MyCity » Ambulanta -> Arhiva Ambulante » nesto z*za

nesto z*za

Napisano na dan: 6.7.2009

nesto z*za
Sledeća strana Pagination

Idi na vrh

Poslao: 06 Jul 2009 17:33
Idi na vrh
offline
  • Pridružio: 23 Mar 2006
  • Poruke: 84

Nesto mi se komp neobicno ponasa. Aktivira desni taster misa, nece daljinski od TV kartice. Sumnjam na `nesto`.
Evo log od HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:30:59, on 6.7.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OEM\11bg Wireless LAN USB Utility\RtWLan.exe
C:\Program Files\AirLive\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\WINDOWS\system32\OSK.exe
C:\Program Files\AirLive\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\cFosSpeed\spd.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\taskmgr.exe
E:\DC++\zK\zK++.exe
E:\DC++\Apex\ApexDC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [XTNDConnect PC - ErPhn2] C:\PROGRA~1\COMMON~1\XCPCSync\TRANSL~1\ErPhn2\ErTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - .DEFAULT User Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (User 'Default user')
O4 - Global Startup: 11bg Wireless LAN USB Utility.lnk = C:\Program Files\OEM\11bg Wireless LAN USB Utility\RtWLan.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\AirLive\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\AirLive\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\AirLive\Bluetooth Software\bin\btwdins.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Услуга Google Update (gupdate1c9c674f9919646) (gupdate1c9c674f9919646) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10114 bytes

Poslao: 06 Jul 2009 20:48
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...

Ovako... Log je čist, no ako ti smatraš da bi malware mogao biti uzrok toga što ti ne rade daljinski i miš (a verovatnoća za to je... mala), isprati donje uputstvo.



Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Poslao: 06 Jul 2009 21:19
Idi na vrh
offline
  • Pridružio: 23 Mar 2006
  • Poruke: 84

Zahvaljujem, ali ne radi.
Cetiri puta sam startovao program, i svaki put mi je restartovao racunar.

Poslao: 06 Jul 2009 21:23
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.

Iskopiraj sadržaj tog izveštaja u iduću poruku.

Poslao: 06 Jul 2009 21:47
Idi na vrh
offline
  • Pridružio: 23 Mar 2006
  • Poruke: 84

Napisano: 06 Jul 2009 21:29

Evo reporta:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Time: 2009/07/06 21:29
Program Version: Version 1.3.0.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: 00000044
Image Path: \Driver\00000044
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: a0a2kb4k.SYS
Image Path: C:\WINDOWS\System32\Drivers\a0a2kb4k.SYS
Address: 0xBA058000 Size: 303104 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB62AA000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79B3000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB2D94000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\documents and settings\Зоки\local settings\temp\etilqs_fctirste4gbkijof9rgd
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\documents and settings\Зоки\local settings\temp\etilqs_hxikcsx8pbznbmp7o4zl
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\Зоки\local settings\temp\etilqs_qfghqgljccb9q1ucvpbj
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_urx7btlyhf2populyvnh
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_gbumojf6cvmxdnhses9v
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_gmcdfjkfp24zhdcec8qa
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_god79fexspwc1jd75wvt
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_ib9sdazo3qabklm1qqba
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_jnxmkpjbonufhhyaphhx
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_npeepdvr0dgrjlebzp8i
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_plgb9ejsrpkrwiytpm4h
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_sflb6ylmeycqtzgh9ax4
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_2ffmh1bsnyhs6gdlrzry
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_3gtgbiiukykirjoir5ug
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_acvxqp9fw6sxt40jr9nd
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_cn5j3ldwjadrp0vwlzem
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_cshatvfgd1trjgxxujed
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_cutvulbrpkxakvdjqt4r
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_vd5od4fdsvvmran8atsq
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_vnrmpkr8zvvyfm0rbgno
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_wuwydggmhmqe49lltoqx
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_wwf4gvdrfkflfdmcbtig
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\Зоки\application data\skype\zokcevi\etilqs_xsj4ikqqgdhg9twewfy5
Status: Allocation size mismatch (API: 16384, Raw: 0)

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb62de6b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb62de574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb62dea52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb62de14c

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xf750584c

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xf7505bec

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb62de64e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb62de08c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb62de0f0

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xf7505cc4

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb62de76e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb62de72e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb62de8ae

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x897901d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x891ae5d8 Size: 463

Object: Hidden Code [Driver: a0a2kb4kȅఅ瑁䅭뢠쀅؁Binary, IRP_MJ_CREATE]
Process: System Address: 0x891b1980 Size: 463

Object: Hidden Code [Driver: a0a2kb4kȅఅ瑁䅭뢠쀅؁Binary, IRP_MJ_CLOSE]
Process: System Address: 0x891b1980 Size: 463

Object: Hidden Code [Driver: a0a2kb4kȅఅ瑁䅭뢠쀅؁Binary, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x891b1980 Size: 463

Object: Hidden Code [Driver: a0a2kb4kȅఅ瑁䅭뢠쀅؁Binary, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x891b1980 Size: 463

Object: Hidden Code [Driver: a0a2kb4kȅఅ瑁䅭뢠쀅؁Binary, IRP_MJ_POWER]
Process: System Address: 0x891b1980 Size: 463

Object: Hidden Code [Driver: a0a2kb4kȅఅ瑁䅭뢠쀅؁Binary, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x891b1980 Size: 463

Object: Hidden Code [Driver: a0a2kb4kȅఅ瑁䅭뢠쀅؁Binary, IRP_MJ_PNP]
Process: System Address: 0x891b1980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x8926c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x8926c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x8926c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x8926c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8926c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8926c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8926c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8926c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x8926c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8926c980 Size: 463

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x8926c980 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x897921d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x897921d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x897921d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x897921d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x897921d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897921d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x897921d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x897921d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x897921d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x897921d8 Size: 463

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x897921d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x892f81d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x892f81d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x892f81d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x892f81d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x892f81d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x892f81d8 Size: 463

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x892f81d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x897231d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x897231d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x897231d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x897231d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897231d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x897231d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x897231d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x897231d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x897231d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x897231d8 Size: 463

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x897231d8 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x889551d8 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x889551d8 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x889551d8 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x889551d8 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x889551d8 Size: 463

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x889551d8 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x892e5910 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x892e5910 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x892e5910 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x892e5910 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x892e5910 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x892e5910 Size: 463

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x892e5910 Size: 463

Object: Hidden Code [Driver: Si3112r, IRP_MJ_CREATE]
Process: System Address: 0x897911d8 Size: 463

Object: Hidden Code [Driver: Si3112r, IRP_MJ_CLOSE]
Process: System Address: 0x897911d8 Size: 463

Object: Hidden Code [Driver: Si3112r, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x897911d8 Size: 463

Object: Hidden Code [Driver: Si3112r, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x897911d8 Size: 463

Object: Hidden Code [Driver: Si3112r, IRP_MJ_POWER]
Process: System Address: 0x897911d8 Size: 463

Object: Hidden Code [Driver: Si3112r, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x897911d8 Size: 463

Object: Hidden Code [Driver: Si3112r, IRP_MJ_PNP]
Process: System Address: 0x897911d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x889541d8 Size: 463

Object: Hidden Code [Driver: CdfsЅ఩捐楓, IRP_MJ_CREATE]
Process: System Address: 0x891aa980 Size: 463

Object: Hidden Code [Driver: CdfsЅ఩捐楓, IRP_MJ_CLOSE]
Process: System Address: 0x891aa980 Size: 463

Object: Hidden Code [Driver: CdfsЅ఩捐楓, IRP_MJ_READ]
Process: System Address: 0x891aa980 Size: 463

Object: Hidden Code [Driver: CdfsЅ఩捐楓, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x891aa980 Size: 463

Object: Hidden Code [Driver: CdfsЅ఩捐楓, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x891aa980 Size: 463

Object: Hidden Code [Driver: CdfsЅ఩捐楓, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x891aa980 Size: 463

Object: Hidden Code [Driver: CdfsЅ఩捐楓, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x891aa980 Size: 463

Object: Hidden Code [Driver: CdfsЅ఩捐楓, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x891aa980 Size: 463

Object: Hidden Code [Driver: CdfsЅ఩捐楓, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x891aa980 Size: 463

Object: Hidden Code [Driver: CdfsЅ఩捐楓, IRP_MJ_SHUTDOWN]
Process: System Address: 0x891aa980 Size: 463

Object: Hidden Code [Driver: CdfsЅ఩捐楓, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x891aa980 Size: 463

Object: Hidden Code [Driver: CdfsЅ఩捐楓, IRP_MJ_CLEANUP]
Process: System Address: 0x891aa980 Size: 463

Object: Hidden Code [Driver: CdfsЅ఩捐楓, IRP_MJ_PNP]
Process: System Address: 0x891aa980 Size: 463

==EOF==

Dopuna: 06 Jul 2009 21:47

Mora da m nesto.
I disk mi se cesto aktivira.

Poslao: 06 Jul 2009 22:21
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ja smatram da ovde nema malware-a.

Ako želiš još dodatnih provera, možeš odraditi neki online scan (mada mislim da tražiš uzrok problema na pogrešnom mestu - jesi li probao drugi miš? ; jesi li reinstalirao softver za TV karticu? itd.):


http://www.bitdefender.com/scanner/online/free.html
http://www.eset.com/onlinescan/
http://www.pandasecurity.com/homeusers/solutions/activescan/


poz...

Poslao: 07 Jul 2009 22:13
Idi na vrh
offline
  • Pridružio: 23 Mar 2006
  • Poruke: 84

Napisano: 06 Jul 2009 22:24

Hvala Boro.
Do sada je pomagao instal windowsa.
Hteo sam da to izbegnem.
Pozdrav.

Dopuna: 07 Jul 2009 22:13

Oni linkovi su pomogli.
Nasao sam nekoliko uljeza.
Hvala jos jednom!

MyCity » Ambulanta -> Arhiva Ambulante » nesto z*za

Ko je trenutno na forumu
 

Ukupno su 774 korisnika na forumu :: 8 registrovanih, 1 sakriven i 765 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: babaroga, draganl, Leonov, milenko crazy north, Milos1389, nemkea71, zlaya011, šumar bk2