Trojan - ne mogu ga ukloniti

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-03-29.04 - Korisnik 2009-04-01 13:56:11.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.385.1033.18.511.241 [GMT 2:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt
AV: Eset NOD32 antivirus system 2.51 *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\byXQGwUL.dll
c:\windows\system32\fcccaXon.dll
c:\windows\system32\hgGyvwXr.dll
c:\windows\system32\ljJBrOfD.dll
c:\windows\system32\rqRHXrPg.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\byXQGwUL.dll
c:\windows\system32\cdejilfq.dll
c:\windows\system32\cgktyj.dll
c:\windows\system32\fccaArPF.dll
c:\windows\system32\fcccaXon.dll
c:\windows\system32\FPrAaccf.ini
c:\windows\system32\FPrAaccf.ini2
c:\windows\system32\hgGyvwXr.dll
c:\windows\system32\ljJBrOfD.dll
c:\windows\system32\rqRHXrPg.dll
c:\windows\system32\wswqfqqj.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-01 to 2009-04-01 )))))))))))))))))))))))))))))))
.

2009-04-01 13:18 . 2009-04-01 13:18 61,440 --a------ c:\windows\system32\sxpvlnat.exe
2009-03-31 21:17 . 2009-03-31 21:17 61,440 --a------ c:\windows\system32\ftjjmsjn.exe
2009-03-28 22:40 . 2009-03-29 15:03 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\HouseCall 6.6
2009-03-21 13:58 . 2009-03-23 22:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\NFS Underground
2009-03-21 13:48 . 2009-03-21 13:48 <DIR> d-------- c:\program files\EA GAMES
2009-03-21 12:03 . 2009-03-21 12:03 <DIR> d-------- c:\program files\Electronic Arts
2009-03-21 12:03 . 2007-10-22 04:39 267,272 --a------ c:\windows\system32\xactengine2_10.dll
2009-03-21 12:02 . 2007-10-12 16:14 3,734,536 --a------ c:\windows\system32\d3dx9_36.dll
2009-03-21 12:02 . 2007-10-12 16:14 1,374,232 --a------ c:\windows\system32\D3DCompiler_36.dll
2009-03-21 12:02 . 2007-10-02 10:56 444,776 --a------ c:\windows\system32\d3dx10_36.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-30 19:27 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-03-27 18:13 --------- d-----w c:\program files\Java
2009-03-26 20:03 5,632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2009-03-18 18:52 --------- d-----w c:\program files\UBISOFT
2009-03-18 18:45 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-18 18:40 --------- d-----w c:\program files\Empire Interactive
2009-03-09 04:19 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-02-26 19:05 --------- d-----w c:\documents and settings\Korisnik\Application Data\LimeWire
2009-02-19 13:30 12,400 ----a-w c:\windows\system32\drivers\secdrv.sys
2009-02-18 18:36 --------- d-----w c:\program files\Microsoft Money 2005
2009-02-17 20:02 102,664 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-02-17 12:22 --------- d-----w c:\program files\Illustrate(2)
2009-02-17 12:22 --------- d-----w c:\program files\Burrrn
2009-02-14 15:02 7,216 ----a-w c:\windows\system32\CreatingCD.bin
2009-02-10 17:51 --------- d-----w c:\program files\ParallelGraphics
2009-02-10 17:51 --------- d-----w c:\program files\Common Files\ParallelGraphics
2009-02-09 18:05 --------- d-----w c:\documents and settings\Korisnik\Application Data\Ace
2009-02-09 12:25 --------- d-----w c:\documents and settings\Korisnik\Application Data\Thinstall
2009-02-06 18:49 --------- d-----w c:\program files\MSN Messenger
.

((((((((((((((((((((((((((((( SnapShot@2009-03-30_21.47.42.14 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-01 12:01:44 16,384 ----atw c:\windows\temp\Perflib_Perfdata_384.dat
+ 2009-04-01 12:03:15 16,384 ----atw c:\windows\temp\Perflib_Perfdata_a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-15 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 32768]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2006-03-20 516096]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-04-24 917504]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-01 113664]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=

S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2009-04-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 19:31]

2009-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1417001333-725345543-1003.job
- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-15 21:45]

2009-04-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1417001333-725345543-1005.job
- c:\documents and settings\Aida\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-26 13:35]
.
- - - - ORPHANS REMOVED - - - -

BHO-{021638b8-892b-41ac-8330-ebc30b69609c} - c:\windows\system32\cgktyj.dll
BHO-{C09DE1F6-DBF4-4BF8-BA2F-CCA150B2C4AF} - c:\windows\system32\fccaArPF.dll
ShellExecuteHooks-{cdf8cb52-96f0-46da-b95a-12111625d1e6} - c:\windows\system32\cgktyj.dll


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\qu7l717h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bljesak.info/
FF - component: c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\qu7l717h.default\extensions\piclens@cooliris.com\components\piclensstub.dll
FF - plugin: c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-01 14:03:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(580)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ESET\nod32krn.exe
.
**************************************************************************
.
Completion time: 2009-04-01 14:06:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-01 12:06:32
ComboFix2.txt 2009-03-31 17:57:26
ComboFix3.txt 2009-03-30 20:36:37
ComboFix4.txt 2009-03-30 19:48:41
ComboFix5.txt 2009-04-01 11:21:02

Pre-Run: 5.162.860.544 bytes free
Post-Run: 5,151,395,840 bytes free

160

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Obriši sledeće file-ove:

c:\windows\system32\sxpvlnat.exe
c:\windows\system32\ftjjmsjn.exe




Kakvo je sada stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Cini se da je ok. Morao samukloniti jos neke adware-e, ali radi odlicno
Hvala velika na pomoci i na strpljenju.
Javim ti se ako nesto ne bude stimalo

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Deinstalacija ComboFix-a:
Klikni START a zatim RUN.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.



To je sve.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Thanx again
Pozz