Molim pomoc :(!!!

1

Molim pomoc :(!!!

offline
  • Pridružio: 08 Okt 2007
  • Poruke: 18

Pozdrav svima!
Odmah da skratim pricu, pogledajte sljedeci log i ako mozete pomozite....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:43:11, on 8.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\ECSQDMN.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoo1v.exe
C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\ECSSAFMGR.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\OCINS\idnsvr.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\HT\Desktop\New Folder\H_J_T.exe.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.16.4.3:8080
R3 - URLSearchHook: SrchspHook Class - {22F86F33-9CBB-49a8-BB12-CDBE51B4C294} - C:\PROGRA~1\OCINS\srchsp.dll
O2 - BHO: sosHlpr Class - {00C104F7-0F5C-470C-ABCF-A5B2E70752F1} - C:\WINDOWS\system32\obcts.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush1.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: IEAux Class - {7605CC7C-00FD-4A5F-BAFD-828342DE6279} - C:\PROGRA~1\OCINS\ieaux.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\system\Updaterun.exe
O4 - HKLM\..\Run: [IdnSvr] C:\Program Files\OCINS\idnsvr.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Access Internet Keyword - C:\Program Files\OCINS\cnrbtn.html
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Chinese Navigation - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - C:\Program Files\OCINS\config.exe
O9 - Extra 'Tools' menuitem: Chinese Navigation - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - C:\Program Files\OCINS\config.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C1A0414-4868-4060-9E64-29C0285F35E0}: NameServer = 212.39.98.161,212.39.98.162
O23 - Service: CA License Client (CA_LIC_CLNT) - Unknown owner - \lic98rmt.exe (file missing)
O23 - Service: DialWays - Master Soft - C:\Program Files\DialWays\dwserv.exe
O23 - Service: eTrust Common Services Log Daemon (ECSLOGD) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\ECSLOGD.exe
O23 - Service: eTrust Common Services Store-And-Forward Manager (ECSSAFMGR) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\ECSSAFMGR.exe
O23 - Service: eTrust Common Services (Transport) (eCS_Transport) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\ECSQDMN.exe
O23 - Service: eTFWService - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\eTFWService.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Windows Management Prints System (spoo1v) - Unknown owner - C:\WINDOWS\SYSTEM32\spoo1v.exe

--
End of file - 6581 bytes



_______________________________________________________

Jednostavno, kada pokusam da startam Windowse, ne mogu da dodjem do desktopa uopce, samo vidim plavi ekran. Nakon toga u procesima ubijem proces rundll32.exe koji nije pokrenuo sistem nego je nekako pokrenut sa mojim korisnickim imenom.
Kako da rijesim ovo?

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Daj na proveru sledeci fajl:
C:\WINDOWS\system32\spoo1v.exe

Uploaduj ga preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 08 Okt 2007
  • Poruke: 18

Fajl C:\WINDOWS\system32\spoo1v.exe je uploadovan na provjeru. Cekam dalje .....

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Spakuj komplet sledeci folder i uploaduj mi na proveru:
C:\Program Files\OCINS\

Otvori Control Panel > Administrative Tools > Services i u desnoj koloni nadji servis pod imenom Windows Management Prints System.
Klikni na njega desnim dugmetom misa i odaberi opciju Stop.
Klikni opet na njega desnim dugmetom misa i odaberi Properties.
U dijalogu koji se bude otvorio postavi Startup type na Disabled.
Nakon toga pronadji i obrisi fajl C:\WINDOWS\SYSTEM32\spoo1v.exe

Nakon toga skeniraj ponovo HJT-om i stikliraj polje ispred sledecih linija:
R3 - URLSearchHook: SrchspHook Class - {22F86F33-9CBB-49a8-BB12-CDBE51B4C294} - C:\PROGRA~1\OCINS\srchsp.dll
O2 - BHO: IEAux Class - {7605CC7C-00FD-4A5F-BAFD-828342DE6279} - C:\PROGRA~1\OCINS\ieaux.dll
O4 - HKLM\..\Run: [IdnSvr] C:\Program Files\OCINS\idnsvr.exe
O23 - Service: Windows Management Prints System (spoo1v) - Unknown owner - C:\WINDOWS\SYSTEM32\spoo1v.exe

Klikni Fix Checked

Nakon toga restartuj Windows i napravi novi HijackThis log koji ces postaviti ovde.

Dopuna: 08 Okt 2007 18:01

Propustih nesto... izvini.

Jos foldera sa sumnjivim fajlovima:
C:\Program Files\Common Files\CPUSH\
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\

Sumnjiv fajl:
C:\Program Files\Common Files\system\Updaterun.exe

Spakuj mi i sadrzaj tih foldera i taj jedan fajl, i uploaduj ako ti nije tesko.

offline
  • Pridružio: 08 Okt 2007
  • Poruke: 18

Fajl C:\WINDOWS\SYSTEM32\spoo1v.exe je obrisan i nako toga kod skeniranja HJT-om se nisu pojavili
R3 - URLSearchHook: SrchspHook Class - {22F86F33-9CBB-49a8-BB12-CDBE51B4C294} - C:\PROGRA~1\OCINS\srchsp.dll
O2 - BHO: IEAux Class - {7605CC7C-00FD-4A5F-BAFD-828342DE6279} - C:\PROGRA~1\OCINS\ieaux.dll
O4 - HKLM\..\Run: [IdnSvr] C:\Program Files\OCINS\idnsvr.exe
O23 - Service: Windows Management Prints System (spoo1v) - Unknown owner - C:\WINDOWS\SYSTEM32\spoo1v.exe


Nakon sto ej Windows restartan ovo je novi HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:56, on 8.10.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\ECSQDMN.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\ECSSAFMGR.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\system\Updaterun.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\a8d21.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\HT\Desktop\New Folder\H_J_T.exe.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.16.4.3:8080
O2 - BHO: sosHlpr Class - {00C104F7-0F5C-470C-ABCF-A5B2E70752F1} - C:\WINDOWS\system32\obcts.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\CPUSH\cpush1.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: Invoke Class - {42A3A616-FF3C-4713-A5C2-4F1B566CEF51} - C:\WINDOWS\system32\7a81.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [System] C:\Program Files\Common Files\system\Updaterun.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [ceevtopf] rundll32 "C:\WINDOWS\Downlo~1\ceevtopf.dll",Run
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4C1A0414-4868-4060-9E64-29C0285F35E0}: NameServer = 212.39.98.161,212.39.98.162
O23 - Service: CA License Client (CA_LIC_CLNT) - Unknown owner - \lic98rmt.exe (file missing)
O23 - Service: DialWays - Master Soft - C:\Program Files\DialWays\dwserv.exe
O23 - Service: eTrust Common Services Log Daemon (ECSLOGD) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\ECSLOGD.exe
O23 - Service: eTrust Common Services Store-And-Forward Manager (ECSSAFMGR) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\ECSSAFMGR.exe
O23 - Service: eTrust Common Services (Transport) (eCS_Transport) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\ECSQDMN.exe
O23 - Service: eTFWService - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\eTFWService.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6065 bytes

Dopuna: 08 Okt 2007 19:26

OCINS fajl je izbrisan (mozda greskom sada sorry)

Ostali su uploadovani

Dopuna: 08 Okt 2007 19:45

Jos jedna nadopuna:
problem jos nije rijesen i dalje ne mogu "normalno" startati windowse

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Javljam se za pola sata, trenutno imam goste.

Dopuna: 08 Okt 2007 21:24

Restartuj komp u Safe Mode prema sledecem uputstvu:
http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-uci-u-SAFE-MODE.html

Pronadji i obrisi sledece foldere:
C:\Program Files\Common Files\CPUSH\
C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\

Obrisi i sledeci fajl:
C:\Program Files\Common Files\system\Updaterun.exe

Nakon toga restartuj komp u normalan mod rada i nadji mi sledece fajlove:
C:\WINDOWS\system32\7a81.dll
C:\WINDOWS\system32\a8d21.exe
C:\WINDOWS\system32\obcts.dll

Uploaduj ih preko one forme od malopre.

Nakon toga skini ComboFix sa jedne od sledecih adresa:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

offline
  • Pridružio: 08 Okt 2007
  • Poruke: 18

kada u Safe Modu pokusam obrisati C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\ javi mi da ga ne mogu izbrisati jer je zasticen. Promijenim u Properties da nije Read Only, ali nece i dalje da promijeni permisije.
Ostala dva fajla su izbrisana bez problema.


Fajlovi koje si trazio su poslani...

Sada idem na skidanje ComboFix-a itd.... Kasnije stize log .....

Sto da radim s ovim PCTools??? Kako da ga obrisem?

Dopuna: 09 Okt 2007 17:13

Evo ga, ComboFix log:



ComboFix 07-10-09.3 - HT 2007-10-09 17:05:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.128 [GMT 2:00]
Running from: C:\Documents and Settings\HT\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data.\microsoft\pctools
C:\Documents and Settings\All Users\Application Data.\microsoft\pctools\pctools.dll
C:\Documents and Settings\All Users\Application Data.\t
C:\Documents and Settings\All Users\Application Data.\t\a1603.dat
C:\Documents and Settings\All Users\Application Data.\t\ad\d197584186\blank.gif
C:\Documents and Settings\All Users\Application Data.\t\ad\d197584186\cheap070831o_800x600_banma_cpm.swf
C:\Documents and Settings\All Users\Application Data.\t\ad\d197584186\click.js
C:\Documents and Settings\All Users\Application Data.\t\ad\d197584186\index.htm
C:\Documents and Settings\All Users\Application Data.\t\ad\EBAY1008.lz
C:\Documents and Settings\All Users\Application Data.\t\b1603.dat
C:\Documents and Settings\All Users\Application Data.\t\k1603.dat
C:\Documents and Settings\All Users\Application Data.\t\p1603.dat
C:\Documents and Settings\All Users\Application Data.\t\r1603.dat
C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll
C:\Documents and Settings\All Users\Application Data\td
C:\Documents and Settings\All Users\Application Data\td\a1003.dat
C:\Documents and Settings\All Users\Application Data\td\b1003.dat
C:\Documents and Settings\All Users\Application Data\td\k1003.dat
C:\Documents and Settings\All Users\Application Data\td\p1003.dat
C:\Documents and Settings\All Users\Application Data\td\r1003.dat
C:\Documents and Settings\All Users\Templates.\temp.exe
C:\Documents and Settings\HT\icsetup.exe
C:\Documents and Settings\HT\ravmonlog
C:\Documents and Settings\vanja\ravmonlog
C:\WINDOWS\4c1.bmp
C:\WINDOWS\f2.exe
C:\WINDOWS\fn00321.log
C:\WINDOWS\g3.exe
C:\WINDOWS\ocinfo.dat
C:\WINDOWS\system\dvl
C:\WINDOWS\system\lvl
C:\WINDOWS\system32\371.dll
C:\WINDOWS\system32\371.dll
C:\WINDOWS\system32\advport.dll
C:\WINDOWS\system32\cdnprh.dll
C:\WINDOWS\system32\cwebpage.dll
C:\WINDOWS\system32\d3d1caps.srg
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\drivers\ahxoq.sys
C:\WINDOWS\system32\drivers\gvbfpj41.sys
C:\WINDOWS\system32\drivers\idgen.sys
C:\WINDOWS\system32\drivers\msqmx.sys
C:\WINDOWS\system32\drivers\mxdispdr.sys
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\efnvtm71.dllmmc.pkm
C:\WINDOWS\system32\gvbfpj41.dll
C:\WINDOWS\system32\gvbfpj41.dllmmc.pkm
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\rundllforour.exe
C:\WINDOWS\system32\score.txt
C:\WINDOWS\system32\SysTdSvr.dll
C:\WINDOWS\system32\wbem\ocmor.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\TEMP.\~my1.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_ACPIDISK
-------\LEGACY_AHXOQ
-------\LEGACY_CNPROV
-------\LEGACY_GVBFPJ41
-------\LEGACY_IDGEN
-------\LEGACY_MSQMX
-------\LEGACY_MS_2FAX
-------\LEGACY_MXDISPDR
-------\LEGACY_NPF
-------\acpidisk
-------\ahxoq
-------\gvbfpj41
-------\idgen
-------\msqmx
-------\ms_2fax
-------\mxdispdr
-------\NPF


((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
.

2007-10-09 17:04 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-08 13:43 <DIR> d-------- C:\Documents and Settings\HT\Application Data\Uniblue
2007-09-27 10:58 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-09-27 10:49 10,752 --------- C:\WINDOWS\RmtInfo.dll
2007-09-17 08:43 <DIR> d-------- C:\Program Files\Windows Live
2007-09-17 08:43 <DIR> d-------- C:\Program Files\MSN Messenger
2007-09-17 08:43 <DIR> d-------- C:\Program Files\Incesoft
2007-09-17 08:43 20,541 --a------ C:\WINDOWS\system32\detoured.dll
2007-09-14 07:46 86,016 --a------ C:\WINDOWS\system32\obcts.dll
2007-09-12 10:34 178,999 --a------ C:\Documents and Settings\HT\dodolook020.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 08:39 53,248 ----a-r C:\WINDOWS\cb41.exe
2007-09-27 08:58 --------- d-----w C:\Program Files\CA
2007-09-14 05:30 --------- d-----w C:\Documents and Settings\HT\Application Data\AdobeUM
2007-09-06 12:19 --------- d-----w C:\Program Files\DialWays
2007-09-05 06:59 --------- d-----w C:\Program Files\Alwil Software
2007-09-04 13:21 --------- d-----w C:\Program Files\Winamp
2007-09-04 06:38 --------- d-----w C:\Documents and Settings\HT\Application Data\CyberLink
2007-08-21 05:28 --------- d-----w C:\Program Files\winstat
2007-08-20 11:24 214,397 ----a-w C:\Documents and Settings\HT\sd.exe
2007-08-20 11:24 --------- d-----w C:\Program Files\Common Files\Error Report
2007-07-27 11:03 403,113 ----a-w C:\Documents and Settings\HT\todd.exe
2007-05-30 14:28 188,416 ----a-w C:\Documents and Settings\HT\spool.exe
2007-03-30 16:17 224,216 ----a-w C:\Documents and Settings\HT\RGShell.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42A3A616-FF3C-4713-A5C2-4F1B566CEF51}]
2007-10-08 10:39 53248 -ra------ C:\WINDOWS\system32\7a81.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 05:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 19:33 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 18:42 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]
"Realtime Monitor"="C:\Program Files\CA\eTrustITM\realmon.exe" [2005-12-10 01:57]
"Sysmppcv"="C:\WINDOWS\system32\Rundll32.exe" [2004-08-04 02:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"eyeBeam SIP Client"="C:\Program Files\XtenNetworksInc\eyeBeam\eyeBeam.exe" []

R0 w8z26zar;w8z26za;C:\WINDOWS\system32\DRIVERS\w8z26zar.sys
R2 eCS_Transport;eTrust Common Services (Transport);"C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\ECSQDMN.exe"
R2 ECSSAFMGR;eTrust Common Services Store-And-Forward Manager;"C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\ECSSAFMGR.exe"
R2 szu9c5;szu9c5;\??\C:\WINDOWS\system32\drivers\szu9c5.sys
S0 iokilps;iokilp;C:\WINDOWS\system32\DRIVERS\iokilps.sys
S0 ipdname;ipdnam;C:\WINDOWS\system32\DRIVERS\ipdname.sys
S0 pcibc;pcib;C:\WINDOWS\system32\DRIVERS\pcibc.sys
S2 MOVEESS;Distributed Application Client;C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\BHODY.DLL,DllRegisterServer 1087
S2 NtStub;Event Service;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 DialWays;DialWays;C:\Program Files\DialWays\dwserv.exe -service
S3 ECSLOGD;eTrust Common Services Log Daemon;"C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\ECSLOGD.exe"
S3 eTFWService;eTFWService;"C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\eTFWService.exe"
S4 eTrust WorldView;eTrust WorldView;"C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\eCSWVdmn.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NtStub

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a32c2ca-0f84-11dc-a93f-001731790d18}]
Auto\command - F:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3efc8d9e-b2e0-11db-a8e5-001731790d18}]
AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4320664e-39ee-11dc-a979-001731790d18}]
Auto\command - F:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439b2220-4994-11dc-a993-001731790d18}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{824f3640-4021-11dc-a98a-00064f01ff1e}]
Auto\command - F:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-10-09 17:09:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-09 17:10:45 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 17:10
.
--- E O F ---

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Daj sledece fajlove na upload:

C:\WINDOWS\system32\detoured.dll
C:\WINDOWS\system32\obcts.dll
C:\Documents and Settings\HT\dodolook020.exe
C:\WINDOWS\cb41.exe
C:\Documents and Settings\HT\sd.exe
C:\Documents and Settings\HT\todd.exe
C:\Documents and Settings\HT\spool.exe
C:\Documents and Settings\HT\RGShell.dll

Na kompu imas tragove infekcije koja se siri putem USB stickova, i moguce je da su ti i stickovi zarazeni.

Preuzmi program Flash_Disinfector.

program se pokreće dvoklikom na Flash_Disinfector.exe
kada se pojavi poruka sa obaveštenjem, potrebno je priključiti inficirane USB flash drive-ove (pri tome držati pritisnut taster Shift kako bi se izbegao autoplay)
kliknuti na OK i sačekati da se proces završi
kada se pojavi poruka Done !!, kliknuti na OK.


Nakon zavrsetka ciscenja Flash Disinfectorom pokreni ponovo ComboFix i postavi ovde log.

offline
  • Pridružio: 08 Okt 2007
  • Poruke: 18

OK, sve je uradjeno, fajlovi su poslani, a slijedi i log file:

ComboFix 07-10-09.3 - HT 2007-10-09 20:51:15.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.163 [GMT 2:00]
Running from: C:\Documents and Settings\HT\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-09-09 to 2007-10-09 )))))))))))))))))))))))))))))))
.

2007-10-09 20:50 <DIR> drahs---- C:\autorun.inf
2007-10-09 20:49 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-10-08 13:43 <DIR> d-------- C:\Documents and Settings\HT\Application Data\Uniblue
2007-09-27 10:58 <DIR> d-------- C:\Program Files\Common Files\Scanner
2007-09-27 10:49 10,752 --------- C:\WINDOWS\RmtInfo.dll
2007-09-17 08:43 <DIR> d-------- C:\Program Files\Windows Live
2007-09-17 08:43 <DIR> d-------- C:\Program Files\MSN Messenger
2007-09-17 08:43 <DIR> d-------- C:\Program Files\Incesoft
2007-09-17 08:43 20,541 --a------ C:\WINDOWS\system32\detoured.dll
2007-09-14 07:46 86,016 --a------ C:\WINDOWS\system32\obcts.dll
2007-09-12 10:34 178,999 --a------ C:\Documents and Settings\HT\dodolook020.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-08 08:39 53,248 ----a-r C:\WINDOWS\cb41.exe
2007-09-27 08:58 --------- d-----w C:\Program Files\CA
2007-09-14 05:30 --------- d-----w C:\Documents and Settings\HT\Application Data\AdobeUM
2007-09-06 12:19 --------- d-----w C:\Program Files\DialWays
2007-09-05 06:59 --------- d-----w C:\Program Files\Alwil Software
2007-09-04 13:21 --------- d-----w C:\Program Files\Winamp
2007-09-04 06:38 --------- d-----w C:\Documents and Settings\HT\Application Data\CyberLink
2007-08-21 05:28 --------- d-----w C:\Program Files\winstat
2007-08-20 11:24 214,397 ----a-w C:\Documents and Settings\HT\sd.exe
2007-08-20 11:24 --------- d-----w C:\Program Files\Common Files\Error Report
2007-07-27 11:03 403,113 ----a-w C:\Documents and Settings\HT\todd.exe
2007-05-30 14:28 188,416 ----a-w C:\Documents and Settings\HT\spool.exe
2007-03-30 16:17 224,216 ----a-w C:\Documents and Settings\HT\RGShell.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42A3A616-FF3C-4713-A5C2-4F1B566CEF51}]
2007-10-08 10:39 53248 -ra------ C:\WINDOWS\system32\7a81.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-08 05:33 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-03-11 19:33 C:\WINDOWS\system32\VTTrayp.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 18:42 C:\WINDOWS\soundman.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 20:24]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-05-15 00:22]
"Realtime Monitor"="C:\Program Files\CA\eTrustITM\realmon.exe" [2005-12-10 01:57]
"Sysmppcv"="C:\WINDOWS\system32\Rundll32.exe" [2004-08-04 02:56]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"eyeBeam SIP Client"="C:\Program Files\XtenNetworksInc\eyeBeam\eyeBeam.exe" []

R0 w8z26zar;w8z26za;C:\WINDOWS\system32\DRIVERS\w8z26zar.sys
R2 eCS_Transport;eTrust Common Services (Transport);"C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\ECSQDMN.exe"
R2 ECSSAFMGR;eTrust Common Services Store-And-Forward Manager;"C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\ECSSAFMGR.exe"
R2 szu9c5;szu9c5;\??\C:\WINDOWS\system32\drivers\szu9c5.sys
S0 iokilps;iokilp;C:\WINDOWS\system32\DRIVERS\iokilps.sys
S0 ipdname;ipdnam;C:\WINDOWS\system32\DRIVERS\ipdname.sys
S0 pcibc;pcib;C:\WINDOWS\system32\DRIVERS\pcibc.sys
S2 MOVEESS;Distributed Application Client;C:\WINDOWS\SYSTEM32\RUNDLLFOROUR.EXE C:\WINDOWS\SYSTEM32\WBEM\BHODY.DLL,DllRegisterServer 1087
S2 NtStub;Event Service;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 DialWays;DialWays;C:\Program Files\DialWays\dwserv.exe -service
S3 ECSLOGD;eTrust Common Services Log Daemon;"C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\ECSLOGD.exe"
S3 eTFWService;eTFWService;"C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\eTFWService.exe"
S4 eTrust WorldView;eTrust WorldView;"C:\Program Files\CA\SharedComponents\eTrust Common Services\Bin\eCSWVdmn.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
NtStub

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a32c2ca-0f84-11dc-a93f-001731790d18}]
Auto\command - F:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3efc8d9e-b2e0-11db-a8e5-001731790d18}]
AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4320664e-39ee-11dc-a979-001731790d18}]
Auto\command - F:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{439b2220-4994-11dc-a993-001731790d18}]
Auto\command - G:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{824f3640-4021-11dc-a98a-00064f01ff1e}]
Auto\command - F:\AdobeR.exe e
AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2007-10-09 20:54:23
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-09 20:55:19 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-10-09 20:55
C:\ComboFix2.txt ... 2007-10-09 17:10
.
--- E O F ---

Dopuna: 09 Okt 2007 21:09

Hvala ti unaprijed na odgovoru, mogu ti reci da si jako brz. Moram sada ici ali probam to sutra odraditi pa posaljem rezultate popodne.

Pozz!!

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini program Avenger sa sledeceg linka:
http://swandog46.geekstogo.com/avenger.zip

Na prvom ekranu selektuj Input script manually pa klikni na ikonicu lupe.
U prozoru koji ce se pojavi unesi sledeci tekst:
Files to Delete:
C:\Documents and Settings\HT\dodolook020.exe
C:\WINDOWS\cb41.exe
C:\Documents and Settings\HT\sd.exe
C:\Documents and Settings\HT\todd.exe
C:\Documents and Settings\HT\spool.exe
C:\Documents and Settings\HT\RGShell.dll


Klikni na dugme Done.
Vratice te na prvi ekran gde je sada potrebno kliknuti na ikonicu semafora.
Ukoliko ti program sam ne zatrazi restart, onda ti sam restartuj racunar.
Nakon restartovanja bi folder trebao da bude obrisan, i backup napravljen u folderu c:\avenger.

Jesi li sigurno odradio lepo dezinfekciju uz pomoc Flash_disinfector?

Ima jos dva fajlova koji su mi sumnjivi:

C:\WINDOWS\system32\DRIVERS\w8z26zar.sys
C:\WINDOWS\system32\drivers\szu9c5.sys
C:\WINDOWS\system32\DRIVERS\iokilps.sys
C:\WINDOWS\system32\DRIVERS\ipdname.sys
C:\WINDOWS\system32\DRIVERS\pcibc.sys

Zamolio bih te da mi i njih uploadujes preko forme sa sledeceg linka:
http://www.mycity.rs/ambulanta-upload.php

Ko je trenutno na forumu
 

Ukupno su 755 korisnika na forumu :: 31 registrovanih, 6 sakrivenih i 718 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, aleksmajstor, alexmiki, Bane san, bato, cenejac111, cropape, Ctrl x, doklevise, dragoljub11987, dragon986, dragonserbia, dule10savic, elenemste, Helket, Insan, ivan979, kuntalo, lukac, Marko Marković, MB120mm, mercedesamg, Mercury, misa2, Misirac, Mixelotti, mnn2, saputnik plavetnila, Toni, vathra, YU-UKI