Command Trojan

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav svima!

Molim za pomoc, posto nisam strucnjak za kompijutere.


Imam MCAfee Total Protection koj je detektovao COmmand Trojan.

Imao sam dosta pop-up prozora, ali ih je MCafee blokirao i izolovao, medjutim ne moze da ga obrise.

Isti je slucaj i sa Windows Defenderom.

Propao sam da ga izbrisem i putem opcije DODAJ/Ukloni programe ali dobijem informaciju-can not find script file "C:\WINDOWS\VGFuamEgSm92Yw5VDmil\p3IruAH0mA6ZsqcSxA53.vbs".

Pri svakom ponovnom pokretanju kompijutera, trojan je opet tamo de je bio i MCAfee mu blokira prostup internetu.

Kako da izbrisem ovaj trojan?


Puno hvala!

Dopuna: 04 Feb 2009 4:09

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:06:03 PM, on 2/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\VGFuamEgSm92YW5vdmlj\command.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Tanja Jovanovic\Desktop\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\regsvr32.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Tanja Jovanovic\Desktop\HiJackThis.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [pbobkzklffnjaxe] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\cfsgtrwrwx.dll"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [74e04807] rundll32.exe "C:\WINDOWS\system32\boljljkw.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\Tanja Jovanovic\Application Data\Microsoft\Windows\avoehkqn.exe
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\Tanja Jovanovic\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [kmrf] C:\PROGRA~1\COMMON~1\kmrf\kmrfm.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - [Link mogu videti samo ulogovani korisnici]\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - [Link mogu videti samo ulogovani korisnici]\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - [Link mogu videti samo ulogovani korisnici]\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - [Link mogu videti samo ulogovani korisnici]\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {70E6E083-6690-4129-A34D-F90094EEB4ED} (AWCVoiceClient Control) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} (AMI DicomDir TreeView Control 2.1) - [Link mogu videti samo ulogovani korisnici]\CDVIEWER\CdViewer.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: McAfee Application Installer Cleanup (0150241233709175) (0150241233709175mcinstcleanup) - McAfee, Inc. - C:\DOCUME~1\TANJAJ~1\LOCALS~1\Temp\015024~1.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8-) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGFuamEgSm92YW5vdmlj\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Documents and Settings\Tanja Jovanovic\Desktop\LeapFrog Connect\CommandService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: (no name) - [Link mogu videti samo ulogovani korisnici]

--
End of file - 15513 bytes

Dopuna: 04 Feb 2009 4:11

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\VGFuamEgSm92YW5vdmlj\command.exe

Dopuna: 04 Feb 2009 6:37

Ok, Odradio sam i malwirebytes-

Malwarebytes' Anti-Malware 1.33
Database version: 1725
Windows 5.1.2600 Service Pack 3

2/4/2009 12:30:07 AM
mbam-log-2009-02-04 (00-30-07).txt

Scan type: Quick Scan
Objects scanned: 75702
Time elapsed: 40 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 4
Registry Keys Infected: 30
Registry Values Infected: 4
Registry Data Items Infected: 2
Folders Infected: 11
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\ssqNHyyA.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\xxyaWpOG.dll (Trojan.Vundo) -> Delete on reboot.
C:\Program Files\WebShow\WebShow.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\components\srff.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2f58bcb6-1d86-4036-8082-4e2484e68e62} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{2f58bcb6-1d86-4036-8082-4e2484e68e62} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\xxyawpog (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2f58bcb6-1d86-4036-8082-4e2484e68e62} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{63334394-3da3-4b29-a041-03535909d361} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e4a04a1-a24d-45ae-aca4-949778400813} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho_cpv.workhorse.1 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17e44256-51e0-4d46-a0c8-44e80ab4ba5b} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{80ef304a-b1c4-425c-8535-95ab6f1eefb8} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d88e1558-7c2d-407a-953a-c044f5607cea} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be} (Trojan.Network.Monitor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BHO_MyJavaCore.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\GetModule (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpeedRunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService (Adware.CommAd) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CMDSERVICE (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kmrf (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pbobkzklffnjaxe (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ssqnhyya -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqnhyya -> Delete on reboot.

Folders Infected:
C:\Program Files\Network Monitor (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2 (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mjcore (Trojan.BHO) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tanja Jovanovic\Application Data\cogad (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tanja Jovanovic\Application Data\GetModule (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tanja Jovanovic\Application Data\speedrunner (Adware.SurfAccuracy) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\ssqNHyyA.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\AyyHNqss.ini (Trojan.Vundo.H) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\AyyHNqss.ini2 (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\xxyaWpOG.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Program Files\WebShow\WebShow.dll (Trojan.BHO) -> Delete on reboot.
C:\Program Files\Mozilla Firefox\components\srff.dll (Trojan.Agent) -> Delete on reboot.
C:\Program Files\Common Files\kmrf\kmrfm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\opnnonnK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\boljljkw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\wpv521233435309.cpx (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\jlvqspxb.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\ddcYqqRh.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tanja Jovanovic\Local Settings\Temp\~nsu.tmp\Au_.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tanja Jovanovic\Local Settings\Temporary Internet Files\Content.IE5\EZMCN7AD\style[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\InetGet2\stub109_4_0_4_0.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt (Trojan.NetMon) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tanja Jovanovic\Application Data\GetModule\dicik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tanja Jovanovic\Application Data\GetModule\kwdik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tanja Jovanovic\Application Data\GetModule\ofadik.gz (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tanja Jovanovic\Application Data\speedrunner\config.cfg (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cfsgtrwrwx.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\atmtd.dll._ (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\ADAPT_Installer.exe (Heuristics.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\uninstall_nmon.vbs (Malware.Trace) -> Quarantined and deleted successfully.



McAffi mi je sad nasao-
win32/Vundo.D
Generic!Artemis
exploit byteverify

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...


Rekao bih da je dobar deo posla već odrađen ali ćemo svejedno proveriti da li je nešto zaostalo.



Klikni desnim tasterom na McAfee Antivirus ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Exit.
* Kada se pojavi upit o isključivanju, klikni Yes.



Isključivanje Windows Defender Real-time Protection
Pokrenite Windows Defender.
Kliknite na Tools
Kliknite na General Settings.
Kliknite na Real Time Protection Options.
Destiklirajte Turn on Real Time Protection (recommended).
Kliknite na Save
Zatvorite Windows Defender.
Nemojte zaboraviti da ponovo ukljucite ovu opciju kada zavrsimo ciscenje.





Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Puno hvala.
Sada je navodno sve ok, ali mi danas MCAfee salje sledecu poruku-
McAfee has blocked a potentially unwanted program (PUP) on your computer. If you do not recognize it, we recommend that you remove the program.

About this Potentially Unwanted Program
Name: Generic PUP!hv.b
Location: C:\Program Files\Mozilla Firefox\components\nsworldadmarketplace.dll

Spyware, adware, and other potentially unwanted programs can harm your computer, compromise its security, and damage valuable files.

KAda kliknem na opciju remove, dobijem sledecu poruku-
The potentially unwanted program can not be removed MCAfee recommends that you try to remove program buy using ADD/Remove program in windows.
Medjutim kada odem Add/remove, tog prgrama nema na listi.

Jos jednom hvala!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Bilo bi dobro da ispratiš dato uputstvo.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

EVo gotovo!
ComboFix 09-02-06.04 - Tanja Jovanovic 2009-02-07 14:35:58.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1235 [GMT -5:00]
Running from: c:\documents and settings\Tanja Jovanovic\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Resident AV is active

.
/wow section - STAGE 6

/wow section - STAGE 8
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.

/wow section - STAGE 9
The process cannot access the file because it is being used by another process.

/wow section - STAGE 10
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.

/wow section - STAGE 15
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.

/wow section - STAGE 16
The process cannot access the file because it is being used by another process.

/wow section - STAGE 47
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the file Vundonames.dat.
Could Not Find c:\combofix\Vundonames.dat
The process cannot access the file because it is being used by another process.
The system cannot find the file temp3102.
temp3101The system cannot find the file specified.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
SED: can't read SetCSum00: No such file or directory
The process cannot access the file because it is being used by another process.



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Tanja Jovanovic\Local Settings\Temporary Internet Files\CPV.stt
c:\program files\Common Files\kmrf
c:\windows\kmrf
c:\windows\SYSTEM32\ayJTCJlm.ini
c:\windows\SYSTEM32\ayJTCJlm.ini2
c:\windows\SYSTEM32\Hhknmnnn.ini
c:\windows\SYSTEM32\Hhknmnnn.ini2
c:\windows\Tasks\xhkhpmcm.job
c:\windows\wiaserviv.log
.
---- Previous Run -------
.
c:\windows\wiaserviv.log

.
((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.

2009-02-07 14:30 . 2009-02-07 14:30 389,120 --a------ c:\windows\SYSTEM32\CF30560.exe
2009-02-06 21:30 . 2009-02-06 21:30 <DIR> d-------- c:\documents and settings\Tanja Jovanovic\mods
2009-02-06 21:28 . 2009-02-06 21:28 85,637 --a------ c:\windows\SYSTEM32\6da9ca76-50db-5357-f759-f2d0ecbafa81.exe
2009-02-05 16:25 . 2009-02-05 16:25 674,816 --a------ c:\windows\SYSTEM32\nsf148.dll
2009-02-03 23:46 . 2009-02-03 23:46 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-03 23:46 . 2009-02-03 23:46 <DIR> d-------- c:\documents and settings\Tanja Jovanovic\Application Data\Malwarebytes
2009-02-03 23:46 . 2009-02-03 23:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-03 23:46 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-02-03 23:46 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-02-03 22:21 . 2009-02-03 22:21 30,880 --a------ c:\windows\SYSTEM32\DRIVERS\ukcnxhdk.sys
2009-02-03 22:21 . 2009-02-03 22:21 30,880 --a------ c:\windows\SYSTEM32\DRIVERS\erpiboyy.sys
2009-02-03 20:13 . 2009-02-06 05:12 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2009-02-03 20:07 . 2009-02-03 20:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-02-03 20:07 . 2009-02-07 08:23 31,795 --a------ c:\windows\SYSTEM32\Config.MPF
2009-02-03 20:06 . 2009-02-03 20:12 <DIR> d-------- c:\program files\SiteAdvisor
2009-02-03 20:00 . 2009-01-09 12:03 79,304 --a------ c:\windows\SYSTEM32\DRIVERS\mfeavfk.sys
2009-02-03 20:00 . 2009-01-09 12:03 40,552 --a------ c:\windows\SYSTEM32\DRIVERS\mfesmfk.sys
2009-02-03 20:00 . 2009-01-09 12:03 35,272 --a------ c:\windows\SYSTEM32\DRIVERS\mfebopk.sys
2009-02-03 19:59 . 2008-10-23 13:08 120,136 --a------ c:\windows\SYSTEM32\DRIVERS\Mpfp.sys
2009-02-03 19:58 . 2009-02-03 19:59 <DIR> d-------- c:\program files\Common Files\McAfee
2009-02-03 19:57 . 2009-02-05 05:53 <DIR> d-------- c:\program files\McAfee
2009-02-03 19:54 . 2009-01-09 12:03 34,216 --a------ c:\windows\SYSTEM32\DRIVERS\mferkdk.sys
2009-02-03 19:42 . 2009-02-03 20:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-02-03 11:20 . 2009-02-03 11:20 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-02-03 06:01 . 2009-02-03 20:25 <DIR> d--hs---- c:\windows\VGFuamEgSm92YW5vdmlj
2009-02-03 05:46 . 2009-02-03 19:55 <DIR> d-------- c:\documents and settings\Tanja Jovanovic\Application Data\Twain
2009-02-03 05:46 . 2009-02-03 05:46 85,301 --a------ c:\windows\SYSTEM32\cont_worldadmarketplace-remove.exe
2009-02-03 05:46 . 2009-02-03 05:46 48,266 --a------ c:\windows\SYSTEM32\emqsiaekzajkckzh.exe
2009-02-02 22:23 . 2009-02-04 00:42 <DIR> d-------- c:\program files\WebShow
2009-01-16 10:43 . 2009-01-16 10:43 <DIR> d-------- c:\program files\3DGroove
2009-01-16 10:19 . 2009-01-16 10:19 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-16 10:19 . 2009-01-16 10:19 110 --a------ c:\windows\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
2009-01-13 21:07 . 2008-12-17 00:53 2,686,104 --a------ c:\windows\SYSTEM32\DRIVERS\LV302V32.SYS
2009-01-13 21:06 . 2008-12-17 00:55 195,096 --a------ c:\windows\SYSTEM32\lvci11901262.dll
2009-01-11 21:14 . 2009-01-18 13:57 <DIR> d-------- c:\documents and settings\Tanja Jovanovic\Application Data\temp
2009-01-11 20:41 . 2009-01-11 20:41 <DIR> d-------- c:\windows\Logs
2009-01-11 20:41 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\SYSTEM32\D3DX9_39.dll
2009-01-11 09:40 . 2009-01-11 09:40 <DIR> d-------- c:\documents and settings\Tanja Jovanovic\Application Data\MSNInstaller
2009-01-11 09:26 . 2009-01-11 09:26 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Xfire
2009-01-11 09:11 . 2009-01-11 09:12 4 --a------ c:\windows\SYSTEM32\22E7AD
2009-01-10 17:24 . 2009-01-10 17:24 <DIR> d-------- c:\documents and settings\Tanja Jovanovic\.assistant
2009-01-09 12:03 . 2009-01-09 12:03 213,640 --a------ c:\windows\SYSTEM32\DRIVERS\mfehidk.sys
2009-01-07 17:12 . 2009-01-07 17:12 42,320 --a------ c:\windows\SYSTEM32\xfcodec.dll
2009-01-07 17:07 . 2009-01-07 17:07 <DIR> d-------- c:\program files\DIFX
2009-01-07 17:05 . 2009-01-16 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Leapfrog
2009-01-07 17:04 . 2009-01-16 10:17 <DIR> d-------- c:\program files\LeapFrog

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 15:50 --------- d-----w c:\documents and settings\Tanja Jovanovic\Application Data\Skype
2009-02-07 13:23 --------- d-----w c:\documents and settings\Tanja Jovanovic\Application Data\skypePM
2009-02-07 03:59 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-07 03:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-06 02:32 --------- d-----w c:\documents and settings\Tanja Jovanovic\Application Data\Yahoo!
2009-02-06 02:32 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-02-04 00:58 --------- d-----w c:\program files\McAfee.com
2009-02-03 16:25 --------- d-----w c:\program files\Dl_cats
2009-01-14 02:07 --------- d-----w c:\program files\Common Files\logishrd
2009-01-14 02:04 --------- d-----w c:\program files\Logitech
2009-01-14 02:04 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-01-11 15:02 --------- d-----w c:\program files\Opera
2009-01-11 15:00 --------- d-----w c:\program files\Jasc Software Inc
2009-01-11 14:59 --------- d-----w c:\program files\Canon
2009-01-11 14:55 --------- d-----w c:\program files\Sonic
2009-01-11 14:27 --------- d-----w c:\program files\The Weather Channel FW
2009-01-11 14:24 --------- d-----w c:\program files\7-Zip
2009-01-10 03:18 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-04 01:16 --------- d-----w c:\program files\Yahoo!
2009-01-04 01:16 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo
2009-01-02 23:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-20 18:04 --------- d-----w c:\program files\Common Files\Skype
2008-12-20 00:32 --------- d-----w c:\program files\QuickTime
2008-12-17 06:01 432,664 ----a-w c:\windows\SYSTEM32\LVUI2RC.dll
2008-12-17 06:01 41,752 ----a-w c:\windows\system32\drivers\LVUSBSta.sys
2008-12-17 06:00 768,024 ----a-w c:\windows\system32\drivers\lvrs.sys
2008-12-17 06:00 494,104 ----a-w c:\windows\SYSTEM32\LVUI2.dll
2008-12-17 05:55 416,280 ----a-w c:\windows\SYSTEM32\lvcodec2.dll
2008-12-17 05:53 13,848 ----a-w c:\windows\system32\drivers\lv302af.sys
2008-12-17 05:37 29,562 ----a-w c:\windows\SYSTEM32\Repository.reg
2008-12-17 02:58 25,624 ----a-w c:\windows\system32\drivers\LVPr2Mon.sys
2008-12-17 02:50 13,584 ----a-w c:\windows\system32\drivers\iKeyLgFT.dll
2008-12-13 14:59 --------- d-----w c:\program files\iTunes
2008-12-13 14:59 --------- d-----w c:\program files\iPod
2008-12-13 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-13 06:40 3,593,216 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-13 01:36 --------- d-----w c:\program files\Common Files\Apple
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-12-06 02:04 410,984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2008-12-02 05:07 201,352 ----a-w c:\windows\SYSTEM32\PnkBstrB.exe
2008-08-03 13:20 59,816 ----a-w c:\documents and settings\Tanja Jovanovic\Application Data\GDIPFONTCACHEV1.DAT
2008-02-29 03:22 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-05-08 02:59 774,144 ----a-w c:\program files\RngInterstitial.dll
2005-11-01 02:03 1,447,208 ----a-w c:\program files\R107638.EXE
2009-02-05 21:25 677,888 ----a-w c:\program files\mozilla firefox\components\9d7410cd-1fd8-4db1-f98a-756ff0cae470.dll
2008-12-29 18:08 649,728 ----a-w c:\program files\mozilla firefox\components\nsworldadmarketplace.dll
2008-03-15 19:29 168 --sh--r c:\windows\SYSTEM32\B89EB1C6F4.sys
2008-03-15 19:29 4,184 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
2008-09-13 00:44 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008091220080913\index.dat
2005-08-02 21:58 293,888 --sha-r c:\windows\VGFuamEgSm92YW5vdmlj\command.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0fe33528-7950-d990-3923-2756afe0da4a}]
2009-02-05 16:25 674816 --a------ c:\windows\system32\nsf148.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2008-03-16 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-13 339968]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-25 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-01-09 5134864]
"P17Helper"="P17.dll" [2004-06-10 c:\windows\SYSTEM32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

c:\documents and settings\Tanja Jovanovic\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-11-19 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-19 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\documents and settings\Tanja Jovanovic\Desktop\LeapFrog Connect\CommandService.exe [2008-11-25 991232]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-03 206096]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 FlyUsb;FLY Fusion;c:\windows\SYSTEM32\DRIVERS\FlyUsb.sys [2007-06-19 18560]
.
Contents of the 'Scheduled Tasks' folder

2009-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-30 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (1) (SIMONIDA-Tanja Jovanovic).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2009-02-04 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-02-04 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-02-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-02-05 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe []

2009-02-07 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{B3706DF7-6BF4-4FF1-9BF2-5D108272BA49} - c:\windows\system32\nnnmnkhH.dll
BHO-{D5DAA9ED-3D48-B187-5B29-671A33E5AABC} - c:\windows\system32\cfsgtrwrwx.dll
HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
Notify-awtrQJBT - awtrQJBT.dll


.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uSearchMigratedDefaultURL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG
mStart Page = [Link mogu videti samo ulogovani korisnici]
mSearch Bar = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = [Link mogu videti samo ulogovani korisnici]
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: {70E6E083-6690-4129-A34D-F90094EEB4ED} - [Link mogu videti samo ulogovani korisnici]
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - [Link mogu videti samo ulogovani korisnici]\cdviewer\CdViewer.cab
FF - ProfilePath - c:\documents and settings\Tanja Jovanovic\Application Data\Mozilla\Firefox\Profiles\ofzz9gs2.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\9d7410cd-1fd8-4db1-f98a-756ff0cae470.dll
FF - component: c:\program files\Mozilla Firefox\components\nsworldadmarketplace.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-02-07 14:41:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3230574272-1619121504-978640012-1006\P*W]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"firstLaunch"="false"
.
Completion time: 2009-02-07 14:44:39
ComboFix-quarantined-files.txt 2009-02-07 19:44:11

Pre-Run: 11,717,713,920 bytes free
Post-Run: 15,892,176,896 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

333 --- E O F --- 2009-02-06 02:26:27

Dopuna: 07 Feb 2009 21:05

Sad sam primetoo da sa zeznuo pocetak loga. Umesto da sam kopirao ja sa, iseko. ALi onda nisam imao interenet, pa sam restartovao komp, i sad taj deo nedostaje.
NAdam se da nije problem.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Rekoh li da se isključi zaštitni softver pre pokretanja programa?

Idući put to odradi...




Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\SYSTEM32\6da9ca76-50db-5357-f759-f2d0ecbafa81.exe
c:\windows\SYSTEM32\nsf148.dll
c:\windows\SYSTEM32\DRIVERS\ukcnxhdk.sys
c:\windows\SYSTEM32\DRIVERS\erpiboyy.sys
c:\windows\SYSTEM32\cont_worldadmarketplace-remove.exe
c:\windows\SYSTEM32\emqsiaekzajkckzh.exe
c:\program files\mozilla firefox\components\9d7410cd-1fd8-4db1-f98a-756ff0cae470.dll
c:\program files\mozilla firefox\components\nsworldadmarketplace.dll

Folder::
c:\windows\VGFuamEgSm92YW5vdmlj
c:\program files\WebShow

FileLook::
c:\windows\system32\drivers\iKeyLgFT.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0fe33528-7950-d990-3923-2756afe0da4a}]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\drivers\\svchost.exe"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok, hvala.
Samo da napomenem da kada kliknem na MCAfee nema opcije Exit. KAko da iskljucim MCAfee?

Dopuna: 07 Feb 2009 22:23

Da li taj tekst sto treba da kopiram, treba da stavim u novi NotePAd FIle, ili u onaj log?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Možda ovo pomogne oko isključivanja: [Link mogu videti samo ulogovani korisnici]



Što se tiče CFScript-a... Treba da kopiraš sve što se nalazi unutar kod polja u novi Notepad file i to sačuvaš pod nazivom CFScript.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-02-06.04 - Tanja Jovanovic 2009-02-07 18:24:34.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1291 [GMT -5:00]
Running from: c:\documents and settings\Tanja Jovanovic\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tanja Jovanovic\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\program files\mozilla firefox\components\9d7410cd-1fd8-4db1-f98a-756ff0cae470.dll
c:\program files\mozilla firefox\components\nsworldadmarketplace.dll
c:\windows\SYSTEM32\6da9ca76-50db-5357-f759-f2d0ecbafa81.exe
c:\windows\SYSTEM32\cont_worldadmarketplace-remove.exe
c:\windows\SYSTEM32\DRIVERS\erpiboyy.sys
c:\windows\SYSTEM32\DRIVERS\ukcnxhdk.sys
c:\windows\SYSTEM32\emqsiaekzajkckzh.exe
c:\windows\SYSTEM32\nsf148.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\mozilla firefox\components\9d7410cd-1fd8-4db1-f98a-756ff0cae470.dll
c:\program files\mozilla firefox\components\nsworldadmarketplace.dll
c:\program files\WebShow
c:\windows\SYSTEM32\6da9ca76-50db-5357-f759-f2d0ecbafa81.exe
c:\windows\SYSTEM32\cont_worldadmarketplace-remove.exe
c:\windows\SYSTEM32\DRIVERS\erpiboyy.sys
c:\windows\SYSTEM32\DRIVERS\ukcnxhdk.sys
c:\windows\SYSTEM32\emqsiaekzajkckzh.exe
c:\windows\SYSTEM32\nsf148.dll
c:\windows\VGFuamEgSm92YW5vdmlj
c:\windows\VGFuamEgSm92YW5vdmlj\command.exe

.
((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.

2009-02-06 21:30 . 2009-02-06 21:30 <DIR> d-------- c:\documents and settings\Tanja Jovanovic\mods
2009-02-03 23:46 . 2009-02-03 23:46 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-03 23:46 . 2009-02-03 23:46 <DIR> d-------- c:\documents and settings\Tanja Jovanovic\Application Data\Malwarebytes
2009-02-03 23:46 . 2009-02-03 23:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-03 23:46 . 2009-01-14 16:11 38,496 --a------ c:\windows\SYSTEM32\DRIVERS\mbamswissarmy.sys
2009-02-03 23:46 . 2009-01-14 16:11 15,504 --a------ c:\windows\SYSTEM32\DRIVERS\mbam.sys
2009-02-03 20:13 . 2009-02-06 05:12 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore
2009-02-03 20:07 . 2009-02-03 20:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-02-03 20:07 . 2009-02-07 18:22 32,077 --a------ c:\windows\SYSTEM32\Config.MPF
2009-02-03 20:06 . 2009-02-03 20:12 <DIR> d-------- c:\program files\SiteAdvisor
2009-02-03 20:00 . 2009-01-09 12:03 79,304 --a------ c:\windows\SYSTEM32\DRIVERS\mfeavfk.sys
2009-02-03 20:00 . 2009-01-09 12:03 40,552 --a------ c:\windows\SYSTEM32\DRIVERS\mfesmfk.sys
2009-02-03 20:00 . 2009-01-09 12:03 35,272 --a------ c:\windows\SYSTEM32\DRIVERS\mfebopk.sys
2009-02-03 19:59 . 2008-10-23 13:08 120,136 --a------ c:\windows\SYSTEM32\DRIVERS\Mpfp.sys
2009-02-03 19:58 . 2009-02-03 19:59 <DIR> d-------- c:\program files\Common Files\McAfee
2009-02-03 19:57 . 2009-02-05 05:53 <DIR> d-------- c:\program files\McAfee
2009-02-03 19:54 . 2009-01-09 12:03 34,216 --a------ c:\windows\SYSTEM32\DRIVERS\mferkdk.sys
2009-02-03 19:42 . 2009-02-03 20:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-02-03 11:20 . 2009-02-03 11:20 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-02-03 05:46 . 2009-02-03 19:55 <DIR> d-------- c:\documents and settings\Tanja Jovanovic\Application Data\Twain
2009-01-16 10:43 . 2009-01-16 10:43 <DIR> d-------- c:\program files\3DGroove
2009-01-16 10:19 . 2009-01-16 10:19 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-16 10:19 . 2009-01-16 10:19 110 --a------ c:\windows\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
2009-01-13 21:07 . 2008-12-17 00:53 2,686,104 --a------ c:\windows\SYSTEM32\DRIVERS\LV302V32.SYS
2009-01-13 21:06 . 2008-12-17 00:55 195,096 --a------ c:\windows\SYSTEM32\lvci11901262.dll
2009-01-11 21:14 . 2009-01-18 13:57 <DIR> d-------- c:\documents and settings\Tanja Jovanovic\Application Data\temp
2009-01-11 20:41 . 2009-01-11 20:41 <DIR> d-------- c:\windows\Logs
2009-01-11 20:41 . 2008-07-12 08:18 3,851,784 --a------ c:\windows\SYSTEM32\D3DX9_39.dll
2009-01-11 09:40 . 2009-01-11 09:40 <DIR> d-------- c:\documents and settings\Tanja Jovanovic\Application Data\MSNInstaller
2009-01-11 09:26 . 2009-01-11 09:26 <DIR> d-------- c:\documents and settings\LocalService\Application Data\Xfire
2009-01-11 09:11 . 2009-01-11 09:12 4 --a------ c:\windows\SYSTEM32\22E7AD
2009-01-10 17:24 . 2009-01-10 17:24 <DIR> d-------- c:\documents and settings\Tanja Jovanovic\.assistant
2009-01-09 12:03 . 2009-01-09 12:03 213,640 --a------ c:\windows\SYSTEM32\DRIVERS\mfehidk.sys
2009-01-07 17:12 . 2009-01-07 17:12 42,320 --a------ c:\windows\SYSTEM32\xfcodec.dll
2009-01-07 17:07 . 2009-01-07 17:07 <DIR> d-------- c:\program files\DIFX
2009-01-07 17:05 . 2009-01-16 10:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Leapfrog
2009-01-07 17:04 . 2009-01-16 10:17 <DIR> d-------- c:\program files\LeapFrog

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-07 21:05 --------- d-----w c:\documents and settings\Tanja Jovanovic\Application Data\skypePM
2009-02-07 15:50 --------- d-----w c:\documents and settings\Tanja Jovanovic\Application Data\Skype
2009-02-07 03:59 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-02-07 03:07 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-06 02:32 --------- d-----w c:\documents and settings\Tanja Jovanovic\Application Data\Yahoo!
2009-02-06 02:32 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2009-02-04 00:58 --------- d-----w c:\program files\McAfee.com
2009-02-03 16:25 --------- d-----w c:\program files\Dl_cats
2009-01-14 02:07 --------- d-----w c:\program files\Common Files\logishrd
2009-01-14 02:04 --------- d-----w c:\program files\Logitech
2009-01-14 02:04 --------- d-----w c:\documents and settings\All Users\Application Data\Logishrd
2009-01-11 15:02 --------- d-----w c:\program files\Opera
2009-01-11 15:00 --------- d-----w c:\program files\Jasc Software Inc
2009-01-11 14:59 --------- d-----w c:\program files\Canon
2009-01-11 14:55 --------- d-----w c:\program files\Sonic
2009-01-11 14:27 --------- d-----w c:\program files\The Weather Channel FW
2009-01-11 14:24 --------- d-----w c:\program files\7-Zip
2009-01-10 03:18 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-04 01:16 --------- d-----w c:\program files\Yahoo!
2009-01-04 01:16 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo
2009-01-02 23:44 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-20 18:04 --------- d-----w c:\program files\Common Files\Skype
2008-12-20 00:32 --------- d-----w c:\program files\QuickTime
2008-12-17 06:01 432,664 ----a-w c:\windows\SYSTEM32\LVUI2RC.dll
2008-12-17 06:01 41,752 ----a-w c:\windows\system32\drivers\LVUSBSta.sys
2008-12-17 06:00 768,024 ----a-w c:\windows\system32\drivers\lvrs.sys
2008-12-17 06:00 494,104 ----a-w c:\windows\SYSTEM32\LVUI2.dll
2008-12-17 05:55 416,280 ----a-w c:\windows\SYSTEM32\lvcodec2.dll
2008-12-17 05:53 13,848 ----a-w c:\windows\system32\drivers\lv302af.sys
2008-12-17 05:37 29,562 ----a-w c:\windows\SYSTEM32\Repository.reg
2008-12-17 02:58 25,624 ----a-w c:\windows\system32\drivers\LVPr2Mon.sys
2008-12-17 02:50 13,584 ----a-w c:\windows\system32\drivers\iKeyLgFT.dll
2008-12-13 14:59 --------- d-----w c:\program files\iTunes
2008-12-13 14:59 --------- d-----w c:\program files\iPod
2008-12-13 14:59 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-13 06:40 3,593,216 ------w c:\windows\SYSTEM32\DLLCACHE\mshtml.dll
2008-12-13 01:36 --------- d-----w c:\program files\Common Files\Apple
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 10:57 333,952 ------w c:\windows\SYSTEM32\DLLCACHE\srv.sys
2008-12-06 02:04 410,984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2008-12-02 05:07 201,352 ----a-w c:\windows\SYSTEM32\PnkBstrB.exe
2008-08-03 13:20 59,816 ----a-w c:\documents and settings\Tanja Jovanovic\Application Data\GDIPFONTCACHEV1.DAT
2008-02-29 03:22 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2006-05-08 02:59 774,144 ----a-w c:\program files\RngInterstitial.dll
2005-11-01 02:03 1,447,208 ----a-w c:\program files\R107638.EXE
2008-03-15 19:29 168 --sh--r c:\windows\SYSTEM32\B89EB1C6F4.sys
2008-03-15 19:29 4,184 --sha-w c:\windows\SYSTEM32\KGyGaAvL.sys
2008-09-13 00:44 32,768 --sha-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\MSHist012008091220080913\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.


---- c:\windows\system32\drivers\iKeyLgFT.dll ----
Company: Logitech Inc.
File Description: Installer Key File
File Version: 11.90.1262.0
Product Name: Logitech QuickCam
Copyright: (c) 1996-2008 Logitech. All rights reserved.
Original file name: InstKey.dll
MD5: 0e1ac079d5c942403aba63960e2f53f7


((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-07 17:44:44 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2009-02-07 22:11:39 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2009-02-07 17:44:44 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-02-07 22:11:39 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-07 17:44:44 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-07 22:11:39 32,768 ----a-w c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-17 02:59:28 109,080 ----a-w c:\windows\Temp\logishrd\LVPrcInj01.dll
+ 2009-02-07 19:52:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2008-03-16 40960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"DLBTCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll" [2004-11-09 69632]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-11-10 290816]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-13 339968]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-25 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-01-08 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-01-09 1176808]
"P17Helper"="P17.dll" [2004-06-10 c:\windows\SYSTEM32\P17.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]

c:\documents and settings\Tanja Jovanovic\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-11-19 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-02-19 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\documents and settings\Tanja Jovanovic\Desktop\LeapFrog Connect\CommandService.exe [2008-11-25 991232]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2009-02-03 206096]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 FlyUsb;FLY Fusion;c:\windows\SYSTEM32\DRIVERS\FlyUsb.sys [2007-06-19 18560]
.
Contents of the 'Scheduled Tasks' folder

2009-01-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-30 c:\windows\Tasks\McAfee.com Scan for Viruses - My Computer (1) (SIMONIDA-Tanja Jovanovic).job
- c:\program files\mcafee.com\vso\mcmnhdlr.exe []

2009-02-04 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-02-04 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-01-09 10:53]

2009-02-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]

2009-02-05 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe []

2009-02-07 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
uSearchMigratedDefaultURL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG
mStart Page = [Link mogu videti samo ulogovani korisnici]
mSearch Bar = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
DPF: {70E6E083-6690-4129-A34D-F90094EEB4ED} - [Link mogu videti samo ulogovani korisnici]
DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - [Link mogu videti samo ulogovani korisnici]\cdviewer\CdViewer.cab
FF - ProfilePath - c:\documents and settings\Tanja Jovanovic\Application Data\Mozilla\Firefox\Profiles\ofzz9gs2.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - user.js: keyword.enabled - true
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-02-07 18:28:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBTCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3230574272-1619121504-978640012-1006\P*W]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"firstLaunch"="false"
.
Completion time: 2009-02-07 18:31:20
ComboFix-quarantined-files.txt 2009-02-07 23:30:28
ComboFix2.txt 2009-02-07 19:44:42

Pre-Run: 15,931,596,800 bytes free
Post-Run: 15,919,611,904 bytes free

282 --- E O F --- 2009-02-06 02:26:27

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo izgleda ok.

Kakvo je sada stanje?