Avast i Win32:Trojan-gen{other}

1

Avast i Win32:Trojan-gen{other}

offline
  • PHP developer
  • Pridružio: 22 Mar 2006
  • Poruke: 3760
  • Gde živiš: 127.0.0.1

Znam da je Avast "problematican" po pitanju gen-other trojanaca, pa me to ne brine toliko, nego sto su prisutne jos neke sitnice u radu sistema, tipa prekid veze sa netom (na pola ucitavanja strane) i tome slicno.

Ovo je jedan od kompova na poslu, svi su prikljuceni na net preko rutera, ali samo on pravi probleme. Komp nije moj (moj radi pod Linuxom), ali bi mi vise nego znacilo da se taj komp osposobi. Ima li znakova malware-a?

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:27:27, on 5.3.2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal



Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe

C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe

C:\Windows\system32\igfxsrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\TOSHIBA\Registration\ToshibaRegistration.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

C:\Program Files\Synaptics\SynTP\SynToshiba.exe

C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE

C:\Program Files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE

C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe

C:\Program Files\Windows Mail\WinMail.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\System32\notepad.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

D:\new folder\new program.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.promobile.rs/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O1 - Hosts: ::1 localhost

O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O2 - BHO: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live pomagaè za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O3 - Toolbar: TorrentMan Toolbar - {7c5c0f58-e061-457d-9033-77307f5ed00c} - C:\Program Files\TorrentMan\tbTor1.dll

O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE

O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe

O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe

O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup

O4 - HKLM\..\Run: [Desktop SMS] C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe /auto

O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"

O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"

O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF

O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe" /m=0

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe

O4 - HKLM\..\Run: [Sccs] C:\Users\Milena\sccs.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=031909 serial=DR12CCR-9029142-LXM lang=EN

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [Css] C:\Users\Milena\css.exe

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [TOSCDSPD] TOSCDSPD.EXE

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe

O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll

O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: eBay.co.uk - Buy It Sell It Love It - {76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4 (file missing)

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Amazon.co.uk - {8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?.....;site=home (file missing)

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - https://www.raiffeisenbank.rs/online/RaiffeisenDLL/FSINT.dll

O16 - DPF: {5ED7F9D0-90D3-4001-A768-7E95C1768821} (FileInterface Class) - https://rol.raiffeisenbank.rs/RaiffeisenDLL/FSINT8.dll

O16 - DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} (Archive Class) - https://www.raiffeisenbank.rs/online/RaiffeisenDLL/SAWZip.dll

O16 - DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} (Ebanking.Utility) - https://www.raiffeisenbank.rs/online/RaiffeisenDLL/EbankingWWW.dll

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} (SecAPI Class) - https://www.raiffeisenbank.rs/online/RaiffeisenDLL/EBCSCC2A.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{FADF4481-182E-4777-9353-66EE67613EE3}: NameServer = 217.65.192.1 217.65.192.52

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe

O23 - Service: MySql - Unknown owner - C:\Program.exe (file missing)

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe



--

End of file - 14536 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Ima znakova nezeljenih programa.

Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

-------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • PHP developer
  • Pridružio: 22 Mar 2006
  • Poruke: 3760
  • Gde živiš: 127.0.0.1

Iskljucio sam Avast, pogasio je sve aktivne zastite (pisalo je 0 od 7 aktivno), ali se ComboFix opet bunio kako nije ugasena zastita.

ComboFix 09-03-04.01 - Milena 2009-03-05 12:57:10.1 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.2038.773 [GMT 1:00]

Running from: c:\users\Milena\Desktop\ComboFix.exe

AV: avast! antivirus 4.8.1201 [VPS 090303-2] *On-access scanning enabled* (Updated)

* Created a new restore point

.



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.



c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.htmlx
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:program files\MyWebSearch\bar\2.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\032D07A
c:\program files\MyWebSearch\bar\Cache\032D2471
c:\program files\MyWebSearch\bar\Cache\032D2913.bin

c:\program files\MyWebSearch\bar\Cache\032D3005.bin

c:\program files\MyWebSearch\bar\Cache\032D34F5.bin

c:\program files\MyWebSearch\bar\Cache\032D3A71.bin

c:\program files\MyWebSearch\bar\Cache\files.ini

c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S

c:\program files\MyWebSearch\bar\Game\CHESS.F3S

c:\program files\MyWebSearch\bar\Game\REVERSI.F3S

c:\program files\MyWebSearch\bar\History\search3

c:\program files\MyWebSearch\bar\icons\CM.ICO

c:\program files\MyWebSearch\bar\icons\MFC.ICO

c:\program files\MyWebSearch\bar\icons\PSS.ICO

c:\program files\MyWebSearch\bar\icons\SMILEY.ICO

c:\program files\MyWebSearch\bar\icons\WB.ICO

c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO

c:\program files\MyWebSearch\bar\Message\COMMON.F3S

c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S

c:\program files\MyWebSearch\bar\Notifier\DOG.F3S

c:\program files\MyWebSearch\bar\Notifier\FISH.F3S

c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S

c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S

c:\program files\MyWebSearch\bar\Notifier\MAID.F3S

c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S

c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S

c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S

c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S

c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S

c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm

c:\program files\MyWebSearch\bar\Settings\s_pid.dat

c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL

c:\program files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL

c:\windows\system32\f3PSSavr.scr



.

((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 )))))))))))))))))))))))))))))))

.



2009-03-05 09:37 . 2009-03-05 09:37 0 --a------ c:\windows\nsreg.dat
2009-03-04 09:47 . 2009-03-04 09:47 <DIR> d-------- c:\program files\Alwil Software
2009-03-04 09:47 . 2009-02-05 22:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys
2009-03-04 09:36 . 2009-03-04 09:36 <DIR> d-------- c:\users\All Users\Adobe Systems
2009-03-04 09:36 . 2009-03-04 09:36 <DIR> d-------- c:\programdata\Adobe Systems
2009-03-04 09:32 . 2009-03-04 09:32 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared
2009-03-04 09:06 . 2009-03-04 09:06 58,393 --a------ c:\windows\FontData.fdb
2009-03-04 09:05 . 2009-03-04 09:05 <DIR> d-------- c:\users\Milena\AppData\Roaming\Corel
2009-03-04 09:03 . 2009-03-04 09:03 <DIR> d-------- c:\program files\Common Files\Corel
2009-03-04 09:02 . 2009-03-04 09:02 <DIR> d-------- c:\program files\Corel
2009-02-27 10:44 . 2009-02-27 10:44 144 --a------ c:\windows\Readiris.ini
2009-02-27 10:43 . 2009-02-27 10:44 <DIR> d-------- c:\program files\Readiris Pro 11 HP
2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos
2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches
2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games
2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures
2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Links
2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads
2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents
2009-02-11 08:57 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-11 08:57 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-05 12:03 --------- d-----w c:\users\Milena\AppData\Roaming\Skype
2009-03-05 07:49 --------- d-----w c:\users\Milena\AppData\Roaming\skypePM
2009-03-04 08:32 --------- d-----w c:\program files\Common Files\Adobe
2009-03-04 08:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-04 08:03 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-28 09:56 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-28 09:15 --------- d-----w c:\programdata\Symantec
2009-02-28 09:15 --------- d-----w c:\program files\Symantec
2009-02-12 07:54 --------- d-----w c:\programdata\Microsoft Help
2009-02-12 07:52 --------- d-----w c:\program files\Windows Mail
2009-02-04 12:49 --------- d-----w c:\program files\MSECache
2009-02-02 23:25 --------- d-----w c:\program files\Duravit Specification Manual 6.1
2009-01-30 00:11 --------- d-----w c:\programdata\WindowsSearch
2009-01-28 11:38 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-01-19 22:08 174 --sha-w c:\program files\desktop.ini
2009-01-19 22:01 --------- d-----w c:\program files\Windows Sidebar
2009-01-19 22:01 --------- d-----w c:\program files\Windows Photo Gallery
2009-01-19 22:01 --------- d-----w c:\program files\Windows Journal
2009-01-19 22:01 --------- d-----w c:\program files\Windows Collaboration
2009-01-19 22:01 --------- d-----w c:\program files\Windows Calendar
2009-01-19 22:00 --------- d-----w c:\program files\Windows Defender
2009-01-17 18:42 --------- d-----w c:\programdata\Skype
2009-01-17 18:42 --------- d-----w c:\program files\Skype
2009-01-17 18:42 --------- d-----w c:\program files\Common Files\Skype
2009-01-12 15:36 --------- d-----w c:\programdata\FLEXnet
2009-01-12 14:11 --------- d-----w c:\users\Milena\AppData\Roaming\GHISLER

2009-01-12 14:04 --------- d-----w c:\program files\Bonjour

2009-01-12 13:58 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-10-09 18:59 47,616 ----a-w c:\users\Milena\javamon.exe
2008-10-05 13:25 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-10-05 13:25 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-10-05 13:25 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4



[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-28 1883672]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-10-09 57344]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]
2009-02-28 10:10 1883672 --a------ c:\program files\TorrentMan\tbTor1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-28 1883672]



[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-28 1883672]

[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-23 171448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-16 509496]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-26 538744]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]
"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-27 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-27 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-27 133912]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2007-11-15 2850816]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-18 c:\windows\RtHDVCpl.exe]
"NDSTray.exe"="NDSTray.exe" [BU]



c:\users\Milena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{CFAF36C7-B188-4D7B-91D4-701BFB65CAE8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{DC259842-CB3B-4199-838F-62B49F3FC4FC}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{1B41EB63-F0C5-4CC1-AA52-49C6A7D6DC79}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B4663B4D-EC63-4C01-BAFF-3920F41EE470}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E43F1FA3-E4FE-44F7-8153-DB85A7ACA0B0}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{47DAEF24-3A0B-4DC8-B8E1-053B3ADA0997}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{18A29A95-479C-4592-9F3F-A27EFEAFB375}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{EB080714-D6D4-4FD6-A303-00ED32755540}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{34CF0068-DBAF-4397-BD9A-A53321FD84BC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{5CF470B9-6E72-4356-895E-A251ED05BE23}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-03-04 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-03-04 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-04 51792]
R3 GemCCID;GemCCID;c:\windows\System32\drivers\GemCCID.sys [2008-04-04 87424]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [2007-04-09 8192]
R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [2008-10-08 9446]
S3 HPFXFAX;HPFXFAX;c:\windows\System32\drivers\hpfxfax.sys [2008-10-03 20504]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aadd7b4-8bc5-11dd-a5e6-001e680b2a47}]
\shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aadd7c8-8bc5-11dd-a5e6-001e680b2a47}]
\shell\AutoRun\command - D:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6427e1b0-473b-11dd-88b5-001e680b2a47}]

\shell\AutoRun\command - D:\6x8be16.cmd

\shell\explore\Command - D:\6x8be16.cmd

\shell\open\Command - D:\6x8be16.cmd



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d14c34-8c04-11dd-9761-001e680b2a47}]

\shell\AutoRun\command - D:\AutoRun.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d14c35-8c04-11dd-9761-001e680b2a47}]

\shell\AutoRun\command - D:\AutoRun.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88eebe7b-07c6-11de-9f97-001e680b2a47}]

\shell\AutoRun\command - D:\

\shell\open\Command - rundll32.exe .\\dhcpeon.dll,InstallM



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8af8c44d-0842-11de-a0f8-001e680b2a47}]

\shell\Auto\command - Config.exe

\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc3361b5-8cba-11dd-af61-001e680b2a47}]

\shell\AutoRun\command - D:\AutoRun.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc3361b6-8cba-11dd-af61-001e680b2a47}]

\shell\AutoRun\command - D:\AutoRun.exe

.

- - - - ORPHANS REMOVED - - - -



HKCU-Run-TOSCDSPD - TOSCDSPD.EXE

HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL

HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe

HKLM-Run-Sccs - c:\users\Milena\sccs.exe





.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.promobile.rs/

uInternet Settings,ProxyOverride = *.local

IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4

IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?.....;site=home

Trusted Zone: google.com\mail

Trusted Zone: raiffeisenbank.co.rs\www

Trusted Zone: raiffeisenbank.rs\www

Trusted Zone: raiffeisenbank.rs\rol

TCP: {FADF4481-182E-4777-9353-66EE67613EE3} = 217.65.192.1 217.65.192.52

DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://www.raiffeisenbank.rs/online/RaiffeisenDLL/FSINT.dll

DPF: {5ED7F9D0-90D3-4001-A768-7E95C1768821} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/FSINT8.dll

DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://www.raiffeisenbank.rs/online/RaiffeisenDLL/SAWZip.dll

DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://www.raiffeisenbank.rs/online/RaiffeisenDLL/EbankingWWW.dll

DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://www.raiffeisenbank.rs/online/RaiffeisenDLL/EBCSCC2A.dll

FF - ProfilePath - c:\users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\nitighuo.default\

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.



**************************************************************************



catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-05 13:03:54

Windows 6.0.6001 Service Pack 1 NTFS



scanning hidden processes ...



scanning hidden autostart entries ...



HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Sccs = c:\users\Milena\sccs.exe?a\sccs.exe??????????????



scanning hidden files ...





**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------



- - - - - - - > 'Explorer.exe'(5464)

c:\program files\IDM\Desktop SMS\oehook.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\System32\audiodg.exe

c:\program files\Alwil Software\Avast4\aswUpdSv.exe

c:\program files\Alwil Software\Avast4\ashServ.exe

c:\program files\TOSHIBA\ConfigFree\NDSTray.exe

c:\program files\Synaptics\SynTP\SynToshiba.exe

c:\windows\System32\igfxsrvc.exe

c:\program files\Alwil Software\Avast4\ashDisp.exe

c:\program files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe

c:\windows\System32\agrsmsvc.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe

c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

c:\program files\Logik\FirmA\mysql\bin\mysqld-nt.exe

c:\program files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe

c:\windows\System32\TODDSrv.exe

c:\program files\TOSHIBA\Power Saver\TosCoSrv.exe

c:\program files\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

c:\windows\System32\WUDFHost.exe

c:\program files\Alwil Software\Avast4\ashMaiSv.exe

c:\program files\Alwil Software\Avast4\ashWebSv.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\TOSHIBA\ConfigFree\CFSwMgr.exe

c:\program files\Windows Mail\WinMail.exe

c:\combofix\hidec.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\windows\System32\conime.exe

c:\windows\servicing\TrustedInstaller.exe

c:\combofix\Catchme.tmp

.

**************************************************************************

.

Completion time: 2009-03-05 13:11:42 - machine was rebooted

ComboFix-quarantined-files.txt 2009-03-05 12:09:56



Pre-Run: 26.909.859.840 bytes free

Post-Run: 29,094,957,056 bytes free



353 --- E O F --- 2009-02-12 07:58:21

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Da li je na ovom kompjuteru pre koriscen Norton?

offline
  • PHP developer
  • Pridružio: 22 Mar 2006
  • Poruke: 3760
  • Gde živiš: 127.0.0.1

Jeste, nekako je "maknut" (sta god to znacilo) pre 4 dana.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Skini program i pokreni ga, pa mi kazi da li se nesto desilo.

Izgleda da Norton nije do kraja "maknut".

ftp://ftp.symantec.com/public/english_us_canada/re.....l_Tool.exe

offline
  • PHP developer
  • Pridružio: 22 Mar 2006
  • Poruke: 3760
  • Gde živiš: 127.0.0.1

Pokrenuo sam, pretrazio je sistem, nakon zavrsetka trazio restart sistema, kad je sistem opet podignut, otisao na stranicu gde se objasnjava kako ponovo instalirati Norton produkt nakon pokretanja Removal Tool-a.

Jel to to?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Valjda. Saznacemo uskoro.

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D\Shell]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aadd7b4-8bc5-11dd-a5e6-001e680b2a47}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6427e1b0-473b-11dd-88b5-001e680b2a47}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d14c34-8c04-11dd-9761-001e680b2a47}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83d14c35-8c04-11dd-9761-001e680b2a47}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{88eebe7b-07c6-11de-9f97-001e680b2a47}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8af8c44d-0842-11de-a0f8-001e680b2a47}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc3361b5-8cba-11dd-af61-001e680b2a47}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bc3361b6-8cba-11dd-af61-001e680b2a47}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • PHP developer
  • Pridružio: 22 Mar 2006
  • Poruke: 3760
  • Gde živiš: 127.0.0.1

ComboFix 09-03-04.01 - Milena 2009-03-05 14:59:51.2 - NTFSx86

Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.1.1033.18.2038.1003 [GMT 1:00]

Running from: c:\users\Milena\Desktop\ComboFix.exe

Command switches used :: c:\users\Milena\Desktop\CFScript.txt

AV: avast! antivirus 4.8.1201 [VPS 090303-2] *On-access scanning enabled* (Updated)

* Created a new restore point

.



((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 )))))))))))))))))))))))))))))))

.



2009-03-05 14:29 . 2009-03-05 14:29 <DIR> d-------- c:\users\All Users\NortonInstaller

2009-03-05 14:29 . 2009-03-05 14:29 <DIR> d-------- c:\programdata\NortonInstaller

2009-03-05 09:37 . 2009-03-05 09:37 0 --a------ c:\windows\nsreg.dat

2009-03-04 09:47 . 2009-03-04 09:47 <DIR> d-------- c:\program files\Alwil Software

2009-03-04 09:47 . 2009-02-05 22:06 51,792 --a------ c:\windows\System32\drivers\aswMonFlt.sys

2009-03-04 09:36 . 2009-03-04 09:36 <DIR> d-------- c:\users\All Users\Adobe Systems

2009-03-04 09:36 . 2009-03-04 09:36 <DIR> d-------- c:\programdata\Adobe Systems

2009-03-04 09:32 . 2009-03-04 09:32 <DIR> d-------- c:\program files\Common Files\Adobe Systems Shared

2009-03-04 09:06 . 2009-03-04 09:06 58,393 --a------ c:\windows\FontData.fdb

2009-03-04 09:05 . 2009-03-04 09:05 <DIR> d-------- c:\users\Milena\AppData\Roaming\Corel

2009-03-04 09:03 . 2009-03-04 09:03 <DIR> d-------- c:\program files\Common Files\Corel

2009-03-04 09:02 . 2009-03-04 09:02 <DIR> d-------- c:\program files\Corel

2009-02-27 10:44 . 2009-02-27 10:44 144 --a------ c:\windows\Readiris.ini

2009-02-27 10:43 . 2009-02-27 10:44 <DIR> d-------- c:\program files\Readiris Pro 11 HP

2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Videos

2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Searches

2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Saved Games

2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Pictures

2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Links

2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Downloads

2009-02-27 10:42 . 2009-02-27 10:42 <DIR> dr------- c:\windows\System32\config\systemprofile\Documents

2009-02-11 08:57 . 2009-01-15 04:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb

2009-02-11 08:57 . 2009-01-15 07:11 827,392 --a------ c:\windows\System32\wininet.dll



.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-03-05 14:03 --------- d-----w c:\users\Milena\AppData\Roaming\Skype

2009-03-05 13:30 --------- d-----w c:\programdata\Symantec

2009-03-05 12:04 --------- d-----w c:\users\Milena\AppData\Roaming\skypePM

2009-03-04 08:32 --------- d-----w c:\program files\Common Files\Adobe

2009-03-04 08:05 --------- d--h--w c:\program files\InstallShield Installation Information

2009-03-04 08:03 --------- d-----w c:\program files\Common Files\InstallShield

2009-02-28 09:56 --------- d-----w c:\program files\Common Files\Symantec Shared

2009-02-28 09:15 --------- d-----w c:\program files\Symantec

2009-02-12 07:54 --------- d-----w c:\programdata\Microsoft Help

2009-02-12 07:52 --------- d-----w c:\program files\Windows Mail

2009-02-04 12:49 --------- d-----w c:\program files\MSECache

2009-02-02 23:25 --------- d-----w c:\program files\Duravit Specification Manual 6.1

2009-01-30 00:11 --------- d-----w c:\programdata\WindowsSearch

2009-01-28 11:38 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf

2009-01-19 22:08 174 --sha-w c:\program files\desktop.ini

2009-01-19 22:01 --------- d-----w c:\program files\Windows Sidebar

2009-01-19 22:01 --------- d-----w c:\program files\Windows Photo Gallery

2009-01-19 22:01 --------- d-----w c:\program files\Windows Journal

2009-01-19 22:01 --------- d-----w c:\program files\Windows Collaboration

2009-01-19 22:01 --------- d-----w c:\program files\Windows Calendar

2009-01-19 22:00 --------- d-----w c:\program files\Windows Defender

2009-01-19 21:31 82,432 ----a-w c:\windows\System32\axaltocm.dll

2009-01-19 21:31 101,888 ----a-w c:\windows\System32\ifxcardm.dll

2009-01-17 18:42 --------- d-----w c:\programdata\Skype

2009-01-17 18:42 --------- d-----w c:\program files\Skype

2009-01-17 18:42 --------- d-----w c:\program files\Common Files\Skype

2009-01-12 15:36 --------- d-----w c:\programdata\FLEXnet

2009-01-12 14:11 --------- d-----w c:\users\Milena\AppData\Roaming\GHISLER

2009-01-12 14:04 --------- d-----w c:\program files\Bonjour

2009-01-12 13:58 --------- d-----w c:\program files\Common Files\Macrovision Shared

2008-10-09 18:59 47,616 ----a-w c:\users\Milena\javamon.exe

2008-10-05 13:25 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

2008-10-05 13:25 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

2008-10-05 13:25 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

.



((((((((((((((((((((((((((((( SnapShot@2009-03-05_13.07.34.46 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-03-05 12:01:48 458,744 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-03-05 13:31:38 458,744 ----a-w c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-03-05 12:02:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-03-05 13:32:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-03-05 12:02:45 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2009-03-05 13:32:37 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2009-03-05 12:04:16 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat

+ 2009-03-05 13:36:30 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat

+ 2009-03-05 13:36:30 262,144 ---ha-w c:\windows\ServiceProfiles\LocalService\ntuser.dat.LOG1

- 2009-03-05 12:04:05 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2009-03-05 13:36:25 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat

+ 2009-03-05 13:36:25 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1

- 2009-03-05 12:03:34 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-03-05 13:33:11 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-03-05 12:03:34 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-03-05 13:33:11 65,536 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-03-05 12:03:34 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-03-05 13:33:11 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-03-05 11:49:51 102,094 ----a-w c:\windows\System32\perfc009.dat

+ 2009-03-05 13:57:19 102,094 ----a-w c:\windows\System32\perfc009.dat

- 2009-03-05 11:49:51 590,082 ----a-w c:\windows\System32\perfh009.dat

+ 2009-03-05 13:57:19 590,082 ----a-w c:\windows\System32\perfh009.dat

- 2009-03-05 07:50:46 9,834 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-139177017-2677889480-1541947406-1000_UserData.bin

+ 2009-03-05 13:34:38 9,882 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-139177017-2677889480-1541947406-1000_UserData.bin

- 2009-03-05 07:50:46 75,842 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-03-05 13:34:38 75,914 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

- 2009-03-05 07:50:42 54,502 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-03-05 13:34:36 55,316 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4



[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-28 1883672]

"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-10-09 57344]



[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]



[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]



[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7c5c0f58-e061-457d-9033-77307f5ed00c}]

2009-02-28 10:10 1883672 --a------ c:\program files\TorrentMan\tbTor1.dll



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{7c5c0f58-e061-457d-9033-77307f5ed00c}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-28 1883672]



[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]



[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{7C5C0F58-E061-457D-9033-77307F5ED00C}"= "c:\program files\TorrentMan\tbTor1.dll" [2009-02-28 1883672]



[HKEY_CLASSES_ROOT\clsid\{7c5c0f58-e061-457d-9033-77307f5ed00c}]



[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-09-23 171448]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]



[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 411192]

"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2006-12-07 55416]

"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2007-05-16 509496]

"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-04-26 538744]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-27 815104]

"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 577536]

"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-01-19 1507328]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-27 138008]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-27 154392]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-27 133912]

"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 413696]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]

"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 144784]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2007-11-15 2850816]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

"RtHDVCpl"="RtHDVCpl.exe" [2007-05-18 c:\windows\RtHDVCpl.exe]

"NDSTray.exe"="NDSTray.exe" [BU]



c:\users\Milena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]



[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm



[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"UacDisableNotify"=dword:00000001

"InternetSettingsDisableNotify"=dword:00000001

"AutoUpdateDisableNotify"=dword:00000001



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001



[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001



[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]

"{CFAF36C7-B188-4D7B-91D4-701BFB65CAE8}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook

"{DC259842-CB3B-4199-838F-62B49F3FC4FC}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{1B41EB63-F0C5-4CC1-AA52-49C6A7D6DC79}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove

"{B4663B4D-EC63-4C01-BAFF-3920F41EE470}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{E43F1FA3-E4FE-44F7-8153-DB85A7ACA0B0}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

"{47DAEF24-3A0B-4DC8-B8E1-053B3ADA0997}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

"{18A29A95-479C-4592-9F3F-A27EFEAFB375}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)

"{EB080714-D6D4-4FD6-A303-00ED32755540}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)

"{34CF0068-DBAF-4397-BD9A-A53321FD84BC}"= c:\program files\Skype\Phone\Skype.exe:Skype

"{5CF470B9-6E72-4356-895E-A251ED05BE23}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)



R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [2009-03-04 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [2009-03-04 20560]

R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [2009-03-04 51792]

R3 GemCCID;GemCCID;c:\windows\System32\drivers\GemCCID.sys [2008-04-04 87424]

R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [2007-04-09 8192]

R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [2008-10-08 9446]

S3 HPFXFAX;HPFXFAX;c:\windows\System32\drivers\hpfxfax.sys [2008-10-03 20504]



[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]

\shell\AutoRun\command - D:\AutoRun.exe



[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3aadd7c8-8bc5-11dd-a5e6-001e680b2a47}]

\shell\AutoRun\command - D:\AutoRun.exe

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.promobile.rs/

uInternet Settings,ProxyOverride = *.local

IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{76577871-04EC-495E-A12B-91F7C3600AFA} - http://rover.ebay.com/rover/1/710-44557-9400-3/4

IE: {{8A918C1D-E123-4E36-B562-5C1519E434CE} - http://www.amazon.co.uk/exec/obidos/redirect-home?.....;site=home

Trusted Zone: google.com\mail

Trusted Zone: raiffeisenbank.co.rs\www

Trusted Zone: raiffeisenbank.rs\www

Trusted Zone: raiffeisenbank.rs\rol

TCP: {FADF4481-182E-4777-9353-66EE67613EE3} = 217.65.192.1 217.65.192.52

DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} - hxxps://www.raiffeisenbank.rs/online/RaiffeisenDLL/FSINT.dll

DPF: {5ED7F9D0-90D3-4001-A768-7E95C1768821} - hxxps://rol.raiffeisenbank.rs/RaiffeisenDLL/FSINT8.dll

DPF: {8BA2FE8E-8506-11D4-BFE2-CB5FED326646} - hxxps://www.raiffeisenbank.rs/online/RaiffeisenDLL/SAWZip.dll

DPF: {A42DDE4E-DF36-4592-83B6-CCA28E770ABD} - hxxps://www.raiffeisenbank.rs/online/RaiffeisenDLL/EbankingWWW.dll

DPF: {F6FFAC18-CAD4-4054-9D49-D610286CE323} - hxxps://www.raiffeisenbank.rs/online/RaiffeisenDLL/EBCSCC2A.dll

FF - ProfilePath - c:\users\Milena\AppData\Roaming\Mozilla\Firefox\Profiles\nitighuo.default\

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

.



**************************************************************************



catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-03-05 15:03:08

Windows 6.0.6001 Service Pack 1 NTFS



scanning hidden processes ...



scanning hidden autostart entries ...



scanning hidden files ...





**************************************************************************

.

Completion time: 2009-03-05 15:06:51

ComboFix-quarantined-files.txt 2009-03-05 14:05:33

ComboFix2.txt 2009-03-05 12:11:43



Pre-Run: 28.912.271.360 bytes free

Post-Run: 28,592,549,888 bytes free



229 --- E O F --- 2009-02-12 07:58:21

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Ko je trenutno na forumu
 

Ukupno su 818 korisnika na forumu :: 8 registrovanih, 1 sakriven i 809 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: brundo65, Griffon vulture, HrcAk47, hyla, leonard, rovac, Srki94, šumar bk2