racunar mnogo lose radi ,izgleda da sam pokupio neki virus .

1

racunar mnogo lose radi ,izgleda da sam pokupio neki virus .

offline
  • Pridružio: 04 Nov 2008
  • Poruke: 126

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:30 PM, on 7/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\USB Disk Security\USBGuard .exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2009\Integrator.exe
C:\WINDOWS\system32\Y45a7ra7.exe
C:\Documents and Settings\SERVIS\Desktop\TR3.exe\TR3.exe..exe
C:\WINDOWS\system32\dwwin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: TDI Toolbar - {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - C:\Program Files\TDI\tbTD0.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Adobe PDF Interpreter - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\Adobe\AcroRd32.dll
O2 - BHO: solution Class - {7957FD21-C584-4476-B26B-4691A7AC4E5D} - C:\WINDOWS\system32\B12c4tc4.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: TDI Toolbar - {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - C:\Program Files\TDI\tbTD0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: TDI Toolbar - {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - C:\Program Files\TDI\tbTD0.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6281 bytes



offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.



offline
  • Pridružio: 04 Nov 2008
  • Poruke: 126

ne radi link za Combo Bleeping Computer

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Desava se...

Hajde onda sa drugim alatima da to pocistimo

Preuzmi program DDS sa ovog, ovog ili ovog linka na Desktop.


Dvoklikom pokreni DDS;

nakon par minuta će se pojaviti poruka o završetku procesa i otvoriće se dva izveštaja;

snimi oba izveštaja na Desktop (izborom File > Save As);

dvoklikom otvori DDS.txt i iskopiraj sadržaj u temu;

file Attach.txt priloži uz poruku korišćenjem opcije Prikači fajl.


Napomena: u slučaju da zaštitni softver omete DDS u radu, privremeno deaktiviraj isti (uputstvo) i ponovo pokreni DDS.

offline
  • Pridružio: 04 Nov 2008
  • Poruke: 126

Napisano: 28 Jul 2009 18:41

skinuo sam ga .

Dopuna: 28 Jul 2009 18:44

DDS (Ver_09-06-26.01) - NTFSx86
Run by SERVIS at 18:43:22.21 on Tue 07/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.623 [GMT 2:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\USB Disk Security\USBGuard .exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\SERVIS\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mWindow Title = Microsoft Internet Explorer
uURLSearchHooks: TDI Toolbar: {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - c:\program files\tdi\tbTD0.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Interpreter: {0cb66ba8-5e1f-4963-93d1-e1d6b78fe9a2} - c:\program files\adobe\AcroRd32.dll
BHO: solution Class: {7957fd21-c584-4476-b26b-4691a7ac4e5d} - c:\windows\system32\B12c4tc4.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: TDI Toolbar: {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - c:\program files\tdi\tbTD0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: TDI Toolbar: {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - c:\program files\tdi\tbTD0.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [Link mogu videti samo ulogovani korisnici]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [Link mogu videti samo ulogovani korisnici]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2002-1-3 340592]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2002-1-3 67904]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-7-28 604488]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2002-1-3 90360]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2002-1-3 42424]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2002-1-3 64432]
S3 sysdrv32;Play Port I/O Driver;\??\c:\windows\system32\drivers\sysdrv32.sys --> c:\windows\system32\drivers\sysdrv32.sys [?]

=============== Created Last 30 ================

2009-07-28 16:33 604,488 a------- c:\windows\system32\TUProgSt.exe
2009-07-28 16:33 29,000 a------- c:\windows\system32\uxtuneup.dll
2009-07-28 16:32 361,288 a------- c:\windows\system32\TuneUpDefragService.exe
2009-07-23 09:30 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-07-23 09:30 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-07-20 11:12 169,472 a------- c:\windows\system32\B12c4tc4.dll
2009-07-20 10:12 196,610 a------- c:\windows\system32\Y45a7ra7.exe
2009-07-17 16:05 <DIR> --d----- c:\program files\Sony
2009-07-17 16:04 <DIR> --d----- c:\program files\Sony Setup
2009-07-14 15:53 <DIR> --d----- c:\program files\valve
2009-07-11 16:09 128,104 a------- c:\windows\system32\drivers\WimFltr.sys
2009-07-11 16:09 <DIR> --d----- c:\program files\vLite
2009-07-09 12:31 20,747 a------- c:\windows\system32\drivers\AegisP.sys
2009-07-09 12:31 17,149 a------- c:\windows\system32\DNINDIS5.SYS
2009-07-03 09:09 104,960 a------- c:\windows\msmacro32 .exe
2009-07-03 09:09 25,100 a------- c:\windows\msmacro32.exe90
2009-07-03 09:09 25,100 a------- c:\windows\msmacro32.exe87
2009-07-03 09:09 25,100 a------- c:\windows\msmacro32.exe
2009-07-02 10:26 71,680 a--shr-- c:\windows\system\smsg .exe
2009-06-29 09:41 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-06-29 09:41 21,504 a------- c:\windows\system32\hidserv.dll
2009-06-29 09:41 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-06-29 09:41 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-06-29 09:24 <DIR> --ds---- C:\ComboFix
2009-06-29 09:18 0 a------- c:\windows\system32\Y45a7ra7.exe.a_a

==================== Find3M ====================

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-26 10:38 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-03-26 10:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2002-01-03 23:15 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012002010320020104\index.dat

============= FINISH: 18:43:56.25 ===============

Dopuna: 29 Jul 2009 20:35

Dali ste nasli nesto ?

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\B12c4tc4.dll
c:\windows\system32\Y45a7ra7.exe
c:\windows\msmacro32 .exe
c:\windows\msmacro32.exe90
c:\windows\msmacro32.exe87
c:\windows\msmacro32.exe
c:\windows\system32\Y45a7ra7.exe.a_a
c:\windows\system32\drivers\sysdrv32.sys

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7957fd21-c584-4476-b26b-4691a7ac4e5d}]

Driver::
sysdrv32


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 04 Nov 2008
  • Poruke: 126

ComboFix 09-07-29.03 - SERVIS 07/30/2009 9:40.10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.616 [GMT 2:00]
Running from: c:\documents and settings\SERVIS\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\SERVIS\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Created a new restore point

FILE ::
"c:\windows\msmacro32 .exe"
"c:\windows\msmacro32.exe"
"c:\windows\msmacro32.exe87"
"c:\windows\msmacro32.exe90"
"c:\windows\system32\B12c4tc4.dll"
"c:\windows\system32\drivers\sysdrv32.sys"
"c:\windows\system32\Y45a7ra7.exe"
"c:\windows\system32\Y45a7ra7.exe.a_a"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msmacro32 .exe
c:\windows\msmacro32.exe
c:\windows\msmacro32.exe87
c:\windows\msmacro32.exe90
c:\windows\system32\B12c4tc4.dll
c:\windows\system32\Y45a7ra7.exe
c:\windows\system32\Y45a7ra7.exe.a_a

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32
-------\Service_sysdrv32


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-28 14:33 . 2009-07-28 14:33 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-28 14:33 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-28 14:32 . 2009-07-28 14:33 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-17 14:06 . 2009-07-17 14:06 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\Sony
2009-07-17 14:06 . 2009-07-17 14:06 -------- d-----w- c:\documents and settings\SERVIS\Application Data\Sony
2009-07-17 14:05 . 2009-07-17 14:05 -------- d-----w- c:\program files\Sony
2009-07-17 14:04 . 2009-07-17 14:04 -------- d-----w- c:\program files\Sony Setup
2009-07-14 13:53 . 2009-07-14 13:53 -------- d-----w- c:\program files\valve
2009-07-11 14:09 . 2006-11-02 00:50 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2009-07-11 14:09 . 2009-07-14 09:12 -------- d-----w- c:\program files\vLite
2009-07-10 13:04 . 2009-07-10 13:04 -------- d-----w- c:\program files\Intel
2009-07-10 13:04 . 2009-07-10 13:04 -------- d-----w- c:\documents and settings\SERVIS\Application Data\InstallShield
2009-07-09 10:31 . 2009-07-09 10:31 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-09 10:31 . 2003-07-24 10:10 17149 ----a-w- c:\windows\system32\DNINDIS5.SYS
2009-07-02 08:26 . 2009-07-02 08:26 71680 --sha-r- c:\windows\system\smsg .exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 14:32 . 2009-03-13 10:12 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-17 08:51 . 2009-04-06 09:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-14 08:00 . 2009-03-18 11:50 -------- d-----w- c:\program files\TDI
2009-07-10 14:45 . 2009-03-18 10:43 -------- d-----w- c:\program files\nLite
2009-07-10 13:04 . 2002-01-03 21:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-30 14:16 . 2009-03-13 21:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 11:37 . 2009-03-28 09:12 -------- d-----w- c:\program files\USB Disk Security
2009-06-24 11:46 . 2009-04-21 14:05 -------- d-----w- c:\program files\Yahoo!
2009-06-24 11:46 . 2009-05-06 12:26 -------- d-----w- c:\program files\InstantFileRecovery
2009-06-24 11:46 . 2009-05-06 12:36 -------- d-----w- c:\program files\Runtime Software
2009-06-24 11:40 . 2009-06-24 11:40 -------- d-----w- c:\program files\CCleaner
2009-06-24 08:57 . 2009-06-24 08:57 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-11 07:33 . 2009-03-14 08:42 -------- d-----w- c:\program files\Java
2009-06-11 07:32 . 2009-06-11 07:32 152576 ----a-w- c:\documents and settings\SERVIS\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-04 07:47 . 2009-06-03 14:33 -------- d-----w- c:\program files\XP Repair Pro 2007
2009-06-03 13:51 . 2009-06-03 13:51 -------- d-----w- c:\program files\Google
2009-05-21 09:33 . 2009-03-14 08:42 410984 ----a-w- c:\windows\system32\deploytk.dll
.

------- Sigcheck -------

[-] 2009-01-16 07:19 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}"= "c:\program files\TDI\tbTD0.dll" [2009-07-14 2215960]

[HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]
2009-07-14 08:01 2215960 ----a-w- c:\program files\TDI\tbTD0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}"= "c:\program files\TDI\tbTD0.dll" [2009-07-14 2215960]

[HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{964ED5ED-9595-43A1-BD83-9F831B5DBE7F}"= "c:\program files\TDI\tbTD0.dll" [2009-07-14 2215960]

[HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-06-25 25100]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"UxTuneUp"=2 (0x2)
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"Themes"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\My Documents\\Valve\\hl.exe"=
"c:\\WINDOWS\\system\\smsg .exe"=

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 9:07 AM 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/3/2002 11:30 PM 67904]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [7/28/2009 4:33 PM 604488]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/3/2002 11:30 PM 64432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-SVCWINSPOOL


.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mWindow Title = Microsoft Internet Explorer
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-07-30 09:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\ctfmon.exe100 15360 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3876)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\ctfmon.exe100Y\USBGUARD.EXE
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2009-07-30 9:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 07:52
ComboFix2.txt 2009-06-24 12:11

Pre-Run: 18,236,051,456 bytes free
Post-Run: 18,242,342,912 bytes free

194

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Otvoriti Notepad i iskopirati sledeci tekst:
File::
c:\windows\system\smsg .exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system\\smsg .exe"=-




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.[/quote]

offline
  • Pridružio: 04 Nov 2008
  • Poruke: 126

ComboFix 09-07-29.04 - SERVIS 07/31/2009 9:36.11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.618 [GMT 2:00]
Running from: c:\documents and settings\SERVIS\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\SERVIS\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FILE ::
"c:\windows\system\smsg .exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\smsg .exe

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-28 14:33 . 2009-07-28 14:33 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-28 14:33 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-28 14:32 . 2009-07-28 14:33 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-17 14:06 . 2009-07-17 14:06 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\Sony
2009-07-17 14:06 . 2009-07-17 14:06 -------- d-----w- c:\documents and settings\SERVIS\Application Data\Sony
2009-07-17 14:05 . 2009-07-17 14:05 -------- d-----w- c:\program files\Sony
2009-07-17 14:04 . 2009-07-17 14:04 -------- d-----w- c:\program files\Sony Setup
2009-07-14 13:53 . 2009-07-14 13:53 -------- d-----w- c:\program files\valve
2009-07-11 14:09 . 2006-11-02 00:50 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2009-07-11 14:09 . 2009-07-14 09:12 -------- d-----w- c:\program files\vLite
2009-07-10 13:04 . 2009-07-10 13:04 -------- d-----w- c:\program files\Intel
2009-07-10 13:04 . 2009-07-10 13:04 -------- d-----w- c:\documents and settings\SERVIS\Application Data\InstallShield
2009-07-09 10:31 . 2009-07-09 10:31 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-09 10:31 . 2003-07-24 10:10 17149 ----a-w- c:\windows\system32\DNINDIS5.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 14:32 . 2009-03-13 10:12 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-17 08:51 . 2009-04-06 09:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-14 08:00 . 2009-03-18 11:50 -------- d-----w- c:\program files\TDI
2009-07-10 14:45 . 2009-03-18 10:43 -------- d-----w- c:\program files\nLite
2009-07-10 13:04 . 2002-01-03 21:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-30 14:16 . 2009-03-13 21:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 11:37 . 2009-03-28 09:12 -------- d-----w- c:\program files\USB Disk Security
2009-06-24 11:46 . 2009-04-21 14:05 -------- d-----w- c:\program files\Yahoo!
2009-06-24 11:46 . 2009-05-06 12:26 -------- d-----w- c:\program files\InstantFileRecovery
2009-06-24 11:46 . 2009-05-06 12:36 -------- d-----w- c:\program files\Runtime Software
2009-06-24 11:40 . 2009-06-24 11:40 -------- d-----w- c:\program files\CCleaner
2009-06-24 08:57 . 2009-06-24 08:57 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-11 07:33 . 2009-03-14 08:42 -------- d-----w- c:\program files\Java
2009-06-11 07:32 . 2009-06-11 07:32 152576 ----a-w- c:\documents and settings\SERVIS\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-04 07:47 . 2009-06-03 14:33 -------- d-----w- c:\program files\XP Repair Pro 2007
2009-06-03 13:51 . 2009-06-03 13:51 -------- d-----w- c:\program files\Google
2009-05-21 09:33 . 2009-03-14 08:42 410984 ----a-w- c:\windows\system32\deploytk.dll
.

------- Sigcheck -------

[-] 2009-01-16 07:19 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-31 07:05 . 2009-07-31 07:05 16384 c:\windows\Temp\Perflib_Perfdata_488.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}"= "c:\program files\TDI\tbTD0.dll" [2009-07-14 2215960]

[HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]
2009-07-14 08:01 2215960 ----a-w- c:\program files\TDI\tbTD0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}"= "c:\program files\TDI\tbTD0.dll" [2009-07-14 2215960]

[HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{964ED5ED-9595-43A1-BD83-9F831B5DBE7F}"= "c:\program files\TDI\tbTD0.dll" [2009-07-14 2215960]

[HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-06-25 25100]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"UxTuneUp"=2 (0x2)
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"Themes"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\My Documents\\Valve\\hl.exe"=

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 9:07 AM 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/3/2002 11:30 PM 67904]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [7/28/2009 4:33 PM 604488]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/3/2002 11:30 PM 64432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mWindow Title = Microsoft Internet Explorer
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-07-31 09:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-31 9:43
ComboFix-quarantined-files.txt 2009-07-31 07:43
ComboFix2.txt 2009-07-30 07:52
ComboFix3.txt 2009-06-24 12:11

Pre-Run: 16,654,860,288 bytes free
Post-Run: 16,618,246,144 bytes free

153

offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Kakvo je sad stanje?

Ko je trenutno na forumu
 

Ukupno su 1095 korisnika na forumu :: 131 registrovanih, 14 sakrivenih i 950 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 04bokibole, 9k38, A.R.Chafee.Jr., Abebe Bikila, acov34, AndrejPetar, Apok, Arsenije, Asteker, Ba4e, bavar357, bbrasnjo3, bojan581, bojcistv, Bosnjo, BOXRR, branko7, Bubimir, BWG, BZ, ccoogg123, cemix, Cicumile, Clouseau, CraniumWhite, crnogorac, cyprus, Czrweni, darcaud, Darko8, darkojbn, DeerHunter, Denaya, DENIRO, Dimitrije Paunovic, Dimitrise93, dinamik, djboj, dragon_hv, drimer, Feller, FileFinder, Georgius, GH69, goran.vvv, goranjovic, GveX, Igor Antonic, Istman, ivan979, jon istvan, Jozo74, kalens021, kaskadija, Kenanjoz, klepesina, kobaja77, Lazur_01, lcc, lima, Limeni91, majstro, MakiMaki02, Marko Marković, markolopin, mean_machine, mexo, Mi lao shu, Miki281, miki69, Milan A. Nikolic, milanpb, milenko crazy north, milimoj, Milometer, MiloradKomadic, misaru, Mitogna, N.e.m.a.nj.a., Natuzzi, neko iz mase, Nemanja.M, nick79, Nikola323, opt1, ostoja, Paklenica, Pale2025, Prečanin30, PrincipL, promajauglavi, radoznao, Reddot, redstar011, ruma, S2M, sabros, Sagotolio, samo opusteno, samojednoimeznam, Sančo, Sevetar, Sir Budimir, Sr.Stat., ss10, stankolich, styg, superwhy, t84dar, TBoy, tecataki, tihi-posmatrac, Token, tuja, UAV operator, varda, vathra, vensla, Vica1958, vidra1, voja64, vuksa72, W123, Weteran, XBMC, yrraf, zokizemun, Zoran1959, Zorge, zziko, Žrnov