problem sa virusima

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of HijackThis v1.99.1
Scan saved at 2:47:48 AM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Conexant\Adsl\dslstat.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jo\Desktop\nesto\tr3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = krstarica.com/
R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SoundMan] " SOUNDMAN.EXE"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C544F9A2-EEFD-4CCF-ADCC-976E22189885}: NameServer = 77.105.0.18 77.105.0.19
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



imam symantec antivirus i redovno ga updatujem,i skeniram sistem.medjutim kompjuter mi u poslednjih par dana mnogo sporije radi i na momente prestaje da radi tako da na desktopu ni jednu ikonu ne mogu da aktiviram niti da ga restartujem.antivirus uopste ne detektuje da je kompjuter zarazen.imam adsl na 512 kbps .veliki sam laik tako da samo mogu nesto jos vise da pokvarim pa vas molim da mi resite problem ako je moguce .poslusacu svaki savet.unapred hvala!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokreni HijackThis, idi na opciju "Do a system scan only", označi (u kvadratiću pored nje) ovu liniju:
O4 - Startup: PowerReg Scheduler V3.exe
Pritisni "Fix Checked".

Restartuj računar.
----------------

Kada podigneš sistem pronaći fajl sa ove putanje:
C:\Program Files\P2P_Energy\tbP2P_.dll

Uploaduj nam to preko ovog linka > http://www.mycity.rs/ambulanta-upload.php
---------------------

Uz sledeću poruku postavi i novi HijackThis log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of HijackThis v1.99.1
Scan saved at 10:51:42 AM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Conexant\Adsl\dslstat.exe
C:\Program Files\Conexant\Adsl\dslagent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jo\Desktop\nesto\tr3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = krstarica.com/
R3 - URLSearchHook: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Secured_eMule toolbar - {1d1b60fd-b21f-4b9a-8a5f-64e8544828d7} - C:\Program Files\Secured_eMule\tbSecu.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Conexant\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Conexant\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SoundMan] " SOUNDMAN.EXE"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{C544F9A2-EEFD-4CCF-ADCC-976E22189885}: NameServer = 77.105.0.19 77.105.0.18
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe



hvala,jel treba jos nesto da se uradi.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ona linija koju si uklonila je jedina bila sporna. Fajl koji si upload-ovala je čist. Sporo podizanje/rad sistema zavisi i od broja pokrenutih programa/programa koji se podižu sa windows-om. Možemo da probamo još jednu opciju. Ako ne bude detekcije problem ćeš dalje rešavati u Windows delu foruma.

---------------------

Skeniraj komp sa GMER-om i postavi log da proverimo da nema nekih rootkitova...

Uradi sledeće:
Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
U polju za pisanje poruke na forumu klikni desno dugme misa i odaberi opciju Paste.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

GMER 1.0.13.12551 - gmer.net
Rootkit scan 2007-11-03 17:01:27
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT 84CBE258 ZwConnectPort
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwDeleteValueKey
SSDT 84B75588 ZwDuplicateObject
SSDT 84C43A40 ZwOpenProcess
SSDT 84C43C88 ZwOpenThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS ZwSetValueKey

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F746FF70] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F746FF70] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7470160] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F746FF70] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7463F08] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F5A439A0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F5A43A00] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F5A43910] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F5A43910] SYMEVENT.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F5893900] SYMTDI.SYS
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F5893900] SYMTDI.SYS
---- Processes - GMER 1.0.13 ----

Library C:\WINDOWS\explorer.exe:mian.nest (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1224] 0x10000000
Library C:\WINDOWS\explorer.exe:extractor3.jpg (*** hidden *** ) @ c:\Program Files\Internet Explorer\iexplore.exe [3240] 0x00A50000
Library C:\WINDOWS\explorer.exe:httpcomm (*** hidden *** ) @ c:\Program Files\Internet Explorer\iexplore.exe [3240] 0x10000000

---- Files - GMER 1.0.13 ----

ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0010784.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0010784.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0010784.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0010784.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0010793.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0010793.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0010793.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0010793.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0010803.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0010803.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0010803.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0010803.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0011803.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0011803.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0011803.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0011803.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0011808.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0011808.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0011808.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0011808.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0011860.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0011860.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0011860.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0011860.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0012860.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0012860.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0012860.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0012860.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0014860.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0014860.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0014860.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0014860.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0015860.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0015860.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0015860.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0015860.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0016860.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0016860.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0016860.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0016860.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0018860.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0018860.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0018860.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0018860.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0019860.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0019860.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0019860.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0019860.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0020860.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0020860.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0020860.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0020860.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0020876.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0020876.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0020876.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0020876.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0021897.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0021897.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0021897.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP79\A0021897.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP80\A0021908.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP80\A0021908.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP80\A0021908.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP80\A0021908.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP81\A0021926.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP81\A0021926.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP81\A0021926.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP81\A0021926.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP81\A0021955.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP81\A0021955.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP81\A0021955.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP81\A0021955.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP81\A0021976.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP81\A0021976.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP81\A0021976.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP81\A0021976.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP81\A0021982.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP81\A0021982.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP81\A0021982.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP81\A0021982.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0021991.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0021991.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0021991.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0021991.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0022982.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0022982.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0022982.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0022982.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0023982.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0023982.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0023982.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0023982.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0024982.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0024982.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0024982.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0024982.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0025982.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0025982.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0025982.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0025982.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0026982.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0026982.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0026982.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0026982.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0027982.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0027982.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0027982.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0027982.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0028982.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0028982.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0028982.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP82\A0028982.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029041.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029041.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029041.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029041.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029054.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029054.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029054.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029054.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029061.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029061.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029061.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029061.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029073.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029073.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029073.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029073.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029099.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029099.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029099.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0029099.exe:submitter.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0030099.exe:extractor3.jpg
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0030099.exe:httpcomm
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0030099.exe:mian.nest
ADS C:\System Volume Information\_restore{B21B76FA-A30C-46BA-A1DE-47933D4288A7}\RP83\A0030099.exe:submitter.jpg
ADS C:\WINDOWS\explorer.exe:extractor3.jpg
ADS C:\WINDOWS\explorer.exe:extractor3.txt
ADS C:\WINDOWS\explorer.exe:host.opts.db
ADS C:\WINDOWS\explorer.exe:httpcomm
ADS C:\WINDOWS\explorer.exe:httpcomm.set
ADS C:\WINDOWS\explorer.exe:mian.nest
ADS C:\WINDOWS\explorer.exe:submitter.jpg

---- EOF - GMER 1.0.13 ----

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi AVZ Antivirus [2,6 mb] sa linka:
http://z-oleg.com/avz4en.zip

On se ne instalira. Raspakuj arhivu u folder bilo gde i pokreni avz.exe.
Opcija File, iz padajućeg menija izaberi Custom scripts.
U prazno polje copy/paste sledeće:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
QuarantineFile('C:\WINDOWS\explorer.exe:mian.nest:$DATA','');
QuarantineFile('C:\WINDOWS\explorer.exe:mian.nest','');
QuarantineFile('C:\WINDOWS\explorer.exe:httpcomm:$DATA','');
QuarantineFile('c:\windows\explorer.exe:extractor3.jpg:$DATA','');
QuarantineFile('c:\windows\explorer.exe:extractor3.jpg','');
QuarantineFile('c:\windows\explorer.exe:extractor3.txt','');
QuarantineFile('C:\WINDOWS\explorer.exe:mian.nest','');
QuarantineFile('C:\WINDOWS\explorer.exe:httpcomm.set','');
QuarantineFile('C:\WINDOWS\explorer.exe:httpcomm','');
QuarantineFile('C:\WINDOWS\explorer.exe:host.opts.db','');
QuarantineFile('C:\WINDOWS\system32\winload.dll','');
DeleteFile('C:\WINDOWS\system32\winload.dll');
DeleteFile('C:\WINDOWS\explorer.exe:mian.nest:$DATA');
DeleteFile('C:\WINDOWS\explorer.exe:httpcomm:$DATA');
DeleteFile('c:\windows\explorer.exe:extractor3.jpg:$DATA');
DeleteFile('c:\windows\explorer.exe:extractor3.jpg');
DeleteFile('c:\windows\explorer.exe:extractor3.txt');
DeleteFile('C:\WINDOWS\explorer.exe:httpcomm');
DeleteFile('C:\WINDOWS\explorer.exe:httpcomm.set');
DeleteFile('C:\WINDOWS\explorer.exe:mian.nest');
DeleteFile('C:\WINDOWS\explorer.exe:submitter.jpg');
DeleteFile('C:\WINDOWS\explorer.exe:host.opts.db');
BC_ImportALL;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

Klikni na dugme Run.
--------------------------------------

Sačekaj da se proces čišćenja obavi. To može da traje par minuta. Ekran će da pocrni i računar će se restartovati.
U slučaju da se sam ne restartuje učini ti to ručno.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ne mogu to da uradim jer kad kad kliknem na custom scrips,copy-pastujem kod i pritisnem run pojavi se sledece error:too many actual parameters at position 22:11

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izvinjavam se. Rađeno je u brzini pa se potkrala greška. Evo sada je skripta editovana, probao sam je - radi.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

sve je u redu za sada.

hvala mnogo!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skeniraj računar i postavi nam još jedan gmer log (kao što si uradila u predhodnom postu) da bi videli da li je sve obrisano. Ako pokaže da malware-a nema ostaje ti samo da isključiš System Restore - restartuješ PC - pa ponovo uključiš System Restore. Ako ti nije jasno kako to da izvedeš reći da ti kopiram uputstvo.