MyCity » Ambulanta -> Arhiva Ambulante » Provjera i STOP error

Provjera i STOP error

Napisano na dan: 23.9.2008

Provjera i STOP error
Sledeća strana Pagination

Idi na vrh

Poslao: 23 Sep 2008 21:30
Idi na vrh
offline
  • Pridružio: 23 Sep 2008
  • Poruke: 4

Dobri ljudi, moloim za pomoc! zadnjih tjedan dana mi se pojavljuje BSOD sa porukom:

STOP: 0x000000D1 (0x00000000, 0x00000002, 0x00000000, 0x8835A8EA)

Beginning dump of physical memory
Physical memory dump complete.

Ono sta sam pokusao napraviti da to popravim je: win update ukljucujuci i KB894391 i KB916595 za koje sam procitao da su izravno vezani sa ovim problemom, zatim sam obavio memory test u trajanju nekih 8h koji je pokazao da je sve ok, preinstalirao driver za graficku karticu.

I jos jedna cudna stvar. ZoneAlarm mi cesto iskace sa porukom "Generic Host Process for Win32 Services is trying to connect to the internet". Rijec je o svchost.exe servisu verzije 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158-). Ne znam je li on ima kakve veze sa problemom i sta sad on hoce Question

Unaprijed zahvaljujem na pomoci!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:20:27, on 23.9.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\DebugDiag\DbgSvc.exe
D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
D:\Program Files\ESET\ESET Smart Security\ekrn.exe
D:\WINDOWS\system32\dllhost.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\RALINK\Common\RaUI.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\HijackThis\HijackThis.exe
D:\WINDOWS\system32\NOTEPAD.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = D:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A4E23F67-28FB-4A71-9E24-E128A22C1643}: NameServer = 195.29.149.196,195.29.149.197
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - D:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - (no file)
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - D:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 3855 bytes



Poslao: 23 Sep 2008 22:02
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


U samom logu nema znakova malware-a. No, izvršićemo dodatnu proveru...


Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.



Poslao: 23 Sep 2008 22:12
Idi na vrh
offline
  • Pridružio: 23 Sep 2008
  • Poruke: 4

GMER 1.0.14.14536 - [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-09-23 22:07:33
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xACCE0040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xACCDC930]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xACCE7A80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xACCE0510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xACCE6870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xACCE6AA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xACCE9FD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xACCE0600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xACCDCF20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xACCE86E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xACCE8440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xACCE6580]
SSDT spjg.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spjg.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadDriver [0xACCDA3F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xACCE88B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwMapViewOfSection [0xACCEA270]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xACCDCD70]
SSDT spjg.sys ZwOpenKey [0xB9EA80C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xACCE6350]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xACCE6150]
SSDT spjg.sys ZwQueryKey [0xB9EC7108]
SSDT spjg.sys ZwQueryValueKey [0xB9EC6F88]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xACCE9250]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xACCE8CB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xACCDFC00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xACCE9080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xACCE0220]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xACCDD120]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetSystemInformation [0xACCDA1C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xACCE8140]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xACCE6CD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwUnloadDriver [0xACCDA5F0]

INT 0x73 ? 8A454BF8
INT 0x73 ? 8A454BF8
INT 0x73 ? 8A35EF00
INT 0x73 ? 8A454BF8
INT 0xB4 ? 8A35EF00

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C44 805039F8 12 Bytes [ 10, 05, CE, AC, 70, 68, CE, ... ]
? spjg.sys The system cannot find the file specified. !
? srescan.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload B9C4562C 5 Bytes JMP 8A35E4E0
.text ajstgvvz.SYS B95B0386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text ajstgvvz.SYS B95B03AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ajstgvvz.SYS B95B03C4 3 Bytes [ 00, 70, 02 ]
.text ajstgvvz.SYS B95B03C9 1 Byte [ 2E ]
.text ajstgvvz.SYS B95B03CB 9 Bytes [ 00, 00, 5A, 02, 00, 00, 00, ... ]
.text ...

---- User code sections - GMER 1.0.14 ----

.text D:\Program Files\ESET\ESET Smart Security\ekrn.exe[1340] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 4 Bytes [ C2, 04, 00, 00 ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spjg.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spjg.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spjg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spjg.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spjg.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spjg.sys
IAT \SystemRoot\System32\Drivers\ajstgvvz.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\ajstgvvz.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\ajstgvvz.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\ajstgvvz.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\ajstgvvz.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\ajstgvvz.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\ajstgvvz.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\ajstgvvz.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\ajstgvvz.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\ajstgvvz.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\ajstgvvz.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\ajstgvvz.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\ajstgvvz.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\ajstgvvz.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\ajstgvvz.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [ACCE4CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [ACCE51C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [ACCE5320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [ACCE4E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [ACCE4E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [ACCE4CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [ACCE51C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [ACCE5320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [ACCE4CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [ACCE5320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [ACCE51C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [ACCE4E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [ACCE5320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [ACCE51C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [ACCE4CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [ACCE4E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [ACCE4CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [ACCE51C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [ACCE5320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [ACCE5320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [ACCE51C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [ACCE4E10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [ACCE4CA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 8A4531F8

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)

Device \FileSystem\Fastfat \FatCdrom 884731F8
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\NetBT \Device\NetBT_Tcpip_{C5F9A55B-4041-4E2B-93D6-E8F383AF5643} 888061F8
Device \Driver\usbohci \Device\USBPDO-0 8A3B7500
Device \Driver\usbehci \Device\USBPDO-1 8A3B4500
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8A4C51F8
Device \Driver\dmio \Device\DmControl\DmConfig 8A4C51F8
Device \Driver\dmio \Device\DmControl\DmPnP 8A4C51F8
Device \Driver\dmio \Device\DmControl\DmInfo 8A4C51F8
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\Ftdisk \Device\HarddiskVolume1 8A4551F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{A4E23F67-28FB-4A71-9E24-E128A22C1643} 888061F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8A4551F8
Device \Driver\Cdrom \Device\CdRom0 8A3B6500
Device \Driver\Cdrom \Device\CdRom1 8A3B6500
Device \Driver\atapi \Device\Ide\IdePort0 8A4541F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 8A4541F8
Device \Driver\atapi \Device\Ide\IdePort1 8A4541F8
Device \Driver\atapi \Device\Ide\IdePort2 8A4541F8
Device \Driver\atapi \Device\Ide\IdePort3 8A4541F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-10 8A4541F8
Device \Driver\NetBT \Device\NetBt_Wins_Export 888061F8
Device \Driver\NetBT \Device\NetbiosSmb 888061F8
Device \Driver\PCI_PNP7114 \Device\0000004c spjg.sys
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

Device \Driver\sptd \Device\1057358364 spjg.sys
Device \Driver\usbohci \Device\USBFDO-0 8A3B7500
Device \Driver\usbehci \Device\USBFDO-1 8A3B4500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8868C1F8
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 8868C1F8
Device \Driver\Ftdisk \Device\FtControl 8A4551F8
Device \Driver\ajstgvvz \Device\Scsi\ajstgvvz1 89EA8500
Device \Driver\ajstgvvz \Device\Scsi\ajstgvvz1Port4Path0Target0Lun0 89EA8500
Device \FileSystem\Fastfat \Fat 884731F8

AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

Device \FileSystem\Cdfs \Cdfs 88640500

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x18 0x59 0x17 0x7E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xE4 0x4F 0xF3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA9 0xE2 0x71 0x7B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEC 0xB7 0x10 0x19 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD3 0x01 0x6E 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x18 0x59 0x17 0x7E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xCB 0xE4 0x4F 0xF3 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xA9 0xE2 0x71 0x7B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xEC 0xB7 0x10 0x19 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xD3 0x01 0x6E 0xFF ...
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\782\Shell@MinPos1280x1024(1).x -1
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\782\Shell@MinPos1280x1024(1).y -1

---- EOF - GMER 1.0.14 ----

Poslao: 24 Sep 2008 16:50
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ništa od drugog loga?

No, nije ni bitno - ovde nema ni traga malware-u.

U čemu je problem? Pa, može biti bilo šta. Npr. imaš instaliran ESS i ZA (time imaš praktično dva firewall-a) - to bi mogao biti problem (ali to je čisto nagađanje).

Za mišljenja i savete se možeš obratiti u forum Windows.

poz

Poslao: 24 Sep 2008 19:10
Idi na vrh
offline
  • Pridružio: 23 Sep 2008
  • Poruke: 4

Dr Bora, oprosti, skroz sam zaboravio na drugi dio loga! Embarassed
Sta se tice dva firewall-a znam da moram imati samo jedan pa mi je zato u ESS ugašen.

GMER 1.0.14.14536 - [Link mogu videti samo ulogovani korisnici]
Autostart scan 2008-09-24 19:00:42
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = D:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
appdrvrem01@ = %SystemRoot%\System32\appdrvrem01.exe svc
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart@ = D:\WINDOWS\system32\ati2sgag.exe
DbgSvc@ = "D:\Program Files\DebugDiag\DbgSvc.exe"
Diskeeper@ = "D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"
ekrn@ = "D:\Program Files\ESET\ESET Smart Security\ekrn.exe"
UMWdf@ = D:\WINDOWS\system32\wdfmgr.exe
vsmon@ = D:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@AlcmtrALCMTR.EXE = ALCMTR.EXE
@ZoneAlarm Client"D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" = "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
@egui"D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice = "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
@QuickTime Task"D:\Program Files\QuickTime\QTTask.exe" -atboottime = "D:\Program Files\QuickTime\QTTask.exe" -atboottime

HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Azureus = D:\Program Files\Vuze\Azureus.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/D:\Program Files\WinRAR\rarext.dll = D:\Program Files\WinRAR\rarext.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/D:\WINDOWS\system32\dfshim.dll = D:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/D:\WINDOWS\system32\dfshim.dll = D:\WINDOWS\system32\dfshim.dll
@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} /*UnlockerShellExtension*/D:\Program Files\Unlocker\UnlockerCOM.dll = D:\Program Files\Unlocker\UnlockerCOM.dll
@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} /*TuneUp Shredder Shell Extension*/D:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll = D:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
@{44440D00-FF19-4AFC-B765-9A0970567D97} /*TuneUp Theme Extension*/%SystemRoot%\System32\uxtuneup.dll = %SystemRoot%\System32\uxtuneup.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/D:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll = D:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/D:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll = D:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{B089FE88-FB52-11D3-BDF1-0050DA34150D} /*Eset Smart Security - Context Menu Shell Extension*/(null) =
@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} /*PowerISO*/D:\Program Files\PowerISO\PWRISOSH.DLL = D:\Program Files\PowerISO\PWRISOSH.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = D:\Program Files\PowerISO\PWRISOSH.DLL
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = D:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = D:\Program Files\PowerISO\PWRISOSH.DLL
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = D:\PROGRA~1\TUNEUP~1\SDShelEx-win32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = D:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = D:\Program Files\PowerISO\PWRISOSH.DLL
UnlockerShellExtension@{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = D:\Program Files\Unlocker\UnlockerCOM.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = D:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{18DF081C-E8AD-4283-A596-FA578C2EBDC3}D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll = D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll = D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = D:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = [Link mogu videti samo ulogovani korisnici]
@Start [Link mogu videti samo ulogovani korisnici]{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = [Link mogu videti samo ulogovani korisnici]{SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = [Link mogu videti samo ulogovani korisnici]

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = D:\WINDOWS\system32\msvidctl.dll
its@CLSID = D:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = D:\WINDOWS\system32\itss.dll
tv@CLSID = D:\WINDOWS\system32\msvidctl.dll
wia@CLSID = D:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A4E23F67-28FB-4A71-9E24-E128A22C1643} /*Wireless Network Connection*/ >>>
@IPAddress192.168.2.100 = 192.168.2.100
@NameServer195.29.149.196,195.29.149.197 = 195.29.149.196,195.29.149.197
@DefaultGateway192.168.2.1 = 192.168.2.1
@Domain =

D:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup = Ralink Wireless Utility.lnk

---- EOF - GMER 1.0.14 ----

Poslao: 24 Sep 2008 19:41
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ništa maliciozno ni u ovom logu.

Poslao: 24 Sep 2008 20:52
Idi na vrh
offline
  • Pridružio: 23 Sep 2008
  • Poruke: 4

Zahvaljujem!
P.S. izgleda da sam uspio rijesiti i problem sa BSOD-om. Win update KB894391 to popravlja.

MyCity » Ambulanta -> Arhiva Ambulante » Provjera i STOP error

Ko je trenutno na forumu
 

Ukupno su 1419 korisnika na forumu :: 153 registrovanih, 9 sakrivenih i 1257 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 252., 4fat, 4thFlavian, _Rade, Ahilius, alek_bre, Aleksa 3215, ArchaBasha, Arsenije, Aska, avijacija, Banovo Brdo, BB, Ben Roj, Betta, bigbear, blue, bobo85, Bobrock1, bojank, Boris1705, Borkanović, boro975, Borx, brundo65, ceman, Crazzer, cvrle312, d.arsenal321, Daba75, Dannyboy, delboy, Desmond, Despot Đurađ, Dexlex, DezurniOperativni, dinamik, Dogma21, dragan_mig31, draganca, Duschi, Dusko Nikolin, Dzoni2412, ElvisP, Erast Petrovic, gaga23, Georgius, Gerilac, Giskard, GORDI, Hans Gajger, IvanMiletic, Jager715510, jalos, Jan, Jeremiah, Jester, jodzula, jpg, K2, Kajzer_Soze, Kapetan Hadok, kaput21, Kenanjoz, kolateralnasteta, komenski, Kriglord, Kubovac, kybonacci, lakson001, Lelemood, leptirleptir, Levi, lucko1, luka35, m0nstrum_, MaCS, magyar, Makarid, maksi007, Manjane, marko308, marsi, MaschinenPistole, mercedesamg, MidnighT_AlieN, Miki01, mile.ilic75, mkukoleca, Moldovan, monomah, narandzasti, nenad_l, NklJov123, novator, oldtimer, Otto Grunf, pacika, Pekman, Pewac21, Polemarchoi, Prečanin30, procesor, Profesor_018, Prometeus, Pv123, raster12, Ray1973, redstar72, renvoi, royst33, s0ne, samocitam, samojednoimeznam, sap, saputnik plavetnila, sasics, Saša1989, Semberija, Sevatar, Sevetar, Shilok, shlauf, Sinisa76, Solunac na steroidima, StalniPromatrač, stefanmpurtic, stegonosa, styg, Superastro, synergia, Tandrkalo, Tas011, TheBeastOfMG, tomo2, Topaz9, travisrise, vaci, Vaske8990, Vatreni Zmaj, vazduh, vensla, vidra boy, Vlado82, vrag81, vrlenija, vukajlo71, vuksa72, VX1, Webb, WhiteTree, Zec, zombicar153