Patched.ZA virus - pomoć!

Pozdrav!

Avira mi u notifikacijskom prozoru ukazuje na W32/Patched.ZA virus.

Nakon što Avira ponovno skenira particije, i obriše ga, javlja opet gore navedeni problem - točnije, pokaže mi se isti ovaj notifikacijski prozor (gornja slika) kao i prvi put. Koliko god puta ga ja obrisao, on se "vrati".

Većina na Internetu navodi kako je bezopasan, no na par sam mjesta naišao gdje njegovo djelovanje opisuju kao stvaranje rupa i prolaza radi lakšeg upada u računalo, krađe privatnih informacija, te da je jako opasan za po korisnika.

Pomoć?!

EDIT: Sve što je u karanteni sam obrisao, te je AV up to date.

Izvoli Rogue Killer log, sad ću odraditi ovaj OST...

RogueKiller V7.6.2 [07/02/2012]  by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User: 4ucker2 [Admin rights]
Mode: Scan -- Date: 07/03/2012 13:11:13

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] FLVSrvLib.dll -- C:\Users\4ucker2\AppData\Local\FLVService\lib\FLVSrvLib.dll -> UNLOADED

¤¤¤ Registry Entries: 2 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : DATE0FB.tmp.exe (C:\Users\4ucker2\AppData\Local\Temp\DATE0FB.tmp.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-1622943101-1624050889-2187158001-1005[...]\Run : DATE0FB.tmp.exe (C:\Users\4ucker2\AppData\Local\Temp\DATE0FB.tmp.exe) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{7c39f445-7ac2-805f-fbed-43e5ecccacb5}\U - FOUND
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe - CANNOT FIX
[ZeroAccess][Sig found] services.exe : c:\windows\system32\services.exe - CANNOT FIX

¤¤¤ Driver: [LOADED] ¤¤¤
SSDT[84] : NtCreateSection @ 0x83434F2B -> HOOKED (Unknown @ 0x906F8076)
SSDT[299] : NtRequestWaitReplyPort @ 0x8344F8D9 -> HOOKED (Unknown @ 0x906F8080)
SSDT[316] : NtSetContextThread @ 0x834EECFF -> HOOKED (Unknown @ 0x906F807B)
SSDT[347] : NtSetSecurityObject @ 0x83413626 -> HOOKED (Unknown @ 0x906F8085)
SSDT[368] : NtSystemDebugControl @ 0x83497464 -> HOOKED (Unknown @ 0x906F808A)
SSDT[370] : NtTerminateProcess @ 0x8346C9BF -> HOOKED (Unknown @ 0x906F8017)
S_SSDT[585] : Unknown -> HOOKED (Unknown @ 0x906F809E)
S_SSDT[588] : Unknown -> HOOKED (Unknown @ 0x906F80A3)

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1       localhost
127.0.0.1 activate.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
::1             localhost127.0.0.1       static3.cdn.ubi.com
127.0.0.1       ubisoft-orbit.s3.amazonaws.com
127.0.0.1       onlineconfigservice.ubi.com
127.0.0.1       orbitservice.ubi.com
127.0.0.1       ubisoft-orbit-savegames.s3.amazonaws.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5001AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] 9228b29fa673fcec8fc22c75b9044af2
[BSP] bc8ccea1294cf0eca6656c5002bdd480 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 14 | Size: 100005 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 204812685 | Size: 376931 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

otvori OTS i ovo kopiraj u prazno polje

[Kill All Processes]

[Unregister Dlls]

[Registry - Safe List]

< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> 

YN -> HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.bigseekpro.com/mediaget/{559C613E-9F52-4ABC-99D2-ED702306103D}

< FireFox Extensions [Program Folders] > -> 

YY -> No name found -> C:\USERS\4UCKER2\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\URCR80XX.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI

< Run [HKEY_USERS\S-1-5-21-1622943101-1624050889-2187158001-1005\] > -> HKEY_USERS\S-1-5-21-1622943101-1624050889-2187158001-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

YY -> "DATE0FB.tmp.exe" -> C:\Users\4ucker2\AppData\Local\Temp\DATE0FB.tmp.exe [C:\Users\4ucker2\AppData\Local\Temp\DATE0FB.tmp.exe]

[Files/Folders - Created Within 30 Days]

NY ->  {E38D706E-EA44-4491-A899-37CE8C9A536E} -> C:\Users\4ucker2\AppData\Local\{E38D706E-EA44-4491-A899-37CE8C9A536E}

NY ->  {94BE8675-1D72-494F-9E91-7F30722F1A09} -> C:\Users\4ucker2\AppData\Local\{94BE8675-1D72-494F-9E91-7F30722F1A09}

NY ->  {A3154012-11DA-4FE7-BD64-F9A357F17892} -> C:\Users\4ucker2\AppData\Local\{A3154012-11DA-4FE7-BD64-F9A357F17892}

NY ->  2 C:\Windows\*.tmp files -> C:\Windows\*.tmp

NY ->  1 C:\*.tmp files -> C:\*.tmp

[Files/Folders - Modified Within 30 Days]

NY ->  315 C:\Users\4ucker2\AppData\Local\Temp\*.tmp files -> C:\Users\4ucker2\AppData\Local\Temp\*.tmp

NY ->  315 C:\Users\4ucker2\AppData\Local\Temp\*.tmp files -> C:\Users\4ucker2\AppData\Local\Temp\*.tmp

NY ->  2 C:\Windows\*.tmp files -> C:\Windows\*.tmp

NY ->  1 C:\*.tmp files -> C:\*.tmp

[Files - No Company Name]

NY ->  mxnhytee.feu -> C:\ProgramData\mxnhytee.feu

[Custom Scans]

[Alternate Data Streams]

NY -> @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:76650B61

NY -> @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BF3D62E7

NY -> @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:BA7184B8

NY -> @Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:CF54F1CA

:files

c:\windows\installer\{7c39f445-7ac2-805f-fbed-43e5ecccacb5}

C:\Windows\System32\services.exe|C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe /replace

:end

[Purity]

[EmptyFlash]

[EmptyJava]

[CreateRestorePoint]

[Start Explorer]

[Reboot]

-klik na RUN FIX

-log koji dobiješ uploadaj na speedyshare

Kopirao sam u OTS-u ovu skriptu (u ono desno polje), no nije mi dao nikakav log file, ni nakon restartiranja računala.

Sad ću ova dva pokrenuti...

Našao sam i OTS log.

OTS LOG

TDSS KILLER LOG

COMBOFIX LOG

U pravu ste! AV ništa više ne javlja, a i rezultati su pozitivni nakon skeniranja! Ne znam kako bih Vam se ZAHVALIO za ovo. Ako ikad bude išta gorilo, mene koristite kao šmrk, haha.

I LOG-ovi:

MBAM

Rogue Killer

Sada, kad to hoću uraditi, daje mi ovaj error.

Sada je uspjelo, i dao mi je dva LOG-a, u razmaku jedne minute...

1

2

Odrađeno!

Računalo radi k'o urica. Moram priznati da je neke stvari prije duže pokretao, sad je osjetno brže. AV više ne javlja nikakve probleme, kao što ste i vidjeli.

Opet, ne znam kako da zahvalim na ovome...

HVALA PUNO!