Vundo i ostalo...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:25:44, on 21.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\D-Link\Bluetooth Software\BTTray.exe
C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Vladan\Desktop\Nova fascikla\TR3.exe..exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {183C7C04-EC0B-4336-A5DD-B43158E9FA7E} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\geBqPHxW.dll
O2 - BHO: (no name) - {6DA38C1C-FB57-437F-B4D5-5D00FF01419A} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: qs Class - {8A555E0E-6240-DD93-198D-45F571D4FD9B} - C:\Program Files\altcmd\altcmd32.dll (file missing)
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A67B73F0-3396-466C-9F57-5E76374103DB} - (no file)
O2 - BHO: (no name) - {AE9797CB-2A17-4F26-AF52-369601642423} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {DC067E18-9600-4BA7-AF9F-A0D7768BD0F2} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: {3bb5c1a3-55a8-0558-ac54-f92f41e1feee} - {eeef1e14-f29f-45ca-8550-8a553a1c5bb3} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [Windows System Update] C:\WINDOWS\TEMP\CSRSS.EXE
O4 - HKLM\..\Run: [SYSTRAY_UPDATE] C:\WINDOWS\TEMP\systray.exe
O4 - HKLM\..\Run: [RUNDLL32] C:\WINDOWS\TEMP\rundll32.exe
O4 - HKLM\..\Run: [System Restore] C:\WINDOWS\TEMP\alg.exe
O4 - HKLM\..\Run: [Language_Shortcut] C:\WINDOWS\TEMP\IEXPLORE.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\D-Link\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\wowfx.dll
O20 - Winlogon Notify: awttsSKb - awttsSKb.dll (file missing)
O20 - Winlogon Notify: byXNhhGV - byXNhhGV.dll (file missing)
O20 - Winlogon Notify: geBqPHxW - C:\WINDOWS\SYSTEM32\geBqPHxW.dll
O20 - Winlogon Notify: nnnonkJy - C:\WINDOWS\
O20 - Winlogon Notify: opnopPJY - opnopPJY.dll (file missing)
O20 - Winlogon Notify: pmnmliif - pmnmliif.dll (file missing)
O20 - Winlogon Notify: tuvUMdAP - C:\WINDOWS\
O20 - Winlogon Notify: tuvWnoMc - tuvWnoMc.dll (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\D-Link\Bluetooth Software\bin\btwdins.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 8296 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav.

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skinuo sa cobofix ali problem stoji i dalje,u kom bi programu mogao bit ovaj virus(wowfx.dll)? Dva puta se ovaj virus sam sklanjao ali posle dva dana sam se i povrati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Molim te procitaj pazljivo uputstvo koje sam ti dao i postavi log koji dobijes na kraju skeniranja sa Combofixom ovde na forum.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-05-20.A1 - Vladan 21.05.2009 20:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1023.641 [GMT 2:00]
Running from: c:\documents and settings\Vladan\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-21 18:11 . 2006-09-23 12:14 90112 ----a-w c:\windows\system32\wowfx.dll
2009-05-19 21:19 . 2009-05-19 21:19 -------- d-s---w c:\documents and settings\Vladan\UserData
2009-05-16 21:19 . 2009-05-16 21:19 -------- d-----w c:\windows\system32\append.dll
2009-05-16 21:19 . 2009-05-16 21:19 -------- d-----w c:\windows\system32\xlib254.dll
2009-05-04 20:20 . 2009-05-15 20:44 -------- d-----w c:\documents and settings\Vladan\Tracing
2009-04-25 12:29 . 2009-04-25 12:29 -------- d--h--w c:\windows\PIF
2009-04-23 18:00 . 2009-04-23 18:00 -------- d-----w c:\documents and settings\LocalService\Application Data\skypePM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 11:55 . 2009-04-10 17:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-13 19:38 . 2009-04-13 19:38 -------- d-----w c:\program files\Skype
2009-04-13 19:38 . 2009-04-13 19:38 -------- d-----w c:\program files\Common Files\Skype
2009-04-10 17:06 . 2009-04-10 17:06 -------- d-----w c:\program files\Avira
2009-04-09 19:44 . 2009-04-09 19:44 -------- d-----w c:\program files\Common Files\FotoWire
2009-04-09 19:44 . 2009-01-19 15:44 -------- d-----w c:\program files\Logitech
2009-04-09 19:04 . 2009-01-19 15:03 8 ----a-w C:\DFIMB.DAT
2009-04-04 19:12 . 2009-04-04 19:12 0 ----a-w c:\windows\ativpsrm.bin
2009-04-04 19:09 . 2009-01-19 15:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-04 19:05 . 2009-01-19 15:03 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-04 13:56 . 2009-01-30 18:52 -------- d-----w c:\program files\Lavasoft
2009-03-30 18:20 . 2009-03-30 18:20 1198 ----a-w c:\windows\system32\919375.DAT
2009-03-29 16:33 . 2009-01-21 13:00 -------- d-----w c:\program files\Pro Evolution Soccer 2009
2009-03-27 18:00 . 2009-01-29 21:00 -------- d-----w c:\program files\Java
2009-03-09 04:19 . 2009-01-29 21:00 410984 ----a-w c:\windows\system32\deploytk.dll
.

------- Sigcheck -------

[-] 2005-10-28 17:04 577024 6DE681FDEABCDF846393CBB3C1784520 c:\windows\system32\user32.dll
[-] 2005-10-28 17:04 577024 6DE681FDEABCDF846393CBB3C1784520 c:\windows\system32\dllcache\user32.dll
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-19 15:01 . 2009-05-21 18:13 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-19 15:01 . 2009-05-21 13:49 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-19 15:01 . 2009-05-21 18:13 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-19 15:01 . 2009-05-21 13:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-19 15:01 . 2009-05-21 18:13 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-19 15:01 . 2009-05-21 13:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-11-19 46592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\D-Link\Bluetooth Software\BTTray.exe [2006-4-12 643133]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wowfx.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll
"wave7"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digest32.dll, wowfx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Vladan^Start Menu^Programs^Startup^userinit.exe]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Language_Shortcut

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"JavaQuickStarterService"=3 (0x3)
"IDriverT"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
"c:\\WINDOWS\\System32\\svchost.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4719:TCP"= 4719:TCP:4719

R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [19.1.2009 17:15 73088]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10.4.2009 19:07 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [19.1.2009 23:31 55136]
R2 fsssvc;Windows Live Porodicna bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 19:08 533360]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [29.11.2001 10:10 1432836]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Vladan\Application Data\Mozilla\Firefox\Profiles\m0qfqt54.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-05-21 20:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(544)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3176)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\D-Link\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-05-21 20:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-21 18:18
ComboFix2.txt 2009-05-21 13:53

Pre-Run: 51.814.961.152 bytes free
Post-Run: 51.808.960.512 bytes free

147

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pronadji ovaj File c:\windows\system32\user32.dll
Posalji ga na upload preko ovog linka

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Vas fajl je uspesno uploadovan.
Molimo Vas da u temi u kojoj je od Vas zahtevano da uploadujete fajl, obavestite lice koje Vam pomaze da ste to uspesno uradili.
Hvala Vam. ( KAKO DALJE IMALI POMOĆI MU )

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ugasi ponovo Antivirus

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\wowfx.dll

Folder::
c:\windows\system32\append.dll
c:\windows\system32\xlib254.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 21 Maj 2009 23:31

ComboFix 09-05-20.A1 - Vladan 21.05.2009 23:16.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.1023.491 [GMT 2:00]
Running from: c:\documents and settings\Vladan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Vladan\Desktop\CFScript
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
c:\windows\system32\wowfx.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\append.dll
c:\windows\system32\wowfx.dll
c:\windows\system32\xlib254.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-21 to 2009-05-21 )))))))))))))))))))))))))))))))
.

2009-05-21 21:18 . 2009-05-21 21:18 -------- d-----w c:\windows\system32\append.dll
2009-05-21 21:18 . 2009-05-21 21:18 -------- d-----w c:\windows\system32\xlib254.dll
2009-05-21 18:43 . 2009-05-21 20:16 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-19 21:19 . 2009-05-19 21:19 -------- d-s---w c:\documents and settings\Vladan\UserData
2009-05-04 20:20 . 2009-05-15 20:44 -------- d-----w c:\documents and settings\Vladan\Tracing
2009-04-25 12:29 . 2009-04-25 12:29 -------- d--h--w c:\windows\PIF
2009-04-23 18:00 . 2009-04-23 18:00 -------- d-----w c:\documents and settings\LocalService\Application Data\skypePM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 11:55 . 2009-04-10 17:07 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-13 19:38 . 2009-04-13 19:38 -------- d-----w c:\program files\Skype
2009-04-13 19:38 . 2009-04-13 19:38 -------- d-----w c:\program files\Common Files\Skype
2009-04-10 17:06 . 2009-04-10 17:06 -------- d-----w c:\program files\Avira
2009-04-09 19:44 . 2009-04-09 19:44 -------- d-----w c:\program files\Common Files\FotoWire
2009-04-09 19:44 . 2009-01-19 15:44 -------- d-----w c:\program files\Logitech
2009-04-09 19:04 . 2009-01-19 15:03 8 ----a-w C:\DFIMB.DAT
2009-04-04 19:12 . 2009-04-04 19:12 0 ----a-w c:\windows\ativpsrm.bin
2009-04-04 19:09 . 2009-01-19 15:04 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-04 19:05 . 2009-01-19 15:03 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-04 13:56 . 2009-01-30 18:52 -------- d-----w c:\program files\Lavasoft
2009-03-30 18:20 . 2009-03-30 18:20 1198 ----a-w c:\windows\system32\919375.DAT
2009-03-29 16:33 . 2009-01-21 13:00 -------- d-----w c:\program files\Pro Evolution Soccer 2009
2009-03-27 18:00 . 2009-01-29 21:00 -------- d-----w c:\program files\Java
2009-03-09 04:19 . 2009-01-29 21:00 410984 ----a-w c:\windows\system32\deploytk.dll
.

------- Sigcheck -------

[-] 2005-10-28 17:04 577024 6DE681FDEABCDF846393CBB3C1784520 c:\windows\system32\user32.dll
[-] 2005-10-28 17:04 577024 6DE681FDEABCDF846393CBB3C1784520 c:\windows\system32\dllcache\user32.dll
.
((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-19 15:01 . 2009-05-21 20:52 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-19 15:01 . 2009-05-21 13:49 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-19 15:01 . 2009-05-21 20:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-19 15:01 . 2009-05-21 13:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-19 15:01 . 2009-05-21 20:52 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-19 15:01 . 2009-05-21 13:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"LogitechGalleryRepair"="c:\program files\Logitech\ImageStudio\ISStart.exe" [2002-12-10 155648]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2002-11-19 46592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\D-Link\Bluetooth Software\BTTray.exe [2006-4-12 643133]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll
"wave7"= serwvdrv.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Vladan^Start Menu^Programs^Startup^userinit.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"JavaQuickStarterService"=3 (0x3)
"IDriverT"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\Ati2evxx.exe"=
"c:\\WINDOWS\\System32\\svchost.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4719:TCP"= 4719:TCP:4719

R0 fasttrak;fasttrak;c:\windows\system32\drivers\Fasttrak.sys [19.1.2009 17:15 73088]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10.4.2009 19:07 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [19.1.2009 23:31 55136]
R2 fsssvc;Windows Live Porodicna bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 19:08 533360]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys [29.11.2001 10:10 1432836]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\D-Link\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Vladan\Application Data\Mozilla\Firefox\Profiles\m0qfqt54.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-05-21 23:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(540)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1780)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\D-Link\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-05-21 23:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-21 21:25
ComboFix2.txt 2009-05-21 18:18
ComboFix3.txt 2009-05-21 13:53

Pre-Run: 51.732.316.160 bytes free
Post-Run: 51.724.013.568 bytes free

153

Dopuna: 21 Maj 2009 23:35

sklonilo ga je wowfx.dll ako se ne povrati. hvala ti velika, jeli ovo špijunski program ili šta

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Posalji na upload C:\Qoobox\Quarantine ali prvo zipuj.

[Link mogu videti samo ulogovani korisnici]