MyCity » Ambulanta -> Arhiva Ambulante » Provera hjt loga

Provera hjt loga

Napisano na dan: 23.4.2009

Provera hjt loga
Sledeća strana Pagination

Idi na vrh

Poslao: 23 Apr 2009 09:40
Idi na vrh
offline
  • kovica 
  • Novi MyCity građanin
  • Pridružio: 23 Apr 2009
  • Poruke: 3

Imao sam infekciju trojanima ( ne mogu da se setim imena doduse) i uspeo sam da sredim infekciju sa Avirom i Superantispyware programom. Samo zelim da budem siguran da jos uvek nesto ne zivi kod mene u racunaru Smile)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:24, on 23.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21020)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\corega\Common\RaUI.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.24\RivaTuner.exe" /S
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: corega Wireless Utility.lnk = C:\Program Files\corega\Common\RaUI.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ?????? Google Update (gupdate1c9be0ec672c640) (gupdate1c9be0ec672c640) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 7826 bytes

Poslao: 23 Apr 2009 16:09
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Log izgleda ok. Ukoliko želiš, možemo odraditi još jednu proveru.



Arrow Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.

Iskopiraj sadržaj tog izveštaja u iduću poruku.

Poslao: 23 Apr 2009 18:08
Idi na vrh
offline
  • kovica 
  • Novi MyCity građanin
  • Pridružio: 23 Apr 2009
  • Poruke: 3

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/04/23 18:04
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: af4023mj.SYS
Image Path: C:\WINDOWS\System32\Drivers\af4023mj.SYS
Address: 0xB940C000 Size: 421888 File Visible: No
Status: -

Name: catchme.sys
Image Path: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
Address: 0xBA468000 Size: 31744 File Visible: No
Status: -

Name: giveio.sys
Image Path: giveio.sys
Address: 0xBA671000 Size: 1664 File Visible: No
Status: -

Name: PCI_NTPNP9670
Image Path: \Driver\PCI_NTPNP9670
Address: 0x00000000 Size: 0 File Visible: No
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xBA664000 Size: 6464 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0x89ECA000 Size: 45056 File Visible: No
Status: -

Name: speedfan.sys
Image Path: speedfan.sys
Address: 0xBA5AE000 Size: 5248 File Visible: No
Status: -

SSDT
-------------------
#: 041 Function Name: NtCreateKey
Status: Hooked by "<unknown>" at address 0xba763476

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\drivers\mbam.sys" at address 0xb6730fe0

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xba76346c

#: 063 Function Name: NtDeleteKey
Status: Hooked by "<unknown>" at address 0xba76347b

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "<unknown>" at address 0xba763485

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "sptd.sys" at address 0xb9ec3fb2

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "sptd.sys" at address 0xb9ec4340

#: 098 Function Name: NtLoadKey
Status: Hooked by "<unknown>" at address 0xba76348a

#: 119 Function Name: NtOpenKey
Status: Hooked by "sptd.sys" at address 0xb9ebe0b0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xba763458

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xba76345d

#: 160 Function Name: NtQueryKey
Status: Hooked by "sptd.sys" at address 0xb9ec4418

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "sptd.sys" at address 0xb9ec4298

#: 193 Function Name: NtReplaceKey
Status: Hooked by "<unknown>" at address 0xba763494

#: 204 Function Name: NtRestoreKey
Status: Hooked by "<unknown>" at address 0xba76348f

#: 247 Function Name: NtSetValueKey
Status: Hooked by "<unknown>" at address 0xba763480

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0xb6fc0df0

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x89d5a1e8 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CREATE]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLOSE]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_READ]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_WRITE]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_EA]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_EA]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_SHUTDOWN]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_CLEANUP]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: Fastfat, IRP_MJ_PNP]
Process: System Address: 0x88805678 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x89d5b1e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x89d5b1e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89d5b1e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89d5b1e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x89d5b1e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89d5b1e8 Size: -

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x89d5b1e8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x89a341e8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x89a341e8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x89a341e8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x89a341e8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89a341e8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89a341e8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89a341e8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89a341e8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x89a341e8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89a341e8 Size: -

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x89a341e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]
Process: System Address: 0x89dc81e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]
Process: System Address: 0x89dc81e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]
Process: System Address: 0x89dc81e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]
Process: System Address: 0x89dc81e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89dc81e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89dc81e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89dc81e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89dc81e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]
Process: System Address: 0x89dc81e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89dc81e8 Size: -

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]
Process: System Address: 0x89dc81e8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x89a4f1e8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x89a4f1e8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89a4f1e8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89a4f1e8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x89a4f1e8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89a4f1e8 Size: -

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x89a4f1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x89d5c1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x89d5c1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x89d5c1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89d5c1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89d5c1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89d5c1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89d5c1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x89d5c1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x89d5c1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89d5c1e8 Size: -

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x89d5c1e8 Size: -

Object: Hidden Code [Driver: af4023mjȅ౨瑎晦܂Èੈ, IRP_MJ_CREATE]
Process: System Address: 0x898e3790 Size: -

Object: Hidden Code [Driver: af4023mjȅ౨瑎晦܂Èੈ, IRP_MJ_CLOSE]
Process: System Address: 0x898e3790 Size: -

Object: Hidden Code [Driver: af4023mjȅ౨瑎晦܂Èੈ, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x898e3790 Size: -

Object: Hidden Code [Driver: af4023mjȅ౨瑎晦܂Èੈ, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x898e3790 Size: -

Object: Hidden Code [Driver: af4023mjȅ౨瑎晦܂Èੈ, IRP_MJ_POWER]
Process: System Address: 0x898e3790 Size: -

Object: Hidden Code [Driver: af4023mjȅ౨瑎晦܂Èੈ, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x898e3790 Size: -

Object: Hidden Code [Driver: af4023mjȅ౨瑎晦܂Èੈ, IRP_MJ_PNP]
Process: System Address: 0x898e3790 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x8986d1e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x8986d1e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8986d1e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8986d1e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x8986d1e8 Size: -

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x8986d1e8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x89a4e1e8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x89a4e1e8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89a4e1e8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89a4e1e8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x89a4e1e8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89a4e1e8 Size: -

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x89a4e1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x88aef1e8 Size: -

Object: Hidden Code [Driver: , IRP_MJ_CREATE]
Process: System Address: 0x89921440 Size: -

Object: Hidden Code [Driver: , IRP_MJ_CLOSE]
Process: System Address: 0x89921440 Size: -

Object: Hidden Code [Driver: , IRP_MJ_READ]
Process: System Address: 0x89921440 Size: -

Object: Hidden Code [Driver: , IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89921440 Size: -

Object: Hidden Code [Driver: , IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89921440 Size: -

Object: Hidden Code [Driver: , IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89921440 Size: -

Object: Hidden Code [Driver: , IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89921440 Size: -

Object: Hidden Code [Driver: , IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89921440 Size: -

Object: Hidden Code [Driver: , IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89921440 Size: -

Object: Hidden Code [Driver: , IRP_MJ_SHUTDOWN]
Process: System Address: 0x89921440 Size: -

Object: Hidden Code [Driver: , IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89921440 Size: -

Object: Hidden Code [Driver: , IRP_MJ_CLEANUP]
Process: System Address: 0x89921440 Size: -

Object: Hidden Code [Driver: , IRP_MJ_PNP]
Process: System Address: 0x89921440 Size: -

Poslao: 23 Apr 2009 18:28
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ništa konkretno u logu. Rekao bih da ovde nema aktivnog malware-a.

Poslao: 23 Apr 2009 18:31
Idi na vrh
offline
  • kovica 
  • Novi MyCity građanin
  • Pridružio: 23 Apr 2009
  • Poruke: 3

Mnogo hvala!!!! Sjajan je ovaj forum Smile

MyCity » Ambulanta -> Arhiva Ambulante » Provera hjt loga

Ko je trenutno na forumu
 

Ukupno su 864 korisnika na forumu :: 6 registrovanih, 0 sakrivenih i 858 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: babaroga, Milos ZA, Neutral-M, Panter, pein, VJ