racunar mnogo lose radi ,izgleda da sam pokupio neki virus .

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:30 PM, on 7/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\USB Disk Security\USBGuard .exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\TuneUp Utilities 2009\Integrator.exe
C:\WINDOWS\system32\Y45a7ra7.exe
C:\Documents and Settings\SERVIS\Desktop\TR3.exe\TR3.exe..exe
C:\WINDOWS\system32\dwwin.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: TDI Toolbar - {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - C:\Program Files\TDI\tbTD0.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Adobe PDF Interpreter - {0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\Adobe\AcroRd32.dll
O2 - BHO: solution Class - {7957FD21-C584-4476-B26B-4691A7AC4E5D} - C:\WINDOWS\system32\B12c4tc4.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: TDI Toolbar - {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - C:\Program Files\TDI\tbTD0.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: TDI Toolbar - {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - C:\Program Files\TDI\tbTD0.dll
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6281 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ne radi link za Combo Bleeping Computer

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Desava se...

Hajde onda sa drugim alatima da to pocistimo

Preuzmi program DDS sa ovog, ovog ili ovog linka na Desktop.


Dvoklikom pokreni DDS;

nakon par minuta će se pojaviti poruka o završetku procesa i otvoriće se dva izveštaja;

snimi oba izveštaja na Desktop (izborom File > Save As);

dvoklikom otvori DDS.txt i iskopiraj sadržaj u temu;

file Attach.txt priloži uz poruku korišćenjem opcije Prikači fajl.

Napomena: u slučaju da zaštitni softver omete DDS u radu, privremeno deaktiviraj isti (uputstvo) i ponovo pokreni DDS.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 28 Jul 2009 18:41

skinuo sam ga .

Dopuna: 28 Jul 2009 18:44

DDS (Ver_09-06-26.01) - NTFSx86
Run by SERVIS at 18:43:22.21 on Tue 07/28/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.623 [GMT 2:00]

AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\USB Disk Security\USBGuard .exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Opera\opera.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\SERVIS\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mWindow Title = Microsoft Internet Explorer
uURLSearchHooks: TDI Toolbar: {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - c:\program files\tdi\tbTD0.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Interpreter: {0cb66ba8-5e1f-4963-93d1-e1d6b78fe9a2} - c:\program files\adobe\AcroRd32.dll
BHO: solution Class: {7957fd21-c584-4476-b26b-4691a7ac4e5d} - c:\windows\system32\B12c4tc4.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: TDI Toolbar: {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - c:\program files\tdi\tbTD0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: TDI Toolbar: {964ed5ed-9595-43a1-bd83-9f831b5dbe7f} - c:\program files\tdi\tbTD0.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [Link mogu videti samo ulogovani korisnici]
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [Link mogu videti samo ulogovani korisnici]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2002-1-3 340592]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\EngineServer.exe [2008-9-29 19456]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-9-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2002-1-3 67904]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-7-28 604488]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-9-29 143088]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2002-1-3 90360]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2002-1-3 42424]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2002-1-3 64432]
S3 sysdrv32;Play Port I/O Driver;\??\c:\windows\system32\drivers\sysdrv32.sys --> c:\windows\system32\drivers\sysdrv32.sys [?]

=============== Created Last 30 ================

2009-07-28 16:33 604,488 a------- c:\windows\system32\TUProgSt.exe
2009-07-28 16:33 29,000 a------- c:\windows\system32\uxtuneup.dll
2009-07-28 16:32 361,288 a------- c:\windows\system32\TuneUpDefragService.exe
2009-07-23 09:30 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-07-23 09:30 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-07-20 11:12 169,472 a------- c:\windows\system32\B12c4tc4.dll
2009-07-20 10:12 196,610 a------- c:\windows\system32\Y45a7ra7.exe
2009-07-17 16:05 <DIR> --d----- c:\program files\Sony
2009-07-17 16:04 <DIR> --d----- c:\program files\Sony Setup
2009-07-14 15:53 <DIR> --d----- c:\program files\valve
2009-07-11 16:09 128,104 a------- c:\windows\system32\drivers\WimFltr.sys
2009-07-11 16:09 <DIR> --d----- c:\program files\vLite
2009-07-09 12:31 20,747 a------- c:\windows\system32\drivers\AegisP.sys
2009-07-09 12:31 17,149 a------- c:\windows\system32\DNINDIS5.SYS
2009-07-03 09:09 104,960 a------- c:\windows\msmacro32 .exe
2009-07-03 09:09 25,100 a------- c:\windows\msmacro32.exe90
2009-07-03 09:09 25,100 a------- c:\windows\msmacro32.exe87
2009-07-03 09:09 25,100 a------- c:\windows\msmacro32.exe
2009-07-02 10:26 71,680 a--shr-- c:\windows\system\smsg .exe
2009-06-29 09:41 21,504 ac------ c:\windows\system32\dllcache\hidserv.dll
2009-06-29 09:41 21,504 a------- c:\windows\system32\hidserv.dll
2009-06-29 09:41 14,592 ac------ c:\windows\system32\dllcache\kbdhid.sys
2009-06-29 09:41 14,592 a------- c:\windows\system32\drivers\kbdhid.sys
2009-06-29 09:24 <DIR> --ds---- C:\ComboFix
2009-06-29 09:18 0 a------- c:\windows\system32\Y45a7ra7.exe.a_a

==================== Find3M ====================

2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-26 10:38 16,384 a--sh--- c:\windows\system32\config\systemprofile\cookies\index.dat
2009-03-26 10:38 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2002-01-03 23:15 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012002010320020104\index.dat

============= FINISH: 18:43:56.25 ===============

Dopuna: 29 Jul 2009 20:35

Dali ste nasli nesto ?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\B12c4tc4.dll
c:\windows\system32\Y45a7ra7.exe
c:\windows\msmacro32 .exe
c:\windows\msmacro32.exe90
c:\windows\msmacro32.exe87
c:\windows\msmacro32.exe
c:\windows\system32\Y45a7ra7.exe.a_a
c:\windows\system32\drivers\sysdrv32.sys

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7957fd21-c584-4476-b26b-4691a7ac4e5d}]

Driver::
sysdrv32

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-07-29.03 - SERVIS 07/30/2009 9:40.10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.616 [GMT 2:00]
Running from: c:\documents and settings\SERVIS\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\SERVIS\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Created a new restore point

FILE ::
"c:\windows\msmacro32 .exe"
"c:\windows\msmacro32.exe"
"c:\windows\msmacro32.exe87"
"c:\windows\msmacro32.exe90"
"c:\windows\system32\B12c4tc4.dll"
"c:\windows\system32\drivers\sysdrv32.sys"
"c:\windows\system32\Y45a7ra7.exe"
"c:\windows\system32\Y45a7ra7.exe.a_a"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\msmacro32 .exe
c:\windows\msmacro32.exe
c:\windows\msmacro32.exe87
c:\windows\msmacro32.exe90
c:\windows\system32\B12c4tc4.dll
c:\windows\system32\Y45a7ra7.exe
c:\windows\system32\Y45a7ra7.exe.a_a

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32
-------\Service_sysdrv32


((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.

2009-07-28 14:33 . 2009-07-28 14:33 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-28 14:33 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-28 14:32 . 2009-07-28 14:33 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-17 14:06 . 2009-07-17 14:06 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\Sony
2009-07-17 14:06 . 2009-07-17 14:06 -------- d-----w- c:\documents and settings\SERVIS\Application Data\Sony
2009-07-17 14:05 . 2009-07-17 14:05 -------- d-----w- c:\program files\Sony
2009-07-17 14:04 . 2009-07-17 14:04 -------- d-----w- c:\program files\Sony Setup
2009-07-14 13:53 . 2009-07-14 13:53 -------- d-----w- c:\program files\valve
2009-07-11 14:09 . 2006-11-02 00:50 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2009-07-11 14:09 . 2009-07-14 09:12 -------- d-----w- c:\program files\vLite
2009-07-10 13:04 . 2009-07-10 13:04 -------- d-----w- c:\program files\Intel
2009-07-10 13:04 . 2009-07-10 13:04 -------- d-----w- c:\documents and settings\SERVIS\Application Data\InstallShield
2009-07-09 10:31 . 2009-07-09 10:31 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-09 10:31 . 2003-07-24 10:10 17149 ----a-w- c:\windows\system32\DNINDIS5.SYS
2009-07-02 08:26 . 2009-07-02 08:26 71680 --sha-r- c:\windows\system\smsg .exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 14:32 . 2009-03-13 10:12 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-17 08:51 . 2009-04-06 09:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-14 08:00 . 2009-03-18 11:50 -------- d-----w- c:\program files\TDI
2009-07-10 14:45 . 2009-03-18 10:43 -------- d-----w- c:\program files\nLite
2009-07-10 13:04 . 2002-01-03 21:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-30 14:16 . 2009-03-13 21:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 11:37 . 2009-03-28 09:12 -------- d-----w- c:\program files\USB Disk Security
2009-06-24 11:46 . 2009-04-21 14:05 -------- d-----w- c:\program files\Yahoo!
2009-06-24 11:46 . 2009-05-06 12:26 -------- d-----w- c:\program files\InstantFileRecovery
2009-06-24 11:46 . 2009-05-06 12:36 -------- d-----w- c:\program files\Runtime Software
2009-06-24 11:40 . 2009-06-24 11:40 -------- d-----w- c:\program files\CCleaner
2009-06-24 08:57 . 2009-06-24 08:57 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-11 07:33 . 2009-03-14 08:42 -------- d-----w- c:\program files\Java
2009-06-11 07:32 . 2009-06-11 07:32 152576 ----a-w- c:\documents and settings\SERVIS\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-04 07:47 . 2009-06-03 14:33 -------- d-----w- c:\program files\XP Repair Pro 2007
2009-06-03 13:51 . 2009-06-03 13:51 -------- d-----w- c:\program files\Google
2009-05-21 09:33 . 2009-03-14 08:42 410984 ----a-w- c:\windows\system32\deploytk.dll
.

------- Sigcheck -------

[-] 2009-01-16 07:19 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}"= "c:\program files\TDI\tbTD0.dll" [2009-07-14 2215960]

[HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]
2009-07-14 08:01 2215960 ----a-w- c:\program files\TDI\tbTD0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}"= "c:\program files\TDI\tbTD0.dll" [2009-07-14 2215960]

[HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{964ED5ED-9595-43A1-BD83-9F831B5DBE7F}"= "c:\program files\TDI\tbTD0.dll" [2009-07-14 2215960]

[HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-06-25 25100]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"UxTuneUp"=2 (0x2)
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"Themes"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\My Documents\\Valve\\hl.exe"=
"c:\\WINDOWS\\system\\smsg .exe"=

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 9:07 AM 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/3/2002 11:30 PM 67904]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [7/28/2009 4:33 PM 604488]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/3/2002 11:30 PM 64432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-30 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-SVCWINSPOOL


.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mWindow Title = Microsoft Internet Explorer
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-07-30 09:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\ctfmon.exe100 15360 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3876)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\windows\system32\ctfmon.exe100Y\USBGUARD.EXE
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\windows\system32\wscntfy.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
.
**************************************************************************
.
Completion time: 2009-07-30 9:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 07:52
ComboFix2.txt 2009-06-24 12:11

Pre-Run: 18,236,051,456 bytes free
Post-Run: 18,242,342,912 bytes free

194

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:
File::
c:\windows\system\smsg .exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system\\smsg .exe"=-




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.[/quote]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-07-29.04 - SERVIS 07/31/2009 9:36.11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.618 [GMT 2:00]
Running from: c:\documents and settings\SERVIS\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\SERVIS\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

FILE ::
"c:\windows\system\smsg .exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\smsg .exe

.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-31 )))))))))))))))))))))))))))))))
.

2009-07-28 14:33 . 2009-07-28 14:33 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-28 14:33 . 2009-07-15 09:48 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-28 14:32 . 2009-07-28 14:33 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-17 14:06 . 2009-07-17 14:06 -------- d-----w- c:\documents and settings\SERVIS\Local Settings\Application Data\Sony
2009-07-17 14:06 . 2009-07-17 14:06 -------- d-----w- c:\documents and settings\SERVIS\Application Data\Sony
2009-07-17 14:05 . 2009-07-17 14:05 -------- d-----w- c:\program files\Sony
2009-07-17 14:04 . 2009-07-17 14:04 -------- d-----w- c:\program files\Sony Setup
2009-07-14 13:53 . 2009-07-14 13:53 -------- d-----w- c:\program files\valve
2009-07-11 14:09 . 2006-11-02 00:50 128104 ----a-w- c:\windows\system32\drivers\WimFltr.sys
2009-07-11 14:09 . 2009-07-14 09:12 -------- d-----w- c:\program files\vLite
2009-07-10 13:04 . 2009-07-10 13:04 -------- d-----w- c:\program files\Intel
2009-07-10 13:04 . 2009-07-10 13:04 -------- d-----w- c:\documents and settings\SERVIS\Application Data\InstallShield
2009-07-09 10:31 . 2009-07-09 10:31 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-09 10:31 . 2003-07-24 10:10 17149 ----a-w- c:\windows\system32\DNINDIS5.SYS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 14:32 . 2009-03-13 10:12 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-17 08:51 . 2009-04-06 09:02 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-14 08:00 . 2009-03-18 11:50 -------- d-----w- c:\program files\TDI
2009-07-10 14:45 . 2009-03-18 10:43 -------- d-----w- c:\program files\nLite
2009-07-10 13:04 . 2002-01-03 21:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-30 14:16 . 2009-03-13 21:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 11:37 . 2009-03-28 09:12 -------- d-----w- c:\program files\USB Disk Security
2009-06-24 11:46 . 2009-04-21 14:05 -------- d-----w- c:\program files\Yahoo!
2009-06-24 11:46 . 2009-05-06 12:26 -------- d-----w- c:\program files\InstantFileRecovery
2009-06-24 11:46 . 2009-05-06 12:36 -------- d-----w- c:\program files\Runtime Software
2009-06-24 11:40 . 2009-06-24 11:40 -------- d-----w- c:\program files\CCleaner
2009-06-24 08:57 . 2009-06-24 08:57 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-06-11 07:33 . 2009-03-14 08:42 -------- d-----w- c:\program files\Java
2009-06-11 07:32 . 2009-06-11 07:32 152576 ----a-w- c:\documents and settings\SERVIS\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-04 07:47 . 2009-06-03 14:33 -------- d-----w- c:\program files\XP Repair Pro 2007
2009-06-03 13:51 . 2009-06-03 13:51 -------- d-----w- c:\program files\Google
2009-05-21 09:33 . 2009-03-14 08:42 410984 ----a-w- c:\windows\system32\deploytk.dll
.

------- Sigcheck -------

[-] 2009-01-16 07:19 1614848 362BC5AF8EAF712832C58CC13AE05750 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-31 07:05 . 2009-07-31 07:05 16384 c:\windows\Temp\Perflib_Perfdata_488.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}"= "c:\program files\TDI\tbTD0.dll" [2009-07-14 2215960]

[HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]
2009-07-14 08:01 2215960 ----a-w- c:\program files\TDI\tbTD0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}"= "c:\program files\TDI\tbTD0.dll" [2009-07-14 2215960]

[HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{964ED5ED-9595-43A1-BD83-9F831B5DBE7F}"= "c:\program files\TDI\tbTD0.dll" [2009-07-14 2215960]

[HKEY_CLASSES_ROOT\clsid\{964ed5ed-9595-43a1-bd83-9f831b5dbe7f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-06-25 25100]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"UxTuneUp"=2 (0x2)
"TuneUp.ProgramStatisticsSvc"=2 (0x2)
"TuneUp.Defrag"=3 (0x3)
"Themes"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\My Documents\\Valve\\hl.exe"=

R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [9/29/2008 9:07 AM 19456]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/3/2002 11:30 PM 67904]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [7/28/2009 4:33 PM 604488]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/3/2002 11:30 PM 64432]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-07-31 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-07-16 08:54]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mWindow Title = Microsoft Internet Explorer
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-07-31 09:41
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-07-31 9:43
ComboFix-quarantined-files.txt 2009-07-31 07:43
ComboFix2.txt 2009-07-30 07:52
ComboFix3.txt 2009-06-24 12:11

Pre-Run: 16,654,860,288 bytes free
Post-Run: 16,618,246,144 bytes free

153

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kakvo je sad stanje?