POmoc! Ne mogu da napravim logfile, računar zaražen!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 17 Maj 2009 19:44

Baš tako, skinula sam Hijack, ali virus mu izgleda ne da da skenira sistem.
Skinula sam neku glupost sa neta, pokrenula, i to je pokušalo da ugasi Avast. Reinstalirala sam Avast, ali kaže da nije win32 application i ne može da se pokrene. Šta da radim?

Dopuna: 17 Maj 2009 20:17

ComboFix 09-05-17.01 - Jovana 05/17/2009 19:59.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.349 [GMT 2:00]
Running from: c:\documents and settings\Jovana\Desktop\prsluk\vangla.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Jovana\Application Data\drivers\downld
c:\documents and settings\Jovana\Application Data\drivers\downld\103312.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\103781.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\103828.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\105875.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\106656.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\107156.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\107515.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\107562.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\108703.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\112515.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\115375.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\117796.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\119500.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\129640.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\130062.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\130125.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\135328.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\185359.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\185906.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\186375.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\186765.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\188468.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\189984.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\209390.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\209781.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\210125.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\214078.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\214625.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\215484.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\216312.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\216328.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\217546.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\218250.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\218734.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\219406.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\221031.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\221671.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\221984.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\222625.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\227140.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\228156.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\228531.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\229203.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\229453.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\230625.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\231390.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\232453.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\234593.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\235390.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\237828.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\238484.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\241281.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\242015.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\247125.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\248343.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\248734.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\249390.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\253953.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\265781.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\391734.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\420437.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\420671.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\420687.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\489234.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\494062.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\494265.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\529109.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\537765.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\544781.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\545031.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\612968.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\613937.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\614156.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\626796.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\627500.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\629828.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\633453.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\633781.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\633843.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\634328.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\635109.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\68218.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\68984.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\69015.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\69062.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\69578.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\77890.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\78000.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\79484.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\79859.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\80437.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\80953.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\87671.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\89046.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\89968.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\91484.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\94031.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\95468.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\97375.exe
c:\documents and settings\Jovana\Application Data\drivers\downld\97937.exe
c:\documents and settings\Jovana\Application Data\drivers\srosa2.sys
c:\documents and settings\Jovana\Application Data\drivers\wfsintwq.sys
c:\documents and settings\Jovana\Application Data\drivers\winupgro.exe
c:\documents and settings\Jovana\Application Data\m
c:\documents and settings\Jovana\Application Data\m\data.oct
c:\documents and settings\Jovana\Application Data\m\flec006.exe
c:\documents and settings\Jovana\Application Data\m\list.oct
c:\documents and settings\Jovana\Application Data\m\shared\@Kill 1.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\[HGame XP][AVG][jpn jpn][スクールデイズ][NODVD.Ver.1.06].zip
c:\documents and settings\Jovana\Application Data\m\shared\123 Flash Sound Extractor 1.01.zip
c:\documents and settings\Jovana\Application Data\m\shared\3D Route Builder 1.2.0.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\access2asp 4.2.zip
c:\documents and settings\Jovana\Application Data\m\shared\Ace Currency Calculator 1.3.1.zip
c:\documents and settings\Jovana\Application Data\m\shared\Additional Folders View 0.2.1.zip
c:\documents and settings\Jovana\Application Data\m\shared\Address Wizard Pro 4.23.zip
c:\documents and settings\Jovana\Application Data\m\shared\Aimersoft Audio Converter Pack 1.1.55.zip
c:\documents and settings\Jovana\Application Data\m\shared\Ant Commander 1.1.zip
c:\documents and settings\Jovana\Application Data\m\shared\AOL Daily Scoop Gadget 1.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\ASPRunner Professional 4.zip
c:\documents and settings\Jovana\Application Data\m\shared\Atomic Email Hunter 4.20.zip
c:\documents and settings\Jovana\Application Data\m\shared\Atomic Mail Sender 4.11 [KeyGen].zip
c:\documents and settings\Jovana\Application Data\m\shared\AxisFX 1.0 [Patch].zip
c:\documents and settings\Jovana\Application Data\m\shared\Babya Piano Studio 1.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\BackUp Utility 1.zip
c:\documents and settings\Jovana\Application Data\m\shared\Battlefield Vietnam Doing The Village Map.zip
c:\documents and settings\Jovana\Application Data\m\shared\BlackPhone Desktop Conferencing 3.05.09.27.zip
c:\documents and settings\Jovana\Application Data\m\shared\Blinkx 3.0.1.zip
c:\documents and settings\Jovana\Application Data\m\shared\Bugs Images Collection 1.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Card Tutor 1.zip
c:\documents and settings\Jovana\Application Data\m\shared\CF Screensaver Editor 1.zip
c:\documents and settings\Jovana\Application Data\m\shared\Direct Access 1.6.6.zip
c:\documents and settings\Jovana\Application Data\m\shared\Doubletz 2.2.zip
c:\documents and settings\Jovana\Application Data\m\shared\Down & Out 1.0.1.zip
c:\documents and settings\Jovana\Application Data\m\shared\Drweb 4.32B Incl Key-Nht.zip
c:\documents and settings\Jovana\Application Data\m\shared\Electrimate 1.05 (Patch).zip
c:\documents and settings\Jovana\Application Data\m\shared\Email Tracker 1.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Embird Alphabet 26 1.0 [Key].zip
c:\documents and settings\Jovana\Application Data\m\shared\Eset-Nod32.v2.50.39.(Castellano).(zabranjeno).(Instalado.El.9-08-05).zip
c:\documents and settings\Jovana\Application Data\m\shared\Eurodict French Bulgarian Dictionary 3.01 (With (zabranjeno)).zip
c:\documents and settings\Jovana\Application Data\m\shared\Face Icons 1.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Family Home Budget 2008 9.5.1g.zip
c:\documents and settings\Jovana\Application Data\m\shared\Fast & Easy 1.0b.zip
c:\documents and settings\Jovana\Application Data\m\shared\FAX.Symantec.Winfax.Pro.v10.04.Italian.FULL.PERFETTO.zip
c:\documents and settings\Jovana\Application Data\m\shared\FirstClass Client 7.1.zip
c:\documents and settings\Jovana\Application Data\m\shared\Flower Fantasy 3D ScreenSaver 2.02.zip
c:\documents and settings\Jovana\Application Data\m\shared\Folder Shield 1.4.2.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Forever Journal 2.0 Serial.zip
c:\documents and settings\Jovana\Application Data\m\shared\Foxie Privacy, Security & Productivity Suite 1.1.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Free Mercedes Screensaver 1.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Half-Life 2 Pong Source mod 0.7.zip
c:\documents and settings\Jovana\Application Data\m\shared\Halloween Pumpkin Head Clock Screen Saver 1.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Harmony Assistant 9.0.2.zip
c:\documents and settings\Jovana\Application Data\m\shared\HideWindowPlus 21.0 ((zabranjeno)).zip
c:\documents and settings\Jovana\Application Data\m\shared\HT WebCam 3.0 (With (zabranjeno)).zip
c:\documents and settings\Jovana\Application Data\m\shared\HyperMaker HTML 3001.23.zip
c:\documents and settings\Jovana\Application Data\m\shared\iNet+ Practice Tests 2.7.1.zip
c:\documents and settings\Jovana\Application Data\m\shared\Inside Keylogger 3.5 [(zabranjeno)].zip
c:\documents and settings\Jovana\Application Data\m\shared\Internet Explorer Retitler 1.0.1.1.zip
c:\documents and settings\Jovana\Application Data\m\shared\Internet KidsFilterX 1.15.zip
c:\documents and settings\Jovana\Application Data\m\shared\Jordan Smith's Easy Icon Maker 5.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\jrdesktop 0.2.0030.zip
c:\documents and settings\Jovana\Application Data\m\shared\JustFTP 3.0 (With (zabranjeno)).zip
c:\documents and settings\Jovana\Application Data\m\shared\Kasperski.Antivirus.6.(Final).zip
c:\documents and settings\Jovana\Application Data\m\shared\Kolitaire 2.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\LaunchTray 1.1.zip
c:\documents and settings\Jovana\Application Data\m\shared\LingvoSoft Picture Dictionary 2007 Portuguese - Chinese Mandarin Traditional 1.1.20 [Key].zip
c:\documents and settings\Jovana\Application Data\m\shared\LiquidGuardian 1.0.5.zip
c:\documents and settings\Jovana\Application Data\m\shared\Logger32 3.14.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\LoginHelper 2.0.1 (Key).zip
c:\documents and settings\Jovana\Application Data\m\shared\MemberTies 6.24 Beta 1.0 (Serial).zip
c:\documents and settings\Jovana\Application Data\m\shared\Message Box Toy 1.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Midi to WAV Maker 2.2.0.2033.zip
c:\documents and settings\Jovana\Application Data\m\shared\MPEG to AVI Converter 3.0.0.296.zip
c:\documents and settings\Jovana\Application Data\m\shared\MSDict Oxford Dictionary of Idioms 7.40.zip
c:\documents and settings\Jovana\Application Data\m\shared\MusShell 3.1.1.zip
c:\documents and settings\Jovana\Application Data\m\shared\My Abc 1.00.zip
c:\documents and settings\Jovana\Application Data\m\shared\Netpas Distance 2.5 Build 2571.zip
c:\documents and settings\Jovana\Application Data\m\shared\NewsGator Media Center Edition.zip
c:\documents and settings\Jovana\Application Data\m\shared\nod32-4.zip
c:\documents and settings\Jovana\Application Data\m\shared\novaPDF Server Lite 5.2 Build 229 [Key].zip
c:\documents and settings\Jovana\Application Data\m\shared\Option Profit Calculator 2.0.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Out There Yahoo Widget 1.3.zip
c:\documents and settings\Jovana\Application Data\m\shared\Paranoid Android 1.2.zip
c:\documents and settings\Jovana\Application Data\m\shared\Parental Control Tool 5.5.3.4.zip
c:\documents and settings\Jovana\Application Data\m\shared\PDFpen 2.3.1.zip
c:\documents and settings\Jovana\Application Data\m\shared\Planner.NET 4.1.zip
c:\documents and settings\Jovana\Application Data\m\shared\Pop-Up Dictionary 4.7 build 554.zip
c:\documents and settings\Jovana\Application Data\m\shared\PopularityChecker 1.01.zip
c:\documents and settings\Jovana\Application Data\m\shared\Portable Startup Utility 1.3.0.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\PractiSearch Pro 1.45.5.26 [Patch].zip
c:\documents and settings\Jovana\Application Data\m\shared\Privacy Eraser Pro 5.92 ((zabranjeno)ed).zip
c:\documents and settings\Jovana\Application Data\m\shared\Professional Time Master 1.1.zip
c:\documents and settings\Jovana\Application Data\m\shared\PubOOo 0.3.5.zip
c:\documents and settings\Jovana\Application Data\m\shared\qTagDB 2.1 [KeyGen].zip
c:\documents and settings\Jovana\Application Data\m\shared\Quick-Icon-Grabber 2.5.zip
c:\documents and settings\Jovana\Application Data\m\shared\Rayman Gold demo.zip
c:\documents and settings\Jovana\Application Data\m\shared\Recent-Used File List 2.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Red Rock Creek Screensaver 1.0 Serial.zip
c:\documents and settings\Jovana\Application Data\m\shared\Rename It 3.05.zip
c:\documents and settings\Jovana\Application Data\m\shared\Roosl's All-in-One Text Utility 2.6 (Key).zip
c:\documents and settings\Jovana\Application Data\m\shared\Rt-Plot 2.8.10.83.zip
c:\documents and settings\Jovana\Application Data\m\shared\Smart Money Lite 1.3.zip
c:\documents and settings\Jovana\Application Data\m\shared\Smoker's Calc 1.10.zip
c:\documents and settings\Jovana\Application Data\m\shared\Snow Cabin Demo Screensaver 1.0 [With (zabranjeno)].zip
c:\documents and settings\Jovana\Application Data\m\shared\Soapbox on MSN Video Search 2.0.0.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Sophos.Antivirus.v4.02.Multilanguage.Win2kxp2k3.Retail-Arn.zip
c:\documents and settings\Jovana\Application Data\m\shared\SouthwestUSDoppler! 1.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Spam Piranha 1.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Spy Stalker 1.0.1 ((zabranjeno)ed).zip
c:\documents and settings\Jovana\Application Data\m\shared\Startup Faster! 2004 3.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Stealth Privacy Protector 1.2 ((zabranjeno)ed).zip
c:\documents and settings\Jovana\Application Data\m\shared\Stop Pop Plus 3.zip
c:\documents and settings\Jovana\Application Data\m\shared\Sulimoff Business Wallpapers Set 1280x800 1.zip
c:\documents and settings\Jovana\Application Data\m\shared\SWF Image Creator 1.0 (Patch).zip
c:\documents and settings\Jovana\Application Data\m\shared\The Ansel Adams Project Screensaver 1.0 (Serial).zip
c:\documents and settings\Jovana\Application Data\m\shared\Tilt and Wrap Calculator 1.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Tomtom Mobile Mappe Europa12.zip
c:\documents and settings\Jovana\Application Data\m\shared\Trend Micro Anti-Spyware 3.5 final.zip
c:\documents and settings\Jovana\Application Data\m\shared\trend[1].micro.mobile.security.20-symbian-s60.zip
c:\documents and settings\Jovana\Application Data\m\shared\Trixon BBC - Bit & Byte Converter 1.zip
c:\documents and settings\Jovana\Application Data\m\shared\Vietcong Single-Player demo.zip
c:\documents and settings\Jovana\Application Data\m\shared\ViewerX VNC ActiveX Control 2.7.6.zip
c:\documents and settings\Jovana\Application Data\m\shared\ViewGadget 1.0 With (zabranjeno).zip
c:\documents and settings\Jovana\Application Data\m\shared\Visual Batch File 1.32 [Key].zip
c:\documents and settings\Jovana\Application Data\m\shared\Webcastr Mini-Widget 2.zip
c:\documents and settings\Jovana\Application Data\m\shared\WebKeeper 2.0.6.zip
c:\documents and settings\Jovana\Application Data\m\shared\WinCal 4.8.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Windows Std Serial Comm Lib for Xbase++ 4.3.zip
c:\documents and settings\Jovana\Application Data\m\shared\Winstep Full Pak 1.0.zip
c:\documents and settings\Jovana\Application Data\m\shared\Xtreme Arithmetic 1.3 Key+Serial.zip
c:\documents and settings\Jovana\Application Data\m\shared\Yahoo! Clubs Picture Downloader 1.0.zip
c:\documents and settings\Jovana\Application Data\m\srvlist.oct
c:\program files\Analog Devices\SoundMAX\SMTray.exe
c:\windows\system32\ban_list.txt
c:\windows\system32\drivers\down
c:\windows\system32\drivers\down\252546.exe
c:\windows\system32\mdelk.exe
c:\windows\system32\MFC71.dll
c:\windows\system32\wintems.exe
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd1\The_Sims_2_University_Language_Changer.ShadowCast.www!Osiolek!com.exe
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd2\Media Player 10.rar
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd3.htm
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd4.htm
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd5.mp3
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd6.lnk
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd7.log
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd8.mp3
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd9\Neverne Bebe\Neverne Bebe\01-Kazi gde je ljubav.M4A
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd9\Neverne Bebe\Neverne Bebe\02-Veliki je bog.M4A
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd9\Neverne Bebe\Neverne Bebe\03-Na putu za nju.M4A
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd9\Neverne Bebe\Neverne Bebe\04-Tuzna pesma.M4A
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd9\Neverne Bebe\Neverne Bebe\05-Kupite daire.M4A
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd9\Neverne Bebe\Neverne Bebe\06-Kisa.M4A
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd9\Neverne Bebe\Neverne Bebe\07-Kako da kazem da je gotovo.M4A
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd9\Neverne Bebe\Neverne Bebe\08-Kazi gde smo.M4A
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd9\Neverne Bebe\Neverne Bebe\09-Za 1000 godina.M4A
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd9\Neverne Bebe\Neverne Bebe\10-Balkan - juzno od srece.M4A
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd9\Neverne Bebe\Neverne Bebe\11-Dabogda lazem.M4A
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd9\Neverne Bebe\Neverne Bebe\12-Sad sam stranac.M4A
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\Dd9\Neverne Bebe\Neverne Bebe\13-Dvoje.M4A
d:\recycler\S-1-5-21-1830911154-949681298-80191050-500\INFO2

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SROSA
-------\Legacy_SROSA
-------\Legacy_SK9OU0S
-------\Service_sK9Ou0s


((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.

2009-05-17 17:07 . 2009-05-17 18:01 -------- d--h--w c:\documents and settings\Jovana\Application Data\drivers
2009-05-16 20:26 . 2009-01-22 00:40 163840 ----a-w c:\windows\system32\SecureNet.dll
2009-05-16 20:25 . 2008-11-03 03:45 1126400 ----a-w c:\windows\system32\libeay32.dll
2009-05-16 20:25 . 2008-11-03 03:45 204800 ----a-w c:\windows\system32\ssleay32.dll
2009-05-16 20:25 . 2009-05-16 20:27 -------- d-----w c:\program files\Hide My IP 2009

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 09:54 . 2009-02-28 10:54 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-03-07 10:54 . 2009-02-28 11:04 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-06 14:22 . 2004-08-04 01:07 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:10 . 2004-08-04 01:07 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-04 01:07 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-18 13:19 . 2008-06-02 14:09 11616 ----a-w c:\windows\GLFS20DR.DLL
2009-02-18 13:19 . 2008-06-02 14:09 134464 ----a-w c:\windows\GLCV20DR.DLL
2008-11-22 15:14 . 2008-10-12 14:38 352 ----a-w c:\program files\operadef6.ini
2008-04-10 12:00 . 2008-04-30 17:05 1574808 ----a-w c:\program files\Firefox_2__Vista_Black__Beta_by_Internauta2000.zip
2008-03-11 18:11 . 2008-04-30 17:05 4261270 ----a-w c:\program files\FSViewerSetup35.exe
2000-09-01 00:40 . 2008-05-31 09:22 1292288 ----a-w c:\program files\DiccioGuay.exe
1999-01-20 03:01 . 2008-05-31 09:22 210032 ----a-w c:\program files\dbclient.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-27 516440]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-05-17 79224]
"Run StartupMonitor"="StartupMonitor.exe" - c:\windows\StartupMonitor.exe [2000-05-21 86016]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Jovana^Start Menu^Programs^Startup^WordWeb.lnk]
path=c:\documents and settings\Jovana\Start Menu\Programs\Startup\WordWeb.lnk
backup=c:\windows\pss\WordWeb.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\HOLD\\Programi\\eMule\\emule.exe"=
"d:\\HOLD\\Programi\\Yahoo\\Messenger\\YahooMessenger.exe"=
"d:\\HOLD\\Programi\\Yahoo\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"d:\\HOLD\\Programi\\opera.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/28/2009 12:54 PM 64160]
R3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2009\SecureSrv.exe [5/16/2009 10:25 PM 532784]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 11:34 PM 953168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9/9/2008 10:33 PM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [9/9/2008 10:33 PM 8320]
.
Contents of the 'Scheduled Tasks' folder

2009-05-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 09:54]

2009-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1801674531-839522115-1003.job
- c:\documents and settings\Jovana\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 12:29]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-UIWatcher - c:\program files\Ashampoo\Ashampoo UnInstaller 3\UIWatcher.exe
HKU-Default-Run-Nokia.PCSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - d:\hold\Programi\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\SecureNet.dll
FF - ProfilePath - c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\lhir7x6k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ana.rs/forum/index.php
FF - plugin: c:\documents and settings\Jovana\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: d:\hold\Programi\program\plugins\npdsplay.dll
FF - plugin: d:\hold\Programi\program\plugins\NPOFFICE.DLL
FF - plugin: d:\hold\Programi\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com google.com');user_pref('capability.policy.localfilelinks.checkloaduri.enabled', 'allAccess');.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-05-17 20:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(696)
c:\windows\system32\SecureNet.dll

- - - - - - - > 'explorer.exe'(3708-)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\system32\dllhost.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
.
**************************************************************************
.
Completion time: 2009-05-17 20:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-17 18:12

Pre-Run: 8,998,805,504 bytes free
Post-Run: 9,037,553,664 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

405 --- E O F --- 2009-05-13 11:02

Nadam se da ovo sad nešto govori . . . Hvala unapred.

Dopuna: 17 Maj 2009 20:45

Sad sam uspela :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:39:50 PM, on 5/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\StartupMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hide My IP 2009\SecureSrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jovana\Desktop\prsluk\vana.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\HOLD\Programi\Yahoo\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\HOLD\Programi\Yahoo\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\system32\TwcToolbarIe7.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\HOLD\Programi\Yahoo\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\HOLD\Programi\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra 'Tools' menuitem: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\HOLD\Programi\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\securenet.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SecureSrv - My Privacy Tools, Inc. - C:\Program Files\Hide My IP 2009\SecureSrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 4922 bytes

***
Antivirus i dalje ne moze da se pokrene. Sta da radim sad dalje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...


Hajde da odradimo jedan AV scan.


Preuzmi Dr.Web CureIt (~13 MB).
Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu

Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo:

108703.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Jovana\Application Data\drivers\downld;Win32.HLLM.Beagle;Deleted.;
112515.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Jovana\Application Data\drivers\downld;Win32.HLLM.Beagle;Deleted.;
135328.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Jovana\Application Data\drivers\downld;Win32.HLLM.Beagle;Deleted.;
229203.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Jovana\Application Data\drivers\downld;Win32.HLLM.Beagle;Deleted.;
232453.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Jovana\Application Data\drivers\downld;Win32.HLLM.Beagle;Deleted.;
249390.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Jovana\Application Data\drivers\downld;Win32.HLLM.Beagle;Deleted.;
253953.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Jovana\Application Data\drivers\downld;Trojan.Packed.650;Deleted.;
265781.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Jovana\Application Data\drivers\downld;Trojan.Packed.650;Deleted.;
391734.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Jovana\Application Data\drivers\downld;Trojan.Packed.650;Deleted.;
629828.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Jovana\Application Data\drivers\downld;Win32.HLLM.Beagle;Deleted.;
flec006.exe.vir;C:\Qoobox\Quarantine\C\Documents and Settings\Jovana\Application Data\m;Win32.HLLM.Beagle;Deleted.;
mdelk.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Win32.HLLM.Beagle;Deleted.;
wintems.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32;Win32.HLLM.Beagle;Deleted.;
252546.exe.vir;C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\down;Trojan.Packed.650;Deleted.;
A0042955.exe;C:\System Volume Information\_restore{F155DF98-46EE-462E-B9FD-0D03F51F00F8}\RP345;Win32.HLLM.Beagle;Deleted.;
A0042957.exe;C:\System Volume Information\_restore{F155DF98-46EE-462E-B9FD-0D03F51F00F8}\RP345;Win32.HLLM.Beagle;Deleted.;
A0042958.exe;C:\System Volume Information\_restore{F155DF98-46EE-462E-B9FD-0D03F51F00F8}\RP345;Win32.HLLM.Beagle;Deleted.;
A0042971.exe;C:\System Volume Information\_restore{F155DF98-46EE-462E-B9FD-0D03F51F00F8}\RP345;Win32.HLLM.Beagle;Deleted.;
A0042974.exe;C:\System Volume Information\_restore{F155DF98-46EE-462E-B9FD-0D03F51F00F8}\RP345;Win32.HLLM.Beagle;Deleted.;
A0042975.exe;C:\System Volume Information\_restore{F155DF98-46EE-462E-B9FD-0D03F51F00F8}\RP345;Win32.HLLM.Beagle;Deleted.;
pskill.exe;C:\WINDOWS\system32;Tool.Prockill;Incurable.Moved.;
027.part\Updater.exe;D:\HOLD\Programi\eMule\Temp\027.part;Trojan.DownLoader.origin;;
027.part;D:\HOLD\Programi\eMule\Temp;Archive contains infected objects;Moved.;
VTP801(2).exe\data026;D:\set up files\VTP801(2).exe;Tool.Prockill;;
VTP801(2).exe/data033\data009;D:\set up files\VTP801(2).exe/data033;Tool.Prockill;;
data033;D:\set up files;Archive contains infected objects;;
VTP801(2).exe;D:\set up files;Archive contains infected objects;Moved.;
A0044012.exe\data026;D:\System Volume Information\_restore{F155DF98-46EE-462E-B9FD-0D03F51F00F8}\RP345\A0044012.exe;Tool.Prockill;;
A0044012.exe/data033\data009;D:\System Volume Information\_restore{F155DF98-46EE-462E-B9FD-0D03F51F00F8}\RP345\A0044012.exe/data033;Tool.Prockill;;
data033;D:\System Volume Information\_restore{F155DF98-46EE-462E-B9FD-0D03F51F00F8}\RP345;Archive contains infected objects;;
A0044012.exe;D:\System Volume Information\_restore{F155DF98-46EE-462E-B9FD-0D03F51F00F8}\RP345;Archive contains infected objects;Moved.;

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Postavi svež ComboFix log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-05-17.08 - Jovana 05/18/2009 21:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.310 [GMT 2:00]
Running from: c:\documents and settings\Jovana\Desktop\prsluk\vangla.exe
.

((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-18 08:07 . 2009-05-18 08:07 -------- d-----w c:\documents and settings\Jovana\DoctorWeb
2009-05-17 17:07 . 2009-05-17 18:01 -------- d--h--w c:\documents and settings\Jovana\Application Data\drivers
2009-05-16 20:26 . 2009-01-22 00:40 163840 ----a-w c:\windows\system32\SecureNet.dll
2009-05-16 20:25 . 2008-11-03 03:45 1126400 ----a-w c:\windows\system32\libeay32.dll
2009-05-16 20:25 . 2008-11-03 03:45 204800 ----a-w c:\windows\system32\ssleay32.dll
2009-05-16 20:25 . 2009-05-16 20:27 -------- d-----w c:\program files\Hide My IP 2009

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 09:54 . 2009-02-28 10:54 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-03-07 10:54 . 2009-02-28 11:04 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-03-06 14:22 . 2004-08-04 01:07 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:10 . 2004-08-04 01:07 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2004-08-04 01:07 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-18 13:19 . 2008-06-02 14:09 11616 ----a-w c:\windows\GLFS20DR.DLL
2009-02-18 13:19 . 2008-06-02 14:09 134464 ----a-w c:\windows\GLCV20DR.DLL
2008-11-22 15:14 . 2008-10-12 14:38 352 ----a-w c:\program files\operadef6.ini
2008-04-10 12:00 . 2008-04-30 17:05 1574808 ----a-w c:\program files\Firefox_2__Vista_Black__Beta_by_Internauta2000.zip
2008-03-11 18:11 . 2008-04-30 17:05 4261270 ----a-w c:\program files\FSViewerSetup35.exe
2000-09-01 00:40 . 2008-05-31 09:22 1292288 ----a-w c:\program files\DiccioGuay.exe
1999-01-20 03:01 . 2008-05-31 09:22 210032 ----a-w c:\program files\dbclient.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-27 516440]
"Run StartupMonitor"="StartupMonitor.exe" - c:\windows\StartupMonitor.exe [2000-05-21 86016]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Jovana^Start Menu^Programs^Startup^WordWeb.lnk]
path=c:\documents and settings\Jovana\Start Menu\Programs\Startup\WordWeb.lnk
backup=c:\windows\pss\WordWeb.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\HOLD\\Programi\\eMule\\emule.exe"=
"d:\\HOLD\\Programi\\Yahoo\\Messenger\\YahooMessenger.exe"=
"d:\\HOLD\\Programi\\Yahoo\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"d:\\HOLD\\Programi\\opera.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/28/2009 12:54 PM 64160]
R3 SecureSrv;SecureSrv;c:\program files\Hide My IP 2009\SecureSrv.exe [5/16/2009 10:25 PM 532784]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 11:34 PM 953168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9/9/2008 10:33 PM 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [9/9/2008 10:33 PM 8320]
.
Contents of the 'Scheduled Tasks' folder

2009-05-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 09:54]

2009-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1801674531-839522115-1003.job
- c:\documents and settings\Jovana\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-16 12:29]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - d:\hold\Programi\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\SecureNet.dll
FF - ProfilePath - c:\documents and settings\Jovana\Application Data\Mozilla\Firefox\Profiles\lhir7x6k.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.ana.rs/forum/index.php
FF - plugin: c:\documents and settings\Jovana\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF - plugin: d:\hold\Programi\program\plugins\npdsplay.dll
FF - plugin: d:\hold\Programi\program\plugins\NPOFFICE.DLL
FF - plugin: d:\hold\Programi\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
user_pref('capability.policy.policynames', 'localfilelinks');user_pref('capability.policy.localfilelinks.sites', 'hxxp://www.webmynd.com google.com');user_pref('capability.policy.localfilelinks.checkloaduri.enabled', 'allAccess');.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-05-18 21:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(696)
c:\windows\system32\SecureNet.dll

- - - - - - - > 'explorer.exe'(3796)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-18 21:44
ComboFix-quarantined-files.txt 2009-05-18 19:42
ComboFix2.txt 2009-05-17 18:12

Pre-Run: 9,001,787,392 bytes free
Post-Run: 8,990,621,696 bytes free

107 --- E O F --- 2009-05-13 11:02

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo izgleda ok.

Treba da (re)instaliraš antivirus.


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.



I to je sve.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 18 Maj 2009 22:02

Hvala. Sad ću to da uradim.

Dopuna: 18 Maj 2009 22:15

Imam još samo jedno pitanjce. Prilikom podizanja sistema na trenutak se pojavi onaj crni ekran i traži da izaberem: "please choose an operating sistem to start" izmedju recovery console i ms windowsa xp. Doduše, ni ne stignem da stisnem enter, win se pokreće. Ovo se naravno dešava od juče. Da li treba nešto da uradim da se to više ne pojavljuje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix je instalirao Recovery Console. Preporučio bih da se to ne dira pošto nekada može biti od koristi.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok. Hvala još jednom.