Provera nakon skeniranja Trojan Hunterom

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pre neki dan sam instalirao program Trojan Hunter 5.0 i kada sam skenirao komp pronasao mi je nesto. Rekoh da proverim. Evo loga. Hvala!


Logfile of HijackThis v1.99.1
Scan saved at 13:07:08, on 8.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Vasa\Desktop\New Folder\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: ,wbsys.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Mozes li se setiti sta je pronasao?

Uradi sledece:

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne mogu se setiti sta je pronasao.
Danas sam ponovo skenirao i nije nista nasao.
Evo loga.

ComboFix 08-04-07.5 - Vasa 2008-04-08 16:06:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1597 [GMT 2:00]
Running from: C:\Documents and Settings\Vasa\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-08 to 2008-04-08 )))))))))))))))))))))))))))))))
.

2008-04-05 23:14 . 2008-04-05 23:14 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\TrojanHunter
2008-04-05 22:57 . 2008-04-05 22:58 <DIR> d-------- C:\WINDOWS\Ikone
2008-04-05 22:52 . 2008-04-05 22:52 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-04-04 23:43 . 2008-04-04 23:43 <DIR> d-------- C:\Program Files\QuickTime
2008-04-04 23:43 . 2008-04-04 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-04 23:32 . 2008-04-08 13:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 23:32 . 2008-04-06 17:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 23:07 . 2008-04-04 23:16 <DIR> d-------- C:\Program Files\Driver Updater Pro
2008-04-04 22:47 . 2008-04-04 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-04-04 12:39 . 2008-04-04 12:39 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-04 12:31 . 2008-04-04 12:35 <DIR> d-------- C:\Program Files\True Crime® New York City
2008-04-03 22:26 . 2008-04-03 22:26 268 --ah----- C:\sqmdata10.sqm
2008-04-03 22:26 . 2008-04-03 22:26 244 --ah----- C:\sqmnoopt10.sqm
2008-04-03 11:39 . 2008-04-03 11:39 <DIR> d-------- C:\Downloads
2008-04-03 11:11 . 2008-04-03 11:11 <DIR> d-------- C:\Program Files\Opera
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-23 20:37 . 2008-03-23 20:51 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-03-23 20:37 . 2008-03-23 21:18 76,285 --a------ C:\WINDOWS\War3Unin.dat
2008-03-23 20:37 . 2008-03-23 20:51 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-03-23 20:33 . 2008-03-27 18:29 <DIR> d-------- C:\Program Files\Warcraft III
2008-03-21 14:03 . 2008-03-21 14:03 <DIR> d-------- C:\Program Files\X3mE Yamb
2008-03-21 14:03 . 2008-03-21 14:03 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\X3mE Yamb
2008-03-21 14:03 . 2008-03-23 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\X3mE Yamb
2008-03-20 13:10 . 2008-03-20 13:10 268 --ah----- C:\sqmdata09.sqm
2008-03-20 13:10 . 2008-03-20 13:10 244 --ah----- C:\sqmnoopt09.sqm
2008-03-19 23:38 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-19 23:38 . 2001-08-17 14:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-18 00:56 . 2008-04-05 23:15 <DIR> d-------- C:\Program Files\Save
2008-03-17 23:59 . 2008-03-17 23:59 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\Apple Computer
2008-03-17 23:56 . 2008-03-17 23:56 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-17 23:56 . 2008-03-17 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-14 22:27 . 2003-02-28 19:26 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2008-03-14 22:26 . 2003-02-28 19:26 172,304 --a------ C:\WINDOWS\system32\jview.exe
2008-03-14 22:26 . 2003-02-28 19:26 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2008-03-14 13:25 . 2008-03-14 13:25 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-03-14 13:22 . 2008-03-14 13:22 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-14 13:22 . 2008-03-14 13:25 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-03-14 13:22 . 2008-03-14 13:22 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-03-14 13:21 . 2008-03-14 13:21 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-03-14 13:21 . 2008-03-14 13:21 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-03-14 13:21 . 2006-06-29 14:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-12 23:22 . 2008-03-12 23:26 <DIR> d-------- C:\Program Files\Web Publish
2008-03-09 20:10 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-09 20:10 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-09 20:10 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-08 23:54 . 2007-10-17 14:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2008-03-08 23:53 . 2008-03-14 13:25 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-08 23:44 . 2008-03-08 23:44 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-03-08 23:44 . 2008-03-08 23:44 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-03-08 23:42 . 2008-03-08 23:46 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\Windows Live Writer
2008-03-08 23:19 . 2008-03-17 22:03 <DIR> d-------- C:\Program Files\Windows Live
2008-03-08 23:19 . 2008-03-08 23:34 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 23:19 . 2008-03-08 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-08 14:30 . 2008-03-08 14:30 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-03-08 14:30 . 2008-03-08 14:30 <DIR> d-------- C:\Program Files\GameSpy
2008-03-08 14:29 . 2008-03-08 14:29 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-08 14:29 . 2008-03-08 14:29 22,328 --a------ C:\Documents and Settings\Vasa\Application Data\PnkBstrK.sys
2008-03-08 14:28 . 2008-03-08 14:28 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-08 14:28 . 2007-07-19 19:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-03-08 14:28 . 2007-05-16 17:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-03-08 14:28 . 2007-07-19 19:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-03-08 14:28 . 2007-05-16 17:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-03-08 14:28 . 2008-03-08 14:28 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-03-08 14:28 . 2007-07-19 19:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-03-08 14:28 . 2007-05-16 17:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-03-08 14:28 . 2008-03-08 14:28 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-03-08 14:28 . 2008-03-08 14:28 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-03-08 14:23 . 2008-03-08 14:23 <DIR> d-------- C:\Program Files\Electronic Arts
2008-03-08 14:19 . 2008-04-05 23:13 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-03-08 14:17 . 2008-03-08 14:17 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-08 00:00 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-08 00:00 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 20:46 --------- d-----w C:\Program Files\RegScrubXP
2008-04-04 20:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 20:27 155,995 ----a-w C:\WINDOWS\java\Packages\O6RBL7TZ.ZIP
2008-03-14 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-14 11:22 --------- d-----w C:\Program Files\MSBuild
2008-03-02 18:53 --------- d-----w C:\Program Files\Common Files\DirectX
2008-03-01 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups
2008-02-29 21:54 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Gearbox Software
2008-02-29 21:48 --------- d-----w C:\Program Files\Ubisoft
2008-02-26 21:46 --------- d-----w C:\Program Files\ImTOO
2008-02-26 21:36 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-02-26 21:31 --------- d-----w C:\Program Files\SEMC
2008-02-26 21:27 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Teleca
2008-02-26 21:25 89,872 ----a-w C:\WINDOWS\system32\drivers\k750mdm.sys
2008-02-26 21:25 81,728 ----a-w C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-02-26 21:25 79,488 ----a-w C:\WINDOWS\system32\drivers\k750obex.sys
2008-02-26 21:25 6,576 ----a-w C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-02-26 21:25 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-02-26 21:25 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2008-02-26 21:25 55,216 ----a-w C:\WINDOWS\system32\drivers\k750bus.sys
2008-02-26 21:25 5,744 ----a-w C:\WINDOWS\system32\drivers\k750whnt.sys
2008-02-26 21:25 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2008-02-26 21:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-26 16:28 --------- d-----w C:\Program Files\Java
2008-02-26 16:24 --------- d-----w C:\Program Files\Common Files\Java
2008-02-25 20:50 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Dev-Cpp
2008-02-19 12:23 --------- d-----w C:\Documents and Settings\Vasa\Application Data\JCreator
2008-02-19 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\JCreator
2008-02-17 22:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-17 22:06 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Winamp
2008-02-17 21:02 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-17 20:59 --------- d-----w C:\Program Files\Common Files\LogiShared
2008-02-17 20:59 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Logitech
2008-02-17 20:59 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Leadertech
2008-02-17 20:57 --------- d-----w C:\Program Files\Logitech
2008-02-17 20:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-17 20:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-17 16:43 --------- d-----w C:\Documents and Settings\Vasa\Application Data\SumatraPDF
2008-02-15 22:59 --------- d-----w C:\Program Files\ImageShack
2008-02-15 22:34 --------- d-----w C:\Program Files\AlienGUIse
2008-02-14 21:45 --------- d-----w C:\Program Files\Common Files\Stardock
2008-02-14 21:34 --------- d-----w C:\Program Files\Winamp
2008-02-14 16:12 --------- d-----w C:\Program Files\Sega
2008-02-13 20:20 --------- d-----w C:\Program Files\Gramatika engleskog jezika
2008-02-13 19:27 --------- d-----w C:\Program Files\Taxi3 eXtreme Rush
2008-02-13 18:53 --------- d-----w C:\Program Files\Sierra On-Line
2008-02-11 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-11 16:04 --------- d-----w C:\Program Files\CCleaner
2008-02-11 15:56 --------- d-----w C:\Program Files\Avira
2008-02-11 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-02-11 14:40 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-11 14:40 --------- d-----w C:\Program Files\Ahead
2008-02-11 14:40 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Ahead
2008-02-11 14:34 --------- d-----w C:\Program Files\Microsoft Works
2008-02-11 14:11 --------- d-----w C:\Program Files\MT882
2008-02-11 14:10 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Comodo
2008-02-11 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-02-11 13:56 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-02-11 13:56 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Media Player Classic
2008-02-11 13:49 --------- d-----w C:\Program Files\Realtek
2008-02-11 13:49 --------- d-----w C:\Documents and Settings\Vasa\Application Data\InstallShield
2008-02-11 13:32 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-01 10:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 12:12 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 01:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 01:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 01:43 81920]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-11 18:50 249896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-02-08 11:22 1047712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= ,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-22 14:06 167368 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
--a------ 2007-12-17 12:12 243240 C:\Program Files\Windows Live\Family Safety\fssui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\SIERRA\\Half-Life\\hl.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 12:13]
R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 09:32]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2006-02-01 10:01]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-02-17 21:34]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-02-17 21:34]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 21:34]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 21:34]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 21:56:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-08 10:58:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-08 16:07:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-08 16:08:00
ComboFix-quarantined-files.txt 2008-04-08 14:07:58
Pre-Run: 9,006,997,504 bytes free
Post-Run: 8,993,628,160 bytes free
.
2008-03-14 20:27:08 --- E O F ---

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok. Hvala!