MyCity » Ambulanta -> Arhiva Ambulante » proveru molim

proveru molim

Napisano na dan: 7.9.2008
1

proveru molim
Sledeća strana Pagination

Idi na vrh

Poslao: 07 Sep 2008 20:14
Idi na vrh
offline
  • Pridružio: 29 Mar 2006
  • Poruke: 34
  • Gde živiš: Leskovac

avast mi je prijavio neki virus. skenirao sam u safemodu sa avastom i adaware i pokazali su da je nešto obrisano. medjutim komp se i dalje čudno ponaša, naime ne mogu da otvorim nijedam folder. koristim XP SP2.
da li mi možete pomoći? hvala

Logfile of HijackThis v1.99.1
Scan saved at 20:05:05, on 7.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\system32\lxdccoms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\\Desktop\provera1.99.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Safe web - {A8485774-8230-4D88-B00F-4A04A3E4FC1C} - C:\WINDOWS\system32\supsafe.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LXDCCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: lxdc_device - - C:\WINDOWS\system32\lxdccoms.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

Poslao: 07 Sep 2008 20:18
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 07 Sep 2008 22:20
Idi na vrh
offline
  • Pridružio: 29 Mar 2006
  • Poruke: 34
  • Gde živiš: Leskovac

ComboFix 08-09-05.03 - 2008-09-07 22:09:52.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.87 [GMT 2:00]
Running from: C:\Documents and Settings\\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.

2008-09-07 16:11 . 2008-09-07 16:11 <DIR> d--hs---- C:\FOUND.000
2008-09-07 15:32 . 2008-09-07 15:32 17,408 --a------ C:\WINDOWS\system32\syss.dll
2008-09-07 15:32 . 2008-09-07 15:32 17,408 --a------ C:\WINDOWS\system32\roisf.dll
2008-09-07 15:31 . 2008-09-07 15:31 17,408 --a------ C:\WINDOWS\system32\rois.dll
2008-09-07 15:30 . 2008-09-07 15:30 17,408 --a------ C:\WINDOWS\system32\syssf.dll
2008-09-07 15:30 . 2008-09-07 15:30 17,408 --a------ C:\WINDOWS\system32\supsf.dll
2008-09-07 15:30 . 2008-09-07 15:30 17,408 --a------ C:\WINDOWS\system32\supsafe.dll
2008-09-06 19:19 . 2008-09-06 19:19 <DIR> d-------- C:\Documents and Settings\ana i andjela\Application Data\FastStone
2008-09-04 11:31 . 2008-09-04 11:31 <DIR> d-------- C:\logs
2008-09-04 11:05 . 1998-06-24 00:00 140,096 --a------ C:\WINDOWS\system32\ComDlg32.ocx
2008-09-04 11:05 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\Vb5db.dll
2008-08-25 21:20 . 2004-08-03 23:00 17,664 --a------ C:\WINDOWS\system32\drivers\ppa3.sys
2008-08-25 21:20 . 2004-08-03 23:00 17,664 --a------ C:\WINDOWS\system32\dllcache\ppa3.sys
2008-08-25 21:19 . 2008-08-25 21:19 <DIR> d-------- C:\Documents and Settings\ana i andjela\Application Data\Active Disk
2008-08-25 21:13 . 2008-08-25 21:13 <DIR> d-------- C:\Program Files\Iomega
2008-08-25 21:13 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-08-22 19:09 . 2008-08-22 19:09 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-08-21 16:35 . 2008-08-23 15:11 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-08-20 22:29 . 2008-08-20 22:29 2 --a------ C:\WINDOWS\msoffice.ini
2008-08-20 22:26 . 2008-08-20 22:26 570 --a------ C:\WINDOWS\eReg.dat
2008-08-20 22:18 . 2008-08-20 22:19 37,320,352 --a------ C:\WINDOWS\aolback.exe
2008-08-20 22:18 . 2004-08-03 22:56 1,483,264 --a------ C:\WINDOWS\system32\shdocvw.bak
2008-08-20 22:17 . 2008-08-20 22:17 <DIR> d-------- C:\Program Files\Common Files\Real
2008-08-20 22:17 . 2008-08-20 22:17 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-08-20 22:17 . 2001-09-25 09:39 54,784 --a------ C:\WINDOWS\system32\Inetwh32.dll
2008-08-20 22:17 . 2001-09-04 07:09 40,960 --a------ C:\WINDOWS\AolCInUn.exe
2008-08-20 22:17 . 2001-09-25 09:38 29,184 --a------ C:\WINDOWS\system32\popup.ocx
2008-08-20 22:16 . 2008-08-20 22:19 382 --ah----- C:\IPH.PH
2008-08-11 18:39 . 2008-08-11 18:39 <DIR> d-------- C:\Program Files\Mv2Player
2008-08-11 18:38 . 2008-08-11 18:38 <DIR> d-------- C:\Program Files\ffdshow
2008-08-11 18:36 . 2008-08-11 18:36 <DIR> d-------- C:\Program Files\XviD
2008-08-11 18:35 . 2008-08-11 18:35 <DIR> d-------- C:\Program Files\DivX
2008-08-11 18:33 . 2008-08-11 18:33 262,884 --a------ C:\WINDOWS\IPUI_DivXG400.exe
2008-08-11 18:33 . 2008-08-11 18:33 245,760 --a------ C:\WINDOWS\system32\DivXG400.ax
2008-08-11 18:33 . 2008-08-11 18:33 21,869 --a------ C:\WINDOWS\system32\divxg400.htm
2008-08-08 11:49 . 2008-08-08 11:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-06 15:09 --------- d-----w C:\Program Files\Common Files\Vivendi Universal Games
2008-08-06 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
2008-08-05 17:05 --------- d-----w C:\Program Files\Lavasoft
2008-08-05 17:05 --------- d-----w C:\Documents and Settings\\Application Data\Lavasoft
2008-08-05 12:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-08-04 13:10 --------- d-----w C:\Program Files\QuickTime
2008-08-04 12:59 --------- d-----w C:\Program Files\Common Files\Knowledge Adventure
2008-08-03 13:37 98,304 ------w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-31 21:53 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-07-31 21:53 249,856 ------w C:\WINDOWS\Setup1.exe
2008-07-31 21:53 178,176 ------w C:\WINDOWS\system32\OposRf.DLL
2008-07-31 21:53 101,888 ------w C:\WINDOWS\system32\VB6STKIT.DLL
2008-07-29 17:10 355,584 ------w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-29 17:09 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-29 17:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-29 16:59 --------- d-----w C:\Program Files\CCleaner
2008-07-26 18:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-07-26 18:11 --------- d-----w C:\Program Files\IVT Corporation
2008-07-25 16:44 --------- d-----w C:\Program Files\WON
2008-07-25 16:42 --------- d-----w C:\Program Files\Sierra
2008-07-24 13:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-24 13:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-23 19:36 --------- d-----w C:\Program Files\Alwil Software
2008-07-23 19:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-23 19:32 --------- d-----w C:\Documents and Settings\\Application Data\InterTrust
2008-07-23 19:27 --------- d-----w C:\Program Files\ACD Systems
2008-07-23 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-07-23 19:22 --------- d-----w C:\Documents and Settings\\Application Data\Lexmark Imaging Studio
2008-07-23 18:57 --------- d-----w C:\Documents and Settings\\Application Data\Microsoft Web Folders
2008-07-23 18:54 --------- d-----w C:\Program Files\Lexmark 1300 Series
2008-07-23 18:49 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-23 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-23 18:48 --------- d-----w C:\Program Files\Ahead
2008-07-23 18:45 --------- d-----w C:\Program Files\AC3Filter
2008-07-23 18:39 --------- d-----w C:\Program Files\Winamp
2008-07-23 18:36 --------- d-----w C:\Program Files\Advanced Disk Catalog
2008-07-23 18:32 --------- d-----w C:\Program Files\Opera
2008-07-23 18:22 --------- d-----w C:\Documents and Settings\\Application Data\TuneUp Software
2008-07-23 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-23 18:19 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-07-23 17:39 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8485774-8230-4D88-B00F-4A04A3E4FC1C}]
2008-09-07 15:30 17408 --a------ C:\WINDOWS\system32\supsafe.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"LXDCCATS"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-23 102400]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageFox.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageFox.lnk
backup=C:\WINDOWS\pss\ImageFox.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdcamon]
--a------ 2007-02-06 01:32 20480 C:\Program Files\Lexmark 1300 Series\lxdcamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--------- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2005-11-15 21:31 33792 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra------ 2003-03-20 00:21 1855488 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\lxdccoms.exe"=
"C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"C:\\Program Files\\Lexmark 1300 Series\\App4R.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 lxdc_device;lxdc_device;C:\WINDOWS\system32\lxdccoms.exe [2007-02-13 537520]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-29 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-lxdcmon - C:\Program Files\Lexmark 1300 Series\lxdcmon.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-07 22:12:29
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDCCATS = rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
Completion time: 2008-09-07 22:14:00
ComboFix-quarantined-files.txt 2008-09-07 20:13:52

Pre-Run: 7,650,983,936 bytes free
Post-Run: 7,644,733,440 bytes free

167

Poslao: 09 Sep 2008 07:08
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Izvini na kasnjenju.
Nadji sledece fajlove na svom hard disku i spakuj ih u jedan ZIP (ili RAR)

C:\WINDOWS\system32\syss.dll
C:\WINDOWS\system32\roisf.dll
C:\WINDOWS\system32\rois.dll
C:\WINDOWS\system32\syssf.dll
C:\WINDOWS\system32\supsf.dll
C:\WINDOWS\system32\supsafe.dll
C:\WINDOWS\system32\drivers\ppa3.sys
C:\WINDOWS\system32\dllcache\ppa3.sys

Uploaduj mi ih na proveru preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

Poslao: 09 Sep 2008 18:08
Idi na vrh
offline
  • Pridružio: 29 Mar 2006
  • Poruke: 34
  • Gde živiš: Leskovac

hvala na javljanju, poslednji fajl koji ste tražili nisam uspeo da nadjem,
a ove ostale sam uploadovao. šta dalje?
pozdrav

Dopuna: 09 Sep 2008 18:08

kada pokušam da otvorim MyComputer ili neki drugi folder pokazuje mi sledeće obaveštenje:
Windows explorer has encountered a problem and needs to close. We are sorry for the inconvenience.

Poslao: 09 Sep 2008 21:54
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\syss.dll
C:\WINDOWS\system32\roisf.dll
C:\WINDOWS\system32\rois.dll
C:\WINDOWS\system32\syssf.dll
C:\WINDOWS\system32\supsf.dll
C:\WINDOWS\system32\supsafe.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A8485774-8230-4D88-B00F-4A04A3E4FC1C}]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 09 Sep 2008 22:32
Idi na vrh
offline
  • Pridružio: 29 Mar 2006
  • Poruke: 34
  • Gde živiš: Leskovac

ComboFix 08-09-05.03 - ana i andjela 2008-09-09 22:22:00.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.85 [GMT 2:00]
Running from: C:\Documents and Settings\ana i andjela\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\rois.dll
C:\WINDOWS\system32\roisf.dll
C:\WINDOWS\system32\supsafe.dll
C:\WINDOWS\system32\supsf.dll
C:\WINDOWS\system32\syss.dll
C:\WINDOWS\system32\syssf.dll

.
((((((((((((((((((((((((( Files Created from 2008-08-09 to 2008-09-09 )))))))))))))))))))))))))))))))
.

2008-09-07 16:11 . 2008-09-07 16:11 <DIR> d--hs---- C:\FOUND.000
2008-09-06 19:19 . 2008-09-06 19:19 <DIR> d-------- C:\Documents and Settings\\Application Data\FastStone
2008-09-04 11:31 . 2008-09-04 11:31 <DIR> d-------- C:\logs
2008-09-04 11:05 . 1998-06-24 00:00 140,096 --a------ C:\WINDOWS\system32\ComDlg32.ocx
2008-09-04 11:05 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\Vb5db.dll
2008-08-25 21:20 . 2004-08-03 23:00 17,664 --a------ C:\WINDOWS\system32\drivers\ppa3.sys
2008-08-25 21:20 . 2004-08-03 23:00 17,664 --a------ C:\WINDOWS\system32\dllcache\ppa3.sys
2008-08-25 21:19 . 2008-08-25 21:19 <DIR> d-------- C:\Documents and Settings\\Application Data\Active Disk
2008-08-25 21:13 . 2008-08-25 21:13 <DIR> d-------- C:\Program Files\Iomega
2008-08-25 21:13 . 1999-12-17 10:13 86,016 --a------ C:\WINDOWS\unvise32.exe
2008-08-22 19:09 . 2008-08-22 19:09 <DIR> d-------- C:\WINDOWS\Applian FLV Player
2008-08-21 16:35 . 2008-08-23 15:11 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2008-08-20 22:29 . 2008-08-20 22:29 2 --a------ C:\WINDOWS\msoffice.ini
2008-08-20 22:26 . 2008-08-20 22:26 570 --a------ C:\WINDOWS\eReg.dat
2008-08-20 22:18 . 2008-08-20 22:19 37,320,352 --a------ C:\WINDOWS\aolback.exe
2008-08-20 22:18 . 2004-08-03 22:56 1,483,264 --a------ C:\WINDOWS\system32\shdocvw.bak
2008-08-20 22:17 . 2008-08-20 22:17 <DIR> d-------- C:\Program Files\Common Files\Real
2008-08-20 22:17 . 2008-08-20 22:17 <DIR> d-------- C:\Program Files\Common Files\aolshare
2008-08-20 22:17 . 2001-09-25 09:39 54,784 --a------ C:\WINDOWS\system32\Inetwh32.dll
2008-08-20 22:17 . 2001-09-04 07:09 40,960 --a------ C:\WINDOWS\AolCInUn.exe
2008-08-20 22:17 . 2001-09-25 09:38 29,184 --a------ C:\WINDOWS\system32\popup.ocx
2008-08-20 22:16 . 2008-08-20 22:19 382 --ah----- C:\IPH.PH
2008-08-11 18:39 . 2008-08-11 18:39 <DIR> d-------- C:\Program Files\Mv2Player
2008-08-11 18:38 . 2008-08-11 18:38 <DIR> d-------- C:\Program Files\ffdshow
2008-08-11 18:36 . 2008-08-11 18:36 <DIR> d-------- C:\Program Files\XviD
2008-08-11 18:35 . 2008-08-11 18:35 <DIR> d-------- C:\Program Files\DivX
2008-08-11 18:33 . 2008-08-11 18:33 262,884 --a------ C:\WINDOWS\IPUI_DivXG400.exe
2008-08-11 18:33 . 2008-08-11 18:33 245,760 --a------ C:\WINDOWS\system32\DivXG400.ax
2008-08-11 18:33 . 2008-08-11 18:33 21,869 --a------ C:\WINDOWS\system32\divxg400.htm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-08 09:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-06 15:09 --------- d-----w C:\Program Files\Common Files\Vivendi Universal Games
2008-08-06 15:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
2008-08-05 17:05 --------- d-----w C:\Program Files\Lavasoft
2008-08-05 17:05 --------- d-----w C:\Documents and Settings\\Application Data\Lavasoft
2008-08-05 12:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-08-04 13:10 --------- d-----w C:\Program Files\QuickTime
2008-08-04 12:59 --------- d-----w C:\Program Files\Common Files\Knowledge Adventure
2008-08-03 13:37 98,304 ------w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-31 21:53 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2008-07-31 21:53 249,856 ------w C:\WINDOWS\Setup1.exe
2008-07-31 21:53 178,176 ------w C:\WINDOWS\system32\OposRf.DLL
2008-07-31 21:53 101,888 ------w C:\WINDOWS\system32\VB6STKIT.DLL
2008-07-29 17:10 355,584 ------w C:\WINDOWS\system32\TuneUpDefragService.exe
2008-07-29 17:09 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-07-29 17:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-29 16:59 --------- d-----w C:\Program Files\CCleaner
2008-07-26 18:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-07-26 18:11 --------- d-----w C:\Program Files\IVT Corporation
2008-07-25 16:44 --------- d-----w C:\Program Files\WON
2008-07-25 16:42 --------- d-----w C:\Program Files\Sierra
2008-07-24 13:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-24 13:08 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-23 19:36 --------- d-----w C:\Program Files\Alwil Software
2008-07-23 19:32 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-23 19:32 --------- d-----w C:\Documents and Settings\\Application Data\InterTrust
2008-07-23 19:27 --------- d-----w C:\Program Files\ACD Systems
2008-07-23 19:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-07-23 19:22 --------- d-----w C:\Documents and Settings\\Application Data\Lexmark Imaging Studio
2008-07-23 18:57 --------- d-----w C:\Documents and Settings\\Application Data\Microsoft Web Folders
2008-07-23 18:54 --------- d-----w C:\Program Files\Lexmark 1300 Series
2008-07-23 18:49 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-23 18:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-07-23 18:48 --------- d-----w C:\Program Files\Ahead
2008-07-23 18:45 --------- d-----w C:\Program Files\AC3Filter
2008-07-23 18:39 --------- d-----w C:\Program Files\Winamp
2008-07-23 18:36 --------- d-----w C:\Program Files\Advanced Disk Catalog
2008-07-23 18:32 --------- d-----w C:\Program Files\Opera
2008-07-23 18:22 --------- d-----w C:\Documents and Settings\\Application Data\TuneUp Software
2008-07-23 18:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-07-23 18:19 --------- d-----w C:\Program Files\vanBasco's Karaoke Player
2008-07-23 17:39 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2008-09-07_22.12.59.91 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-09 20:17:42 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_4b4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
"LXDCCATS"="C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll" [2007-01-23 102400]
"ADUserMon"="C:\Program Files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ImageFox.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageFox.lnk
backup=C:\WINDOWS\pss\ImageFox.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxdcamon]
--a------ 2007-02-06 01:32 20480 C:\Program Files\Lexmark 1300 Series\lxdcamon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--------- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2005-11-15 21:31 33792 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
-ra------ 2003-03-20 00:21 1855488 C:\WINDOWS\mixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\lxdccoms.exe"=
"C:\\Program Files\\Lexmark 1300 Series\\lxdcamon.exe"=
"C:\\Program Files\\Lexmark 1300 Series\\App4R.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 lxdc_device;lxdc_device;C:\WINDOWS\system32\lxdccoms.exe [2007-02-13 537520]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 14336]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-07-29 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-09-09 22:24:34
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDCCATS = rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXDCtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
Completion time: 2008-09-09 22:25:47
ComboFix-quarantined-files.txt 2008-09-09 20:25:42
ComboFix2.txt 2008-09-07 20:14:04

Pre-Run: 7,592,673,280 bytes free
Post-Run: 7,585,914,880 bytes free

166

Poslao: 09 Sep 2008 22:36
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Kako se sada ponasa komp?

Poslao: 09 Sep 2008 22:43
Idi na vrh
offline
  • Pridružio: 29 Mar 2006
  • Poruke: 34
  • Gde živiš: Leskovac

za sada dobro radi! jedino što nisam našao onaj poslednji fajl koji ste tražili.
hvala puno na pomoći, da li treba još nešto ili je sada sve ok?
pozdrav

Poslao: 10 Sep 2008 05:53
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Onaj jedan fajl koji nije nadjen nije toliko bitan, saznao sam cemu sluzi i da je legitiman.

Ostaje nam samo da deinstaliramo ComboFix:

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

MyCity » Ambulanta -> Arhiva Ambulante » proveru molim

Ko je trenutno na forumu
 

Ukupno su 851 korisnika na forumu :: 53 registrovanih, 7 sakrivenih i 791 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, anta, babaroga, Bobrock1, bojcistv, Boris90, BORUTUS, DejanSt, Dimitrise93, djukapfc, Dogma21, Dorcolac, drimer, FOX, Georgius, goxin, havoc995, HrcAk47, Kaplar2, Karla, kljift, Komentator, Kubovac, kybonacci, laurusri, Marko Marković, Mi lao shu, Milenaaa, milenko crazy north, Milometer, mkukoleca, moldway, nebkv, Niko Bitan, panzerwaffe, Parker, radoznao, rajkoplje, raketaš, RILE-NS, Sančo, sasa76, sokars, sovanova95, Srle993, strelac07, styg, voja64, Yellow Pinky, zastavnik, zillbg, Zimbabwe, šumar bk2