Fajl koji ne mogu da izbrisem(opet)

Fajl koji ne mogu da izbrisem(opet)

offline
  • Pridružio: 06 Apr 2007
  • Poruke: 27
  • Gde živiš: ovde

Koristim racunar zajedno sa mladjim bratom, i opet mi se desava da ne mogu da izbrisem fajl, u pitanju je igrica..

Pokusala sam sa Avengerom(ranija iskustva) ali nece....

ovo je sa avengera:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qfabjamx

*******************

Script file located at: \??\C:\Documents and Settings\ganfmggf.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file D:\ za skidanje sa dc++\3D_Ultra_Minigolf_Adventures_Deluxe-setup.exe for deletion
Deletion of file D:\ za skidanje sa dc++\3D_Ultra_Minigolf_Adventures_Deluxe-setup.exe failed!

Could not process line:
D:\ za skidanje sa dc++\3D_Ultra_Minigolf_Adventures_Deluxe-setup.exe
Status: 0xc000003a


Completed script processing.

*******************

Finished! Terminate.


A ovo je Logfile sa HijackThis:



Logfile of HijackThis v1.99.1
Scan saved at 19:01:42, on 9.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
D:\programi\vistta\NEWFOL~1\Aston\aston.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spamihilator\spamihilator.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\BlazeVideo\BlazeDVD\MediaDetector.exe
C:\Program Files\SECUREMAKER\SecureMaker.exe
C:\WINDOWS\system32\notepad.exe
D:\programi\bluetooth adapter\BTNtService.exe
D:\programi\firewall\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
D:\programi\skeniranje virusa\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
F2 - REG:system.ini: Shell=D:\programi\vistta\NEWFOL~1\Aston\aston.exe ,svchost.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\programi\real player\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - (no file)
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeFireTray] D:\programi\firewall\McAfee Desktop Firewall for Windows XP\Firetray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WatchWAN] D:\programi\watcwan 1.1\WatchWAN\WatchWAN.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [Magical Pack] "D:\programi\zakljucavanje kompa\MP\Magical Pack.exe" /silent /TransLevel:255
O4 - HKCU\..\Run: [BlazeServoTool] "C:\Program Files\BlazeVideo\BlazeDVD\MediaDetector.exe"
O4 - Global Startup: SECUREMAKER.lnk = C:\Program Files\SECUREMAKER\SecureMaker.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\programi\bluetooth adapter\BTNtService.exe
O23 - Service: McAfee Desktop Firewall Service (FireSvc) - Networks Associates Technology, Inc. - D:\programi\firewall\McAfee Desktop Firewall for Windows XP\FireSvc.exe
O23 - Service: lxcg_device - Unknown owner - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: AutomatedSurfer (SurferService) - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Dopuna: 09 Feb 2008 19:55

Uploaduj sledeci fajl:
C:\Program Files\SECUREMAKER\SecureMaker.exe

preko ovog linka:
http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 06 Apr 2007
  • Poruke: 27
  • Gde živiš: ovde

ComboFix 08-02.05.3 - user 2008-02-09 20:57:40.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.121 [GMT 1:00]
Running from: D:\programi\skeniranje virusa\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\drivers\sfsync02.sys
C:\WINDOWS\system32\drivers\sfsync03.sys

----- BITS: Possible infected sites -----

hxxp://msgr.dlservice.microsoft.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SFSYNC02
-------\LEGACY_SFSYNC03
-------\sfsync02
-------\sfsync03


((((((((((((((((((((((((( Files Created from 2008-01-09 to 2008-02-09 )))))))))))))))))))))))))))))))
.

2008-01-29 20:09 . 2008-01-29 20:09 14 --a------ C:\WINDOWS\system32\SysEngineDrive1.sys
2008-01-29 20:06 . 2008-01-29 20:06 <DIR> d-------- C:\Program Files\BlazeVideo
2008-01-29 20:06 . 2005-12-01 22:31 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-01-29 20:06 . 2004-08-04 00:56 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2008-01-29 20:06 . 2004-08-04 00:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-01-29 20:06 . 2004-08-04 00:56 56,832 --a------ C:\WINDOWS\system32\msdvbnp.ax
2008-01-29 20:06 . 2004-08-04 00:56 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-01-29 20:06 . 2004-08-04 00:56 33,280 --a------ C:\WINDOWS\system32\psisrndr.ax
2008-01-29 20:06 . 2004-08-04 00:56 33,280 --a--c--- C:\WINDOWS\system32\dllcache\psisrndr.ax
2008-01-17 10:17 . 2008-01-17 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Metacafe
2008-01-11 22:59 . 2008-01-11 22:59 <DIR> d-------- C:\Documents and Settings\user\Application Data\WtmCDProtect

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 17:41 --------- d-----w C:\Documents and Settings\user\Application Data\Skype
2008-02-09 17:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 10:07 --------- d-----w C:\Program Files\Lx_cats
2008-01-12 15:47 --------- d-----w C:\Program Files\Google
2007-12-26 20:46 --------- d-----w C:\Program Files\DivX
2007-12-25 20:55 --------- d-----w C:\Program Files\Java
2007-12-16 09:49 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-16 09:49 --------- d-----w C:\Documents and Settings\user\Application Data\SystemRequirementsLab
2007-12-15 16:27 229,057 ----a-w C:\WINDOWS\Alcohol_Toolbar_Uninstaller_6937.exe
2007-12-15 16:27 --------- d-----w C:\Program Files\Alcohol Toolbar
2007-12-15 16:27 --------- d-----w C:\Program Files\Alcohol Soft
2007-12-15 16:22 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-14 14:56 --------- d-----w C:\Program Files\BearShare applications
2007-12-11 19:08 --------- d-----w C:\Documents and Settings\user\Application Data\DivX
2007-12-10 18:18 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-10 18:18 --------- d-----w C:\Documents and Settings\user\Application Data\AdobeUM
2007-11-24 22:50 45,056 ----a-w C:\WINDOWS\NCUNINST.EXe
2007-11-24 22:50 40,960 ----a-w C:\WINDOWS\NCLAUNCH.EXe
2006-11-14 07:42 152 --sh--r C:\WINDOWS\system32\495B68E769.sys
2007-04-07 09:30 8 --sh--r C:\WINDOWS\system32\8AF25EAEB4.sys
2007-04-06 22:38 56 --sh--r C:\WINDOWS\system32\B4AE5EF28A.sys
2007-05-24 11:30 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19 5728112]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"WatchWAN"="D:\programi\watcwan 1.1\WatchWAN\WatchWAN.exe" [2006-03-31 20:36 352256]
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-01-24 14:49 619008]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 15:16 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-18 12:14 23423528]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-11-24 23:50 40960]
"Magical Pack"="D:\programi\zakljucavanje kompa\MP\Magical Pack.exe" [ ]
"BlazeServoTool"="C:\Program Files\BlazeVideo\BlazeDVD\MediaDetector.exe" [2006-06-29 18:54 286720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 20:05 339968]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 15:21 69632]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-05 00:24 200704]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-06-08 17:19 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-05-03 19:20 299008]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 15:39 40960]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-10-06 15:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2004-02-19 13:07 147514]
"McAfeeFireTray"="D:\programi\firewall\McAfee Desktop Firewall for Windows XP\Firetray.exe" [2005-04-12 18:40 655420]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-22 16:01 185632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SECUREMAKER.lnk - C:\Program Files\SECUREMAKER\SecureMaker.exe [2007-10-29 15:21:01 3227648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkStation"= 0 (0x0)

R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2004-11-18 11:49]
R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2007-05-14 18:14]
R2 sm;SECUREMAKER driver;C:\WINDOWS\system32\drivers\sm.sys [2007-07-05 16:10]
S2 SurferService;AutomatedSurfer;C:\WINDOWS\system32\srvany.exe [1997-05-14 23:49]
S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2004-11-18 11:49]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-08-16 16:17]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 00:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-11-01 13:25:41 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-09 21:02:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\Program Files\LClock\LC.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\programi\bluetooth adapter\BTNtService.exe
C:\WINDOWS\system32\rundll32.exe
D:\programi\firewall\McAfee Desktop Firewall for Windows XP\FireSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PSIService.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
.
**************************************************************************
.
Completion time: 2008-02-09 21:06:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-09 20:06:21
.
2008-01-08 23:26:46 --- E O F ---




I poslala sam ovo sto si rekao.

jos nesto: kad sam downoload-ovala combofix, smestio ga je u isti fajl kao i ono sto ne mogu izbrisati. Iz tog fajla ne mogu pokrenuti combo, pa sam morala u drugi fajl, mozda ce nesto reci???

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:


File::
D:\za skidanje sa dc++\3D_Ultra_Minigolf_Adventures_Deluxe-setup.exe





Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 06 Apr 2007
  • Poruke: 27
  • Gde živiš: ovde

ComboFix 08-02.05.3 - user 2008-02-10 16:26:34.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.216 [GMT 1:00]
Running from: D:\programi\skeniranje virusa\ComboFix.exe
Command switches used :: C:\Documents and Settings\user\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
D:\za skidanje sa dc++\3D_Ultra_Minigolf_Adventures_Deluxe-setup.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\za skidanje sa dc++\3D_Ultra_Minigolf_Adventures_Deluxe-setup.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-10 to 2008-02-10 )))))))))))))))))))))))))))))))
.

2008-01-29 20:09 . 2008-01-29 20:09 14 --a------ C:\WINDOWS\system32\SysEngineDrive1.sys
2008-01-29 20:06 . 2008-01-29 20:06 <DIR> d-------- C:\Program Files\BlazeVideo
2008-01-29 20:06 . 2005-12-01 22:31 1,645,320 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-01-29 20:06 . 2004-08-04 00:56 363,520 --a------ C:\WINDOWS\system32\psisdecd.dll
2008-01-29 20:06 . 2004-08-04 00:56 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-01-29 20:06 . 2004-08-04 00:56 56,832 --a------ C:\WINDOWS\system32\msdvbnp.ax
2008-01-29 20:06 . 2004-08-04 00:56 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-01-29 20:06 . 2004-08-04 00:56 33,280 --a------ C:\WINDOWS\system32\psisrndr.ax
2008-01-29 20:06 . 2004-08-04 00:56 33,280 --a--c--- C:\WINDOWS\system32\dllcache\psisrndr.ax
2008-01-17 10:17 . 2008-01-17 10:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Metacafe
2008-01-11 22:59 . 2008-01-11 22:59 <DIR> d-------- C:\Documents and Settings\user\Application Data\WtmCDProtect

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 17:41 --------- d-----w C:\Documents and Settings\user\Application Data\Skype
2008-02-09 17:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-01 10:07 --------- d-----w C:\Program Files\Lx_cats
2008-01-12 15:47 --------- d-----w C:\Program Files\Google
2007-12-26 20:46 --------- d-----w C:\Program Files\DivX
2007-12-25 20:55 --------- d-----w C:\Program Files\Java
2007-12-16 09:49 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-16 09:49 --------- d-----w C:\Documents and Settings\user\Application Data\SystemRequirementsLab
2007-12-15 16:27 229,057 ----a-w C:\WINDOWS\Alcohol_Toolbar_Uninstaller_6937.exe
2007-12-15 16:27 --------- d-----w C:\Program Files\Alcohol Toolbar
2007-12-15 16:27 --------- d-----w C:\Program Files\Alcohol Soft
2007-12-15 16:22 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-12-14 14:56 --------- d-----w C:\Program Files\BearShare applications
2007-12-11 22:34 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-12-11 22:34 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-12-11 19:08 --------- d-----w C:\Documents and Settings\user\Application Data\DivX
2007-12-10 18:18 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-10 18:18 --------- d-----w C:\Documents and Settings\user\Application Data\AdobeUM
2007-12-07 14:52 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2007-11-29 22:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-11-29 22:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-11-24 22:50 45,056 ----a-w C:\WINDOWS\NCUNINST.EXe
2007-11-24 22:50 40,960 ----a-w C:\WINDOWS\NCLAUNCH.EXe
2006-11-14 07:42 152 --sh--r C:\WINDOWS\system32\495B68E769.sys
2007-04-07 09:30 8 --sh--r C:\WINDOWS\system32\8AF25EAEB4.sys
2007-04-06 22:38 56 --sh--r C:\WINDOWS\system32\B4AE5EF28A.sys
2007-05-24 11:30 5,852 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-08-16 16:19 5728112]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"WatchWAN"="D:\programi\watcwan 1.1\WatchWAN\WatchWAN.exe" [2006-03-31 20:36 352256]
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [2007-01-24 14:49 619008]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 15:16 68856]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-18 12:14 23423528]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2007-11-24 23:50 40960]
"Magical Pack"="D:\programi\zakljucavanje kompa\MP\Magical Pack.exe" [ ]
"BlazeServoTool"="C:\Program Files\BlazeVideo\BlazeDVD\MediaDetector.exe" [2006-06-29 18:54 286720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-02-22 20:05 339968]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 15:30 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30 81920]
"LXCGCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-04-27 15:21 69632]
"lxcgmon.exe"="C:\Program Files\Lexmark 2300 Series\lxcgmon.exe" [2005-05-05 00:24 200704]
"EzPrint"="C:\Program Files\Lexmark 2300 Series\ezprint.exe" [2005-06-08 17:19 94208]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2005-05-03 19:20 299008]
"snpstd"="C:\WINDOWS\vsnpstd.exe" [2003-12-31 15:39 40960]
"LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-10-06 15:50 139320]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2004-02-19 13:07 147514]
"McAfeeFireTray"="D:\programi\firewall\McAfee Desktop Firewall for Windows XP\Firetray.exe" [2005-04-12 18:40 655420]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-11-22 16:01 185632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
SECUREMAKER.lnk - C:\Program Files\SECUREMAKER\SecureMaker.exe [2007-10-29 15:21:01 3227648]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableChangePassword"= 0 (0x0)
"DisableLockWorkStation"= 0 (0x0)

R1 eusk2par;EUTRON SmartKey Parallel Driver;C:\WINDOWS\system32\Drivers\eusk2par.sys [2004-11-18 11:49]
R1 hwinterface;hwinterface;C:\WINDOWS\system32\Drivers\hwinterface.sys [2007-05-14 18:14]
R2 sm;SECUREMAKER driver;C:\WINDOWS\system32\drivers\sm.sys [2007-07-05 16:10]
S2 SurferService;AutomatedSurfer;C:\WINDOWS\system32\srvany.exe [1997-05-14 23:49]
S3 eusk3usb;SmartKey 3 USB;C:\WINDOWS\system32\Drivers\eusk3usb.sys [2004-11-18 11:49]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-08-16 16:17]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-15 00:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-11-01 13:25:41 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-10 16:28:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-10 16:29:29
ComboFix-quarantined-files.txt 2008-02-10 15:29:08
ComboFix2.txt 2008-02-09 20:06:37
.
2008-01-08 23:26:46 --- E O F ---


Nema ga vise Smile

Jeste li pregledali onaj fajl sto sam poslala?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

OK.Sad je sve uredu.Log ne pokazuje znake malware aktivnosti.

Ko je trenutno na forumu
 

Ukupno su 974 korisnika na forumu :: 26 registrovanih, 8 sakrivenih i 940 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: d bos, DonRumataEstorski, Dorcolac, filiphr, krokodokodil, Kubovac, kunktator, MiG-29M2, mikrimaus, milenko crazy north, milutin134, mkukoleca, Parker, pein, Povratak1912, raptorsi, ruma, S-lash, Sir Budimir, stegonosa, theNedjeljko, uruk, vathra, Vlada1389, vranjanac29, Žoržo