Trojan-gen and others in Adobe reader 9

Hello!

Few days ago I bot a new computer because old one die.With new computer I get Windows XP Home SP2, but it didn’t have some programs on so I must to download them from Internet. First was Avast! home,because I had that on my old computer and it was good antivirus. :)Yesterday I was downloading Adobe reader 9 from official site of Adobe adobe.com and with that i get Adobe ARI installer .exe with Win32: Trojan-gen.The alarm went on because scan (for internet) is always on. I move that virus in to the chest and I install Adobe with “no problem”, if I can say so >:( ::).

Original file:H:\Documents and Settings\User\Local Settings\Aplication Data\Adobe\Reader9…
Size file: 6848789
Data last change: 12.6.2008 10:10:02 (you must excuse me because english is not my first language and Avast is on my home language so same translation is not original like Avast on english)
Transfer time: 4.09.2008 12:58:11
Category: Infected files
Virus description: Win32: Trojan-gen {Other}
File ID: 4

After that I was put on (VRDB) Generator and after that I put computer to complete scan (when you ask Avast to restart and scan whole computer in beginning when you put computer on and whole screen is in blue color and only withe letters are on who are changing very fast,I hope you understand ;D ) and after that scan it show me that he don’t have any files damaged and that he scan 11684 files.

After that I was downloading Adobe PhotoShop CS3 and it came up another alarm that he find virus and I put that in chest with no problem.

Original file name: PhotoShop CS3 Extended Keygent + Acti…
Original file: J:\Adobe Photoshop CS3
Size file: 174080
Data last change: 24.07.2008 14:11:36
Transfer time: 5.09.2008 12:01:24
Category: Infected files
Virus description: Win32:Horst-AAE {Trj}
File ID: 8

I also need Adobe Flash Player that I can watch movie on Youtube so I download that.First I had download Adobe ActivX Player 9 but it didin’t work with that. I had that on my old computer.After that I tray to uninstall that with .exe file witch I found on Adobe official site adobe.com and I also get a virus and alert came on and I put him in chest wtih no problem.

Original file name: unp174322147.tmp
Original file: H:\WINDOWS\TEMP_avast4_
Size file: 72351
Data last change: 4.09.2008 13:03:12
Transfer time: 4.09.2008 15:03:12
Category: Infected files
Virus description: Win32:Dropper-BDV {Trj}
Could be transfer back: No
File ID: 5

Original file name: unp84679442.tmp
Original file: H:\WINDOWS\TEMP_avast4_
Size file: 106527
Data last change: 4.09.2008 19:18:03
Transfer time: 4.09.2008 21:18:04
Category: Infected files
Virus description: Win32:Dropper-BDV {Trj}
Could be transfer back: No
File ID: 6

Today I also restart computer I put him on full scan and he show again no infected files and no damadeg files and his complete scan show 11684 files.After that I had download Avast! Virus Cleaner Tool-version 1.0.211 Unicode and his results of scan was this ;

5.9.2008, 13:10:03
Memory scanning started…
No virus body found in memory.
Memory scanning finished (3,2s).

Files scanning started…
H:\Documents and Settings\Korisnik2\Application Data\Mozilla\Firefox\Profiles\pxulq3f3.default\places.sqlite-journal… file could not be scanned!
H:\Documents and Settings\Korisnik2\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal… file could not be scanned!
H:\Documents and Settings\Korisnik2\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal… file could not be scanned!
H:\WINDOWS\system32\drivers\sptd.sys… file could not be scanned!
No virus body found.
Files scanning finished (34868 files, 0 infected, 229,3s).
Drives scanned: H: I:

5.9.2008, 13:17:34
Memory scanning started…
No virus body found in memory.
Memory scanning finished (2,0s).

Files scanning started…
H:\Documents and Settings\Korisnik2\Application Data\Mozilla\Firefox\Profiles\pxulq3f3.default\places.sqlite-journal… file could not be scanned!
H:\Documents and Settings\Korisnik2\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal… file could not be scanned!
H:\Documents and Settings\Korisnik2\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal… file could not be scanned!
H:\Documents and Settings\Korisnik2\Local Settings\Temp~DF9CF.tmp… file could not be scanned!
H:\WINDOWS\system32\drivers\sptd.sys… file could not be scanned!
No virus body found.
Files scanning finished (34880 files, 0 infected, 163,6s).
Drives scanned: H: I:

My question is how can I completely remove this viruses from chest and from computer for good?
Should I put something else with Avast! antivirus to protect my computer from viruses?
Do I need to scan my computer with some other program to see if everything is OK?

Thank you very much on future hepl !

These false positives were corrected (supposedly) in last virus database… can you update?

I had scan my computer with on line Kaspersky scanner and he sad that ; No malware hass been detected on Critical Areas, My Computer, Folder, File.
I also use HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 17:27:38, on 5.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Google\Gmail Notifier\gnotify.exe
H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\DAEMON Tools\daemon.exe
H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Alwil Software\Avast4\ashChest.exe
H:\Program Files\Alwil Software\Avast4\ashLogV.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mozilla.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.hgspot.hr
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] H:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKCU..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [DAEMON Tools] “H:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU “H:\WINDOWS\TEMP\E_SA8.tmp” /EF “HKCU”
O4 - HKCU..\Run: [MSMSGS] “H:\Program Files\Messenger\msmsgs.exe” /background
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.hgspot.hr
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - H:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - H:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

There is a slight problem. Please can you explain me correctly what should I do, because I not so good with computers.

Do you have avast turned off?
you need to update your definations in any case
No firewall?
Run secunia software software inspector and get your apps up to date

your version of HJT is out of date

My avast is always on when I’m on internet with scan on.
Yesterday avast had his update.Today not yet.
I have firewall turn on on windows and update to.

I have make update to avast 5 min ago and he says that he have all ready latest update.

I run Secunia software inspector and he says that my windows ware out of date and I made update for them and he says that my Flash Player Adobe is also out of date and I made update for that also.

Now when i run Secunia software inspector he says that my Java Applet is having problem loading on my browser ( that is Mozilla Firefox 3.0.1)And Secunia software don’t want to any more to scan my apps. Just stands and do nothing.

look in add remove programs and in your file where java downloads/ apps are and see if you have one or more old versions
if so run javara to remove all old versions- which are still vulnerable- the reinstall the latest java
or javara look for you
over the years java ha been downloaded to/ installed in/ several folders under several naming schemes

we recommend NOT the XP firewall
which browser?

I have the latest Java installed two days ago. That is Java Platform Standard Edition & Version & Update 7 ( build 1.6.0_07_b06) Copyright 2008 SunMicrosystem,Inc from official site Java.com.

And I have only one Java installed this latest version on my list ad/remove program. I have check now.

Witch firewall is good to use?

My browser is Mozilla Firefox 3.0.1 ( if I’m wrong please tell me,because I’m not exactly shore what is browser)

Do you turn avast off when you’re not on-line?

So, update it and the false positive could be gone.

looks as if you are on the right track
answer tech’s questions

Comodo and PC tools are recommended
expect a learning curve as you teach them what they man and may not allow
lot’s of threads in this forum if you want to read up

I’d recommend you install a Hosts file
MVPS
or
HPHOST

The “ON ACCESS” scanner needs to be on with the Avast protection scheme
many files are encrypted or packed where they cannot be scanned with an “on demand” scanner
so bad things only show up when you access them
also with the possibility of infected CD’s and USB sticks the internet is not the only source of infection
-floppies-?

No I don’t turn off avast when I’m not on internet he is running all the time only scan is on only for internet.

I have update avast today;

Informacije o trenutnoj nadogradnji:
Ukupno vrijeme: 42 s

  • Program: Već je najnoviji
    (trenutna verzija 4.8.1229)
  • Vps: Već je najnoviji
    (trenutna verzija 080905-0)

Poslužitelj: download502.avast.com (75.126.53.169)
Preuzete datoteke: 4 (1,03 KB)
Vrijeme preuzimanja: 27 s

nformacije o trenutnoj nadogradnji:
Ukupno vrijeme: 15 s

  • Vps: Već je najnoviji
    (trenutna verzija 080905-0)

Poslužitelj: download939.avast.com (74.54.25.66)
Preuzete datoteke: 2 (0,02 KB)
Vrijeme preuzimanja: 6 s

I’m sorry that this is on my home language (that’s croatian) but you can see he all ready has the latest update (trenutna verzija 4.8.1229) and (trenutna verzija 080905-0).

I’m installing now firewall protection from PC Tools Firewall.

PC Tools Firewall warning me that I need to REEBOOT my computer!

HELP ME!!! I don’t know how to do that. There is one problem on my computer Windows is on croatian language and when someone right on english what to do then I have problem with that. Can someone put some pictures with description how to do that or full size description???

Please help me!!!

Ok.

Does avast still detect Acrobat Reader 9.0 as being infected?

What’s the matter, just restart the computer to finish the installation…

To rebot your computer is Shutdown and Restart
click on Start lower left side of screen
click shutdown
etc

My Sister just bought a place in Croatia
Your English is much better than my Croatian :slight_smile:

Thank you very much to every one who has so much patient for me and my problems.
I learn every day something new with my computer, like this thing that reeboot mean restart computer.

I have more question about this here

Which one of this things I need to download --------

Available Download Mirrors
MD5: 7E177B1EE419AE83C6F76E494D29391A Primary

#1 | #2
#3 | #4
hpHosts-Setup-Win32.exe (522K) The HOSTS File installer for Windows
Updated: Tue 26th August 2008

MD5: B1713F8E167F738FF55E87632826EE5D Primary

#1 | #2
#3 | #4
hosts.txt (1.53MB) The HOSTS File for Windows/Linux (please only use this if you experience problems with the above 2 packages).
Updated: Tue 26th August 2008

MD5: 1B5285D4CA465BC7A6013B7E702B4979 #1 | #2
#3 | #4
mac_hosts.zip (323K) The HOSTS File for the MAC OS
Updated: Tue 26th August 2008

MD5: EE1C464BB6CDF11258F14AF065E18759 Primary

#1 | #2
#3 | #4
Additional Downloads
hosts-partial.asp This file contains a list of site’s that have been added AFTER the last full release of hpHosts. This should ONLY be downloaded by those currently using hpHosts, and requires manual merging. HTML
No HTML
Yahoo_Servers.zip (2K) Optional addition containing the Yahoo servers for those that wish to block them
Updated: Thu 4th October 2007

MD5: CE251DB0AD67C0A49155DF66614F95B1 Download
Documents
readme.txt HOSTS Installation, Support, etc. View
PGP Keys
hpsig.zip hpGuru’s PGP Public Key Block Download
mfmcsig.zip MysteryFCM’s PGP Public Key Block Download
Misc Tools
WinDef_Hosts.zip Restore Windows default HOSTS file

MD5: 38ADFA9FA4E2C330B946CD18982AAE6D Download
EnDisDNS.zip Batch files to enable/disable Windows DNS Client

MD5: FAF55EE37EB431DDB49590EB120549E4 Download
appendhosts.zip Updated! Append to Hosts VBS Script v1.7 for appending your entries to the HOSTS File (Don’t forget to submit the bad sites you find for inclusion in the next update here).
This script is UNSUPPORTED.

MD5: 68aedda6c86b983c87a9554f4f67b008 Download
hostsdiag.zip hpGuru’s HOSTS Diagnostic Utility.

MD5: 5D1251D312329B0EB3E0E55A58B39EF5 Download
hbypass.zip Hosts Bypass is a Proxomitron filter which allows users to visit sites blocked by their hosts file without the need to remove them after each and every hosts update.

MD5: eabf46f7e9097603ea5e3c020516da29 Download
dcsmd5.zip DiamondCS MD5 utility for verifying MD5 hash Download
eDexter A tiny HTTP server which greatly improves Ad blocking via the HOST

About if Avast still detected Acrobat Reader 9 as being infected?

No he is not. First time when alarm went on because of Adobe Reader 9 I put that virus in chest and he is still there. That also stands for other viruses that I mention in my first post.

Can I remove these viruses from the chest and my computer for good?

I have install also
http://ThreatFire
from PC Tools for malware.

Is it good? Or is better something else?

You speak Croatian?! That’s great !!! :smiley: It is heavy language to learn especially the grammar. I have finished my school 10 years a go and I am born here but still our grammar is hard.
I have learn English trough the Cartoon Network Chanel ;D and many movies on English with Croatian subtitle and also in a school. OK my grammar is not perfect but it’s understandable and I always have dictionary near my hand. ;D

Is someone from your family from Croatia?

I’m glad for your sister that she bot a place in Croatia it’s nice country but be ware of our birocraty ( people who works in offices for our government like in police station or doctors and others) we still have a lots problem coroption ( people who take money and they shouldn’t) .

I hope you like Croatia?

It’s good and compatible with avast.

This is from my Log (avast) ;

Error ( mark with red X in Log, small picture)

4.9.2008 23:17:05 Korisnik2 2196 aswChestInterface - Program error description: CChestListView::OnFileEmailToAlwilSoftware() basNetAlert() failed: 42011.
3.9.2008 21:26:47 Korisnik2 800 aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().
3.9.2008 21:26:16 Korisnik2 800 Error in aswChestC: chestOpenList Error 1753.
3.9.2008 21:26:16 Korisnik2 800 aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 2147422219.
3.9.2008 21:14:03 Korisnik2 2408 Internal error has occurred in module aswar scan function failed!, function 00000002.
3.9.2008 21:13:38 Korisnik2 2492 aswChestInterface - Program error description: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().
3.9.2008 21:13:20 Korisnik2 2492 Error in aswChestC: chestOpenList Error 1753.
3.9.2008 21:13:20 Korisnik2 2492 aswChestInterface - Program error description: CChestListView::LoadFiles() chestOpenList() failed: 2147422219.

Warning ( mark with triangle outside red-inside with )

5.9.2008 12:55:49 Korisnik2 3080 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
5.9.2008 12:01:16 Korisnik2 3564 Sign of “Win32:Horst-AAE [trj]” has been found in “J:\Adobe Photoshop CS3\PhotoShop CS3 Extended Keygen + Activation.exe” file.
4.9.2008 21:18:03 SYSTEM 1692 Sign of “Win32:Dropper-BDV [trj]” has been found in “http://fpdownload.macromedia.com/get/flashplayer/current/uninstall_flash_player.exe” file.
4.9.2008 15:03:12 SYSTEM 1756 Sign of “Win32:Dropper-BDV [trj]” has been found in “http://download.macromedia.com/pub/flashplayer/current/uninstall_flash_player.exe” file.
4.9.2008 12:57:58 SYSTEM 1756 Sign of “Win32:Trojan-gen {Other}” has been found in “H:\Documents and Settings\Korisnik2\Local Settings\Application Data\Adobe\Reader 9.0\Setup Files\AIR\Adobe AIR Installer.exe” file.

Attention ( mark with blue “i” )

5.9.2008 12:21:47 SYSTEM 1644 VRDB (Virus Recovery Database) generation was successfully completed.
4.9.2008 15:17:18 SYSTEM 1756 The virus database (VPS 080904-0) was automatically updated.
4.9.2008 13:07:18 SYSTEM 1756 VRDB (Virus Recovery Database) generation was successfully completed.
4.9.2008 9:54:19 SYSTEM 1756 VRDB (Virus Recovery Database) generation was successfully completed.

Any comment? Please.

And I also scan with TreathFire PC Tools, it is on now all the time, System full scan- Scan completed-No threats detected- File scan: 70779 - Registry keys scanned : 102.731

Hi mika-nikola,

Attach a new hjt logfile.txt to your next posting, the version of hijackthis that you use now is outdated and will miss things, download latest from here:
http://www.pcauthority.com.au/Downloads/Downloads.aspx?id=106903

pozdrawiam (pozdravi)

polonus

Here it is 1 minute ago ;

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:36:18, on 5.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\csrss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\RUNDLL32.EXE
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Google\Gmail Notifier\gnotify.exe
H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
H:\Program Files\ThreatFire\TFTray.exe
H:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\DAEMON Tools\daemon.exe
H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE
H:\Program Files\Messenger\msmsgs.exe
H:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
H:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
H:\WINDOWS\system32\nvsvc32.exe
H:\Program Files\PC Tools Firewall Plus\FWService.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\ThreatFire\TFService.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\System32\alg.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Trend Micro\HijackThis\HijackThis.exe
H:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mozilla.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.hgspot.hr
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - H:\Program Files\Google\GoogleToolbarNotifier\4.1.805.1852\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - H:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM..\Run: [nwiz] nwiz.exe /install
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM..\Run: [NeroFilterCheck] H:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] H:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM..\Run: [SunJavaUpdateSched] “H:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] “H:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM..\Run: [ThreatFire] H:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM..\Run: [00PCTFW] “H:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe” -s
O4 - HKCU..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [DAEMON Tools] “H:\Program Files\DAEMON Tools\daemon.exe” -lang 1033
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] “H:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe”
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU “H:\WINDOWS\TEMP\E_SA8.tmp” /EF “HKCU”
O4 - HKCU..\Run: [MSMSGS] “H:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKUS\S-1-5-19..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 - HKUS\S-1-5-18..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 - HKUS.DEFAULT..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=www.hgspot.hr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - H:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - H:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - H:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - H:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: ThreatFire - PC Tools - H:\Program Files\ThreatFire\TFService.exe


End of file - 7013 bytes

Pozdravi polonus!!! :smiley:

Hi mika-nikola,

Not much that I can see in your hjt logfile, that seems all-in-all OK.
I could even establish that you have an Epson Stylus Photo DX4400 Series of inkjet printer.

Seems you have no firewall active.

Tasks scan:
System task

Session Manager Subsystem
csrss.exe

System task

Microsoft Client/Server Runtime Server Subsystem
winlogon.exe

System task

Microsoft Windows Logon Process
services.exe

System task

Windows Service Controller
lsass.exe

System task

Local Security Authority Service
svchost.exe

System task

Microsoft Service Host Process
svchost.exe

System task

Microsoft Service Host Process
svchost.exe

System task

Microsoft Service Host Process
svchost.exe

System tak

Microsoft Service Host Process
svchost.exe

Systeem task

Microsoft Service Host Process
aswUpdSv.exe

Virusscan

Avast Anti-Virus Component
ashServ.exe

Virusscan

Avast
spoolsv.exe

System task

Microsoft Printer Spooler Service
Explorer.EXE

System task

Microsoft Windows Explorer
RUNDLL32.EXE

System task

Microsoft Rundll32
ashDisp.exe

Virusscan

Avast AntiVirus
gnotify.exe

Backgroundtask

gmail notifer (Google mail). Informs you when you have a new email in your gmail account.
jusched.exe

Backgroundtask

Sun Java Update Scheduler
TFTray.exe

Backgroundtask

PC Tools ThreatFire Tray App
FirewallGUI.exe

Unknown task

ctfmon.exe

System task

Alternative User Input Services
daemon.exe

Backgroundtask

Background application that is used to map an image file, such as .iso and so forth, to a virtual CD or DVD drive.
NMBgMonitor.exe

Backgroundtask

Nero Home
NMBgMonitor.exe

Backgroundtask

Nero Scout
E_FATICAE.EXE

Backgroundtask

EPSON Status Monitor 3
msmsgs.exe

Application

MSN Messenger
NMIndexStoreSvr.exe

Backgroundtask

Nero Home
GoogleUpdaterService.exe

Backgroundtask

Service Component
MDM.EXE

Backgroundtask

Machine Debug Manager
nvsvc32.exe

Application

NVIDIA Driver Helper Service
FWService.exe

Unknown task

svchost.exe

System task

Microsoft Service Host Process
TFService.exe

Backgroundtask

PC Tools ThreatFire Service
ashMaiSv.exe

Virusscan

Avast Anti-Virus Component
ashWebSv.exe

Virusscan

avast! Web Scanner
alg.exe

System task

Application Layer Gateway Service
svchost.exe

System task

Microsoft Service Host Process
firefox.exe

Application

Mozilla Firefox
HijackThis.exe

Application

Merijn Hijackthis
wmiprvse.exe

System task

Microsoft Windows Management Instrumentation

Kaspersky Internet Security 2009 1PC 1 year

polonus