Trojan virus svi moguci

 evo uradi ovako pa ćemo počistiti to smeće

 da mi je samo znati kako si napravio OTS_fix

otvori OTS i ovo kopiraj u prazno polje

[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > ->
YN -> HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://start.facemoods.com/?a=brn1&s={searchTerms}&f=4
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3483538142-2887510305-3668983573-1000\] > ->
YN -> HKEY_USERS\S-1-5-21-3483538142-2887510305-3668983573-1000\: Main\\"Start Page" -> http://start.facemoods.com/?a=brn1
YN -> HKEY_USERS\S-1-5-21-3483538142-2887510305-3668983573-1000\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> BB 51 72 81 AF 17 CC 01  [binary data]
YN -> HKEY_USERS\S-1-5-21-3483538142-2887510305-3668983573-1000\: URLSearchHooks\\"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< FireFox Settings [Prefs.js] > -> C:\Users\Turki\AppData\Roaming\Mozilla\FireFox\Profiles\nh1d6ahm.default\prefs.js
YN -> browser.search.defaultenginename -> "Facemoods Search"
< FireFox Extensions [Program Folders] > ->
YN -> No name found ->
< HOSTS File > ([2009.06.10 23:39:37 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\System32\drivers\etc\hosts
YN -> Reset Hosts ->
< Drives with AutoRun files > ->
NY -> H:\autorun.inf  -> H:\autorun.inf [ NTFS ]
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
YN -> \F ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\shell ->
YN -> \F\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\shell\AutoRun\command ->
YN -> \F\shell\AutoRun\command\\"" -> [F:\Autorun.exe]
YN -> \{d77c70de-a327-11e0-9816-002522a6b79f} ->
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d77c70de-a327-11e0-9816-002522a6b79f}\shell ->
YN -> \{d77c70de-a327-11e0-9816-002522a6b79f}\shell\\"" -> [AutoRun]
YN -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d77c70de-a327-11e0-9816-002522a6b79f}\shell\AutoRun\command ->
YN -> \{d77c70de-a327-11e0-9816-002522a6b79f}\shell\AutoRun\command\\"" -> [G:\memorybar.exe]
[Files/Folders - Created Within 30 Days]
NY ->  9 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp
[Files/Folders - Modified Within 30 Days]
NY ->  9 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp
[Alternate Data Streams]
NY -> @Alternate Data Stream - 246 bytes -> C:\ProgramData\TEMP:0B4227B4
[Purity]
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[ClearAllRestorePoints]
[Reboot]
klik na RUN FIX

log koji dobiješ kopiraj na forum

nakon toga:

otvori notepad i ovo kopiraj  u notepad

File::
c:\users\Turki\AppData\Roaming\Microsoft\Installer\{8ADAF1FD-5A00-4973-B26D-5AF81BE8D341}\EZPUChk.exe_8ADAF1FD5A004973B26D5AF81BE8D341.exe
c:\users\Turki\AppData\Roaming\Microsoft\Installer\{8ADAF1FD-5A00-4973-B26D-5AF81BE8D341}\SCM.exe_8ADAF1FD5A004973B26D5AF81BE8D341.exe
c:\users\Turki\AppData\Roaming\Microsoft\Installer\{8ADAF1FD-5A00-4973-B26D-5AF81BE8D341}\Uninstall_EZUSB.ex_8ADAF1FD5A004973B26D5AF81BE8D341.exe

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
   76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
   2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:78,6e,20,41,80,2f,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,49,0f,e4,12,61,60,48,9a,c8,d8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2e,49,0f,e4,12,61,60,48,9a,c8,d8,\

zatvori notepad i spremi kao CFSCript na desktop

-isključi antivirus i firewal i skriptu sa mišem uvuci u combofix.exe

-log isto tako kopiraj

i treće

pošto ti je i usb stik zaražen učini ovako

-skini ovaj program i spremi ga na desktop
-pokreni usbnorisk i sacekaj desetak sekundi
-ubaci stik u raèunalo (ako imaš više stikova, ubacuj jedan po jedan i zapamti ili zapiši koji je prvi drugi itd.
-sacekaj desetak sekundi
-desni klik mišem na sred prozora i odaberi opciju save scrambled log
-log kopiraj

dakle još je ostalo samo za očistiti usbstik, jesi li odradio treći dio ?

kad si usbnorisk spremio na desktop ,dvoklikom si ga pokrenio ?

dakle, pokreneš program, sačekaš 10 sekundi, ubaciš stik, sačekaš 10 sekundi, naon toga desni klik mišem na sred prozora programa>klikni na sve scrambled log

log koji dobiješ kopiraj

http://www.speedyshare.com/files/29912299/UsbNoRisk2.txt

tu se vidi superhidden fajl siljo, u njemu mi uvjek nađe tj. kad nađe tog trojanca.

dobro daj mi sad sam objasni malo kaj su ti svi skenovi nasli da znam kaj sam napravio.

http://www.speedyshare.com/files/29912863/UsbNoRisk3.txt

avg je vec obrisao kramponju kad sam postavio pitanje na forumu. zato ona greska da ga nema.

lijepo si to objasnio, hvala.

pa sad. nemogu tocno rec nije ni prije ono drasticno sporo radilo. vise me zivciralo stalni popupi avga da je naso kramponju na stiku. al vidjet cemo uskoro :D

hvala jos jednom na pomoci.