360 Total security prijavljuje trojance u system32.dll

360 Total security prijavljuje trojance u system32.dll

  • qds 
  • Ugledni građanin
  • Pridružio: 16 Apr 2015
  • Poruke: 483
  • Gde živiš: Negotin-Lopare

Ovde sam vec opisao problem.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-12-2016
Ran by zexhome (administrator) on ZEX (09-12-2016 03:19:26)
Running from C:\Documents and Settings\zexhome\My Documents\Downloads
Loaded Profiles: zexhome (Available Profiles: zexhome)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\savedump.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [amd_dc_opt] => C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKU\S-1-5-21-1935655697-1647877149-682003330-1003\...\MountPoints2: V - V:\Autorun.exe
HKU\S-1-5-21-1935655697-1647877149-682003330-1003\...\MountPoints2: {6007fd51-57f1-11e6-802a-806d6172696f} - F:\setup.exe
SecurityProviders: C:\WINDOWS\system32\MSAPSSPC.DLL, C:\WINDOWS\system32\SCHANNEL.DLL, C:\WINDOWS\system32\DIGEST.DLL, C:\WINDOWS\system32\MSNSSPC.DLL
Startup: C:\Documents and Settings\zexhome\Start Menu\Programs\Startup\AutorunsDisabled [2016-08-11] ()
GroupPolicy: Restriction ? <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer]
Tcpip\..\Interfaces\{33FAD495-DEAC-4BDC-912A-50108AF711A0}: [DhcpNameServer]

Internet Explorer:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1935655697-1647877149-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-1935655697-1647877149-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-08-01] [not signed]
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2016-03-09] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\\npGoogleUpdate3.dll [2016-08-01] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> e:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

CHR StartupUrls: Default -> "hxxp://www.google.rs/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\zexhome\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\zexhome\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\\pepflashplayer.dll ()
CHR Profile: C:\Documents and Settings\zexhome\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-12-09]
CHR Extension: (Adblock Plus) - C:\Documents and Settings\zexhome\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-10-31]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\zexhome\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-01]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2016-11-10] ()
S4 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R3 BazisVirtualCDBus; C:\WINDOWS\System32\DRIVERS\BazisVirtualCDBus.sys [121688 2015-09-28] (Sysprogs OU)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S1 DumpDrv; C:\WINDOWS\system32\Drivers\DumpDrv.sys [9472 2016-03-09] (Microsoft Corporation)
R3 FET5X86V; C:\WINDOWS\System32\DRIVERS\fetnd5bv.sys [48128 2016-08-01] (VIA Technologies, Inc. )
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2016-08-01] (REALiX(tm))
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2016-08-01] ()
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [66688 2009-07-01] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [164896 2009-06-30] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2016-08-01] (NVIDIA Corporation)
R2 StarOpen; C:\WINDOWS\system32\Drivers\StarOpen.sys [13120 2016-02-21] ()
R1 XQHDrv; C:\WINDOWS\System32\DRIVERS\XQHDrv.sys [203424 2015-09-08] (BigNox Corporation) [File not signed]
S4 IntelIde; no ImagePath
S1 qutmipc; \??\C:\WINDOWS\system32\drivers\qutmipc.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2016-03-09] (Microsoft Corporation)
U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [80384 2016-03-09] (Microsoft Corporation)
U5 TDTDP; C:\WINDOWS\System32\Drivers\TDTCP.SYS [22024 2016-03-09] (Microsoft Corporation)
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-09 03:19 - 2016-12-09 03:19 - 00000000 ____D C:\FRST
2016-12-09 03:15 - 2016-12-09 03:15 - 00090112 _____ C:\WINDOWS\Minidump\Mini120916-02.dmp
2016-12-09 03:10 - 2016-12-09 03:08 - 00090112 _____ C:\WINDOWS\Minidump\Mini120916-01.dmp
2016-12-08 15:46 - 2016-12-08 15:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini120816-02.dmp
2016-12-08 15:44 - 2016-12-09 03:15 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-08 15:44 - 2016-12-08 15:46 - 00043142 _____ C:\WINDOWS\ntbtlog.txt
2016-12-08 15:44 - 2016-12-08 15:44 - 00090112 _____ C:\WINDOWS\Minidump\Mini120816-01.dmp
2016-11-10 15:36 - 2016-11-10 15:36 - 00000000 ___HD C:\msdownld.tmp
2016-11-10 14:26 - 2016-11-10 14:26 - 00138576 _____ C:\WINDOWS\system32\Drivers\PnkBstrK.sys
2016-11-10 14:26 - 2016-11-10 14:26 - 00138576 _____ C:\Documents and Settings\zexhome\Application Data\PnkBstrK.sys
2016-11-10 14:25 - 2016-11-10 14:25 - 00291496 _____ C:\WINDOWS\system32\PnkBstrB.exe
2016-11-10 14:25 - 2016-11-10 14:25 - 00291496 _____ C:\WINDOWS\system32\PnkBstrB.ex0
2016-11-10 14:25 - 2016-11-10 14:25 - 00076152 _____ C:\WINDOWS\system32\PnkBstrA.exe
2016-11-10 14:25 - 2016-11-10 14:25 - 00000000 ____D C:\Documents and Settings\zexhome\Desktop\PunkBusterBF2
2016-11-10 14:25 - 2015-09-02 14:09 - 00912744 _____ C:\WINDOWS\system32\pbsvc.exe
2016-11-10 01:22 - 2016-11-10 01:32 - 00000000 ____D C:\Documents and Settings\zexhome\My Documents\Battlefield 2
2016-11-09 23:39 - 2016-11-09 23:39 - 00001745 _____ C:\Documents and Settings\All Users\Desktop\Play BF2 Online Now!.lnk
2016-11-09 23:39 - 2016-11-09 23:39 - 00001723 _____ C:\Documents and Settings\All Users\Desktop\Battlefield 2.lnk
2016-11-09 23:36 - 2016-11-09 23:36 - 00000000 ____D C:\Program Files\EA GAMES
2016-11-09 23:36 - 2016-11-09 23:36 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EA GAMES
2016-11-09 23:28 - 2016-11-09 23:28 - 00000000 ____D C:\Program Files\WinCDEmu
2016-11-09 23:28 - 2016-11-09 23:28 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\WinCDEmu

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-09 03:19 - 2016-08-01 14:05 - 00000000 ____D C:\Documents and Settings\zexhome\Local Settings\Temp
2016-12-09 03:15 - 2016-08-01 14:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-09 03:15 - 2001-08-23 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-12-09 03:14 - 2016-09-05 19:00 - 00000000 __SHD C:\$360Section
2016-12-09 03:14 - 2016-08-01 15:33 - 00000000 RSHDC C:\WINDOWS\system32\dllcache
2016-12-08 15:40 - 2008-04-14 05:42 - 00140288 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\sfc_os.dll
2016-12-08 15:40 - 2008-04-14 05:42 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\sfc_os.dll
2016-12-08 15:10 - 2016-10-06 15:44 - 00000000 ____D C:\Documents and Settings\zexhome\Application Data\RMS
2016-12-08 03:29 - 2016-08-01 14:05 - 00000000 ___RD C:\Documents and Settings\zexhome\My Documents\My Pictures
2016-12-07 19:46 - 2016-08-01 14:05 - 00000178 ___SH C:\Documents and Settings\zexhome\ntuser.ini
2016-12-07 19:46 - 2016-08-01 14:03 - 00032600 _____ C:\WINDOWS\SchedLgU.Txt
2016-12-07 17:16 - 2016-08-01 16:38 - 00005378 _____ C:\WINDOWS\system32\nvAppTimestamps
2016-12-07 16:16 - 2016-08-01 15:40 - 00603396 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-24 19:10 - 2016-08-03 15:04 - 00000000 ____D C:\Documents and Settings\zexhome\Application Data\Skype
2016-11-24 16:40 - 2016-08-03 15:04 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk
2016-11-10 01:22 - 2016-08-01 14:05 - 00000000 ___RD C:\Documents and Settings\zexhome\My Documents
2016-11-09 23:39 - 2016-08-01 13:59 - 00000000 ____D C:\WINDOWS\system32\DirectX
2016-11-09 23:36 - 2016-08-01 14:21 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2016-11-09 23:29 - 2016-08-01 15:33 - 00000000 ___HD C:\WINDOWS\inf

==================== Files in the root of some directories =======

2016-11-10 14:26 - 2016-11-10 14:26 - 0138576 _____ () C:\Documents and Settings\zexhome\Application Data\PnkBstrK.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd


Znaci, antivirus na Windowsu 7 detektuje probleme u folderu gde je instalacija Windowsa XP?

Okaci nam screenshotove tih detekcija, posto ovde nema sta da se vidi, sistem je prakticno prazan.

  • qds 
  • Ugledni građanin
  • Pridružio: 16 Apr 2015
  • Poruke: 483
  • Gde živiš: Negotin-Lopare

Ajde okej, dok ponovo skeniram jer sam isao restore da bi se podigao windows

Ko je trenutno na forumu

Ukupno su 946 korisnika na forumu :: 31 registrovanih, 6 sakrivenih i 909 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: alkatraz080, Ben Roj, BraneS, ccoogg123, dankisha, darkojbn, Dorcolac, FOX, Georgius, goxin, hyla, ikan, Kubovac, kunktator, ljuba, MILO-VAN, nebojsag, nemkea71, Nikoloff, novator, Panter, Pohovani_00, rikirubio, Romibrat, rovac, SlaKoj, solic, styg, tubular, Vlada1389, yufighter