MyCity » Ambulanta -> Arhiva Ambulante » Ndis.sys - plavi error i misteriozni fajlovi na desktopu

Ndis.sys - plavi error i misteriozni fajlovi na desktopu

Napisano na dan: 14.4.2007

Strana:
1
2

Ndis.sys - plavi error i misteriozni fajlovi na desktopu

Pagination

Prethodna strana

Odgovori

Strana:
1
2

bobby Poslao: 14 Apr 2007 22:47 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nesto ovde opet ne valja, imamo novi ubaceni fajl u Winsock lanac. Posalji mi i ovaj zjums.dll koji se spominje u O10 linijama, pa i njega otkloni uz pomoc LSPFix-a. Napravi mi novi log posle toga. Ukoliko se pojavi opet neka nova O10 linija, onda idemo na potragu za rootkitom: Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili

Profil

Artisan Poslao: 15 Apr 2007 02:12 Idi na vrh
offline Artisan Građanin Pridružio: 08 Nov 2006 Poruke: 167	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! zjums.dll je uploudovan Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 11:56:26 PM, on 14/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\qttask.exe C:\WINDOWS\vsnpstd2.exe C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe C:\Program Files\NetLimiter 2 Pro\nlsvc.exe D:\wincmd\WINCMD32.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NetLimiter 2 Pro\NLClient.exe D:\!DOWNLOAD\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: SATARaid.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CS1\Services\Tcpip\..\{BDD4193F-EAC3-4263-88E7-9413119539B3}: NameServer = 192.168.1.1,194.247.192.180 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RemoteShutDown Service (RemShutDownSvc) - Unknown owner - C:\WINDOWS\System32\remsdnsv.exe Dopuna: 15 Apr 2007 2:12 Vec se ponovo pojavila O 10 linija , sada se dll zove uqodi.dll . file1.txt GMER 1.0.12.12244 - gmer.net Rootkit scan 2007-04-15 02:13:00 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT sptd.sys ZwCreateKey SSDT sptd.sys ZwEnumerateKey SSDT sptd.sys ZwEnumerateValueKey SSDT sptd.sys ZwOpenKey SSDT sptd.sys ZwQueryKey SSDT sptd.sys ZwQueryValueKey SSDT sptd.sys ZwSetValueKey ---- Kernel code sections - GMER 1.0.12 ---- ? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process. ? C:\WINDOWS\system32\drivers\NDIS.sys The process cannot access the file because it is being used by another process. .text USBPORT.SYS!DllUnload F79A562C 5 Bytes JMP 82AA24F0 ? System32\Drivers\akun4msg.SYS The system cannot find the file specified. ? C:\WINDOWS\system32\DRIVERS\update.sys ---- Devices - GMER 1.0.12 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 82F671E8 Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 82F671E8 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 82AA0980 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 82AA0980 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 82AA0980 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AA0980 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 82AA0980 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 82AA0980 Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 82AA0980 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 82FD71E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CLOSE 82FD71E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_READ 82FD71E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_WRITE 82FD71E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_FLUSH_BUFFERS 82FD71E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_DEVICE_CONTROL 82FD71E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_INTERNAL_DEVICE_CONTROL 82FD71E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SHUTDOWN 82FD71E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_POWER 82FD71E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_SYSTEM_CONTROL 82FD71E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_PNP 82FD71E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 82FD71E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CLOSE 82FD71E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_READ 82FD71E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_WRITE 82FD71E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_FLUSH_BUFFERS 82FD71E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_DEVICE_CONTROL 82FD71E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_INTERNAL_DEVICE_CONTROL 82FD71E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SHUTDOWN 82FD71E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_POWER 82FD71E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_SYSTEM_CONTROL 82FD71E8 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_PNP 82FD71E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 82FD71E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CLOSE 82FD71E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_READ 82FD71E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_WRITE 82FD71E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_FLUSH_BUFFERS 82FD71E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_DEVICE_CONTROL 82FD71E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_INTERNAL_DEVICE_CONTROL 82FD71E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SHUTDOWN 82FD71E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_POWER 82FD71E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_SYSTEM_CONTROL 82FD71E8 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_PNP 82FD71E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 82FD71E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CLOSE 82FD71E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_READ 82FD71E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_WRITE 82FD71E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_FLUSH_BUFFERS 82FD71E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_DEVICE_CONTROL 82FD71E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_INTERNAL_DEVICE_CONTROL 82FD71E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SHUTDOWN 82FD71E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_POWER 82FD71E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_SYSTEM_CONTROL 82FD71E8 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_PNP 82FD71E8 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 82AA0980 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 82AA0980 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 82AA0980 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AA0980 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 82AA0980 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 82AA0980 Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 82AA0980 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CREATE 82B66980 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_CLOSE 82B66980 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 82B66980 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B66980 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_POWER 82B66980 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 82B66980 Device \Driver\usbehci \Device\USBPDO-2 IRP_MJ_PNP 82B66980 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 82F6A1E8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82AE13E0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82AE13E0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82AE13E0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82AE13E0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82AE13E0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82AE13E0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AE13E0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82AE13E0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82AE13E0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82AE13E0 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82AE13E0 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 82F6A1E8 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 82F6A1E8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82AE13E0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 82AE13E0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82AE13E0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82AE13E0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82AE13E0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82AE13E0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AE13E0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82AE13E0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82AE13E0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82AE13E0 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82AE13E0 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 82A231E8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 82A231E8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 82A231E8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 82A231E8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 82A231E8 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 82A231E8 Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_CREATE [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_CREATE_NAMED_PIPE [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_CLOSE [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_READ [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_WRITE [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_QUERY_INFORMATION [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_SET_INFORMATION [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_QUERY_EA [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_SET_EA [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_FLUSH_BUFFERS [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_QUERY_VOLUME_INFORMATION [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_SET_VOLUME_INFORMATION [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_DIRECTORY_CONTROL [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_FILE_SYSTEM_CONTROL [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_DEVICE_CONTROL [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_INTERNAL_DEVICE_CONTROL [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_SHUTDOWN [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_LOCK_CONTROL [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_CLEANUP [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_CREATE_MAILSLOT [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_QUERY_SECURITY [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_SET_SECURITY [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_POWER [F84CADB8] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_SYSTEM_CONTROL [F84E5344] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_DEVICE_CHANGE [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_QUERY_QUOTA [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_SET_QUOTA [F84E8F18] sptd.sys Device \Driver\PCI_NTPNP4658 \Device\0000004a IRP_MJ_PNP [F84E62D0] sptd.sys Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 82A231E8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 82A231E8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 82A231E8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 82A231E8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 82A231E8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 82A231E8 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 82AA0980 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 82AA0980 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 82AA0980 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AA0980 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 82AA0980 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 82AA0980 Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 82AA0980 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE 82AA0980 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CLOSE 82AA0980 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 82AA0980 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82AA0980 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_POWER 82AA0980 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 82AA0980 Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_PNP 82AA0980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 82870980 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 82870980 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CREATE 82B66980 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_CLOSE 82B66980 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 82B66980 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 82B66980 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_POWER 82B66980 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 82B66980 Device \Driver\usbehci \Device\USBFDO-2 IRP_MJ_PNP 82B66980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 82870980 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 82870980 Device \Driver\NetBT \Device\NetBT_Tcpip_{58E2A749-6200-4DB0-97BD-8ABF3225881E} IRP_MJ_CREATE 82A231E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{58E2A749-6200-4DB0-97BD-8ABF3225881E} IRP_MJ_CLOSE 82A231E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{58E2A749-6200-4DB0-97BD-8ABF3225881E} IRP_MJ_DEVICE_CONTROL 82A231E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{58E2A749-6200-4DB0-97BD-8ABF3225881E} IRP_MJ_INTERNAL_DEVICE_CONTROL 82A231E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{58E2A749-6200-4DB0-97BD-8ABF3225881E} IRP_MJ_CLEANUP 82A231E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{58E2A749-6200-4DB0-97BD-8ABF3225881E} IRP_MJ_PNP 82A231E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 82F6A1E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 82F6A1E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 82F6A1E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 82F6A1E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 82F6A1E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 82F6A1E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 82F6A1E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 82F6A1E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 82F6A1E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 82F6A1E8 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 82F6A1E8 Device \Driver\akun4msg \Device\Scsi\akun4msg1Port2Path0Target0Lun0 IRP_MJ_CREATE 829C04F8 Device \Driver\akun4msg \Device\Scsi\akun4msg1Port2Path0Target0Lun0 IRP_MJ_CLOSE 829C04F8 Device \Driver\akun4msg \Device\Scsi\akun4msg1Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 829C04F8 Device \Driver\akun4msg \Device\Scsi\akun4msg1Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 829C04F8 Device \Driver\akun4msg \Device\Scsi\akun4msg1Port2Path0Target0Lun0 IRP_MJ_POWER 829C04F8 Device \Driver\akun4msg \Device\Scsi\akun4msg1Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 829C04F8 Device \Driver\akun4msg \Device\Scsi\akun4msg1Port2Path0Target0Lun0 IRP_MJ_PNP 829C04F8 Device \Driver\akun4msg \Device\Scsi\akun4msg1 IRP_MJ_CREATE 829C04F8 Device \Driver\akun4msg \Device\Scsi\akun4msg1 IRP_MJ_CLOSE 829C04F8 Device \Driver\akun4msg \Device\Scsi\akun4msg1 IRP_MJ_DEVICE_CONTROL 829C04F8 Device \Driver\akun4msg \Device\Scsi\akun4msg1 IRP_MJ_INTERNAL_DEVICE_CONTROL 829C04F8 Device \Driver\akun4msg \Device\Scsi\akun4msg1 IRP_MJ_POWER 829C04F8 Device \Driver\akun4msg \Device\Scsi\akun4msg1 IRP_MJ_SYSTEM_CONTROL 829C04F8 Device \Driver\akun4msg \Device\Scsi\akun4msg1 IRP_MJ_PNP 829C04F8 Device \Driver\SI3112r \Device\Scsi\SI3112r1 IRP_MJ_CREATE 82F681E8 Device \Driver\SI3112r \Device\Scsi\SI3112r1 IRP_MJ_CLOSE 82F681E8 Device \Driver\SI3112r \Device\Scsi\SI3112r1 IRP_MJ_DEVICE_CONTROL 82F681E8 Device \Driver\SI3112r \Device\Scsi\SI3112r1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82F681E8 Device \Driver\SI3112r \Device\Scsi\SI3112r1 IRP_MJ_POWER 82F681E8 Device \Driver\SI3112r \Device\Scsi\SI3112r1 IRP_MJ_SYSTEM_CONTROL 82F681E8 Device \Driver\SI3112r \Device\Scsi\SI3112r1 IRP_MJ_PNP 82F681E8 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 82884548 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 82884548 Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 82884548 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 82884548 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 82884548 Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 82884548 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 82884548 Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 82884548 Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 82884548 Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 82884548 Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 82884548 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 82884548 Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 82884548 ---- EOF - GMER 1.0.12 ---- file2.txt GMER 1.0.12.12244 - gmer.net Autostart scan 2007-04-15 02:14:51 Windows 5.1.2600 Service Pack 2 HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe, HKLM\SYSTEM\CurrentControlSet\Services\ >>> nlsvc /NetLimiter/@ = "C:\Program Files\NetLimiter 2 Pro\nlsvc.exe" NOD32krn /NOD32 Kernel Service/@ = "C:\Program Files\Eset\nod32krn.exe" NVSvc /NVIDIA Display Driver Service/@ = %SystemRoot%\system32\nvsvc32.exe Spooler /Print Spooler/@ = %SystemRoot%\system32\spoolsv.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>> @NVMixerTray"C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" = "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" @NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup @nwiznwiz.exe /install = nwiz.exe /install @NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit @WinampAgentC:\Program Files\Winamp\winampa.exe = C:\Program Files\Winamp\winampa.exe @QuickTime Task"C:\WINDOWS\system32\qttask.exe" -atboottime = "C:\WINDOWS\system32\qttask.exe" -atboottime @Tweak UIRUNDLL32.EXE TWEAKUI.CPL,TweakMeUp = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp @SNPSTD2C:\WINDOWS\vsnpstd2.exe = C:\WINDOWS\vsnpstd2.exe @NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe @nod32kui"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE = "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>> @DAEMON Tools"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 = "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 @ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>> @{42071714-76d4-11d1-8b24-00a0c9068ff3} /Display Panning CPL Extension/deskpan.dll /file not found/ = deskpan.dll /file not found/ @{596AB062-B4D2-4215-9F74-E9109B0A8153} /Previous Versions Property Page/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll @{9DB7A13C-F208-4981-8353-73CC61AE2783} /Previous Versions/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll @{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /Autoplay for SlideShow/(null) = @{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /Extensions Manager Folder/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll @{A70C977A-BF00-412C-90B7-034C51DA2439} /NvCpl DesktopContext Class/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll @{FFB699E0-306A-11d3-8BD1-00104B6F7516} /Play on my TV helper/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll @{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /Web Folders/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL @{00020D75-0000-0000-C000-000000000046} /Microsoft Office Outlook Desktop Icon Handler/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL @{0006F045-0000-0000-C000-000000000046} /Microsoft Office Outlook Custom Icon Handler/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL @{42042206-2D85-11D3-8CFF-005004838597} /Microsoft Office HTML Icon Handler/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll @{1CDB2949-8F65-4355-8456-263E7C208A5D} /Desktop Explorer/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll @{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /Desktop Explorer Menu/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll @{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /nView Desktop Context Menu/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll @{B41DB860-8EE4-11D2-9906-E49FADC173CA} /WinRAR shell extension/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll @{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /Shell Extensions for RealOne Player/C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll = C:\Program Files\ACE Mega CoDecS Pack\SystemS\RealMedia\rpshell.dll @{B089FE88-FB52-11D3-BDF1-0050DA34150D} /NOD32 Context Menu Shell Extension/C:\Program Files\Eset\nodshex.dll = C:\Program Files\Eset\nodshex.dll HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>> NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>> DAP_ShredMenu@{BED4C38B-F765-45AC-8C56-613F76BBF43E} = WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>> NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr HKLM\Software\Microsoft\Internet Explorer\Main >>> @Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome @Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home @Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm HKCU\Software\Microsoft\Internet Explorer\Main >>> @Start Pageabout:blank = about:blank @Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL HKLM\Software\Classes\PROTOCOLS\Handler\ >>> dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll its@CLSID = C:\WINDOWS\system32\itss.dll mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll ms-its@CLSID = C:\WINDOWS\system32\itss.dll mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL tv@CLSID = C:\WINDOWS\system32\msvidctl.dll wia@CLSID = C:\WINDOWS\system32\wiascr.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>> 000000000001@PackedCatalogItem = C:\WINDOWS\system32\imon.dll 000000000002@PackedCatalogItem = C:\WINDOWS\system32\imon.dll 000000000003@PackedCatalogItem = C:\WINDOWS\system32\imon.dll 000000000004@PackedCatalogItem = C:\WINDOWS\system32\imon.dll 000000000005@PackedCatalogItem = C:\WINDOWS\system32\imon.dll 000000000006@PackedCatalogItem = C:\WINDOWS\system32\uqodi.dll 000000000007@PackedCatalogItem = C:\WINDOWS\system32\uqodi.dll 000000000008@PackedCatalogItem = C:\WINDOWS\system32\uqodi.dll 000000000009@PackedCatalogItem = C:\WINDOWS\system32\uqodi.dll 000000000010@PackedCatalogItem = C:\WINDOWS\system32\uqodi.dll 000000000011@PackedCatalogItem = C:\WINDOWS\system32\uqodi.dll 000000000012@PackedCatalogItem = C:\WINDOWS\system32\uqodi.dll 000000000013@PackedCatalogItem = C:\WINDOWS\system32\uqodi.dll 000000000014@PackedCatalogItem = C:\WINDOWS\system32\uqodi.dll 000000000015@PackedCatalogItem = C:\WINDOWS\system32\uqodi.dll 000000000016@PackedCatalogItem = C:\WINDOWS\system32\uqodi.dll 000000000017@PackedCatalogItem = C:\WINDOWS\system32\uqodi.dll 000000000018@PackedCatalogItem = C:\WINDOWS\system32\uqodi.dll 000000000019@PackedCatalogItem = C:\WINDOWS\system32\uqodi.dll 000000000020@PackedCatalogItem = C:\WINDOWS\system32\uqodi.dll 000000000036@PackedCatalogItem = C:\WINDOWS\system32\uqodi.dll HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000037@PackedCatalogItem = C:\WINDOWS\system32\imon.dll C:\Documents and Settings\All Users\Start Menu\Programs\Startup = SATARaid.lnk ---- EOF - GMER 1.0.12 ----

Profil

bobby Poslao: 15 Apr 2007 07:24 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napravi HJT log i zapisi ima DLL-a koji se pojavljuje u O10 liniji. Iskopiraj sa nekog kompa koji nije zarazen ndis.sys, startuj tvoj komp u Safe Mode i prekopiraj taj "zdrav" fajl preko C:\WINDOWS\system32\drivers\NDIS.sys Dok si jos u Safe Mode, obrisi dll koji si zapisao gore (O10 linija). Ukoliko su se u C:\ pojavili novi NLS fajlovi, njih skloni u neki folder, pa kasnije obrisi ako komp radi kako treba. Vidi da li u C:\ imas fajl koji se zove ntldr.sys, i on je problem. Pazi samo da ga ne pomesas sa legitimnim ntldr (bez ekstenzije fajla) koji je potreban za startovanje Windowsa. Restartuj komp i vidi da li se pojavila nova O10 linija.

Profil

Artisan Poslao: 15 Apr 2007 19:18 Idi na vrh
offline Artisan Građanin Pridružio: 08 Nov 2006 Poruke: 167	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Na kompjuteru ne mogu da nadjem ni ntldr.sys (prilikom pretrage sam ukljucio i trazenje sistemskih i skrivenih fajlova , 2 puta sam trazio , proveravao da li sam slucajno pogresno ukljucio samo pretragu slika , muzike i filmova ) . Ndis.sys cu uzeti od burazera kada se vrati iz grada , posto mi je ovaj funkcionalni windows servis pack 1 , a osteceni servis pack 2 . Napravio sam glupu gresku - juce sam u ambulantu umesto ndis.sys iz ostecenog windowsa poslao onaj iz neostecenog pa je zato bio verzija servis pack 1 . Kada sam hteo da uzmem ndis.sys iz ostecenog windowsa pored njega sam zatekao jos jedan koji kao da je iz servis packa jedan ( on tu ne bi trebalo da bude jer je ceo windows servis pack 1 na drugoj particiji ) pa saljem oba .

Profil

bobby Poslao: 15 Apr 2007 21:09 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Onaj ndis.sys od 281.384 bajtova (274 KB) nije Microsoftov, tako da je najverovatnije on krivac (malware). Fajl ndis(2).sys je originalan Microsoftov iz Service Pack 2. Prvo u normalnom modu resi O10 linije kao sto smo i do sada (obrises nepoznati fajl ili ga premestis u drugi folder), pa odmah nakon toga restart u Safe Mode. U Safe Mode obrisi onaj ndis.sys bez dvojke u zagradi, a onom sa dvojkom u zagradi prepravi ime onako kako treba da bude - ndis.sys Da znas za kasnije koji je fajl Microsoftov a koji nije: - kliknes desno dugme na fajl i odaberes opciju Properties - na kartici Version pogledaj dole Copyrigth podatke, Microsoft treba da je spomenut u par linija - ako su sva ta copyrigth polja prazna, onda fajl sigurno nije Microsoftov

Profil

Artisan Poslao: 15 Apr 2007 22:53 Idi na vrh
offline Artisan Građanin Pridružio: 08 Nov 2006 Poruke: 167	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uradio sam ovo i izgleda da je problem resen sat i po sam na internetu , isprobao sam download , malo sam surfovao , sve radi . 3 puta sam restartovao komp da bi video da li ce ponovo da se pojavi O 10 linija i nema je . Puno ti hvala i izvini sto sam ti potrosio vreme slanjem pogresnog ndis.sys fajla . Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 10:57:35 PM, on 15/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\qttask.exe C:\WINDOWS\vsnpstd2.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Silicon Image\SiISATARaid\SATARaid.exe C:\Program Files\NetLimiter 2 Pro\nlsvc.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NetLimiter 2 Pro\NLClient.exe D:\Program Files\Innovative Solutions\Taskbar Button Manager\tbm.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Opera\Opera.exe D:\wincmd\WINCMD32.EXE D:\Backup\Programi\HiJackThis_v2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Taskbar Button Manager] D:\Program Files\Innovative Solutions\Taskbar Button Manager\tbm.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: SATARaid.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CS1\Services\Tcpip\..\{BDD4193F-EAC3-4263-88E7-9413119539B3}: NameServer = 192.168.1.1,194.247.192.180 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: NetLimiter (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 2 Pro\nlsvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: RemoteShutDown Service (RemShutDownSvc) - Unknown owner - C:\WINDOWS\System32\remsdnsv.exe

Profil

bobby Poslao: 16 Apr 2007 05:56 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala i tebi za slanje onih fajlova. Jako puno antivirusa ih ne prepoznaje, tako da cu to veceras da im posaljem da ubace u definicije.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Ndis.sys - plavi error i misteriozni fajlovi na desktopu

Ko je trenutno na forumu

Ukupno su 988 korisnika na forumu :: 42 registrovanih, 2 sakrivenih i 944 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, 8u47, A.R.Chafee.Jr., anta, babaroga, Bluper, bobomicek, bokisha253, Boris90, Bubimir, cvrle312, DeerHunter, Duh sa sekirom, Faki-Valjevo, FOX, Georgius, Herman Terrance Aubrey, ILGromovnik, indja, krkalon, Kubovac, leonard, Lucije Kvint, milenko crazy north, Millennium, milutin134, mrav pesadinac, Nemanja.M, nenad81, nikoladim, oldtimer, Oscar, Panter, ruger357, Smiljke, Srle993, Trpe Grozni, vathra, vukdra, YU-UKI, Žoržo, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by