PC DM Files, problem

1

PC DM Files, problem

offline
  • Pridružio: 13 Avg 2010
  • Poruke: 7

Pozdrav, od pre 3/4 dana windows me obavestava da mi je c-particija puna i bukvalno da je FREE- 0 bites. Jednostavno, ako iskah da nesto pravim trebase da brisem programe i sve bese mnogo sporo. Znam samo da mi na c-particiji ima samo windows i ne znam sta je "pojelo" 20 GB. Videh i to da ako nesto brisah sa D particije u isto vreme mi se smanjivase prostor na c-particiji, a bukvalno brisah sve sa c-particije da dobijem 50/100 MB. Tako izbrisah i NOD-32 i skupe da dobijem tih 100 MB. Pogledah da vidim sta moze da zauzima tolko mesta i nadjoh neki PC DM folder na all users/shared dokuments koji se mnogo tesko otvara i ne moze da se brise.Ne znam gde je problem, mislim da taj folder pravi sve. Imam brzi internet i u prilogu Vam saljem izvestaj:
----------------------------------------------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 10:02:08.87 on 13.08.2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1251. 359.1033.18.255.79 [GMT 3:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/webhp?hl=sr
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [DRPU Pc Data manager] "c:\program files\drpu pc data manager\apcdm.exe" "hd"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
dRunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
uPolicies-explorer: NoInstrumentation = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoInstrumentation = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {62D6556A-808B-4322-A76F-B5DFF38D3DC5} - hxxp://www.acti.com/software/livedemo/20041010/NVCTRLMEDIA.dll
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://popa.datacom.bg/activex/AMC.cab
TCP: {53CAD8FC-CC8E-4374-AC57-1A0D9A6DB613} = 93.155.146.1

============= SERVICES / DRIVERS ===============

S2 878TVCard;Bt878 TV Card - Video Capture;c:\windows\system32\drivers\Bt878.sys [2006-1-25 196736]
S2 878TVTuner;Bt878 TV Card - TV Tuner;c:\windows\system32\drivers\BtTuner.sys [2006-1-25 9216]
S2 878Xbar;Bt878 TV Card - Crossbar;c:\windows\system32\drivers\BtXbar.sys [2006-1-25 8448]
S3 block_reader;MPR DRV;\??\c:\program files\multi password recovery\block_reader.sys --> c:\program files\multi password recovery\block_reader.sys [?]
S3 usb2vcom;USB to Serial Bridge Controller;c:\windows\system32\drivers\usb2vcom.sys --> c:\windows\system32\drivers\usb2vcom.sys [?]

=============== Created Last 30 ================

2010-08-12 09:53:02 438 --sha-r- c:\documents and settings\administrator\ntuser.pol
2010-08-12 09:45:47 0 d--h--w- c:\windows\system32\GroupPolicy
2010-08-12 09:23:09 0 d-----w- c:\docume~1\admini~1\applic~1\TuneUp Software
2010-08-12 09:22:36 0 d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software
2010-08-12 09:22:26 0 d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-08-12 08:33:31 0 d-----w- c:\program files\ExplorerXP
2010-08-12 08:03:03 0 d-----w- c:\windows\SxsCaPendDel
2010-08-11 10:17:17 26 ----a-w- c:\windows\ExplorerXP.INI
2010-08-11 08:30:23 0 d-----w- c:\windows\system32\NtmsData
2010-08-05 09:05:46 0 d-----w- c:\program files\MWSnap

==================== Find3M ====================

2010-07-06 09:58:12 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-07-06 09:15:20 96256 ----a-w- c:\windows\system32\drivers\sptd3053.sys

============= FINISH: 10:02:27.48 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 25.01.2006 10:54:53
System Uptime: 13.08.2010 08:44:10 (2 hours ago)

Motherboard: | | 8363-686A
Processor: AMD Athlon(tm) Processor | Socket A | 805/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 17 GiB total, 0.18 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 19.806 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Reader 7.0.7
Alt-Tab Task Switcher Powertoy for Windows XP
AXIS Media Control Embedded
Calculator Powertoy for Windows XP
CapMan
CCleaner
ClearType Tuning Control Panel Applet
CmdHere Powertoy For Windows XP
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB886540)
Hotfix for Windows XP (KB897338-)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office Professional Edition 2003
Microsoft Windows Journal Viewer
Modem Setup for Nokia 6500
Mpeg Layer3 Codec FHG-Radium v1.263
MSXML 4.0 SP2 (KB927978-)
MWSnap 3
PC Connectivity Solution
Security Update for Step By Step Interactive Training (KB898458-)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398-)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388-)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118-)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398-)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178-)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168-)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Slideshow Generator Powertoy for Windows XP
Sony Ericsson Mobile Phone Monitor
Sony Ericsson OCS
SpywareBlaster 4.3
Timershot Powertoy for Windows XP
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Virtual Desktop Manager Powertoy for Windows XP
WebFldrs XP
WEPOS Hotfix - KB903896
WEPOS Hotfix - KB905876
Windows Commander (Remove or Repair)
Windows Media Format Runtime
Windows Media Hotfix - KB895181
Windows Media Player 10
Windows Media Player 10 Hotfix - KB888656
Windows Media Player 10 Hotfix - KB892313
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB888240

==== Event Viewer Messages From Past Week ========

12.08.2010 13:42:48, error: PlugPlayManager [12] - The device 'ATAPI-CD ROM-DRIVE-52MAX' (IDE\CdRomATAPI-CD_ROM-DRIVE-52MAX________________52AE____\4d5531313230202069466d726177657220202020) disappeared from the system without first being prepared for removal.
12.08.2010 13:41:14, error: atapi [9] - The device, \Device\Ide\IdePort1, did not respond within the timeout period.
12.08.2010 12:23:37, error: Service Control Manager [7000] - The TuneUp Theme Extension service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
12.08.2010 09:20:17, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
11.08.2010 12:02:42, error: Service Control Manager [7000] - The Bt878 TV Card - Video Capture service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11.08.2010 12:02:42, error: Service Control Manager [7000] - The Bt878 TV Card - TV Tuner service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11.08.2010 12:02:42, error: Service Control Manager [7000] - The Bt878 TV Card - Crossbar service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11.08.2010 12:01:40, error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8-), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
11.08.2010 12:01:40, error: ACPI [5] - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
11.08.2010 12:01:40, error: ACPI [4] - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
11.08.2010 12:01:40, error: ACPI [4] - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
11.08.2010 11:30:53, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

==== End Of File ===========================

GMER 1.0.15.15281 - gmer.net
Rootkit scan 2010-08-13 10:14:39
Windows 5.1.2600 Service Pack 2
Running: 543xck5b.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwtdapog.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwCreateKey [0xF9943AC8]
SSDT sptd.sys ZwEnumerateKey [0xF9943C22]
SSDT sptd.sys ZwEnumerateValueKey [0xF9943F9A]
SSDT sptd.sys ZwOpenKey [0xF994398E]
SSDT sptd.sys ZwQueryKey [0xF9944064]
SSDT sptd.sys ZwQueryValueKey [0xF9943EFC]
SSDT sptd.sys ZwSetValueKey [0xF99440EC]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD3053.SYS The process cannot access the file because it is being used by another process.

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F994C89E] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9962D86] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F994CE24] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F994CD28] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F994CEF4] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F994CEF4] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F994CE24] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F994CD28] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F99621AE] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F994CA5A] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F996204A] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F994C8F2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F993FAD2] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F993FC0E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F993FB96] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F994076C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F9940642] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9962E4A] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F99518C6] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F9962E4A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F996204A] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F9962056] sptd.sys
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F994CCC6] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F994CCC6] sptd.sys

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 81BD5EB0
Device \FileSystem\Fastfat \FatCdrom 8194B1C8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 81BAE5E0
Device \Driver\dmio \Device\DmControl\DmConfig 81BAE5E0
Device \Driver\dmio \Device\DmControl\DmPnP 81BAE5E0
Device \Driver\dmio \Device\DmControl\DmInfo 81BAE5E0
Device \Driver\Ftdisk \Device\HarddiskVolume1 81BAE898
Device \Driver\Ftdisk \Device\HarddiskVolume2 81BAE898
Device \Driver\Cdrom \Device\CdRom0 81994610
Device \FileSystem\Rdbss \Device\FsWrap 81A86780
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F98952F0] atapi.sys[unknown section] {MOV EAX, 0x81bae248; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf9953e12; RET }
Device \Driver\atapi \Device\Ide\IdePort0 [F98952F0] atapi.sys[unknown section] {MOV EAX, 0x81bae248; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf9953e12; RET }
Device \Driver\atapi \Device\Ide\IdePort1 [F98952F0] atapi.sys[unknown section] {MOV EAX, 0x81bae248; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf9953e12; RET }
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F98952F0] atapi.sys[unknown section] {MOV EAX, 0x81bae248; XCHG [ESP], EAX; PUSH EAX; PUSH 0xf9953e12; RET }
Device \Driver\NetBT \Device\NetBt_Wins_Export 81975CD0
Device \Driver\NetBT \Device\NetbiosSmb 81975CD0
Device \Driver\Disk \Device\Harddisk0\DR0 81BD50E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{53CAD8FC-CC8E-4374-AC57-1A0D9A6DB613} 81975CD0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 819880E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 819880E8
Device \FileSystem\Npfs \Device\NamedPipe 81A1F830
Device \Driver\Ftdisk \Device\FtControl 81BAE898
Device \FileSystem\Msfs \Device\Mailslot 819687B8
Device \FileSystem\Fastfat \Fat 8194B1C8
Device \FileSystem\Cdfs \Cdfs 819626D8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 632095426
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -1108301882
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -219689187
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC7 0xCB 0xE0 0x79 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC7 0xCB 0xE0 0x79 ...
-------------------------------------------------------------------------------

GMER 1.0.15.15281 - gmer.net
Rootkit scan 2010-08-13 10:18:10
Windows 5.1.2600 Service Pack 2
Running: 543xck5b.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwtdapog.sys


---- Modules - GMER 1.0.15 ----

Module sptd.sys F993E000-F9A11000 (864256 bytes)
Module \WINDOWS\System32\Drivers\SPTD3053.SYS F9926000-F993E000 (98304 bytes)
Module viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) F9F36000-F9F38000 (8192 bytes)
Module PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) F9CC2000-F9CC7000 (20480 bytes)
Module \SystemRoot\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 /NVIDIA Corporation) F952D000-F96FD000 (1900544 bytes)
Module \SystemRoot\system32\drivers\ac97via.sys (VIA Audio WDM Driver /VIA Technologies, Inc.) F94BE000-F94D3000 (86016 bytes)
Module \SystemRoot\system32\DRIVERS\RTL8139.SYS (Realtek RTL8139 NDIS 5.0 Driver/Realtek Semiconductor Corporation) F9D2A000-F9D30000 (24576 bytes)
Module \SystemRoot\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) F9D52000-F9D57000 (20480 bytes)
Module \SystemRoot\System32\nv4_disp.dll (NVIDIA Compatible Windows 2000 Display driver, Version 56.73 /NVIDIA Corporation) BF012000-BF426000 (4276224 bytes)
Module \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwtdapog.sys (GMER) F434E000-F4365000 (94208 bytes)

---- Processes - GMER 1.0.15 ----

Process C:\WINDOWS\system32\spoolsv.exe (Spooler SubSystem App/Microsoft Corporation) 1012
Library C:\WINDOWS\system32\mdimon.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x00980000
Library C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll (Microsoft® Document Imaging/Microsoft Corporation) 0x00990000

Process C:\wincmd\WinCmd32.exe (Windows Commander 32 bit international version, file manager replacement for Windows/C. Ghisler & Co.) 1092
Library C:\wincmd\WinCmd32.exe (Windows Commander 32 bit international version, file manager replacement for Windows/C. Ghisler & Co.) 0x00400000

Process C:\Documents and Settings\Administrator\Desktop\543xck5b.exe 1180
Library C:\Documents and Settings\Administrator\Desktop\543xck5b.exe 0x00400000

Process C:\WINDOWS\system32\taskswitch.exe 1544
Library C:\WINDOWS\system32\taskswitch.exe 0x01000000

Process C:\Program Files\Internet Explorer\iexplore.exe (Internet Explorer/Microsoft Corporation) 1888
Library C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Acrobat IE Helper Version 7.0 for ActiveX/Adobe Systems Incorporated) 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\Bt878.sys (Bt878 WDM Video Capture Driver/Conexant Systems, Inc.) [AUTO] 878TVCard
Service C:\WINDOWS\system32\drivers\BtTuner.sys (Bt878 WDM TV Tuner Driver/Conexant Systems, Inc.) [AUTO] 878TVTuner
Service C:\WINDOWS\system32\drivers\BtXbar.sys (Bt878 WDM Crossbar Driver/Conexant Systems, Inc.) [AUTO] 878Xbar
Service C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [MANUAL] aspnet_state
Service C:\Program Files\Multi Password Recovery\block_reader.sys [MANUAL] block_reader
Service C:\WINDOWS\System32\Drivers\dtscsi.sys (SCSI miniport/DT Soft Ltd.) [MANUAL] dtscsi
Service eamonm
Service C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Compatible Windows 2000 Miniport Driver, Version 56.73 /NVIDIA Corporation) [MANUAL] nv
Service Outlook
Service C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies DirectParallel IO Library/Parallel Technologies, Inc.) [MANUAL] Ptilink
Service C:\WINDOWS\System32\Drivers\PxHelp20.sys (Px Engine Device Driver for Windows 2000/XP/Sonic Solutions) [BOOT] PxHelp20
Service C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek RTL8139 NDIS 5.0 Driver/Realtek Semiconductor Corporation) [MANUAL] rtl8139
Service C:\WINDOWS\system32\DRIVERS\secdrv.sys [MANUAL] Secdrv
Service C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (ServiceLayer Module/Nokia.) [MANUAL] ServiceLayer
Service system32\DRIVERS\slabbus.sys [MANUAL] slabbus
Service system32\DRIVERS\slabser.sys [MANUAL] slabser
Service C:\WINDOWS\System32\Drivers\sptd.sys [BOOT] sptd
Service C:\WINDOWS\system32\DRIVERS\StreamIP.sys (Microsoft IP Test Driver/Microsoft Corporation) [MANUAL] streamip
Service System32\Drivers\usb2vcom.sys [MANUAL] usb2vcom
Service C:\WINDOWS\system32\DRIVERS\viaide.sys (Generic PCI IDE Bus Driver/Microsoft Corporation) [BOOT] ViaIde
Service C:\WINDOWS\system32\drivers\ac97via.sys (VIA Audio WDM Driver /VIA Technologies, Inc.) [MANUAL] VIAudio

---- EOF - GMER 1.0.15 ----
-----------------------------------------------------------------------------

MER 1.0.15.15281 - gmer.net
Rootkit quick scan 2010-08-13 10:24:25
Windows 5.1.2600 Service Pack 2
Running: 543xck5b.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwtdapog.sys


---- System - GMER 1.0.15 ----

SSDT sptd.sys ZwEnumerateKey [0xF9943C22]
SSDT sptd.sys ZwEnumerateValueKey [0xF9943F9A]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 81BD5EB0
Device \FileSystem\Fastfat \Fat 8194B1C8

---- EOF - GMER 1.0.15 ----

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8312
  • Gde živiš: Novi Beograd

Zdravo,

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 13 Avg 2010
  • Poruke: 7

Pozdrav, instalirao sam ComboFix na desktop i pokrenuo ga, sled 1 min mi se restartira komp sam od sebe, opet sam ga pokrenuo i cekao nekoliko minuta. Pise: preparing log report

do not run any programs until ComboFix has finished

Dva puta mi tako ispisa i nista se ne dogadja

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8312
  • Gde živiš: Novi Beograd

Pogledaj da nema loga na ovoj lokaciji: C:\ComboFix.txt

offline
  • Pridružio: 13 Avg 2010
  • Poruke: 7

Pogledah, nema ga...

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8312
  • Gde živiš: Novi Beograd

Skini program RSIT na Desktop:

http://images.malwareremoval.com/random/RSIT.exe


Pokreni ga dvoklikom a zatim klikni Continue.


Na kraju procesa će se otvoriti dva loga: prvi, log.txt će biti maksimizovan i njega je potrebno iskopirati u temu na forumu, te drugi, info.txt koji će biti minimizovan (koji nam za sada ne treba).


Postavi sadržaj file-a log.txt u iduću poruku (taj file će biti sačuvan kao C:\rsit\log.txt).

offline
  • Pridružio: 13 Avg 2010
  • Poruke: 7

Napisano: 13 Avg 2010 11:18

info.txt logfile of random's system information tool 1.08 2010-08-13 12:18:37

======Uninstall list======

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 7.0.7-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70500000002}
Alt-Tab Task Switcher Powertoy for Windows XP-->MsiExec.exe /I{A7050037-F0EA-4BAB-BCD5-FC05507D6147}
AXIS Media Control Embedded-->rundll32 "C:\Program Files\Axis Communications\AXIS Media Control Embedded\AxisMediaControlEmb.dll",UninstallMe
Calculator Powertoy for Windows XP-->MsiExec.exe /I{B37C842A-B624-46B8-A727-654E72F1C91A}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
CmdHere Powertoy For Windows XP-->MsiExec.exe /I{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA8}
Modem Setup for Nokia 6500-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\WINDOWS\system32\{21F643FF-DA79-4204-AC0A-672B2D2E6A5A}\Setup.exe"
Mpeg Layer3 Codec FHG-Radium v1.263-->C:\WINDOWS\UNWISE.EXE C:\audio\L3CODE~1\INSTALL.LOG
MSXML 4.0 SP2 (KB927978-)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MWSnap 3-->"C:\Program Files\MWSnap\uninstall.exe"
PC Connectivity Solution-->MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
Security Update for Step By Step Interactive Training (KB898458-)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398-)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905915)-->"C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911567)-->"C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912812)-->"C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Security Update for Windows XP (KB912919)-->"C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913446)-->"C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388-)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB916281)-->"C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917159)-->"C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917344)-->"C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917422)-->"C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Security Update for Windows XP (KB917953)-->"C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118-)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918899)-->"C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Security Update for Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920214)-->"C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921398-)-->"C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Security Update for Windows XP (KB921883)-->"C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922616)-->"C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Security Update for Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923694)-->"C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924191)-->"C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924496)-->"C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925454)-->"C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925486)-->"C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929969)-->"C:\WINDOWS\$NtUninstallKB929969$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178-)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931784)-->"C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168-)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933566)-->"C:\WINDOWS\$NtUninstallKB933566$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Slideshow Generator Powertoy for Windows XP-->MsiExec.exe /I{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}
SpywareBlaster 4.3-->"C:\Program Files\SpywareBlaster\unins000.exe"
Timershot Powertoy for Windows XP-->MsiExec.exe /I{A743BBCC-3438-4BB3-8397-6C9D9AC125A6}
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB931836)-->"C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Virtual Desktop Manager Powertoy for Windows XP-->MsiExec.exe /I{F251B999-08A9-4704-999C-9962F0DFD88E}
Windows Commander (Remove or Repair)-->c:\wincmd\wcuninst.exe
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Hotfix - KB895181-->"C:\WINDOWS\$NtUninstallKB895181$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB888656-->"C:\WINDOWS\$NtUninstallKB888656$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix - KB892313-->"C:\WINDOWS\$NtUninstallKB892313$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Hotfix - KB884020-->C:\WINDOWS\$NtUninstallKB884020$\spuninst\spuninst.exe
Windows XP Hotfix - KB886677-->C:\WINDOWS\$NtUninstallKB886677$\spuninst\spuninst.exe
Windows XP Hotfix - KB888240-->C:\WINDOWS\$NtUninstallKB888240$\spuninst\spuninst.exe

======System event log======

Computer Name: PC-1234
Event Code: 5
Message: AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected
address range. This could lead to system instability. Please contact your system vendor for technical assistance.

Record Number: 26249
Source Name: ACPI
Time Written: 20091026122454.000000+120
Event Type: error
User:

Computer Name: PC-1234
Event Code: 4
Message: AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected
address range. This could lead to system instability. Please contact your system vendor for technical assistance.

Record Number: 26248
Source Name: ACPI
Time Written: 20091026122454.000000+120
Event Type: error
User:

Computer Name: PC-1234
Event Code: 5
Message: AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8-), which lies in the 0xcf8 - 0xcff protected
address range. This could lead to system instability. Please contact your system vendor for technical assistance.

Record Number: 26247
Source Name: ACPI
Time Written: 20091026122454.000000+120
Event Type: error
User:

Computer Name: PC-1234
Event Code: 29
Message: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.

Record Number: 26243
Source Name: W32Time
Time Written: 20091026114131.000000+120
Event Type: error
User:

Computer Name: PC-1234
Event Code: 17
Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually
configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30
minutes.
The error was: A socket operation was attempted to an unreachable host. (0x80072751)

Record Number: 26242
Source Name: W32Time
Time Written: 20091026114131.000000+120
Event Type: error
User:

=====Application event log=====

Computer Name: PC-1234
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


Record Number: 1967
Source Name: crypt32
Time Written: 20100707112103.000000+180
Event Type: error
User:

Computer Name: PC-1234
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 1966
Source Name: crypt32
Time Written: 20100707112103.000000+180
Event Type: error
User:

Computer Name: PC-1234
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


Record Number: 1965
Source Name: crypt32
Time Written: 20100707112048.000000+180
Event Type: error
User:

Computer Name: PC-1234
Event Code: 11
Message: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.


Record Number: 1964
Source Name: crypt32
Time Written: 20100707112048.000000+180
Event Type: error
User:

Computer Name: PC-1234
Event Code: 1517
Message: Windows saved user PC-1234\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1960
Source Name: Userenv
Time Written: 20100706125823.000000+180
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Program Files\PC Connectivity Solution
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 4 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=0402
"NUMBER_OF_PROCESSORS"=1
"DEVMGR_SHOW_DETAILS"=1
"DEVMGR_SHOW_NONPRESENT_DEVICES"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

Dopuna: 13 Avg 2010 11:22

izvinjavam se mnogo, postavih info.txt. Saljem log.txt:


Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-08-13 12:18:23
Microsoft Windows XP Professional Service Pack 2
System drive C: has 138 MB (1%) free of 17 GB
Total RAM: 255 MB (27% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:18:34, on 13.08.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [DRPU Pc Data manager] "C:\Program Files\DRPU PC Data Manager\apcdm.exe" "hd"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {62D6556A-808B-4322-A76F-B5DFF38D3DC5} (Media Class) - acti.com/software/livedemo/20041010/NVCTRLMEDIA.dll
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - popa.datacom.bg/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{53CAD8FC-CC8E-4374-AC57-1A0D9A6DB613}: NameServer = 93.155.146.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 3523 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{E0E899AB-F487-11D5-8D29-0050BA6940E3}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"=C:\WINDOWS\system32\taskswitch.exe [2002-03-19 45632]
"DRPU Pc Data manager"=C:\Program Files\DRPU PC Data Manager\apcdm.exe [2010-01-15 2777088]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [2005-10-24 307200]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableStatusMessages"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoInstrumentation"=1
"NoSMConfigurePrograms"=1
"NoSharedDocuments"=1
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1
"ForceClassicControlPanel"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-08-13 12:18:24 ----D---- C:\Program Files\trend micro
2010-08-13 12:18:23 ----D---- C:\rsit
2010-08-13 11:51:01 ----D---- C:\WINDOWS\temp
2010-08-13 11:42:26 ----D---- C:\ComboFix
2010-08-13 11:39:20 ----D---- C:\Program Files\xerox
2010-08-13 11:39:19 ----D---- C:\WINDOWS\system32\xircom
2010-08-13 11:39:19 ----D---- C:\Program Files\outlook express
2010-08-13 11:39:19 ----D---- C:\Program Files\netmeeting
2010-08-13 11:39:19 ----D---- C:\Program Files\msn gaming zone
2010-08-13 11:39:19 ----D---- C:\Program Files\Common Files\speechengines
2010-08-13 11:39:18 ----D---- C:\Program Files\microsoft frontpage
2010-08-13 11:21:35 ----A---- C:\Boot.bak
2010-08-13 11:21:30 ----RASHD---- C:\cmdcons
2010-08-13 11:19:22 ----A---- C:\WINDOWS\zip.exe
2010-08-13 11:19:22 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-08-13 11:19:22 ----A---- C:\WINDOWS\SWSC.exe
2010-08-13 11:19:22 ----A---- C:\WINDOWS\SWREG.exe
2010-08-13 11:19:22 ----A---- C:\WINDOWS\sed.exe
2010-08-13 11:19:22 ----A---- C:\WINDOWS\PEV.exe
2010-08-13 11:19:22 ----A---- C:\WINDOWS\NIRCMD.exe
2010-08-13 11:19:22 ----A---- C:\WINDOWS\MBR.exe
2010-08-13 11:19:22 ----A---- C:\WINDOWS\grep.exe
2010-08-13 11:19:13 ----D---- C:\WINDOWS\ERDNT
2010-08-13 11:16:54 ----D---- C:\Qoobox
2010-08-12 12:45:47 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-08-12 12:25:23 ----D---- C:\Config.Msi
2010-08-12 12:23:09 ----D---- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2010-08-12 12:22:36 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2010-08-12 12:22:26 ----SHD---- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-08-12 11:33:31 ----D---- C:\Program Files\ExplorerXP
2010-08-12 11:03:03 ----D---- C:\WINDOWS\SxsCaPendDel
2010-08-11 13:17:17 ----A---- C:\WINDOWS\ExplorerXP.INI
2010-08-11 11:30:23 ----D---- C:\WINDOWS\system32\NtmsData
2010-08-05 12:05:46 ----D---- C:\Program Files\MWSnap

======List of files/folders modified in the last 1 months======

2010-08-13 12:18:24 ----RD---- C:\Program Files
2010-08-13 11:51:16 ----D---- C:\WINDOWS
2010-08-13 11:51:16 ----A---- C:\WINDOWS\system.ini
2010-08-13 11:49:00 ----D---- C:\WINDOWS\system32\drivers
2010-08-13 11:49:00 ----D---- C:\WINDOWS\system32
2010-08-13 11:49:00 ----D---- C:\WINDOWS\AppPatch
2010-08-13 11:48:59 ----D---- C:\Program Files\Common Files
2010-08-13 11:43:02 ----D---- C:\WINDOWS\system32\CatRoot2
2010-08-13 11:42:45 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-08-13 11:42:33 ----D---- C:\WINDOWS\system32\Restore
2010-08-13 11:42:32 ----SHD---- C:\System Volume Information
2010-08-13 11:41:46 ----A---- C:\WINDOWS\wincmd.ini
2010-08-13 11:39:20 ----D---- C:\WINDOWS\system32\wbem
2010-08-13 11:39:20 ----D---- C:\WINDOWS\ime
2010-08-13 11:39:20 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-08-13 11:21:35 ----RASH---- C:\boot.ini
2010-08-13 08:44:58 ----SHD---- C:\WINDOWS\CSC
2010-08-12 13:42:07 ----D---- C:\WINDOWS\Prefetch
2010-08-12 12:33:18 ----SHD---- C:\WINDOWS\Installer
2010-08-12 12:30:44 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2010-08-12 12:26:23 ----D---- C:\Program Files\Common Files\InstallShield
2010-08-12 12:26:08 ----D---- C:\WINDOWS\inf
2010-08-12 12:23:39 ----D---- C:\WINDOWS\system32\config
2010-08-12 11:08:05 ----D---- C:\WINDOWS\WinSxS
2010-08-12 11:07:37 ----D---- C:\Documents and Settings\Administrator\Application Data\SlimBrowser
2010-08-12 11:06:09 ----D---- C:\WINDOWS\system32\mui
2010-08-12 11:06:08 ----D---- C:\Program Files\Internet Explorer
2010-08-12 11:05:23 ----RSD---- C:\WINDOWS\assembly
2010-08-12 11:04:19 ----D---- C:\WINDOWS\Registration
2010-08-12 11:04:00 ----D---- C:\WINDOWS\system32\URTTemp
2010-08-12 11:03:56 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-08-11 12:11:48 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-08-11 12:11:45 ----D---- C:\WINDOWS\system32\CatRoot
2010-08-11 11:30:22 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-08-11 11:05:16 ----D---- C:\Documents and Settings\Administrator\Application Data\Skype
2010-08-11 10:58:33 ----D---- C:\Documents and Settings\Administrator\Application Data\skypePM
2010-08-11 10:54:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2010-08-10 13:50:22 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-12-05 20640]
R0 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2005-12-02 42240]
R3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2005-12-02 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2005-12-02 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-02 1897408]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2005-12-02 20992]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-03 20480]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2005-12-02 84480]
S2 878TVCard;Bt878 TV Card - Video Capture; C:\WINDOWS\system32\drivers\Bt878.sys [2005-01-28 196736]
S2 878TVTuner;Bt878 TV Card - TV Tuner; C:\WINDOWS\system32\drivers\BtTuner.sys [2005-01-28 9216]
S2 878Xbar;Bt878 TV Card - Crossbar; C:\WINDOWS\system32\drivers\BtXbar.sys [2005-01-28 8448]
S3 block_reader;MPR DRV; \??\C:\Program Files\Multi Password Recovery\block_reader.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2005-12-02 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys [2006-01-25 223128]
S3 mbr;mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2005-12-02 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2005-12-02 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2005-12-02 10880]
S3 slabbus;Wireless Comuniction Devices driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys []
S3 slabser;Nokia CA-42 USB Drivers; C:\WINDOWS\system32\DRIVERS\slabser.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2005-12-02 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2005-12-02 15360]
S3 usb2vcom;USB to Serial Bridge Controller; C:\WINDOWS\System32\Drivers\usb2vcom.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2005-12-02 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2005-12-02 26496]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2005-12-02 19328]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2006-01-25 664064]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]

-----------------EOF-----------------

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8312
  • Gde živiš: Novi Beograd

Na racunaru imas instaliran program DRPU Pc Data manager. Da li si upoznati sa njim i da li znas sta tacno radi? Koliko sam uspeo da vidim on pravi nekakve izvestaje, mozda oni zauzimaju mesto.

Takodje, imas TV karticu instaliranu, mozda snimas emisije neke, one zauzimaju dosta prostora.

offline
  • Pridružio: 13 Avg 2010
  • Poruke: 7

Opet pozdrav,
Malo sam procitao na netu i upravo je i kod mene taj problem:

arhiva.elitesecurity.org/t391356-Gubi-se-pr.....-keylogger

Znaci, pitanje je kako izbrisati taj PC DM fajl? Radim u firmi i ne znam ko je inastalirao taj program DRPU Pc Data manager i zasto sluzi. Jednostavno, nadjem taj PC DM fajl ali ga uopste ne mogu otvoriti, cekam 10 min i nista se ne dogadja a znam da je ''pojeo" 15 gb

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8312
  • Gde živiš: Novi Beograd

Ovako:

Program je legalan i namena mu je za nadgledanje radnika, to jest aktivnosti na PC-ju.


Kako se program nalazi na firminom PC-ju, a firma ima pravo da koristi takav vid nadgledanja zbog zaštite podataka ili nekih drugih osnova propisanih pravilnikom firme, a opet u skladu sa zakonskim regulativama.

Preporucujem ti da se obratis osobi koja je zadužena za održavanje računara u tvojoj firmi.

Ko je trenutno na forumu
 

Ukupno su 811 korisnika na forumu :: 45 registrovanih, 8 sakrivenih i 758 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., aramis s, axa, Bane san, bato, Belac91, Boris902, brufen2, DM1994, dozorni, draggan, Drug pukovnik, glisha2glisha, havoc995, ivica976, Krstić, Krusarac, Kubovac, kybonacci, ladro, MarKhan, mačković, Mercury2, Mikulino, milijarder, Mirage 2000N, Miskohd, mushroom2, pedjolino76, powSrb, Regrut Boskica, Rote Baron, royst33, sakota79, shone34, spektorsky, srbi, stegonosa, Toni, trajkoni018, USSVoyager, vasa.93, VJ, voja64