VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

FB - trojky kon

https://forum.viry.cz:443/viewtopic.php?t=113919

Stránka 1 z 1

FB - trojky kon

Napsal: 29 črc 2011 12:22
od mmajo
zdravim. chytil som z FB malware. Win XP Prof. SP 3 tu je log :
Logfile of random's system information tool 1.09 (written by random/random)
Run by Peter at 2011-07-29 13:20:20
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 174 GB (62%) free of 280 GB
Total RAM: 1023 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:20:58 , on 29.7.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Prevx\prevx.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
C:\Program Files\Labtec\Mouse\2.2\moffice.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\WINDOWS\tsnp325.exe
C:\WINDOWS\vsnp325.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Labtec\Mouse\2.2\MOUSE32A.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wuauclt.exe
H:\RSIT.exe
C:\Program Files\trend micro\Peter.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=fbpage&s= ... Terms}&f=4
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre1.dll
R3 - URLSearchHook: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag1.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre1.dll
O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoods.dll
O2 - BHO: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag1.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Free Lunch Design Toolbar - {57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - C:\Program Files\Free_Lunch_Design\tbFre1.dll
O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoodsTlbr.dll
O3 - Toolbar: PageRage Toolbar - {9565115d-c7d6-46d3-bd63-b67b481a4368} - C:\Program Files\PageRage\tbPag1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\2.2\moffice.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [tsnp325] C:\WINDOWS\tsnp325.exe
O4 - HKLM\..\Run: [snp325] C:\WINDOWS\vsnp325.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [LG PC Suite III] C:\Program Files\LG Electronics\LG PC Suite III\Launcher.exe /launcher /icon
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: CSIScanner - Prevx - C:\Program Files\Prevx\prevx.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8701 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1231753390.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1100 series#1231754623.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-879983540-2147140409-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-879983540-2147140409-1004UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\xn7z6pik.default

prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}:2.7.2.0, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7, ffxtlbr@Facemoods.com:1.1.0, plugin@yontoo.com:1.10.01, {9565115d-c7d6-46d3-bd63-b67b481a4368}:2.7.2.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.2.6&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll

C:\Program Files\Mozilla Firefox\extensions\
ffxtlbr@Facemoods.com
{800b5000-a755-47e1-992b-48a1c1357f07}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
fcmdSrch.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\xn7z6pik.default\extensions\
DTToolbar@toolbarnet.com
ffxtlbr@Facemoods.com
{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}
{800b5000-a755-47e1-992b-48a1c1357f07}
{9565115d-c7d6-46d3-bd63-b67b481a4368}

C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\xn7z6pik.default\searchplugins\
conduit.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-2.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-08-12 1437696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
Free Lunch Design Toolbar - C:\Program Files\Free_Lunch_Design\tbFre1.dll [2010-02-21 2349080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
CescrtHlpr Object - C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoods.dll [2010-04-01 225280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
PageRage Toolbar - C:\Program Files\PageRage\tbPag1.dll [2010-05-26 2393184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2009-01-11 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-09-11 842296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
Yontoo Layers - C:\Program Files\Yontoo Layers Client\YontooIEClient.dll [2010-04-13 194912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2009-01-11 2403392]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]
{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec} - Free Lunch Design Toolbar - C:\Program Files\Free_Lunch_Design\tbFre1.dll [2010-02-21 2349080]
{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - facemoods Toolbar - C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoodsTlbr.dll [2010-04-01 167936]
{9565115d-c7d6-46d3-bd63-b67b481a4368} - PageRage Toolbar - C:\Program Files\PageRage\tbPag1.dll [2010-05-26 2393184]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-03-20 803864]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-08-05 57344]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe [2003-04-07 188416]
"FLMOFFICE4DMOUSE"=C:\Program Files\Labtec\Mouse\2.2\moffice.exe [2009-01-12 958464]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-01-13 111928]
"tsnp325"=C:\WINDOWS\tsnp325.exe [2007-04-21 270336]
"snp325"=C:\WINDOWS\vsnp325.exe [2007-05-10 835584]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-10-07 1461080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-02 68856]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ares"=C:\Program Files\Ares\Ares.exe [2010-02-08 1015808]
"LG PC Suite III"=C:\Program Files\LG Electronics\LG PC Suite III\Launcher.exe [2010-07-10 249856]
"Google Update"=C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-11 136176]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-05 1305408]

C:\Documents and Settings\All Users\Ponuka Štart\Programy\Pri spustení
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Documents and Settings\Peter\Desktop\03.Peťušška\cs\hl.exe"="C:\Documents and Settings\Peter\Desktop\03.Peťušška\cs\hl.exe:*:Disabled:Half-Life Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\Peter\Desktop\03. Peťka\cs\hl.exe"="C:\Documents and Settings\Peter\Desktop\03. Peťka\cs\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Peter\Desktop\03. Peťka\winbox.exe"="C:\Documents and Settings\Peter\Desktop\03. Peťka\winbox.exe:*:Enabled:winbox"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"midi"=wdmaud.drv
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll

======List of files/folders created in the last 1 month======

2011-07-29 13:20:20 ----D---- C:\rsit
2011-07-29 13:20:20 ----D---- C:\Program Files\trend micro
2011-07-29 13:14:55 ----DC---- C:\WINDOWS\$NtUninstallKB2412687$
2011-07-29 13:14:26 ----D---- C:\WINDOWS\LastGood
2011-07-14 18:54:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-06-30 20:14:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$
2011-06-30 19:30:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2476490$

======List of files/folders modified in the last 1 month======

2011-07-29 13:20:27 ----D---- C:\WINDOWS\Prefetch
2011-07-29 13:20:21 ----D---- C:\WINDOWS\Temp
2011-07-29 13:20:20 ----RD---- C:\Program Files
2011-07-29 13:14:56 ----HD---- C:\WINDOWS\inf
2011-07-29 13:14:56 ----D---- C:\WINDOWS\system32
2011-07-29 13:14:56 ----D---- C:\WINDOWS
2011-07-29 13:14:25 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-27 21:48:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-27 17:51:45 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-26 10:58:20 ----D---- C:\WINDOWS\network diagnostic
2011-07-24 18:34:58 ----D---- C:\Documents and Settings\All Users\Application Data\PrevxCSI
2011-07-14 18:54:57 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-14 18:27:58 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-11 22:30:14 ----D---- C:\Program Files\Mozilla Firefox
2011-06-30 20:14:25 ----A---- C:\WINDOWS\imsins.BAK

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-01 43872]
R0 pxscan;pxscan; C:\WINDOWS\System32\drivers\pxscan.sys [2009-04-30 22024]
R0 pxsec;pxsec; C:\WINDOWS\System32\drivers\pxsec.sys [2009-04-30 27656]
R0 uagp35;Microsoft AGPv3.5 Filter; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 viaagp1;VIA AGP Filter; C:\WINDOWS\system32\DRIVERS\viaagp1.sys [2002-12-26 26880]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-08 35840]
R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2011-01-30 218176]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2009-10-07 54184]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-10-07 35168]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-10-07 40824]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2003-08-07 404608]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-08-05 460864]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2004-12-16 42496]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 LgBttPort;LGE Bluetooth TransPort; C:\WINDOWS\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
R3 LGVMODEM;LGE Virtual Modem; C:\WINDOWS\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 vulfntrs;VIA USB Roothub Lower Filter; C:\WINDOWS\System32\Drivers\vulfntr.sys [2002-11-13 10496]
S2 nvtvSND;nVidia WDM TVAudio Crossbar; C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 FETNDISB;VIA Rhine Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5b.sys [2002-10-29 40960]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTSIM;NTSIM; \??\C:\WINDOWS\system32\ntsim.sys []
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\WINDOWS\system32\DRIVERS\s116bus.sys [2007-04-03 83336]
S3 s116mdfl;Sony Ericsson Device 116 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s116mdfl.sys [2007-04-03 15112]
S3 s116mdm;Sony Ericsson Device 116 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s116mdm.sys [2007-04-03 108680]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s116obex.sys [2007-04-03 98696]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\WINDOWS\system32\DRIVERS\s116unic.sys [2007-04-03 99080]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 SNP325;USB PC Camera (SNPSTD325); C:\WINDOWS\system32\DRIVERS\snp325.sys [2007-07-24 10394624]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbbus;LGE Mobile Composite USB Device; C:\WINDOWS\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864]
S3 USBModem;LGE Mobile USB Modem; C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 vulfnths;VIA USB Host Controller Lower Filter; C:\WINDOWS\System32\Drivers\vulfnth.sys [2002-10-24 6912]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CSIScanner;CSIScanner; C:\Program Files\Prevx\prevx.exe [2009-04-30 4368952]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-10-07 472280]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
R2 UxTuneUp;TuneUp Design Expansion; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-10-07 20680]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-11 138168]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]

-----------------EOF-----------------

Re: FB - trojky kon

Napsal: 29 črc 2011 12:27
od vyosek
Zdravim a pekny den preji :)

:arrow: Nedavejte prosim logy do code

:arrow: Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
  • Ukoncete vsechny programy
  • Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
  • Zvolte moznost 2 a potvrte enterem
  • Utilita provede svou cinnost a da log - ten sem vlozte
  • Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte

Re: FB - trojky kon

Napsal: 29 črc 2011 12:34
od mmajo
RK report 2.

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Peter [Admin rights]
Mode: Remove -- Date : 07/29/2011 13:31:44

Bad processes: 2
[SUSP PATH] tsnp325.exe -- c:\windows\tsnp325.exe -> KILLED
[SUSP PATH] vsnp325.exe -- c:\windows\vsnp325.exe -> KILLED

Registry Entries: 4
[SUSP PATH] HKLM\[...]\Run : tsnp325 (C:\WINDOWS\tsnp325.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : snp325 (C:\WINDOWS\vsnp325.exe) -> DELETED
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost


Finished : << RKreport[1].txt >>
RKreport[1].txt


RKreport 3.

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Peter [Admin rights]
Mode: HOSTSFix -- Date : 07/29/2011 13:32:12

Bad processes: 0

HOSTS File:
127.0.0.1 localhost


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt


RKreport 4.

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Peter [Admin rights]
Mode: ProxyFix -- Date : 07/29/2011 13:32:33

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Re: FB - trojky kon

Napsal: 29 črc 2011 12:36
od vyosek
Vyborne, jdeme dale :James008:

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: FB - trojky kon

Napsal: 29 črc 2011 12:38
od mmajo
a este nieco som zabudol ten virus postihol len antiviri a pripojenie na internet

Re: FB - trojky kon

Napsal: 29 črc 2011 12:52
od vyosek
Ano o tom se vi, AV jde do kytek a obcas i pripojeni k netu....

Re: FB - trojky kon

Napsal: 29 črc 2011 13:01
od mmajo
ComboFix 11-07-29.01 - Peter 29.07.2011 13:52:59.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1023.648 [GMT 2:00]
Running from: H:\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\All Users\Application Data\Tarma Installer
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\20100418120333.log
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
C:\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
C:\Documents and Settings\Peter\Application Data\facemoods.com
C:\Documents and Settings\Peter\Application Data\Mikrotik
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\advtool.crc
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\advtool.dll
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\dhcp.crc
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\dhcp.dll
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\hotspot.crc
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\hotspot.dll
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\mpls.crc
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\mpls.dll
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\ppp.crc
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\ppp.dll
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\roteros.crc
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\roteros.dll
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\roting4.crc
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\roting4.dll
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\secure.crc
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\secure.dll
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\system.crc
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\system.dll
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\wlan4.crc
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\4.10-3847395422\wlan4.dll
C:\Documents and Settings\Peter\Application Data\Mikrotik\Winbox\winbox.cfg
C:\Documents and Settings\Peter\Sublock.dll
C:\Documents and Settings\Peter\WINDOWS
C:\Program Files\facemoods.com
C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoods.crx
C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoods.dll
C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoods.png
C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoodsApp.dll
C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoodsEng.dll
C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoodssafe.dll
C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoodsTlbr.dll
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\.svn\all-wcprops
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\.svn\entries
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\.svn\prop-base\vssver.scc.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\.svn\text-base\chrome.manifest.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\.svn\text-base\install.rdf.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\.svn\text-base\vssver.scc.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\components\FFHst.xpt
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\all-wcprops
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\entries
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\prop-base\facemoods.png.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\prop-base\Thumbs.db.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\prop-base\vssver.scc.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\text-base\facemoods.css.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\text-base\facemoods.png.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\text-base\facemoods.xul.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\text-base\fcmdDef.js.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\text-base\Loader.js.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\text-base\mtrprt.js.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\text-base\newTabLgc.js.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\text-base\prefman.js.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\text-base\script-compiler.js.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\text-base\Thumbs.db.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\text-base\utils.js.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\text-base\vssver.scc.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\text-base\xmlhttprequester.js.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\.svn\text-base\xpiInstallLgc.js.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.css
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.png
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\facemoods.xul
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\fcmdDef.js
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\all-wcprops
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\entries
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\prop-base\facemoods.png.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\prop-base\fb.gif.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\prop-base\help_16.gif.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\prop-base\home.gif.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\prop-base\logo.png.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\prop-base\moodsIcon.png.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\prop-base\pref.jpg.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\prop-base\privecy_16_hot.gif.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\prop-base\stripicons.png.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\prop-base\tellafriend.gif.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\prop-base\Thumbs.db.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\prop-base\vssver.scc.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\text-base\facemoods.png.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\text-base\fb.gif.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\text-base\help_16.gif.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\text-base\home.gif.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\text-base\logo.png.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\text-base\moodsIcon.png.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\text-base\pref.jpg.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\text-base\privecy_16_hot.gif.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\text-base\stripicons.png.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\text-base\tellafriend.gif.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\text-base\Thumbs.db.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\.svn\text-base\vssver.scc.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\facemoods.png
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\fb.gif
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\help_16.gif
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\home.gif
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\logo.png
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\moodsIcon.png
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\pref.jpg
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\privecy_16_hot.gif
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\stripicons.png
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\tellafriend.gif
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\Thumbs.db
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\images\vssver.scc
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\instlgc.js
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\Loader.js
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\mtrprt.js
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\newTabLgc.js
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\.svn\all-wcprops
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\.svn\entries
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\.svn\prop-base\vssver.scc.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\.svn\text-base\preferences.js.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\.svn\text-base\preferences.xul.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\.svn\text-base\vssver.scc.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.js
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\preferences.xul
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\preferences\vssver.scc
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\prefman.js
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\script-compiler.js
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\Thumbs.db
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\utils.js
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\vssver.scc
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\xmlhttprequester.js
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\.svn\all-wcprops
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\.svn\entries
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\preferences\.svn\all-wcprops
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\preferences\.svn\entries
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\preferences\.svn\prop-base\vssver.scc.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\preferences\.svn\text-base\instlPref.js.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\preferences\.svn\text-base\vssver.scc.svn-base
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\preferences\instlPref.js
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\defaults\preferences\vssver.scc
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\chrome.manifest
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\chrome\.svn\all-wcprops
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\chrome\.svn\entries
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\install.rdf
C:\Program Files\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com\vssver.scc


((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-29 )))))))))))))))))))))))))))))))


2011-07-29 11:20:20 . 2011-07-29 11:21:00 -------- d-----w- C:\rsit
2011-07-29 11:20:20 . 2011-07-29 11:20:58 -------- d-----w- C:\Program Files\trend micro
2011-07-29 11:14:26 . 2011-07-29 11:14:26 -------- d-----w- C:\WINDOWS\LastGood
2011-07-11 20:30:16 . 2011-06-16 04:53:46 142296 ----a-w- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
2011-07-11 20:30:14 . 2011-06-16 04:53:46 89048 ----a-w- C:\Program Files\Mozilla Firefox\libEGL.dll
2011-07-11 20:30:14 . 2011-06-16 04:53:46 781272 ----a-w- C:\Program Files\Mozilla Firefox\mozsqlite3.dll
2011-07-11 20:30:14 . 2011-06-16 04:53:46 465880 ----a-w- C:\Program Files\Mozilla Firefox\libGLESv2.dll
2011-07-11 20:30:14 . 2011-06-16 04:53:46 1850328 ----a-w- C:\Program Files\Mozilla Firefox\mozjs.dll
2011-07-11 20:30:14 . 2011-06-16 04:53:46 15832 ----a-w- C:\Program Files\Mozilla Firefox\mozalloc.dll
2011-07-11 20:30:14 . 2010-01-01 08:00:00 2106216 ----a-w- C:\Program Files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-11 20:30:14 . 2010-01-01 08:00:00 1998168 ----a-w- C:\Program Files\Mozilla Firefox\d3dx9_43.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-06-02 14:02:05 . 2004-08-04 12:00:00 1858944 ----a-w- C:\WINDOWS\system32\win32k.sys
2011-05-11 00:45:48 . 2010-06-06 09:42:51 110592 ----a-w- C:\Documents and Settings\Peter\LGMobileDL.dll
2011-05-02 15:31:52 . 2009-01-11 13:10:10 692736 ----a-w- C:\WINDOWS\system32\inetcomm.dll
2011-06-16 04:53:46 . 2011-07-11 20:30:16 142296 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-10-08 11:22:08 173368]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "C:\Program Files\Free_Lunch_Design\tbFre1.dll" [2010-02-21 19:18:06 2349080]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "C:\Program Files\PageRage\tbPag1.dll" [2010-05-26 07:52:11 2393184]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
2010-02-21 19:18:06 2349080 ----a-w- C:\Program Files\Free_Lunch_Design\tbFre1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9565115d-c7d6-46d3-bd63-b67b481a4368}]
2010-05-26 07:52:11 2393184 ----a-w- C:\Program Files\PageRage\tbPag1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 11:22:06 1172792 ----a-w- C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2010-04-12 23:36:27 194912 ------w- C:\Program Files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 11:22:06 1172792]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "C:\Program Files\Free_Lunch_Design\tbFre1.dll" [2010-02-21 19:18:06 2349080]
"{9565115d-c7d6-46d3-bd63-b67b481a4368}"= "C:\Program Files\PageRage\tbPag1.dll" [2010-05-26 07:52:11 2393184]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-10-08 11:22:06 1172792]
"{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"= "C:\Program Files\Free_Lunch_Design\tbFre1.dll" [2010-02-21 19:18:06 2349080]
"{9565115D-C7D6-46D3-BD63-B67B481A4368}"= "C:\Program Files\PageRage\tbPag1.dll" [2010-05-26 07:52:11 2393184]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]

[HKEY_CLASSES_ROOT\clsid\{9565115d-c7d6-46d3-bd63-b67b481a4368}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-02 15:52:40 68856]
"ares"="C:\Program Files\Ares\Ares.exe" [2010-02-08 14:51:32 1015808]
"LG PC Suite III"="C:\Program Files\LG Electronics\LG PC Suite III\Launcher.exe" [2010-07-10 17:28:23 249856]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2011-01-05 09:09:52 1305408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2003-08-05 05:59:54 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 01:38:00 34672]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-04-07 19:31:46 188416]
"FLMOFFICE4DMOUSE"="C:\Program Files\Labtec\Mouse\2.2\moffice.exe" [2009-01-12 10:11:07 958464]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50:42 155648]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2009-01-13 14:48:34 111928]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 08:15:42 1461080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 00:12:16 15360]

C:\Documents and Settings\All Users\Ponuka ćtart\Programy\Pri spustenˇ\
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\ICQ7.4\\ICQ.exe"=

R0 pxscan;pxscan;C:\WINDOWS\system32\drivers\pxscan.sys [9.2.2009 23:03:06 22024]
R0 pxsec;pxsec;C:\WINDOWS\system32\drivers\pxsec.sys [18.4.2009 22:10:35 27656]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\WINDOWS\system32\drivers\dtsoftbus01.sys [30.1.2011 21:37:01 218176]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\drivers\epfwtdir.sys [24.10.2008 21:53:28 35168]
R2 CSIScanner;CSIScanner;C:\Program Files\Prevx\prevx.exe [9.2.2009 23:03:06 4368952]
R2 ekrn;Eset Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 10:16:50 472280]
R2 ICQ Service;ICQ Service;C:\Program Files\ICQ6Toolbar\ICQ Service.exe [26.2.2009 22:22:07 247096]
R3 LgBttPort;LGE Bluetooth TransPort;C:\WINDOWS\system32\drivers\lgbtport.sys [29.9.2009 8:11:22 12160]
R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\WINDOWS\system32\drivers\lgbtbus.sys [29.9.2009 8:11:20 10496]
R3 LGVMODEM;LGE Virtual Modem;C:\WINDOWS\system32\drivers\lgvmodem.sys [29.9.2009 8:11:20 12928]
S2 nvtvSND;nVidia WDM TVAudio Crossbar;C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys --> C:\WINDOWS\system32\DRIVERS\nvtvsnd.sys [?]
S3 SNP325;USB PC Camera (SNPSTD325);C:\WINDOWS\system32\drivers\snp325.sys [27.2.2009 15:14:39 10394624]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

Contents of the 'Scheduled Tasks' folder

2011-07-01 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 15:53:42 . 2006-12-30 13:13:57]

2009-04-19 C:\WINDOWS\Tasks\FRU Task 2003-04-06 08:52:06ewlett-Packard2003-04-06 08:52:06p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8231753390.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52:08 . 2003-04-05 23:52:08]

2011-07-26 C:\WINDOWS\Tasks\FRU Task 2003-04-06 08:52:06ewlett-Packard2003-04-06 08:52:06p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8231754623.job
- C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 23:52:08 . 2003-04-05 23:52:08]

2011-07-27 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-879983540-2147140409-1004Core.job
- C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-11 19:07:03 . 2010-09-11 19:07:00]

2011-07-29 C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-879983540-2147140409-1004UA.job
- C:\Documents and Settings\Peter\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-11 19:07:03 . 2010-09-11 19:07:00]


------- Supplementary Scan -------

uStart Page = hxxp://start.icq.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.180.22 192.168.198.23
FF - ProfilePath - C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\xn7z6pik.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2418376&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q=

- - - - ORPHANS REMOVED - - - -

BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.3.61.0\facemoodsTlbr.dll
AddRemove-Dream Day First Home - C:\Documents and Settings\Peter\Desktop\03. Peťka\Dream Day First Home\Uninstall.exe
AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe

Re: FB - trojky kon

Napsal: 29 črc 2011 13:17
od mmajo
ok diki uz ide internet :D

Re: FB - trojky kon

Napsal: 29 črc 2011 14:00
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Folder::
C:\Program Files\SweetIM
C:\Program Files\ICQ6Toolbar

File::
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-879983540-2147140409-1004Core.job
c:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-879983540-2147140409-1004UA.job

DDS::
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://home.sweetim.com

Firefox::
FF - ProfilePath - C:\Documents and Settings\Peter\Application Data\Mozilla\Firefox\Profiles\xn7z6pik.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.2.6&q=

Registry::
[-HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[-HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[-HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"=-
"DAEMON Tools Lite"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"NeroFilterCheck"=-
"SweetIM"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Driver::
ICQ Service

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz