Imam Virus pomoc!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ne mogu nikako da prebacim u notpad

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

------------------------------------

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-06-20.04 - miljan 21.06.2009 20:18.5 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.236 [GMT 2:00]
Running from: c:\documents and settings\miljan.MILJAN-677AU8CL\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090620-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-05-21 to 2009-06-21 )))))))))))))))))))))))))))))))
.

2009-06-17 08:15 . 2009-06-17 08:15 -------- d-----w- C:\_OTM
2009-06-16 15:47 . 2009-06-16 15:47 -------- d-----w- c:\program files\trend micro
2009-06-16 15:47 . 2009-06-16 15:47 -------- d-----w- C:\rsit
2009-06-16 15:23 . 2009-06-16 18:59 -------- d-----w- C:\32788R22FWJFW.0.tmp
2009-06-16 09:02 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-16 09:02 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-16 09:02 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-16 09:02 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-16 09:02 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-16 09:02 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-16 09:02 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-16 09:02 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-16 09:01 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-16 09:01 . 2009-06-16 09:01 -------- d-----w- c:\program files\Alwil Software
2009-06-16 08:51 . 2009-06-16 08:52 0 ----a-w- c:\windows\nsreg.dat
2009-06-16 08:51 . 2009-06-16 08:51 -------- d-----w- c:\documents and settings\miljan.MILJAN-677AU8CL\Local Settings\Application Data\Mozilla
2009-06-15 21:54 . 2009-03-06 14:44 283648 ------w- c:\windows\system32\dllcache\pdh.dll
2009-06-15 21:54 . 2005-07-26 04:39 60416 ------w- c:\windows\system32\dllcache\colbact.dll
2009-06-15 21:54 . 2009-02-09 10:20 399360 ------w- c:\windows\system32\dllcache\rpcss.dll
2009-06-15 21:54 . 2009-02-06 17:14 110592 ------w- c:\windows\system32\dllcache\services.exe
2009-06-15 21:54 . 2009-02-09 10:20 473088 ------w- c:\windows\system32\dllcache\fastprox.dll
2009-06-15 21:54 . 2009-02-06 16:39 227840 ------w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-15 21:54 . 2009-02-09 10:20 616960 ------w- c:\windows\system32\dllcache\advapi32.dll
2009-06-15 21:54 . 2009-02-09 10:20 453120 ------w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-15 21:54 . 2009-02-09 10:20 714752 ------w- c:\windows\system32\dllcache\ntdll.dll
2009-06-15 21:51 . 2008-05-01 14:30 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-06-15 20:05 . 2008-04-21 10:02 215552 ------w- c:\windows\system32\dllcache\wordpad.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-18 13:11 . 2007-08-12 16:32 10 ----a-w- c:\windows\popcinfo.dat
2009-05-07 15:44 . 2002-08-28 23:41 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:52 . 2002-08-28 23:41 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2007-07-17 17:11 81920 ------w- c:\windows\system32\ieencode.dll
2009-04-17 09:58 . 2002-08-28 22:14 1846656 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 15:11 . 2002-08-28 23:41 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2008-07-15 20:24 . 2008-07-15 20:23 5632 --sha-w- c:\program files\Thumbs.db
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-01-07 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-03-03 4595712]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-08-17 77824]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-09-04 185632]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-03 143360]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-03-03 323584]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R1 aswsp;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [16.6.2009 11:02 114768]
R2 aswfsblk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.6.2009 11:02 20560]
R3 PAC207;VideoCAM GE111;c:\windows\system32\drivers\PFC027.sys [8.4.2005 10:46 162176]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: &Winamp Search - c:\documents and settings\All Users.WINDOWS\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-06-21 20:22
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4092)
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
.
Completion time: 2009-06-21 20:23
ComboFix-quarantined-files.txt 2009-06-21 18:23
ComboFix2.txt 2009-06-18 05:56

Pre-Run: 4.306.354.176 bytes free
Post-Run: 4.366.073.856 bytes free

119 --- E O F --- 2009-06-18 09:29

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da li sada Avast nesto registruje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Avast je pronasao ovo:

C:\_OTM\MovedFiles\06172009_102517\WINDOWS\system32\msaxy.exe
Win32:VB-LYG [Trj]
Trojanski konj
090621-0, 21.06.2009
C:\_OTM\MovedFiles\06172009_102517\WINDOWS\system32\3361\services.exe
Win32:VB-LYH [Trj]
090621-0, 21.06.2009

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

To je normalno, to je kao karantin.

Deinstaliraj ComboFix i pobrisi sve te OTM foldere.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Deinstalirao sam Combofox i obrisao OTM foldere, pustio Avast da odradi i nije pronasao nista.
Hvala na svemu...
Pozdrav!!!