[es] - Pojava foldera na desktopu prilikom paljenja wireles-a

ed-win
STUDET
Podgorica

Član broj: 202900
Poruke: 7
213.133.24.*

Profil

Re: Pojava foldera na desktopu prilikom paljenja wireles-a

^{23.09.2009. u 17:06 - pre 177 meseci}

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:27, on 23/09/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\SmoothView\SmoothView.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Folder Guard\FGKey.exe
C:\Program Files\Dealio Toolbar\SearchSettings.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
C:\Program Files\Windows Sidebar\sidebar.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Windows\system32\wbem\unsecapp.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Users\EDO\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/...=aus&qkw=%s&tbid=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard\FGKey.exe /Start
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/o...hibaukbholink-21&site=home (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate1c9ed10d6f77110) (gupdate1c9ed10d6f77110) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 13289 bytes

e.d

Odgovor na temu

Milan86
Beograd

Član broj: 67398
Poruke: 599
*.dynamic.sbb.rs.

+7 Profil

Re: Pojava foldera na desktopu prilikom paljenja wireles-a

^{23.09.2009. u 20:00 - pre 177 meseci}

Popravi sledeće:

C:\Program Files\Dealio Toolbar\SearchSettings.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe
O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)
O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/o...hibaukbholink-21&site=home (file missing)

Odgovor na temu

ed-win
STUDET
Podgorica

Član broj: 202900
Poruke: 7
*.com
Via: [es] mailing liste

Profil

Re: Pojava foldera na desktopu prilikom paljenja wireles-a

^{23.09.2009. u 21:56 - pre 177 meseci}

odradio sam ovaj repair,nakon toga pojavio mi se folder sa backup-om na desktopu i unutar njega fajlovi koje sam repair-ovao.Potom sam restartovao racunar,onda ukljucio wireles i ponovo mi se pojavio nezeljeni folder na desktopu...:-(

_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy!
http://spaces.live.com/spacesa...rl=/friends.aspx&mkt=en-us
--_a6e6e64a-1a19-4089-ac83-8aab06d24d86_
Content-Type: text/html; charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style></style>
</head>
<body class='hmmessage'>
 > To: [email protected] > Subject: Re: pojava foldera na desktopu prilikom paljenja wireles-a [elitesecurity.pracenje.teme] > From: [email protected] > Date: Wed, 23 Sep 2009 21:00:55 +0200 > > Popravi slede�e: > > > > C:Program FilesDealio ToolbarSearchSettings.exe > > C:PROGRA~1CrawlerToolbarCToolbar.exe > > R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) > > R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:Program FilesDealio ToolbarSearchSettings.dll > > O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:Program FilesDealio ToolbarDealioToolbarIE.dll > > O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) > > O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) > > O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:Program FilesDealio ToolbarSearchSettings.dll > > O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file) > > O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:Program FilesDealio ToolbarDealioToolbarIE.dll > > O4 - HKLM..Run: [SearchSettings] C:Program FilesDealio ToolbarSearchSettings.exe > > O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - (http://rover.ebay.com/rover/1/710-44557-9400-3/4: http://rover.ebay.com/rover/1/710-44557-9400-3/4 ) (file missing) > > O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - (http://www.amazon.co.uk/exec/o...kbholink-21&site=home: http://www.amazon.co.uk/exec/o...ukbholink-21&site=home ) (file missing) > > > > -- > http://www.elitesecurity.org/p2395573 > > Prijave/odjave: http://www.elitesecurity.org/pracenje#376423 > > Ne menjajte sledece dve linije ukoliko odgovarate putem emaila! > esauth:376423:a26bff6da4f30d9daa2462b109ffb24c >

e.d

Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta

+16 Profil

Re: Pojava foldera na desktopu prilikom paljenja wireles-a

^{23.09.2009. u 22:45 - pre 177 meseci}

Procitaj Top Temu o koriscenju Combofix programa.

Znaci,iskljuci AntiVirus,download-uj Combofix sa datih linkova,odradi skeniranje po uputstvu
i kopiraj log koji Combofix napravi po zavrsetku skeniranja skeniranja

http://www.itfix.biz/images/Malware.JPG

Odgovor na temu

ed-win
STUDET
Podgorica

Član broj: 202900
Poruke: 7
*.com
Via: [es] mailing liste

Profil

Re: Pojava foldera na desktopu prilikom paljenja wireles-a

^{26.09.2009. u 13:59 - pre 177 meseci}

Evo odradio sam ovo sto si mi rekao,sada cu ti kopirati rezultat poslije sjeniranja comboFix-a:

ComboFix 09-09-25.01 - EDO 26/09/2009 14:44.1.2 - NTFSx86
Microsoft� Windows Vista� Home Premium 6.0.6001.1.1250.381.1033.18.2037.979 [GMT 2:00]
Running from: c:usersEDODesktopComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: avast! antivirus 4.8.1229 [VPS 090202-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spyware Terminator *enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:program filesDealio Toolbar
c:program filesDealio Toolbarconfig.ini
c:program filesDealio ToolbarDealioToolbarIE.dll
c:program filesDealio ToolbarResamazon.gif
c:program filesDealio ToolbarResapple.gif
c:program filesDealio ToolbarResbarnes.gif
c:program filesDealio ToolbarResbestbuy.gif
c:program filesDealio ToolbarResdealio_logo.gif
c:program filesDealio ToolbarResdealio_logo_hover.gif
c:program filesDealio ToolbarResebay.gif
c:program filesDealio ToolbarResicon_settings.gif
c:program filesDealio ToolbarResmacys.gif
c:program filesDealio ToolbarResnewegg.gif
c:program filesDealio ToolbarResoverstock.gif
c:program filesDealio ToolbarRessearch-button-hover.gif
c:program filesDealio ToolbarRessearch-button.gif
c:program filesDealio ToolbarRessearch-chevron-hover.gif
c:program filesDealio ToolbarRessearch-chevron.gif
c:program filesDealio ToolbarRessearch_amazon.gif
c:program filesDealio ToolbarRessearch_dealio.gif
c:program filesDealio ToolbarRessearch_ebay.gif
c:program filesDealio ToolbarRessearch_yahoo.gif
c:program filesDealio ToolbarResseparator.gif
c:program filesDealio ToolbarRestarget.gif
c:program filesDealio ToolbarReswalmart.gif
c:program filesDealio ToolbarReswidgets.xml
c:program filesDealio ToolbarSearchSettings.exe
c:program filesDealio ToolbarSearchSettingsRes409.dll
c:program filesDealio Toolbarsscfg.ini
c:program filesDealio ToolbarWidgiHelper.exe
c:usersEDOAppDataRoaming.#
c:windowsInstaller4a9b63.msi
c:windowsInstaller8b18e5.msi
c:windowsInstallerWMEncoder.msi
c:windowssystemMSW.DLL
c:windowssystem32NTSVc.ocx

.
((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 )))))))))))))))))))))))))))))))
.

2009-09-26 12:51 . 2009-09-26 12:51 -------- d-----w- c:usersDefaultAppDataLocaltemp
2009-09-25 15:04 . 2009-09-25 15:12 -------- d-----w- c:program filesWirelessMon
2009-09-23 21:15 . 2009-09-23 21:15 -------- d-----w- c:program filesESET
2009-09-21 16:17 . 2009-09-21 16:56 -------- d-----w- C:$AVG8.VAULT$
2009-09-21 13:21 . 2009-09-23 21:10 -------- d-----w- c:programdataavg8
2009-09-13 11:32 . 2009-09-26 11:02 -------- d-----w- c:program filesWinClamAVShield
2009-09-12 16:11 . 2009-09-12 16:11 -------- d-----w- c:program filesCrawler
2009-09-12 16:10 . 2009-09-12 16:10 142592 ----a-w- c:windowssystem32driverssp_rsdrv2.sys
2009-09-12 16:10 . 2009-09-26 12:39 -------- d-----w- c:usersEDOAppDataRoamingSpyware Terminator
2009-09-12 16:10 . 2009-09-25 13:47 -------- d-----w- c:programdataSpyware Terminator
2009-09-12 16:10 . 2009-09-23 21:22 -------- d-----w- c:program filesSpyware Terminator
2009-09-10 15:06 . 2009-06-15 15:24 175104 ----a-w- c:windowssystem32wdigest.dll
2009-09-10 15:06 . 2009-06-15 15:24 270848 ----a-w- c:windowssystem32schannel.dll
2009-09-10 15:06 . 2009-06-15 15:23 1256448 ----a-w- c:windowssystem32lsasrv.dll
2009-09-10 15:06 . 2009-06-15 15:22 213504 ----a-w- c:windowssystem32msv1_0.dll
2009-09-10 15:06 . 2009-06-15 15:21 499712 ----a-w- c:windowssystem32kerberos.dll
2009-09-10 15:06 . 2009-06-15 18:20 439896 ----a-w- c:windowssystem32driversksecdd.sys
2009-09-10 15:06 . 2009-06-15 15:24 72704 ----a-w- c:windowssystem32secur32.dll
2009-09-10 15:06 . 2009-06-15 12:57 9728 ----a-w- c:windowssystem32lsass.exe
2009-09-10 14:17 . 2009-02-05 20:06 51792 ----a-w- c:windowssystem32driversaswMonFlt.sys
2009-09-10 14:00 . 2009-08-28 12:39 28672 ----a-w- c:windowssystem32Apphlpdm.dll
2009-09-10 14:00 . 2009-08-28 10:15 4240384 ----a-w- c:windowssystem32GameUXLegacyGDFs.dll
2009-08-27 15:46 . 2009-06-22 10:22 2048 ----a-w- c:windowssystem32tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-26 12:51 . 2009-03-29 21:14 -------- d-----w- c:usersEDOAppDataRoamingSkype
2009-09-25 13:42 . 2008-09-17 16:30 -------- d-----w- c:usersEDOAppDataRoamingToshiba
2009-09-24 14:49 . 2008-10-09 19:04 -------- d-----w- c:program fileseclipse
2009-09-23 21:24 . 2008-09-23 13:16 -------- d-----w- c:program filesCCleaner
2009-09-14 21:12 . 2008-09-21 21:54 -------- d-----w- c:program filesAskTBar
2009-09-13 12:10 . 2008-04-22 17:12 -------- d-----w- c:program filesCommon FilesAdobe
2009-09-12 16:33 . 2008-09-17 14:38 114400 ----a-w- c:usersEDOAppDataLocalGDIPFONTCACHEV1.DAT
2009-09-10 15:19 . 2009-04-06 21:08 680 ----a-w- c:usersEDOAppDataLocald3d9caps.dat
2009-09-10 15:09 . 2008-04-23 06:35 -------- d-----w- c:programdataMicrosoft Help
2009-09-10 14:55 . 2006-11-02 11:18 -------- d-----w- c:program filesWindows Mail
2009-09-10 14:55 . 2009-02-21 22:26 -------- d-----w- c:program filesMicrosoft Silverlight
2009-08-21 14:04 . 2009-05-31 11:52 -------- d-----w- c:usersEDOAppDataRoamingFolder Guard
2009-08-21 14:04 . 2009-05-31 11:49 -------- d-----w- c:program filesFolder Guard
2009-08-14 17:07 . 2009-09-10 14:01 897608 ----a-w- c:windowssystem32driverstcpip.sys
2009-08-14 16:29 . 2009-09-10 14:01 104960 ----a-w- c:windowssystem32netiohlp.dll
2009-08-14 16:29 . 2009-09-10 14:01 17920 ----a-w- c:windowssystem32netevent.dll
2009-08-14 14:16 . 2009-09-10 14:01 9728 ----a-w- c:windowssystem32TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-10 14:01 17920 ----a-w- c:windowssystem32ROUTE.EXE
2009-08-14 14:16 . 2009-09-10 14:01 11264 ----a-w- c:windowssystem32MRINFO.EXE
2009-08-14 14:16 . 2009-09-10 14:01 27136 ----a-w- c:windowssystem32NETSTAT.EXE
2009-08-14 14:16 . 2009-09-10 14:01 19968 ----a-w- c:windowssystem32ARP.EXE
2009-08-14 14:16 . 2009-09-10 14:01 8704 ----a-w- c:windowssystem32HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-10 14:01 10240 ----a-w- c:windowssystem32finger.exe
2009-07-18 16:06 . 2009-07-30 17:08 827904 ----a-w- c:windowssystem32wininet.dll
2009-07-18 16:01 . 2009-07-30 17:08 78336 ----a-w- c:windowssystem32ieencode.dll
2009-07-18 09:46 . 2009-07-30 17:08 26624 ----a-w- c:windowssystem32ieUnatt.exe
2009-07-17 14:35 . 2009-08-13 12:55 71680 ----a-w- c:windowssystem32atl.dll
2009-07-14 13:00 . 2009-08-13 12:54 313344 ----a-w- c:windowssystem32wmpdxm.dll
2009-07-14 12:59 . 2009-08-13 12:54 4096 ----a-w- c:windowssystem32dxmasf.dll
2009-07-14 12:58 . 2009-08-13 12:54 7680 ----a-w- c:windowssystem32spwmp.dll
2009-07-14 10:59 . 2009-08-13 12:54 8147456 ----a-w- c:windowssystem32wmploc.DLL
2009-07-11 19:32 . 2009-09-10 14:01 513024 ----a-w- c:windowssystem32wlansvc.dll
2009-07-11 19:32 . 2009-09-10 14:01 302592 ----a-w- c:windowssystem32wlansec.dll
2009-07-11 19:32 . 2009-09-10 14:01 293376 ----a-w- c:windowssystem32wlanmsm.dll
2009-07-11 19:29 . 2009-09-10 14:01 127488 ----a-w- c:windowssystem32L2SecHC.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:program filesmozilla firefoxpluginslibdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:program filesmozilla firefoxpluginsssldivx.dll
2009-03-12 22:02 . 2009-03-12 22:02 0 --sha-w- c:windowsSystem32sys_drv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:program filesWindows LiveMessengermsnmsgr.exe" [2009-02-06 3885408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe" [2007-12-13 1688872]
"Skype"="c:program filesSkypePhoneSkype.exe" [2009-03-11 24095528]
"ehTray.exe"="c:windowsehomeehTray.exe" [2008-01-21 125952]
"SpywareTerminatorUpdate"="c:program filesSpyware TerminatorSpywareTerminatorUpdate.exe" [2009-09-12 3055616]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"TPwrMain"="c:program filesTOSHIBAPower SaverTPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:program filesTOSHIBATBSHSON.exe" [2007-10-31 54608]
"SmoothView"="c:program filesToshibaSmoothViewSmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:program filesTOSHIBAFlashCardsTCrdMain.exe" [2008-01-22 712704]
"fssui"="c:program filesWindows LiveFamily Safetyfsui.exe" [2009-02-06 454000]
"SunJavaUpdateSched"="c:program filesJavajre1.6.0_07binjusched.exe" [2008-06-10 144784]
"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-05-28 1029416]
"FG_Monitor"="c:program filesFolder GuardFGKey.exe" [2009-03-24 132424]
"SpywareTerminator"="c:program filesSpyware TerminatorSpywareTerminatorShield.exe" [2009-09-12 2171904]
"egui"="c:program filesESETESET Smart Securityegui.exe" [2008-07-01 1447168]
"RtHDVCpl"="RtHDVCpl.exe" - c:windowsRtHDVCpl.exe [2008-01-29 4911104]

c:programdataMicrosoftWindowsStart MenuProgramsStartup
Bluetooth Manager.lnk - c:program filesToshibaBluetooth Toshiba StackTosBtMng.exe [2008-1-25 2938184]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"AppInit_DLLs"=c:progra~1GoogleGOOGLE~3GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ PDBoot.exeautocheck autochk *

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@="Service"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-1034232064-2279216250-2363570500-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
"TCP Query User{28B057F1-274A-4A7B-B0D9-BE0DED0A23AD}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe
"UDP Query User{3D70D057-D432-43F1-A6C6-112AD064E214}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe
"TCP Query User{C20F3FFD-4A02-49F0-963C-14E5F0ACE68A}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe
"UDP Query User{CD3B3FB0-A778-4CC7-8B4C-0B8F378F98B5}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe
"TCP Query User{E5DA0683-C590-4B2F-A311-9965BE90B870}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe
"UDP Query User{3C11572B-1A68-42C8-B8F2-A99FA6E3438B}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe
"TCP Query User{AC5592F3-0FB8-4FF6-B0E0-B7A8B2385528}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe
"UDP Query User{82BC3D69-8CCC-46B7-A6F6-C2A3137A4CD6}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe
"TCP Query User{9F5B5053-8403-4E36-A88D-6FDFB0F6658D}c:\program files\windows live\messenger\msnmsgr.exe"= UDP:c:program fileswindows livemessengermsnmsgr.exe:Windows Live Messenger
"UDP Query User{20340B07-01F9-47C2-A8C9-B5F59E8B0204}c:\program files\windows live\messenger\msnmsgr.exe"= TCP:c:program fileswindows livemessengermsnmsgr.exe:Windows Live Messenger
"TCP Query User{663ECF2F-E4B9-42FD-BBB4-79465A48F42E}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe
"UDP Query User{6C2B3F76-DEDC-45E5-AD88-3FCF9E190BC0}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe
"TCP Query User{0B58CBAD-50B8-4DD5-BD84-A6F92C6438A6}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe
"UDP Query User{E02E369C-E872-40F9-8D45-AFBB784934CC}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe
"TCP Query User{CE615757-7147-46F7-AE5C-3C7501136283}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe
"UDP Query User{D21996F4-4247-4CCD-9516-5D900FFC5E54}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe
"TCP Query User{EA162715-4F11-4DD9-A55D-5837FC307196}c:\users\edo\appdata\local\temp\rarsfx1\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx1hl.exe:hl.exe
"UDP Query User{C4963D4F-B749-4E08-91EA-7776BA89B410}c:\users\edo\appdata\local\temp\rarsfx1\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx1hl.exe:hl.exe
"TCP Query User{944C3C81-D8F6-48CB-B0B2-27F458E171C7}c:\users\edo\appdata\local\temp\rarsfx5\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx5hl.exe:hl.exe
"UDP Query User{EA49780C-21A4-4315-89F5-80D266759EE4}c:\users\edo\appdata\local\temp\rarsfx5\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx5hl.exe:hl.exe
"TCP Query User{93622879-AFC2-4BA7-89B8-02AEC63B812D}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= UDP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary
"UDP Query User{55402014-180B-4061-B771-444B4FBE0509}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= TCP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary
"{8B499D1F-4728-40CB-B810-0252832C4FDB}"= c:program filesSkypePhoneSkype.exe:Skype
"{9CDD1642-ACAC-476D-BC94-2368757C9046}"= c:program filesSkypePhoneSkype.exe:Skype
"TCP Query User{CDFBB7D8-B624-4E29-8E0F-DE1CFDB45CA8}c:\users\edo\appdata\local\temp\rarsfx6\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx6hl.exe:hl.exe
"UDP Query User{F0E0E2FB-B11C-4724-A183-C56B49756BB1}c:\users\edo\appdata\local\temp\rarsfx6\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx6hl.exe:hl.exe
"TCP Query User{24C1338A-264C-46D4-8667-708D3C8C161B}c:\users\edo\appdata\local\temp\rarsfx7\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx7hl.exe:hl.exe
"UDP Query User{37D1507E-1BCB-483A-85AA-92870A94C223}c:\users\edo\appdata\local\temp\rarsfx7\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx7hl.exe:hl.exe
"{235C35FD-B8BC-42BB-AA3D-ECAE78E2DD09}"= c:program filesSkypePhoneSkype.exe:Skype
"TCP Query User{A1CE5AF9-2586-45DC-BC1C-A8910486F81B}c:\users\edo\appdata\local\temp\rarsfx8\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx8hl.exe:hl.exe
"UDP Query User{D2C4AD48-D8B9-4850-8FF6-743F6D49A8F0}c:\users\edo\appdata\local\temp\rarsfx8\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx8hl.exe:hl.exe
"{59A35467-6E8E-4DFA-AF12-58669AB3764A}"= c:program filesSkypePhoneSkype.exe:Skype
"TCP Query User{A31E95BB-3F98-484C-9B47-B4E1E4012BE3}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= UDP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary
"UDP Query User{47E5EB56-541C-46C0-BBA3-8825914E829F}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= TCP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary
"TCP Query User{1BC140AE-BBB1-4FC3-8523-9699554CABAA}c:\users\edo\appdata\local\temp\rarsfx9\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx9hl.exe:hl.exe
"UDP Query User{9A44301F-146E-441F-8350-6AC9B9771209}c:\users\edo\appdata\local\temp\rarsfx9\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx9hl.exe:hl.exe
"TCP Query User{1A03CF9C-B1BF-466D-A337-229C3EF1918A}c:\users\edo\appdata\local\temp\rarsfx10\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx10hl.exe:hl.exe
"UDP Query User{C2B3964F-0567-40F1-8001-7917CFE3AF89}c:\users\edo\appdata\local\temp\rarsfx10\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx10hl.exe:hl.exe
"TCP Query User{2F8F1FE1-64FE-4279-88EC-2BB06E3DD0B2}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe
"UDP Query User{1A40830E-A351-4A8F-B852-3151708ADA5C}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe
"{D5E25D5C-B387-40B2-93BA-61F07D8C69AD}"= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
"{25ED5032-C100-47F9-A768-7E857D25EFA1}"= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
"{FD65048E-0698-4411-BE49-FE4EAC1C65F8}"= c:program filesSkypePhoneSkype.exe:Skype
"{C95C0DC8-4EBE-4DA4-B31C-BA0AF4540673}"= c:program filesSkypePhoneSkype.exe:Skype
"{B29C8A7F-01A3-4AD6-AA7B-2ED5F338F084}"= c:program filesSkypePhoneSkype.exe:Skype
"TCP Query User{232FA13C-584A-4B71-8732-AB4370B7962C}c:\users\edo\appdata\local\temp\rarsfx11\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx11hl.exe:hl.exe
"UDP Query User{2A3EF8AD-0F5B-4452-9FC5-9648B543495F}c:\users\edo\appdata\local\temp\rarsfx11\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx11hl.exe:hl.exe
"{69FDAF82-DCE2-4C5E-8DFB-F955267DAE13}"= c:program filesSkypePhoneSkype.exe:Skype
"TCP Query User{A4CE1BEB-8D60-424C-B1E6-1318E5D5E1F7}c:\users\edo\appdata\local\temp\rarsfx12\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx12hl.exe:hl.exe
"UDP Query User{76FD5A59-CD08-41CC-9E96-126ABD5A7F24}c:\users\edo\appdata\local\temp\rarsfx12\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx12hl.exe:hl.exe
"TCP Query User{003C87E4-4BF7-4F80-AD58-99D504156F33}c:\users\edo\appdata\local\temp\rarsfx13\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx13hl.exe:hl.exe
"UDP Query User{977A5291-0182-47B8-ABED-BF8D2E840C0B}c:\users\edo\appdata\local\temp\rarsfx13\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx13hl.exe:hl.exe
"{21637CFE-3500-4073-A567-4F8768A0BC85}"= c:program filesSkypePhoneSkype.exe:Skype
"TCP Query User{CD3E1D89-4801-483C-A583-0B77248E26BC}c:\users\edo\appdata\local\temp\rarsfx14\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx14hl.exe:hl.exe
"UDP Query User{C9FC525B-3AD8-4BEA-8CEE-E39AF29F5A9C}c:\users\edo\appdata\local\temp\rarsfx14\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx14hl.exe:hl.exe
"TCP Query User{92858762-80B0-49CF-A5ED-19D949366395}c:\users\edo\appdata\local\temp\rarsfx15\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx15hl.exe:hl.exe
"UDP Query User{A32AD7DD-D4D5-4719-8EDD-9C6A74AA6A98}c:\users\edo\appdata\local\temp\rarsfx15\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx15hl.exe:hl.exe
"TCP Query User{F269D279-1C24-47E2-A7AA-F15029E300AF}c:\users\edo\appdata\local\temp\rarsfx16\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx16hl.exe:hl.exe
"UDP Query User{927BE17C-259B-401A-8F99-0D4D6C17080A}c:\users\edo\appdata\local\temp\rarsfx16\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx16hl.exe:hl.exe
"TCP Query User{4F470ACE-0017-420A-9C1B-A28BA6231344}c:\users\edo\appdata\local\temp\rarsfx17\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx17hl.exe:hl.exe
"UDP Query User{DECD8EAC-6CB2-4668-8096-FAB2F2A0E233}c:\users\edo\appdata\local\temp\rarsfx17\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx17hl.exe:hl.exe
"TCP Query User{ED427565-DF4F-48CE-9AEC-B3ADDAF94A40}c:\users\edo\appdata\local\temp\rarsfx18\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx18hl.exe:hl.exe
"UDP Query User{09F8B41B-A92D-4BA0-B496-DCC9B1074C12}c:\users\edo\appdata\local\temp\rarsfx18\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx18hl.exe:hl.exe
"TCP Query User{7235B185-6445-4436-B6EB-2365158411AF}c:\users\edo\appdata\local\temp\rarsfx19\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx19hl.exe:hl.exe
"UDP Query User{E0CBECCB-6F53-4B4D-B2B5-E053660818C6}c:\users\edo\appdata\local\temp\rarsfx19\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx19hl.exe:hl.exe
"{C973744A-6F84-4CC4-80E0-C7A1F59FDA0D}"= c:program filesSkypePhoneSkype.exe:Skype
"{C7FDB42C-AAA0-4616-935E-AB4BD108A11D}"= c:program filesSkypePhoneSkype.exe:Skype
"{A2488F25-D0FD-42C9-AFBD-2BE922C5BE70}"= c:program filesSkypePhoneSkype.exe:Skype
"{B256651C-F2C9-458E-AD73-64F1A1F62608}"= c:program filesSkypePhoneSkype.exe:Skype
"TCP Query User{35092405-0AE0-42DD-B613-3F1C99394E1B}c:\program files\java\jdk1.6.0_07\bin\javaw.exe"= UDP:c:program filesjavajdk1.6.0_07binjavaw.exe:Java(TM) Platform SE binary
"UDP Query User{A54B3AB9-869C-4298-94A0-9EB82CDB6B69}c:\program files\java\jdk1.6.0_07\bin\javaw.exe"= TCP:c:program filesjavajdk1.6.0_07binjavaw.exe:Java(TM) Platform SE binary
"{478F7839-F330-4836-B879-C1006B4EFEA4}"= c:program filesSkypePhoneSkype.exe:Skype
"{211D768E-25EF-4ADD-9D04-A39992BBFC58}"= c:program filesSkypePhoneSkype.exe:Skype
"{8154691D-C587-409E-9652-740F9217EA44}"= c:program filesSkypePhoneSkype.exe:Skype
"{26F5C53C-FBB1-4D4F-961D-01430B676475}"= c:program filesSkypePhoneSkype.exe:Skype
"{A4511BF3-AE29-4D29-A618-6F2D7E402796}"= c:program filesSkypePhoneSkype.exe:Skype
"{127B8290-D82A-46A9-A532-3A17DEB45126}"= c:program filesSkypePhoneSkype.exe:Skype
"TCP Query User{C790ABD6-EE7C-4F66-9769-724294B84124}c:\program files\spyware terminator\spywareterminatorupdate.exe"= UDP:c:program filesspyware terminatorspywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{7F34D465-5515-4FBC-8284-5EE45CFC97C0}c:\program files\spyware terminator\spywareterminatorupdate.exe"= TCP:c:program filesspyware terminatorspywareterminatorupdate.exe:Crawler Spyware Terminator
"{E847D5EF-F2C3-49D5-B0C9-032BA85482CA}"= c:program filesSkypePhoneSkype.exe:Skype

[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfile]
"EnableFirewall"= 0 (0x0)

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:windowsSystem32driverssp_rsdrv2.sys [12/09/2009 18:10 142592]
R2 aswMonFlt;aswMonFlt;c:windowsSystem32driversaswMonFlt.sys [10/09/2009 16:17 51792]
R2 ConfigFree Service;ConfigFree Service;c:program filesToshibaConfigFreeCFSvcs.exe [25/12/2007 14:07 40960]
R2 ekrn;Eset Service;c:program filesESETESET Smart Securityekrn.exe [21/12/2007 08:21 468224]
R2 FGUARD32;FGUARD32;c:program filesFolder GuardFGUARD32.SYS [31/05/2009 13:49 54480]
R2 fssfltr;FssFltr;c:windowsSystem32driversfssfltr.sys [11/02/2009 12:47 55264]
R2 fsssvc;Windows Live Family Safety;c:program filesWindows LiveFamily Safetyfsssvc.exe [06/02/2009 19:08 533360]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filesToshibaSMARTLogServiceTosIPCSrv.exe [03/12/2007 18:03 126976]
R3 FwLnk;FwLnk Driver;c:windowsSystem32driversFwLnk.sys [22/04/2008 18:57 7168]
S2 gupdate1c9ed10d6f77110;Google Update Service (gupdate1c9ed10d6f77110);c:program filesGoogleUpdateGoogleUpdate.exe [14/06/2009 18:54 133104]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [21/09/2008 23:33 356920]
.
Contents of the 'Scheduled Tasks' folder

2009-09-26 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2009-06-14 16:54]

2009-09-26 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2009-06-14 16:54]

2009-09-25 c:windowsTasksUser_Feed_Synchronization-{D1775555-3A0B-49F3-9B72-2829F4F92A07}.job
- c:windowssystem32msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:progra~1CrawlerToolbarctbr.dll
FF - ProfilePath - c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.default
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxcomm.dll
FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxshared.dll
FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxsupport.dll
FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxwsg.dll
FF - component: c:program filesMozilla Firefoxextensions{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}componentsDealioToolbarFF.dll
FF - component: c:program filesMozilla Firefoxextensionssearch@searchsettings.comcomponentsSearchSettingsFF.dll
FF - component: c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.defaultextensionspiclens@cooliris.comcomponentscoolirisstub.dll
FF - plugin: c:program filesGooglePicasa3npPicasa3.dll
FF - plugin: c:program filesGoogleUpdate1.2.183.7npGoogleOneClick8.dll
FF - plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF - plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF - plugin: c:program filesMicrosoftOffice LivenpOLW.dll
FF - plugin: c:program filesWindows LivePhoto GalleryNPWLPG.dll
FF - plugin: c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.defaultextensionspiclens@cooliris.compluginsnpcoolirisplugin.dll
FF - plugin: c:usersEDOAppDataRoamingMozillapluginsnpcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:program filesDealio ToolbarDealioToolbarIE.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-FolderLock6 - c:program filesFolder LockUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-26 14:51
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:windowsTEMPTMP000000735D59CA9AAE105949 524288 bytes

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-26 14:53
ComboFix-quarantined-files.txt 2009-09-26 12:53

Pre-Run: 45,820,129,280 bytes free
Post-Run: 45,759,922,176 bytes free

STA SAD DA RADIM?

334 --- E O F --- 2009-09-24 14:47

_________________________________________________________________
Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy!
http://spaces.live.com/spacesa...rl=/friends.aspx&mkt=en-us
--_6607fc1e-9309-46fa-bb14-cf28e9cfa548_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style></style>
</head>
<body class='hmmessage'>
 > To: [email protected] > Subject: Re: pojava foldera na desktopu prilikom paljenja wireles-a [elitesecurity.pracenje.teme] > From: [email protected] > Date: Wed, 23 Sep 2009 23:45:35 +0200 > > Procitaj Top Temu o koriscenju Combofix programa. > > > > Znaci,iskljuci AntiVirus,download-uj Combofix sa datih linkova,odradi skeniranje po uputstvu > > i kopiraj log koji Combofix napravi po zavrsetku skeniranja skeniranja > > -- > http://www.elitesecurity.org/p2395725 > > Prijave/odjave: http://www.elitesecurity.org/pracenje#376423 > > Ne menjajte sledece dve linije ukoliko odgovarate putem emaila! > esauth:376423:a26bff6da4f30d9daa2462b109ffb24c >

e.d

Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta

+16 Profil

Re: Pojava foldera na desktopu prilikom paljenja wireles-a

^{27.09.2009. u 00:50 - pre 177 meseci}

Combofix log nije ceo,nadji ga na C particiji i prikaci ga uz poruku

http://www.itfix.biz/images/Malware.JPG

Odgovor na temu

ed-win
STUDET
Podgorica

Član broj: 202900
Poruke: 7
*.com
Via: [es] mailing liste

Profil

Re: Pojava foldera na desktopu prilikom paljenja wireles-a

^{27.09.2009. u 16:08 - pre 177 meseci}

ComboFix 09-09-25.01 - EDO 26/09/2009 14:44.1.2 - NTFSx86
Microsoft� Windows Vista� Home Premium 6.0.6001.1.1250.381.1033.18.2037.979 [GMT 2:00]
Running from: c:usersEDODesktopComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
SP: avast! antivirus 4.8.1229 [VPS 090202-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}
SP: Spyware Terminator *enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:program filesDealio Toolbar
c:program filesDealio Toolbarconfig.ini
c:program filesDealio ToolbarDealioToolbarIE.dll
c:program filesDealio ToolbarResamazon.gif
c:program filesDealio ToolbarResapple.gif
c:program filesDealio ToolbarResbarnes.gif
c:program filesDealio ToolbarResbestbuy.gif
c:program filesDealio ToolbarResdealio_logo.gif
c:program filesDealio ToolbarResdealio_logo_hover.gif
c:program filesDealio ToolbarResebay.gif
c:program filesDealio ToolbarResicon_settings.gif
c:program filesDealio ToolbarResmacys.gif
c:program filesDealio ToolbarResnewegg.gif
c:program filesDealio ToolbarResoverstock.gif
c:program filesDealio ToolbarRessearch-button-hover.gif
c:program filesDealio ToolbarRessearch-button.gif
c:program filesDealio ToolbarRessearch-chevron-hover.gif
c:program filesDealio ToolbarRessearch-chevron.gif
c:program filesDealio ToolbarRessearch_amazon.gif
c:program filesDealio ToolbarRessearch_dealio.gif
c:program filesDealio ToolbarRessearch_ebay.gif
c:program filesDealio ToolbarRessearch_yahoo.gif
c:program filesDealio ToolbarResseparator.gif
c:program filesDealio ToolbarRestarget.gif
c:program filesDealio ToolbarReswalmart.gif
c:program filesDealio ToolbarReswidgets.xml
c:program filesDealio ToolbarSearchSettings.exe
c:program filesDealio ToolbarSearchSettingsRes409.dll
c:program filesDealio Toolbarsscfg.ini
c:program filesDealio ToolbarWidgiHelper.exe
c:usersEDOAppDataRoaming.#
c:windowsInstaller4a9b63.msi
c:windowsInstaller8b18e5.msi
c:windowsInstallerWMEncoder.msi
c:windowssystemMSW.DLL
c:windowssystem32NTSVc.ocx

.
((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 )))))))))))))))))))))))))))))))
.

2009-09-26 12:51 . 2009-09-26 12:51 -------- d-----w- c:usersDefaultAppDataLocaltemp
2009-09-25 15:04 . 2009-09-25 15:12 -------- d-----w- c:program filesWirelessMon
2009-09-23 21:15 . 2009-09-23 21:15 -------- d-----w- c:program filesESET
2009-09-21 16:17 . 2009-09-21 16:56 -------- d-----w- C:$AVG8.VAULT$
2009-09-21 13:21 . 2009-09-23 21:10 -------- d-----w- c:programdataavg8
2009-09-13 11:32 . 2009-09-26 11:02 -------- d-----w- c:program filesWinClamAVShield
2009-09-12 16:11 . 2009-09-12 16:11 -------- d-----w- c:program filesCrawler
2009-09-12 16:10 . 2009-09-12 16:10 142592 ----a-w- c:windowssystem32driverssp_rsdrv2.sys
2009-09-12 16:10 . 2009-09-26 12:39 -------- d-----w- c:usersEDOAppDataRoamingSpyware Terminator
2009-09-12 16:10 . 2009-09-25 13:47 -------- d-----w- c:programdataSpyware Terminator
2009-09-12 16:10 . 2009-09-23 21:22 -------- d-----w- c:program filesSpyware Terminator
2009-09-10 15:06 . 2009-06-15 15:24 175104 ----a-w- c:windowssystem32wdigest.dll
2009-09-10 15:06 . 2009-06-15 15:24 270848 ----a-w- c:windowssystem32schannel.dll
2009-09-10 15:06 . 2009-06-15 15:23 1256448 ----a-w- c:windowssystem32lsasrv.dll
2009-09-10 15:06 . 2009-06-15 15:22 213504 ----a-w- c:windowssystem32msv1_0.dll
2009-09-10 15:06 . 2009-06-15 15:21 499712 ----a-w- c:windowssystem32kerberos.dll
2009-09-10 15:06 . 2009-06-15 18:20 439896 ----a-w- c:windowssystem32driversksecdd.sys
2009-09-10 15:06 . 2009-06-15 15:24 72704 ----a-w- c:windowssystem32secur32.dll
2009-09-10 15:06 . 2009-06-15 12:57 9728 ----a-w- c:windowssystem32lsass.exe
2009-09-10 14:17 . 2009-02-05 20:06 51792 ----a-w- c:windowssystem32driversaswMonFlt.sys
2009-09-10 14:00 . 2009-08-28 12:39 28672 ----a-w- c:windowssystem32Apphlpdm.dll
2009-09-10 14:00 . 2009-08-28 10:15 4240384 ----a-w- c:windowssystem32GameUXLegacyGDFs.dll
2009-08-27 15:46 . 2009-06-22 10:22 2048 ----a-w- c:windowssystem32tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-26 12:51 . 2009-03-29 21:14 -------- d-----w- c:usersEDOAppDataRoamingSkype
2009-09-25 13:42 . 2008-09-17 16:30 -------- d-----w- c:usersEDOAppDataRoamingToshiba
2009-09-24 14:49 . 2008-10-09 19:04 -------- d-----w- c:program fileseclipse
2009-09-23 21:24 . 2008-09-23 13:16 -------- d-----w- c:program filesCCleaner
2009-09-14 21:12 . 2008-09-21 21:54 -------- d-----w- c:program filesAskTBar
2009-09-13 12:10 . 2008-04-22 17:12 -------- d-----w- c:program filesCommon FilesAdobe
2009-09-12 16:33 . 2008-09-17 14:38 114400 ----a-w- c:usersEDOAppDataLocalGDIPFONTCACHEV1.DAT
2009-09-10 15:19 . 2009-04-06 21:08 680 ----a-w- c:usersEDOAppDataLocald3d9caps.dat
2009-09-10 15:09 . 2008-04-23 06:35 -------- d-----w- c:programdataMicrosoft Help
2009-09-10 14:55 . 2006-11-02 11:18 -------- d-----w- c:program filesWindows Mail
2009-09-10 14:55 . 2009-02-21 22:26 -------- d-----w- c:program filesMicrosoft Silverlight
2009-08-21 14:04 . 2009-05-31 11:52 -------- d-----w- c:usersEDOAppDataRoamingFolder Guard
2009-08-21 14:04 . 2009-05-31 11:49 -------- d-----w- c:program filesFolder Guard
2009-08-14 17:07 . 2009-09-10 14:01 897608 ----a-w- c:windowssystem32driverstcpip.sys
2009-08-14 16:29 . 2009-09-10 14:01 104960 ----a-w- c:windowssystem32netiohlp.dll
2009-08-14 16:29 . 2009-09-10 14:01 17920 ----a-w- c:windowssystem32netevent.dll
2009-08-14 14:16 . 2009-09-10 14:01 9728 ----a-w- c:windowssystem32TCPSVCS.EXE
2009-08-14 14:16 . 2009-09-10 14:01 17920 ----a-w- c:windowssystem32ROUTE.EXE
2009-08-14 14:16 . 2009-09-10 14:01 11264 ----a-w- c:windowssystem32MRINFO.EXE
2009-08-14 14:16 . 2009-09-10 14:01 27136 ----a-w- c:windowssystem32NETSTAT.EXE
2009-08-14 14:16 . 2009-09-10 14:01 19968 ----a-w- c:windowssystem32ARP.EXE
2009-08-14 14:16 . 2009-09-10 14:01 8704 ----a-w- c:windowssystem32HOSTNAME.EXE
2009-08-14 14:16 . 2009-09-10 14:01 10240 ----a-w- c:windowssystem32finger.exe
2009-07-18 16:06 . 2009-07-30 17:08 827904 ----a-w- c:windowssystem32wininet.dll
2009-07-18 16:01 . 2009-07-30 17:08 78336 ----a-w- c:windowssystem32ieencode.dll
2009-07-18 09:46 . 2009-07-30 17:08 26624 ----a-w- c:windowssystem32ieUnatt.exe
2009-07-17 14:35 . 2009-08-13 12:55 71680 ----a-w- c:windowssystem32atl.dll
2009-07-14 13:00 . 2009-08-13 12:54 313344 ----a-w- c:windowssystem32wmpdxm.dll
2009-07-14 12:59 . 2009-08-13 12:54 4096 ----a-w- c:windowssystem32dxmasf.dll
2009-07-14 12:58 . 2009-08-13 12:54 7680 ----a-w- c:windowssystem32spwmp.dll
2009-07-14 10:59 . 2009-08-13 12:54 8147456 ----a-w- c:windowssystem32wmploc.DLL
2009-07-11 19:32 . 2009-09-10 14:01 513024 ----a-w- c:windowssystem32wlansvc.dll
2009-07-11 19:32 . 2009-09-10 14:01 302592 ----a-w- c:windowssystem32wlansec.dll
2009-07-11 19:32 . 2009-09-10 14:01 293376 ----a-w- c:windowssystem32wlanmsm.dll
2009-07-11 19:29 . 2009-09-10 14:01 127488 ----a-w- c:windowssystem32L2SecHC.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:program filesmozilla firefoxpluginslibdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:program filesmozilla firefoxpluginsssldivx.dll
2009-03-12 22:02 . 2009-03-12 22:02 0 --sha-w- c:windowsSystem32sys_drv.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:program filesWindows LiveMessengermsnmsgr.exe" [2009-02-06 3885408]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe" [2007-12-13 1688872]
"Skype"="c:program filesSkypePhoneSkype.exe" [2009-03-11 24095528]
"ehTray.exe"="c:windowsehomeehTray.exe" [2008-01-21 125952]
"SpywareTerminatorUpdate"="c:program filesSpyware TerminatorSpywareTerminatorUpdate.exe" [2009-09-12 3055616]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"TPwrMain"="c:program filesTOSHIBAPower SaverTPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:program filesTOSHIBATBSHSON.exe" [2007-10-31 54608]
"SmoothView"="c:program filesToshibaSmoothViewSmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:program filesTOSHIBAFlashCardsTCrdMain.exe" [2008-01-22 712704]
"fssui"="c:program filesWindows LiveFamily Safetyfsui.exe" [2009-02-06 454000]
"SunJavaUpdateSched"="c:program filesJavajre1.6.0_07binjusched.exe" [2008-06-10 144784]
"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-05-28 1029416]
"FG_Monitor"="c:program filesFolder GuardFGKey.exe" [2009-03-24 132424]
"SpywareTerminator"="c:program filesSpyware TerminatorSpywareTerminatorShield.exe" [2009-09-12 2171904]
"egui"="c:program filesESETESET Smart Securityegui.exe" [2008-07-01 1447168]
"RtHDVCpl"="RtHDVCpl.exe" - c:windowsRtHDVCpl.exe [2008-01-29 4911104]

c:programdataMicrosoftWindowsStart MenuProgramsStartup
Bluetooth Manager.lnk - c:program filesToshibaBluetooth Toshiba StackTosBtMng.exe [2008-1-25 2938184]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]
"AppInit_DLLs"=c:progra~1GoogleGOOGLE~3GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ PDBoot.exeautocheck autochk *

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]
@=""

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@="Service"

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-1034232064-2279216250-2363570500-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]
"TCP Query User{28B057F1-274A-4A7B-B0D9-BE0DED0A23AD}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe
"UDP Query User{3D70D057-D432-43F1-A6C6-112AD064E214}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe
"TCP Query User{C20F3FFD-4A02-49F0-963C-14E5F0ACE68A}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe
"UDP Query User{CD3B3FB0-A778-4CC7-8B4C-0B8F378F98B5}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe
"TCP Query User{E5DA0683-C590-4B2F-A311-9965BE90B870}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe
"UDP Query User{3C11572B-1A68-42C8-B8F2-A99FA6E3438B}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe
"TCP Query User{AC5592F3-0FB8-4FF6-B0E0-B7A8B2385528}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe
"UDP Query User{82BC3D69-8CCC-46B7-A6F6-C2A3137A4CD6}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe
"TCP Query User{9F5B5053-8403-4E36-A88D-6FDFB0F6658D}c:\program files\windows live\messenger\msnmsgr.exe"= UDP:c:program fileswindows livemessengermsnmsgr.exe:Windows Live Messenger
"UDP Query User{20340B07-01F9-47C2-A8C9-B5F59E8B0204}c:\program files\windows live\messenger\msnmsgr.exe"= TCP:c:program fileswindows livemessengermsnmsgr.exe:Windows Live Messenger
"TCP Query User{663ECF2F-E4B9-42FD-BBB4-79465A48F42E}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe
"UDP Query User{6C2B3F76-DEDC-45E5-AD88-3FCF9E190BC0}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe
"TCP Query User{0B58CBAD-50B8-4DD5-BD84-A6F92C6438A6}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe
"UDP Query User{E02E369C-E872-40F9-8D45-AFBB784934CC}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe
"TCP Query User{CE615757-7147-46F7-AE5C-3C7501136283}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe
"UDP Query User{D21996F4-4247-4CCD-9516-5D900FFC5E54}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe
"TCP Query User{EA162715-4F11-4DD9-A55D-5837FC307196}c:\users\edo\appdata\local\temp\rarsfx1\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx1hl.exe:hl.exe
"UDP Query User{C4963D4F-B749-4E08-91EA-7776BA89B410}c:\users\edo\appdata\local\temp\rarsfx1\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx1hl.exe:hl.exe
"TCP Query User{944C3C81-D8F6-48CB-B0B2-27F458E171C7}c:\users\edo\appdata\local\temp\rarsfx5\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx5hl.exe:hl.exe
"UDP Query User{EA49780C-21A4-4315-89F5-80D266759EE4}c:\users\edo\appdata\local\temp\rarsfx5\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx5hl.exe:hl.exe
"TCP Query User{93622879-AFC2-4BA7-89B8-02AEC63B812D}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= UDP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary
"UDP Query User{55402014-180B-4061-B771-444B4FBE0509}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= TCP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary
"{8B499D1F-4728-40CB-B810-0252832C4FDB}"= c:program filesSkypePhoneSkype.exe:Skype
"{9CDD1642-ACAC-476D-BC94-2368757C9046}"= c:program filesSkypePhoneSkype.exe:Skype
"TCP Query User{CDFBB7D8-B624-4E29-8E0F-DE1CFDB45CA8}c:\users\edo\appdata\local\temp\rarsfx6\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx6hl.exe:hl.exe
"UDP Query User{F0E0E2FB-B11C-4724-A183-C56B49756BB1}c:\users\edo\appdata\local\temp\rarsfx6\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx6hl.exe:hl.exe
"TCP Query User{24C1338A-264C-46D4-8667-708D3C8C161B}c:\users\edo\appdata\local\temp\rarsfx7\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx7hl.exe:hl.exe
"UDP Query User{37D1507E-1BCB-483A-85AA-92870A94C223}c:\users\edo\appdata\local\temp\rarsfx7\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx7hl.exe:hl.exe
"{235C35FD-B8BC-42BB-AA3D-ECAE78E2DD09}"= c:program filesSkypePhoneSkype.exe:Skype
"TCP Query User{A1CE5AF9-2586-45DC-BC1C-A8910486F81B}c:\users\edo\appdata\local\temp\rarsfx8\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx8hl.exe:hl.exe
"UDP Query User{D2C4AD48-D8B9-4850-8FF6-743F6D49A8F0}c:\users\edo\appdata\local\temp\rarsfx8\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx8hl.exe:hl.exe
"{59A35467-6E8E-4DFA-AF12-58669AB3764A}"= c:program filesSkypePhoneSkype.exe:Skype
"TCP Query User{A31E95BB-3F98-484C-9B47-B4E1E4012BE3}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= UDP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary
"UDP Query User{47E5EB56-541C-46C0-BBA3-8825914E829F}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= TCP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary
"TCP Query User{1BC140AE-BBB1-4FC3-8523-9699554CABAA}c:\users\edo\appdata\local\temp\rarsfx9\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx9hl.exe:hl.exe
"UDP Query User{9A44301F-146E-441F-8350-6AC9B9771209}c:\users\edo\appdata\local\temp\rarsfx9\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx9hl.exe:hl.exe
"TCP Query User{1A03CF9C-B1BF-466D-A337-229C3EF1918A}c:\users\edo\appdata\local\temp\rarsfx10\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx10hl.exe:hl.exe
"UDP Query User{C2B3964F-0567-40F1-8001-7917CFE3AF89}c:\users\edo\appdata\local\temp\rarsfx10\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx10hl.exe:hl.exe
"TCP Query User{2F8F1FE1-64FE-4279-88EC-2BB06E3DD0B2}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe
"UDP Query User{1A40830E-A351-4A8F-B852-3151708ADA5C}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe
"{D5E25D5C-B387-40B2-93BA-61F07D8C69AD}"= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
"{25ED5032-C100-47F9-A768-7E857D25EFA1}"= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote
"{FD65048E-0698-4411-BE49-FE4EAC1C65F8}"= c:program filesSkypePhoneSkype.exe:Skype
"{C95C0DC8-4EBE-4DA4-B31C-BA0AF4540673}"= c:program filesSkypePhoneSkype.exe:Skype
"{B29C8A7F-01A3-4AD6-AA7B-2ED5F338F084}"= c:program filesSkypePhoneSkype.exe:Skype
"TCP Query User{232FA13C-584A-4B71-8732-AB4370B7962C}c:\users\edo\appdata\local\temp\rarsfx11\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx11hl.exe:hl.exe
"UDP Query User{2A3EF8AD-0F5B-4452-9FC5-9648B543495F}c:\users\edo\appdata\local\temp\rarsfx11\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx11hl.exe:hl.exe
"{69FDAF82-DCE2-4C5E-8DFB-F955267DAE13}"= c:program filesSkypePhoneSkype.exe:Skype
"TCP Query User{A4CE1BEB-8D60-424C-B1E6-1318E5D5E1F7}c:\users\edo\appdata\local\temp\rarsfx12\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx12hl.exe:hl.exe
"UDP Query User{76FD5A59-CD08-41CC-9E96-126ABD5A7F24}c:\users\edo\appdata\local\temp\rarsfx12\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx12hl.exe:hl.exe
"TCP Query User{003C87E4-4BF7-4F80-AD58-99D504156F33}c:\users\edo\appdata\local\temp\rarsfx13\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx13hl.exe:hl.exe
"UDP Query User{977A5291-0182-47B8-ABED-BF8D2E840C0B}c:\users\edo\appdata\local\temp\rarsfx13\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx13hl.exe:hl.exe
"{21637CFE-3500-4073-A567-4F8768A0BC85}"= c:program filesSkypePhoneSkype.exe:Skype
"TCP Query User{CD3E1D89-4801-483C-A583-0B77248E26BC}c:\users\edo\appdata\local\temp\rarsfx14\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx14hl.exe:hl.exe
"UDP Query User{C9FC525B-3AD8-4BEA-8CEE-E39AF29F5A9C}c:\users\edo\appdata\local\temp\rarsfx14\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx14hl.exe:hl.exe
"TCP Query User{92858762-80B0-49CF-A5ED-19D949366395}c:\users\edo\appdata\local\temp\rarsfx15\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx15hl.exe:hl.exe
"UDP Query User{A32AD7DD-D4D5-4719-8EDD-9C6A74AA6A98}c:\users\edo\appdata\local\temp\rarsfx15\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx15hl.exe:hl.exe
"TCP Query User{F269D279-1C24-47E2-A7AA-F15029E300AF}c:\users\edo\appdata\local\temp\rarsfx16\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx16hl.exe:hl.exe
"UDP Query User{927BE17C-259B-401A-8F99-0D4D6C17080A}c:\users\edo\appdata\local\temp\rarsfx16\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx16hl.exe:hl.exe
"TCP Query User{4F470ACE-0017-420A-9C1B-A28BA6231344}c:\users\edo\appdata\local\temp\rarsfx17\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx17hl.exe:hl.exe
"UDP Query User{DECD8EAC-6CB2-4668-8096-FAB2F2A0E233}c:\users\edo\appdata\local\temp\rarsfx17\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx17hl.exe:hl.exe
"TCP Query User{ED427565-DF4F-48CE-9AEC-B3ADDAF94A40}c:\users\edo\appdata\local\temp\rarsfx18\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx18hl.exe:hl.exe
"UDP Query User{09F8B41B-A92D-4BA0-B496-DCC9B1074C12}c:\users\edo\appdata\local\temp\rarsfx18\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx18hl.exe:hl.exe
"TCP Query User{7235B185-6445-4436-B6EB-2365158411AF}c:\users\edo\appdata\local\temp\rarsfx19\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx19hl.exe:hl.exe
"UDP Query User{E0CBECCB-6F53-4B4D-B2B5-E053660818C6}c:\users\edo\appdata\local\temp\rarsfx19\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx19hl.exe:hl.exe
"{C973744A-6F84-4CC4-80E0-C7A1F59FDA0D}"= c:program filesSkypePhoneSkype.exe:Skype
"{C7FDB42C-AAA0-4616-935E-AB4BD108A11D}"= c:program filesSkypePhoneSkype.exe:Skype
"{A2488F25-D0FD-42C9-AFBD-2BE922C5BE70}"= c:program filesSkypePhoneSkype.exe:Skype
"{B256651C-F2C9-458E-AD73-64F1A1F62608}"= c:program filesSkypePhoneSkype.exe:Skype
"TCP Query User{35092405-0AE0-42DD-B613-3F1C99394E1B}c:\program files\java\jdk1.6.0_07\bin\javaw.exe"= UDP:c:program filesjavajdk1.6.0_07binjavaw.exe:Java(TM) Platform SE binary
"UDP Query User{A54B3AB9-869C-4298-94A0-9EB82CDB6B69}c:\program files\java\jdk1.6.0_07\bin\javaw.exe"= TCP:c:program filesjavajdk1.6.0_07binjavaw.exe:Java(TM) Platform SE binary
"{478F7839-F330-4836-B879-C1006B4EFEA4}"= c:program filesSkypePhoneSkype.exe:Skype
"{211D768E-25EF-4ADD-9D04-A39992BBFC58}"= c:program filesSkypePhoneSkype.exe:Skype
"{8154691D-C587-409E-9652-740F9217EA44}"= c:program filesSkypePhoneSkype.exe:Skype
"{26F5C53C-FBB1-4D4F-961D-01430B676475}"= c:program filesSkypePhoneSkype.exe:Skype
"{A4511BF3-AE29-4D29-A618-6F2D7E402796}"= c:program filesSkypePhoneSkype.exe:Skype
"{127B8290-D82A-46A9-A532-3A17DEB45126}"= c:program filesSkypePhoneSkype.exe:Skype
"TCP Query User{C790ABD6-EE7C-4F66-9769-724294B84124}c:\program files\spyware terminator\spywareterminatorupdate.exe"= UDP:c:program filesspyware terminatorspywareterminatorupdate.exe:Crawler Spyware Terminator
"UDP Query User{7F34D465-5515-4FBC-8284-5EE45CFC97C0}c:\program files\spyware terminator\spywareterminatorupdate.exe"= TCP:c:program filesspyware terminatorspywareterminatorupdate.exe:Crawler Spyware Terminator
"{E847D5EF-F2C3-49D5-B0C9-032BA85482CA}"= c:program filesSkypePhoneSkype.exe:Skype

[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfile]
"EnableFirewall"= 0 (0x0)

R1 sp_rsdrv2;Spyware Terminator Driver 2;c:windowsSystem32driverssp_rsdrv2.sys [12/09/2009 18:10 142592]
R2 aswMonFlt;aswMonFlt;c:windowsSystem32driversaswMonFlt.sys [10/09/2009 16:17 51792]
R2 ConfigFree Service;ConfigFree Service;c:program filesToshibaConfigFreeCFSvcs.exe [25/12/2007 14:07 40960]
R2 ekrn;Eset Service;c:program filesESETESET Smart Securityekrn.exe [21/12/2007 08:21 468224]
R2 FGUARD32;FGUARD32;c:program filesFolder GuardFGUARD32.SYS [31/05/2009 13:49 54480]
R2 fssfltr;FssFltr;c:windowsSystem32driversfssfltr.sys [11/02/2009 12:47 55264]
R2 fsssvc;Windows Live Family Safety;c:program filesWindows LiveFamily Safetyfsssvc.exe [06/02/2009 19:08 533360]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filesToshibaSMARTLogServiceTosIPCSrv.exe [03/12/2007 18:03 126976]
R3 FwLnk;FwLnk Driver;c:windowsSystem32driversFwLnk.sys [22/04/2008 18:57 7168]
S2 gupdate1c9ed10d6f77110;Google Update Service (gupdate1c9ed10d6f77110);c:program filesGoogleUpdateGoogleUpdate.exe [14/06/2009 18:54 133104]
S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [21/09/2008 23:33 356920]
.
Contents of the 'Scheduled Tasks' folder

2009-09-26 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2009-06-14 16:54]

2009-09-26 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2009-06-14 16:54]

2009-09-25 c:windowsTasksUser_Feed_Synchronization-{D1775555-3A0B-49F3-9B72-2829F4F92A07}.job
- c:windowssystem32msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = local
IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:progra~1MICROS~3Office12EXCEL.EXE/3000
IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:progra~1CrawlerToolbarctbr.dll
FF - ProfilePath - c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.default
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=
FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxcomm.dll
FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxshared.dll
FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxsupport.dll
FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxwsg.dll
FF - component: c:program filesMozilla Firefoxextensions{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}componentsDealioToolbarFF.dll
FF - component: c:program filesMozilla Firefoxextensionssearch@searchsettings.comcomponentsSearchSettingsFF.dll
FF - component: c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.defaultextensionspiclens@cooliris.comcomponentscoolirisstub.dll
FF - plugin: c:program filesGooglePicasa3npPicasa3.dll
FF - plugin: c:program filesGoogleUpdate1.2.183.7npGoogleOneClick8.dll
FF - plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll
FF - plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll
FF - plugin: c:program filesMicrosoftOffice LivenpOLW.dll
FF - plugin: c:program filesWindows LivePhoto GalleryNPWLPG.dll
FF - plugin: c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.defaultextensionspiclens@cooliris.compluginsnpcoolirisplugin.dll
FF - plugin: c:usersEDOAppDataRoamingMozillapluginsnpcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:program filesDealio ToolbarDealioToolbarIE.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-FolderLock6 - c:program filesFolder LockUninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-26 14:51
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:windowsTEMPTMP000000735D59CA9AAE105949 524288 bytes

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-09-26 14:53
ComboFix-quarantined-files.txt 2009-09-26 12:53

Pre-Run: 45,820,129,280 bytes free
Post-Run: 45,759,922,176 bytes free

334 --- E O F --- 2009-09-24 14:47

_________________________________________________________________
Drag n� drop�Get easy photo sharing with Windows Live� Photos.

http://www.microsoft.com/windows/windowslive/products/photos.aspx
--_cb030b77-0a73-4781-aee9-956d907f61d0_
Content-Type: text/html; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable

<html>
<head>
<style></style>
</head>
<body class='hmmessage'>
 > To: [email protected] > Subject: Re: pojava foldera na desktopu prilikom paljenja wireles-a [elitesecurity.pracenje.teme] > From: [email protected] > Date: Sun, 27 Sep 2009 01:50:33 +0200 > > Combofix log nije ceo,nadji ga na C particiji i prikaci ga uz poruku > > -- > http://www.elitesecurity.org/p2398298 > > Prijave/odjave: http://www.elitesecurity.org/pracenje#376423 > > Ne menjajte sledece dve linije ukoliko odgovarate putem emaila! > esauth:376423:a26bff6da4f30d9daa2462b109ffb24c > Odgovor pisite *iskljucivo* ispod ove linije: ComboFix 09-09-25.01 - EDO 26/09/2009 14:44.1.2 - NTFSx86 Microsoft� Windows Vista� Home Premium   6.0.6001.1.1250.381.1033.18.2037.979 [GMT 2:00] Running from: c:usersEDODesktopComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} SP: avast! antivirus 4.8.1229 [VPS 090202-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448} SP: Spyware Terminator *enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}  * Created a new restore point . (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))) . c:program filesDealio Toolbar c:program filesDealio Toolbarconfig.ini c:program filesDealio ToolbarDealioToolbarIE.dll c:program filesDealio ToolbarResamazon.gif c:program filesDealio ToolbarResapple.gif c:program filesDealio ToolbarResbarnes.gif c:program filesDealio ToolbarResbestbuy.gif c:program filesDealio ToolbarResdealio_logo.gif c:program filesDealio ToolbarResdealio_logo_hover.gif c:program filesDealio ToolbarResebay.gif c:program filesDealio ToolbarResicon_settings.gif c:program filesDealio ToolbarResmacys.gif c:program filesDealio ToolbarResnewegg.gif c:program filesDealio ToolbarResoverstock.gif c:program filesDealio ToolbarRessearch-button-hover.gif c:program filesDealio ToolbarRessearch-button.gif c:program filesDealio ToolbarRessearch-chevron-hover.gif c:program filesDealio ToolbarRessearch-chevron.gif c:program filesDealio ToolbarRessearch_amazon.gif c:program filesDealio ToolbarRessearch_dealio.gif c:program filesDealio ToolbarRessearch_ebay.gif c:program filesDealio ToolbarRessearch_yahoo.gif c:program filesDealio ToolbarResseparator.gif c:program filesDealio ToolbarRestarget.gif c:program filesDealio ToolbarReswalmart.gif c:program filesDealio ToolbarReswidgets.xml c:program filesDealio ToolbarSearchSettings.exe c:program filesDealio ToolbarSearchSettingsRes409.dll c:program filesDealio Toolbarsscfg.ini c:program filesDealio ToolbarWidgiHelper.exe c:usersEDOAppDataRoaming.# c:windowsInstaller4a9b63.msi c:windowsInstaller8b18e5.msi c:windowsInstallerWMEncoder.msi c:windowssystemMSW.DLL c:windowssystem32NTSVc.ocx . (((((((((((((((((((((((((   Files Created from 2009-08-26 to 2009-09-26  ))))))))))))))))))))))))))))))) . 2009-09-26 12:51 . 2009-09-26 12:51    --------    d-----w-    c:usersDefaultAppDataLocaltemp 2009-09-25 15:04 . 2009-09-25 15:12    --------    d-----w-    c:program filesWirelessMon 2009-09-23 21:15 . 2009-09-23 21:15    --------    d-----w-    c:program filesESET 2009-09-21 16:17 . 2009-09-21 16:56    --------    d-----w-    C:$AVG8.VAULT$ 2009-09-21 13:21 . 2009-09-23 21:10    --------    d-----w-    c:programdataavg8 2009-09-13 11:32 . 2009-09-26 11:02    --------    d-----w-    c:program filesWinClamAVShield 2009-09-12 16:11 . 2009-09-12 16:11    --------    d-----w-    c:program filesCrawler 2009-09-12 16:10 . 2009-09-12 16:10    142592    ----a-w-    c:windowssystem32driverssp_rsdrv2.sys 2009-09-12 16:10 . 2009-09-26 12:39    --------    d-----w-    c:usersEDOAppDataRoamingSpyware Terminator 2009-09-12 16:10 . 2009-09-25 13:47    --------    d-----w-    c:programdataSpyware Terminator 2009-09-12 16:10 . 2009-09-23 21:22    --------    d-----w-    c:program filesSpyware Terminator 2009-09-10 15:06 . 2009-06-15 15:24    175104    ----a-w-    c:windowssystem32wdigest.dll 2009-09-10 15:06 . 2009-06-15 15:24    270848    ----a-w-    c:windowssystem32schannel.dll 2009-09-10 15:06 . 2009-06-15 15:23    1256448    ----a-w-    c:windowssystem32lsasrv.dll 2009-09-10 15:06 . 2009-06-15 15:22    213504    ----a-w-    c:windowssystem32msv1_0.dll 2009-09-10 15:06 . 2009-06-15 15:21    499712    ----a-w-    c:windowssystem32kerberos.dll 2009-09-10 15:06 . 2009-06-15 18:20    439896    ----a-w-    c:windowssystem32driversksecdd.sys 2009-09-10 15:06 . 2009-06-15 15:24    72704    ----a-w-    c:windowssystem32secur32.dll 2009-09-10 15:06 . 2009-06-15 12:57    9728    ----a-w-    c:windowssystem32lsass.exe 2009-09-10 14:17 . 2009-02-05 20:06    51792    ----a-w-    c:windowssystem32driversaswMonFlt.sys 2009-09-10 14:00 . 2009-08-28 12:39    28672    ----a-w-    c:windowssystem32Apphlpdm.dll 2009-09-10 14:00 . 2009-08-28 10:15    4240384    ----a-w-    c:windowssystem32GameUXLegacyGDFs.dll 2009-08-27 15:46 . 2009-06-22 10:22    2048    ----a-w-    c:windowssystem32tzres.dll . ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-26 12:51 . 2009-03-29 21:14    --------    d-----w-    c:usersEDOAppDataRoamingSkype 2009-09-25 13:42 . 2008-09-17 16:30    --------    d-----w-    c:usersEDOAppDataRoamingToshiba 2009-09-24 14:49 . 2008-10-09 19:04    --------    d-----w-    c:program fileseclipse 2009-09-23 21:24 . 2008-09-23 13:16    --------    d-----w-    c:program filesCCleaner 2009-09-14 21:12 . 2008-09-21 21:54    --------    d-----w-    c:program filesAskTBar 2009-09-13 12:10 . 2008-04-22 17:12    --------    d-----w-    c:program filesCommon FilesAdobe 2009-09-12 16:33 . 2008-09-17 14:38    114400    ----a-w-    c:usersEDOAppDataLocalGDIPFONTCACHEV1.DAT 2009-09-10 15:19 . 2009-04-06 21:08    680    ----a-w-    c:usersEDOAppDataLocald3d9caps.dat 2009-09-10 15:09 . 2008-04-23 06:35    --------    d-----w-    c:programdataMicrosoft Help 2009-09-10 14:55 . 2006-11-02 11:18    --------    d-----w-    c:program filesWindows Mail 2009-09-10 14:55 . 2009-02-21 22:26    --------    d-----w-    c:program filesMicrosoft Silverlight 2009-08-21 14:04 . 2009-05-31 11:52    --------    d-----w-    c:usersEDOAppDataRoamingFolder Guard 2009-08-21 14:04 . 2009-05-31 11:49    --------    d-----w-    c:program filesFolder Guard 2009-08-14 17:07 . 2009-09-10 14:01    897608    ----a-w-    c:windowssystem32driverstcpip.sys 2009-08-14 16:29 . 2009-09-10 14:01    104960    ----a-w-    c:windowssystem32netiohlp.dll 2009-08-14 16:29 . 2009-09-10 14:01    17920    ----a-w-    c:windowssystem32netevent.dll 2009-08-14 14:16 . 2009-09-10 14:01    9728    ----a-w-    c:windowssystem32TCPSVCS.EXE 2009-08-14 14:16 . 2009-09-10 14:01    17920    ----a-w-    c:windowssystem32ROUTE.EXE 2009-08-14 14:16 . 2009-09-10 14:01    11264    ----a-w-    c:windowssystem32MRINFO.EXE 2009-08-14 14:16 . 2009-09-10 14:01    27136    ----a-w-    c:windowssystem32NETSTAT.EXE 2009-08-14 14:16 . 2009-09-10 14:01    19968    ----a-w-    c:windowssystem32ARP.EXE 2009-08-14 14:16 . 2009-09-10 14:01    8704    ----a-w-    c:windowssystem32HOSTNAME.EXE 2009-08-14 14:16 . 2009-09-10 14:01    10240    ----a-w-    c:windowssystem32finger.exe 2009-07-18 16:06 . 2009-07-30 17:08    827904    ----a-w-    c:windowssystem32wininet.dll 2009-07-18 16:01 . 2009-07-30 17:08    78336    ----a-w-    c:windowssystem32ieencode.dll 2009-07-18 09:46 . 2009-07-30 17:08    26624    ----a-w-    c:windowssystem32ieUnatt.exe 2009-07-17 14:35 . 2009-08-13 12:55    71680    ----a-w-    c:windowssystem32atl.dll 2009-07-14 13:00 . 2009-08-13 12:54    313344    ----a-w-    c:windowssystem32wmpdxm.dll 2009-07-14 12:59 . 2009-08-13 12:54    4096    ----a-w-    c:windowssystem32dxmasf.dll 2009-07-14 12:58 . 2009-08-13 12:54    7680    ----a-w-    c:windowssystem32spwmp.dll 2009-07-14 10:59 . 2009-08-13 12:54    8147456    ----a-w-    c:windowssystem32wmploc.DLL 2009-07-11 19:32 . 2009-09-10 14:01    513024    ----a-w-    c:windowssystem32wlansvc.dll 2009-07-11 19:32 . 2009-09-10 14:01    302592    ----a-w-    c:windowssystem32wlansec.dll 2009-07-11 19:32 . 2009-09-10 14:01    293376    ----a-w-    c:windowssystem32wlanmsm.dll 2009-07-11 19:29 . 2009-09-10 14:01    127488    ----a-w-    c:windowssystem32L2SecHC.dll 2009-05-01 21:02 . 2009-05-01 21:02    1044480    ----a-w-    c:program filesmozilla firefoxpluginslibdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02    200704    ----a-w-    c:program filesmozilla firefoxpluginsssldivx.dll 2009-03-12 22:02 . 2009-03-12 22:02    0    --sha-w-    c:windowsSystem32sys_drv.dat . (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2008-01-21 1233920] "MsnMsgr"="c:program filesWindows LiveMessengermsnmsgr.exe" [2009-02-06 3885408] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe" [2007-12-13 1688872] "Skype"="c:program filesSkypePhoneSkype.exe" [2009-03-11 24095528] "ehTray.exe"="c:windowsehomeehTray.exe" [2008-01-21 125952] "SpywareTerminatorUpdate"="c:program filesSpyware TerminatorSpywareTerminatorUpdate.exe" [2009-09-12 3055616] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "TPwrMain"="c:program filesTOSHIBAPower SaverTPwrMain.EXE" [2008-01-17 431456] "HSON"="c:program filesTOSHIBATBSHSON.exe" [2007-10-31 54608] "SmoothView"="c:program filesToshibaSmoothViewSmoothView.exe" [2008-01-25 509816] "00TCrdMain"="c:program filesTOSHIBAFlashCardsTCrdMain.exe" [2008-01-22 712704] "fssui"="c:program filesWindows LiveFamily Safetyfsui.exe" [2009-02-06 454000] "SunJavaUpdateSched"="c:program filesJavajre1.6.0_07binjusched.exe" [2008-06-10 144784] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-05-28 1029416] "FG_Monitor"="c:program filesFolder GuardFGKey.exe" [2009-03-24 132424] "SpywareTerminator"="c:program filesSpyware TerminatorSpywareTerminatorShield.exe" [2009-09-12 2171904] "egui"="c:program filesESETESET Smart Securityegui.exe" [2008-07-01 1447168] "RtHDVCpl"="RtHDVCpl.exe" - c:windowsRtHDVCpl.exe [2008-01-29 4911104] c:programdataMicrosoftWindowsStart MenuProgramsStartup Bluetooth Manager.lnk - c:program filesToshibaBluetooth Toshiba StackTosBtMng.exe [2008-1-25 2938184] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows] "AppInit_DLLs"=c:progra~1GoogleGOOGLE~3GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute    REG_MULTI_SZ       PDBoot.exeautocheck autochk * [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice] @="" [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice] @="" [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend] @="Service" [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-1034232064-2279216250-2363570500-1000] "EnableNotificationsRef"=dword:00000001 [HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules] "TCP Query User{28B057F1-274A-4A7B-B0D9-BE0DED0A23AD}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe "UDP Query User{3D70D057-D432-43F1-A6C6-112AD064E214}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe "TCP Query User{C20F3FFD-4A02-49F0-963C-14E5F0ACE68A}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe "UDP Query User{CD3B3FB0-A778-4CC7-8B4C-0B8F378F98B5}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe "TCP Query User{E5DA0683-C590-4B2F-A311-9965BE90B870}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe "UDP Query User{3C11572B-1A68-42C8-B8F2-A99FA6E3438B}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe "TCP Query User{AC5592F3-0FB8-4FF6-B0E0-B7A8B2385528}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe "UDP Query User{82BC3D69-8CCC-46B7-A6F6-C2A3137A4CD6}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe "TCP Query User{9F5B5053-8403-4E36-A88D-6FDFB0F6658D}c:\program files\windows live\messenger\msnmsgr.exe"= UDP:c:program fileswindows livemessengermsnmsgr.exe:Windows Live Messenger "UDP Query User{20340B07-01F9-47C2-A8C9-B5F59E8B0204}c:\program files\windows live\messenger\msnmsgr.exe"= TCP:c:program fileswindows livemessengermsnmsgr.exe:Windows Live Messenger "TCP Query User{663ECF2F-E4B9-42FD-BBB4-79465A48F42E}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe "UDP Query User{6C2B3F76-DEDC-45E5-AD88-3FCF9E190BC0}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe "TCP Query User{0B58CBAD-50B8-4DD5-BD84-A6F92C6438A6}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe "UDP Query User{E02E369C-E872-40F9-8D45-AFBB784934CC}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe "TCP Query User{CE615757-7147-46F7-AE5C-3C7501136283}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe "UDP Query User{D21996F4-4247-4CCD-9516-5D900FFC5E54}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe "TCP Query User{EA162715-4F11-4DD9-A55D-5837FC307196}c:\users\edo\appdata\local\temp\rarsfx1\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx1hl.exe:hl.exe "UDP Query User{C4963D4F-B749-4E08-91EA-7776BA89B410}c:\users\edo\appdata\local\temp\rarsfx1\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx1hl.exe:hl.exe "TCP Query User{944C3C81-D8F6-48CB-B0B2-27F458E171C7}c:\users\edo\appdata\local\temp\rarsfx5\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx5hl.exe:hl.exe "UDP Query User{EA49780C-21A4-4315-89F5-80D266759EE4}c:\users\edo\appdata\local\temp\rarsfx5\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx5hl.exe:hl.exe "TCP Query User{93622879-AFC2-4BA7-89B8-02AEC63B812D}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= UDP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary "UDP Query User{55402014-180B-4061-B771-444B4FBE0509}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= TCP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary "{8B499D1F-4728-40CB-B810-0252832C4FDB}"= c:program filesSkypePhoneSkype.exe:Skype "{9CDD1642-ACAC-476D-BC94-2368757C9046}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{CDFBB7D8-B624-4E29-8E0F-DE1CFDB45CA8}c:\users\edo\appdata\local\temp\rarsfx6\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx6hl.exe:hl.exe "UDP Query User{F0E0E2FB-B11C-4724-A183-C56B49756BB1}c:\users\edo\appdata\local\temp\rarsfx6\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx6hl.exe:hl.exe "TCP Query User{24C1338A-264C-46D4-8667-708D3C8C161B}c:\users\edo\appdata\local\temp\rarsfx7\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx7hl.exe:hl.exe "UDP Query User{37D1507E-1BCB-483A-85AA-92870A94C223}c:\users\edo\appdata\local\temp\rarsfx7\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx7hl.exe:hl.exe "{235C35FD-B8BC-42BB-AA3D-ECAE78E2DD09}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{A1CE5AF9-2586-45DC-BC1C-A8910486F81B}c:\users\edo\appdata\local\temp\rarsfx8\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx8hl.exe:hl.exe "UDP Query User{D2C4AD48-D8B9-4850-8FF6-743F6D49A8F0}c:\users\edo\appdata\local\temp\rarsfx8\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx8hl.exe:hl.exe "{59A35467-6E8E-4DFA-AF12-58669AB3764A}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{A31E95BB-3F98-484C-9B47-B4E1E4012BE3}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= UDP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary "UDP Query User{47E5EB56-541C-46C0-BBA3-8825914E829F}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= TCP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary "TCP Query User{1BC140AE-BBB1-4FC3-8523-9699554CABAA}c:\users\edo\appdata\local\temp\rarsfx9\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx9hl.exe:hl.exe "UDP Query User{9A44301F-146E-441F-8350-6AC9B9771209}c:\users\edo\appdata\local\temp\rarsfx9\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx9hl.exe:hl.exe "TCP Query User{1A03CF9C-B1BF-466D-A337-229C3EF1918A}c:\users\edo\appdata\local\temp\rarsfx10\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx10hl.exe:hl.exe "UDP Query User{C2B3964F-0567-40F1-8001-7917CFE3AF89}c:\users\edo\appdata\local\temp\rarsfx10\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx10hl.exe:hl.exe "TCP Query User{2F8F1FE1-64FE-4279-88EC-2BB06E3DD0B2}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe "UDP Query User{1A40830E-A351-4A8F-B852-3151708ADA5C}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe "{D5E25D5C-B387-40B2-93BA-61F07D8C69AD}"= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote "{25ED5032-C100-47F9-A768-7E857D25EFA1}"= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote "{FD65048E-0698-4411-BE49-FE4EAC1C65F8}"= c:program filesSkypePhoneSkype.exe:Skype "{C95C0DC8-4EBE-4DA4-B31C-BA0AF4540673}"= c:program filesSkypePhoneSkype.exe:Skype "{B29C8A7F-01A3-4AD6-AA7B-2ED5F338F084}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{232FA13C-584A-4B71-8732-AB4370B7962C}c:\users\edo\appdata\local\temp\rarsfx11\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx11hl.exe:hl.exe "UDP Query User{2A3EF8AD-0F5B-4452-9FC5-9648B543495F}c:\users\edo\appdata\local\temp\rarsfx11\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx11hl.exe:hl.exe "{69FDAF82-DCE2-4C5E-8DFB-F955267DAE13}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{A4CE1BEB-8D60-424C-B1E6-1318E5D5E1F7}c:\users\edo\appdata\local\temp\rarsfx12\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx12hl.exe:hl.exe "UDP Query User{76FD5A59-CD08-41CC-9E96-126ABD5A7F24}c:\users\edo\appdata\local\temp\rarsfx12\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx12hl.exe:hl.exe "TCP Query User{003C87E4-4BF7-4F80-AD58-99D504156F33}c:\users\edo\appdata\local\temp\rarsfx13\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx13hl.exe:hl.exe "UDP Query User{977A5291-0182-47B8-ABED-BF8D2E840C0B}c:\users\edo\appdata\local\temp\rarsfx13\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx13hl.exe:hl.exe "{21637CFE-3500-4073-A567-4F8768A0BC85}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{CD3E1D89-4801-483C-A583-0B77248E26BC}c:\users\edo\appdata\local\temp\rarsfx14\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx14hl.exe:hl.exe "UDP Query User{C9FC525B-3AD8-4BEA-8CEE-E39AF29F5A9C}c:\users\edo\appdata\local\temp\rarsfx14\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx14hl.exe:hl.exe "TCP Query User{92858762-80B0-49CF-A5ED-19D949366395}c:\users\edo\appdata\local\temp\rarsfx15\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx15hl.exe:hl.exe "UDP Query User{A32AD7DD-D4D5-4719-8EDD-9C6A74AA6A98}c:\users\edo\appdata\local\temp\rarsfx15\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx15hl.exe:hl.exe "TCP Query User{F269D279-1C24-47E2-A7AA-F15029E300AF}c:\users\edo\appdata\local\temp\rarsfx16\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx16hl.exe:hl.exe "UDP Query User{927BE17C-259B-401A-8F99-0D4D6C17080A}c:\users\edo\appdata\local\temp\rarsfx16\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx16hl.exe:hl.exe "TCP Query User{4F470ACE-0017-420A-9C1B-A28BA6231344}c:\users\edo\appdata\local\temp\rarsfx17\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx17hl.exe:hl.exe "UDP Query User{DECD8EAC-6CB2-4668-8096-FAB2F2A0E233}c:\users\edo\appdata\local\temp\rarsfx17\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx17hl.exe:hl.exe "TCP Query User{ED427565-DF4F-48CE-9AEC-B3ADDAF94A40}c:\users\edo\appdata\local\temp\rarsfx18\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx18hl.exe:hl.exe "UDP Query User{09F8B41B-A92D-4BA0-B496-DCC9B1074C12}c:\users\edo\appdata\local\temp\rarsfx18\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx18hl.exe:hl.exe "TCP Query User{7235B185-6445-4436-B6EB-2365158411AF}c:\users\edo\appdata\local\temp\rarsfx19\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx19hl.exe:hl.exe "UDP Query User{E0CBECCB-6F53-4B4D-B2B5-E053660818C6}c:\users\edo\appdata\local\temp\rarsfx19\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx19hl.exe:hl.exe "{C973744A-6F84-4CC4-80E0-C7A1F59FDA0D}"= c:program filesSkypePhoneSkype.exe:Skype "{C7FDB42C-AAA0-4616-935E-AB4BD108A11D}"= c:program filesSkypePhoneSkype.exe:Skype "{A2488F25-D0FD-42C9-AFBD-2BE922C5BE70}"= c:program filesSkypePhoneSkype.exe:Skype "{B256651C-F2C9-458E-AD73-64F1A1F62608}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{35092405-0AE0-42DD-B613-3F1C99394E1B}c:\program files\java\jdk1.6.0_07\bin\javaw.exe"= UDP:c:program filesjavajdk1.6.0_07binjavaw.exe:Java(TM) Platform SE binary "UDP Query User{A54B3AB9-869C-4298-94A0-9EB82CDB6B69}c:\program files\java\jdk1.6.0_07\bin\javaw.exe"= TCP:c:program filesjavajdk1.6.0_07binjavaw.exe:Java(TM) Platform SE binary "{478F7839-F330-4836-B879-C1006B4EFEA4}"= c:program filesSkypePhoneSkype.exe:Skype "{211D768E-25EF-4ADD-9D04-A39992BBFC58}"= c:program filesSkypePhoneSkype.exe:Skype "{8154691D-C587-409E-9652-740F9217EA44}"= c:program filesSkypePhoneSkype.exe:Skype "{26F5C53C-FBB1-4D4F-961D-01430B676475}"= c:program filesSkypePhoneSkype.exe:Skype "{A4511BF3-AE29-4D29-A618-6F2D7E402796}"= c:program filesSkypePhoneSkype.exe:Skype "{127B8290-D82A-46A9-A532-3A17DEB45126}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{C790ABD6-EE7C-4F66-9769-724294B84124}c:\program files\spyware terminator\spywareterminatorupdate.exe"= UDP:c:program filesspyware terminatorspywareterminatorupdate.exe:Crawler Spyware Terminator "UDP Query User{7F34D465-5515-4FBC-8284-5EE45CFC97C0}c:\program files\spyware terminator\spywareterminatorupdate.exe"= TCP:c:program filesspyware terminatorspywareterminatorupdate.exe:Crawler Spyware Terminator "{E847D5EF-F2C3-49D5-B0C9-032BA85482CA}"= c:program filesSkypePhoneSkype.exe:Skype [HKLM~servicessharedaccessparametersfirewallpolicyStandardProfile] "EnableFirewall"= 0 (0x0) R1 sp_rsdrv2;Spyware Terminator Driver 2;c:windowsSystem32driverssp_rsdrv2.sys [12/09/2009 18:10 142592] R2 aswMonFlt;aswMonFlt;c:windowsSystem32driversaswMonFlt.sys [10/09/2009 16:17 51792] R2 ConfigFree Service;ConfigFree Service;c:program filesToshibaConfigFreeCFSvcs.exe [25/12/2007 14:07 40960] R2 ekrn;Eset Service;c:program filesESETESET Smart Securityekrn.exe [21/12/2007 08:21 468224] R2 FGUARD32;FGUARD32;c:program filesFolder GuardFGUARD32.SYS [31/05/2009 13:49 54480] R2 fssfltr;FssFltr;c:windowsSystem32driversfssfltr.sys [11/02/2009 12:47 55264] R2 fsssvc;Windows Live Family Safety;c:program filesWindows LiveFamily Safetyfsssvc.exe [06/02/2009 19:08 533360] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filesToshibaSMARTLogServiceTosIPCSrv.exe [03/12/2007 18:03 126976] R3 FwLnk;FwLnk Driver;c:windowsSystem32driversFwLnk.sys [22/04/2008 18:57 7168] S2 gupdate1c9ed10d6f77110;Google Update Service (gupdate1c9ed10d6f77110);c:program filesGoogleUpdateGoogleUpdate.exe [14/06/2009 18:54 133104] S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [21/09/2008 23:33 356920] . Contents of the 'Scheduled Tasks' folder 2009-09-26 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-06-14 16:54] 2009-09-26 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-06-14 16:54] 2009-09-25 c:windowsTasksUser_Feed_Synchronization-{D1775555-3A0B-49F3-9B72-2829F4F92A07}.job - c:windowssystem32msfeedssync.exe [2008-01-21 02:24] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = local IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:progra~1MICROS~3Office12EXCEL.EXE/3000 IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/...557-9400-3/4 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:progra~1CrawlerToolbarctbr.dll FF - ProfilePath - c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.default FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p= FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxcomm.dll FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxshared.dll FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxsupport.dll FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxwsg.dll FF - component: c:program filesMozilla Firefoxextensions{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}componentsDealioToolbarFF.dll FF - component: c:program filesMozilla Firefoxextensionssearch@searchsettings.comcomponentsSearchSettingsFF.dll FF - component: c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.defaultextensionspiclens@cooliris.comcomponentscoolirisstub.dll FF - plugin: c:program filesGooglePicasa3npPicasa3.dll FF - plugin: c:program filesGoogleUpdate1.2.183.7npGoogleOneClick8.dll FF - plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll FF - plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll FF - plugin: c:program filesMicrosoftOffice LivenpOLW.dll FF - plugin: c:program filesWindows LivePhoto GalleryNPWLPG.dll FF - plugin: c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.defaultextensionspiclens@cooliris.compluginsnpcoolirisplugin.dll FF - plugin: c:usersEDOAppDataRoamingMozillapluginsnpcoolirisplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:program filesDealio ToolbarDealioToolbarIE.dll Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) AddRemove-FolderLock6 - c:program filesFolder LockUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-26 14:51 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ...  scanning hidden autostart entries ... scanning hidden files ...  c:windowsTEMPTMP000000735D59CA9AAE105949 524288 bytes ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}000AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}001AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}002AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2009-09-26 14:53 ComboFix-quarantined-files.txt  2009-09-26 12:53 Pre-Run: 45,820,129,280 bytes free Post-Run: 45,759,922,176 bytes free 334    --- E O F ---    2009-09-24 14:47 <hr />What can you do with the new Windows Live? <a href='http://www.microsoft.com/windows/windowslive/default.aspx' target='_new'>Find out</a></body>
</html>
--_cb030b77-0a73-4781-aee9-956d907f61d0_--

e.d

Odgovor na temu