macka vracarka
Veoma poznat
- Poruka
- 13.094
..elem ovo sam negde uhvatila..
AvG mi je detektovao virus i pise ovako:C:\Windows\system32\drivers\fips 32 cup.sys
Sta sam uradila..iskljucila sam avg na trenutak i skinula Combofix koji je skenirao i evo sad vam kopiram log:
ComboFix 09-01-11.02 - Maja 2009-01-12 12:32:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222.26 [GMT 1:00]
Running from: c:\documents and settings\Maja\Contacts\Desktop\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Maja\Application Data\FunWebProducts
c:\documents and settings\Maja\Application Data\FunWebProducts\Data\Maja\avatar.dat
c:\documents and settings\Maja\Application Data\FunWebProducts\Data\Maja\zbucks.dat
c:\documents and settings\Maja\Favorites\Online Security Test.url
c:\documents and settings\Maja\Maja.exe
c:\documents and settings\Maja\My Documents\My Music\My Music.url
c:\documents and settings\Maja\My Documents\My Videos\My Video.url
c:\program files\AntiSpywareShield
c:\program files\AntiSpywareShield\AntiSpywareShield.lic
c:\program files\AntiSpywareShield\AntiSpywareShield1.ad
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\834668
c:\windows\system32\834668\834668.dll
c:\windows\system32\shell31.dll
c:\windows\system32\wpv681230262576.cpx
c:\windows\system32\wpv821230262509.cpx
c:\windows\wiaserviv.log
.
((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.
2009-01-12 07:34 . 2009-01-12 07:34 22,016 --a------ c:\windows\system32\drivers\nicsk32.sys
2009-01-11 23:44 . 2009-01-11 23:44 22,016 --a------ c:\windows\system32\drivers\port135sik.sys
2008-12-25 21:22 . 2008-12-25 21:49 <DIR> d-------- c:\documents and settings\Maja\Application Data\Apple Computer
2008-12-25 20:48 . 2009-01-12 11:15 <DIR> d-------- c:\program files\eMule
2008-12-25 18:15 . 2008-12-25 18:15 <DIR> d-------- c:\program files\Bonjour
2008-12-25 18:13 . 2008-12-25 18:15 <DIR> d-------- c:\program files\QuickTime
2008-12-25 18:13 . 2008-12-25 21:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-25 18:11 . 2008-12-25 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 07:00 --------- d-----w c:\documents and settings\Maja\Application Data\AVG7
2008-12-15 12:18 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-06 11:24 --------- d-----w c:\documents and settings\Maja\Application Data\NeroVision
2008-11-22 21:42 --------- d-----w c:\documents and settings\Maja\Application Data\Skype
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-22 09:04 12,297,167 ------w C:\avg7qt.dat
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 10:20 667,648 ----a-w c:\windows\system32\wininet.dll
2008-02-05 21:28 37,728 ----a-w c:\documents and settings\Maja\Application Data\GDIPFONTCACHEV1.DAT
2008-12-19 17:21 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 17:21 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 17:21 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 17:21 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 17:21 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 761945]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-28 1589248]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-21 1077330]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Samsung LBP SM"="c:\windows\Samsung\LaserSMMgr\ssmmgr.exe" [2003-04-04 266240]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2007-01-19 28288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"TPSMain"="TPSMain.exe" [2006-02-08 c:\windows\system32\TPSMain.exe]
"CFSServ.exe"="CFSServ.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-24 219136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-29 113664]
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2007-01-09 38976]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-02-13 225792]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2008-03-04 30336]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 acpi32;acpi32;\??\c:\windows\system32\drivers\acpi32.sys --> c:\windows\system32\drivers\acpi32.sys [?]
S4 fips32cup;fips32cup;\??\c:\windows\system32\drivers\fips32cup.sys --> c:\windows\system32\drivers\fips32cup.sys [?]
S4 nicsk32;nicsk32;c:\windows\system32\drivers\nicsk32.sys [2009-01-12 22016]
S4 port135sik;port135sik;c:\windows\system32\drivers\port135sik.sys [2009-01-11 22016]
S4 ws2_32sik;ws2_32sik;\??\c:\windows\system32\drivers\ws2_32sik.sys --> c:\windows\system32\drivers\ws2_32sik.sys [?]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Maja - c:\documents and settings\Maja\Maja.exe
HKCU-Run-toscdspd - TOSCDSPD.EXE
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://internetsearchservice.com
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
mSearchURL = hxxp://internetsearchservice.com
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: online.bancaintesabeograd.com
c:\windows\Downloaded Program Files\FSINT.dll - O16 -: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A}
hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
c:\windows\Downloaded Program Files\SGCMSCCD.DLL - O16 -: {76326493-E84F-4D4B-939C-1E07B50037F2}
hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
c:\windows\Downloaded Program Files\CONFLICT.1\FSINT.dll - O16 -: {A7C346A3-B076-46B3-97F0-D00F6B479451}
hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
FF - ProfilePath - c:\documents and settings\Maja\Application Data\Mozilla\Firefox\Profiles\og7dnlgl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 12:35:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll
Pre-Run: 28,348,440,576 bytes free
Post-Run: 28,476,039,168 bytes free
I sta sad..Ima li mi spasa i viditite li ovde nesto sumnjivo...
AvG mi je detektovao virus i pise ovako:C:\Windows\system32\drivers\fips 32 cup.sys
Sta sam uradila..iskljucila sam avg na trenutak i skinula Combofix koji je skenirao i evo sad vam kopiram log:
ComboFix 09-01-11.02 - Maja 2009-01-12 12:32:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222.26 [GMT 1:00]
Running from: c:\documents and settings\Maja\Contacts\Desktop\ComboFix.exe
AV: AVG 7.5.552 *On-access scanning disabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Maja\Application Data\FunWebProducts
c:\documents and settings\Maja\Application Data\FunWebProducts\Data\Maja\avatar.dat
c:\documents and settings\Maja\Application Data\FunWebProducts\Data\Maja\zbucks.dat
c:\documents and settings\Maja\Favorites\Online Security Test.url
c:\documents and settings\Maja\Maja.exe
c:\documents and settings\Maja\My Documents\My Music\My Music.url
c:\documents and settings\Maja\My Documents\My Videos\My Video.url
c:\program files\AntiSpywareShield
c:\program files\AntiSpywareShield\AntiSpywareShield.lic
c:\program files\AntiSpywareShield\AntiSpywareShield1.ad
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search2
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\system32\834668
c:\windows\system32\834668\834668.dll
c:\windows\system32\shell31.dll
c:\windows\system32\wpv681230262576.cpx
c:\windows\system32\wpv821230262509.cpx
c:\windows\wiaserviv.log
.
((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.
2009-01-12 07:34 . 2009-01-12 07:34 22,016 --a------ c:\windows\system32\drivers\nicsk32.sys
2009-01-11 23:44 . 2009-01-11 23:44 22,016 --a------ c:\windows\system32\drivers\port135sik.sys
2008-12-25 21:22 . 2008-12-25 21:49 <DIR> d-------- c:\documents and settings\Maja\Application Data\Apple Computer
2008-12-25 20:48 . 2009-01-12 11:15 <DIR> d-------- c:\program files\eMule
2008-12-25 18:15 . 2008-12-25 18:15 <DIR> d-------- c:\program files\Bonjour
2008-12-25 18:13 . 2008-12-25 18:15 <DIR> d-------- c:\program files\QuickTime
2008-12-25 18:13 . 2008-12-25 21:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-12-25 18:11 . 2008-12-25 18:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 07:00 --------- d-----w c:\documents and settings\Maja\Application Data\AVG7
2008-12-15 12:18 --------- d-----w c:\program files\Mozilla Thunderbird
2008-12-06 11:24 --------- d-----w c:\documents and settings\Maja\Application Data\NeroVision
2008-11-22 21:42 --------- d-----w c:\documents and settings\Maja\Application Data\Skype
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-22 09:04 12,297,167 ------w C:\avg7qt.dat
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 10:20 667,648 ----a-w c:\windows\system32\wininet.dll
2008-02-05 21:28 37,728 ----a-w c:\documents and settings\Maja\Application Data\GDIPFONTCACHEV1.DAT
2008-12-19 17:21 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-12-19 17:21 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-19 17:21 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-12-19 17:21 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-12-19 17:21 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-11 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 761945]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-01-28 1589248]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-21 1077330]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-10-06 122940]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Samsung LBP SM"="c:\windows\Samsung\LaserSMMgr\ssmmgr.exe" [2003-04-04 266240]
"SNPSTD2"="c:\windows\vsnpstd2.exe" [2004-06-10 286720]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2007-01-19 28288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"TPSMain"="TPSMain.exe" [2006-02-08 c:\windows\system32\TPSMain.exe]
"CFSServ.exe"="CFSServ.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2007-10-24 219136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-29 113664]
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2007-01-09 38976]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2006-02-13 225792]
S3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2008-03-04 30336]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S4 acpi32;acpi32;\??\c:\windows\system32\drivers\acpi32.sys --> c:\windows\system32\drivers\acpi32.sys [?]
S4 fips32cup;fips32cup;\??\c:\windows\system32\drivers\fips32cup.sys --> c:\windows\system32\drivers\fips32cup.sys [?]
S4 nicsk32;nicsk32;c:\windows\system32\drivers\nicsk32.sys [2009-01-12 22016]
S4 port135sik;port135sik;c:\windows\system32\drivers\port135sik.sys [2009-01-11 22016]
S4 ws2_32sik;ws2_32sik;\??\c:\windows\system32\drivers\ws2_32sik.sys --> c:\windows\system32\drivers\ws2_32sik.sys [?]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Maja - c:\documents and settings\Maja\Maja.exe
HKCU-Run-toscdspd - TOSCDSPD.EXE
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uDefault_Search_URL = hxxp://internetsearchservice.com
mSearch Bar = hxxp://internetsearchservice.com/ie6.html
mSearchMigratedDefaultURL = hxxp://internetsearchservice.com/search?q={searchTerms}
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
mSearchURL = hxxp://internetsearchservice.com
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJfox000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: online.bancaintesabeograd.com
c:\windows\Downloaded Program Files\FSINT.dll - O16 -: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A}
hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
c:\windows\Downloaded Program Files\SGCMSCCD.DLL - O16 -: {76326493-E84F-4D4B-939C-1E07B50037F2}
hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
c:\windows\Downloaded Program Files\CONFLICT.1\FSINT.dll - O16 -: {A7C346A3-B076-46B3-97F0-D00F6B479451}
hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
FF - ProfilePath - c:\documents and settings\Maja\Application Data\Mozilla\Firefox\Profiles\og7dnlgl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-12 12:35:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\Ati2evxx.dll
Pre-Run: 28,348,440,576 bytes free
Post-Run: 28,476,039,168 bytes free
I sta sad..Ima li mi spasa i viditite li ovde nesto sumnjivo...