Delimicno ociscena infekcija, sta dalje?

Delimicno ociscena infekcija, sta dalje?

offline
  • Marko Šolajić
  • Pridružio: 03 Apr 2004
  • Poruke: 987
  • Gde živiš: Novi Sad

Sekretarica na poslu imala "malih" problema sa racunarom...
Jutros joj stiglo cirka 300 mejlova, veci deo "returning message to sender", a ja sam pregledom ustanovio da joj Kaspersky uopste nije radio kako treba.
Deinstalirao sam Kasperskog, Stavio NOD32. Skenirao i pocistio par komada Bagle, Win32/TrojanClicker.Agent.NBJ i Trojan.FatObfus.
Takodje skenirao sa SpyBot S&D i pobrisao sve sto je on nasao.
Koristio sam i BitDefender Online skener, i on je nasao u mejlovima jos par virusa i crva.
Trenutno ono sto me buni je sto se u Task Manageru pojavljuje jedan IEXPLORE.EXE koji se ne moze skloniti (kada ubijem proces on se ponovo pojavi). Takodje sam (verovali ili ne) uspeo prilikom gasenja tog procesa da vidim da se pojavio pod nekim imenom i preimenovao sam sebe u IEXPLORE.EXE Smile
Evo ga log iz HijackThis-a, pa ako neko ima pametno resenje, neka se javi. Ja sam celo radno vreme potrosio na ovu zezanciju.

Logfile of HijackThis v1.99.1
Scan saved at 17:55:53, on 09.07.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\stickies\stickies.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Documents and Settings\Dusan\Desktop\New Folder\ablabla.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://find-to-you.com/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://find-to-you.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://find-to-you.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://find-to-you.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find-to-you.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://neosearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find-to-you.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find-to-you.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find-to-you.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://find-to-you.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find-to-you.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://find-to-you.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7Af.....IEZCjwa4Es
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://find-to-you.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.200.124.34:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Dusan\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [PROGRAMBARBDOESAMOK] C:\Documents and Settings\All Users\Application Data\rulewaitprogrambarb\heartfast.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [drv_st_key] C:\Documents and Settings\Dusan\Application Data\hidn\hidn2.exe
O4 - HKCU\..\Run: [Idlebeep] C:\DOCUME~1\Dusan\APPLIC~1\CLOCKC~1\for style.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Dusan\Application Data\m\flec006.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{973222A1-C1C4-4BD0-B1F2-263C52E40925}: NameServer = 82.117.202.2,82.117.194.2
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)

Tu je i slika aktivnih procesa.

offline
  • Alics  Male
  • Ugledni građanin
  • Pridružio: 02 Apr 2006
  • Poruke: 353
  • Gde živiš: Šabac

Pozdrav, Dexter.
Za početak, preuzmi program NoLop.
http://www.spywareedge.net/nolop/NoLop.exe

1) Ugasi sve ostale programe koji su pokrenuti u "pozadini";
2) Dupli klik na NoLop.exe;
3) Klikni na Search and Destroy;
4) Kada je skeniranje završeno, u slučaju da si zaražen, tražiće da restartuješ računar;
5) Klikni na REBOOT.
Kada se računar restartuje, trebalo bi da se pojavi NoLop pop-up poruka. Ako se ne pojavi, ponovo pokreni NoLop.exe da bi čišćenje bilo završeno.
Nakon toga, postuj nam sadržaj iz fajla C:\NoLop.log i svež HijackThis log.

Napomena: Ako se pojavi greška, da mscomctl.ocx ili neki od fajlova nisu tačno registrovani, downloaduj ovaj fajl u svoj system32 folder i onda pokreni program:
http://www.boletrice.com/downloads/mscomctl.ocx

offline
  • Marko Šolajić
  • Pridružio: 03 Apr 2004
  • Poruke: 987
  • Gde živiš: Novi Sad

Evo stizu logovi...

Logfile of HijackThis v1.99.1
Scan saved at 11:59:17, on 13.07.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dusan\Desktop\New Folder\ablabla.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://find-to-you.com/
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://find-to-you.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://find-to-you.com/
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://find-to-you.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find-to-you.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://find-to-you.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://find-to-you.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://find-to-you.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://find-to-you.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://find-to-you.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://find-to-you.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?x=wKX1ILEOi+Vh7Af.....IEZCjwa4Es
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://find-to-you.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 212.200.124.34:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{973222A1-C1C4-4BD0-B1F2-263C52E40925}: NameServer = 82.117.202.2,82.117.194.2
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\UltraVNC\WinVNC.exe" -service (file missing)


NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\Dusan\Desktop\New Folder
[13.07.2007]
[11:43:59]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\B3A6B4579325245B.job

Beginning Removal...
Rebooting...

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Rulewaitprogrambarb
C:\Documents and Settings\All Users\Application Data\Scala -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Dusan\Application Data\.gaim
C:\Documents and Settings\Dusan\Application Data\3m
C:\Documents and Settings\Dusan\Application Data\Adobe
C:\Documents and Settings\Dusan\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Dusan\Application Data\Canon
C:\Documents and Settings\Dusan\Application Data\Clockcakemess
C:\Documents and Settings\Dusan\Application Data\Cyberlink
C:\Documents and Settings\Dusan\Application Data\Google
C:\Documents and Settings\Dusan\Application Data\Gtopala
C:\Documents and Settings\Dusan\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Dusan\Application Data\Hidn -- EMPTY Directory
C:\Documents and Settings\Dusan\Application Data\Identities
C:\Documents and Settings\Dusan\Application Data\M
C:\Documents and Settings\Dusan\Application Data\Macromedia
C:\Documents and Settings\Dusan\Application Data\Mediachat
C:\Documents and Settings\Dusan\Application Data\Microsoft
C:\Documents and Settings\Dusan\Application Data\Microsoft Web Folders -- EMPTY Directory
C:\Documents and Settings\Dusan\Application Data\Miranda
C:\Documents and Settings\Dusan\Application Data\Mozilla
C:\Documents and Settings\Dusan\Application Data\Msn6
C:\Documents and Settings\Dusan\Application Data\Pdfcreator
C:\Documents and Settings\Dusan\Application Data\Real
C:\Documents and Settings\Dusan\Application Data\Scala
C:\Documents and Settings\Dusan\Application Data\Stickies
C:\Documents and Settings\Dusan\Application Data\Thunderbird
C:\Documents and Settings\Dusan\Application Data\V-safe
C:\Documents and Settings\Dusan\Application Data\Vlc
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft


PS - Pobrisao sam iz registry-ja sledece:
O4 - HKCU\..\Run: [drv_st_key] C:\Documents and Settings\Dusan\Application Data\hidn\hidn2.exe
O4 - HKCU\..\Run: [Idlebeep] C:\DOCUME~1\Dusan\APPLIC~1\CLOCKC~1\for style.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Dusan\Application Data\m\flec006.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\Dusan\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKLM\..\Run: [PROGRAMBARBDOESAMOK] C:\Documents and Settings\All Users\Application Data\rulewaitprogrambarb\heartfast.exe

Pozdrav!

offline
  • Alics  Male
  • Ugledni građanin
  • Pridružio: 02 Apr 2006
  • Poruke: 353
  • Gde živiš: Šabac

Downloaduj program Stinger odavde.
* dvoklikom startuj fajl stinger.exe;
* klikni na Scan now;
* kada se skeniranje završi, izaberi File | Save report to file.
Restartuj računar.

Kada se sistem podigne, prvo uključi opciju za prikaz skrivenih fajlova i foldera.

Posle toga, pronađi i obriši sledeće foldere:
C:\Documents and Settings\Dusan\Application Data\Clockcakemess
C:\Documents and Settings\Dusan\Application Data\Hidn
C:\Documents and Settings\Dusan\Application Data\M
C:\Documents and Settings\All Users\Application Data\rulewaitprogrambarb.

Postuj nam sadržaj fajla stinger.txt sa desktopa i novi HJT log.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Dexter, jel da bacimo ovo u Arhivu? Nema te da se javis...

Ko je trenutno na forumu
 

Ukupno su 773 korisnika na forumu :: 59 registrovanih, 7 sakrivenih i 707 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., Apok, aramis s, awathorn, BlaCkMilK, Botovac, Brksi, BSD, celik, Cirkon, crnitrn, Despot1, djboj, Dorcolac, dragon986, Drug pukovnik, Faki-Valjevo, Fog of War, hatman, HrcAk47, ivica976, Krusarac, kvcali, manda87, Marko Marković, MB120mm, mean_machine, Mercury, Milan A. Nikolic, Mixelotti, MrNo, Najax, nenad81, panonski mornar, pein, pera12345, peruni, Pohovani_00, proka89, Rakenica, Regrut Boskica, repac, riva, Sale.S, sovanova95, Srki94, StefanNBG90, stegonosa, Toni, trajkoni018, Username1000, VaRvArI 85, Vlad000, vlahale, vlvl, vobo, wolf431, Čivi