MyCity » Ambulanta -> Arhiva Ambulante » EKERN.EXE

EKERN.EXE

Napisano na dan: 1.2.2009

Strana:
1
2

EKERN.EXE

Sledeća strana

Pagination

Odgovori

Strana:
1
2

mikiilic Poslao: 01 Feb 2009 21:19 Idi na vrh
offline mikiilic Građanin Pridružio: 06 Jun 2005 Poruke: 43	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:12:22, on 1.2.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\nMtsk.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ASUS\Probe\AsusProb.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\HPZipm12.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil VoIP Plugin.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\Milan\Desktop\New Folder (4)\TR3.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Download Link Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_file.htm O8 - Extra context menu item: Download List Of Files Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_list.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Load WebShots 1999x1333 - C:\Documents and Settings\Milan\Desktop\Webshots Premium Wallpaper Downloader\WebShotsLoader.htm O8 - Extra context menu item: Subscribe To RSS/Podcast Using DownloadStudio... - C:\Program Files\Conceiva\DownloadStudio\ds_rss.htm O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Eset HTTP Server (EHttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iolo DMV Service (ioloDMV) - Unknown owner - C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- End of file - 9511 bytes Desava mi se se kompjuter zamrzne. Kada uspem da otvotimtask manager, vidim da proces ekern.exe zauzima 100% procesorskog vremena. Kada iskljucim proces racunar se "odglavi" ali ekern.exe se ponovo pojavi . zaglavljuje. Da li mi neko moze pomoci? Hvala unapred

Profil

helen1 Poslao: 01 Feb 2009 21:21 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mislis na ekrn.exe?

Profil

mikiilic Poslao: 01 Feb 2009 21:23 Idi na vrh
offline mikiilic Građanin Pridružio: 06 Jun 2005 Poruke: 43	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da , mislio sam ekrn.exe.

Profil

helen1 Poslao: 01 Feb 2009 21:25 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! * Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin : Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje). * Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora; * Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection. * Na sledece pitanje klikni Yes. Napomena: Ne zaboravi da ukljuciš ovu opciju po završetku cišcenja. --------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

mikiilic Poslao: 01 Feb 2009 21:45 Idi na vrh
offline mikiilic Građanin Pridružio: 06 Jun 2005 Poruke: 43	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-02-01.01 - Milan 2009-02-01 21:30:00.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1250.1.1033.18.1023.575 [GMT 1:00] Running from: c:\documents and settings\Milan\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Milan\Application Data\.# c:\documents and settings\Milan\Application Data\inst.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF ((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 ))))))))))))))))))))))))))))))) . 2009-01-30 00:07 . 2009-01-30 00:07 <DIR> d-------- C:\XPUpdate 2009-01-25 11:58 . 2009-01-25 12:00 <DIR> d-------- c:\documents and settings\Milan\Application Data\vlc 2009-01-15 19:40 . 2004-08-03 23:08 31,744 --a------ c:\windows\system32\drivers\wceusbsh.sys 2009-01-15 19:40 . 2004-08-03 23:08 31,744 --a--c--- c:\windows\system32\dllcache\wceusbsh.sys 2009-01-09 20:16 . 2009-01-09 21:48 <DIR> d-------- c:\program files\WinAce 2009-01-09 16:31 . 2009-01-09 16:31 410,984 --a------ c:\windows\system32\deploytk.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-31 20:16 --------- d---a-w c:\documents and settings\All Users.WINDOWS\Application Data\TEMP 2009-01-31 14:34 --------- d-----w c:\documents and settings\Milan\Application Data\Azureus 2009-01-29 08:04 --------- d-----w c:\program files\vso 2009-01-29 08:04 --------- d-----w c:\documents and settings\Milan\Application Data\Vso 2009-01-29 08:00 --------- d-----w c:\program files\Ulead Systems 2009-01-29 08:00 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Ulead Systems 2009-01-29 07:58 --------- d-----w c:\program files\Common Files\Ulead Systems 2009-01-09 23:51 --------- d-----w c:\program files\Folder Lock 2009-01-09 15:31 --------- d-----w c:\program files\Java 2008-12-28 11:01 --------- d-----w c:\program files\Microsoft Games 2008-12-04 14:31 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Bluetooth 2008-12-04 14:21 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-12-04 14:17 --------- d-----w c:\program files\IVT Corporation 2008-12-04 13:40 --------- d-----w c:\documents and settings\Milan\Application Data\Nokia 2008-12-04 13:10 --------- d-----w c:\documents and settings\Milan\Application Data\PC Suite 2008-12-04 13:01 --------- d-----w c:\program files\DIFX 2008-12-04 12:59 --------- d-----w c:\documents and settings\All Users.WINDOWS\Application Data\Installations 2008-11-26 10:03 47,360 ----a-w c:\documents and settings\Milan\Application Data\pcouffin.sys 2007-01-27 11:24 87,608 ----a-w c:\documents and settings\Milan\Application Data\ezpinst.exe 2008-10-08 07:20 1,004 --sha-w c:\windows\system32\sys_drv.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600] "Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040] "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-05-27 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064] "ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984] "nMTaskBarService"="nMtsk.exe" [2002-01-16 c:\windows\nMtsk.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-05-30 25214] AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872] BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-03-14 691984] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.L3ACM"= L3CODECP.acm "VIDC.I420"= i420vfw.dll "vidc.CDVC"= cdvccodc.dll "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "UVS11 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe "WinFast Schedule"=c:\program files\WinFast\W\WFTVFM\WFWIZ.exe "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Azureus\\Azureus.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Opera\\Opera.exe"= "c:\\Program Files\\ReGet Software\\ReGet Deluxe\\ReGetDx.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Microsoft Games\\Age of Empires II\\empires2.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"= "c:\\WINDOWS\\system32\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "36730:TCP"= 36730:TCP:LimeWire "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-08-18 34312] R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-01-13 15872] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224] S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2006-05-17 208851] S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2006-05-17 10324] S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [2006-05-17 34789] S3 ES-620;Edisonsoft ES-620 USB Infrared Adapter;c:\windows\system32\drivers\ES-620.sys [2006-11-19 29076] S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2007-02-17 4134] S3 Henfnetr;Henfnetr; [x] --- Other Services/Drivers In Memory --- Deregistered - mchInjDrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d43e6bb7-7839-11dd-8acf-4d6564696130}] \Shell\AutoRun\command - G:\AutoTransfer.exe . Contents of the 'Scheduled Tasks' folder 2008-12-04 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = .local IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Download Link Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_file.htm IE: Download List Of Files Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_list.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Load WebShots 1999x1333 - c:\documents and settings\Milan\Desktop\Webshots Premium Wallpaper Downloader\WebShotsLoader.htm IE: Subscribe To RSS/Podcast Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_rss.htm FF - ProfilePath - c:\documents and settings\Milan\Application Data\Mozilla\Firefox\Profiles\tyfctzam.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/ FF - prefs.js: network.proxy.type - 2 FF - plugin: c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\browser\nppdf32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-02-01 21:35:56 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwQuerySystemInformation scanning hidden processes ... c:\program files\iolo\Common\Lib\ioloDMVSvc.exe [1780] 0x8614D838 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1644491937-706699826-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_USERS\S-1-5-21-1644491937-706699826-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1050469D-6B08-5A04-BEB3-764275F160B8}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "pahikodgclidkcdeoiffkpmadmdldcfo"=hex:6a,61,69,64,68,66,64,67,6b,6f,6f,66,61, 6e,6b,6e,6b,6b,6e,64,00,00 "oanhajgcgkahienhioojfpgdpemhif"=hex:6a,61,69,64,63,66,6d,66,65,61,62,64,69,6d, 69,61,6e,64,66,6e,00,00 "haljklnpelajopkl"=hex:63,62,6d,6c,6e,69,70,70,6c,62,6a,67,6f,65,6a,70,69,66, 70,70,67,67,69,62,65,6b,64,66,6c,6a,6d,68,69,70,6e,64,62,66,00,00 "haljklnpphbplonj"=hex:68,62,6b,64,64,6e,6a,6b,6b,69,6d,6b,69,6e,6d,66,6e,6a, 70,67,6b,62,6b,6a,61,68,6f,63,67,68,6a,6e,6f,6f,6a,62,70,6c,62,6d,70,6b,6b,\ "kafimofmmmckbnneamcaoe"=hex:62,61,6a,64,00,00 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,5b,fa,7a,5a,34, 5c,92,a0,e2,63,26,f1,3f,c8,ff,68,a6,95,13,2e,5f,91,56,d5,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,94,f4,f3,cd,b8, c0,ae,f7,6a,9c,d6,61,af,45,84,18,93,04,85,9a,c3,25,33,cb,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,4b,d1,43,c2,64, 79,25,f3,ff,7c,85,e0,43,d4,0e,fe,97,8e,6b,7e,73,3e,a6,69,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,ae,34,e4,31,23, 59,05,ca,86,8c,21,01,be,91,eb,e7,0f,00,01,f2,69,74,9b,a3,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,79,d3,29,93,db, dc,68,ab,f5,1d,4d,73,a8,13,5c,05,62,53,c1,ff,45,fd,c5,4a,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,90,6b,09,68,02, 0b,46,d0,df,20,58,62,78,6b,cf,c8,8c,f0,97,89,3a,08,1c,ef,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,e1,92,88,b4,b0, be,d9,a4,fb,a7,78,e6,12,2f,9a,ea,b8,11,0d,8c,b0,91,35,44,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,67,bf,ee,f3,66, 0c,f5,b6,01,3a,48,fc,e8,04,4a,f1,64,f0,dd,b7,57,ea,31,2d,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,81,1b,59,74,5e, 94,43,b6,f6,0f,4e,58,98,5b,89,c9,a6,4a,0a,d6,43,e3,af,18,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,8b,78,9d,75,cb, 84,7c,de,3d,ce,ea,26,2d,45,aa,78,ef,59,8f,29,a7,c4,be,46,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,a5,11,e9,2f,7b, 81,f5,b9,2a,b7,cc,b5,b9,7f,41,e7,62,e0,9b,42,f7,8c,a0,e2,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:05,73,21,dd,54,d8,4a,c5,bc,f3,b6,77,4b, ae,5d,6a,6c,43,2d,1e,aa,22,2f,9c,0f,25,a6,ad,10,52,86,4d,6c,43,2d,1e,aa,22,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System] "OODEFRAG10.00.00.01WORKSTATION"="CA848B12AA95CCB986D6B1A922E7C3B76 c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\bgsvcgen.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\Acrobat_sl.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\HPZipm12.exe c:\program files\Analog Devices\SoundMAX\SMAgent.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************* . Completion time: 2009-02-01 21:40:44 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-01 20:40:36 Pre-Run: 15.752.605.696 bytes free Post-Run: 18,761,965,568 bytes free 279 --- E O F --- 2008-12-04 14:17:58

Profil

helen1 Poslao: 01 Feb 2009 21:54 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi program RootRepeal na Desktop. Raspakuj RootRepeal.zip u neki folder. Dvoklikom pokreni RootRepeal.exe. Pređi na Report karticu (klikom na Report taster, dole, desno). Klikni Scan taster. U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK. U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK. Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju. Iskopiraj sadržaj tog izveštaja u iduću poruku.

Profil

mikiilic Poslao: 01 Feb 2009 22:06 Idi na vrh
offline mikiilic Građanin Pridružio: 06 Jun 2005 Poruke: 43	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! trazi mi da uradi chkdsk. da li da uradim pa onda ponovo rootrepeal? evo ga log pre chkdsk: ROOTREPEAL (c) AD, 2007-2008 ================================================== Scan Time: 2009/02/01 21:55 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: catchme.sys Image Path: C:\ComboFix\catchme.sys Address: 0xF79CD000 Size: 30592 File Visible: No Status: - Name: Combo-Fix.sys Image Path: Combo-Fix.sys Address: 0xF768D000 Size: 60416 File Visible: No Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB5DA8000 Size: 98304 File Visible: No Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7BA5000 Size: 8192 File Visible: No Status: - Name: mchInjDrv.sys Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys Address: 0xF7D73000 Size: 2560 File Visible: No Status: - Name: PCI_PNP7614 Image Path: \Driver\PCI_PNP7614 Address: 0x00000000 Size: 0 File Visible: No Status: - Name: PROCEXP90.SYS Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Address: 0xF7BE5000 Size: 6464 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB5546000 Size: 45056 File Visible: No Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Status: - Name: spwh.sys Image Path: spwh.sys Address: 0xF750F000 Size: 1036288 File Visible: No Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\sccfg.sys Status: Invisible to the Windows API! Path: C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Status: Allocation size mismatch (API: 8192, Raw: 4096) Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\T9Z6M9OT.3JY\N44EHM9L.28Y\manifests\Interop.IWshRuntimeLibrary.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\T9Z6M9OT.3JY\N44EHM9L.28Y\manifests\Interop.IWshRuntimeLibrary.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\T9Z6M9OT.3JY\N44EHM9L.28Y\manifests\RapidShareManager.exe.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\T9Z6M9OT.3JY\N44EHM9L.28Y\manifests\RapidShareManager.exe.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\T9Z6M9OT.3JY\N44EHM9L.28Y\manifests\RapidShareManager.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\T9Z6M9OT.3JY\N44EHM9L.28Y\manifests\RapidShareManager.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\T9Z6M9OT.3JY\N44EHM9L.28Y\manifests\RapidShareManager.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\T9Z6M9OT.3JY\N44EHM9L.28Y\manifests\RapidShareManager.resources.manifest Status: Locked to the Windows API! Processes ------------------- Path: C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe PID: 1780 Status: Hidden from the Windows API! SSDT ------------------- #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xb5d6436a #: 041 Function Name: NtCreateKey Status: Hooked by "spwh.sys" at address 0xf75100e0 #: 071 Function Name: NtEnumerateKey Status: Hooked by "spwh.sys" at address 0xf752dca2 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "spwh.sys" at address 0xf752e030 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xb5d64cd8 #: 119 Function Name: NtOpenKey Status: Hooked by "spwh.sys" at address 0xf75100c0 #: 145 Function Name: NtQueryDirectoryFile Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xb5d64842 #: 154 Function Name: NtQueryInformationProcess Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xb5d611e0 #: 160 Function Name: NtQueryKey Status: Hooked by "spwh.sys" at address 0xf752e108 #: 177 Function Name: NtQueryValueKey Status: Hooked by "spwh.sys" at address 0xf752df88 #: 224 Function Name: NtSetInformationFile Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xb5d65142 #: 247 Function Name: NtSetValueKey Status: Hooked by "spwh.sys" at address 0xf752e19a Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: imagedrv, IRP_MJ_CREATE] Process: System Address: 0x86fd71f8 Size: - Object: Hidden Code [Driver: imagedrv, IRP_MJ_CLOSE] Process: System Address: 0x86fd71f8 Size: - Object: Hidden Code [Driver: imagedrv, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86fd71f8 Size: - Object: Hidden Code [Driver: imagedrv, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86fd71f8 Size: - Object: Hidden Code [Driver: imagedrv, IRP_MJ_POWER] Process: System Address: 0x86fd71f8 Size: - Object: Hidden Code [Driver: imagedrv, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86fd71f8 Size: - Object: Hidden Code [Driver: imagedrv, IRP_MJ_PNP] Process: System Address: 0x86fd71f8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x86b821f8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x86b821f8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86b821f8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86b821f8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x86b821f8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86b821f8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x86b821f8 Size: - Object: Hidden Code [Driver: prodrv06ȅఅ捐捐鯼蚰じ㈤蚗, IRP_MJ_CREATE] Process: System Address: 0xe1ca5548 Size: - Object: Hidden Code [Driver: prodrv06ȅఅ捐捐鯼蚰じ㈤蚗, IRP_MJ_CLOSE] Process: System Address: 0xe1ca5548 Size: - Object: Hidden Code [Driver: prodrv06ȅఅ捐捐鯼蚰じ㈤蚗, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0xe1ca5548 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: ahcnyjzyȅః扏济ahcnyjzyȃఄ灐†, IRP_MJ_CREATE] Process: System Address: 0x86d39500 Size: - Object: Hidden Code [Driver: ahcnyjzyȅః扏济ahcnyjzyȃఄ灐†, IRP_MJ_CLOSE] Process: System Address: 0x86d39500 Size: - Object: Hidden Code [Driver: ahcnyjzyȅః扏济ahcnyjzyȃఄ灐†, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86d39500 Size: - Object: Hidden Code [Driver: ahcnyjzyȅః扏济ahcnyjzyȃఄ灐†, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86d39500 Size: - Object: Hidden Code [Driver: ahcnyjzyȅః扏济ahcnyjzyȃఄ灐†, IRP_MJ_POWER] Process: System Address: 0x86d39500 Size: - Object: Hidden Code [Driver: ahcnyjzyȅః扏济ahcnyjzyȃఄ灐†, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86d39500 Size: - Object: Hidden Code [Driver: ahcnyjzyȅః扏济ahcnyjzyȃఄ灐†, IRP_MJ_PNP] Process: System Address: 0x86d39500 Size: - Object: Hidden Code [Driver: prohlp02, IRP_MJ_CREATE] Process: System Address: 0xe16d6008 Size: - Object: Hidden Code [Driver: prohlp02, IRP_MJ_CLOSE] Process: System Address: 0xe16d6008 Size: - Object: Hidden Code [Driver: prohlp02, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0xe16d6008 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x8629b1f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x8629b1f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8629b1f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8629b1f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x8629b1f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x8629b1f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x86b271f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x86b271f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86b271f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86b271f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x86b271f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86b271f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x86b271f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_CREATE] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_CLOSE] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_READ] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_SHUTDOWN] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_CLEANUP] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_PNP] Process: System Address: 0x86bce1f8 Size: -

Profil

helen1 Poslao: 01 Feb 2009 22:10 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jel mozes da uradis chkdisk pa da ponovo skeniras? Bas me interesuje zasto to trazi.

Profil

mikiilic Poslao: 01 Feb 2009 22:28 Idi na vrh
offline mikiilic Građanin Pridružio: 06 Jun 2005 Poruke: 43	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! chk nije nista javio. evo ga log posle drugog skeniranja: ROOTREPEAL (c) AD, 2007-2008 ================================================== Scan Time: 2009/02/01 22:16 Program Version: Version 1.2.3.0 Windows Version: Windows XP SP2 ================================================== Drivers ------------------- Name: catchme.sys Image Path: C:\ComboFix\catchme.sys Address: 0xF79CD000 Size: 30592 File Visible: No Status: - Name: Combo-Fix.sys Image Path: Combo-Fix.sys Address: 0xF768D000 Size: 60416 File Visible: No Status: - Name: dump_atapi.sys Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys Address: 0xB5DA8000 Size: 98304 File Visible: No Status: - Name: dump_WMILIB.SYS Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS Address: 0xF7BA5000 Size: 8192 File Visible: No Status: - Name: mchInjDrv.sys Image Path: C:\WINDOWS\system32\Drivers\mchInjDrv.sys Address: 0xF7D73000 Size: 2560 File Visible: No Status: - Name: PCI_PNP7614 Image Path: \Driver\PCI_PNP7614 Address: 0x00000000 Size: 0 File Visible: No Status: - Name: PROCEXP90.SYS Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Address: 0xF7BE5000 Size: 6464 File Visible: No Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB51D1000 Size: 45056 File Visible: No Status: - Name: sptd Image Path: \Driver\sptd Address: 0x00000000 Size: 0 File Visible: No Status: - Name: spwh.sys Image Path: spwh.sys Address: 0xF750F000 Size: 1036288 File Visible: No Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\sccfg.sys Status: Invisible to the Windows API! Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\T9Z6M9OT.3JY\N44EHM9L.28Y\manifests\Interop.IWshRuntimeLibrary.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\T9Z6M9OT.3JY\N44EHM9L.28Y\manifests\Interop.IWshRuntimeLibrary.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\T9Z6M9OT.3JY\N44EHM9L.28Y\manifests\RapidShareManager.exe.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\T9Z6M9OT.3JY\N44EHM9L.28Y\manifests\RapidShareManager.exe.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\T9Z6M9OT.3JY\N44EHM9L.28Y\manifests\RapidShareManager.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\T9Z6M9OT.3JY\N44EHM9L.28Y\manifests\RapidShareManager.manifest Status: Locked to the Windows API! Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\T9Z6M9OT.3JY\N44EHM9L.28Y\manifests\RapidShareManager.resources.cdf-ms Status: Locked to the Windows API! Path: C:\Documents and Settings\Milan\Local Settings\Apps\2.0\T9Z6M9OT.3JY\N44EHM9L.28Y\manifests\RapidShareManager.resources.manifest Status: Locked to the Windows API! Processes ------------------- Path: C:\Program Files\iolo\Common\Lib\ioloDMVSvc.exe PID: 1780 Status: Hidden from the Windows API! SSDT ------------------- #: 037 Function Name: NtCreateFile Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xb5d6436a #: 041 Function Name: NtCreateKey Status: Hooked by "spwh.sys" at address 0xf75100e0 #: 071 Function Name: NtEnumerateKey Status: Hooked by "spwh.sys" at address 0xf752dca2 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "spwh.sys" at address 0xf752e030 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xb5d64cd8 #: 119 Function Name: NtOpenKey Status: Hooked by "spwh.sys" at address 0xf75100c0 #: 145 Function Name: NtQueryDirectoryFile Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xb5d64842 #: 154 Function Name: NtQueryInformationProcess Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xb5d611e0 #: 160 Function Name: NtQueryKey Status: Hooked by "spwh.sys" at address 0xf752e108 #: 177 Function Name: NtQueryValueKey Status: Hooked by "spwh.sys" at address 0xf752df88 #: 224 Function Name: NtSetInformationFile Status: Hooked by "C:\WINDOWS\system32\windrvNT.sys" at address 0xb5d65142 #: 247 Function Name: NtSetValueKey Status: Hooked by "spwh.sys" at address 0xf752e19a Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x86fd61f8 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP] Process: System Address: 0x86310500 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_POWER] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: atapi, IRP_MJ_PNP] Process: System Address: 0x86f6b1f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x86b181f8 Size: - Object: Hidden Code [Driver: imagedrv, IRP_MJ_CREATE] Process: System Address: 0x86fd71f8 Size: - Object: Hidden Code [Driver: imagedrv, IRP_MJ_CLOSE] Process: System Address: 0x86fd71f8 Size: - Object: Hidden Code [Driver: imagedrv, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86fd71f8 Size: - Object: Hidden Code [Driver: imagedrv, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86fd71f8 Size: - Object: Hidden Code [Driver: imagedrv, IRP_MJ_POWER] Process: System Address: 0x86fd71f8 Size: - Object: Hidden Code [Driver: imagedrv, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86fd71f8 Size: - Object: Hidden Code [Driver: imagedrv, IRP_MJ_PNP] Process: System Address: 0x86fd71f8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x86b821f8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x86b821f8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86b821f8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86b821f8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x86b821f8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86b821f8 Size: - Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x86b821f8 Size: - Object: Hidden Code [Driver: prodrv06ȅఅ捐捐鯼蚰じ㈤蚗, IRP_MJ_CREATE] Process: System Address: 0xe1ca5548 Size: - Object: Hidden Code [Driver: prodrv06ȅఅ捐捐鯼蚰じ㈤蚗, IRP_MJ_CLOSE] Process: System Address: 0xe1ca5548 Size: - Object: Hidden Code [Driver: prodrv06ȅఅ捐捐鯼蚰じ㈤蚗, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0xe1ca5548 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x86fd81f8 Size: - Object: Hidden Code [Driver: ahcnyjzyȅః扏济ahcnyjzyȃఄ灐†, IRP_MJ_CREATE] Process: System Address: 0x86d39500 Size: - Object: Hidden Code [Driver: ahcnyjzyȅః扏济ahcnyjzyȃఄ灐†, IRP_MJ_CLOSE] Process: System Address: 0x86d39500 Size: - Object: Hidden Code [Driver: ahcnyjzyȅః扏济ahcnyjzyȃఄ灐†, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86d39500 Size: - Object: Hidden Code [Driver: ahcnyjzyȅః扏济ahcnyjzyȃఄ灐†, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86d39500 Size: - Object: Hidden Code [Driver: ahcnyjzyȅః扏济ahcnyjzyȃఄ灐†, IRP_MJ_POWER] Process: System Address: 0x86d39500 Size: - Object: Hidden Code [Driver: ahcnyjzyȅః扏济ahcnyjzyȃఄ灐†, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86d39500 Size: - Object: Hidden Code [Driver: ahcnyjzyȅః扏济ahcnyjzyȃఄ灐†, IRP_MJ_PNP] Process: System Address: 0x86d39500 Size: - Object: Hidden Code [Driver: prohlp02, IRP_MJ_CREATE] Process: System Address: 0xe16d6008 Size: - Object: Hidden Code [Driver: prohlp02, IRP_MJ_CLOSE] Process: System Address: 0xe16d6008 Size: - Object: Hidden Code [Driver: prohlp02, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0xe16d6008 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x8629b1f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x8629b1f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8629b1f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8629b1f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x8629b1f8 Size: - Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x8629b1f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x86b271f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x86b271f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86b271f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x86b271f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x86b271f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x86b271f8 Size: - Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x86b271f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x8627a1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_CREATE] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_CLOSE] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_READ] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_SET_INFORMATION] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_SHUTDOWN] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_CLEANUP] Process: System Address: 0x86bce1f8 Size: - Object: Hidden Code [Driver: Cdfsȅఅ䵃慖, IRP_MJ_PNP] Process: System Address: 0x86bce1f8 Size: -

Profil

helen1 Poslao: 01 Feb 2009 23:02 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Iskljuci Antivirus. Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: Henfnetr` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » EKERN.EXE

Ko je trenutno na forumu

Ukupno su 515 korisnika na forumu :: 13 registrovanih, 0 sakrivenih i 502 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Darko001, Dimitrise93, djboj, ladro, Lazarus, maCvele, marsovac 2, Ne doznajem se u oružje, procesor, raskoljnikov, shaja1, Srki94, zdrebac

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by