MyCity » Ambulanta -> Arhiva Ambulante » Problem sa nekim virusom

Problem sa nekim virusom

Napisano na dan: 15.4.2008

Strana:
1
2

Problem sa nekim virusom

Sledeća strana

Pagination

Odgovori

Strana:
1
2

propali_matematicar Poslao: 15 Apr 2008 23:44 Idi na vrh
offline propali_matematicar Građanin Pridružio: 21 Okt 2007 Poruke: 127 Gde živiš: somewhere...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dakle, pojavio mi se neki virus, kad je sestra skidala neku igricu preko torenta. NOD32 ga nalazi i brise, ali se on opet javlja. Ovo je HijackThis logfile: Logfile of HijackThis v1.99.1 Scan saved at 23:39:00, on 15.4.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\iWin Games\iWinGamesInstaller.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\CTFMON.EXE C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Jeca i Dejan\My Documents\OO\tr3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: IEHlprObj Class - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {C3E15DFE-D990-4C3F-9BE2-4CF4E3E007CE} - C:\WINDOWS\system32\fCRkkhhF.dll O2 - BHO: (no name) - {C907259B-98E5-4773-BA61-49B4A0060B58} - C:\WINDOWS\system32\qoMCroPf.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [c0284ea5] rundll32.exe "C:\WINDOWS\system32\igtcdpwc.dll",b O4 - HKLM\..\Run: [BMc31b7d39] Rundll32.exe "C:\WINDOWS\system32\hijnhyfg.dll",s O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: fCRkkhhF - C:\WINDOWS\SYSTEM32\fCRkkhhF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

Profil

dr_Bora Poslao: 16 Apr 2008 00:30 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka: http://www.besttechie.net/tools/mbam-setup.exe Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije: - Update Malwarebytes' Anti-Malware - Launch Malwarebytes Anti-Malware a zatim klikni Finish. Nakon završenog ažuriranja program će se pokrenuti. Izaberi opciju Perform Quick Scan i klikni Scan (privremeno isključi AMON modul u NOD32 pre skeniranja). Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected. Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu. Ukoliko dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open). ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

propali_matematicar Poslao: 16 Apr 2008 01:33 Idi na vrh
offline propali_matematicar Građanin Pridružio: 21 Okt 2007 Poruke: 127 Gde živiš: somewhere...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala na brzom odgovoru. Ovo je Log od Malwarebytes' Anti-Malware: Malwarebytes' Anti-Malware 1.11 Database version: 634 Scan type: Quick Scan Objects scanned: 30562 Time elapsed: 6 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 2 Registry Keys Infected: 15 Registry Values Infected: 1 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 7 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\qoMCroPf.dll (Trojan.Vundo) -> Unloaded module successfully. C:\WINDOWS\system32\fCRkkhhF.dll (Trojan.Vundo) -> Unloaded module successfully. Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{244cdbf4-ee81-45fb-b066-7d9802863bd9} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{244cdbf4-ee81-45fb-b066-7d9802863bd9} (Trojan.Vundo) -> Delete on reboot. HKEY_CLASSES_ROOT\CLSID\{c3e15dfe-d990-4c3f-9be2-4cf4e3e007ce} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3e15dfe-d990-4c3f-9be2-4cf4e3e007ce} (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\fcrkkhhf (Trojan.Vundo) -> Delete on reboot. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\aldd (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\IEHlprObj.IEHlprObj (Worm.OnlineG) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{c3e15dfe-d990-4c3f-9be2-4cf4e3e007ce} (Trojan.Vundo) -> Delete on reboot. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomcropf -> Delete on reboot. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\qomcropf -> Delete on reboot. Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\igtcdpwc.dll (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cwpdctgi.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\qoMCroPf.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\fPorCMoq.ini (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fPorCMoq.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully. C:\WINDOWS\system32\fCRkkhhF.dll (Trojan.Vundo) -> Delete on reboot. C:\WINDOWS\system32\mlJYoNGY.dll (Trojan.Vundo) -> Quarantined and deleted successfully. Dopuna: 16 Apr 2008 1:33 A ovo je log od ComboFix: ComboFix 08-04-15.1 - Jeca i Dejan 2008-04-16 1:18:21.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.71 [GMT 2:00] Running from: C:\Documents and Settings\Jeca i Dejan\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\pskt.ini C:\WINDOWS\system32\Cfx32.lic C:\WINDOWS\system32\cfx32.ocx C:\WINDOWS\system32\fCRkkhhF.dll C:\WINDOWS\system32\fPorCMoq.ini C:\WINDOWS\system32\qoMCroPf.dll . ((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 ))))))))))))))))))))))))))))))) . 2008-04-16 00:58 . 2008-04-16 00:58 <DIR> d-------- C:\Documents and Settings\Jeca i Dejan\Application Data\Malwarebytes 2008-04-16 00:56 . 2008-04-16 00:57 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-16 00:56 . 2008-04-16 00:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-14 16:09 . 2008-04-16 00:22 <DIR> d-------- C:\Program Files\Mystery Case Files Prime Suspects 2008-04-14 12:21 . 2008-04-15 15:20 101,169 --a------ C:\WINDOWS\BMc31b7d39.xml 2008-04-13 10:53 . 2008-04-13 10:53 <DIR> d-------- C:\Program Files\ReflexiveArcade 2008-04-13 10:53 . 2008-04-15 13:24 <DIR> d-------- C:\Program Files\Mystery Case Files Huntsville 2008-04-12 12:19 . 2008-04-12 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-04-12 12:09 . 2008-04-12 12:09 <DIR> d-------- C:\Program Files\iWin.com 2008-04-12 11:35 . 2008-04-12 11:35 <DIR> d-------- C:\Documents and Settings\Jeca i Dejan\Application Data\iWinArcade 2008-04-12 11:34 . 2008-04-12 11:34 <DIR> d-------- C:\Program Files\iWin Games 2008-04-12 11:34 . 2008-04-12 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games 2008-04-11 20:57 . 2008-04-11 21:02 <DIR> d-------- C:\Program Files\Shockwave.com 2008-04-10 00:02 . 2008-04-10 00:02 8,704 --ahs---- C:\Thumbs.db 2008-04-10 00:02 . 2008-04-10 00:02 5,632 --ahs---- C:\WINDOWS\Thumbs.db 2008-04-06 20:58 . 2008-04-06 20:59 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-04-04 20:35 . 2008-04-04 20:35 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-03-30 21:22 . 2008-03-30 21:22 0 --a------ C:\WINDOWS\OpPrintServer.INI 2008-03-30 21:07 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-03-30 21:07 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-03-30 11:52 . 2008-03-30 13:12 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-29 14:54 . 2008-03-29 14:54 <DIR> d-------- C:\Program Files\ImgBurn 2008-03-29 14:54 . 2008-03-29 22:46 <DIR> d-------- C:\Documents and Settings\Jeca i Dejan\Application Data\ImgBurn 2008-03-29 13:50 . 2008-03-29 13:50 1,104 --a------ C:\WINDOWS\system32\sdbackup.reg 2008-03-29 13:45 . 1999-11-10 13:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe 2008-03-29 13:44 . 2008-03-29 13:45 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2008-03-29 13:44 . 2008-03-29 13:46 <DIR> d-------- C:\Program Files\QuickTime 2008-03-29 13:43 . 2008-03-29 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime 2008-03-29 13:42 . 2008-03-29 13:43 <DIR> d--h----- C:\Program Files\Zero G Registry 2008-03-29 13:39 . 2008-03-29 13:39 <DIR> d--h----- C:\Documents and Settings\Jeca i Dejan\InstallAnywhere 2008-03-27 21:00 . 2008-03-27 21:00 <DIR> d-------- C:\Program Files\Verbix2008 2008-03-27 21:00 . 2008-03-27 21:01 <DIR> d-------- C:\Program Files\Common Files\verbix 2008-03-27 21:00 . 2008-03-27 23:36 <DIR> d-------- C:\Documents and Settings\Jeca i Dejan\Application Data\verbix2008 2008-03-27 20:33 . 2008-03-27 20:40 <DIR> d-------- C:\Program Files\Verbix7 2008-03-26 15:59 . 2008-03-26 15:59 0 --a------ C:\_crash.dmp 2008-03-25 22:13 . 2008-03-25 22:13 25 --a------ C:\WINDOWS\cdplayer.ini 2008-03-25 22:11 . 2008-03-25 22:11 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-03-25 22:09 . 2008-03-25 22:09 <DIR> d-------- C:\Program Files\Real 2008-03-25 22:09 . 2008-03-25 22:10 <DIR> d-------- C:\Program Files\Common Files\Real 2008-03-25 19:11 . 2008-03-25 19:11 <DIR> d-------- C:\Program Files\ExtractNow 2008-03-23 13:27 . 2008-04-13 23:28 471 --a------ C:\WINDOWS\Lexicon.ini 2008-03-23 13:25 . 2008-03-23 13:25 <DIR> d-------- C:\WINDOWS\Start Menu 2008-03-23 13:25 . 2008-03-23 13:25 <DIR> d-------- C:\WINDOWS\Desktop 2008-03-23 13:25 . 2008-03-23 13:25 <DIR> d-------- C:\Mglexico 2008-03-22 16:33 . 2008-03-22 17:01 <DIR> d-------- C:\HEUREKA 2008-03-22 16:33 . 1998-07-30 17:41 306,688 --a------ C:\WINDOWS\IsUn0407.exe 2008-03-22 13:43 . 2008-03-22 13:43 <DIR> d-------- C:\Documents and Settings\Jeca i Dejan\Application Data\vlc 2008-03-22 13:39 . 2008-03-22 13:39 <DIR> d-------- C:\Program Files\VideoLAN 2008-03-22 09:07 . 2008-03-22 09:08 5,044,053 --a------ C:\Teach_Yourself_Gulf_Arabic_uztranslations.djvu 2008-03-22 00:26 . 2007-03-08 01:51 129,784 --a------ C:\WINDOWS\system32\pxafs.dll 2008-03-22 00:26 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-03-22 00:26 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-03-22 00:22 . 2008-03-22 00:25 9,006,689 --a------ C:\winamp553_1898_beta_full_en-us.exe 2008-03-21 23:39 . 2008-03-21 23:39 <DIR> d-------- C:\Program Files\Langenscheidt 2008-03-21 23:39 . 2004-01-16 12:00 36,864 --a------ C:\WINDOWS\system32\Hooks.dll 2008-03-21 21:16 . 2008-03-21 23:54 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb 2008-03-21 21:16 . 2008-03-21 23:54 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb 2008-03-21 20:06 . 2008-03-21 20:06 <DIR> d-------- C:\Program Files\Common Files\eSellerate 2008-03-21 19:54 . 2008-03-21 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sync App Settings 2008-03-21 19:28 . 2008-03-21 19:28 <DIR> d-------- C:\Documents and Settings\Jeca i Dejan\Application Data\Binary Fortress Software 2008-03-21 19:11 . 2008-03-21 19:18 23,510,720 --a------ C:\dotnetfx.exe 2008-03-21 18:20 . 2008-03-21 18:20 169 --a------ C:\WINDOWS\RtlRack.ini 2008-03-21 15:34 . 2008-03-21 23:52 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-03-21 15:31 . 2008-03-21 15:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-03-21 15:31 . 2006-09-25 18:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-03-21 14:42 . 2008-03-21 15:31 <DIR> d-------- C:\WINDOWS\system32\Logfiles 2008-03-21 14:42 . 2008-03-21 14:42 <DIR> d-------- C:\Inetpub 2008-03-20 15:54 . 2008-03-20 15:56 <DIR> d-------- C:\WINDOWS\newsoft 2008-03-20 15:54 . 2008-03-20 15:54 <DIR> d-------- C:\Program Files\NewSoft 2008-03-20 15:54 . 2008-04-10 16:29 4,078 --a------ C:\WINDOWS\If42le.ini 2008-03-20 15:54 . 2008-03-20 15:54 298 --a------ C:\WINDOWS\pexplore.ini 2008-03-20 15:53 . 2008-03-20 15:53 <DIR> d-------- C:\Program Files\ScannerU 2008-03-20 15:53 . 1996-11-05 17:13 299,008 --a------ C:\WINDOWS\uninst.exe 2008-03-20 15:53 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-03-20 15:53 . 2004-08-03 23:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-03-20 15:53 . 2008-03-20 15:53 245 --a------ C:\WINDOWS\SCNDRVU.INI 2008-03-18 16:37 . 2008-03-18 16:37 <DIR> d-------- C:\WINDOWS\Sun 2008-03-18 15:52 . 2008-03-18 15:52 <DIR> d-------- C:\Documents and Settings\Jeca i Dejan\.borland 2008-03-18 15:39 . 2008-03-18 15:50 <DIR> d-------- C:\Program Files\Common Files\Borland Shared 2008-03-18 15:39 . 2008-03-18 15:39 <DIR> d-------- C:\Program Files\Borland 2008-03-16 12:58 . 2008-03-16 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DFX 2008-03-16 12:57 . 2008-03-16 12:57 <DIR> d-------- C:\Program Files\DFX 2008-03-16 11:12 . 2008-03-16 11:12 <DIR> d-------- C:\Program Files\High-Logic 2008-03-16 11:12 . 2008-03-16 11:12 <DIR> d-------- C:\Documents and Settings\Jeca i Dejan\Application Data\FontCreator 2008-03-16 11:12 . 2008-03-16 11:12 145 --a------ C:\WINDOWS\fcp5.cfg 2008-03-15 19:33 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-15 18:14 --------- d-----w C:\Program Files\Dictionary 2008-04-13 10:14 --------- d-----w C:\Program Files\ESET 2008-03-30 19:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-30 19:28 --------- d-----w C:\Program Files\Canon 2008-03-30 19:18 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-29 11:51 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-03-25 20:10 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-03-24 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-22 11:15 --------- d-----w C:\Documents and Settings\Jeca i Dejan\Application Data\AdobeUM 2008-03-21 22:28 --------- d-----w C:\Program Files\Winamp 2008-03-13 22:21 --------- d-----w C:\Documents and Settings\Jeca i Dejan\Application Data\CyberLink 2008-03-12 14:28 --------- d-----w C:\Program Files\Java 2008-03-12 14:05 --------- d-----w C:\Program Files\Common Files\Java 2008-03-09 23:00 --------- d-----w C:\Program Files\Mv2Player 2008-03-09 20:19 --------- d-----w C:\Program Files\BitLord 2008-03-09 04:52 --------- d-----w C:\Program Files\YouTube Downloader 2008-03-09 04:48 --------- d-----w C:\Program Files\FDRLab 2008-03-08 23:58 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2008-03-08 23:58 298,104 ----a-w C:\WINDOWS\system32\imon.dll 2008-03-08 23:58 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2008-03-08 23:53 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-08 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-03-08 23:44 --------- d-----w C:\Program Files\CyberLink 2008-03-08 23:43 99,965 ----a-w C:\WINDOWS\UninstallFirefox.exe 2008-03-08 23:43 --------- d-----w C:\Documents and Settings\Jeca i Dejan\Application Data\Talkback 2008-03-08 23:35 --------- d-----w C:\Program Files\Sony 2008-03-08 23:35 --------- d-----w C:\Documents and Settings\Jeca i Dejan\Application Data\Sony 2008-03-08 23:34 --------- d-----w C:\Program Files\Sony Setup 2008-03-08 23:30 --------- d-----w C:\Program Files\Opera 2008-03-08 23:29 --------- d-----w C:\Documents and Settings\Jeca i Dejan\Application Data\InterVideo 2008-03-08 23:26 --------- d-----w C:\Program Files\Common Files\InterVideo 2008-03-08 23:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-03-08 23:25 --------- d-----w C:\Program Files\InterVideo 2008-03-08 23:25 --------- d-----w C:\Program Files\InterActual 2008-03-08 23:25 --------- d-----w C:\Program Files\Creative 2008-03-08 23:23 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-03-08 23:22 --------- d-----w C:\Program Files\Common Files\Ahead 2008-03-08 23:22 --------- d-----w C:\Documents and Settings\Jeca i Dejan\Application Data\Ahead 2008-03-08 23:21 --------- d-----w C:\Program Files\Nero 2008-03-08 23:18 --------- d-----w C:\Program Files\Yahoo! 2008-03-08 23:07 --------- d-----w C:\Program Files\Realtek Sound Manager 2008-03-08 23:07 --------- d-----w C:\Program Files\AvRack 2008-03-08 22:50 --------- d-----w C:\Program Files\MSBuild 2008-03-08 22:50 --------- d-----w C:\Program Files\Microsoft Works 2008-03-08 22:30 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-08 19:39 --------- d-----w C:\Program Files\MSN Messenger 2008-03-08 19:38 --------- d-----w C:\Program Files\CCleaner . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}] 2008-03-05 14:48 78848 --a------ C:\PROGRA~1\IWINGA~1\IWINGA~1.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-02 02:45 98304] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 22:55 5674352] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 10:47 31016] "SoundMan"="SOUNDMAN.EXE" [2002-11-19 15:01 46592 C:\WINDOWS\SOUNDMAN.EXE] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-13 01:40 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 06:24 32768] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2005-11-15 21:48 921600] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-17 20:56 36352] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 13:46 98304] C:\Documents and Settings\Jeca i Dejan\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 06:24:54 98632] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-03-09 01:57:01 118784] [HKLM\~\startupfolder\C:^Documents and Settings^Jeca i Dejan^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk] path=C:\Documents and Settings\Jeca i Dejan\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMc31b7d39] C:\WINDOWS\system32\hijnhyfg.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c0284ea5] C:\WINDOWS\system32\igtcdpwc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\WINDOWS\\system32\\CNAB4RPK.EXE"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\iWin Games\\iWinGames.exe"= "C:\\Program Files\\iWin Games\\WebUpdater.exe"= R2 iWinGamesInstaller;iWinGamesInstaller;C:\Program Files\iWin Games\iWinGamesInstaller.exe [2008-03-05 14:49] R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 22:54] S2 BulkUsb;Genius ColorPage USB Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58] S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [] . Contents of the 'Scheduled Tasks' folder "2008-03-21 19:04:50 C:\WINDOWS\Tasks\SesamTVMC.job" . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-04-16 01:23:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\ESET\nod32krn.exe C:\WINDOWS\system32\CNAB4RPK.EXE . ************************************************************************ . Completion time: 2008-04-16 1:29:19 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-15 23:29:11 Pre-Run: 1,844,830,208 bytes free Post-Run: 2,468,200,448 bytes free

Profil

dr_Bora Poslao: 16 Apr 2008 18:24 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1. Da li ti je poznat program Keycorder, tj. da li si ga ti instalirao? ------------------------------------------------------------------------------------- 2. Uploaduj mi: C:\WINDOWS\system32\Hooks.dll preko sledećeg linka: http://www.mycity.rs/ambulanta-upload.php ------------------------------------------------------------------------------------- 3. Otvori Control Panel, Add/Remove Programs i deinstaliraj sve što ima veze sa iWin Games / iWin Arcade. ------------------------------------------------------------------------------------- 4. Pokreni HijackThis, skeniraj i čekiraj sledeće linije: O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es Klikni Fix checked. ------------------------------------------------------------------------------------- 5. Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\hijnhyfg.dll C:\WINDOWS\system32\igtcdpwc.dll Folder:: C:\Program Files\iWin.com C:\Documents and Settings\Jeca i Dejan\Application Data\iWinArcade C:\Program Files\iWin Games C:\Documents and Settings\All Users\Application Data\iWin Games Driver:: iWinGamesInstaller Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8CA5ED52-F3FB-4414-A105-2E3491156990}] [-HKLM\~\startupfolder\C:^Documents and Settings^Jeca i Dejan^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMc31b7d39] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c0284ea5] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\iWin Games\\iWinGames.exe"=- "C:\\Program Files\\iWin Games\\WebUpdater.exe"=- Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

propali_matematicar Poslao: 16 Apr 2008 21:56 Idi na vrh
offline propali_matematicar Građanin Pridružio: 21 Okt 2007 Poruke: 127 Gde živiš: somewhere...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1. Nije mi poznat, i nisam ga instalirao. _________________________________________ 2. Upload-ovano; __________________________________________ 3. Uradjeno; _________________________________________ 4. To mi se uopste ne nalazi na listi, evo ga logfile: Logfile of HijackThis v1.99.1 Scan saved at 21:33:13, on 16.4.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CNAB4RPK.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Opera\Opera.exe C:\Documents and Settings\Jeca i Dejan\My Documents\OO\tr3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9 O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe ____________________________________________ 5. Uradjeno. Dopuna: 16 Apr 2008 21:56 Kad sam uradio ovo poslednje, nista se nije desilo. Samo se nakratko pojavio status bar koji se napunio, potom nestao i to je kraj. Program se nikad nije otvorio.

Profil

dr_Bora Poslao: 16 Apr 2008 23:17 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokušaj opet. Ako i dalje neće, onda samo dvoklikom pokreni ComboFix i postavi ovde log koji dobiješ.

Profil

propali_matematicar Poslao: 16 Apr 2008 23:54 Idi na vrh
offline propali_matematicar Građanin Pridružio: 21 Okt 2007 Poruke: 127 Gde živiš: somewhere...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne radi opet. Kad sam ga ukljucio da skenira od pocetka, NOD32 mi je opet izasao sa nekim upozorenjem. Bio je u pitanju neki temp fajl. Evo ga log: ComboFix 08-04-15.1 - Jeca i Dejan 2008-04-16 23:43:32.2 - NTFSx86 Running from: C:\Documents and Settings\Jeca i Dejan\Desktop\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-03-16 to 2008-04-16 ))))))))))))))))))))))))))))))) . 2008-04-16 00:58 . 2008-04-16 00:58 <DIR> d-------- C:\Documents and Settings\Jeca i Dejan\Application Data\Malwarebytes 2008-04-16 00:56 . 2008-04-16 00:57 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-04-16 00:56 . 2008-04-16 00:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-04-14 16:09 . 2008-04-16 22:37 <DIR> d-------- C:\Program Files\Mystery Case Files Prime Suspects 2008-04-14 12:21 . 2008-04-15 15:20 101,169 --a------ C:\WINDOWS\BMc31b7d39.xml 2008-04-13 10:53 . 2008-04-13 10:53 <DIR> d-------- C:\Program Files\ReflexiveArcade 2008-04-13 10:53 . 2008-04-16 23:03 <DIR> d-------- C:\Program Files\Mystery Case Files Huntsville 2008-04-12 12:19 . 2008-04-12 12:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia 2008-04-12 12:09 . 2008-04-12 12:09 <DIR> d-------- C:\Program Files\iWin.com 2008-04-12 11:35 . 2008-04-12 11:35 <DIR> d-------- C:\Documents and Settings\Jeca i Dejan\Application Data\iWinArcade 2008-04-12 11:34 . 2008-04-16 11:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin Games 2008-04-11 20:57 . 2008-04-11 21:02 <DIR> d-------- C:\Program Files\Shockwave.com 2008-04-10 00:02 . 2008-04-10 00:02 8,704 --ahs---- C:\Thumbs.db 2008-04-10 00:02 . 2008-04-10 00:02 5,632 --ahs---- C:\WINDOWS\Thumbs.db 2008-04-06 20:58 . 2008-04-06 20:59 <DIR> d-------- C:\WINDOWS\system32\NtmsData 2008-04-04 20:35 . 2008-04-04 20:35 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-03-30 21:22 . 2008-03-30 21:22 0 --a------ C:\WINDOWS\OpPrintServer.INI 2008-03-30 21:07 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-03-30 21:07 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-03-30 11:52 . 2008-03-30 13:12 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-03-29 14:54 . 2008-03-29 14:54 <DIR> d-------- C:\Program Files\ImgBurn 2008-03-29 14:54 . 2008-03-29 22:46 <DIR> d-------- C:\Documents and Settings\Jeca i Dejan\Application Data\ImgBurn 2008-03-29 13:50 . 2008-03-29 13:50 1,104 --a------ C:\WINDOWS\system32\sdbackup.reg 2008-03-29 13:45 . 1999-11-10 13:05 86,016 --a------ C:\WINDOWS\unvise32qt.exe 2008-03-29 13:44 . 2008-03-29 13:45 <DIR> d-------- C:\WINDOWS\system32\QuickTime 2008-03-29 13:44 . 2008-03-29 13:46 <DIR> d-------- C:\Program Files\QuickTime 2008-03-29 13:43 . 2008-03-29 13:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime 2008-03-29 13:42 . 2008-03-29 13:43 <DIR> d--h----- C:\Program Files\Zero G Registry 2008-03-29 13:39 . 2008-03-29 13:39 <DIR> d--h----- C:\Documents and Settings\Jeca i Dejan\InstallAnywhere 2008-03-27 21:00 . 2008-03-27 21:00 <DIR> d-------- C:\Program Files\Verbix2008 2008-03-27 21:00 . 2008-03-27 21:01 <DIR> d-------- C:\Program Files\Common Files\verbix 2008-03-27 21:00 . 2008-03-27 23:36 <DIR> d-------- C:\Documents and Settings\Jeca i Dejan\Application Data\verbix2008 2008-03-27 20:33 . 2008-03-27 20:40 <DIR> d-------- C:\Program Files\Verbix7 2008-03-26 15:59 . 2008-03-26 15:59 0 --a------ C:\_crash.dmp 2008-03-25 22:13 . 2008-03-25 22:13 25 --a------ C:\WINDOWS\cdplayer.ini 2008-03-25 22:11 . 2008-03-25 22:11 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-03-25 22:09 . 2008-03-25 22:09 <DIR> d-------- C:\Program Files\Real 2008-03-25 22:09 . 2008-03-25 22:10 <DIR> d-------- C:\Program Files\Common Files\Real 2008-03-25 19:11 . 2008-03-25 19:11 <DIR> d-------- C:\Program Files\ExtractNow 2008-03-23 13:27 . 2008-04-13 23:28 471 --a------ C:\WINDOWS\Lexicon.ini 2008-03-23 13:25 . 2008-03-23 13:25 <DIR> d-------- C:\WINDOWS\Start Menu 2008-03-23 13:25 . 2008-03-23 13:25 <DIR> d-------- C:\WINDOWS\Desktop 2008-03-23 13:25 . 2008-03-23 13:25 <DIR> d-------- C:\Mglexico 2008-03-22 16:33 . 2008-03-22 17:01 <DIR> d-------- C:\HEUREKA 2008-03-22 16:33 . 1998-07-30 17:41 306,688 --a------ C:\WINDOWS\IsUn0407.exe 2008-03-22 13:43 . 2008-03-22 13:43 <DIR> d-------- C:\Documents and Settings\Jeca i Dejan\Application Data\vlc 2008-03-22 13:39 . 2008-03-22 13:39 <DIR> d-------- C:\Program Files\VideoLAN 2008-03-22 09:07 . 2008-03-22 09:08 5,044,053 --a------ C:\Teach_Yourself_Gulf_Arabic_uztranslations.djvu 2008-03-22 00:26 . 2007-03-08 01:51 129,784 --a------ C:\WINDOWS\system32\pxafs.dll 2008-03-22 00:26 . 2007-03-08 01:51 9,464 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys 2008-03-22 00:26 . 2007-03-08 01:51 9,336 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys 2008-03-22 00:22 . 2008-03-22 00:25 9,006,689 --a------ C:\winamp553_1898_beta_full_en-us.exe 2008-03-21 23:39 . 2008-03-21 23:39 <DIR> d-------- C:\Program Files\Langenscheidt 2008-03-21 23:39 . 2004-01-16 12:00 36,864 --a------ C:\WINDOWS\system32\Hooks.dll 2008-03-21 21:16 . 2008-03-21 23:54 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb 2008-03-21 21:16 . 2008-03-21 23:54 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb 2008-03-21 20:06 . 2008-03-21 20:06 <DIR> d-------- C:\Program Files\Common Files\eSellerate 2008-03-21 19:54 . 2008-03-21 19:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sync App Settings 2008-03-21 19:28 . 2008-03-21 19:28 <DIR> d-------- C:\Documents and Settings\Jeca i Dejan\Application Data\Binary Fortress Software 2008-03-21 19:11 . 2008-03-21 19:18 23,510,720 --a------ C:\dotnetfx.exe 2008-03-21 18:20 . 2008-03-21 18:20 169 --a------ C:\WINDOWS\RtlRack.ini 2008-03-21 15:34 . 2008-03-21 23:52 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-03-21 15:31 . 2008-03-21 15:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-03-21 15:31 . 2006-09-25 18:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-03-21 14:42 . 2008-03-21 15:31 <DIR> d-------- C:\WINDOWS\system32\Logfiles 2008-03-21 14:42 . 2008-03-21 14:42 <DIR> d-------- C:\Inetpub 2008-03-20 15:54 . 2008-03-20 15:56 <DIR> d-------- C:\WINDOWS\newsoft 2008-03-20 15:54 . 2008-03-20 15:54 <DIR> d-------- C:\Program Files\NewSoft 2008-03-20 15:54 . 2008-04-16 12:21 4,073 --a------ C:\WINDOWS\If42le.ini 2008-03-20 15:54 . 2008-03-20 15:54 298 --a------ C:\WINDOWS\pexplore.ini 2008-03-20 15:53 . 2008-03-20 15:53 <DIR> d-------- C:\Program Files\ScannerU 2008-03-20 15:53 . 1996-11-05 17:13 299,008 --a------ C:\WINDOWS\uninst.exe 2008-03-20 15:53 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-03-20 15:53 . 2004-08-03 23:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-03-20 15:53 . 2008-03-20 15:53 245 --a------ C:\WINDOWS\SCNDRVU.INI 2008-03-18 16:37 . 2008-03-18 16:37 <DIR> d-------- C:\WINDOWS\Sun 2008-03-18 15:52 . 2008-03-18 15:52 <DIR> d-------- C:\Documents and Settings\Jeca i Dejan\.borland 2008-03-18 15:39 . 2008-03-18 15:50 <DIR> d-------- C:\Program Files\Common Files\Borland Shared 2008-03-18 15:39 . 2008-03-18 15:39 <DIR> d-------- C:\Program Files\Borland 2008-03-16 12:58 . 2008-03-16 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DFX 2008-03-16 12:57 . 2008-03-16 12:57 <DIR> d-------- C:\Program Files\DFX 2008-03-16 11:12 . 2008-03-16 11:12 <DIR> d-------- C:\Program Files\High-Logic 2008-03-16 11:12 . 2008-03-16 11:12 <DIR> d-------- C:\Documents and Settings\Jeca i Dejan\Application Data\FontCreator 2008-03-16 11:12 . 2008-03-16 11:12 145 --a------ C:\WINDOWS\fcp5.cfg . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-15 18:14 --------- d-----w C:\Program Files\Dictionary 2008-04-13 10:14 --------- d-----w C:\Program Files\ESET 2008-03-30 19:29 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-30 19:28 --------- d-----w C:\Program Files\Canon 2008-03-30 19:18 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-03-29 11:51 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2008-03-25 20:10 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2008-03-24 19:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-03-22 11:15 --------- d-----w C:\Documents and Settings\Jeca i Dejan\Application Data\AdobeUM 2008-03-21 22:28 --------- d-----w C:\Program Files\Winamp 2008-03-13 22:21 --------- d-----w C:\Documents and Settings\Jeca i Dejan\Application Data\CyberLink 2008-03-12 14:28 --------- d-----w C:\Program Files\Java 2008-03-12 14:05 --------- d-----w C:\Program Files\Common Files\Java 2008-03-09 23:00 --------- d-----w C:\Program Files\Mv2Player 2008-03-09 20:19 --------- d-----w C:\Program Files\BitLord 2008-03-09 04:52 --------- d-----w C:\Program Files\YouTube Downloader 2008-03-09 04:48 --------- d-----w C:\Program Files\FDRLab 2008-03-08 23:58 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys 2008-03-08 23:58 298,104 ----a-w C:\WINDOWS\system32\imon.dll 2008-03-08 23:58 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys 2008-03-08 23:53 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-08 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-03-08 23:44 --------- d-----w C:\Program Files\CyberLink 2008-03-08 23:43 99,965 ----a-w C:\WINDOWS\UninstallFirefox.exe 2008-03-08 23:43 --------- d-----w C:\Documents and Settings\Jeca i Dejan\Application Data\Talkback 2008-03-08 23:35 --------- d-----w C:\Program Files\Sony 2008-03-08 23:35 --------- d-----w C:\Documents and Settings\Jeca i Dejan\Application Data\Sony 2008-03-08 23:34 --------- d-----w C:\Program Files\Sony Setup 2008-03-08 23:30 --------- d-----w C:\Program Files\Opera 2008-03-08 23:29 --------- d-----w C:\Documents and Settings\Jeca i Dejan\Application Data\InterVideo 2008-03-08 23:26 --------- d-----w C:\Program Files\Common Files\InterVideo 2008-03-08 23:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-03-08 23:25 --------- d-----w C:\Program Files\InterVideo 2008-03-08 23:25 --------- d-----w C:\Program Files\InterActual 2008-03-08 23:25 --------- d-----w C:\Program Files\Creative 2008-03-08 23:23 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-03-08 23:22 --------- d-----w C:\Program Files\Common Files\Ahead 2008-03-08 23:22 --------- d-----w C:\Documents and Settings\Jeca i Dejan\Application Data\Ahead 2008-03-08 23:21 --------- d-----w C:\Program Files\Nero 2008-03-08 23:18 --------- d-----w C:\Program Files\Yahoo! 2008-03-08 23:07 --------- d-----w C:\Program Files\Realtek Sound Manager 2008-03-08 23:07 --------- d-----w C:\Program Files\AvRack 2008-03-08 22:50 --------- d-----w C:\Program Files\MSBuild 2008-03-08 22:50 --------- d-----w C:\Program Files\Microsoft Works 2008-03-08 22:30 --------- d-----w C:\Program Files\microsoft frontpage 2008-03-08 19:39 --------- d-----w C:\Program Files\MSN Messenger 2008-03-08 19:38 --------- d-----w C:\Program Files\CCleaner . ((((((((((((((((((((((((((((( snapshot@2008-04-16_ 1.28.54.43 ))))))))))))))))))))))))))))))))))))))))) . - 2008-04-15 23:23:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-04-16 15:31:36 2,048 --s-a-w C:\WINDOWS\bootstat.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2006-02-02 02:45 98304] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 22:55 5674352] "updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 17:45 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 10:47 31016] "SoundMan"="SOUNDMAN.EXE" [2002-11-19 15:01 46592 C:\WINDOWS\SOUNDMAN.EXE] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2006-01-13 01:40 155648] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 06:24 32768] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2005-11-15 21:48 921600] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-03-17 20:56 36352] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-29 13:46 98304] C:\Documents and Settings\Jeca i Dejan\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-27 06:24:54 98632] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-03-09 01:57:01 118784] [HKLM\~\startupfolder\C:^Documents and Settings^Jeca i Dejan^Start Menu^Programs^Startup^iWin Desktop Alerts.lnk] path=C:\Documents and Settings\Jeca i Dejan\Start Menu\Programs\Startup\iWin Desktop Alerts.lnk backup=C:\WINDOWS\pss\iWin Desktop Alerts.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMc31b7d39] C:\WINDOWS\system32\hijnhyfg.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c0284ea5] C:\WINDOWS\system32\igtcdpwc.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\WINDOWS\\system32\\CNAB4RPK.EXE"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\BitLord\\BitLord.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= R3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 22:54] S2 BulkUsb;Genius ColorPage USB Scanner;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58] S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys [] . Contents of the 'Scheduled Tasks' folder "2008-03-21 19:04:50 C:\WINDOWS\Tasks\SesamTVMC.job" . ************************************************************************ catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-04-16 23:46:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-04-16 23:50:22 ComboFix-quarantined-files.txt 2008-04-16 21:50:13 ComboFix2.txt 2008-04-15 23:29:21 Pre-Run: 2,455,531,520 bytes free Post-Run: 2,466,988,032 bytes free

Profil

dr_Bora Poslao: 17 Apr 2008 18:42 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

propali_matematicar Poslao: 17 Apr 2008 22:12 Idi na vrh
offline propali_matematicar Građanin Pridružio: 21 Okt 2007 Poruke: 127 Gde živiš: somewhere...	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hvala! To je, dakle, to?

Profil

dr_Bora Poslao: 17 Apr 2008 22:51 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To je to (sem ako postoji neki problem koji nisi spomenuo).

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa nekim virusom

Ko je trenutno na forumu

Ukupno su 741 korisnika na forumu :: 30 registrovanih, 6 sakrivenih i 705 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Andrija357, Atomski čoban, babaroga, bigfoot, Boris BM, cenejac111, djboj, DragoslavS, Herman Terrance Aubrey, HrcAk47, janbo, JOntra, ladro, laki_bb, Lazarus, Lord Nem, mrav pesadinac, Nikolaa11, pein, Pikac-47, sevenino, Srle993, tomigun, Vlajman1957, yufighter, zillbg, |_MeD_|, 125, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by