MyCity » Ambulanta -> Arhiva Ambulante » Provera nakon skeniranja Trojan Hunterom

Provera nakon skeniranja Trojan Hunterom

Napisano na dan: 8.4.2008

Provera nakon skeniranja Trojan Hunterom
Sledeća strana Pagination

Idi na vrh

Poslao: 08 Apr 2008 13:13
Idi na vrh
offline
  • Milan
  • Pridružio: 17 Dec 2007
  • Poruke: 14825
  • Gde živiš: Niš

Pre neki dan sam instalirao program Trojan Hunter 5.0 i kada sam skenirao komp pronasao mi je nesto. Rekoh da proverim. Evo loga. Hvala!


Logfile of HijackThis v1.99.1
Scan saved at 13:07:08, on 8.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\AlienGUIse\wbload.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Vasa\Desktop\New Folder\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Windows Live Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici]
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: ,wbsys.dll
O20 - Winlogon Notify: WB - C:\Program Files\AlienGUIse\fastload.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe



Poslao: 08 Apr 2008 14:15
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Mozes li se setiti sta je pronasao?

Uradi sledece:

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.



Poslao: 08 Apr 2008 16:11
Idi na vrh
offline
  • Milan
  • Pridružio: 17 Dec 2007
  • Poruke: 14825
  • Gde živiš: Niš

Ne mogu se setiti sta je pronasao.
Danas sam ponovo skenirao i nije nista nasao.
Evo loga.

ComboFix 08-04-07.5 - Vasa 2008-04-08 16:06:37.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1597 [GMT 2:00]
Running from: C:\Documents and Settings\Vasa\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-08 to 2008-04-08 )))))))))))))))))))))))))))))))
.

2008-04-05 23:14 . 2008-04-05 23:14 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\TrojanHunter
2008-04-05 22:57 . 2008-04-05 22:58 <DIR> d-------- C:\WINDOWS\Ikone
2008-04-05 22:52 . 2008-04-05 22:52 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2008-04-04 23:43 . 2008-04-04 23:43 <DIR> d-------- C:\Program Files\QuickTime
2008-04-04 23:43 . 2008-04-04 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-04 23:32 . 2008-04-08 13:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 23:32 . 2008-04-06 17:46 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 23:07 . 2008-04-04 23:16 <DIR> d-------- C:\Program Files\Driver Updater Pro
2008-04-04 22:47 . 2008-04-04 22:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-04-04 12:39 . 2008-04-04 12:39 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-04-04 12:31 . 2008-04-04 12:35 <DIR> d-------- C:\Program Files\True Crime® New York City
2008-04-03 22:26 . 2008-04-03 22:26 268 --ah----- C:\sqmdata10.sqm
2008-04-03 22:26 . 2008-04-03 22:26 244 --ah----- C:\sqmnoopt10.sqm
2008-04-03 11:39 . 2008-04-03 11:39 <DIR> d-------- C:\Downloads
2008-04-03 11:11 . 2008-04-03 11:11 <DIR> d-------- C:\Program Files\Opera
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-03-23 20:37 . 2008-03-23 20:51 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-03-23 20:37 . 2008-03-23 21:18 76,285 --a------ C:\WINDOWS\War3Unin.dat
2008-03-23 20:37 . 2008-03-23 20:51 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-03-23 20:33 . 2008-03-27 18:29 <DIR> d-------- C:\Program Files\Warcraft III
2008-03-21 14:03 . 2008-03-21 14:03 <DIR> d-------- C:\Program Files\X3mE Yamb
2008-03-21 14:03 . 2008-03-21 14:03 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\X3mE Yamb
2008-03-21 14:03 . 2008-03-23 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\X3mE Yamb
2008-03-20 13:10 . 2008-03-20 13:10 268 --ah----- C:\sqmdata09.sqm
2008-03-20 13:10 . 2008-03-20 13:10 244 --ah----- C:\sqmnoopt09.sqm
2008-03-19 23:38 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-03-19 23:38 . 2001-08-17 14:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-03-18 00:56 . 2008-04-05 23:15 <DIR> d-------- C:\Program Files\Save
2008-03-17 23:59 . 2008-03-17 23:59 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\Apple Computer
2008-03-17 23:56 . 2008-03-17 23:56 <DIR> d-------- C:\Program Files\Apple Software Update
2008-03-17 23:56 . 2008-03-17 23:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-03-14 22:27 . 2003-02-28 19:26 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2008-03-14 22:26 . 2003-02-28 19:26 172,304 --a------ C:\WINDOWS\system32\jview.exe
2008-03-14 22:26 . 2003-02-28 19:26 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2008-03-14 13:25 . 2008-03-14 13:25 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-03-14 13:22 . 2008-03-14 13:22 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-14 13:22 . 2008-03-14 13:25 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-03-14 13:22 . 2008-03-14 13:22 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-03-14 13:21 . 2008-03-14 13:21 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-03-14 13:21 . 2008-03-14 13:21 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-03-14 13:21 . 2006-06-29 14:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-03-12 23:22 . 2008-03-12 23:26 <DIR> d-------- C:\Program Files\Web Publish
2008-03-09 20:10 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-09 20:10 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-09 20:10 . 2007-07-30 20:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-08 23:54 . 2007-10-17 14:53 43,816 --a------ C:\WINDOWS\system32\drivers\fssfltr.sys
2008-03-08 23:53 . 2008-03-14 13:25 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-08 23:44 . 2008-03-08 23:44 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-03-08 23:44 . 2008-03-08 23:44 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-03-08 23:42 . 2008-03-08 23:46 <DIR> d-------- C:\Documents and Settings\Vasa\Application Data\Windows Live Writer
2008-03-08 23:19 . 2008-03-17 22:03 <DIR> d-------- C:\Program Files\Windows Live
2008-03-08 23:19 . 2008-03-08 23:34 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 23:19 . 2008-03-08 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-08 14:30 . 2008-03-08 14:30 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-03-08 14:30 . 2008-03-08 14:30 <DIR> d-------- C:\Program Files\GameSpy
2008-03-08 14:29 . 2008-03-08 14:29 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-03-08 14:29 . 2008-03-08 14:29 22,328 --a------ C:\Documents and Settings\Vasa\Application Data\PnkBstrK.sys
2008-03-08 14:28 . 2008-03-08 14:28 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-08 14:28 . 2007-07-19 19:14 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2008-03-08 14:28 . 2007-05-16 17:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-03-08 14:28 . 2007-07-19 19:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-03-08 14:28 . 2007-05-16 17:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-03-08 14:28 . 2008-03-08 14:28 669,184 --a------ C:\WINDOWS\system32\pbsvc.exe
2008-03-08 14:28 . 2007-07-19 19:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-03-08 14:28 . 2007-05-16 17:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-03-08 14:28 . 2008-03-08 14:28 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2008-03-08 14:28 . 2008-03-08 14:28 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2008-03-08 14:23 . 2008-03-08 14:23 <DIR> d-------- C:\Program Files\Electronic Arts
2008-03-08 14:19 . 2008-04-05 23:13 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-03-08 14:17 . 2008-03-08 14:17 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-08 00:00 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-08 00:00 . 2001-08-17 15:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-05 20:46 --------- d-----w C:\Program Files\RegScrubXP
2008-04-04 20:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-14 20:27 155,995 ----a-w C:\WINDOWS\java\Packages\O6RBL7TZ.ZIP
2008-03-14 11:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-14 11:22 --------- d-----w C:\Program Files\MSBuild
2008-03-02 18:53 --------- d-----w C:\Program Files\Common Files\DirectX
2008-03-01 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups
2008-02-29 21:54 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Gearbox Software
2008-02-29 21:48 --------- d-----w C:\Program Files\Ubisoft
2008-02-26 21:46 --------- d-----w C:\Program Files\ImTOO
2008-02-26 21:36 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-02-26 21:31 --------- d-----w C:\Program Files\SEMC
2008-02-26 21:27 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Teleca
2008-02-26 21:25 89,872 ----a-w C:\WINDOWS\system32\drivers\k750mdm.sys
2008-02-26 21:25 81,728 ----a-w C:\WINDOWS\system32\drivers\k750mgmt.sys
2008-02-26 21:25 79,488 ----a-w C:\WINDOWS\system32\drivers\k750obex.sys
2008-02-26 21:25 6,576 ----a-w C:\WINDOWS\system32\drivers\k750mdfl.sys
2008-02-26 21:25 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cmnt.sys
2008-02-26 21:25 6,144 ----a-w C:\WINDOWS\system32\drivers\k750cm.sys
2008-02-26 21:25 55,216 ----a-w C:\WINDOWS\system32\drivers\k750bus.sys
2008-02-26 21:25 5,744 ----a-w C:\WINDOWS\system32\drivers\k750whnt.sys
2008-02-26 21:25 5,744 ----a-w C:\WINDOWS\system32\drivers\k750wh.sys
2008-02-26 21:25 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-26 16:28 --------- d-----w C:\Program Files\Java
2008-02-26 16:24 --------- d-----w C:\Program Files\Common Files\Java
2008-02-25 20:50 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Dev-Cpp
2008-02-19 12:23 --------- d-----w C:\Documents and Settings\Vasa\Application Data\JCreator
2008-02-19 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\JCreator
2008-02-17 22:13 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-17 22:06 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Winamp
2008-02-17 21:02 --------- d-----w C:\Program Files\Common Files\Logitech
2008-02-17 20:59 --------- d-----w C:\Program Files\Common Files\LogiShared
2008-02-17 20:59 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Logitech
2008-02-17 20:59 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Leadertech
2008-02-17 20:57 --------- d-----w C:\Program Files\Logitech
2008-02-17 20:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-02-17 20:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-17 16:43 --------- d-----w C:\Documents and Settings\Vasa\Application Data\SumatraPDF
2008-02-15 22:59 --------- d-----w C:\Program Files\ImageShack
2008-02-15 22:34 --------- d-----w C:\Program Files\AlienGUIse
2008-02-14 21:45 --------- d-----w C:\Program Files\Common Files\Stardock
2008-02-14 21:34 --------- d-----w C:\Program Files\Winamp
2008-02-14 16:12 --------- d-----w C:\Program Files\Sega
2008-02-13 20:20 --------- d-----w C:\Program Files\Gramatika engleskog jezika
2008-02-13 19:27 --------- d-----w C:\Program Files\Taxi3 eXtreme Rush
2008-02-13 18:53 --------- d-----w C:\Program Files\Sierra On-Line
2008-02-11 18:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-02-11 16:04 --------- d-----w C:\Program Files\CCleaner
2008-02-11 15:56 --------- d-----w C:\Program Files\Avira
2008-02-11 15:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-02-11 14:40 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-11 14:40 --------- d-----w C:\Program Files\Ahead
2008-02-11 14:40 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Ahead
2008-02-11 14:34 --------- d-----w C:\Program Files\Microsoft Works
2008-02-11 14:11 --------- d-----w C:\Program Files\MT882
2008-02-11 14:10 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Comodo
2008-02-11 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-02-11 13:56 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-02-11 13:56 --------- d-----w C:\Documents and Settings\Vasa\Application Data\Media Player Classic
2008-02-11 13:49 --------- d-----w C:\Program Files\Realtek
2008-02-11 13:49 --------- d-----w C:\Documents and Settings\Vasa\Application Data\InstallShield
2008-02-11 13:32 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-01 10:11 586,240 ----a-w C:\WINDOWS\WLXPGSS.SCR
2008-01-10 12:16 159,839 ----a-w C:\WINDOWS\system32\xvidvfw.dll
2008-01-10 12:15 755,027 ----a-w C:\WINDOWS\system32\xvidcore.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 12:12 56360 --a------ C:\Program Files\Windows Live\Family Safety\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 01:43 8466432]
"nwiz"="nwiz.exe" [2007-06-29 01:43 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 01:43 81920]
"SkyTel"="SkyTel.EXE" [2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 11:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-11 18:50 249896]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-02-08 11:22 1047712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
C:\Program Files\AlienGUIse\fastload.dll 2001-12-21 00:34 24576 C:\Program Files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= ,wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"msacm.lameacm"= lameACM.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Comrade.exe]
--a------ 2007-06-29 16:03 36864 C:\Program Files\GameSpy\Comrade\Comrade.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-08-22 14:06 167368 C:\Program Files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]
--a------ 2007-12-17 12:12 243240 C:\Program Files\Windows Live\Family Safety\fssui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\SIERRA\\Half-Life\\hl.exe"=
"C:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=

R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Program Files\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 12:13]
R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 09:32]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 12:31]
R3 zebrceb;Sony Ericsson Cable Emulation Bus (WDM);C:\WINDOWS\system32\DRIVERS\zebrceb.sys [2006-02-01 10:01]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-02-17 21:34]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-02-17 21:34]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 21:34]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 21:34]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 21:56:51 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-08 10:58:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-04-08 16:07:47
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-08 16:08:00
ComboFix-quarantined-files.txt 2008-04-08 14:07:58
Pre-Run: 9,006,997,504 bytes free
Post-Run: 8,993,628,160 bytes free
.
2008-03-14 20:27:08 --- E O F ---

Poslao: 08 Apr 2008 19:03
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Poslao: 08 Apr 2008 19:12
Idi na vrh
offline
  • Milan
  • Pridružio: 17 Dec 2007
  • Poruke: 14825
  • Gde živiš: Niš

Ok. Hvala!

MyCity » Ambulanta -> Arhiva Ambulante » Provera nakon skeniranja Trojan Hunterom

Ko je trenutno na forumu
 

Ukupno su 1109 korisnika na forumu :: 95 registrovanih, 7 sakrivenih i 1007 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, Abebe Bikila, AleksSE, aleph_one, Asteker, Beardonitch, Bickoooo, bobomicek, bojank, Boris90, boromir, Bozjidar87, Carl Gustaf, Cicumile, Cili, Clouseau, darkangel, darkojbn, darkojovxp, dearg, Denaya, djile1, djuradj, Dorcolac, draganca, Dukelander, dzada, Dzoni2412, ele, g_g, gomago, Haris, jalos, Joja, Još malo pa deda, kendzo-andzo-boni-fju, kinez88, Kototamopeva, kunktator, kybonacci, laki_bb, lcc, Magarac, Makeitdrip, mercedesamg, Mercury, Metanoja, mgolub, mikki jons, milanovic, milenko crazy north, MILJEVINAC, Milo97, milos.cbr, Milos1389, mishkooo, momcilob55, MountAndBlade, N95, nazgul75, nenooo, peradetlić, pisac12, PlayerOne, Prometeus, radoznao, raptorsi, Raso75, raykan, rikirubio, rovac, sale755, Sančo, saputnik plavetnila, sekretar, Shinobi, sixpac, SOVO515, srbijaiznadsvega, Steeeefan, tamno.nebo, Tas011, tecataki, VaRvArI 85, Veselimalisa, VJ, voja64, vukan0799, vuksa72, Vzor50, wexy, wizzardone, yuklll, zlaya011, šumar bk2