|
[ ed-win @ 23.09.2009. 11:00 ] @
[ Milan86 @ 23.09.2009. 11:03 ] @
Skini HijackThis, skeniraj računar i pastuj ovde log.
[ ed-win @ 23.09.2009. 17:06 ] @
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:39:27, on 23/09/2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18294) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\SmoothView\SmoothView.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\Windows Live\Family Safety\fsui.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Folder Guard\FGKey.exe C:\Program Files\Dealio Toolbar\SearchSettings.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe C:\Program Files\Windows Sidebar\sidebar.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe C:\Windows\system32\wbem\unsecapp.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Users\EDO\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co.uk R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/...=aus&qkw=%s&tbid=60341 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: (no name) - *{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file) R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll O1 - Hosts: ::1 localhost O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file) O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard\FGKey.exe /Start O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files\Toshiba\TRDCReminder\TRDCReminder.exe (User 'Default user') O4 - Global Startup: Bluetooth Manager.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing) O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/o...hibaukbholink-21&site=home (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL,avgrsstx.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Update Service (gupdate1c9ed10d6f77110) (gupdate1c9ed10d6f77110) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: TOSHIBA SMART Log Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 13289 bytes [ Milan86 @ 23.09.2009. 20:00 ] @
Popravi sledeće:
C:\Program Files\Dealio Toolbar\SearchSettings.exe C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Dealio Toolbar\SearchSettings.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file) O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Dealio Toolbar\SearchSettings.exe O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing) O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/o...hibaukbholink-21&site=home (file missing) [ ed-win @ 23.09.2009. 21:56 ] @
odradio sam ovaj repair,nakon toga pojavio mi se folder sa backup-om na desktopu i unutar njega fajlovi koje sam repair-ovao.Potom sam restartovao racunar,onda ukljucio wireles i ponovo mi se pojavio nezeljeni folder na desktopu...:-(
_________________________________________________________________ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesa...rl=/friends.aspx&mkt=en-us --_a6e6e64a-1a19-4089-ac83-8aab06d24d86_ Content-Type: text/html; charset="iso-8859-2" Content-Transfer-Encoding: quoted-printable <html> <head> <style><!-- .hmmessage P { margin:0px; padding:0px } body.hmmessage { font-size: 10pt; font-family:Verdana } --></style> </head> <body class='hmmessage'> <br><br>> To: [email protected]<br>> Subject: Re: pojava foldera na desktopu prilikom paljenja wireles-a [elitesecurity.pracenje.teme]<br>> From: [email protected]<br>> Date: Wed, 23 Sep 2009 21:00:55 +0200<br>> <br>> Popravi slede�e:<br>> <br>> <br>> <br>> C:Program FilesDealio ToolbarSearchSettings.exe<br>> <br>> C:PROGRA~1CrawlerToolbarCToolbar.exe<br>> <br>> R3 - URLSearchHook: (no name) - *{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)<br>> <br>> R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:Program FilesDealio ToolbarSearchSettings.dll<br>> <br>> O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:Program FilesDealio ToolbarDealioToolbarIE.dll<br>> <br>> O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)<br>> <br>> O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)<br>> <br>> O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:Program FilesDealio ToolbarSearchSettings.dll<br>> <br>> O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)<br>> <br>> O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:Program FilesDealio ToolbarDealioToolbarIE.dll<br>> <br>> O4 - HKLM..Run: [SearchSettings] C:Program FilesDealio ToolbarSearchSettings.exe<br>> <br>> O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - (http://rover.ebay.com/rover/1/710-44557-9400-3/4: http://rover.ebay.com/rover/1/710-44557-9400-3/4 ) (file missing)<br>> <br>> O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - (http://www.amazon.co.uk/exec/o...kbholink-21&site=home: http://www.amazon.co.uk/exec/o...ukbholink-21&site=home ) (file missing)<br>> <br>> <br>> <br>> --<br>> http://www.elitesecurity.org/p2395573<br>> <br>> Prijave/odjave: http://www.elitesecurity.org/pracenje#376423<br>> <br>> Ne menjajte sledece dve linije ukoliko odgovarate putem emaila!<br>> esauth:376423:a26bff6da4f30d9daa2462b109ffb24c<br>> [ magna86 @ 23.09.2009. 22:45 ] @
Procitaj Top Temu o koriscenju Combofix programa.
Znaci,iskljuci AntiVirus,download-uj Combofix sa datih linkova,odradi skeniranje po uputstvu i kopiraj log koji Combofix napravi po zavrsetku skeniranja skeniranja [ ed-win @ 26.09.2009. 13:59 ] @
Evo odradio sam ovo sto si mi rekao,sada cu ti kopirati rezultat poslije sjeniranja comboFix-a:
ComboFix 09-09-25.01 - EDO 26/09/2009 14:44.1.2 - NTFSx86 Microsoft� Windows Vista� Home Premium 6.0.6001.1.1250.381.1033.18.2037.979 [GMT 2:00] Running from: c:usersEDODesktopComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} SP: avast! antivirus 4.8.1229 [VPS 090202-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448} SP: Spyware Terminator *enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:program filesDealio Toolbar c:program filesDealio Toolbarconfig.ini c:program filesDealio ToolbarDealioToolbarIE.dll c:program filesDealio ToolbarResamazon.gif c:program filesDealio ToolbarResapple.gif c:program filesDealio ToolbarResbarnes.gif c:program filesDealio ToolbarResbestbuy.gif c:program filesDealio ToolbarResdealio_logo.gif c:program filesDealio ToolbarResdealio_logo_hover.gif c:program filesDealio ToolbarResebay.gif c:program filesDealio ToolbarResicon_settings.gif c:program filesDealio ToolbarResmacys.gif c:program filesDealio ToolbarResnewegg.gif c:program filesDealio ToolbarResoverstock.gif c:program filesDealio ToolbarRessearch-button-hover.gif c:program filesDealio ToolbarRessearch-button.gif c:program filesDealio ToolbarRessearch-chevron-hover.gif c:program filesDealio ToolbarRessearch-chevron.gif c:program filesDealio ToolbarRessearch_amazon.gif c:program filesDealio ToolbarRessearch_dealio.gif c:program filesDealio ToolbarRessearch_ebay.gif c:program filesDealio ToolbarRessearch_yahoo.gif c:program filesDealio ToolbarResseparator.gif c:program filesDealio ToolbarRestarget.gif c:program filesDealio ToolbarReswalmart.gif c:program filesDealio ToolbarReswidgets.xml c:program filesDealio ToolbarSearchSettings.exe c:program filesDealio ToolbarSearchSettingsRes409.dll c:program filesDealio Toolbarsscfg.ini c:program filesDealio ToolbarWidgiHelper.exe c:usersEDOAppDataRoaming.# c:windowsInstaller4a9b63.msi c:windowsInstaller8b18e5.msi c:windowsInstallerWMEncoder.msi c:windowssystemMSW.DLL c:windowssystem32NTSVc.ocx . ((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 ))))))))))))))))))))))))))))))) . 2009-09-26 12:51 . 2009-09-26 12:51 -------- d-----w- c:usersDefaultAppDataLocaltemp 2009-09-25 15:04 . 2009-09-25 15:12 -------- d-----w- c:program filesWirelessMon 2009-09-23 21:15 . 2009-09-23 21:15 -------- d-----w- c:program filesESET 2009-09-21 16:17 . 2009-09-21 16:56 -------- d-----w- C:$AVG8.VAULT$ 2009-09-21 13:21 . 2009-09-23 21:10 -------- d-----w- c:programdataavg8 2009-09-13 11:32 . 2009-09-26 11:02 -------- d-----w- c:program filesWinClamAVShield 2009-09-12 16:11 . 2009-09-12 16:11 -------- d-----w- c:program filesCrawler 2009-09-12 16:10 . 2009-09-12 16:10 142592 ----a-w- c:windowssystem32driverssp_rsdrv2.sys 2009-09-12 16:10 . 2009-09-26 12:39 -------- d-----w- c:usersEDOAppDataRoamingSpyware Terminator 2009-09-12 16:10 . 2009-09-25 13:47 -------- d-----w- c:programdataSpyware Terminator 2009-09-12 16:10 . 2009-09-23 21:22 -------- d-----w- c:program filesSpyware Terminator 2009-09-10 15:06 . 2009-06-15 15:24 175104 ----a-w- c:windowssystem32wdigest.dll 2009-09-10 15:06 . 2009-06-15 15:24 270848 ----a-w- c:windowssystem32schannel.dll 2009-09-10 15:06 . 2009-06-15 15:23 1256448 ----a-w- c:windowssystem32lsasrv.dll 2009-09-10 15:06 . 2009-06-15 15:22 213504 ----a-w- c:windowssystem32msv1_0.dll 2009-09-10 15:06 . 2009-06-15 15:21 499712 ----a-w- c:windowssystem32kerberos.dll 2009-09-10 15:06 . 2009-06-15 18:20 439896 ----a-w- c:windowssystem32driversksecdd.sys 2009-09-10 15:06 . 2009-06-15 15:24 72704 ----a-w- c:windowssystem32secur32.dll 2009-09-10 15:06 . 2009-06-15 12:57 9728 ----a-w- c:windowssystem32lsass.exe 2009-09-10 14:17 . 2009-02-05 20:06 51792 ----a-w- c:windowssystem32driversaswMonFlt.sys 2009-09-10 14:00 . 2009-08-28 12:39 28672 ----a-w- c:windowssystem32Apphlpdm.dll 2009-09-10 14:00 . 2009-08-28 10:15 4240384 ----a-w- c:windowssystem32GameUXLegacyGDFs.dll 2009-08-27 15:46 . 2009-06-22 10:22 2048 ----a-w- c:windowssystem32tzres.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-26 12:51 . 2009-03-29 21:14 -------- d-----w- c:usersEDOAppDataRoamingSkype 2009-09-25 13:42 . 2008-09-17 16:30 -------- d-----w- c:usersEDOAppDataRoamingToshiba 2009-09-24 14:49 . 2008-10-09 19:04 -------- d-----w- c:program fileseclipse 2009-09-23 21:24 . 2008-09-23 13:16 -------- d-----w- c:program filesCCleaner 2009-09-14 21:12 . 2008-09-21 21:54 -------- d-----w- c:program filesAskTBar 2009-09-13 12:10 . 2008-04-22 17:12 -------- d-----w- c:program filesCommon FilesAdobe 2009-09-12 16:33 . 2008-09-17 14:38 114400 ----a-w- c:usersEDOAppDataLocalGDIPFONTCACHEV1.DAT 2009-09-10 15:19 . 2009-04-06 21:08 680 ----a-w- c:usersEDOAppDataLocald3d9caps.dat 2009-09-10 15:09 . 2008-04-23 06:35 -------- d-----w- c:programdataMicrosoft Help 2009-09-10 14:55 . 2006-11-02 11:18 -------- d-----w- c:program filesWindows Mail 2009-09-10 14:55 . 2009-02-21 22:26 -------- d-----w- c:program filesMicrosoft Silverlight 2009-08-21 14:04 . 2009-05-31 11:52 -------- d-----w- c:usersEDOAppDataRoamingFolder Guard 2009-08-21 14:04 . 2009-05-31 11:49 -------- d-----w- c:program filesFolder Guard 2009-08-14 17:07 . 2009-09-10 14:01 897608 ----a-w- c:windowssystem32driverstcpip.sys 2009-08-14 16:29 . 2009-09-10 14:01 104960 ----a-w- c:windowssystem32netiohlp.dll 2009-08-14 16:29 . 2009-09-10 14:01 17920 ----a-w- c:windowssystem32netevent.dll 2009-08-14 14:16 . 2009-09-10 14:01 9728 ----a-w- c:windowssystem32TCPSVCS.EXE 2009-08-14 14:16 . 2009-09-10 14:01 17920 ----a-w- c:windowssystem32ROUTE.EXE 2009-08-14 14:16 . 2009-09-10 14:01 11264 ----a-w- c:windowssystem32MRINFO.EXE 2009-08-14 14:16 . 2009-09-10 14:01 27136 ----a-w- c:windowssystem32NETSTAT.EXE 2009-08-14 14:16 . 2009-09-10 14:01 19968 ----a-w- c:windowssystem32ARP.EXE 2009-08-14 14:16 . 2009-09-10 14:01 8704 ----a-w- c:windowssystem32HOSTNAME.EXE 2009-08-14 14:16 . 2009-09-10 14:01 10240 ----a-w- c:windowssystem32finger.exe 2009-07-18 16:06 . 2009-07-30 17:08 827904 ----a-w- c:windowssystem32wininet.dll 2009-07-18 16:01 . 2009-07-30 17:08 78336 ----a-w- c:windowssystem32ieencode.dll 2009-07-18 09:46 . 2009-07-30 17:08 26624 ----a-w- c:windowssystem32ieUnatt.exe 2009-07-17 14:35 . 2009-08-13 12:55 71680 ----a-w- c:windowssystem32atl.dll 2009-07-14 13:00 . 2009-08-13 12:54 313344 ----a-w- c:windowssystem32wmpdxm.dll 2009-07-14 12:59 . 2009-08-13 12:54 4096 ----a-w- c:windowssystem32dxmasf.dll 2009-07-14 12:58 . 2009-08-13 12:54 7680 ----a-w- c:windowssystem32spwmp.dll 2009-07-14 10:59 . 2009-08-13 12:54 8147456 ----a-w- c:windowssystem32wmploc.DLL 2009-07-11 19:32 . 2009-09-10 14:01 513024 ----a-w- c:windowssystem32wlansvc.dll 2009-07-11 19:32 . 2009-09-10 14:01 302592 ----a-w- c:windowssystem32wlansec.dll 2009-07-11 19:32 . 2009-09-10 14:01 293376 ----a-w- c:windowssystem32wlanmsm.dll 2009-07-11 19:29 . 2009-09-10 14:01 127488 ----a-w- c:windowssystem32L2SecHC.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:program filesmozilla firefoxpluginslibdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:program filesmozilla firefoxpluginsssldivx.dll 2009-03-12 22:02 . 2009-03-12 22:02 0 --sha-w- c:windowsSystem32sys_drv.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2008-01-21 1233920] "MsnMsgr"="c:program filesWindows LiveMessengermsnmsgr.exe" [2009-02-06 3885408] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe" [2007-12-13 1688872] "Skype"="c:program filesSkypePhoneSkype.exe" [2009-03-11 24095528] "ehTray.exe"="c:windowsehomeehTray.exe" [2008-01-21 125952] "SpywareTerminatorUpdate"="c:program filesSpyware TerminatorSpywareTerminatorUpdate.exe" [2009-09-12 3055616] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "TPwrMain"="c:program filesTOSHIBAPower SaverTPwrMain.EXE" [2008-01-17 431456] "HSON"="c:program filesTOSHIBATBSHSON.exe" [2007-10-31 54608] "SmoothView"="c:program filesToshibaSmoothViewSmoothView.exe" [2008-01-25 509816] "00TCrdMain"="c:program filesTOSHIBAFlashCardsTCrdMain.exe" [2008-01-22 712704] "fssui"="c:program filesWindows LiveFamily Safetyfsui.exe" [2009-02-06 454000] "SunJavaUpdateSched"="c:program filesJavajre1.6.0_07binjusched.exe" [2008-06-10 144784] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-05-28 1029416] "FG_Monitor"="c:program filesFolder GuardFGKey.exe" [2009-03-24 132424] "SpywareTerminator"="c:program filesSpyware TerminatorSpywareTerminatorShield.exe" [2009-09-12 2171904] "egui"="c:program filesESETESET Smart Securityegui.exe" [2008-07-01 1447168] "RtHDVCpl"="RtHDVCpl.exe" - c:windowsRtHDVCpl.exe [2008-01-29 4911104] c:programdataMicrosoftWindowsStart MenuProgramsStartup Bluetooth Manager.lnk - c:program filesToshibaBluetooth Toshiba StackTosBtMng.exe [2008-1-25 2938184] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows] "AppInit_DLLs"=c:progra~1GoogleGOOGLE~3GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute REG_MULTI_SZ PDBoot.exe�autocheck autochk * [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice] @="" [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice] @="" [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend] @="Service" [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-1034232064-2279216250-2363570500-1000] "EnableNotificationsRef"=dword:00000001 [HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules] "TCP Query User{28B057F1-274A-4A7B-B0D9-BE0DED0A23AD}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe "UDP Query User{3D70D057-D432-43F1-A6C6-112AD064E214}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe "TCP Query User{C20F3FFD-4A02-49F0-963C-14E5F0ACE68A}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe "UDP Query User{CD3B3FB0-A778-4CC7-8B4C-0B8F378F98B5}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe "TCP Query User{E5DA0683-C590-4B2F-A311-9965BE90B870}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe "UDP Query User{3C11572B-1A68-42C8-B8F2-A99FA6E3438B}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe "TCP Query User{AC5592F3-0FB8-4FF6-B0E0-B7A8B2385528}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe "UDP Query User{82BC3D69-8CCC-46B7-A6F6-C2A3137A4CD6}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe "TCP Query User{9F5B5053-8403-4E36-A88D-6FDFB0F6658D}c:\program files\windows live\messenger\msnmsgr.exe"= UDP:c:program fileswindows livemessengermsnmsgr.exe:Windows Live Messenger "UDP Query User{20340B07-01F9-47C2-A8C9-B5F59E8B0204}c:\program files\windows live\messenger\msnmsgr.exe"= TCP:c:program fileswindows livemessengermsnmsgr.exe:Windows Live Messenger "TCP Query User{663ECF2F-E4B9-42FD-BBB4-79465A48F42E}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe "UDP Query User{6C2B3F76-DEDC-45E5-AD88-3FCF9E190BC0}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe "TCP Query User{0B58CBAD-50B8-4DD5-BD84-A6F92C6438A6}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe "UDP Query User{E02E369C-E872-40F9-8D45-AFBB784934CC}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe "TCP Query User{CE615757-7147-46F7-AE5C-3C7501136283}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe "UDP Query User{D21996F4-4247-4CCD-9516-5D900FFC5E54}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe "TCP Query User{EA162715-4F11-4DD9-A55D-5837FC307196}c:\users\edo\appdata\local\temp\rarsfx1\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx1hl.exe:hl.exe "UDP Query User{C4963D4F-B749-4E08-91EA-7776BA89B410}c:\users\edo\appdata\local\temp\rarsfx1\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx1hl.exe:hl.exe "TCP Query User{944C3C81-D8F6-48CB-B0B2-27F458E171C7}c:\users\edo\appdata\local\temp\rarsfx5\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx5hl.exe:hl.exe "UDP Query User{EA49780C-21A4-4315-89F5-80D266759EE4}c:\users\edo\appdata\local\temp\rarsfx5\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx5hl.exe:hl.exe "TCP Query User{93622879-AFC2-4BA7-89B8-02AEC63B812D}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= UDP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary "UDP Query User{55402014-180B-4061-B771-444B4FBE0509}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= TCP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary "{8B499D1F-4728-40CB-B810-0252832C4FDB}"= c:program filesSkypePhoneSkype.exe:Skype "{9CDD1642-ACAC-476D-BC94-2368757C9046}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{CDFBB7D8-B624-4E29-8E0F-DE1CFDB45CA8}c:\users\edo\appdata\local\temp\rarsfx6\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx6hl.exe:hl.exe "UDP Query User{F0E0E2FB-B11C-4724-A183-C56B49756BB1}c:\users\edo\appdata\local\temp\rarsfx6\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx6hl.exe:hl.exe "TCP Query User{24C1338A-264C-46D4-8667-708D3C8C161B}c:\users\edo\appdata\local\temp\rarsfx7\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx7hl.exe:hl.exe "UDP Query User{37D1507E-1BCB-483A-85AA-92870A94C223}c:\users\edo\appdata\local\temp\rarsfx7\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx7hl.exe:hl.exe "{235C35FD-B8BC-42BB-AA3D-ECAE78E2DD09}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{A1CE5AF9-2586-45DC-BC1C-A8910486F81B}c:\users\edo\appdata\local\temp\rarsfx8\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx8hl.exe:hl.exe "UDP Query User{D2C4AD48-D8B9-4850-8FF6-743F6D49A8F0}c:\users\edo\appdata\local\temp\rarsfx8\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx8hl.exe:hl.exe "{59A35467-6E8E-4DFA-AF12-58669AB3764A}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{A31E95BB-3F98-484C-9B47-B4E1E4012BE3}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= UDP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary "UDP Query User{47E5EB56-541C-46C0-BBA3-8825914E829F}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= TCP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary "TCP Query User{1BC140AE-BBB1-4FC3-8523-9699554CABAA}c:\users\edo\appdata\local\temp\rarsfx9\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx9hl.exe:hl.exe "UDP Query User{9A44301F-146E-441F-8350-6AC9B9771209}c:\users\edo\appdata\local\temp\rarsfx9\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx9hl.exe:hl.exe "TCP Query User{1A03CF9C-B1BF-466D-A337-229C3EF1918A}c:\users\edo\appdata\local\temp\rarsfx10\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx10hl.exe:hl.exe "UDP Query User{C2B3964F-0567-40F1-8001-7917CFE3AF89}c:\users\edo\appdata\local\temp\rarsfx10\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx10hl.exe:hl.exe "TCP Query User{2F8F1FE1-64FE-4279-88EC-2BB06E3DD0B2}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe "UDP Query User{1A40830E-A351-4A8F-B852-3151708ADA5C}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe "{D5E25D5C-B387-40B2-93BA-61F07D8C69AD}"= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote "{25ED5032-C100-47F9-A768-7E857D25EFA1}"= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote "{FD65048E-0698-4411-BE49-FE4EAC1C65F8}"= c:program filesSkypePhoneSkype.exe:Skype "{C95C0DC8-4EBE-4DA4-B31C-BA0AF4540673}"= c:program filesSkypePhoneSkype.exe:Skype "{B29C8A7F-01A3-4AD6-AA7B-2ED5F338F084}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{232FA13C-584A-4B71-8732-AB4370B7962C}c:\users\edo\appdata\local\temp\rarsfx11\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx11hl.exe:hl.exe "UDP Query User{2A3EF8AD-0F5B-4452-9FC5-9648B543495F}c:\users\edo\appdata\local\temp\rarsfx11\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx11hl.exe:hl.exe "{69FDAF82-DCE2-4C5E-8DFB-F955267DAE13}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{A4CE1BEB-8D60-424C-B1E6-1318E5D5E1F7}c:\users\edo\appdata\local\temp\rarsfx12\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx12hl.exe:hl.exe "UDP Query User{76FD5A59-CD08-41CC-9E96-126ABD5A7F24}c:\users\edo\appdata\local\temp\rarsfx12\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx12hl.exe:hl.exe "TCP Query User{003C87E4-4BF7-4F80-AD58-99D504156F33}c:\users\edo\appdata\local\temp\rarsfx13\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx13hl.exe:hl.exe "UDP Query User{977A5291-0182-47B8-ABED-BF8D2E840C0B}c:\users\edo\appdata\local\temp\rarsfx13\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx13hl.exe:hl.exe "{21637CFE-3500-4073-A567-4F8768A0BC85}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{CD3E1D89-4801-483C-A583-0B77248E26BC}c:\users\edo\appdata\local\temp\rarsfx14\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx14hl.exe:hl.exe "UDP Query User{C9FC525B-3AD8-4BEA-8CEE-E39AF29F5A9C}c:\users\edo\appdata\local\temp\rarsfx14\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx14hl.exe:hl.exe "TCP Query User{92858762-80B0-49CF-A5ED-19D949366395}c:\users\edo\appdata\local\temp\rarsfx15\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx15hl.exe:hl.exe "UDP Query User{A32AD7DD-D4D5-4719-8EDD-9C6A74AA6A98}c:\users\edo\appdata\local\temp\rarsfx15\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx15hl.exe:hl.exe "TCP Query User{F269D279-1C24-47E2-A7AA-F15029E300AF}c:\users\edo\appdata\local\temp\rarsfx16\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx16hl.exe:hl.exe "UDP Query User{927BE17C-259B-401A-8F99-0D4D6C17080A}c:\users\edo\appdata\local\temp\rarsfx16\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx16hl.exe:hl.exe "TCP Query User{4F470ACE-0017-420A-9C1B-A28BA6231344}c:\users\edo\appdata\local\temp\rarsfx17\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx17hl.exe:hl.exe "UDP Query User{DECD8EAC-6CB2-4668-8096-FAB2F2A0E233}c:\users\edo\appdata\local\temp\rarsfx17\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx17hl.exe:hl.exe "TCP Query User{ED427565-DF4F-48CE-9AEC-B3ADDAF94A40}c:\users\edo\appdata\local\temp\rarsfx18\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx18hl.exe:hl.exe "UDP Query User{09F8B41B-A92D-4BA0-B496-DCC9B1074C12}c:\users\edo\appdata\local\temp\rarsfx18\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx18hl.exe:hl.exe "TCP Query User{7235B185-6445-4436-B6EB-2365158411AF}c:\users\edo\appdata\local\temp\rarsfx19\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx19hl.exe:hl.exe "UDP Query User{E0CBECCB-6F53-4B4D-B2B5-E053660818C6}c:\users\edo\appdata\local\temp\rarsfx19\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx19hl.exe:hl.exe "{C973744A-6F84-4CC4-80E0-C7A1F59FDA0D}"= c:program filesSkypePhoneSkype.exe:Skype "{C7FDB42C-AAA0-4616-935E-AB4BD108A11D}"= c:program filesSkypePhoneSkype.exe:Skype "{A2488F25-D0FD-42C9-AFBD-2BE922C5BE70}"= c:program filesSkypePhoneSkype.exe:Skype "{B256651C-F2C9-458E-AD73-64F1A1F62608}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{35092405-0AE0-42DD-B613-3F1C99394E1B}c:\program files\java\jdk1.6.0_07\bin\javaw.exe"= UDP:c:program filesjavajdk1.6.0_07binjavaw.exe:Java(TM) Platform SE binary "UDP Query User{A54B3AB9-869C-4298-94A0-9EB82CDB6B69}c:\program files\java\jdk1.6.0_07\bin\javaw.exe"= TCP:c:program filesjavajdk1.6.0_07binjavaw.exe:Java(TM) Platform SE binary "{478F7839-F330-4836-B879-C1006B4EFEA4}"= c:program filesSkypePhoneSkype.exe:Skype "{211D768E-25EF-4ADD-9D04-A39992BBFC58}"= c:program filesSkypePhoneSkype.exe:Skype "{8154691D-C587-409E-9652-740F9217EA44}"= c:program filesSkypePhoneSkype.exe:Skype "{26F5C53C-FBB1-4D4F-961D-01430B676475}"= c:program filesSkypePhoneSkype.exe:Skype "{A4511BF3-AE29-4D29-A618-6F2D7E402796}"= c:program filesSkypePhoneSkype.exe:Skype "{127B8290-D82A-46A9-A532-3A17DEB45126}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{C790ABD6-EE7C-4F66-9769-724294B84124}c:\program files\spyware terminator\spywareterminatorupdate.exe"= UDP:c:program filesspyware terminatorspywareterminatorupdate.exe:Crawler Spyware Terminator "UDP Query User{7F34D465-5515-4FBC-8284-5EE45CFC97C0}c:\program files\spyware terminator\spywareterminatorupdate.exe"= TCP:c:program filesspyware terminatorspywareterminatorupdate.exe:Crawler Spyware Terminator "{E847D5EF-F2C3-49D5-B0C9-032BA85482CA}"= c:program filesSkypePhoneSkype.exe:Skype [HKLM~servicessharedaccessparametersfirewallpolicyStandardProfile] "EnableFirewall"= 0 (0x0) R1 sp_rsdrv2;Spyware Terminator Driver 2;c:windowsSystem32driverssp_rsdrv2.sys [12/09/2009 18:10 142592] R2 aswMonFlt;aswMonFlt;c:windowsSystem32driversaswMonFlt.sys [10/09/2009 16:17 51792] R2 ConfigFree Service;ConfigFree Service;c:program filesToshibaConfigFreeCFSvcs.exe [25/12/2007 14:07 40960] R2 ekrn;Eset Service;c:program filesESETESET Smart Securityekrn.exe [21/12/2007 08:21 468224] R2 FGUARD32;FGUARD32;c:program filesFolder GuardFGUARD32.SYS [31/05/2009 13:49 54480] R2 fssfltr;FssFltr;c:windowsSystem32driversfssfltr.sys [11/02/2009 12:47 55264] R2 fsssvc;Windows Live Family Safety;c:program filesWindows LiveFamily Safetyfsssvc.exe [06/02/2009 19:08 533360] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filesToshibaSMARTLogServiceTosIPCSrv.exe [03/12/2007 18:03 126976] R3 FwLnk;FwLnk Driver;c:windowsSystem32driversFwLnk.sys [22/04/2008 18:57 7168] S2 gupdate1c9ed10d6f77110;Google Update Service (gupdate1c9ed10d6f77110);c:program filesGoogleUpdateGoogleUpdate.exe [14/06/2009 18:54 133104] S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [21/09/2008 23:33 356920] . Contents of the 'Scheduled Tasks' folder 2009-09-26 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-06-14 16:54] 2009-09-26 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-06-14 16:54] 2009-09-25 c:windowsTasksUser_Feed_Synchronization-{D1775555-3A0B-49F3-9B72-2829F4F92A07}.job - c:windowssystem32msfeedssync.exe [2008-01-21 02:24] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = local IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:progra~1MICROS~3Office12EXCEL.EXE/3000 IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:progra~1CrawlerToolbarctbr.dll FF - ProfilePath - c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.default FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p= FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxcomm.dll FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxshared.dll FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxsupport.dll FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxwsg.dll FF - component: c:program filesMozilla Firefoxextensions{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}componentsDealioToolbarFF.dll FF - component: c:program filesMozilla Firefoxextensionssearch@searchsettings.comcomponentsSearchSettingsFF.dll FF - component: c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.defaultextensionspiclens@cooliris.comcomponentscoolirisstub.dll FF - plugin: c:program filesGooglePicasa3npPicasa3.dll FF - plugin: c:program filesGoogleUpdate1.2.183.7npGoogleOneClick8.dll FF - plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll FF - plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll FF - plugin: c:program filesMicrosoftOffice LivenpOLW.dll FF - plugin: c:program filesWindows LivePhoto GalleryNPWLPG.dll FF - plugin: c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.defaultextensionspiclens@cooliris.compluginsnpcoolirisplugin.dll FF - plugin: c:usersEDOAppDataRoamingMozillapluginsnpcoolirisplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:program filesDealio ToolbarDealioToolbarIE.dll Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) AddRemove-FolderLock6 - c:program filesFolder LockUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-26 14:51 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:windowsTEMPTMP000000735D59CA9AAE105949 524288 bytes ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}�000AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}�001AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}�002AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2009-09-26 14:53 ComboFix-quarantined-files.txt 2009-09-26 12:53 Pre-Run: 45,820,129,280 bytes free Post-Run: 45,759,922,176 bytes free STA SAD DA RADIM? 334 --- E O F --- 2009-09-24 14:47 _________________________________________________________________ Invite your mail contacts to join your friends list with Windows Live Spaces. It's easy! http://spaces.live.com/spacesa...rl=/friends.aspx&mkt=en-us --_6607fc1e-9309-46fa-bb14-cf28e9cfa548_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable <html> <head> <style><!-- .hmmessage P { margin:0px; padding:0px } body.hmmessage { font-size: 10pt; font-family:Verdana } --></style> </head> <body class='hmmessage'> <br><br>> To: [email protected]<br>> Subject: Re: pojava foldera na desktopu prilikom paljenja wireles-a [elitesecurity.pracenje.teme]<br>> From: [email protected]<br>> Date: Wed, 23 Sep 2009 23:45:35 +0200<br>> <br>> Procitaj Top Temu o koriscenju Combofix programa.<br>> <br>> <br>> <br>> Znaci,iskljuci AntiVirus,download-uj Combofix sa datih linkova,odradi skeniranje po uputstvu <br>> <br>> i kopiraj log koji Combofix napravi po zavrsetku skeniranja skeniranja<br>> <br>> --<br>> http://www.elitesecurity.org/p2395725<br>> <br>> Prijave/odjave: http://www.elitesecurity.org/pracenje#376423<br>> <br>> Ne menjajte sledece dve linije ukoliko odgovarate putem emaila!<br>> esauth:376423:a26bff6da4f30d9daa2462b109ffb24c<br>> [ magna86 @ 27.09.2009. 00:50 ] @
Combofix log nije ceo,nadji ga na C particiji i prikaci ga uz poruku
[ ed-win @ 27.09.2009. 16:08 ] @
ComboFix 09-09-25.01 - EDO 26/09/2009 14:44.1.2 - NTFSx86
Microsoft� Windows Vista� Home Premium 6.0.6001.1.1250.381.1033.18.2037.979 [GMT 2:00] Running from: c:usersEDODesktopComboFix.exe AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} SP: avast! antivirus 4.8.1229 [VPS 090202-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448} SP: Spyware Terminator *enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:program filesDealio Toolbar c:program filesDealio Toolbarconfig.ini c:program filesDealio ToolbarDealioToolbarIE.dll c:program filesDealio ToolbarResamazon.gif c:program filesDealio ToolbarResapple.gif c:program filesDealio ToolbarResbarnes.gif c:program filesDealio ToolbarResbestbuy.gif c:program filesDealio ToolbarResdealio_logo.gif c:program filesDealio ToolbarResdealio_logo_hover.gif c:program filesDealio ToolbarResebay.gif c:program filesDealio ToolbarResicon_settings.gif c:program filesDealio ToolbarResmacys.gif c:program filesDealio ToolbarResnewegg.gif c:program filesDealio ToolbarResoverstock.gif c:program filesDealio ToolbarRessearch-button-hover.gif c:program filesDealio ToolbarRessearch-button.gif c:program filesDealio ToolbarRessearch-chevron-hover.gif c:program filesDealio ToolbarRessearch-chevron.gif c:program filesDealio ToolbarRessearch_amazon.gif c:program filesDealio ToolbarRessearch_dealio.gif c:program filesDealio ToolbarRessearch_ebay.gif c:program filesDealio ToolbarRessearch_yahoo.gif c:program filesDealio ToolbarResseparator.gif c:program filesDealio ToolbarRestarget.gif c:program filesDealio ToolbarReswalmart.gif c:program filesDealio ToolbarReswidgets.xml c:program filesDealio ToolbarSearchSettings.exe c:program filesDealio ToolbarSearchSettingsRes409.dll c:program filesDealio Toolbarsscfg.ini c:program filesDealio ToolbarWidgiHelper.exe c:usersEDOAppDataRoaming.# c:windowsInstaller4a9b63.msi c:windowsInstaller8b18e5.msi c:windowsInstallerWMEncoder.msi c:windowssystemMSW.DLL c:windowssystem32NTSVc.ocx . ((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 ))))))))))))))))))))))))))))))) . 2009-09-26 12:51 . 2009-09-26 12:51 -------- d-----w- c:usersDefaultAppDataLocaltemp 2009-09-25 15:04 . 2009-09-25 15:12 -------- d-----w- c:program filesWirelessMon 2009-09-23 21:15 . 2009-09-23 21:15 -------- d-----w- c:program filesESET 2009-09-21 16:17 . 2009-09-21 16:56 -------- d-----w- C:$AVG8.VAULT$ 2009-09-21 13:21 . 2009-09-23 21:10 -------- d-----w- c:programdataavg8 2009-09-13 11:32 . 2009-09-26 11:02 -------- d-----w- c:program filesWinClamAVShield 2009-09-12 16:11 . 2009-09-12 16:11 -------- d-----w- c:program filesCrawler 2009-09-12 16:10 . 2009-09-12 16:10 142592 ----a-w- c:windowssystem32driverssp_rsdrv2.sys 2009-09-12 16:10 . 2009-09-26 12:39 -------- d-----w- c:usersEDOAppDataRoamingSpyware Terminator 2009-09-12 16:10 . 2009-09-25 13:47 -------- d-----w- c:programdataSpyware Terminator 2009-09-12 16:10 . 2009-09-23 21:22 -------- d-----w- c:program filesSpyware Terminator 2009-09-10 15:06 . 2009-06-15 15:24 175104 ----a-w- c:windowssystem32wdigest.dll 2009-09-10 15:06 . 2009-06-15 15:24 270848 ----a-w- c:windowssystem32schannel.dll 2009-09-10 15:06 . 2009-06-15 15:23 1256448 ----a-w- c:windowssystem32lsasrv.dll 2009-09-10 15:06 . 2009-06-15 15:22 213504 ----a-w- c:windowssystem32msv1_0.dll 2009-09-10 15:06 . 2009-06-15 15:21 499712 ----a-w- c:windowssystem32kerberos.dll 2009-09-10 15:06 . 2009-06-15 18:20 439896 ----a-w- c:windowssystem32driversksecdd.sys 2009-09-10 15:06 . 2009-06-15 15:24 72704 ----a-w- c:windowssystem32secur32.dll 2009-09-10 15:06 . 2009-06-15 12:57 9728 ----a-w- c:windowssystem32lsass.exe 2009-09-10 14:17 . 2009-02-05 20:06 51792 ----a-w- c:windowssystem32driversaswMonFlt.sys 2009-09-10 14:00 . 2009-08-28 12:39 28672 ----a-w- c:windowssystem32Apphlpdm.dll 2009-09-10 14:00 . 2009-08-28 10:15 4240384 ----a-w- c:windowssystem32GameUXLegacyGDFs.dll 2009-08-27 15:46 . 2009-06-22 10:22 2048 ----a-w- c:windowssystem32tzres.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-26 12:51 . 2009-03-29 21:14 -------- d-----w- c:usersEDOAppDataRoamingSkype 2009-09-25 13:42 . 2008-09-17 16:30 -------- d-----w- c:usersEDOAppDataRoamingToshiba 2009-09-24 14:49 . 2008-10-09 19:04 -------- d-----w- c:program fileseclipse 2009-09-23 21:24 . 2008-09-23 13:16 -------- d-----w- c:program filesCCleaner 2009-09-14 21:12 . 2008-09-21 21:54 -------- d-----w- c:program filesAskTBar 2009-09-13 12:10 . 2008-04-22 17:12 -------- d-----w- c:program filesCommon FilesAdobe 2009-09-12 16:33 . 2008-09-17 14:38 114400 ----a-w- c:usersEDOAppDataLocalGDIPFONTCACHEV1.DAT 2009-09-10 15:19 . 2009-04-06 21:08 680 ----a-w- c:usersEDOAppDataLocald3d9caps.dat 2009-09-10 15:09 . 2008-04-23 06:35 -------- d-----w- c:programdataMicrosoft Help 2009-09-10 14:55 . 2006-11-02 11:18 -------- d-----w- c:program filesWindows Mail 2009-09-10 14:55 . 2009-02-21 22:26 -------- d-----w- c:program filesMicrosoft Silverlight 2009-08-21 14:04 . 2009-05-31 11:52 -------- d-----w- c:usersEDOAppDataRoamingFolder Guard 2009-08-21 14:04 . 2009-05-31 11:49 -------- d-----w- c:program filesFolder Guard 2009-08-14 17:07 . 2009-09-10 14:01 897608 ----a-w- c:windowssystem32driverstcpip.sys 2009-08-14 16:29 . 2009-09-10 14:01 104960 ----a-w- c:windowssystem32netiohlp.dll 2009-08-14 16:29 . 2009-09-10 14:01 17920 ----a-w- c:windowssystem32netevent.dll 2009-08-14 14:16 . 2009-09-10 14:01 9728 ----a-w- c:windowssystem32TCPSVCS.EXE 2009-08-14 14:16 . 2009-09-10 14:01 17920 ----a-w- c:windowssystem32ROUTE.EXE 2009-08-14 14:16 . 2009-09-10 14:01 11264 ----a-w- c:windowssystem32MRINFO.EXE 2009-08-14 14:16 . 2009-09-10 14:01 27136 ----a-w- c:windowssystem32NETSTAT.EXE 2009-08-14 14:16 . 2009-09-10 14:01 19968 ----a-w- c:windowssystem32ARP.EXE 2009-08-14 14:16 . 2009-09-10 14:01 8704 ----a-w- c:windowssystem32HOSTNAME.EXE 2009-08-14 14:16 . 2009-09-10 14:01 10240 ----a-w- c:windowssystem32finger.exe 2009-07-18 16:06 . 2009-07-30 17:08 827904 ----a-w- c:windowssystem32wininet.dll 2009-07-18 16:01 . 2009-07-30 17:08 78336 ----a-w- c:windowssystem32ieencode.dll 2009-07-18 09:46 . 2009-07-30 17:08 26624 ----a-w- c:windowssystem32ieUnatt.exe 2009-07-17 14:35 . 2009-08-13 12:55 71680 ----a-w- c:windowssystem32atl.dll 2009-07-14 13:00 . 2009-08-13 12:54 313344 ----a-w- c:windowssystem32wmpdxm.dll 2009-07-14 12:59 . 2009-08-13 12:54 4096 ----a-w- c:windowssystem32dxmasf.dll 2009-07-14 12:58 . 2009-08-13 12:54 7680 ----a-w- c:windowssystem32spwmp.dll 2009-07-14 10:59 . 2009-08-13 12:54 8147456 ----a-w- c:windowssystem32wmploc.DLL 2009-07-11 19:32 . 2009-09-10 14:01 513024 ----a-w- c:windowssystem32wlansvc.dll 2009-07-11 19:32 . 2009-09-10 14:01 302592 ----a-w- c:windowssystem32wlansec.dll 2009-07-11 19:32 . 2009-09-10 14:01 293376 ----a-w- c:windowssystem32wlanmsm.dll 2009-07-11 19:29 . 2009-09-10 14:01 127488 ----a-w- c:windowssystem32L2SecHC.dll 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:program filesmozilla firefoxpluginslibdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:program filesmozilla firefoxpluginsssldivx.dll 2009-03-12 22:02 . 2009-03-12 22:02 0 --sha-w- c:windowsSystem32sys_drv.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun] "Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2008-01-21 1233920] "MsnMsgr"="c:program filesWindows LiveMessengermsnmsgr.exe" [2009-02-06 3885408] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe" [2007-12-13 1688872] "Skype"="c:program filesSkypePhoneSkype.exe" [2009-03-11 24095528] "ehTray.exe"="c:windowsehomeehTray.exe" [2008-01-21 125952] "SpywareTerminatorUpdate"="c:program filesSpyware TerminatorSpywareTerminatorUpdate.exe" [2009-09-12 3055616] [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun] "TPwrMain"="c:program filesTOSHIBAPower SaverTPwrMain.EXE" [2008-01-17 431456] "HSON"="c:program filesTOSHIBATBSHSON.exe" [2007-10-31 54608] "SmoothView"="c:program filesToshibaSmoothViewSmoothView.exe" [2008-01-25 509816] "00TCrdMain"="c:program filesTOSHIBAFlashCardsTCrdMain.exe" [2008-01-22 712704] "fssui"="c:program filesWindows LiveFamily Safetyfsui.exe" [2009-02-06 454000] "SunJavaUpdateSched"="c:program filesJavajre1.6.0_07binjusched.exe" [2008-06-10 144784] "SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-05-28 1029416] "FG_Monitor"="c:program filesFolder GuardFGKey.exe" [2009-03-24 132424] "SpywareTerminator"="c:program filesSpyware TerminatorSpywareTerminatorShield.exe" [2009-09-12 2171904] "egui"="c:program filesESETESET Smart Securityegui.exe" [2008-07-01 1447168] "RtHDVCpl"="RtHDVCpl.exe" - c:windowsRtHDVCpl.exe [2008-01-29 4911104] c:programdataMicrosoftWindowsStart MenuProgramsStartup Bluetooth Manager.lnk - c:program filesToshibaBluetooth Toshiba StackTosBtMng.exe [2008-1-25 2938184] [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows] "AppInit_DLLs"=c:progra~1GoogleGOOGLE~3GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager] BootExecute REG_MULTI_SZ PDBoot.exe�autocheck autochk * [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice] @="" [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice] @="" [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend] @="Service" [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-1034232064-2279216250-2363570500-1000] "EnableNotificationsRef"=dword:00000001 [HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules] "TCP Query User{28B057F1-274A-4A7B-B0D9-BE0DED0A23AD}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe "UDP Query User{3D70D057-D432-43F1-A6C6-112AD064E214}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe "TCP Query User{C20F3FFD-4A02-49F0-963C-14E5F0ACE68A}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe "UDP Query User{CD3B3FB0-A778-4CC7-8B4C-0B8F378F98B5}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe "TCP Query User{E5DA0683-C590-4B2F-A311-9965BE90B870}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe "UDP Query User{3C11572B-1A68-42C8-B8F2-A99FA6E3438B}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe "TCP Query User{AC5592F3-0FB8-4FF6-B0E0-B7A8B2385528}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe "UDP Query User{82BC3D69-8CCC-46B7-A6F6-C2A3137A4CD6}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe "TCP Query User{9F5B5053-8403-4E36-A88D-6FDFB0F6658D}c:\program files\windows live\messenger\msnmsgr.exe"= UDP:c:program fileswindows livemessengermsnmsgr.exe:Windows Live Messenger "UDP Query User{20340B07-01F9-47C2-A8C9-B5F59E8B0204}c:\program files\windows live\messenger\msnmsgr.exe"= TCP:c:program fileswindows livemessengermsnmsgr.exe:Windows Live Messenger "TCP Query User{663ECF2F-E4B9-42FD-BBB4-79465A48F42E}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe "UDP Query User{6C2B3F76-DEDC-45E5-AD88-3FCF9E190BC0}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe "TCP Query User{0B58CBAD-50B8-4DD5-BD84-A6F92C6438A6}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe "UDP Query User{E02E369C-E872-40F9-8D45-AFBB784934CC}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe "TCP Query User{CE615757-7147-46F7-AE5C-3C7501136283}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe "UDP Query User{D21996F4-4247-4CCD-9516-5D900FFC5E54}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe "TCP Query User{EA162715-4F11-4DD9-A55D-5837FC307196}c:\users\edo\appdata\local\temp\rarsfx1\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx1hl.exe:hl.exe "UDP Query User{C4963D4F-B749-4E08-91EA-7776BA89B410}c:\users\edo\appdata\local\temp\rarsfx1\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx1hl.exe:hl.exe "TCP Query User{944C3C81-D8F6-48CB-B0B2-27F458E171C7}c:\users\edo\appdata\local\temp\rarsfx5\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx5hl.exe:hl.exe "UDP Query User{EA49780C-21A4-4315-89F5-80D266759EE4}c:\users\edo\appdata\local\temp\rarsfx5\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx5hl.exe:hl.exe "TCP Query User{93622879-AFC2-4BA7-89B8-02AEC63B812D}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= UDP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary "UDP Query User{55402014-180B-4061-B771-444B4FBE0509}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= TCP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary "{8B499D1F-4728-40CB-B810-0252832C4FDB}"= c:program filesSkypePhoneSkype.exe:Skype "{9CDD1642-ACAC-476D-BC94-2368757C9046}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{CDFBB7D8-B624-4E29-8E0F-DE1CFDB45CA8}c:\users\edo\appdata\local\temp\rarsfx6\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx6hl.exe:hl.exe "UDP Query User{F0E0E2FB-B11C-4724-A183-C56B49756BB1}c:\users\edo\appdata\local\temp\rarsfx6\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx6hl.exe:hl.exe "TCP Query User{24C1338A-264C-46D4-8667-708D3C8C161B}c:\users\edo\appdata\local\temp\rarsfx7\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx7hl.exe:hl.exe "UDP Query User{37D1507E-1BCB-483A-85AA-92870A94C223}c:\users\edo\appdata\local\temp\rarsfx7\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx7hl.exe:hl.exe "{235C35FD-B8BC-42BB-AA3D-ECAE78E2DD09}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{A1CE5AF9-2586-45DC-BC1C-A8910486F81B}c:\users\edo\appdata\local\temp\rarsfx8\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx8hl.exe:hl.exe "UDP Query User{D2C4AD48-D8B9-4850-8FF6-743F6D49A8F0}c:\users\edo\appdata\local\temp\rarsfx8\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx8hl.exe:hl.exe "{59A35467-6E8E-4DFA-AF12-58669AB3764A}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{A31E95BB-3F98-484C-9B47-B4E1E4012BE3}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= UDP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary "UDP Query User{47E5EB56-541C-46C0-BBA3-8825914E829F}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= TCP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary "TCP Query User{1BC140AE-BBB1-4FC3-8523-9699554CABAA}c:\users\edo\appdata\local\temp\rarsfx9\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx9hl.exe:hl.exe "UDP Query User{9A44301F-146E-441F-8350-6AC9B9771209}c:\users\edo\appdata\local\temp\rarsfx9\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx9hl.exe:hl.exe "TCP Query User{1A03CF9C-B1BF-466D-A337-229C3EF1918A}c:\users\edo\appdata\local\temp\rarsfx10\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx10hl.exe:hl.exe "UDP Query User{C2B3964F-0567-40F1-8001-7917CFE3AF89}c:\users\edo\appdata\local\temp\rarsfx10\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx10hl.exe:hl.exe "TCP Query User{2F8F1FE1-64FE-4279-88EC-2BB06E3DD0B2}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe "UDP Query User{1A40830E-A351-4A8F-B852-3151708ADA5C}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe "{D5E25D5C-B387-40B2-93BA-61F07D8C69AD}"= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote "{25ED5032-C100-47F9-A768-7E857D25EFA1}"= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote "{FD65048E-0698-4411-BE49-FE4EAC1C65F8}"= c:program filesSkypePhoneSkype.exe:Skype "{C95C0DC8-4EBE-4DA4-B31C-BA0AF4540673}"= c:program filesSkypePhoneSkype.exe:Skype "{B29C8A7F-01A3-4AD6-AA7B-2ED5F338F084}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{232FA13C-584A-4B71-8732-AB4370B7962C}c:\users\edo\appdata\local\temp\rarsfx11\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx11hl.exe:hl.exe "UDP Query User{2A3EF8AD-0F5B-4452-9FC5-9648B543495F}c:\users\edo\appdata\local\temp\rarsfx11\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx11hl.exe:hl.exe "{69FDAF82-DCE2-4C5E-8DFB-F955267DAE13}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{A4CE1BEB-8D60-424C-B1E6-1318E5D5E1F7}c:\users\edo\appdata\local\temp\rarsfx12\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx12hl.exe:hl.exe "UDP Query User{76FD5A59-CD08-41CC-9E96-126ABD5A7F24}c:\users\edo\appdata\local\temp\rarsfx12\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx12hl.exe:hl.exe "TCP Query User{003C87E4-4BF7-4F80-AD58-99D504156F33}c:\users\edo\appdata\local\temp\rarsfx13\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx13hl.exe:hl.exe "UDP Query User{977A5291-0182-47B8-ABED-BF8D2E840C0B}c:\users\edo\appdata\local\temp\rarsfx13\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx13hl.exe:hl.exe "{21637CFE-3500-4073-A567-4F8768A0BC85}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{CD3E1D89-4801-483C-A583-0B77248E26BC}c:\users\edo\appdata\local\temp\rarsfx14\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx14hl.exe:hl.exe "UDP Query User{C9FC525B-3AD8-4BEA-8CEE-E39AF29F5A9C}c:\users\edo\appdata\local\temp\rarsfx14\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx14hl.exe:hl.exe "TCP Query User{92858762-80B0-49CF-A5ED-19D949366395}c:\users\edo\appdata\local\temp\rarsfx15\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx15hl.exe:hl.exe "UDP Query User{A32AD7DD-D4D5-4719-8EDD-9C6A74AA6A98}c:\users\edo\appdata\local\temp\rarsfx15\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx15hl.exe:hl.exe "TCP Query User{F269D279-1C24-47E2-A7AA-F15029E300AF}c:\users\edo\appdata\local\temp\rarsfx16\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx16hl.exe:hl.exe "UDP Query User{927BE17C-259B-401A-8F99-0D4D6C17080A}c:\users\edo\appdata\local\temp\rarsfx16\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx16hl.exe:hl.exe "TCP Query User{4F470ACE-0017-420A-9C1B-A28BA6231344}c:\users\edo\appdata\local\temp\rarsfx17\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx17hl.exe:hl.exe "UDP Query User{DECD8EAC-6CB2-4668-8096-FAB2F2A0E233}c:\users\edo\appdata\local\temp\rarsfx17\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx17hl.exe:hl.exe "TCP Query User{ED427565-DF4F-48CE-9AEC-B3ADDAF94A40}c:\users\edo\appdata\local\temp\rarsfx18\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx18hl.exe:hl.exe "UDP Query User{09F8B41B-A92D-4BA0-B496-DCC9B1074C12}c:\users\edo\appdata\local\temp\rarsfx18\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx18hl.exe:hl.exe "TCP Query User{7235B185-6445-4436-B6EB-2365158411AF}c:\users\edo\appdata\local\temp\rarsfx19\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx19hl.exe:hl.exe "UDP Query User{E0CBECCB-6F53-4B4D-B2B5-E053660818C6}c:\users\edo\appdata\local\temp\rarsfx19\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx19hl.exe:hl.exe "{C973744A-6F84-4CC4-80E0-C7A1F59FDA0D}"= c:program filesSkypePhoneSkype.exe:Skype "{C7FDB42C-AAA0-4616-935E-AB4BD108A11D}"= c:program filesSkypePhoneSkype.exe:Skype "{A2488F25-D0FD-42C9-AFBD-2BE922C5BE70}"= c:program filesSkypePhoneSkype.exe:Skype "{B256651C-F2C9-458E-AD73-64F1A1F62608}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{35092405-0AE0-42DD-B613-3F1C99394E1B}c:\program files\java\jdk1.6.0_07\bin\javaw.exe"= UDP:c:program filesjavajdk1.6.0_07binjavaw.exe:Java(TM) Platform SE binary "UDP Query User{A54B3AB9-869C-4298-94A0-9EB82CDB6B69}c:\program files\java\jdk1.6.0_07\bin\javaw.exe"= TCP:c:program filesjavajdk1.6.0_07binjavaw.exe:Java(TM) Platform SE binary "{478F7839-F330-4836-B879-C1006B4EFEA4}"= c:program filesSkypePhoneSkype.exe:Skype "{211D768E-25EF-4ADD-9D04-A39992BBFC58}"= c:program filesSkypePhoneSkype.exe:Skype "{8154691D-C587-409E-9652-740F9217EA44}"= c:program filesSkypePhoneSkype.exe:Skype "{26F5C53C-FBB1-4D4F-961D-01430B676475}"= c:program filesSkypePhoneSkype.exe:Skype "{A4511BF3-AE29-4D29-A618-6F2D7E402796}"= c:program filesSkypePhoneSkype.exe:Skype "{127B8290-D82A-46A9-A532-3A17DEB45126}"= c:program filesSkypePhoneSkype.exe:Skype "TCP Query User{C790ABD6-EE7C-4F66-9769-724294B84124}c:\program files\spyware terminator\spywareterminatorupdate.exe"= UDP:c:program filesspyware terminatorspywareterminatorupdate.exe:Crawler Spyware Terminator "UDP Query User{7F34D465-5515-4FBC-8284-5EE45CFC97C0}c:\program files\spyware terminator\spywareterminatorupdate.exe"= TCP:c:program filesspyware terminatorspywareterminatorupdate.exe:Crawler Spyware Terminator "{E847D5EF-F2C3-49D5-B0C9-032BA85482CA}"= c:program filesSkypePhoneSkype.exe:Skype [HKLM~servicessharedaccessparametersfirewallpolicyStandardProfile] "EnableFirewall"= 0 (0x0) R1 sp_rsdrv2;Spyware Terminator Driver 2;c:windowsSystem32driverssp_rsdrv2.sys [12/09/2009 18:10 142592] R2 aswMonFlt;aswMonFlt;c:windowsSystem32driversaswMonFlt.sys [10/09/2009 16:17 51792] R2 ConfigFree Service;ConfigFree Service;c:program filesToshibaConfigFreeCFSvcs.exe [25/12/2007 14:07 40960] R2 ekrn;Eset Service;c:program filesESETESET Smart Securityekrn.exe [21/12/2007 08:21 468224] R2 FGUARD32;FGUARD32;c:program filesFolder GuardFGUARD32.SYS [31/05/2009 13:49 54480] R2 fssfltr;FssFltr;c:windowsSystem32driversfssfltr.sys [11/02/2009 12:47 55264] R2 fsssvc;Windows Live Family Safety;c:program filesWindows LiveFamily Safetyfsssvc.exe [06/02/2009 19:08 533360] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filesToshibaSMARTLogServiceTosIPCSrv.exe [03/12/2007 18:03 126976] R3 FwLnk;FwLnk Driver;c:windowsSystem32driversFwLnk.sys [22/04/2008 18:57 7168] S2 gupdate1c9ed10d6f77110;Google Update Service (gupdate1c9ed10d6f77110);c:program filesGoogleUpdateGoogleUpdate.exe [14/06/2009 18:54 133104] S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [21/09/2008 23:33 356920] . Contents of the 'Scheduled Tasks' folder 2009-09-26 c:windowsTasksGoogleUpdateTaskMachineCore.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-06-14 16:54] 2009-09-26 c:windowsTasksGoogleUpdateTaskMachineUA.job - c:program filesGoogleUpdateGoogleUpdate.exe [2009-06-14 16:54] 2009-09-25 c:windowsTasksUser_Feed_Synchronization-{D1775555-3A0B-49F3-9B72-2829F4F92A07}.job - c:windowssystem32msfeedssync.exe [2008-01-21 02:24] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = local IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:progra~1MICROS~3Office12EXCEL.EXE/3000 IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:progra~1CrawlerToolbarctbr.dll FF - ProfilePath - c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.default FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Yahoo FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p= FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxcomm.dll FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxshared.dll FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxsupport.dll FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxwsg.dll FF - component: c:program filesMozilla Firefoxextensions{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}componentsDealioToolbarFF.dll FF - component: c:program filesMozilla Firefoxextensionssearch@searchsettings.comcomponentsSearchSettingsFF.dll FF - component: c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.defaultextensionspiclens@cooliris.comcomponentscoolirisstub.dll FF - plugin: c:program filesGooglePicasa3npPicasa3.dll FF - plugin: c:program filesGoogleUpdate1.2.183.7npGoogleOneClick8.dll FF - plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll FF - plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll FF - plugin: c:program filesMicrosoftOffice LivenpOLW.dll FF - plugin: c:program filesWindows LivePhoto GalleryNPWLPG.dll FF - plugin: c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.defaultextensionspiclens@cooliris.compluginsnpcoolirisplugin.dll FF - plugin: c:usersEDOAppDataRoamingMozillapluginsnpcoolirisplugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:program filesDealio ToolbarDealioToolbarIE.dll Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) AddRemove-FolderLock6 - c:program filesFolder LockUninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-26 14:51 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:windowsTEMPTMP000000735D59CA9AAE105949 524288 bytes ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}�000AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}�001AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}�002AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2009-09-26 14:53 ComboFix-quarantined-files.txt 2009-09-26 12:53 Pre-Run: 45,820,129,280 bytes free Post-Run: 45,759,922,176 bytes free 334 --- E O F --- 2009-09-24 14:47 _________________________________________________________________ Drag n� drop�Get easy photo sharing with Windows Live� Photos. http://www.microsoft.com/windows/windowslive/products/photos.aspx --_cb030b77-0a73-4781-aee9-956d907f61d0_ Content-Type: text/html; charset="Windows-1252" Content-Transfer-Encoding: quoted-printable <html> <head> <style><!-- .hmmessage P { margin:0px; padding:0px } body.hmmessage { font-size: 10pt; font-family:Verdana } --></style> </head> <body class='hmmessage'> <br><br>> To: [email protected]<br>> Subject: Re: pojava foldera na desktopu prilikom paljenja wireles-a [elitesecurity.pracenje.teme]<br>> From: [email protected]<br>> Date: Sun, 27 Sep 2009 01:50:33 +0200<br>> <br>> Combofix log nije ceo,nadji ga na C particiji i prikaci ga uz poruku<br>> <br>> --<br>> http://www.elitesecurity.org/p2398298<br>> <br>> Prijave/odjave: http://www.elitesecurity.org/pracenje#376423<br>> <br>> Ne menjajte sledece dve linije ukoliko odgovarate putem emaila!<br>> esauth:376423:a26bff6da4f30d9daa2462b109ffb24c<br>> Odgovor pisite *iskljucivo* ispod ove linije:<br><br>ComboFix 09-09-25.01 - EDO 26/09/2009 14:44.1.2 - NTFSx86<br>Microsoft� Windows Vista� Home Premium 6.0.6001.1.1250.381.1033.18.2037.979 [GMT 2:00]<br>Running from: c:usersEDODesktopComboFix.exe<br>AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}<br>FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}<br>SP: avast! antivirus 4.8.1229 [VPS 090202-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}<br>SP: ESET Smart Security 3.0 *disabled* (Updated) {E5E70D32-0101-4B98-A4D6-D1D15C3BB448}<br>SP: Spyware Terminator *enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}<br>SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}<br> * Created a new restore point<br>.<br><br>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))<br>.<br><br>c:program filesDealio Toolbar<br>c:program filesDealio Toolbarconfig.ini<br>c:program filesDealio ToolbarDealioToolbarIE.dll<br>c:program filesDealio ToolbarResamazon.gif<br>c:program filesDealio ToolbarResapple.gif<br>c:program filesDealio ToolbarResbarnes.gif<br>c:program filesDealio ToolbarResbestbuy.gif<br>c:program filesDealio ToolbarResdealio_logo.gif<br>c:program filesDealio ToolbarResdealio_logo_hover.gif<br>c:program filesDealio ToolbarResebay.gif<br>c:program filesDealio ToolbarResicon_settings.gif<br>c:program filesDealio ToolbarResmacys.gif<br>c:program filesDealio ToolbarResnewegg.gif<br>c:program filesDealio ToolbarResoverstock.gif<br>c:program filesDealio ToolbarRessearch-button-hover.gif<br>c:program filesDealio ToolbarRessearch-button.gif<br>c:program filesDealio ToolbarRessearch-chevron-hover.gif<br>c:program filesDealio ToolbarRessearch-chevron.gif<br>c:program filesDealio ToolbarRessearch_amazon.gif<br>c:program filesDealio ToolbarRessearch_dealio.gif<br>c:program filesDealio ToolbarRessearch_ebay.gif<br>c:program filesDealio ToolbarRessearch_yahoo.gif<br>c:program filesDealio ToolbarResseparator.gif<br>c:program filesDealio ToolbarRestarget.gif<br>c:program filesDealio ToolbarReswalmart.gif<br>c:program filesDealio ToolbarReswidgets.xml<br>c:program filesDealio ToolbarSearchSettings.exe<br>c:program filesDealio ToolbarSearchSettingsRes409.dll<br>c:program filesDealio Toolbarsscfg.ini<br>c:program filesDealio ToolbarWidgiHelper.exe<br>c:usersEDOAppDataRoaming.#<br>c:windowsInstaller4a9b63.msi<br>c:windowsInstaller8b18e5.msi<br>c:windowsInstallerWMEncoder.msi<br>c:windowssystemMSW.DLL<br>c:windowssystem32NTSVc.ocx<br><br>.<br>((((((((((((((((((((((((( Files Created from 2009-08-26 to 2009-09-26 )))))))))))))))))))))))))))))))<br>.<br><br>2009-09-26 12:51 . 2009-09-26 12:51 -------- d-----w- c:usersDefaultAppDataLocaltemp<br>2009-09-25 15:04 . 2009-09-25 15:12 -------- d-----w- c:program filesWirelessMon<br>2009-09-23 21:15 . 2009-09-23 21:15 -------- d-----w- c:program filesESET<br>2009-09-21 16:17 . 2009-09-21 16:56 -------- d-----w- C:$AVG8.VAULT$<br>2009-09-21 13:21 . 2009-09-23 21:10 -------- d-----w- c:programdataavg8<br>2009-09-13 11:32 . 2009-09-26 11:02 -------- d-----w- c:program filesWinClamAVShield<br>2009-09-12 16:11 . 2009-09-12 16:11 -------- d-----w- c:program filesCrawler<br>2009-09-12 16:10 . 2009-09-12 16:10 142592 ----a-w- c:windowssystem32driverssp_rsdrv2.sys<br>2009-09-12 16:10 . 2009-09-26 12:39 -------- d-----w- c:usersEDOAppDataRoamingSpyware Terminator<br>2009-09-12 16:10 . 2009-09-25 13:47 -------- d-----w- c:programdataSpyware Terminator<br>2009-09-12 16:10 . 2009-09-23 21:22 -------- d-----w- c:program filesSpyware Terminator<br>2009-09-10 15:06 . 2009-06-15 15:24 175104 ----a-w- c:windowssystem32wdigest.dll<br>2009-09-10 15:06 . 2009-06-15 15:24 270848 ----a-w- c:windowssystem32schannel.dll<br>2009-09-10 15:06 . 2009-06-15 15:23 1256448 ----a-w- c:windowssystem32lsasrv.dll<br>2009-09-10 15:06 . 2009-06-15 15:22 213504 ----a-w- c:windowssystem32msv1_0.dll<br>2009-09-10 15:06 . 2009-06-15 15:21 499712 ----a-w- c:windowssystem32kerberos.dll<br>2009-09-10 15:06 . 2009-06-15 18:20 439896 ----a-w- c:windowssystem32driversksecdd.sys<br>2009-09-10 15:06 . 2009-06-15 15:24 72704 ----a-w- c:windowssystem32secur32.dll<br>2009-09-10 15:06 . 2009-06-15 12:57 9728 ----a-w- c:windowssystem32lsass.exe<br>2009-09-10 14:17 . 2009-02-05 20:06 51792 ----a-w- c:windowssystem32driversaswMonFlt.sys<br>2009-09-10 14:00 . 2009-08-28 12:39 28672 ----a-w- c:windowssystem32Apphlpdm.dll<br>2009-09-10 14:00 . 2009-08-28 10:15 4240384 ----a-w- c:windowssystem32GameUXLegacyGDFs.dll<br>2009-08-27 15:46 . 2009-06-22 10:22 2048 ----a-w- c:windowssystem32tzres.dll<br><br>.<br>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))<br>.<br>2009-09-26 12:51 . 2009-03-29 21:14 -------- d-----w- c:usersEDOAppDataRoamingSkype<br>2009-09-25 13:42 . 2008-09-17 16:30 -------- d-----w- c:usersEDOAppDataRoamingToshiba<br>2009-09-24 14:49 . 2008-10-09 19:04 -------- d-----w- c:program fileseclipse<br>2009-09-23 21:24 . 2008-09-23 13:16 -------- d-----w- c:program filesCCleaner<br>2009-09-14 21:12 . 2008-09-21 21:54 -------- d-----w- c:program filesAskTBar<br>2009-09-13 12:10 . 2008-04-22 17:12 -------- d-----w- c:program filesCommon FilesAdobe<br>2009-09-12 16:33 . 2008-09-17 14:38 114400 ----a-w- c:usersEDOAppDataLocalGDIPFONTCACHEV1.DAT<br>2009-09-10 15:19 . 2009-04-06 21:08 680 ----a-w- c:usersEDOAppDataLocald3d9caps.dat<br>2009-09-10 15:09 . 2008-04-23 06:35 -------- d-----w- c:programdataMicrosoft Help<br>2009-09-10 14:55 . 2006-11-02 11:18 -------- d-----w- c:program filesWindows Mail<br>2009-09-10 14:55 . 2009-02-21 22:26 -------- d-----w- c:program filesMicrosoft Silverlight<br>2009-08-21 14:04 . 2009-05-31 11:52 -------- d-----w- c:usersEDOAppDataRoamingFolder Guard<br>2009-08-21 14:04 . 2009-05-31 11:49 -------- d-----w- c:program filesFolder Guard<br>2009-08-14 17:07 . 2009-09-10 14:01 897608 ----a-w- c:windowssystem32driverstcpip.sys<br>2009-08-14 16:29 . 2009-09-10 14:01 104960 ----a-w- c:windowssystem32netiohlp.dll<br>2009-08-14 16:29 . 2009-09-10 14:01 17920 ----a-w- c:windowssystem32netevent.dll<br>2009-08-14 14:16 . 2009-09-10 14:01 9728 ----a-w- c:windowssystem32TCPSVCS.EXE<br>2009-08-14 14:16 . 2009-09-10 14:01 17920 ----a-w- c:windowssystem32ROUTE.EXE<br>2009-08-14 14:16 . 2009-09-10 14:01 11264 ----a-w- c:windowssystem32MRINFO.EXE<br>2009-08-14 14:16 . 2009-09-10 14:01 27136 ----a-w- c:windowssystem32NETSTAT.EXE<br>2009-08-14 14:16 . 2009-09-10 14:01 19968 ----a-w- c:windowssystem32ARP.EXE<br>2009-08-14 14:16 . 2009-09-10 14:01 8704 ----a-w- c:windowssystem32HOSTNAME.EXE<br>2009-08-14 14:16 . 2009-09-10 14:01 10240 ----a-w- c:windowssystem32finger.exe<br>2009-07-18 16:06 . 2009-07-30 17:08 827904 ----a-w- c:windowssystem32wininet.dll<br>2009-07-18 16:01 . 2009-07-30 17:08 78336 ----a-w- c:windowssystem32ieencode.dll<br>2009-07-18 09:46 . 2009-07-30 17:08 26624 ----a-w- c:windowssystem32ieUnatt.exe<br>2009-07-17 14:35 . 2009-08-13 12:55 71680 ----a-w- c:windowssystem32atl.dll<br>2009-07-14 13:00 . 2009-08-13 12:54 313344 ----a-w- c:windowssystem32wmpdxm.dll<br>2009-07-14 12:59 . 2009-08-13 12:54 4096 ----a-w- c:windowssystem32dxmasf.dll<br>2009-07-14 12:58 . 2009-08-13 12:54 7680 ----a-w- c:windowssystem32spwmp.dll<br>2009-07-14 10:59 . 2009-08-13 12:54 8147456 ----a-w- c:windowssystem32wmploc.DLL<br>2009-07-11 19:32 . 2009-09-10 14:01 513024 ----a-w- c:windowssystem32wlansvc.dll<br>2009-07-11 19:32 . 2009-09-10 14:01 302592 ----a-w- c:windowssystem32wlansec.dll<br>2009-07-11 19:32 . 2009-09-10 14:01 293376 ----a-w- c:windowssystem32wlanmsm.dll<br>2009-07-11 19:29 . 2009-09-10 14:01 127488 ----a-w- c:windowssystem32L2SecHC.dll<br>2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:program filesmozilla firefoxpluginslibdivx.dll<br>2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:program filesmozilla firefoxpluginsssldivx.dll<br>2009-03-12 22:02 . 2009-03-12 22:02 0 --sha-w- c:windowsSystem32sys_drv.dat<br>.<br><br>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))<br>.<br>.<br>*Note* empty entries & legit default entries are not shown <br>REGEDIT4<br><br>[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]<br>"Sidebar"="c:program filesWindows Sidebarsidebar.exe" [2008-01-21 1233920]<br>"MsnMsgr"="c:program filesWindows LiveMessengermsnmsgr.exe" [2009-02-06 3885408]<br>"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:program filesCommon FilesNeroLibNMIndexStoreSvr.exe" [2007-12-13 1688872]<br>"Skype"="c:program filesSkypePhoneSkype.exe" [2009-03-11 24095528]<br>"ehTray.exe"="c:windowsehomeehTray.exe" [2008-01-21 125952]<br>"SpywareTerminatorUpdate"="c:program filesSpyware TerminatorSpywareTerminatorUpdate.exe" [2009-09-12 3055616]<br><br>[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]<br>"TPwrMain"="c:program filesTOSHIBAPower SaverTPwrMain.EXE" [2008-01-17 431456]<br>"HSON"="c:program filesTOSHIBATBSHSON.exe" [2007-10-31 54608]<br>"SmoothView"="c:program filesToshibaSmoothViewSmoothView.exe" [2008-01-25 509816]<br>"00TCrdMain"="c:program filesTOSHIBAFlashCardsTCrdMain.exe" [2008-01-22 712704]<br>"fssui"="c:program filesWindows LiveFamily Safetyfsui.exe" [2009-02-06 454000]<br>"SunJavaUpdateSched"="c:program filesJavajre1.6.0_07binjusched.exe" [2008-06-10 144784]<br>"SynTPEnh"="c:program filesSynapticsSynTPSynTPEnh.exe" [2008-05-28 1029416]<br>"FG_Monitor"="c:program filesFolder GuardFGKey.exe" [2009-03-24 132424]<br>"SpywareTerminator"="c:program filesSpyware TerminatorSpywareTerminatorShield.exe" [2009-09-12 2171904]<br>"egui"="c:program filesESETESET Smart Securityegui.exe" [2008-07-01 1447168]<br>"RtHDVCpl"="RtHDVCpl.exe" - c:windowsRtHDVCpl.exe [2008-01-29 4911104]<br><br>c:programdataMicrosoftWindowsStart MenuProgramsStartup<br>Bluetooth Manager.lnk - c:program filesToshibaBluetooth Toshiba StackTosBtMng.exe [2008-1-25 2938184]<br><br>[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionpoliciessystem]<br>"EnableLUA"= 0 (0x0)<br>"EnableUIADesktopToggle"= 0 (0x0)<br><br>[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwindows]<br>"AppInit_DLLs"=c:progra~1GoogleGOOGLE~3GoogleDesktopNetwork3.dll<br><br>[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]<br>"aux"=wdmaud.drv<br><br>[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]<br>BootExecute REG_MULTI_SZ PDBoot.exe�autocheck autochk *<br><br>[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdauxservice]<br>@=""<br><br>[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalsdcoreservice]<br>@=""<br><br>[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]<br>@="Service"<br><br>[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringMcAfeeAntiSpyware]<br>"DisableMonitoring"=dword:00000001<br><br>[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerSvcS-1-5-21-1034232064-2279216250-2363570500-1000]<br>"EnableNotificationsRef"=dword:00000001<br><br>[HKLM~servicessharedaccessparametersfirewallpolicyFirewallRules]<br>"TCP Query User{28B057F1-274A-4A7B-B0D9-BE0DED0A23AD}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe<br>"UDP Query User{3D70D057-D432-43F1-A6C6-112AD064E214}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe<br>"TCP Query User{C20F3FFD-4A02-49F0-963C-14E5F0ACE68A}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe<br>"UDP Query User{CD3B3FB0-A778-4CC7-8B4C-0B8F378F98B5}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe<br>"TCP Query User{E5DA0683-C590-4B2F-A311-9965BE90B870}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe<br>"UDP Query User{3C11572B-1A68-42C8-B8F2-A99FA6E3438B}c:\users\edo\appdata\local\temp\rarsfx3\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx3hl.exe:hl.exe<br>"TCP Query User{AC5592F3-0FB8-4FF6-B0E0-B7A8B2385528}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe<br>"UDP Query User{82BC3D69-8CCC-46B7-A6F6-C2A3137A4CD6}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe<br>"TCP Query User{9F5B5053-8403-4E36-A88D-6FDFB0F6658D}c:\program files\windows live\messenger\msnmsgr.exe"= UDP:c:program fileswindows livemessengermsnmsgr.exe:Windows Live Messenger<br>"UDP Query User{20340B07-01F9-47C2-A8C9-B5F59E8B0204}c:\program files\windows live\messenger\msnmsgr.exe"= TCP:c:program fileswindows livemessengermsnmsgr.exe:Windows Live Messenger<br>"TCP Query User{663ECF2F-E4B9-42FD-BBB4-79465A48F42E}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe<br>"UDP Query User{6C2B3F76-DEDC-45E5-AD88-3FCF9E190BC0}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe<br>"TCP Query User{0B58CBAD-50B8-4DD5-BD84-A6F92C6438A6}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe<br>"UDP Query User{E02E369C-E872-40F9-8D45-AFBB784934CC}c:\users\edo\appdata\local\temp\rarsfx2\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx2hl.exe:hl.exe<br>"TCP Query User{CE615757-7147-46F7-AE5C-3C7501136283}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe<br>"UDP Query User{D21996F4-4247-4CCD-9516-5D900FFC5E54}c:\users\edo\appdata\local\temp\rarsfx4\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx4hl.exe:hl.exe<br>"TCP Query User{EA162715-4F11-4DD9-A55D-5837FC307196}c:\users\edo\appdata\local\temp\rarsfx1\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx1hl.exe:hl.exe<br>"UDP Query User{C4963D4F-B749-4E08-91EA-7776BA89B410}c:\users\edo\appdata\local\temp\rarsfx1\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx1hl.exe:hl.exe<br>"TCP Query User{944C3C81-D8F6-48CB-B0B2-27F458E171C7}c:\users\edo\appdata\local\temp\rarsfx5\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx5hl.exe:hl.exe<br>"UDP Query User{EA49780C-21A4-4315-89F5-80D266759EE4}c:\users\edo\appdata\local\temp\rarsfx5\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx5hl.exe:hl.exe<br>"TCP Query User{93622879-AFC2-4BA7-89B8-02AEC63B812D}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= UDP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary<br>"UDP Query User{55402014-180B-4061-B771-444B4FBE0509}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= TCP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary<br>"{8B499D1F-4728-40CB-B810-0252832C4FDB}"= c:program filesSkypePhoneSkype.exe:Skype<br>"{9CDD1642-ACAC-476D-BC94-2368757C9046}"= c:program filesSkypePhoneSkype.exe:Skype<br>"TCP Query User{CDFBB7D8-B624-4E29-8E0F-DE1CFDB45CA8}c:\users\edo\appdata\local\temp\rarsfx6\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx6hl.exe:hl.exe<br>"UDP Query User{F0E0E2FB-B11C-4724-A183-C56B49756BB1}c:\users\edo\appdata\local\temp\rarsfx6\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx6hl.exe:hl.exe<br>"TCP Query User{24C1338A-264C-46D4-8667-708D3C8C161B}c:\users\edo\appdata\local\temp\rarsfx7\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx7hl.exe:hl.exe<br>"UDP Query User{37D1507E-1BCB-483A-85AA-92870A94C223}c:\users\edo\appdata\local\temp\rarsfx7\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx7hl.exe:hl.exe<br>"{235C35FD-B8BC-42BB-AA3D-ECAE78E2DD09}"= c:program filesSkypePhoneSkype.exe:Skype<br>"TCP Query User{A1CE5AF9-2586-45DC-BC1C-A8910486F81B}c:\users\edo\appdata\local\temp\rarsfx8\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx8hl.exe:hl.exe<br>"UDP Query User{D2C4AD48-D8B9-4850-8FF6-743F6D49A8F0}c:\users\edo\appdata\local\temp\rarsfx8\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx8hl.exe:hl.exe<br>"{59A35467-6E8E-4DFA-AF12-58669AB3764A}"= c:program filesSkypePhoneSkype.exe:Skype<br>"TCP Query User{A31E95BB-3F98-484C-9B47-B4E1E4012BE3}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= UDP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary<br>"UDP Query User{47E5EB56-541C-46C0-BBA3-8825914E829F}c:\program files\java\jdk1.6.0_07\jre\bin\java.exe"= TCP:c:program filesjavajdk1.6.0_07jrebinjava.exe:Java(TM) Platform SE binary<br>"TCP Query User{1BC140AE-BBB1-4FC3-8523-9699554CABAA}c:\users\edo\appdata\local\temp\rarsfx9\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx9hl.exe:hl.exe<br>"UDP Query User{9A44301F-146E-441F-8350-6AC9B9771209}c:\users\edo\appdata\local\temp\rarsfx9\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx9hl.exe:hl.exe<br>"TCP Query User{1A03CF9C-B1BF-466D-A337-229C3EF1918A}c:\users\edo\appdata\local\temp\rarsfx10\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx10hl.exe:hl.exe<br>"UDP Query User{C2B3964F-0567-40F1-8001-7917CFE3AF89}c:\users\edo\appdata\local\temp\rarsfx10\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx10hl.exe:hl.exe<br>"TCP Query User{2F8F1FE1-64FE-4279-88EC-2BB06E3DD0B2}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe<br>"UDP Query User{1A40830E-A351-4A8F-B852-3151708ADA5C}c:\users\edo\appdata\local\temp\rarsfx0\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx0hl.exe:hl.exe<br>"{D5E25D5C-B387-40B2-93BA-61F07D8C69AD}"= UDP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote<br>"{25ED5032-C100-47F9-A768-7E857D25EFA1}"= TCP:c:program filesMicrosoft OfficeOffice12ONENOTE.EXE:Microsoft Office OneNote<br>"{FD65048E-0698-4411-BE49-FE4EAC1C65F8}"= c:program filesSkypePhoneSkype.exe:Skype<br>"{C95C0DC8-4EBE-4DA4-B31C-BA0AF4540673}"= c:program filesSkypePhoneSkype.exe:Skype<br>"{B29C8A7F-01A3-4AD6-AA7B-2ED5F338F084}"= c:program filesSkypePhoneSkype.exe:Skype<br>"TCP Query User{232FA13C-584A-4B71-8732-AB4370B7962C}c:\users\edo\appdata\local\temp\rarsfx11\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx11hl.exe:hl.exe<br>"UDP Query User{2A3EF8AD-0F5B-4452-9FC5-9648B543495F}c:\users\edo\appdata\local\temp\rarsfx11\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx11hl.exe:hl.exe<br>"{69FDAF82-DCE2-4C5E-8DFB-F955267DAE13}"= c:program filesSkypePhoneSkype.exe:Skype<br>"TCP Query User{A4CE1BEB-8D60-424C-B1E6-1318E5D5E1F7}c:\users\edo\appdata\local\temp\rarsfx12\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx12hl.exe:hl.exe<br>"UDP Query User{76FD5A59-CD08-41CC-9E96-126ABD5A7F24}c:\users\edo\appdata\local\temp\rarsfx12\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx12hl.exe:hl.exe<br>"TCP Query User{003C87E4-4BF7-4F80-AD58-99D504156F33}c:\users\edo\appdata\local\temp\rarsfx13\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx13hl.exe:hl.exe<br>"UDP Query User{977A5291-0182-47B8-ABED-BF8D2E840C0B}c:\users\edo\appdata\local\temp\rarsfx13\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx13hl.exe:hl.exe<br>"{21637CFE-3500-4073-A567-4F8768A0BC85}"= c:program filesSkypePhoneSkype.exe:Skype<br>"TCP Query User{CD3E1D89-4801-483C-A583-0B77248E26BC}c:\users\edo\appdata\local\temp\rarsfx14\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx14hl.exe:hl.exe<br>"UDP Query User{C9FC525B-3AD8-4BEA-8CEE-E39AF29F5A9C}c:\users\edo\appdata\local\temp\rarsfx14\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx14hl.exe:hl.exe<br>"TCP Query User{92858762-80B0-49CF-A5ED-19D949366395}c:\users\edo\appdata\local\temp\rarsfx15\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx15hl.exe:hl.exe<br>"UDP Query User{A32AD7DD-D4D5-4719-8EDD-9C6A74AA6A98}c:\users\edo\appdata\local\temp\rarsfx15\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx15hl.exe:hl.exe<br>"TCP Query User{F269D279-1C24-47E2-A7AA-F15029E300AF}c:\users\edo\appdata\local\temp\rarsfx16\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx16hl.exe:hl.exe<br>"UDP Query User{927BE17C-259B-401A-8F99-0D4D6C17080A}c:\users\edo\appdata\local\temp\rarsfx16\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx16hl.exe:hl.exe<br>"TCP Query User{4F470ACE-0017-420A-9C1B-A28BA6231344}c:\users\edo\appdata\local\temp\rarsfx17\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx17hl.exe:hl.exe<br>"UDP Query User{DECD8EAC-6CB2-4668-8096-FAB2F2A0E233}c:\users\edo\appdata\local\temp\rarsfx17\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx17hl.exe:hl.exe<br>"TCP Query User{ED427565-DF4F-48CE-9AEC-B3ADDAF94A40}c:\users\edo\appdata\local\temp\rarsfx18\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx18hl.exe:hl.exe<br>"UDP Query User{09F8B41B-A92D-4BA0-B496-DCC9B1074C12}c:\users\edo\appdata\local\temp\rarsfx18\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx18hl.exe:hl.exe<br>"TCP Query User{7235B185-6445-4436-B6EB-2365158411AF}c:\users\edo\appdata\local\temp\rarsfx19\hl.exe"= UDP:c:usersedoappdatalocaltemprarsfx19hl.exe:hl.exe<br>"UDP Query User{E0CBECCB-6F53-4B4D-B2B5-E053660818C6}c:\users\edo\appdata\local\temp\rarsfx19\hl.exe"= TCP:c:usersedoappdatalocaltemprarsfx19hl.exe:hl.exe<br>"{C973744A-6F84-4CC4-80E0-C7A1F59FDA0D}"= c:program filesSkypePhoneSkype.exe:Skype<br>"{C7FDB42C-AAA0-4616-935E-AB4BD108A11D}"= c:program filesSkypePhoneSkype.exe:Skype<br>"{A2488F25-D0FD-42C9-AFBD-2BE922C5BE70}"= c:program filesSkypePhoneSkype.exe:Skype<br>"{B256651C-F2C9-458E-AD73-64F1A1F62608}"= c:program filesSkypePhoneSkype.exe:Skype<br>"TCP Query User{35092405-0AE0-42DD-B613-3F1C99394E1B}c:\program files\java\jdk1.6.0_07\bin\javaw.exe"= UDP:c:program filesjavajdk1.6.0_07binjavaw.exe:Java(TM) Platform SE binary<br>"UDP Query User{A54B3AB9-869C-4298-94A0-9EB82CDB6B69}c:\program files\java\jdk1.6.0_07\bin\javaw.exe"= TCP:c:program filesjavajdk1.6.0_07binjavaw.exe:Java(TM) Platform SE binary<br>"{478F7839-F330-4836-B879-C1006B4EFEA4}"= c:program filesSkypePhoneSkype.exe:Skype<br>"{211D768E-25EF-4ADD-9D04-A39992BBFC58}"= c:program filesSkypePhoneSkype.exe:Skype<br>"{8154691D-C587-409E-9652-740F9217EA44}"= c:program filesSkypePhoneSkype.exe:Skype<br>"{26F5C53C-FBB1-4D4F-961D-01430B676475}"= c:program filesSkypePhoneSkype.exe:Skype<br>"{A4511BF3-AE29-4D29-A618-6F2D7E402796}"= c:program filesSkypePhoneSkype.exe:Skype<br>"{127B8290-D82A-46A9-A532-3A17DEB45126}"= c:program filesSkypePhoneSkype.exe:Skype<br>"TCP Query User{C790ABD6-EE7C-4F66-9769-724294B84124}c:\program files\spyware terminator\spywareterminatorupdate.exe"= UDP:c:program filesspyware terminatorspywareterminatorupdate.exe:Crawler Spyware Terminator<br>"UDP Query User{7F34D465-5515-4FBC-8284-5EE45CFC97C0}c:\program files\spyware terminator\spywareterminatorupdate.exe"= TCP:c:program filesspyware terminatorspywareterminatorupdate.exe:Crawler Spyware Terminator<br>"{E847D5EF-F2C3-49D5-B0C9-032BA85482CA}"= c:program filesSkypePhoneSkype.exe:Skype<br><br>[HKLM~servicessharedaccessparametersfirewallpolicyStandardProfile]<br>"EnableFirewall"= 0 (0x0)<br><br>R1 sp_rsdrv2;Spyware Terminator Driver 2;c:windowsSystem32driverssp_rsdrv2.sys [12/09/2009 18:10 142592]<br>R2 aswMonFlt;aswMonFlt;c:windowsSystem32driversaswMonFlt.sys [10/09/2009 16:17 51792]<br>R2 ConfigFree Service;ConfigFree Service;c:program filesToshibaConfigFreeCFSvcs.exe [25/12/2007 14:07 40960]<br>R2 ekrn;Eset Service;c:program filesESETESET Smart Securityekrn.exe [21/12/2007 08:21 468224]<br>R2 FGUARD32;FGUARD32;c:program filesFolder GuardFGUARD32.SYS [31/05/2009 13:49 54480]<br>R2 fssfltr;FssFltr;c:windowsSystem32driversfssfltr.sys [11/02/2009 12:47 55264]<br>R2 fsssvc;Windows Live Family Safety;c:program filesWindows LiveFamily Safetyfsssvc.exe [06/02/2009 19:08 533360]<br>R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:program filesToshibaSMARTLogServiceTosIPCSrv.exe [03/12/2007 18:03 126976]<br>R3 FwLnk;FwLnk Driver;c:windowsSystem32driversFwLnk.sys [22/04/2008 18:57 7168]<br>S2 gupdate1c9ed10d6f77110;Google Update Service (gupdate1c9ed10d6f77110);c:program filesGoogleUpdateGoogleUpdate.exe [14/06/2009 18:54 133104]<br>S3 sdAuxService;PC Tools Auxiliary Service;c:program filesSpyware DoctorpctsAuxs.exe [21/09/2008 23:33 356920]<br>.<br>Contents of the 'Scheduled Tasks' folder<br><br>2009-09-26 c:windowsTasksGoogleUpdateTaskMachineCore.job<br>- c:program filesGoogleUpdateGoogleUpdate.exe [2009-06-14 16:54]<br><br>2009-09-26 c:windowsTasksGoogleUpdateTaskMachineUA.job<br>- c:program filesGoogleUpdateGoogleUpdate.exe [2009-06-14 16:54]<br><br>2009-09-25 c:windowsTasksUser_Feed_Synchronization-{D1775555-3A0B-49F3-9B72-2829F4F92A07}.job<br>- c:windowssystem32msfeedssync.exe [2008-01-21 02:24]<br>.<br>.<br>------- Supplementary Scan -------<br>.<br>uInternet Settings,ProxyOverride = local<br>IE: Add to Google Photos Screensa&ver - c:windowssystem32GPhotos.scr/200<br>IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx<br>IE: Crawler Search - tbr:iemenu<br>IE: E&xport to Microsoft Excel - c:progra~1MICROS~3Office12EXCEL.EXE/3000<br>IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/...557-9400-3/4<br>Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:progra~1CrawlerToolbarctbr.dll<br>FF - ProfilePath - c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.default<br>FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=<br>FF - prefs.js: browser.search.selectedEngine - Yahoo<br>FF - prefs.js: browser.startup.homepage - www.google.com<br>FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p=<br>FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxcomm.dll<br>FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxshared.dll<br>FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxsupport.dll<br>FF - component: c:program filesCrawlerToolbarfirefoxcomponentsxwsg.dll<br>FF - component: c:program filesMozilla Firefoxextensions{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}componentsDealioToolbarFF.dll<br>FF - component: c:program filesMozilla Firefoxextensionssearch@searchsettings.comcomponentsSearchSettingsFF.dll<br>FF - component: c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.defaultextensionspiclens@cooliris.comcomponentscoolirisstub.dll<br>FF - plugin: c:program filesGooglePicasa3npPicasa3.dll<br>FF - plugin: c:program filesGoogleUpdate1.2.183.7npGoogleOneClick8.dll<br>FF - plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnppl3260.dll<br>FF - plugin: c:program filesK-Lite Codec PackRealbrowserpluginsnprpjplug.dll<br>FF - plugin: c:program filesMicrosoftOffice LivenpOLW.dll<br>FF - plugin: c:program filesWindows LivePhoto GalleryNPWLPG.dll<br>FF - plugin: c:usersEDOAppDataRoamingMozillaFirefoxProfilesq7tiq1oh.defaultextensionspiclens@cooliris.compluginsnpcoolirisplugin.dll<br>FF - plugin: c:usersEDOAppDataRoamingMozillapluginsnpcoolirisplugin.dll<br>FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:windowsMicrosoft.NETFrameworkv3.5Windows Presentation FoundationDotNetAssistantExtension<br>.<br>- - - - ORPHANS REMOVED - - - -<br><br>BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:program filesDealio ToolbarDealioToolbarIE.dll<br>Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)<br>WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)<br>AddRemove-FolderLock6 - c:program filesFolder LockUninstall.exe<br><br><br><br>**************************************************************************<br><br>catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net<br>Rootkit scan 2009-09-26 14:51<br>Windows 6.0.6001 Service Pack 1 NTFS<br><br>scanning hidden processes ... <br><br>scanning hidden autostart entries ... <br><br>scanning hidden files ... <br><br><br>c:windowsTEMPTMP000000735D59CA9AAE105949 524288 bytes<br><br><br>**************************************************************************<br>.<br>--------------------- LOCKED REGISTRY KEYS ---------------------<br><br>[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}�000AllUserSettings]<br>@Denied: (A) (Users)<br>@Denied: (A) (Everyone)<br>@Allowed: (B 1 2 3 4 5) (S-1-5-20)<br>"BlindDial"=dword:00000000<br>"MSCurrentCountry"=dword:000000b5<br><br>[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}�001AllUserSettings]<br>@Denied: (A) (Users)<br>@Denied: (A) (Everyone)<br>@Allowed: (B 1 2 3 4 5) (S-1-5-20)<br>"BlindDial"=dword:00000000<br><br>[HKEY_LOCAL_MACHINESYSTEMControlSet001ControlClass{4D36E96D-E325-11CE-BFC1-08002BE10318}�002AllUserSettings]<br>@Denied: (A) (Users)<br>@Denied: (A) (Everyone)<br>@Allowed: (B 1 2 3 4 5) (S-1-5-20)<br>"BlindDial"=dword:00000000<br>.<br>Completion time: 2009-09-26 14:53<br>ComboFix-quarantined-files.txt 2009-09-26 12:53<br><br>Pre-Run: 45,820,129,280 bytes free<br>Post-Run: 45,759,922,176 bytes free<br><br>334 --- E O F --- 2009-09-24 14:47<br><br> <br /><hr />What can you do with the new Windows Live? <a href='http://www.microsoft.com/windows/windowslive/default.aspx' target='_new'>Find out</a></body> </html> --_cb030b77-0a73-4781-aee9-956d907f61d0_-- [ magna86 @ 27.09.2009. 23:47 ] @
Stvarno mi je zao ,ali log opet nije ceo....nesto je ili ostetilo CF (neki malware) ili je antivirus obrisao neku komponentu CF-a
a i da jeste ceo...nemogu da ga citam ovako... vidis kako ovo izgleda..? Code: c:windowssystem32ieencode.dll c:windowssystem32ieUnatt.exe c:windowssystem32atl.dll c:windowssystem32wmpdxm.dll c:windowssystem32dxmasf.dll c:windowssystem32spwmp.dll c:windowssystem32wmploc.DLL a trebalo bi da izgleda ovako nekako: Code: c:\windows\system32\wmpdxm.dll c:\windows\system32\dxmasf.dll c:\windows\system32\spwmp.dll Ako stvarno hoces punu proveru sistema u potrazi ka inficiranim fajlovima...moramo koristiti alternativne programe...jbga... CF jeste najlaksi...ali.... :s ____________________________________________________________________________________ *Skini RSIT program na Desktop,pokreni ga,idi na Continue....program ce izbaciti log za par sekundi... oba loga prikaci u attachment formi: http://images.malwareremoval.com/random/RSIT.exe ____________________________________________________________________________________ Skini Gmer saovog linka na Desktop http://www2.gmer.net/download.php pokreni Gmer,sacekaj da se zavrsi uvodno skeniranje (ako se pojavi nekakva poruka idi na No) idi na Scan i sacekaj da skeniranje bude zavrseno...klikni Save ...sacuvaj to kao GmerLog1 Klikni desnim tasterom na prozor programa Gmer i odaberi Options >> Only non MS files i klikni Scan ..napravice se novi log...taj log sacuvaj kao GmerLog2 Klikni taster >>> i izaberi Autostart karticu. po zavrsetku skeniranja izaberi Copy,otvori novi notepad,izaberi Paste i taj log sacuvaj kao GmerLog3. prikaci sva ta tri loga uz poruku kao attachment _________________________________________________________________________________________ a ti mi morao uninstalirati taj Combofix jer je taj CF star vec ~nedelju dana Start >>> Run Code: Combofix /u OK P.S: Kad kazem "attachment" mislim da notepad za izvestajem prikacis uz poruku. To je kad posalje komentar imas dole opciju "Upload uz poruku" Copyright (C) 2001-2025 by www.elitesecurity.org. All rights reserved.
|