virus!!!Neophodna mi je pomoc!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

c/program files-ja tu uopste nemam intelinet

Dopuna: 01 Feb 2009 16:38

da radim ceo postupak bez toga-nemam sta da brisem

Dopuna: 01 Feb 2009 16:43

ja cu probati pa da vidimo

Dopuna: 01 Feb 2009 16:52

ComboFix 09-01-31.03 - Administrator 2009-02-01 16:46:02.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.115 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\Sa Interneta\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090131-0] *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 )))))))))))))))))))))))))))))))
.

2009-02-01 16:45 . 2009-02-01 16:45 <DIR> d-------- c:\windows\LastGood
2009-01-31 23:23 . 2009-01-31 23:23 <DIR> d-------- c:\program files\Alwil Software
2009-01-30 21:01 . 2009-01-30 21:01 <DIR> d-------- c:\program files\Google
2009-01-30 21:01 . 2009-01-31 23:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2009-01-27 21:47 . 2009-01-27 21:47 249,592 --a------ c:\windows\system32\cssdll32.dll
2009-01-27 15:45 . 2009-02-01 16:45 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-09 18:49 . 2009-01-09 18:49 0 --a------ c:\windows\nsreg.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-31 21:46 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-30 23:25 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-01-30 23:05 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2009-01-30 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-01-30 21:18 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-30 20:49 --------- d-----w c:\program files\BitComet
2009-01-30 17:04 --------- d-----w c:\program files\XoftSpySE
2009-01-28 12:06 --------- d-----w c:\program files\SpywareBlaster
2008-12-24 13:53 --------- d-----w c:\program files\FLV Player
2008-12-24 13:33 --------- d-----w c:\program files\RegCleaner
2008-12-24 12:27 --------- d-----w c:\program files\CCleaner
2008-12-24 12:16 --------- d-----w c:\program files\XP AntiSpy
2008-12-24 12:03 --------- d-----w c:\program files\Trend Micro
2008-12-18 10:03 --------- d-----w c:\documents and settings\Administrator\Application Data\DNA
2008-12-18 10:02 --------- d-----w c:\program files\DNA
2008-12-06 20:58 --------- d-----w c:\program files\Common Files\Adobe
2008-12-05 15:43 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-12-05 14:20 --------- d-----w c:\documents and settings\All Users\Application Data\Winamp Toolbar
2008-12-05 14:16 --------- d-----w c:\program files\Winamp
2008-04-22 19:35 18,480 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2009-02-01_12.54.35.68 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-01 15:43:48 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_5b8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-03 45056]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 02:07 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\ApexDC++_Gusari_XY6\\ApexDC.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\3ivxConfig.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7315:TCP"= 7315:TCP:DC++TCP
"2206:UDP"= 2206:UDP:DC++UDP
"20645:TCP"= 20645:TCP:BitComet 20645 TCP
"20645:UDP"= 20645:UDP:BitComet 20645 UDP

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-31 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-31 20560]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c459cb7a-f4f5-11dc-ab4a-c52b40cd5321}]
\Shell\AutoRun\command - E:\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []

2008-12-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39]

2009-02-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-30 21:01]

2008-12-24 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2009-01-14 15:42]

2008-12-24 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2009-01-14 15:42]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.msn.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?c90749cda4b949aeb3bca2d323ea8c8f
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?c90749cda4b949aeb3bca2d323ea8c8f
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eyyd22kf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10587&gct=&gc=1&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\eyyd22kf.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-02-01 16:47:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-01 16:48:24
ComboFix-quarantined-files.txt 2009-02-01 15:48:22
ComboFix2.txt 2009-02-01 14:27:36
ComboFix3.txt 2009-02-01 13:42:21
ComboFix4.txt 2009-02-01 11:55:24

Pre-Run: 70,178,574,336 bytes free
Post-Run: 70,164,791,296 bytes free

147 --- E O F --- 2008-12-12 11:11:28
evo ponovo

Dopuna: 01 Feb 2009 16:53

cekam dalja uputstva

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Siguran sam da nestrpljivo čekaš dalja uputstva...




Kakvo je sada stanje? Postoji li neki konkretan problem?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

pa jel to to-sta ti kazes?Ima li gremlina jos

Dopuna: 01 Feb 2009 17:03

kakav je dalje postupak

Dopuna: 01 Feb 2009 17:12

sad mi je jezivo usporio racunar???

Dopuna: 01 Feb 2009 17:18

Izgleda trenutno.Mozda je onda sve ok.Pa hvala ti ljubazni covece!!

Dopuna: 01 Feb 2009 17:18

mogu li sada da ukljucim avast

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovde više ne bi trebalo biti malware-a.


Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore



avast! možeš aktivirati.


To je to...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

kaze mi da windows ne moze da nadje taj fajl

Dopuna: 01 Feb 2009 17:27

eto problema

Dopuna: 01 Feb 2009 17:29

combofix.exe???

Dopuna: 01 Feb 2009 17:32

hocu li tako da ukucam -pa tako mi je sacuvan taj fajl

Dopuna: 01 Feb 2009 17:37

jesi li tu?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Copy/paste:

Combofix /u


Znači, postoji razmak posle Combofix.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

hvala puno puno!!!Gotovo je! Izvini na maltretiranju.Cao

Dopuna: 01 Feb 2009 17:50

evo me opet-avast mi je opet detektovao trojaca-win32 oliga-otkud to sad.A i shortcut za combofix je i dalje na desktopu

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Naziv detektovanog file-a?