10-07 15:37:00 ----D---- C:\Windows\system32\catroot
2011-10-07 15:36:49 ----HD---- C:\Program Files\InstallShield Installation Information
2011-10-07 15:36:24 ----D---- C:\ProgramData\NVIDIA
2011-10-07 14:39:24 ----D---- C:\Windows\system32\directx
2011-10-07 14:39:18 ----HD---- C:\Windows\msdownld.tmp
2011-10-05 15:55:59 ----D---- C:\Users\jencek\AppData\Roaming\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

All services whitelisted

-----------------EOF-----------------

[vyosek]

Zdravim a pekny den preji

Priznaky FB haveti tam nevidim Jaky mate problem

Tuhle IP 93.153.117.1 a tuhle 62.141.0.2 znate

[Jencek]

ještě jednou dobrý den,

mám počítač spuštěný v nouzovém režimu, jelikož se do klasického nemůžu dostat

včera večer jsem chytil vir přes fb, přesně jak tu bylo řečeno... přes kamaráda, který mi psal anglicky

snažil sem se to řešit se svýma kamarádama přes qip

ti mi poradili, abych do pc dal instalačku od windows a opravil pc touhle cestou, jelikož mi to nepomohlo, tak jsem obnovil soubory dokonce z roku 2009, pač bližší datum mi to nenabídlo

můj problém je, že se nemohu dostat z nouzového režimu a to ani když dám F8 a vyberu spuštění klasickou cestou... stále jsem v nouzáku

vir mi vymazal antivirus kaspersky a nový si nemoho nainstalovat

s IP nevim, co máte namysli... v IT jsem amatér

[Jencek]

ohledně té IP

to je moje DNS adresa

[JaRon]

len podotknem, ze odvirit PC obnovou systemu do 2009 nie je bohvieco
skus doinstalovat ServicePack pre Vistu a problemy by sa mali opravit ,,,

[Jencek]

však já neříkám, že je to něco... dělal jsem to, co mi bylo řečeno od kamarádů

ten servicepack seženu kde prosim vás?

[JaRon]

link http://www.viry.cz/forum/viewtopic.php?f=46&t=86100

[Jencek]

okey, díky, stáhnu a dám vědět

[vyosek]

A pokud Vam system nenebiha do normalniho rezimu, tak zkuste tohle

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

• Vyskoci na Vas okenko, do ktereho zkopirujte text nize

• Kód: Vybrat vše

  msconfig

• Kliknete na OK
• Prepnete se na zalozku Spuštění počítače
• Podivejte se, ci nemate zaskrtnute Bezpecne spousteni - pokud ano, tak odskrtnete
• Nasledny restart by jiz mel vest do normalniho rezimu

[Jencek]

Dobrý večer,

po x hodinách čekání, kdy se mi service pack nakonec nenainstaloval a musel sem dále čekat vrácení systémových změn, jsem s pomocí msconfig nakonec OS spustil v normálním režimu.

chybí mi tu dá se říct všechny programy jako winzip, rar, přehrávače atd

teď si stahuju trial verzi esetu + použiji ccleaner, který tu doporučujete

chtěl bych se Vás naposled zeptet, jestli by nějak šlo zjistit, jestli je počítač už v pořádku či nikoliv

díky

[vyosek]

Proc tahate placeny ESET, proc ne radeji free verzi Avastu - jestli hodlate pak ESETa cracknout tak je to nejlepsi cesta do pekel...

Pak sem dejte novy log z RSIT a napiste co PC

[Jencek]

Dobrý večer,

tak vše snad proběhlo v pohodě, avast určitě stáhnu, eset jsem vzal, protože to bylo první, co mě napadlo...

tady je log:


Logfile of random's system information tool 1.09 (written by random/random)
Run by jencek at 2011-10-31 23:05:56
Microsoft® Windows Vista™ Home Basic
System drive C: has 81 GB (40%) free of 200 GB
Total RAM: 3070 MB (70% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:06:34, on 31.10.2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\MSI\Advanced Wheel Mouse\wh_exec.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Users\jencek\AppData\Roaming\QipGuard\QipGuard.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\QIP 2012\qip.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\jencek\Desktop\RSIT.exe
C:\Program Files\trend micro\jencek.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Users\jencek\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [WheelMouse] C:\MSI\ADVANC~1\wh_exec.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [facemoods] "C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\jencek\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Users\jencek\AppData\Roaming\QipGuard\QipGuard.exe /p
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DD2414DB-7A07-433A-A74C-36E2660AD8F0}: NameServer = 93.153.117.1,62.141.0.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PC Speed Up Service (PCSUService) - Unknown owner - C:\Program Files\Zrychleni Pocitace\PCSUService.exe
O23 - Service: QipGuard - QIP.ru - C:\Program Files\QipGuard\QipGuard.exe

--
End of file - 5583 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1342190123-1499399694-980328058-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1342190123-1499399694-980328058-1000UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll [2010-10-26 262144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\jencek\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2011-10-12 142288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll [2010-10-26 217088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2006-11-02 1004136]
"WheelMouse"=C:\MSI\ADVANC~1\wh_exec.exe [2007-09-13 90112]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"MSConfig"=C:\Windows\system32\msconfig.exe [2006-11-02 222208]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-09-22 3080264]
"facemoods"=C:\Program Files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe [2010-10-26 323584]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\jencek\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-31 136176]
"QIP Internet Guardian"=C:\Users\jencek\AppData\Roaming\QipGuard\QipGuard.exe [2011-10-26 191440]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoHotStart"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"NoHotStart"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-10-31 21:31:06 ----A---- C:\Windows\system32\msonpmon.dll
2011-10-31 21:29:17 ----D---- C:\Program Files\Microsoft Works
2011-10-31 21:27:50 ----D---- C:\Program Files\Microsoft Visual Studio
2011-10-31 21:27:49 ----D---- C:\Program Files\Common Files\DESIGNER
2011-10-31 21:20:57 ----D---- C:\Windows\SHELLNEW
2011-10-31 21:10:36 ----A---- C:\Windows\system32\nvvsvc.exe
2011-10-31 21:10:36 ----A---- C:\Windows\system32\nvshext.dll
2011-10-31 21:10:36 ----A---- C:\Windows\system32\nvhotkey.dll
2011-10-31 21:10:35 ----A---- C:\Windows\system32\nvsvcr.dll
2011-10-31 21:10:32 ----A---- C:\Windows\system32\nvsvc.dll
2011-10-31 21:10:30 ----A---- C:\Windows\system32\nvmctray.dll
2011-10-31 21:10:30 ----A---- C:\Windows\system32\nvcpl.dll
2011-10-31 21:10:11 ----A---- C:\Windows\system32\easyupdatusapiu.dll
2011-10-31 21:07:34 ----A---- C:\Windows\system32\nvhdap32.dll
2011-10-31 21:07:34 ----A---- C:\Windows\system32\drivers\nvhda32v.sys
2011-10-31 21:07:33 ----A---- C:\Windows\system32\nvhdagenco3220102.dll
2011-10-31 21:07:33 ----A---- C:\Windows\system32\nvapo32v.dll
2011-10-31 21:07:05 ----A---- C:\Windows\system32\OpenCL.dll
2011-10-31 21:07:05 ----A---- C:\Windows\system32\nvwgf2um.dll
2011-10-31 21:07:03 ----A---- C:\Windows\system32\nvoglv32.dll
2011-10-31 21:07:00 ----A---- C:\Windows\system32\nvgenco32.dll
2011-10-31 21:07:00 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2011-10-31 21:06:59 ----A---- C:\Windows\system32\nvdispco32.dll
2011-10-31 21:06:58 ----A---- C:\Windows\system32\nvd3dum.dll
2011-10-31 21:06:57 ----A---- C:\Windows\system32\nvcuvid.dll
2011-10-31 21:06:57 ----A---- C:\Windows\system32\nvcuvenc.dll
2011-10-31 21:06:57 ----A---- C:\Windows\system32\nvcuda.dll
2011-10-31 21:06:56 ----A---- C:\Windows\system32\nvcompiler.dll
2011-10-31 21:06:56 ----A---- C:\Windows\system32\nvapi.dll
2011-10-31 20:51:41 ----D---- C:\Program Files\WinZip
2011-10-31 20:45:18 ----D---- C:\Program Files\facemoods.com
2011-10-31 20:36:09 ----D---- C:\Program Files\Zrychleni Pocitace
2011-10-31 20:31:43 ----D---- C:\Users\jencek\AppData\Roaming\OpenCandy
2011-10-31 20:29:13 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-10-31 20:29:04 ----D---- C:\Program Files\DAEMON Tools Lite
2011-10-31 20:28:30 ----D---- C:\Users\jencek\AppData\Roaming\DAEMON Tools Lite
2011-10-31 20:28:24 ----D---- C:\ProgramData\DAEMON Tools Lite
2011-10-31 20:20:56 ----D---- C:\Program Files\QipGuard
2011-10-31 20:20:55 ----D---- C:\Users\jencek\AppData\Roaming\QipGuard
2011-10-31 20:19:15 ----D---- C:\Program Files\QIP 2012
2011-10-31 19:43:37 ----D---- C:\ProgramData\ESET
2011-10-31 19:43:37 ----D---- C:\Program Files\ESET
2011-10-31 19:30:40 ----A---- C:\Windows\system32\wups2.dll
2011-10-31 19:30:39 ----A---- C:\Windows\system32\wucltux.dll
2011-10-31 19:30:39 ----A---- C:\Windows\system32\wuaueng.dll
2011-10-31 19:30:39 ----A---- C:\Windows\system32\wuauclt.exe
2011-10-31 19:30:03 ----A---- C:\Windows\system32\wups.dll
2011-10-31 19:30:03 ----A---- C:\Windows\system32\wudriver.dll
2011-10-31 19:30:03 ----A---- C:\Windows\system32\wuapi.dll
2011-10-31 19:29:49 ----A---- C:\Windows\system32\wuwebv.dll
2011-10-31 19:29:49 ----A---- C:\Windows\system32\wuapp.exe
2011-10-31 19:25:56 ----ASH---- C:\hiberfil.sys
2011-10-31 19:24:39 ----D---- C:\Windows\pss
2011-10-31 16:10:22 ----D---- C:\Program Files\MSN
2011-10-31 13:55:51 ----A---- C:\Windows\system32\SPWizUI.dll
2011-10-31 13:55:51 ----A---- C:\Windows\system32\SPReview.exe
2011-10-31 13:39:54 ----A---- C:\Windows\system32\hcrstco.dll
2011-10-31 13:38:27 ----A---- C:\Windows\system32\nshhttp.dll
2011-10-31 13:38:27 ----A---- C:\Windows\system32\dispci.dll
2011-10-31 13:38:27 ----A---- C:\Windows\system32\batt.dll
2011-10-31 13:38:26 ----A---- C:\Windows\system32\drivers\sermouse.sys
2011-10-31 13:38:26 ----A---- C:\Windows\system32\drivers\mouhid.sys
2011-10-31 13:38:26 ----A---- C:\Windows\system32\drivers\kbdhid.sys
2011-10-31 13:38:26 ----A---- C:\Windows\system32\drivers\i8042prt.sys
2011-10-31 13:38:25 ----A---- C:\Windows\system32\unlodctr.exe
2011-10-31 13:38:25 ----A---- C:\Windows\system32\oleaut32.dll
2011-10-31 13:38:25 ----A---- C:\Windows\system32\lodctr.exe
2011-10-31 13:38:25 ----A---- C:\Windows\system32\kbd106n.dll
2011-10-31 13:38:25 ----A---- C:\Windows\system32\f3ahvoas.dll
2011-10-31 13:38:25 ----A---- C:\Windows\system32\drvinst.exe
2011-10-31 13:38:25 ----A---- C:\Windows\system32\dpx.dll
2011-10-31 13:38:25 ----A---- C:\Windows\system32\cfgmgr32.dll
2011-10-31 13:38:24 ----A---- C:\Windows\system32\wpd_ci.dll
2011-10-31 13:38:24 ----A---- C:\Windows\system32\winresume.exe
2011-10-31 13:38:24 ----A---- C:\Windows\system32\winload.exe
2011-10-31 13:38:24 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-10-31 13:38:24 ----A---- C:\Windows\system32\schedsvc.dll
2011-10-31 13:38:24 ----A---- C:\Windows\system32\setupapi.dll
2011-10-31 13:38:24 ----A---- C:\Windows\system32\prflbmsg.dll
2011-10-31 13:38:24 ----A---- C:\Windows\system32\loadperf.dll
2011-10-31 13:38:24 ----A---- C:\Windows\system32\drivers\WdfLdr.sys
2011-10-31 13:38:24 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2011-10-31 13:38:24 ----A---- C:\Windows\system32\drivers\mouclass.sys
2011-10-31 13:38:24 ----A---- C:\Windows\system32\drivers\kbdclass.sys
2011-10-31 13:38:24 ----A---- C:\Windows\system32\clfs.sys
2011-10-31 13:37:51 ----A---- C:\Windows\system32\cbsra.exe
2011-10-31 11:15:52 ----D---- C:\rsit
2011-10-31 11:15:52 ----D---- C:\Program Files\trend micro
2011-10-31 10:38:18 ----D---- C:\totalcmd
2011-10-31 10:38:18 ----A---- C:\Windows\UC.PIF
2011-10-31 10:38:18 ----A---- C:\Windows\RAR.PIF
2011-10-31 10:38:18 ----A---- C:\Windows\PKZIP.PIF
2011-10-31 10:38:18 ----A---- C:\Windows\PKUNZIP.PIF
2011-10-31 10:38:18 ----A---- C:\Windows\NOCLOSE.PIF
2011-10-31 10:38:18 ----A---- C:\Windows\LHA.PIF
2011-10-31 10:38:18 ----A---- C:\Windows\ARJ.PIF
2011-10-31 10:36:14 ----D---- C:\Program Files\WinRAR
2011-10-31 01:52:13 ----A---- C:\Windows\ntbtlog.txt
2011-10-29 23:53:26 ----D---- C:\Program Files\EA Sports
2011-10-26 16:22:46 ----D---- C:\Users\jencek\AppData\Roaming\QIP
2011-10-24 16:21:47 ----D---- C:\ProgramData\Fraus
2011-10-24 16:19:04 ----D---- C:\Program Files\SMART Technologies Inc
2011-10-24 16:18:03 ----D---- C:\Program Files\Flexilearn
2011-10-23 23:51:21 ----D---- C:\ProgramData\EA Core
2011-10-23 13:51:26 ----D---- C:\Program Files\Xvid
2011-10-23 13:50:27 ----D---- C:\Program Files\ShoppingReport2
2011-10-23 13:50:20 ----D---- C:\ProgramData\ClickPotatoLiteSA
2011-10-23 13:50:20 ----D---- C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
2011-10-23 13:50:20 ----D---- C:\Program Files\ClickPotatoLite
2011-10-21 00:03:29 ----D---- C:\Program Files\vShare.tv plugin
2011-10-18 23:08:24 ----D---- C:\Program Files\Electronic Arts
2011-10-07 16:18:01 ----D---- C:\Users\jencek\AppData\Roaming\NVIDIA
2011-10-07 15:35:06 ----D---- C:\ProgramData\NVIDIA Corporation
2011-10-07 15:30:24 ----D---- C:\NVIDIA

======List of files/folders modified in the last 1 month======

2011-10-31 23:06:00 ----D---- C:\Windows\Temp
2011-10-31 23:04:18 ----D---- C:\Windows\System32
2011-10-31 23:04:17 ----D---- C:\Windows\inf
2011-10-31 23:04:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-31 23:01:22 ----D---- C:\Windows\Prefetch
2011-10-31 22:59:35 ----D---- C:\Windows\system32\cs-CZ
2011-10-31 22:58:30 ----D---- C:\Windows\winsxs
2011-10-31 22:58:21 ----D---- C:\Windows
2011-10-31 21:32:35 ----SHD---- C:\Windows\Installer
2011-10-31 21:32:09 ----D---- C:\ProgramData\Microsoft Help
2011-10-31 21:31:57 ----RSD---- C:\Windows\assembly
2011-10-31 21:29:17 ----RD---- C:\Program Files
2011-10-31 21:29:08 ----D---- C:\Program Files\Common Files\microsoft shared
2011-10-31 21:28:35 ----D---- C:\Program Files\MSBuild
2011-10-31 21:27:49 ----D---- C:\Program Files\Common Files
2011-10-31 21:27:08 ----RSD---- C:\Windows\Fonts
2011-10-31 21:26:32 ----D---- C:\Program Files\Microsoft.NET
2011-10-31 21:21:47 ----D---- C:\Program Files\Microsoft Visual Studio 8
2011-10-31 21:21:10 ----A---- C:\Windows\win.ini
2011-10-31 21:21:09 ----D---- C:\Program Files\Common Files\System
2011-10-31 21:17:38 ----SHD---- C:\System Volume Information
2011-10-31 21:11:40 ----D---- C:\Windows\system32\drivers
2011-10-31 21:11:36 ----D---- C:\Windows\system32\catroot
2011-10-31 21:10:06 ----D---- C:\Windows\Help
2011-10-31 21:10:06 ----D---- C:\Program Files\NVIDIA Corporation
2011-10-31 20:51:54 ----D---- C:\ProgramData\WinZip
2011-10-31 20:51:53 ----D---- C:\Program Files\Windows Sidebar
2011-10-31 20:47:11 ----D---- C:\Program Files\Webteh
2011-10-31 20:45:31 ----D---- C:\Program Files\JDownloader
2011-10-31 20:45:09 ----D---- C:\Windows\system32\catroot2
2011-10-31 20:34:55 ----D---- C:\Program Files\Microsoft Silverlight
2011-10-31 20:34:28 ----D---- C:\Program Files\QIP Infium
2011-10-31 20:34:28 ----D---- C:\Program Files\QIP 2010
2011-10-31 20:28:24 ----HD---- C:\ProgramData
2011-10-31 20:07:07 ----D---- C:\Windows\Tasks
2011-10-31 20:07:07 ----D---- C:\Windows\system32\Tasks
2011-10-31 20:03:38 ----D---- C:\Windows\Microsoft.NET
2011-10-31 18:35:08 ----SHD---- C:\Boot
2011-10-31 17:25:35 ----ASH---- C:\Program Files\desktop.ini
2011-10-31 16:10:49 ----D---- C:\Program Files\Windows Mail
2011-10-31 16:10:49 ----D---- C:\Program Files\Windows Calendar
2011-10-31 16:10:49 ----D---- C:\Program Files\Movie Maker
2011-10-31 16:10:48 ----D---- C:\Windows\servicing
2011-10-31 16:10:48 ----D---- C:\Program Files\Windows Photo Gallery
2011-10-31 16:10:48 ----D---- C:\Program Files\Windows Media Player
2011-10-31 16:10:48 ----D---- C:\Program Files\Windows Defender
2011-10-31 16:10:48 ----D---- C:\Program Files\Windows Collaboration
2011-10-31 16:10:48 ----D---- C:\Program Files\Internet Explorer
2011-10-31 16:10:43 ----D---- C:\Windows\MSAgent
2011-10-31 16:10:42 ----D---- C:\Windows\system32\XPSViewer
2011-10-31 16:10:42 ----D---- C:\Windows\system32\sysprep
2011-10-31 16:10:42 ----D---- C:\Windows\system32\sv-SE
2011-10-31 16:10:42 ----D---- C:\Windows\system32\setup
2011-10-31 16:10:42 ----D---- C:\Windows\system32\ru-RU
2011-10-31 16:10:42 ----D---- C:\Windows\system32\oobe
2011-10-31 16:10:42 ----D---- C:\Windows\system32\migration
2011-10-31 16:10:42 ----D---- C:\Windows\system32\ko-KR
2011-10-31 16:10:42 ----D---- C:\Windows\system32\it-IT
2011-10-31 16:10:42 ----D---- C:\Windows\system32\ias
2011-10-31 16:10:42 ----D---- C:\Windows\system32\he-IL
2011-10-31 16:10:42 ----D---- C:\Windows\system32\fr-FR
2011-10-31 16:10:42 ----D---- C:\Windows\system32\fi-FI
2011-10-31 16:10:42 ----D---- C:\Windows\system32\en-US
2011-10-31 16:10:42 ----D---- C:\Windows\system32\el-GR
2011-10-31 16:10:42 ----D---- C:\Windows\system32\de-DE
2011-10-31 16:10:42 ----D---- C:\Windows\system32\da-DK
2011-10-31 16:10:42 ----D---- C:\Windows\system32\cs
2011-10-31 16:10:42 ----D---- C:\Windows\system32\com
2011-10-31 16:10:42 ----D---- C:\Windows\system32\AdvancedInstallers
2011-10-31 16:10:42 ----D---- C:\Windows\PolicyDefinitions
2011-10-31 16:10:42 ----D---- C:\Windows\L2Schemas
2011-10-31 16:10:42 ----D---- C:\Windows\IME
2011-10-31 16:10:42 ----D---- C:\Windows\DigitalLocker
2011-10-31 16:10:41 ----D---- C:\Windows\system32\ras
2011-10-31 16:10:41 ----D---- C:\Windows\system32\pt-PT
2011-10-31 16:10:41 ----D---- C:\Windows\system32\hu-HU
2011-10-31 16:10:40 ----D---- C:\Windows\system32\zh-TW
2011-10-31 16:10:40 ----D---- C:\Windows\system32\zh-CN
2011-10-31 16:10:40 ----D---- C:\Windows\system32\wbem
2011-10-31 16:10:40 ----D---- C:\Windows\system32\tr-TR
2011-10-31 16:10:40 ----D---- C:\Windows\system32\SLUI
2011-10-31 16:10:40 ----D---- C:\Windows\system32\ro-RO
2011-10-31 16:10:40 ----D---- C:\Windows\system32\pl-PL
2011-10-31 16:10:40 ----D---- C:\Windows\system32\nl-NL
2011-10-31 16:10:40 ----D---- C:\Windows\system32\nb-NO
2011-10-31 16:10:40 ----D---- C:\Windows\system32\manifeststore
2011-10-31 16:10:40 ----D---- C:\Windows\system32\ja-JP
2011-10-31 16:10:40 ----D---- C:\Windows\system32\icsxml
2011-10-31 16:10:40 ----D---- C:\Windows\system32\es-ES
2011-10-31 16:10:40 ----D---- C:\Windows\system32\drivers\cs-CZ
2011-10-31 16:10:40 ----D---- C:\Windows\system32\ar-SA
2011-10-31 16:10:39 ----D---- C:\Windows\system32\pt-BR
2011-10-31 16:10:39 ----D---- C:\Windows\system32\migwiz
2011-10-31 16:10:27 ----D---- C:\Windows\AppPatch
2011-10-31 16:10:21 ----D---- C:\Windows\system32\Boot
2011-10-31 16:06:02 ----A---- C:\Windows\system32\mrt.exe
2011-10-31 16:06:01 ----A---- C:\Windows\system32\ifxcardm.dll
2011-10-31 16:05:31 ----A---- C:\Windows\system32\axaltocm.dll
2011-10-31 14:08:30 ----D---- C:\Windows\Boot
2011-10-31 13:55:53 ----D---- C:\Windows\system32\zh-HK
2011-10-31 13:55:53 ----D---- C:\Windows\system32\uk-UA
2011-10-31 13:55:52 ----D---- C:\Windows\system32\th-TH
2011-10-31 13:55:52 ----D---- C:\Windows\system32\sr-Latn-CS
2011-10-31 13:55:52 ----D---- C:\Windows\system32\sl-SI
2011-10-31 13:55:52 ----D---- C:\Windows\system32\sk-SK
2011-10-31 13:55:52 ----D---- C:\Windows\system32\lv-LV
2011-10-31 13:55:52 ----D---- C:\Windows\system32\lt-LT
2011-10-31 13:55:52 ----D---- C:\Windows\system32\hr-HR
2011-10-31 13:55:51 ----D---- C:\Windows\system32\et-EE
2011-10-31 13:55:51 ----D---- C:\Windows\system32\bg-BG
2011-10-31 10:50:07 ----D---- C:\Users\jencek\AppData\Roaming\WinRAR
2011-10-31 10:38:18 ----D---- C:\Users\jencek\AppData\Roaming\GHISLER
2011-10-31 10:26:56 ----SD---- C:\Windows\Downloaded Program Files
2011-10-31 01:47:29 ----D---- C:\Program Files\Common Files\Adobe
2011-10-31 01:41:18 ----D---- C:\Windows\system32\config
2011-10-31 01:33:20 ----D---- C:\Windows\twain_32
2011-10-31 01:33:20 ----D---- C:\Windows\system
2011-10-31 01:33:11 ----RSD---- C:\Windows\Media
2011-10-31 01:33:11 ----RD---- C:\Windows\Offline Web Pages
2011-10-31 01:33:11 ----D---- C:\Program Files\Common Files\Services
2011-10-31 01:32:31 ----D---- C:\Windows\tapi
2011-10-31 01:32:31 ----D---- C:\Windows\system32\spool
2011-10-31 01:32:31 ----D---- C:\Windows\system32\Msdtc
2011-10-31 01:32:08 ----D---- C:\Windows\system32\drivers\etc
2011-10-31 01:32:08 ----D---- C:\Windows\system32\CodeIntegrity
2011-10-31 01:32:07 ----D---- C:\Windows\rescache
2011-10-31 01:32:06 ----D---- C:\Windows\cs-CZ
2011-10-31 01:32:03 ----RD---- C:\Users
2011-10-31 01:30:36 ----D---- C:\Windows\registration
2011-10-31 01:30:28 ----SD---- C:\ProgramData\Microsoft
2011-10-31 01:30:28 ----D---- C:\Windows\system32\DriverStore
2011-10-31 01:22:45 ----D---- C:\Program Files\Adobe
2011-10-31 01:01:03 ----D---- C:\Windows\system32\LogFiles
2011-10-30 23:22:34 ----D---- C:\Windows\system32\Macromed
2011-10-27 16:31:26 ----D---- C:\Program Files\QIP
2011-10-23 23:51:21 ----D---- C:\ProgramData\Electronic Arts
2011-10-22 21:05:36 ----D---- C:\Program Files\Opera
2011-10-10 09:11:43 ----D---- C:\Program Files\Google
2011-10-08 00:58:18 ----D---- C:\Users\jencek\AppData\Roaming\vlc
2011-10-07 15:36:49 ----HD---- C:\Program Files\InstallShield Installation Information
2011-10-07 15:36:24 ----D---- C:\ProgramData\NVIDIA
2011-10-07 14:39:24 ----D---- C:\Windows\system32\directx
2011-10-07 14:39:18 ----HD---- C:\Windows\msdownld.tmp
2011-10-05 15:55:59 ----D---- C:\Users\jencek\AppData\Roaming\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-10-31 232512]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdir;epfwtdir; C:\Windows\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-09 163424]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2011-07-08 139880]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2011-10-15 10327360]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2006-11-02 44544]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-02 1010560]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys [2007-01-25 6784]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-09-22 974944]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-10-15 1136448]
R2 PCSUService;PC Speed Up Service; C:\Program Files\Zrychleni Pocitace\PCSUService.exe [2011-07-20 206336]
R2 QipGuard;QipGuard; C:\Program Files\QipGuard\QipGuard.exe [2011-10-26 191440]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------

[vyosek]

Odinstalujte ESET

Nainstalujte Avast Free

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

• C:\Windows\system32\msconfig.exe
• Kliknete na Prochazet
• Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
• Kliknete na Send File
• Pokud na Vas vyskoci obrazovka jako je nize, tak kliknete na ReAnalyse
  
• Vysledek analyzy sem vlozte (jako odkaz)

Spustte HJT a provedeme fixnuti polozek

• HJT najdete zde C:\Program Files\trend micro\jencek.exe
• Otevre se Vam okno, kliknete na Do a system scan only
• V dalsim okne najdete radky které jsem Vam vypsal nize, vedle nich je ctverecek, do ktereho udelate zatrzitko
• R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
  R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
  R3 - URLSearchHook: (no name) - - (no file)
• Kliknete na Fix checked (vlevo dole)
• HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo

Stahnete OTM (viz muj podpis)

• Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
• Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

• Kód: Vybrat vše

  :reg
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  "{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}"=-
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "facemoods"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "Google Update"=-
  "QIP Internet Guardian"=-
  "DAEMON Tools Lite"=-
  
  :files
  C:\Program Files\facemoods.com
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1342190123-1499399694-980328058-1000Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1342190123-1499399694-980328058-1000UA.job
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]

• Kliknete na cervene tlacitko MoveIt!
• Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

[Jencek]

dobrý den,

ESET pryč

avast nainstalován

odkaz na VirusTotal:

http://www.virustotal.com/file-scan/rep ... 1320145142

HJT hotovo

po stáhnutí OTM mi avast nahlásil "nebezpečný soubor" a po cca 5 vteřinách mi naskočila modrá obrazovka a resetovala počítač

na druhý pokus to samé