MyCity » Ambulanta -> Arhiva Ambulante » Explorer.exe i DrWatson PostMortem Debugger

Explorer.exe i DrWatson PostMortem Debugger

Napisano na dan: 29.7.2008

Explorer.exe i DrWatson PostMortem Debugger

Sledeća strana

Pagination

Odgovori

MoscowBeast Poslao: 29 Jul 2008 08:23 Idi na vrh
offline MoscowBeast Nepopravljivi optimista Civil Works Team Leader @ IKEA Centres Russia Pridružio: 22 Jun 2005 Poruke: 7912 Gde živiš: Moskva, Rusija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Problem je sa notebook-om. Od pre neki dan prilikom dizanja sistema desava se (u 3 od 4 slucaja) da se pojavi prozor tipa "Windows Explorer has encountered a problem and needs to close", ali bez onih standardnih "Send Report" i "Don't Send" dugmica, samo moze "Close". cesto se posle toga pojavi i prozor koji kaze da je "Dr. Watson PostMortem Debugger" naisao na problem i mora da se ugasi. Tu nudi Send i Don't Send. E, medjutim, posle toga prestaje dizanje sistema, desktop je kao zamrznut, a kurzor misha pri prelasku na taskbar se pretvara u onaj pescani sat. Problem resavam tako sto iz Task Managera "ubijem" proces drwatson32.exe i onda ponekad sve proradi, a ponekad mora da se restartuje. Komp ima stari Norton Antivirus, dobijen uz sam kompjuter (istekla licenca odavno), ali ga ne koristim za setanje po netu, vec uglavnom za posao i gledanje filmova u krevetu Medjutim, imao sam goste nedavno, koristili su notebook za izlazak na internet i svrljanje ko zna gde, tako da je potpuno moguce da je neka gamad uletela. Evo HJT loga: Logfile of HijackThis v1.99.1 Scan saved at 10:15:43, on 29.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Acer\Empowering Technology\admServ.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Acer\Empowering Technology\admtray.exe C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe C:\PROGRA~1\LAUNCH~1\LManager.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\VoIP Phone Charger\voip phone charger.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ABBYY Lingvo 11 Multilingual Dictionary\Lvagent.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Acer\OrbiCam10\OrbiCam.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\WINDOWS\system32\winhost32.exe C:\WINDOWS\system32\winservces.exe C:\WINDOWS\system32\winhost32.exe C:\WINDOWS\system32\servics.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\PeerGuardian2\pg2.exe C:\WINDOWS\system32\servics.exe C:\WINDOWS\system32\winservces.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Acer\Acer VCM\AcerVCM.exe C:\Program Files\Messenger\msmsgs.exe C:\DOCUME~1\Misko\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\explorer.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Misko\Desktop\OtmiOvo\OtmiOvo.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe" O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [voip phone charger] "C:\Program Files\Acer\VoIP Phone Charger\voip phone charger.exe" O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [Lingvo Launcher] "C:\Program Files\ABBYY Lingvo 11 Multilingual Dictionary\Lvagent.exe" /STARTUP O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [AcerOrbicamRibbon] "C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" /hide O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [Microsoft Host Service] winhost32.exe O4 - HKLM\..\Run: [Microsoft Windows Services] winservces.exe O4 - HKLM\..\Run: [Window Services] servics.exe O4 - HKLM\..\RunServices: [Microsoft Host Service] winhost32.exe O4 - HKLM\..\RunServices: [Microsoft Windows Services] winservces.exe O4 - HKLM\..\RunServices: [Window Services] servics.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Acer VCM.lnk = ? O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: BTTray.lnk = ? O4 - Global Startup: Exif Launcher 2.lnk = ? O8 - Extra context menu item: &Отправить на устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Translate with ABBYY &Lingvo... - res://C:\Program Files\ABBYY Lingvo 11 Multilingual Dictionary\Lingvo.exe/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - shell32.dll (file missing) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - shell32.dll (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (Элемент управления AcDcToday) - file://C:\Program Files\AutoCAD 2002 RUS\AcDcToday.ocx O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file://C:\Program Files\AutoCAD 2000i\InstFred.ocx O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (Элемент управления AcPreview) - file://C:\Program Files\AutoCAD 2002 RUS\AcPreview.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{8F786343-B43B-455F-A13D-7A85DC5A8E14}: NameServer = 212.188.4.10,195.34.32.116 O17 - HKLM\System\CCS\Services\Tcpip\..\{BFAD5331-23CC-4D1C-9F7F-4588E72A76EA}: NameServer = 212.188.4.10,195.34.32.116 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing) O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Hvala unapred.

Profil

dr_Bora Poslao: 29 Jul 2008 16:46 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Malware je definitivno prisutan - da li je to i uzrok problema, to ćemo videti. Norton AV privremeno isključi, a zatim... Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

MoscowBeast Poslao: 30 Jul 2008 07:12 Idi na vrh
offline MoscowBeast Nepopravljivi optimista Civil Works Team Leader @ IKEA Centres Russia Pridružio: 22 Jun 2005 Poruke: 7912 Gde živiš: Moskva, Rusija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo CF loga: ComboFix 08-07-29.1 - Misko 2008-07-30 8:58:55.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.490 [GMT 4:00] Running from: C:\Documents and Settings\Misko\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\servics.exe C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\winhost32.exe C:\WINDOWS\system32\winservces.exe C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_IPRIP -------\Legacy_NPF -------\Service_Iprip -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))) . 2008-07-26 10:38 . 2008-07-26 10:38 <DIR> d-------- C:\Program Files\KAZAA 2008-07-26 10:38 . 2008-07-26 10:38 <DIR> d-------- C:\My Downloads 2008-07-22 11:49 . 2008-07-30 08:50 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-21 13:46 . 2008-07-21 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Soulseek 2008-07-20 01:41 . 2008-07-20 01:41 <DIR> d-------- C:\Program Files\Webteh 2008-07-20 01:41 . 2008-07-20 01:53 <DIR> d-------- C:\Documents and Settings\Misko\Application Data\BSplayer PRO 2008-07-18 21:49 . 2008-07-18 21:49 <DIR> d-------- C:\Program Files\DreamsBook2 2008-07-18 21:49 . 2008-07-18 21:49 207 --a------ C:\WINDOWS\MY11.INI 2008-07-18 21:14 . 2008-07-18 21:14 <DIR> d-------- C:\Program Files\ЉаҐ¬«сўбЄ п ¤ЁҐв 2008-07-13 13:16 . 2008-07-13 13:16 <DIR> d-------- C:\Program Files\Ubisoft 2008-07-09 22:09 . 2008-06-13 17:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-07-09 22:09 . 2008-06-13 17:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-30 05:06 --------- d-----w C:\Program Files\PeerGuardian2 2008-07-30 04:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-07-30 04:52 --------- d-----w C:\Documents and Settings\Misko\Application Data\skypePM 2008-07-30 04:52 --------- d-----w C:\Documents and Settings\Misko\Application Data\Skype 2008-07-23 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-23 03:09 --------- d-----w C:\Documents and Settings\Misko\Application Data\uTorrent 2008-07-18 17:14 --------- d-----w C:\Program Files\Кремлёвская диета 2008-07-13 09:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-05-31 07:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-05-31 07:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-05-31 07:09 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-05-31 07:09 --------- d-----w C:\Program Files\Symantec 2007-06-13 10:23 162,304 --sh--r C:\WINDOWS\system32\nvwmgwr.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 17:22 53096] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-21 03:58 7581696] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-21 03:58 86016] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56 569413] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 11:20 53248] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "voip phone charger"="C:\Program Files\Acer\VoIP Phone Charger\voip phone charger.exe" [2006-01-10 17:46 32768] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-14 17:42 344064] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-20 15:56 3080192] "Lingvo Launcher"="C:\Program Files\ABBYY Lingvo 11 Multilingual Dictionary\Lvagent.exe" [2006-02-21 04:34 106496] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248] "LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:06 304664] "AcerOrbicamRibbon"="C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 18:43 754712] "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 18:38 244512] "nwiz"="nwiz.exe" [2006-07-21 03:58 1519616 C:\WINDOWS\system32\nwiz.exe] "SkyTel"="SkyTel.EXE" [2006-08-16 11:21 2879488 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-08-16 11:23 16248320 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] C:\Documents and Settings\Misko\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-04-10 20:17:15 3444008] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2007-06-03 12:46:43 385024] Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 04:43:54 11000] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557] Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-10-22 19:40:17 294912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "475:TCP"= 475:TCP:HASP LM "475:UDP"= 475:UDP:HASP LM R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 09:01] R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20] R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 09:01] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-11-28 18:36] R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34] S2 PDSched;PDScheduler;C:\Program Files\Raxco\PerfectDisk\PDSched.exe [2004-11-01 12:56] S3 memcard;PCMCIA Memory Card Driver;C:\WINDOWS\system32\DRIVERS\memcard.sys [2001-08-17 13:58] . Contents of the 'Scheduled Tasks' folder 2008-07-11 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Misko.job - C:\PROGRA~1\NORTON~1\Navw32.exe [2007-05-23 12:13] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Microsoft Host Service - winhost32.exe HKLM-Run-Microsoft Windows Services - winservces.exe HKLM-Run-Window Services - servics.exe HKLM-RunServices-Microsoft Host Service - winhost32.exe HKLM-RunServices-Microsoft Windows Services - winservces.exe HKLM-RunServices-Window Services - servics.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = about:blank O8 -: &Отправить на устройство Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 -: Translate with ABBYY &Lingvo... - C:\Program Files\ABBYY Lingvo 11 Multilingual Dictionary\Lingvo.exe/3000 O17 -: HKLM\CCS\Interface\{8F786343-B43B-455F-A13D-7A85DC5A8E14}: NameServer = 212.188.4.10,195.34.32.116 O17 -: HKLM\CCS\Interface\{BFAD5331-23CC-4D1C-9F7F-4588E72A76EA}: NameServer = 212.188.4.10,195.34.32.116 ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-30 09:04:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Acer\Empowering Technology\admServ.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Norton AntiVirus\NAVAPSVC.EXE C:\Program Files\Norton AntiVirus\IWP\NPFMNTOR.EXE C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Raxco\PerfectDisk\PDEngine.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\DOCUME~1\Misko\LOCALS~1\temp\RtkBtMnt.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe . ************************************************************************ . Completion time: 2008-07-30 9:09:01 - machine was rebooted ComboFix-quarantined-files.txt 2008-07-30 05:08:52 Pre-Run: 33,548,070,912 bytes free Post-Run: 33,873,711,104 bytes free 211 --- E O F --- 2008-07-23 19:48:41

Profil

dr_Bora Poslao: 30 Jul 2008 16:04 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\nvwmgwr.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Kakvo je stanje nakon svega?

Profil

MoscowBeast Poslao: 31 Jul 2008 08:16 Idi na vrh
offline MoscowBeast Nepopravljivi optimista Civil Works Team Leader @ IKEA Centres Russia Pridružio: 22 Jun 2005 Poruke: 7912 Gde živiš: Moskva, Rusija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Od pvog CFix-a vise se ne pojavljuje ono sa Windows Exporer-om i DrWatsonom. Evo novog loga: ComboFix 08-07-29.1 - Misko 2008-07-31 10:11:43.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.466 [GMT 4:00] Running from: C:\Documents and Settings\Misko\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Misko\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\nvwmgwr.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\nvwmgwr.exe . ((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-31 ))))))))))))))))))))))))))))))) . 2008-07-26 10:38 . 2008-07-26 10:38 <DIR> d-------- C:\Program Files\KAZAA 2008-07-26 10:38 . 2008-07-26 10:38 <DIR> d-------- C:\My Downloads 2008-07-22 11:49 . 2008-07-30 08:50 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-07-21 13:46 . 2008-07-21 13:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Soulseek 2008-07-20 01:41 . 2008-07-20 01:41 <DIR> d-------- C:\Program Files\Webteh 2008-07-20 01:41 . 2008-07-20 01:53 <DIR> d-------- C:\Documents and Settings\Misko\Application Data\BSplayer PRO 2008-07-18 21:49 . 2008-07-18 21:49 <DIR> d-------- C:\Program Files\DreamsBook2 2008-07-18 21:49 . 2008-07-18 21:49 207 --a------ C:\WINDOWS\MY11.INI 2008-07-18 21:14 . 2008-07-18 21:14 <DIR> d-------- C:\Program Files\Кремлёвская диета 2008-07-13 13:16 . 2008-07-13 13:16 <DIR> d-------- C:\Program Files\Ubisoft 2008-07-09 22:09 . 2008-06-13 17:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-07-09 22:09 . 2008-06-13 17:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-07-31 06:13 --------- d-----w C:\Program Files\PeerGuardian2 2008-07-31 06:06 --------- d-----w C:\Documents and Settings\Misko\Application Data\Skype 2008-07-31 06:05 --------- d-----w C:\Documents and Settings\Misko\Application Data\skypePM 2008-07-30 04:55 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-07-23 19:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-23 03:09 --------- d-----w C:\Documents and Settings\Misko\Application Data\uTorrent 2008-07-13 09:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-05-31 07:09 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF 2008-05-31 07:09 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL 2008-05-31 07:09 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-05-31 07:09 10,671 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT 2008-05-31 07:09 --------- d-----w C:\Program Files\Symantec 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((( snapshot@2008-07-30_ 9.08.36.31 ))))))))))))))))))))))))))))))))))))))))) . - 2008-07-30 04:53:44 64,706 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-07-31 06:07:53 64,706 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-07-30 04:53:44 409,566 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-07-31 06:07:53 409,566 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 19:40 1421824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-11 17:22 53096] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-21 03:58 7581696] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-21 03:58 86016] "ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208] "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56 569413] "LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920] "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-08-16 11:20 53248] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648] "voip phone charger"="C:\Program Files\Acer\VoIP Phone Charger\voip phone charger.exe" [2006-01-10 17:46 32768] "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-14 17:42 344064] "Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-01-20 15:56 3080192] "Lingvo Launcher"="C:\Program Files\ABBYY Lingvo 11 Multilingual Dictionary\Lvagent.exe" [2006-02-21 04:34 106496] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 22:32 53248] "LogitechCommunicationsManager"="C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:06 304664] "AcerOrbicamRibbon"="C:\Program Files\Acer\OrbiCam10\OrbiCam.exe" [2006-11-28 18:43 754712] "LVCOMSX"="C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 18:38 244512] "nwiz"="nwiz.exe" [2006-07-21 03:58 1519616 C:\WINDOWS\system32\nwiz.exe] "SkyTel"="SkyTel.EXE" [2006-08-16 11:21 2879488 C:\WINDOWS\SkyTel.exe] "RTHDCPL"="RTHDCPL.EXE" [2006-08-16 11:23 16248320 C:\WINDOWS\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] C:\Documents and Settings\Misko\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-04-10 20:17:15 3444008] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Acer VCM.lnk - C:\Program Files\Acer\Acer VCM\AcerVCM.exe [2007-06-03 12:46:43 385024] Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 04:43:54 11000] BTTray.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557] Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-10-22 19:40:17 294912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.yv12"= yv12vfw.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "475:TCP"= 475:TCP:HASP LM "475:UDP"= 475:UDP:HASP LM R0 Defrag32b;Defrag32Boot;C:\WINDOWS\system32\drivers\Defrag32b.sys [2004-10-23 09:01] R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20] R2 Defrag32;Defrag32;C:\WINDOWS\system32\drivers\Defrag32.sys [2004-10-23 09:01] R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41] R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41] R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58] R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57] R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\DRIVERS\lv321av.sys [2006-11-28 18:36] R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34] S2 PDSched;PDScheduler;C:\Program Files\Raxco\PerfectDisk\PDSched.exe [2004-11-01 12:56] S3 memcard;PCMCIA Memory Card Driver;C:\WINDOWS\system32\DRIVERS\memcard.sys [2001-08-17 13:58] Newly Created Service - CATCHME . Contents of the 'Scheduled Tasks' folder 2008-07-11 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Misko.job - C:\PROGRA~1\NORTON~1\Navw32.exe [2007-05-23 12:13] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-31 10:13:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-07-31 10:14:24 ComboFix-quarantined-files.txt 2008-07-31 06:14:18 ComboFix2.txt 2008-07-30 05:09:02 Pre-Run: 33,920,892,928 bytes free Post-Run: 33,906,700,288 bytes free 158 --- E O F --- 2008-07-23 19:48:41 Hvala puno!

Profil

dr_Bora Poslao: 31 Jul 2008 16:16 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MoscowBeast Poslao: 01 Avg 2008 07:50 Idi na vrh
offline MoscowBeast Nepopravljivi optimista Civil Works Team Leader @ IKEA Centres Russia Pridružio: 22 Jun 2005 Poruke: 7912 Gde živiš: Moskva, Rusija	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zahvaljujem na pomoci, doktore! Sve najbolje!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Explorer.exe i DrWatson PostMortem Debugger

Ko je trenutno na forumu

Ukupno su 935 korisnika na forumu :: 33 registrovanih, 3 sakrivenih i 899 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., airsuba, amaterSRB, Andrija357, Arahne, ccoogg123, Denaya, Dorcolac, dule10savic, FileFinder, kjkszpj, kolle.the.kid, mikrimaus, mnn2, mrav pesadinac, opt1, Parker, raptorsi, repac, RJ, rovac, S2M, Sančo, Shinobi, theNedjeljko, Trpe Grozni, virked, Vlada1389, wolf431, YugoSlav, |_MeD_|, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by