Možda tražite i:
Comodo i Avast - problemi nakon updatea Avasta
Pomoc za aktivacioni kod za avast ?
Avast! 8 Beta
Avast i virusi

MyCity » Ambulanta -> Arhiva Ambulante » Avast i Win32:Trojan-gen{other}

Avast i Win32:Trojan-gen{other}

Napisano na dan: 5.3.2009

Strana:
1
2

Avast i Win32:Trojan-gen{other}

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Rastafarii Poslao: 05 Mar 2009 12:38 Idi na vrh
offline Rastafarii Moderator foruma PHP developer Pridružio: 22 Mar 2006 Poruke: 3747 Gde živiš: 127.0.0.1	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Znam da je Avast "problematican" po pitanju gen-other trojanaca, pa me to ne brine toliko, nego sto su prisutne jos neke sitnice u radu sistema, tipa prekid veze sa netom (na pola ucitavanja strane) i tome slicno. Ovo je jedan od kompova na poslu, svi su prikljuceni na net preko rutera, ali samo on pravi probleme. Komp nije moj (moj radi pod Linuxom), ali bi mi vise nego znacilo da se taj komp osposobi. Ima li znakova malware-a? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:27:27, on 5.3.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE C:\Program Files\WinFast\WFTVFM\WFWIZ.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe C:\Program Files\Windows Mail\WinMail.exe C:\Windows\system32\wuauclt.exe C:\Windows\System32\notepad.exe C:\Program Files\Microsoft Office\Office12\WINWORD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe D:\new folder\new program.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.promobile.rs/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O1 - Hosts: ::1 localhost O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live pomagaè za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0 O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe O4 - HKLM\..\Run: [Sccs] C:\Users\Milena\sccs.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=031909 serial=DR12CCR-9029142-LXM lang=EN O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Css] C:\Users\Milena\css.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing) O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?.....;site=home (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - https://www.raiffeisenbank.rs/online/RaiffeisenDLL/FSINT.dll O16 - DPF: {5ED7F9D0-90D3-4001-A768-7E95C1768821} (FileInterface Class) - https://rol.raiffeisenbank.rs/RaiffeisenDLL/FSINT8.dll O16 - DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} (Archive Class) - https://www.raiffeisenbank.rs/online/RaiffeisenDLL/SAWZip.dll O16 - DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} (Ebanking.Utility) - https://www.raiffeisenbank.rs/online/RaiffeisenDLL/EbankingWWW.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} (SecAPI Class) - https://www.raiffeisenbank.rs/online/RaiffeisenDLL/EBCSCC2A.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{FADF4481-182E-4777-9353-66EE67613EE3}: NameServer = 217.65.192.1 217.65.192.52 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: MySql - Unknown owner - C:\Program.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 14536 bytes

Profil

helen1 Poslao: 05 Mar 2009 12:51 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ima znakova nezeljenih programa. Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. ------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Rastafarii Poslao: 05 Mar 2009 13:20 Idi na vrh
offline Rastafarii Moderator foruma PHP developer Pridružio: 22 Mar 2006 Poruke: 3747 Gde živiš: 127.0.0.1	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljucio sam Avast, pogasio je sve aktivne zastite (pisalo je 0 od 7 aktivno), ali se ComboFix opet bunio kako nije ugasena zastita. ComboFix 09-03-04.01 - Milena 2009-03-05 12:57:10.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.2038.773 [GMT 1:00] Running from: c:\users\Milena\Desktop\ComboFix.exe AV: avast! antivirus 4.8.1201 [VPS 090303-2] On-access scanning enabled (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\FunWebProducts c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.htmlx c:\program files\Internet Explorer\msimg32.dll c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE c:program files\MyWebSearch\bar\2.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST c:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Cache\032D07A c:\program files\MyWebSearch\bar\Cache\032D2471 c:\program files\MyWebSearch\bar\Cache\032D2913.bin c:\program files\MyWebSearch\bar\Cache\032D3005.bin c:\program files\MyWebSearch\bar\Cache\032D34F5.bin c:\program files\MyWebSearch\bar\Cache\032D3A71.bin c:\program files\MyWebSearch\bar\Cache\files.ini c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\History\search3 c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL c:\program files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL c:\windows\system32\f3PSSavr.scr . ((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 ))))))))))))))))))))))))))))))) . 2009-03-05 09:37 . 2009-03-05 09:37 0 --a------ c:\windows\nsreg.dat 2009-03-04 09:47 . 2009-03-04 09:47 <DIR> d-------- c:\program files\Alwil Software 2009-03-04 09:47 . 2009-02-05 22:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys 2009-03-04 09:36 . 2009-03-04 09:36 <DIR> d-------- c:\users\All Users\Adobe Systems 2009-03-04 09:36 . 2009-03-04 09:36 <DIR> d-------- c:\programdata\Adobe Systems 2009-03-04 09:32 . 2009-03-04 09:32 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2009-03-04 09:06 . 2009-03-04 09:06 58,393 --a------ c:\windows\FontData.fdb 2009-03-04 09:05 . 2009-03-04 09:05 <DIR> d-------- c:\users\Milena\AppData\Roaming\Corel 2009-03-04 09:03 . 2009-03-04 09:03 <DIR> d-------- c:\program files\Common Files\Corel 2009-03-04 09:02 . 2009-03-04 09:02 <DIR> d-------- c:\program files\Corel 2009-02-27 10:44 . 2009-02-27 10:44 144 --a------ c:\windows\Readiris.ini 2009-02-27 10:43 . 2009-02-27 10:44 <DIR> d-------- c:\program files\Readiris Pro 11 HP 2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos 2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches 2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games 2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures 2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Links 2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads 2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents 2009-02-11 08:57 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-02-11 08:57 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-05 12:03 --------- d-----w c:\users\Milena\AppData\Roaming\Skype 2009-03-05 07:49 --------- d-----w c:\users\Milena\AppData\Roaming\skypePM 2009-03-04 08:32 --------- d-----w c:\program files\Common Files\Adobe 2009-03-04 08:05 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-04 08:03 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-28 09:56 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-28 09:15 --------- d-----w c:\programdata\Symantec 2009-02-28 09:15 --------- d-----w c:\program files\Symantec 2009-02-12 07:54 --------- d-----w c:\programdata\Microsoft Help 2009-02-12 07:52 --------- d-----w c:\program files\Windows Mail 2009-02-04 12:49 --------- d-----w c:\program files\MSECache 2009-02-02 23:25 --------- d-----w c:\program files\Duravit Specification Manual 6.1 2009-01-30 00:11 --------- d-----w c:\programdata\WindowsSearch 2009-01-28 11:38 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-01-19 22:08 174 --sha-w c:\program files\desktop.ini 2009-01-19 22:01 --------- d-----w c:\program files\Windows Sidebar 2009-01-19 22:01 --------- d-----w c:\program files\Windows Photo Gallery 2009-01-19 22:01 --------- d-----w c:\program files\Windows Journal 2009-01-19 22:01 --------- d-----w c:\program files\Windows Collaboration 2009-01-19 22:01 --------- d-----w c:\program files\Windows Calendar 2009-01-19 22:00 --------- d-----w c:\program files\Windows Defender 2009-01-17 18:42 --------- d-----w c:\programdata\Skype 2009-01-17 18:42 --------- d-----w c:\program files\Skype 2009-01-17 18:42 --------- d-----w c:\program files\Common Files\Skype 2009-01-12 15:36 --------- d-----w c:\programdata\FLEXnet 2009-01-12 14:11 --------- d-----w c:\users\Milena\AppData\Roaming\GHISLER 2009-01-12 14:04 --------- d-----w c:\program files\Bonjour 2009-01-12 13:58 --------- d-----w c:\program files\Common Files\Macrovision Shared 2008-10-09 18:59 47,616 ----a-w c:\users\Milena\javamon.exe 2008-10-05 13:25 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-10-05 13:25 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-10-05 13:25 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-28 1883672] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-10-09 57344] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}] 2009-02-28 10:10 1883672 --a------ c:\program files\TorrentMan\tbTor1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-28 1883672] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-28 1883672] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-23 171448] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-16 509496] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-26 538744] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536] "Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-27 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-27 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-27 133912] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2007-11-15 2850816] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-18 c:\windows\RtHDVCpl.exe] "NDSTray.exe"="NDSTray.exe" [BU] c:\users\Milena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{CFAF36C7-B188-4D7B-91D4-701BFB65CAE8}"= TCP:6004\|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{DC259842-CB3B-4199-838F-62B49F3FC4FC}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{1B41EB63-F0C5-4CC1-AA52-49C6A7D6DC79}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{B4663B4D-EC63-4C01-BAFF-3920F41EE470}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{E43F1FA3-E4FE-44F7-8153-DB85A7ACA0B0}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{47DAEF24-3A0B-4DC8-B8E1-053B3ADA0997}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{18A29A95-479C-4592-9F3F-A27EFEAFB375}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{EB080714-D6D4-4FD6-A303-00ED32755540}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{34CF0068-DBAF-4397-BD9A-A53321FD84BC}"= c:\program files\Skype\Phone\Skype.exe:Skype "{5CF470B9-6E72-4356-895E-A251ED05BE23}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-03-04 114768] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-03-04 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-04 51792] R3 GemCCID;GemCCID;c:\windows\System32\drivers\GemCCID.sys [2008-04-04 87424] R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [2007-04-09 8192] R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [2008-10-08 9446] S3 HPFXFAX;HPFXFAX;c:\windows\System32\drivers\hpfxfax.sys [2008-10-03 20504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \shell\AutoRun\command - D:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aadd7b4-8bc5-11dd-a5e6-001e680b2a47}] \shell\AutoRun\command - D:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aadd7c8-8bc5-11dd-a5e6-001e680b2a47}] \shell\AutoRun\command - D:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6427e1b0-473b-11dd-88b5-001e680b2a47}] \shell\AutoRun\command - D:\6x8be16.cmd \shell\explore\Command - D:\6x8be16.cmd \shell\open\Command - D:\6x8be16.cmd [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d14c34-8c04-11dd-9761-001e680b2a47}] \shell\AutoRun\command - D:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d14c35-8c04-11dd-9761-001e680b2a47}] \shell\AutoRun\command - D:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88eebe7b-07c6-11de-9f97-001e680b2a47}] \shell\AutoRun\command - D:\ \shell\open\Command - rundll32.exe .\\dhcpeon.dll,InstallM [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8af8c44d-0842-11de-a0f8-001e680b2a47}] \shell\Auto\command - Config.exe \shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc3361b5-8cba-11dd-af61-001e680b2a47}] \shell\AutoRun\command - D:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc3361b6-8cba-11dd-af61-001e680b2a47}] \shell\AutoRun\command - D:\AutoRun.exe . - - - - ORPHANS REMOVED - - - - HKCU-Run-TOSCDSPD - TOSCDSPD.EXE HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe HKLM-Run-Sccs - c:\users\Milena\sccs.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.promobile.rs/ uInternet Settings,ProxyOverride = .local IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?.....;site=home Trusted Zone: google.com\mail Trusted Zone: raiffeisenbank.co.rs\www Trusted Zone: raiffeisenbank.rs\www Trusted Zone: raiffeisenbank.rs\rol TCP: {FADF4481-182E-4777-9353-66EE67613EE3} = 217.65.192.1 217.65.192.52 DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://www.raiffeisenbank.rs/online/RaiffeisenDLL/FSINT.dll DPF: {5ED7F9D0-90D3-4001-A768-7E95C1768821} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/FSINT8.dll DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://www.raiffeisenbank.rs/online/RaiffeisenDLL/SAWZip.dll DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://www.raiffeisenbank.rs/online/RaiffeisenDLL/EbankingWWW.dll DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://www.raiffeisenbank.rs/online/RaiffeisenDLL/EBCSCC2A.dll FF - ProfilePath - c:\users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\nitighuo.default\ FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-05 13:03:54 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Sccs = c:\users\Milena\sccs.exe?a\sccs.exe?????????????? scanning hidden files ... ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(5464) c:\program files\IDM\Desktop SMS\oehook.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\System32\audiodg.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\program files\Synaptics\SynTP\SynToshiba.exe c:\windows\System32\igfxsrvc.exe c:\program files\Alwil Software\Avast4\ashDisp.exe c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe c:\windows\System32\agrsmsvc.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe c:\program files\Logik\FirmA\mysql\bin\mysqld-nt.exe c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe c:\windows\System32\TODDSrv.exe c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\System32\WUDFHost.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe c:\program files\Windows Mail\WinMail.exe c:\combofix\hidec.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\windows\System32\conime.exe c:\windows\servicing\TrustedInstaller.exe c:\combofix\Catchme.tmp . ************************************************************************ . Completion time: 2009-03-05 13:11:42 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-05 12:09:56 Pre-Run: 26.909.859.840 bytes free Post-Run: 29,094,957,056 bytes free 353 --- E O F --- 2009-02-12 07:58:21

Profil

helen1 Poslao: 05 Mar 2009 14:09 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li je na ovom kompjuteru pre koriscen Norton?

Profil

Rastafarii Poslao: 05 Mar 2009 14:16 Idi na vrh
offline Rastafarii Moderator foruma PHP developer Pridružio: 22 Mar 2006 Poruke: 3747 Gde živiš: 127.0.0.1	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jeste, nekako je "maknut" (sta god to znacilo) pre 4 dana.

Profil

helen1 Poslao: 05 Mar 2009 14:24 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini program i pokreni ga, pa mi kazi da li se nesto desilo. Izgleda da Norton nije do kraja "maknut". ftp://ftp.symantec.com/public/english_us_canada/re.....l_Tool.exe

Profil

Rastafarii Poslao: 05 Mar 2009 14:38 Idi na vrh
offline Rastafarii Moderator foruma PHP developer Pridružio: 22 Mar 2006 Poruke: 3747 Gde živiš: 127.0.0.1	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokrenuo sam, pretrazio je sistem, nakon zavrsetka trazio restart sistema, kad je sistem opet podignut, otisao na stranicu gde se objasnjava kako ponovo instalirati Norton produkt nakon pokretanja Removal Tool-a. Jel to to?

Profil

helen1 Poslao: 05 Mar 2009 14:47 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Valjda. Saznacemo uskoro. Otvoriti Notepad i iskopirati sledeci tekst: Registry:: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\Shell] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aadd7b4-8bc5-11dd-a5e6-001e680b2a47}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6427e1b0-473b-11dd-88b5-001e680b2a47}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d14c34-8c04-11dd-9761-001e680b2a47}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d14c35-8c04-11dd-9761-001e680b2a47}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88eebe7b-07c6-11de-9f97-001e680b2a47}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8af8c44d-0842-11de-a0f8-001e680b2a47}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc3361b5-8cba-11dd-af61-001e680b2a47}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc3361b6-8cba-11dd-af61-001e680b2a47}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Rastafarii Poslao: 05 Mar 2009 15:13 Idi na vrh
offline Rastafarii Moderator foruma PHP developer Pridružio: 22 Mar 2006 Poruke: 3747 Gde živiš: 127.0.0.1	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-04.01 - Milena 2009-03-05 14:59:51.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.2038.1003 [GMT 1:00] Running from: c:\users\Milena\Desktop\ComboFix.exe Command switches used :: c:\users\Milena\Desktop\CFScript.txt AV: avast! antivirus 4.8.1201 [VPS 090303-2] On-access scanning enabled (Updated) * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 ))))))))))))))))))))))))))))))) . 2009-03-05 14:29 . 2009-03-05 14:29 <DIR> d-------- c:\users\All Users\NortonInstaller 2009-03-05 14:29 . 2009-03-05 14:29 <DIR> d-------- c:\programdata\NortonInstaller 2009-03-05 09:37 . 2009-03-05 09:37 0 --a------ c:\windows\nsreg.dat 2009-03-04 09:47 . 2009-03-04 09:47 <DIR> d-------- c:\program files\Alwil Software 2009-03-04 09:47 . 2009-02-05 22:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys 2009-03-04 09:36 . 2009-03-04 09:36 <DIR> d-------- c:\users\All Users\Adobe Systems 2009-03-04 09:36 . 2009-03-04 09:36 <DIR> d-------- c:\programdata\Adobe Systems 2009-03-04 09:32 . 2009-03-04 09:32 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared 2009-03-04 09:06 . 2009-03-04 09:06 58,393 --a------ c:\windows\FontData.fdb 2009-03-04 09:05 . 2009-03-04 09:05 <DIR> d-------- c:\users\Milena\AppData\Roaming\Corel 2009-03-04 09:03 . 2009-03-04 09:03 <DIR> d-------- c:\program files\Common Files\Corel 2009-03-04 09:02 . 2009-03-04 09:02 <DIR> d-------- c:\program files\Corel 2009-02-27 10:44 . 2009-02-27 10:44 144 --a------ c:\windows\Readiris.ini 2009-02-27 10:43 . 2009-02-27 10:44 <DIR> d-------- c:\program files\Readiris Pro 11 HP 2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos 2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches 2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games 2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures 2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Links 2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads 2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents 2009-02-11 08:57 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb 2009-02-11 08:57 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-05 14:03 --------- d-----w c:\users\Milena\AppData\Roaming\Skype 2009-03-05 13:30 --------- d-----w c:\programdata\Symantec 2009-03-05 12:04 --------- d-----w c:\users\Milena\AppData\Roaming\skypePM 2009-03-04 08:32 --------- d-----w c:\program files\Common Files\Adobe 2009-03-04 08:05 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-04 08:03 --------- d-----w c:\program files\Common Files\InstallShield 2009-02-28 09:56 --------- d-----w c:\program files\Common Files\Symantec Shared 2009-02-28 09:15 --------- d-----w c:\program files\Symantec 2009-02-12 07:54 --------- d-----w c:\programdata\Microsoft Help 2009-02-12 07:52 --------- d-----w c:\program files\Windows Mail 2009-02-04 12:49 --------- d-----w c:\program files\MSECache 2009-02-02 23:25 --------- d-----w c:\program files\Duravit Specification Manual 6.1 2009-01-30 00:11 --------- d-----w c:\programdata\WindowsSearch 2009-01-28 11:38 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2009-01-19 22:08 174 --sha-w c:\program files\desktop.ini 2009-01-19 22:01 --------- d-----w c:\program files\Windows Sidebar 2009-01-19 22:01 --------- d-----w c:\program files\Windows Photo Gallery 2009-01-19 22:01 --------- d-----w c:\program files\Windows Journal 2009-01-19 22:01 --------- d-----w c:\program files\Windows Collaboration 2009-01-19 22:01 --------- d-----w c:\program files\Windows Calendar 2009-01-19 22:00 --------- d-----w c:\program files\Windows Defender 2009-01-19 21:31 82,432 ----a-w c:\windows\System32\axaltocm.dll 2009-01-19 21:31 101,888 ----a-w c:\windows\System32\ifxcardm.dll 2009-01-17 18:42 --------- d-----w c:\programdata\Skype 2009-01-17 18:42 --------- d-----w c:\program files\Skype 2009-01-17 18:42 --------- d-----w c:\program files\Common Files\Skype 2009-01-12 15:36 --------- d-----w c:\programdata\FLEXnet 2009-01-12 14:11 --------- d-----w c:\users\Milena\AppData\Roaming\GHISLER 2009-01-12 14:04 --------- d-----w c:\program files\Bonjour 2009-01-12 13:58 --------- d-----w c:\program files\Common Files\Macrovision Shared 2008-10-09 18:59 47,616 ----a-w c:\users\Milena\javamon.exe 2008-10-05 13:25 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 2008-10-05 13:25 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-10-05 13:25 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((( SnapShot@2009-03-05_13.07.34.46 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-05 12:01:48 458,744 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-03-05 13:31:38 458,744 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-03-05 12:02:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-03-05 13:32:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-03-05 12:02:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2009-03-05 13:32:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2009-03-05 12:04:16 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat + 2009-03-05 13:36:30 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat + 2009-03-05 13:36:30 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2009-03-05 12:04:05 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat + 2009-03-05 13:36:25 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat + 2009-03-05 13:36:25 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2009-03-05 12:03:34 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-03-05 13:33:11 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-03-05 12:03:34 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-03-05 13:33:11 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-03-05 12:03:34 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-03-05 13:33:11 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-03-05 11:49:51 102,094 ----a-w c:\windows\System32\perfc009.dat + 2009-03-05 13:57:19 102,094 ----a-w c:\windows\System32\perfc009.dat - 2009-03-05 11:49:51 590,082 ----a-w c:\windows\System32\perfh009.dat + 2009-03-05 13:57:19 590,082 ----a-w c:\windows\System32\perfh009.dat - 2009-03-05 07:50:46 9,834 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-139177017-2677889480-1541947406-1000_UserData.bin + 2009-03-05 13:34:38 9,882 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-139177017-2677889480-1541947406-1000_UserData.bin - 2009-03-05 07:50:46 75,842 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2009-03-05 13:34:38 75,914 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2009-03-05 07:50:42 54,502 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-03-05 13:34:36 55,316 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-28 1883672] "{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-10-09 57344] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}] 2009-02-28 10:10 1883672 --a------ c:\program files\TorrentMan\tbTor1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-28 1883672] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-28 1883672] [HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-23 171448] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-16 509496] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-26 538744] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536] "Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-27 138008] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-27 154392] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-27 133912] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2007-11-15 2850816] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "RtHDVCpl"="RtHDVCpl.exe" [2007-05-18 c:\windows\RtHDVCpl.exe] "NDSTray.exe"="NDSTray.exe" [BU] c:\users\Milena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{CFAF36C7-B188-4D7B-91D4-701BFB65CAE8}"= TCP:6004\|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{DC259842-CB3B-4199-838F-62B49F3FC4FC}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{1B41EB63-F0C5-4CC1-AA52-49C6A7D6DC79}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{B4663B4D-EC63-4C01-BAFF-3920F41EE470}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{E43F1FA3-E4FE-44F7-8153-DB85A7ACA0B0}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{47DAEF24-3A0B-4DC8-B8E1-053B3ADA0997}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{18A29A95-479C-4592-9F3F-A27EFEAFB375}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{EB080714-D6D4-4FD6-A303-00ED32755540}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{34CF0068-DBAF-4397-BD9A-A53321FD84BC}"= c:\program files\Skype\Phone\Skype.exe:Skype "{5CF470B9-6E72-4356-895E-A251ED05BE23}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-03-04 114768] R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-03-04 20560] R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-04 51792] R3 GemCCID;GemCCID;c:\windows\System32\drivers\GemCCID.sys [2008-04-04 87424] R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [2007-04-09 8192] R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [2008-10-08 9446] S3 HPFXFAX;HPFXFAX;c:\windows\System32\drivers\hpfxfax.sys [2008-10-03 20504] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \shell\AutoRun\command - D:\AutoRun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aadd7c8-8bc5-11dd-a5e6-001e680b2a47}] \shell\AutoRun\command - D:\AutoRun.exe . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.promobile.rs/ uInternet Settings,ProxyOverride = .local IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?.....;site=home Trusted Zone: google.com\mail Trusted Zone: raiffeisenbank.co.rs\www Trusted Zone: raiffeisenbank.rs\www Trusted Zone: raiffeisenbank.rs\rol TCP: {FADF4481-182E-4777-9353-66EE67613EE3} = 217.65.192.1 217.65.192.52 DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://www.raiffeisenbank.rs/online/RaiffeisenDLL/FSINT.dll DPF: {5ED7F9D0-90D3-4001-A768-7E95C1768821} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/FSINT8.dll DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://www.raiffeisenbank.rs/online/RaiffeisenDLL/SAWZip.dll DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://www.raiffeisenbank.rs/online/RaiffeisenDLL/EbankingWWW.dll DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://www.raiffeisenbank.rs/online/RaiffeisenDLL/EBCSCC2A.dll FF - ProfilePath - c:\users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\nitighuo.default\ FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-05 15:03:08 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************ . Completion time: 2009-03-05 15:06:51 ComboFix-quarantined-files.txt 2009-03-05 14:05:33 ComboFix2.txt 2009-03-05 12:11:43 Pre-Run: 28.912.271.360 bytes free Post-Run: 28,592,549,888 bytes free 229 --- E O F --- 2009-02-12 07:58:21

Profil

helen1 Poslao: 05 Mar 2009 15:45 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Avast i Win32:Trojan-gen{other}

Ko je trenutno na forumu

Ukupno su 659 korisnika na forumu :: 19 registrovanih, 5 sakrivenih i 635 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., babaroga, bbogdan, bobomicek, Djokislav, galerija, gasha, kolle.the.kid, ladro, Lazarus, ljuba, Mare Ivanović, Milometer, panzerwaffe, S2M, SR-3m, suton, VP6919, Zimbabwe

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by