Malwarebytes ne uklanja napast?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

I posle nekoliko uzastopnih skenera nije uspeo da obriše tri a posle pauze od sat vremena pojavi se sedam virusa ili šta god da su.


Malwarebytes' Anti-Malware 1.41
Verzija baze podataka: 2871
Windows 5.1.2600 Service Pack 3

9/29/2009 6:00:16 PM
mbam-log-2009-09-29 (18-00-09).txt

Tip skeniranja: Kompletno Skeniranje (C:\|D:\
Skeniranih objekata: 138959
Proteklo vreme: 41 minute(s), 36 second(s)

Inficirani procesi u memoriji: 1
Inficirani moduli u memoriji: 0
Inficirani ključevi u registru: 1
Inficirane vrednosti u registru: 3
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 2

Inficirani procesi u memoriji:
C:\WINDOWS\system32\restorer32_a.exe (Trojan.FakeAlert) -> No action taken.

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani ključevi u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> No action taken.

Inficirane vrednosti u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer32_a (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\restorer32_a (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Regedit32 (Trojan.Agent) -> No action taken.

Inficirani podaci u registru:
(Maliciozne stavke nisu detektovane)

Inficirane fascikle:
(Maliciozne stavke nisu detektovane)

Inficirane datoteke:
C:\WINDOWS\system32\restorer32_a.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Aca\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> No action taken.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...

Isprati uputstvo za postavljanje logova: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

u ovu temu pa će ti neko pomoći.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

DDS (Ver_09-09-29.01) - NTFSx86
Run by Aca at 18:50:02.31 on Tue 09/29/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.453 [GMT 2:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Aca\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [24891] c:\windows\temp\VRT4.tmp.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoSMMyPictures = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoSMMyPictures = 1 (0x1)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\aca\applic~1\mozilla\firefox\profiles\j4ighroi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.jasatomic.org/
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-9-29 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-9-29 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-9-29 138680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-9-29 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-9-29 352920]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]

=============== Created Last 30 ================

2009-09-29 17:28 <DIR> --d----- c:\windows\pss
2009-09-29 15:03 <DIR> --d----- c:\program files\Sony
2009-09-29 14:59 <DIR> --d----- c:\windows\system32\LogFiles
2009-09-29 14:26 32,592 a------- c:\windows\system32\msonpmon.dll
2009-09-29 14:18 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-09-29 14:17 <DIR> --d----- c:\windows\SHELLNEW
2009-09-29 13:54 <DIR> --d----- c:\windows\system32\PreInstall
2009-09-29 13:54 <DIR> --d-h--- c:\windows\$hf_mig$
2009-09-29 13:47 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-09-29 09:35 <DIR> --d----- c:\program files\PC Drivers HeadQuarters
2009-09-29 09:21 <DIR> --d----- c:\windows\system32\appmgmt
2009-09-29 09:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters
2009-09-29 08:54 <DIR> --d----- c:\docume~1\aca\applic~1\GoverLAN
2009-09-29 08:52 <DIR> --d----- c:\program files\GoverLAN v5.5
2009-09-29 08:51 <DIR> --d----- c:\windows\Downloaded Installations
2009-09-29 08:36 196,608 a------- c:\windows\system32\PuzzSaver.scr
2009-09-29 08:36 <DIR> --d----- c:\program files\BearPaw 1200CU Plus
2009-09-29 08:35 <DIR> --d----- c:\program files\Temp
2009-09-29 08:30 126,976 -------- c:\windows\system32\NVNFINST.DLL
2009-09-29 08:30 5,120 a----r-- c:\windows\system32\ALut.dll
2009-09-29 08:30 820,864 a----r-- c:\windows\system32\drivers\nvmcp.sys
2009-09-29 08:30 241,664 a----r-- c:\windows\system32\drivers\nvapu.sys
2009-09-29 08:30 62,336 a----r-- c:\windows\system32\drivers\nvarm.sys
2009-09-29 08:30 44,032 a----r-- c:\windows\system32\OpenAL32.dll
2009-09-29 08:30 44,032 a----r-- c:\windows\system32\nvopenal.dll
2009-09-29 08:30 30,720 a----r-- c:\windows\system32\nvasio.dll
2009-09-29 08:30 13,056 a----r-- c:\windows\system32\drivers\nvax.sys
2009-09-29 08:30 4,096 a----r-- c:\windows\system32\nvack.dll
2009-09-29 08:29 80,896 a----r-- c:\windows\system32\drivers\NVENET.sys
2009-09-29 08:29 1,024 a----r-- c:\windows\system32\drivers\jedih2rx.bin
2009-09-29 08:29 122 a----r-- c:\windows\system32\drivers\ramsed.bin
2009-09-29 08:29 42 a----r-- c:\windows\system32\drivers\jedireg.pat
2009-09-29 08:28 2,938 a------- c:\windows\Ascd_tmp.ini
2009-09-29 08:28 5,824 a------- c:\windows\system32\drivers\ASUSHWIO.SYS
2009-09-29 08:26 14,588 a------- c:\windows\system32\mohfilt.PNF
2009-09-28 23:34 14,048 -------- c:\windows\system32\spmsg2.dll
2009-09-28 23:29 <DIR> --d----- c:\windows\system32\URTTemp
2009-09-28 23:27 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-09-28 23:27 142,592 a------- c:\windows\system32\drivers\aec.sys
2009-09-28 23:27 56,576 a------- c:\windows\system32\drivers\swmidi.sys
2009-09-28 23:27 52,864 a------- c:\windows\system32\drivers\DMusic.sys
2009-09-28 23:27 7,552 a------- c:\windows\system32\drivers\MSKSSRV.sys
2009-09-28 23:26 5,376 a------- c:\windows\system32\drivers\MSPCLOCK.sys
2009-09-28 23:26 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-09-28 23:26 172,416 a------- c:\windows\system32\drivers\kmixer.sys
2009-09-28 23:26 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-09-28 23:26 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-09-28 23:26 4,992 a------- c:\windows\system32\drivers\MSPQM.sys
2009-09-28 23:26 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-09-28 23:25 21,504 a------- c:\windows\system32\hidserv.dll
2009-09-28 23:25 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-09-28 23:24 1,888,992 a------- c:\windows\system32\ati3duag.dll
2009-09-28 23:24 516,768 a------- c:\windows\system32\ativvaxx.dll
2009-09-28 23:24 870,784 a------- c:\windows\system32\ati3d1ag.dll
2009-09-28 23:24 701,440 a------- c:\windows\system32\drivers\ati2mtag.sys
2009-09-28 23:24 229,376 a------- c:\windows\system32\ati2cqag.dll
2009-09-28 23:24 201,728 a------- c:\windows\system32\ati2dvag.dll
2009-09-28 23:24 52,480 a------- c:\windows\system32\drivers\i8042prt.sys
2009-09-28 23:24 10,624 a------- c:\windows\system32\drivers\gameenum.sys
2009-09-28 23:24 74,240 a------- c:\windows\system32\usbui.dll
2009-09-28 23:23 2,944 a------- c:\windows\system32\drivers\msmpu401.sys
2009-09-28 23:23 146,048 ac------ c:\windows\system32\dllcache\portcls.sys
2009-09-28 23:23 129,536 ac------ c:\windows\system32\dllcache\ksproxy.ax
2009-09-28 23:23 60,160 ac------ c:\windows\system32\dllcache\drmk.sys
2009-09-28 23:23 4,096 ac------ c:\windows\system32\dllcache\ksuser.dll
2009-09-28 23:23 146,048 a------- c:\windows\system32\drivers\portcls.sys
2009-09-28 23:23 129,536 a------- c:\windows\system32\ksproxy.ax
2009-09-28 23:23 60,160 a------- c:\windows\system32\drivers\drmk.sys
2009-09-28 23:23 4,096 a------- c:\windows\system32\ksuser.dll
2009-09-28 23:22 <DIR> --d----- c:\program files\common files\ODBC
2009-09-28 23:22 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-09-28 23:21 66,594 ac------ c:\windows\system32\dllcache\c_852.nls
2009-09-28 23:21 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-09-28 23:20 <DIR> --d----- C:\Documents and Settings
2009-09-28 23:19 1,025 a------- c:\windows\system32\$winnt$.inf
2009-09-28 23:03 <DIR> --d----- c:\docume~1\aca\applic~1\ACD Systems
2009-09-28 23:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ACD Systems
2009-09-28 23:02 <DIR> --d----- c:\program files\common files\ACD Systems
2009-09-28 23:02 <DIR> --d----- c:\program files\ACD Systems
2009-09-28 22:52 <DIR> --d----- c:\program files\Canon
2009-09-28 22:48 <DIR> --dsh--- c:\documents and settings\aca\PrivacIE
2009-09-28 22:47 <DIR> --d----- c:\docume~1\aca\applic~1\Malwarebytes
2009-09-28 22:47 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 22:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-28 22:39 <DIR> --dsh--- c:\documents and settings\aca\IETldCache
2009-09-28 22:33 <DIR> --d----- c:\program files\Nero
2009-09-28 22:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-09-28 22:31 <DIR> --d--r-- c:\program files\Skype
2009-09-28 22:30 <DIR> --d----- c:\docume~1\aca\applic~1\GHISLER
2009-09-28 22:29 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-09-28 22:11 <DIR> --d----- c:\program files\ATI Technologies
2009-09-28 21:53 <DIR> --d----- c:\documents and settings\aca\WINDOWS
2009-09-28 21:33 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-09-28 21:33 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-09-28 21:33 <DIR> --d----- c:\program files\Online Services
2009-09-28 21:32 <DIR> --d----- c:\program files\common files\MSSoap
2009-09-28 21:29 <DIR> --d----- c:\program files\Messenger
2009-09-28 21:29 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-09-28 21:29 <DIR> --d----- c:\program files\Windows NT

==================== Find3M ====================

2009-09-29 13:04 4 ----h--- c:\windows\fonts\mlog
2009-09-29 08:59 182,656 a------- c:\windows\system32\drivers\ndis.sys
2009-09-28 21:49 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-09-28 21:30 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-09-10 14:54 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-07-14 12:04 808,440 a------- c:\windows\system32\CDDBUI.dll
2009-07-14 12:04 796,152 a------- c:\windows\system32\CDDBControl.dll
2009-07-14 12:04 108,024 a------- c:\windows\system32\CddbLangIT.dll
2009-07-14 12:04 103,928 a------- c:\windows\system32\CddbLangNL.dll
2009-07-14 12:04 103,928 a------- c:\windows\system32\CddbLangFR.dll
2009-07-14 12:04 103,928 a------- c:\windows\system32\CddbLangES.dll
2009-07-14 12:04 103,928 a------- c:\windows\system32\CddbLangDE.dll
2009-07-14 12:04 83,448 a------- c:\windows\system32\CddbLangJA.dll

============= FINISH: 18:50:37.75 ===============

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Gmer logovi?

Btw, ukoliko nakon poslednjeg skeniranja MBAM-om nisi restartovao Windows, uradi to sada.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

OK, vidim u čemu je problem. Pažljivo isprati sledeće uputstvo.




Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kada sam podizao sistem izgleda da nisam bas sve uradio kako treba, pa sam odlucio da to ponovim ali sa formatiranjem svih particija. Iz tog razloga se zahvaljujem dr Bori na nesebicnoj pomoci.

Svako dobro !