Virus u ram memoriji

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 23 Okt 2012 2:04

1.
Vec duze vreme imam problem sa virusom koji nece da se obrise iz ram memorije.
Pored toga imam i jos po neki virus... mislim da su trojanci u pitanju.
Imam poteskoca sa osnvnim funkcijama kompa .. npr. Kad koristim skrol umesto na dole skroluje se na gore i obratno , pa se vrati na staro i opet u krug...
To se uglavnom desava kad koristim internet preko browsera uglavnom mozile .Nekad se mozila ukoci i ne mogu da koristim jedno pola minuta. Ovo je kompijuter je od mog druga ,kako mi je on obljasnio windows ne pamti kad mu je poslednji put bio reinstaliran jer mu je pun nekih potrebnih dokumenata.
2.
DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_31
Run by korisnik at 23:02:22 on 2012-10-22
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.80 [GMT 2:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\windows\explorer.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\Iminent\IMBooster\imbooster.exe
C:\Program Files\BrowserCompanion\BCHelper.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101241&mntrId=ace2a54a0000000000000015586feaba
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
mWinlogon: Shell = c:\windows\explorer.exe
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: Chatvibes Browser Helper: {00cbb66b-1d3b-46d3-9577-323a336acb50} - c:\program files\browsercompanion\jsloader.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Chatvibes Browser Helper Verifier: {963B125B-8B21-49A2-A3A8-E37092276531} - c:\program files\browsercompanion\updatebhoWin32.dll
BHO: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - c:\program files\iminent\imbooster4web\Iminent.WebBooster.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\korisnik\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "c:\documents and settings\korisnik\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [Lexmark 5200 series] "c:\program files\lexmark 5200 series\lxbtbmgr.exe"
mRun: [LXBTCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBTtime.dll,_RunDLLEntry@16
mRun: [IMBooster] c:\program files\iminent\imbooster\imbooster.exe /warmup
mRun: [Browser companion helper] c:\program files\browsercompanion\BCHelper.exe /T=3 /CHI=clbfjfbnelcflpgpklppgplejolacbej
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{5BBCB950-407E-409B-960D-16E8DCBBA138} : DHCPNameServer = 192.168.1.1
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - c:\program files\browsercompanion\tdataprotocol.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
Notify: sysfldr - sysfldr.dll
Notify: WinCtrl32 - WinCtrl32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\korisnik\application data\mozilla\firefox\profiles\khe65xlz.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=VDJ&o=41647960&locale=en_EU&apn_uid=0E30515B-B353-49EC-AB20-004D344BFCE8&apn_ptnrs=8R&apn_sauid=FCA4EDDE-D219-43BA-96DD-BD3F10DA6C53&apn_dtid=YYYYYYYYRS&&q=
FF - plugin: c:\documents and settings\korisnik\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\korisnik\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.id - ace2a54a0000000000000015586feaba
FF - user.js: extensions.BabylonToolbar_i.hardId - ace2a54a0000000000000015586feaba
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15397
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1721:10:55
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101241
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 Nbi52;Nbi52;c:\windows\system32\drivers\Nbi52.sys [2008-5-5 28672]
R0 uaU36;uaU36;c:\windows\system32\drivers\uaU36.sys [2008-6-3 32128]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2011-8-4 103112]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\ACEDRV11.sys [2008-1-23 501560]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-8-9 974944]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [2007-3-8 454815]
S2 AlerterBITSNtmsSvc;Alerter AlerterBITSNtmsSvc; srv --> srv [?]
S2 AlerterNtmlSvc;Alerter AlerterNtmlSvc; srv --> srv [?]
S2 AlerterNtmlSvcBrowserwscsvclanmanserver;Alerter AlerterNtmlSvc AlerterNtmlSvcBrowserwscsvclanmanserver; srv --> srv [?]
S2 ALGPlugPlayCryptSvcwscsvc;Application Layer Gateway Service ALGPlugPlayCryptSvcwscsvc; srv --> srv [?]
S2 AppMgmtMessengerRasAutoW32TimeAudioSrvRemoteAccess;Application Management AppMgmtMessengerRasAutoW32TimeAudioSrvRemoteAccess; srv --> srv [?]
S2 AppMgmtMessengerRasAutoW32TimeAudioSrvRemoteAccessIrmonSysmonLog;Application Management AppMgmtMessengerRasAutoW32TimeAudioSrvRemoteAccess AppMgmtMessengerRasAutoW32TimeAudioSrvRemoteAccessIrmonSysmonLog; srv --> srv [?]
S2 AppMgmtRpcLocatorRasManImapiService;Application Management AppMgmtRpcLocatorRasManImapiService; srv --> srv [?]
S2 AppMgmtRpcLocatorRasManImapiServiceShellHWDetectionMessenger;Application Management AppMgmtRpcLocatorRasManImapiService AppMgmtRpcLocatorRasManImapiServiceShellHWDetectionMessenger; srv --> srv [?]
S2 BITSNetmanVSS;Background Intelligent Transfer Service BITSNetmanVSS; srv --> srv [?]
S2 BITSNetmanVSSTapiSrv;Background Intelligent Transfer Service BITSNetmanVSS BITSNetmanVSSTapiSrv; srv --> srv [?]
S2 BITSNtmsSvc;Background Intelligent Transfer Service BITSNtmsSvc; srv --> srv [?]
S2 BITSNtmsSvcHTTPFilterNetmanPlugPlayCryptSvcwscsvc;Background Intelligent Transfer Service BITSNtmsSvc BITSNtmsSvcHTTPFilterNetmanPlugPlayCryptSvcwscsvc; srv --> srv [?]
S2 BITSNtmsSvcSSDPSRV;Background Intelligent Transfer Service BITSNtmsSvc BITSNtmsSvcSSDPSRV; srv --> srv [?]
S2 BITSProtectedStorage;Background Intelligent Transfer Service BITSProtectedStorage; srv --> srv [?]
S2 BITSProtectedStorageDnscache;Background Intelligent Transfer Service BITSProtectedStorage BITSProtectedStorageDnscache; srv --> srv [?]
S2 BITSProtectedStorageDnscacheEventlog;Background Intelligent Transfer Service BITSProtectedStorage BITSProtectedStorageDnscache BITSProtectedStorageDnscacheEventlog; srv --> srv [?]
S2 BITSProtectedStorageDnscacheEventlogAlerterBITSNtmsSvc;Background Intelligent Transfer Service BITSProtectedStorage BITSProtectedStorageDnscache BITSProtectedStorageDnscacheEventlog BITSProtectedStorageDnscacheEventlogAlerterBITSNtmsSvc; srv --> srv [?]
S2 BITSProtectedStorageDnscacheEventlogAlerterBITSNtmsSvcRasManBrowserAppMgmt;Background Intelligent Transfer Service BITSProtectedStorage BITSProtectedStorageDnscache BITSProtectedStorageDnscacheEventlog BITSProtectedStorageDnscacheEventlogAlerterBITSNtmsSvc BITSProtectedStorageDnscacheEventlogAlerterBITSNtmsSvcRasManBrowserAppMgmt; srv --> srv [?]
S2 BITSProtectedStorageDnscacheEventlogRSVP;Background Intelligent Transfer Service BITSProtectedStorage BITSProtectedStorageDnscache BITSProtectedStorageDnscacheEventlog BITSProtectedStorageDnscacheEventlogRSVP; srv --> srv [?]
S2 BITSProtectedStorageDnscacheEventlogRSVPCryptSvcwscsvc;Background Intelligent Transfer Service BITSProtectedStorage BITSProtectedStorageDnscache BITSProtectedStorageDnscacheEventlog BITSProtectedStorageDnscacheEventlogRSVP BITSProtectedStorageDnscacheEventlogRSVPCryptSvcwscsvc; srv --> srv [?]
S2 BITSProtectedStorageMSDTC;Background Intelligent Transfer Service BITSProtectedStorage BITSProtectedStorageMSDTC; srv --> srv [?]
S2 BITSupnphost;Background Intelligent Transfer Service BITSupnphost; srv --> srv [?]
S2 Browserwscsvclanmanserver;Computer Browser Browserwscsvclanmanserver; srv --> srv [?]
S2 BrowserwscsvclanmanserverImapiService;Computer Browser Browserwscsvclanmanserver BrowserwscsvclanmanserverImapiService; srv --> srv [?]
S2 BrowserwscsvclanmanserverlanmanserverTapiSrvLmHostssrservice;Computer Browser Browserwscsvclanmanserver BrowserwscsvclanmanserverlanmanserverTapiSrvLmHostssrservice; srv --> srv [?]
S2 CiSvcDhcp;Indexing Service CiSvcDhcp; srv --> srv [?]
S2 CiSvcDhcpCOMSysApp;Indexing Service CiSvcDhcp CiSvcDhcpCOMSysApp; srv --> srv [?]
S2 CiSvcdmadminSSDPSRV;Indexing Service CiSvcdmadminSSDPSRV; srv --> srv [?]
S2 CiSvcdmadminSSDPSRVNetDDEdsdmRasMan;Indexing Service CiSvcdmadminSSDPSRV CiSvcdmadminSSDPSRVNetDDEdsdmRasMan; srv --> srv [?]
S2 CiSvcTapiSrvLmHostssrservicedmadminSSDPSRV;Indexing Service CiSvcTapiSrvLmHostssrservicedmadminSSDPSRV; srv --> srv [?]
S2 CiSvcWmdmPmSN;Indexing Service CiSvcWmdmPmSN; srv --> srv [?]
S2 ClipSrvIrmonSysmonLog;ClipBook ClipSrvIrmonSysmonLog; srv --> srv [?]
S2 CryptSvcwscsvc;Cryptographic Services CryptSvcwscsvc; srv --> srv [?]
S2 CryptSvcwscsvcLmHostssrservice;Cryptographic Services CryptSvcwscsvc CryptSvcwscsvcLmHostssrservice; srv --> srv [?]
S2 DcomLaunchRemoteAccessSSDPSRV;DCOM Server Process Launcher DcomLaunchRemoteAccessSSDPSRV; srv --> srv [?]
S2 DcomLaunchRemoteAccessSSDPSRVupnphostWZCSVC;DCOM Server Process Launcher DcomLaunchRemoteAccessSSDPSRV DcomLaunchRemoteAccessSSDPSRVupnphostWZCSVC; srv --> srv [?]
S2 dmadminHidServProtectedStorage;Logical Disk Manager Administrative Service dmadminHidServProtectedStorage; srv --> srv [?]
S2 dmadminHidServProtectedStorageBrowser;Logical Disk Manager Administrative Service dmadminHidServProtectedStorage dmadminHidServProtectedStorageBrowser; srv --> srv [?]
S2 dmadminHidServProtectedStorageBrowserIrmon;Logical Disk Manager Administrative Service dmadminHidServProtectedStorage dmadminHidServProtectedStorageBrowser dmadminHidServProtectedStorageBrowserIrmon; srv --> srv [?]
S2 dmadminsrservice;Logical Disk Manager Administrative Service dmadminsrservice; srv --> srv [?]
S2 dmadminSSDPSRV;Logical Disk Manager Administrative Service dmadminSSDPSRV; srv --> srv [?]
S2 dmadminSSDPSRVHTTPFilterwuauservwscsvc;Logical Disk Manager Administrative Service dmadminSSDPSRV dmadminSSDPSRVHTTPFilterwuauservwscsvc; srv --> srv [?]
S2 dmserverNetlogonEventlog;Logical Disk Manager dmserverNetlogonEventlog; srv --> srv [?]
S2 DnscacheVSS;DNS Client DnscacheVSS; srv --> srv [?]
S2 DnscacheVSSDnscachewuauserv;DNS Client DnscacheVSS DnscacheVSSDnscachewuauserv; srv --> srv [?]
S2 DnscacheVSSNla;DNS Client DnscacheVSS DnscacheVSSNla; srv --> srv [?]
S2 DnscacheVSSPlugPlayCryptSvcwscsvc;DNS Client DnscacheVSS DnscacheVSSPlugPlayCryptSvcwscsvc; srv --> srv [?]
S2 DnscacheVSSPlugPlayCryptSvcwscsvcBITSProtectedStorageDnscacheEventlogRSVP;DNS Client DnscacheVSS DnscacheVSSPlugPlayCryptSvcwscsvc DnscacheVSSPlugPlayCryptSvcwscsvcBITSProtectedStorageDnscacheEventlogRSVP; srv --> srv [?]
S2 DnscacheVSSThemesdmserverTapiSrvLmHostssrservice;DNS Client DnscacheVSS DnscacheVSSThemesdmserverTapiSrvLmHostssrservice; srv --> srv [?]
S2 Dnscachewuauserv;DNS Client Dnscachewuauserv; srv --> srv [?]
S2 DnscachewuauservWmiApSrvstisvc;DNS Client Dnscachewuauserv DnscachewuauservWmiApSrvstisvc; srv --> srv [?]
S2 EventSystemstisvc;COM+ Event System EventSystemstisvc; srv --> srv [?]
S2 FastUserSwitchingCompatibilityDnscache;Fast User Switching Compatibility FastUserSwitchingCompatibilityDnscache; srv --> srv [?]
S2 HidServNetmanCryptSvcwscsvc;Human Interface Device Access HidServNetmanCryptSvcwscsvc; srv --> srv [?]
S2 HidServProtectedStorage;Human Interface Device Access HidServProtectedStorage; srv --> srv [?]
S2 HTTPFilterNetman;HTTP SSL HTTPFilterNetman; srv --> srv [?]
S2 HTTPFilterNetmanPlugPlayCryptSvcwscsvc;HTTP SSL HTTPFilterNetman HTTPFilterNetmanPlugPlayCryptSvcwscsvc; srv --> srv [?]
S2 HTTPFilterwuauservwscsvc;HTTP SSL HTTPFilterwuauservwscsvc; srv --> srv [?]
S2 IrmonRasMan;Infrared Monitor IrmonRasMan; srv --> srv [?]
S2 IrmonSysmonLog;Infrared Monitor IrmonSysmonLog; srv --> srv [?]
S2 IrmonSysmonLogRpcLocator;Infrared Monitor IrmonSysmonLog IrmonSysmonLogRpcLocator; srv --> srv [?]
S2 IrmonSysmonLogRpcLocatorBITSProtectedStorageDnscacheEventlog;Infrared Monitor IrmonSysmonLog IrmonSysmonLogRpcLocator IrmonSysmonLogRpcLocatorBITSProtectedStorageDnscacheEventlog; srv --> srv [?]
S2 IrmonSysmonLogRpcLocatorLmHostssrservice;Infrared Monitor IrmonSysmonLog IrmonSysmonLogRpcLocator IrmonSysmonLogRpcLocatorLmHostssrservice; srv --> srv [?]
S2 IrmonSysmonLogRpcLocatorRasManImapiService;Infrared Monitor IrmonSysmonLog IrmonSysmonLogRpcLocatorRasManImapiService; srv --> srv [?]
S2 IrmonSysmonLogRpcLocatorRasManImapiServiceRpcLocator;Infrared Monitor IrmonSysmonLog IrmonSysmonLogRpcLocatorRasManImapiService IrmonSysmonLogRpcLocatorRasManImapiServiceRpcLocator; srv --> srv [?]
S2 IrmonSysmonLogRpcLocatorRasManImapiServiceW32TimeAudioSrvRemoteAccess;Infrared Monitor IrmonSysmonLog IrmonSysmonLogRpcLocatorRasManImapiService IrmonSysmonLogRpcLocatorRasManImapiServiceW32TimeAudioSrvRemoteAccess; srv --> srv [?]
S2 IrmonSysmonLogwscsvclanmanserver;Infrared Monitor IrmonSysmonLog IrmonSysmonLogwscsvclanmanserver; srv --> srv [?]
S2 IrmonSysmonLogwscsvclanmanserversrservice;Infrared Monitor IrmonSysmonLog IrmonSysmonLogwscsvclanmanserver IrmonSysmonLogwscsvclanmanserversrservice; srv --> srv [?]
S2 IrmonSysmonLogwscsvclanmanserversrservicelxbt_deviceRpcLocatorRasManAppMgmt;Infrared Monitor IrmonSysmonLog IrmonSysmonLogwscsvclanmanserver IrmonSysmonLogwscsvclanmanserversrservice IrmonSysmonLogwscsvclanmanserversrservicelxbt_deviceRpcLocatorRasManAppMgmt; srv --> srv [?]
S2 Irmonwscsvc;Infrared Monitor Irmonwscsvc; srv --> srv [?]
S2 lanmanserverTapiSrvLmHostssrservice;Server lanmanserverTapiSrvLmHostssrservice; srv --> srv [?]
S2 lanmanworkstationNetman;Workstation lanmanworkstationNetman; srv --> srv [?]
S2 lanmanworkstationNetmanDcomLaunch;Workstation lanmanworkstationNetman lanmanworkstationNetmanDcomLaunch; srv --> srv [?]
S2 lanmanworkstationTermService;Workstation lanmanworkstationTermService; srv --> srv [?]
S2 LmHostssrservice;TCP/IP NetBIOS Helper LmHostssrservice; srv --> srv [?]
S2 lxbt_deviceBITSProtectedStorageDnscacheEventlog;lxbt_device lxbt_deviceBITSProtectedStorageDnscacheEventlog; srv --> srv [?]
S2 lxbt_deviceRpcLocatorRasManAppMgmt;lxbt_device lxbt_deviceRpcLocatorRasManAppMgmt; srv --> srv [?]
S2 lxbt_deviceRpcLocatorRasManAppMgmtDnscacheVSS;lxbt_device lxbt_deviceRpcLocatorRasManAppMgmt lxbt_deviceRpcLocatorRasManAppMgmtDnscacheVSS; srv --> srv [?]
S2 Messengerlanmanserver;Messenger Messengerlanmanserver; srv --> srv [?]
S2 MessengerlanmanserverClipSrv;Messenger Messengerlanmanserver MessengerlanmanserverClipSrv; srv --> srv [?]
S2 MessengerlanmanserverNetlogon;Messenger Messengerlanmanserver MessengerlanmanserverNetlogon; srv --> srv [?]
S2 MessengerRasAutoW32TimeAudioSrvRemoteAccess;Messenger MessengerRasAutoW32TimeAudioSrvRemoteAccess; srv --> srv [?]
S2 MessengerSCardSvr;Messenger MessengerSCardSvr; srv --> srv [?]
S2 MessengerSENS;Messenger MessengerSENS; srv --> srv [?]
S2 mnmsrvcClipSrv;NetMeeting Remote Desktop Sharing mnmsrvcClipSrv; srv --> srv [?]
S2 MSIServerNtmlSvc;Windows Installer MSIServerNtmlSvc; srv --> srv [?]
S2 NetDDEdsdmRasMan;Network DDE DSDM NetDDEdsdmRasMan; srv --> srv [?]
S2 NetDDEdsdmRasManDnscacheVSSPlugPlayCryptSvcwscsvc;Network DDE DSDM NetDDEdsdmRasMan NetDDEdsdmRasManDnscacheVSSPlugPlayCryptSvcwscsvc; srv --> srv [?]
S2 NetDDEdsdmRasManDnscacheVSSPlugPlayCryptSvcwscsvcIrmonwscsvc;Network DDE DSDM NetDDEdsdmRasMan NetDDEdsdmRasManDnscacheVSSPlugPlayCryptSvcwscsvc NetDDEdsdmRasManDnscacheVSSPlugPlayCryptSvcwscsvcIrmonwscsvc; srv --> srv [?]
S2 NetDDEdsdmRasManDnscacheVSSPlugPlayCryptSvcwscsvcRpcLocatorRasManAppMgmt;Network DDE DSDM NetDDEdsdmRasMan NetDDEdsdmRasManDnscacheVSSPlugPlayCryptSvcwscsvc NetDDEdsdmRasManDnscacheVSSPlugPlayCryptSvcwscsvcRpcLocatorRasManAppMgmt; srv --> srv [?]
S2 NetDDEFastUserSwitchingCompatibility;Network DDE NetDDEFastUserSwitchingCompatibility; srv --> srv [?]
S2 NetDDEFastUserSwitchingCompatibilityIrmonSysmonLogRpcLocatorRasManImapiServiceRpcLocator;Network DDE NetDDEFastUserSwitchingCompatibility NetDDEFastUserSwitchingCompatibilityIrmonSysmonLogRpcLocatorRasManImapiServiceRpcLocator; srv --> srv [?]
S2 NetlogonEventlog;Net Logon NetlogonEventlog; srv --> srv [?]
S2 NetmanCryptSvcwscsvc;Network Connections NetmanCryptSvcwscsvc; srv --> srv [?]
S2 NetmanVSS;Network Connections NetmanVSS; srv --> srv [?]
S2 NetmanVSSstisvc;Network Connections NetmanVSS NetmanVSSstisvc; srv --> srv [?]
S2 Nlasrservice;Network Location Awareness (NLA) Nlasrservice; srv --> srv [?]
S2 NlasrserviceCiSvcdmadminSSDPSRVNetDDEdsdmRasMan;Network Location Awareness (NLA) Nlasrservice NlasrserviceCiSvcdmadminSSDPSRVNetDDEdsdmRasMan; srv --> srv [?]
S2 NtmlSvc;NtmlSvc;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
S2 NtmlSvcNetDDEdsdm;NtmlSvc NtmlSvcNetDDEdsdm; srv --> srv [?]
S2 NtmlSvcNetDDEdsdmAppMgmtRpcLocatorRasManImapiServiceShellHWDetectionMessenger;NtmlSvc NtmlSvcNetDDEdsdm NtmlSvcNetDDEdsdmAppMgmtRpcLocatorRasManImapiServiceShellHWDetectionMessenger; srv --> srv [?]
S2 NtmlSvcNetDDEdsdmSENSCryptSvcwscsvc;NtmlSvc NtmlSvcNetDDEdsdm NtmlSvcNetDDEdsdmSENSCryptSvcwscsvc; srv --> srv [?]
S2 osewuauserv;Office Source Engine osewuauserv; srv --> srv [?]
S2 PlugPlayCryptSvcwscsvc;Plug and Play PlugPlayCryptSvcwscsvc; srv --> srv [?]
S2 PlugPlayCryptSvcwscsvcAlerterBITSNtmsSvc;Plug and Play PlugPlayCryptSvcwscsvc PlugPlayCryptSvcwscsvcAlerterBITSNtmsSvc; srv --> srv [?]
S2 RasAutoW32TimeAudioSrvRemoteAccess;Remote Access Auto Connection Manager RasAutoW32TimeAudioSrvRemoteAccess; srv --> srv [?]
S2 RasManBrowser;Remote Access Connection Manager RasManBrowser; srv --> srv [?]
S2 RasManBrowserAppMgmt;Remote Access Connection Manager RasManBrowser RasManBrowserAppMgmt; srv --> srv [?]
S2 RasManBrowserAppMgmtBITS;Remote Access Connection Manager RasManBrowser RasManBrowserAppMgmt RasManBrowserAppMgmtBITS; srv --> srv [?]
S2 RemoteAccessRDSessMgr;Routing and Remote Access RemoteAccessRDSessMgr; srv --> srv [?]
S2 RemoteAccessRDSessMgrRasManBrowser;Routing and Remote Access RemoteAccessRDSessMgr RemoteAccessRDSessMgrRasManBrowser; srv --> srv [?]
S2 RemoteAccessSSDPSRV;Routing and Remote Access RemoteAccessSSDPSRV; srv --> srv [?]
S2 RpcLocatorRasMan;Remote Procedure Call (RPC) Locator RpcLocatorRasMan; srv --> srv [?]
S2 RpcLocatorRasManAppMgmt;Remote Procedure Call (RPC) Locator RpcLocatorRasMan RpcLocatorRasManAppMgmt; srv --> srv [?]
S2 RpcLocatorRasManAppMgmtmnmsrvcClipSrv;Remote Procedure Call (RPC) Locator RpcLocatorRasMan RpcLocatorRasManAppMgmt RpcLocatorRasManAppMgmtmnmsrvcClipSrv; srv --> srv [?]
S2 RpcLocatorRasManAppMgmtMSDTC;Remote Procedure Call (RPC) Locator RpcLocatorRasMan RpcLocatorRasManAppMgmt RpcLocatorRasManAppMgmtMSDTC; srv --> srv [?]
S2 RpcLocatorRasManImapiService;Remote Procedure Call (RPC) Locator RpcLocatorRasMan RpcLocatorRasManImapiService; srv --> srv [?]
S2 RSVPUPSAudioSrv;QoS RSVP RSVPUPSAudioSrv; srv --> srv [?]
S2 SamSsEventSystem;Security Accounts Manager SamSsEventSystem; srv --> srv [?]
S2 SamSsEventSystemNla;Security Accounts Manager SamSsEventSystem SamSsEventSystemNla; srv --> srv [?]
S2 SamSsHTTPFilter;Security Accounts Manager SamSsHTTPFilter; srv --> srv [?]
S2 SamSsHTTPFilterRDSessMgr;Security Accounts Manager SamSsHTTPFilter SamSsHTTPFilterRDSessMgr; srv --> srv [?]
S2 SamSsHTTPFilterWmiApSrv;Security Accounts Manager SamSsHTTPFilter SamSsHTTPFilterWmiApSrv; srv --> srv [?]
S2 SamSslanmanworkstationNetman;Security Accounts Manager SamSslanmanworkstationNetman; srv --> srv [?]
S2 SamSslanmanworkstationNetmanAppMgmtRpcLocatorRasManImapiService;Security Accounts Manager SamSslanmanworkstationNetman SamSslanmanworkstationNetmanAppMgmtRpcLocatorRasManImapiService; srv --> srv [?]
S2 SENSCryptSvcwscsvc;System Event Notification SENSCryptSvcwscsvc; srv --> srv [?]
S2 SENSCryptSvcwscsvcNetmanCryptSvcwscsvc;System Event Notification SENSCryptSvcwscsvc SENSCryptSvcwscsvcNetmanCryptSvcwscsvc; srv --> srv [?]
S2 ShellHWDetectionMessenger;Shell Hardware Detection ShellHWDetectionMessenger; srv --> srv [?]
S2 ShellHWDetectionMessengerIrmonSysmonLogRpcLocator;Shell Hardware Detection ShellHWDetectionMessenger ShellHWDetectionMessengerIrmonSysmonLogRpcLocator; srv --> srv [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S2 srserviceCiSvcDhcp;System Restore Service srserviceCiSvcDhcp; srv --> srv [?]
S2 srserviceCiSvcDhcpNetDDEdsdm;System Restore Service srserviceCiSvcDhcp srserviceCiSvcDhcpNetDDEdsdm; srv --> srv [?]
S2 srserviceImapiService;System Restore Service srserviceImapiService; srv --> srv [?]
S2 SSDPSRVIrmonSysmonLogRpcLocatorRasManImapiService;SSDP Discovery Service SSDPSRVIrmonSysmonLogRpcLocatorRasManImapiService; srv --> srv [?]
S2 SSDPSRVTrkWks;SSDP Discovery Service SSDPSRVTrkWks; srv --> srv [?]
S2 SysmonLogTapiSrvLmHostssrservice;Performance Logs and Alerts SysmonLogTapiSrvLmHostssrservice; srv --> srv [?]
S2 TapiSrvLmHostssrservice;Telephony TapiSrvLmHostssrservice; srv --> srv [?]
S2 TapiSrvLmHostssrserviceBITSProtectedStorageDnscacheEventlogRSVPCryptSvcwscsvc;Telephony TapiSrvLmHostssrservice TapiSrvLmHostssrserviceBITSProtectedStorageDnscacheEventlogRSVPCryptSvcwscsvc; srv --> srv [?]
S2 TapiSrvLmHostssrservicedmadminSSDPSRV;Telephony TapiSrvLmHostssrservice TapiSrvLmHostssrservicedmadminSSDPSRV; srv --> srv [?]
S2 TapiSrvWZCSVCAppMgmt;Telephony TapiSrvWZCSVCAppMgmt; srv --> srv [?]
S2 TapiSrvWZCSVCAppMgmtlxbt_device;Telephony TapiSrvWZCSVCAppMgmt TapiSrvWZCSVCAppMgmtlxbt_device; srv --> srv [?]
S2 TapiSrvWZCSVCAppMgmtlxbt_deviceSSDPSRVTrkWks;Telephony TapiSrvWZCSVCAppMgmt TapiSrvWZCSVCAppMgmtlxbt_device TapiSrvWZCSVCAppMgmtlxbt_deviceSSDPSRVTrkWks; srv --> srv [?]
S2 TapiSrvWZCSVCAppMgmtxmlprovMessenger;Telephony TapiSrvWZCSVCAppMgmt TapiSrvWZCSVCAppMgmtxmlprovMessenger; srv --> srv [?]
S2 TermServiceMessengerSENS;Terminal Services TermServiceMessengerSENS; srv --> srv [?]
S2 ThemesCiSvc;Themes ThemesCiSvc; srv --> srv [?]
S2 Themesdmserver;Themes Themesdmserver; srv --> srv [?]
S2 ThemesdmserverTapiSrvLmHostssrservice;Themes Themesdmserver ThemesdmserverTapiSrvLmHostssrservice; srv --> srv [?]
S2 ThemesdmserverTapiSrvLmHostssrserviceHidServ;Themes Themesdmserver ThemesdmserverTapiSrvLmHostssrservice ThemesdmserverTapiSrvLmHostssrserviceHidServ; srv --> srv [?]
S2 ThemesdmserverTapiSrvLmHostssrserviceHidServwuauservwscsvc;Themes Themesdmserver ThemesdmserverTapiSrvLmHostssrservice ThemesdmserverTapiSrvLmHostssrserviceHidServ ThemesdmserverTapiSrvLmHostssrserviceHidServwuauservwscsvc; srv --> srv [?]
S2 ThemesSENS;Themes ThemesSENS; srv --> srv [?]
S2 ThemesxmlprovCryptSvc;Themes ThemesxmlprovCryptSvc; srv --> srv [?]
S2 upnphostWZCSVC;Universal Plug and Play Device Host upnphostWZCSVC; srv --> srv [?]
S2 UPSAudioSrv;Uninterruptible Power Supply UPSAudioSrv; srv --> srv [?]
S2 W32TimeAudioSrv;Windows Time W32TimeAudioSrv; srv --> srv [?]
S2 W32TimeAudioSrvRemoteAccess;Windows Time W32TimeAudioSrv W32TimeAudioSrvRemoteAccess; srv --> srv [?]
S2 winmgmtThemesdmserver;Windows Management Instrumentation winmgmtThemesdmserver; srv --> srv [?]
S2 WmiApSrvNOD32krn;WMI Performance Adapter WmiApSrvNOD32krn; srv --> srv [?]
S2 WmiApSrvstisvc;WMI Performance Adapter WmiApSrvstisvc; srv --> srv [?]
S2 wscsvclanmanserver;Security Center wscsvclanmanserver; srv --> srv [?]
S2 wuauservwscsvc;Automatic Updates wuauservwscsvc; srv --> srv [?]
S2 WZCSVCAppMgmt;Wireless Zero Configuration WZCSVCAppMgmt; srv --> srv [?]
S2 xmlprovCryptSvc;Network Provisioning Service xmlprovCryptSvc; srv --> srv [?]
S2 xmlprovCryptSvcose;Network Provisioning Service xmlprovCryptSvc xmlprovCryptSvcose; srv --> srv [?]
S2 xmlprovMessenger;Network Provisioning Service xmlprovMessenger; srv --> srv [?]
S2 xmlprovNetman;Network Provisioning Service xmlprovNetman; srv --> srv [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-1 250808]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [2012-9-4 32408]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [2012-9-4 15896]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 114144]
S3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2007-7-26 62824]
S3 tcpsr;tcpsr;\??\c:\windows\system32\drivers\tcpsr.sys --> c:\windows\system32\drivers\tcpsr.sys [?]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\drivers\zghsmdm.sys [2012-9-4 113688]
.
=============== Created Last 30 ================
.
2012-10-22 20:42:18 15360 ------w- c:\windows\system32\WinCtrl32.dll
.
==================== Find3M ====================
.
2012-10-22 20:42:19 4 ----a-w- c:\windows\system32\WLCtrl32.dll
2012-10-22 20:42:17 12800 ----a-w- c:\windows\system32\WinNt32.dll
2012-10-09 17:17:37 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 17:17:37 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-04 07:25:05 15360 ----a-w- c:\windows\system32\WinCtrl32(2)(2).dll
2012-09-04 07:23:43 12800 ----a-w- c:\windows\system32\WinNt32(10).dll
2012-09-04 07:22:19 12800 ----a-w- c:\windows\system32\WinNt32(11).dll
2012-09-04 07:20:55 12800 ----a-w- c:\windows\system32\WinNt32(12).dll
2012-09-04 07:13:41 12800 ----a-w- c:\windows\system32\WinNt32(13).dll
2012-09-01 09:00:05 12800 ----a-w- c:\windows\system32\WinNt32(14).dll
2012-09-01 08:58:40 12800 ----a-w- c:\windows\system32\WinNt32(15).dll
2012-09-01 08:57:42 12800 ----a-w- c:\windows\system32\WinNt32(16).dll
2012-09-01 08:56:18 12800 ----a-w- c:\windows\system32\WinNt32(17).dll
2012-09-01 07:23:29 12800 ----a-w- c:\windows\system32\WinNt32(18).dll
2012-09-01 07:22:05 12800 ----a-w- c:\windows\system32\WinNt32(19).dll
2012-09-01 07:20:40 12800 ----a-w- c:\windows\system32\WinNt32(20).dll
2012-09-01 07:19:15 12800 ----a-w- c:\windows\system32\WinNt32(21).dll
2012-09-01 07:16:24 12800 ----a-w- c:\windows\system32\WinNt32(22).dll
2012-09-01 07:14:59 12800 ----a-w- c:\windows\system32\WinNt32(23).dll
2012-09-01 07:13:35 12800 ----a-w- c:\windows\system32\WinNt32(24).dll
2012-09-01 07:12:11 12800 ----a-w- c:\windows\system32\WinNt32(25).dll
2012-09-01 07:10:46 12800 ----a-w- c:\windows\system32\WinNt32(26).dll
2012-09-01 07:09:21 12800 ----a-w- c:\windows\system32\WinNt32(27).dll
2012-09-01 00:03:58 12800 ----a-w- c:\windows\system32\WinNt32(28).dll
2012-09-01 00:01:51 12800 ----a-w- c:\windows\system32\WinNt32(29).dll
2012-09-01 00:00:39 12800 ----a-w- c:\windows\system32\WinNt32(30).dll
2012-08-31 23:59:32 12800 ----a-w- c:\windows\system32\WinNt32(31).dll
2012-08-31 23:58:20 12800 ----a-w- c:\windows\system32\WinNt32(32).dll
2012-08-31 23:48:11 12800 ----a-w- c:\windows\system32\WinNt32(33).dll
2012-08-31 12:51:41 12800 ----a-w- c:\windows\system32\WinNt32(34).dll
2012-08-31 12:44:48 12800 ----a-w- c:\windows\system32\WinNt32(35).dll
2012-08-31 12:43:45 12800 ----a-w- c:\windows\system32\WinNt32(2).dll
2012-08-31 12:04:36 12800 ----a-w- c:\windows\system32\WinNt32(3).dll
2012-08-29 19:55:12 12800 ----a-w- c:\windows\system32\WinNt32(4).dll
2012-08-29 19:07:45 12800 ----a-w- c:\windows\system32\WinNt32(5).dll
2012-08-29 18:55:11 12800 ----a-w- c:\windows\system32\WinNt32(6).dll
2012-08-29 18:50:21 12800 ----a-w- c:\windows\system32\WinNt32(7).dll
2012-08-29 18:12:30 12800 ----a-w- c:\windows\system32\WinNt32(8).dll
2012-08-29 18:11:29 12800 ----a-w- c:\windows\system32\WinNt32(9).dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, gmer.net
Windows 5.1.2600 Disk: WDC_WD800JD-60LSA5 rev.10.01E03 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x82BA6EB0]<<
_asm { MOV EAX, 0x82ba6dd0; XCHG [ESP], EAX; PUSH EAX; PUSH 0x82bd20d4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x804EEEB8] -> \Device\Harddisk0\DR0[0x82B6B030]
\Driver\Disk[0x82B6C9D0] -> IRP_MJ_CREATE -> 0x82BA6EB0
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x82ba6eb0
user & kernel MBR OK
Warning: possible MBR rootkit infection !
.
============= FINISH: 23:02:52,28 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 23 Okt 2012 4:47

skenirao sam sa eset nod 32 5 i obrisao neke viruse ,ali su ostali virusi u memoriji

23.10.2012 4:41:45 Startup scanner file Operating memory » C:\WINDOWS\system32\WinCtrl32.dll a variant of Win32/Kryptik.GJN trojan
23.10.2012 4:41:07 Startup scanner file Operating memory » C:\WINDOWS\system32\WinCtrl32.dll a variant of Win32/Wigon trojan

Dopuna: 23 Okt 2012 4:49

ako su potrebni novi logovi kazite ,jer je anti virus mozda nesto izbrisao od fajlova koje nije mogao da ocisti

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav, Djordje



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku;
Nemoj kliktati u okviru ComboFix prozora dok radi jer to može usporiti rad alata;
Nemoj ponovo pokretati ComboFix na svoju ruku - javi se u temi bilo kakav problem da imaš tokom prvog pokretanja alata;
Ako nakon restarta dobijaš grešku prilikom startovanja pojedinih programa da su označeni za brisanje (Illegal operation attempted on a registry key that has been marked for deletion), onda ponovo restartuj sistem i to ce rešiti problem.