MyCity » Ambulanta -> Arhiva Ambulante » Hidden driver file

Hidden driver file

Napisano na dan: 12.12.2007

Hidden driver file

Sledeća strana

Pagination

Odgovori

browser Poslao: 12 Dec 2007 01:59 Idi na vrh
offline browser Ugledni građanin Pridružio: 14 Apr 2005 Poruke: 381 Gde živiš: Drugo ćoše levo iza Nedođije	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! AVG Anti-Rootkit je pri skeniranju pronašao Hidden driver file u: C:\WINDOWS\System32\Drivers\anki4xbr.sys Dali je bezbedno i dali ga treba ukloniti? Log fajl: Logfile of HijackThis v1.99.1 Scan saved at 1:49:01, on 12.12.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\ups.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Grisoft\AVG Anti-Rootkit Free\avgarkt.exe C:\Program Files\Grisoft\AVG Anti-Rootkit Free\3QcJtfncO.exe C:\totalcmd\TOTALCMD.EXE C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\ASEN\Desktop\Problem\TR3.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Upload - {FD4E2FF8-973C-4A19-89BD-8E86B3CFCFE1} - C:\Program Files\Free Download Manager\fumiebtn.dll O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V.....1588901281 O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://yt1eaa.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{CC0BCF62-4837-4603-91B5-FC98FC561B57}: NameServer = 192.168.1.1,216.104.64.5 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O20 - AppInit_DLLs: O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe Unapred hvala na trudu.

Profil

DEMIAN Poslao: 12 Dec 2007 02:31 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, Možeš li da pronađeš taj fajl i da mi pustiš to preko ove forme http://www.mycity.rs/ambulanta-upload.php , jer ti ništa posebno ne mogu reći po samom imenu. Ako je u pitanju rootkit onda možda može i da sakrije neki proces, servis (itd..) od HJT-a tako da mi sada njegov log i ne znači nešto posebno. Skeniraj komp sa GMER-om i postavi logove po uputstvu ispod.. ---------------------- Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili

Profil

browser Poslao: 12 Dec 2007 16:12 Idi na vrh
offline browser Ugledni građanin Pridružio: 14 Apr 2005 Poruke: 381 Gde živiš: Drugo ćoše levo iza Nedođije	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Fajl kao takav se ne Dopuna: 12 Dec 2007 13:58 A evo i log od gmer-a GMER 1.0.13.12551 - Rootkit scan 2007-12-12 13:53:06 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.13 ---- SSDT sptd.sys SSDT sptd.sys Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE Device \FileSystem\Fastfat \Fat IRP_MJ_READ Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP Device \FileSystem\Fastfat \Fat IRP_MJ_PNP AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_ Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOL AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_ AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA ---- EOF - GMER 1.0.13 ---- Dopuna: 12 Dec 2007 14:22 Sada je pri skeniranju AVG anti-rootkit prijavio drugi Onaj prvi se ne nala[i u logu. Nema ga. Dopuna: 12 Dec 2007 14:44 Pri svakom restartovanju prijavljuje drugi naziv. Ne mogu da skapiram koji proces-program to radi. Dopuna: 12 Dec 2007 16:12 Gospodo, rešio sam problem, pronašao sam uzročnika. Krivac je DaemonTools. Uvek pri startovanju windows-a napravi rootkit sa drugim Ne razumem namere tvoraca programa, ali meni više Ako Vas ne mrzi, instalirajte DaemonTools i proverite proverite i mene, da ne optužim nepravedno pomenuti Za detekciju sam koristio AVG Anti-Rootkit Free. Nisam Hvala na pomoći. vidi u folderu. Probaću sa gmer-om. pan> target="_blank">http://www.gmer.net ZwEnumerateKey ZwEnumerateValueKey 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD01E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 [F749C1DE] fltMgr.sys [F749C1DE] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F749C454] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F749C1DE] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C19F76] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS 869F81E8 869F81E8 869F81E8 869F81E8 869F81E8 869F81E8 869F81E8 869F81E8 869F81E8 869F81E8 869F81E8 869F81E8 869F81E8 869F81E8 869F81E8 869F81E8 869F81E8 869F81E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 86FD11E8 [F749C1DE] fltMgr.sys [F749C1DE] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F749C454] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F749C1DE] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [F748FF4C] fltMgr.sys [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C19F76] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B0C18812] aswMon2.SYS [B2EECCC0] vsdatant.sys [B2EECCC0] vsdatant.sys [B2EECCC0] vsdatant.sys [B2EECCC0] vsdatant.sys [B2EECCC0] vsdatant.sys [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A2C0] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [B2EECCC0] vsdatant.sys [B2EECCC0] vsdatant.sys [B2EECCC0] vsdatant.sys [B2EECCC0] vsdatant.sys [B2EECCC0] vsdatant.sys [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A2C0] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [B2EECCC0] vsdatant.sys [B2EECCC0] vsdatant.sys [B2EECCC0] vsdatant.sys [B2EECCC0] vsdatant.sys [B2EECCC0] vsdatant.sys [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A2C0] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [B2EECCC0] vsdatant.sys [B2EECCC0] vsdatant.sys [B2EECCC0] vsdatant.sys DEVICE_CONTROL [B2EECCC0] vsdatant.sys [B2EECCC0] vsdatant.sys [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS UME_INFORMATION [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS DEVICE_CONTROL [F4B7A2C0] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS [F4B7A8E6] aswTdi.SYS pan> fajl: ac1jwgfc.sys pan> Sada je pronašao: ads2wwyn.SYS pan> nazivom. takav program ne treba. Deinstaliran je i sada je sve ok. svrhu i namenu procesa-fajla. program i njegove tvorce. probao druge programe.

Profil

DEMIAN Poslao: 12 Dec 2007 16:17 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Drajveri jesu od deamon tools-a. Nisam stigao ranije da ti odgovorim jer sam hteo da se konsultujem sa ostatkom tima u vezi ove linije iz HJT-a: O17 - HKLM\System\CCS\Services\Tcpip\..\{CC0BCF62-4837-4603-91B5-FC98FC561B57}: NameServer = 192.168.1.1,216.104.64.5 Da oi ti je poznata ova druga IP adresa ?

Profil

browser Poslao: 12 Dec 2007 17:00 Idi na vrh
offline browser Ugledni građanin Pridružio: 14 Apr 2005 Poruke: 381 Gde živiš: Drugo ćoše levo iza Nedođije	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da. To je "Alternate DNS server" koji koristim. Desi se da Telekomovi serveri zaglave a ovo zna da pomogne i da, ponekad, ubrza ADSL vezu.

Profil

DEMIAN Poslao: 12 Dec 2007 17:09 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pretpostavio sam al' rekoh da se informišem za svaki slučaj. Onda je problem i "zvanično" rešen.. Pozz

Profil

browser Poslao: 12 Dec 2007 17:18 Idi na vrh
offline browser Ugledni građanin Pridružio: 14 Apr 2005 Poruke: 381 Gde živiš: Drugo ćoše levo iza Nedođije	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala za trud. A evo loga za pomenutu IP NeoTrace Destination: 216.104.64.5 -#--------------Node Name---------------IP Address------Location-----------RT--High---Low---Avg-Tot---D-Who 1 home-1 192.168.1.100 xx.xxxN, xx.xxxE 0 0 0 0 1 0 2 No Response 0.0.0.0 Unknown - 0 0 0 4 4 3 91.150.101.1 Unknown 31 31 29 30 2 0 4 adsl117.telekom.rs 212.200.15.117 Unknown 29 29 29 29 2 0 1 5 212.200.232.121 Unknown 28 33 28 30 2 0 6 212.200.232.37 Unknown 34 76 34 55 2 0 7 212.200.227.226 Unknown 37 54 37 45 2 0 8 217.147.109.1 Unknown 56 56 53 54 2 0 9 sl-bb20-fra-8-0-0.sprintlink.net 217.147.96.37 Unknown 57 95 57 76 2 0 2 10 sl-bb21-par-4-0.sprintlink.net 213.206.129.149 Unknown 65 146 65 105 2 0 - 11 sl-bb24-nyc-9-0.sprintlink.net 144.232.9.166 Unknown 135 136 135 135 3 1 - 12 sl-bb21-nyc-6-0.sprintlink.net 144.232.13.186 Unknown 135 136 135 135 2 0 - 13 sl-bb22-nyc-14-0.sprintlink.net 144.232.7.102 Unknown 138 138 138 138 2 0 - 14 sl-bb21-chi-9-0.sprintlink.net 144.232.9.149 41.883N, 87.625W 159 162 159 160 2 0 - 15 sl-bb20-chi-14-0.sprintlink.net 144.232.26.1 41.883N, 87.625W 159 179 159 169 2 0 - 16 sl-st20-chi-13-0-0.sprintlink.net 144.232.20.3 41.883N, 87.625W 155 175 155 165 2 0 - 17 sl-integ92-124539-0.sprintlink.net 144.228.158.46 Unknown - 181 181 181 3 2 - 18 tg9-2.cr01.chcgildt.integra.net 209.63.114.37 Unknown 156 230 156 193 2 0 3 19 p4-0-0.cr02.sttlwatw.integra.net 209.63.114.162 Unknown 204 220 204 212 2 0 - 20 tg13-4.cr01.sttlwatw.integra.net 209.63.114.69 Unknown 206 212 206 209 2 0 - 21 tg13-1.cr01.ptleorte.integra.net 209.63.114.98 Unknown 248 248 248 248 1 0 - 22 tg9-1.ar10.ptldorfj.integra.net 209.63.114.154 Unknown 204 204 204 204 1 0 - 23 gw-cust-uci-net.ptld.eli.net 216.190.151.22 45.492N,122.692W 216 216 216 216 1 0 4 24 se-2-0.crr01-1.pdx.uci.net 63.135.209.13 Unknown 222 222 222 222 1 0 5 25 ip-63-135-209-200.uci.net 63.135.209.200 Unknown 224 224 224 224 1 0 - 26 fe-1-0-0.crr01-1.bnd.uci.net 63.135.209.207 Unknown 222 222 222 222 1 0 - 27 se-4-0-1.bdr01-3.bnd.uci.net 63.135.209.209 Unknown 218 218 218 218 1 0 - 28 ns02.uci.net 216.104.64.5 Unknown 220 220 220 220 1 0 - ------------------------------------------------------------------------------------------------------------ All times in milliseconds (ms), D=Dropped packets ------------------------------------------------------------------------------------------------------------ December 12, 2007 17:8:34 ==> Verovatno nebitno, ali "našlo se ..." Hvala još jednom i pozdravi.

Profil

DEMIAN Poslao: 12 Dec 2007 17:33 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Samo da dodam nešto na ovo: Citat:Gospodo, rešio sam problem, pronašao sam uzročnika. Krivac je DaemonTools. Uvek pri startovanju windows-a napravi rootkit sa drugim nazivom. Ne razumem namere tvoraca programa, ali meni više takav program ne treba. Deinstaliran je i sada je sve ok. Ako Vas ne mrzi, instalirajte DaemonTools i proverite svrhu i namenu procesa-fajla. proverite i mene, da ne optužim nepravedno pomenuti program i njegove tvorce.. Imali smo priču ranije (u AMF delu foruma) o tim skrivenim drajverima koji menjau imena po svakom restartu a vezani su za programe Daemon Tools i Alcohol 120%. Poenta je da nisu maliciozni i da ne treba da ti je frka oko toga. Svi ti random name drajveri su kopija drajvera sptd.sys koji pripada gore navedenim programima. On se uvek pod drugim imenom učita u memoriju i na kraju sam sebe obriše. Time se obilazi zaštita koji imaju pojedini diskovi (igre najčešće) tako da tu dalja priča o njima završava što se ovog foruma tiče. Veća verovatnoća je da će ti ovi programi nešto poremetiti na sistemu (jer su puni bagova) nego ti instalirati maliciozni rootkit.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Hidden driver file

Ko je trenutno na forumu

Ukupno su 890 korisnika na forumu :: 60 registrovanih, 8 sakrivenih i 822 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., ajo baba, Alibaba1981, alienlink22, aramis s, babaroga, bigfoot, bojanM84, BORUTUS, BraneS, BSD, ccoogg123, cenejac111, comi_pfc, darkangel, Darko8, djboj, Djordje29, Doca, DonRumataEstorski, Dorcolac, DPera, draganca, DragoslavS, Duh sa sekirom, goxin, hologram, ILGromovnik, Joja2, JOntra, Kenanjoz, kikisp, Krusarac, kunktator, KUZMAR, laki_bb, Litostroton, ljuba, mgolub, milenko crazy north, MilosKop, prle122, Romibrat, sasa87, Shinobi, Sir Budimir, slonic_tonic, Smiljke, sokars, sovanova95, SR-3m, Srky Boy, styg, uruk, vlad4, Vlada1389, VojvodaMisic, Webb, wizzardone, zlaya011