Problem sa nepoznatim mailovima

3

Problem sa nepoznatim mailovima

offline
  • vl 
  • Novi MyCity građanin
  • Pridružio: 05 Maj 2007
  • Poruke: 18

Ovaj scan mi bas dugo traje. Jeli to tako treba? Da ga ne diram?

Dopuna: 08 Maj 2007 11:13

Ovaj scan mi bas dugo traje. To tako treba? Da ga ne prekidam?

Dopuna: 08 Maj 2007 11:33

Zavsio je. Evo liste:

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, gmer.net
Rootkit scan 2007-05-08 09:07:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\vlado\Local Settings\Application Data\Microsoft\Messenger\vladoleovac@hotmail.com\SharingMetadata\dorotea9@hotmail.co.uk\DFSR\Staging\CS{167361D6-9FE6-609D-72FA-F7E05E5605D6}\01\10-{167361D6-9FE6-609D-72FA-F7E05E5605D6}-v1-{22EA2ACA-E2FB-463D-952D-87020C0C66CF}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\vlado\Local Settings\Application Data\Microsoft\Messenger\vladoleovac@hotmail.com\SharingMetadata\dorotea9@hotmail.co.uk\DFSR\Staging\CS{167361D6-9FE6-609D-72FA-F7E05E5605D6}\01\10-{167361D6-9FE6-609D-72FA-F7E05E5605D6}-v1-{22EA2ACA-E2FB-463D-952D-87020C0C66CF}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\vlado\Local Settings\Application Data\Microsoft\Messenger\vladoleovac@hotmail.com\SharingMetadata\dorotea9@hotmail.co.uk\DFSR\Staging\CS{167361D6-9FE6-609D-72FA-F7E05E5605D6}\01\10-{167361D6-9FE6-609D-72FA-F7E05E5605D6}-v1-{22EA2ACA-E2FB-463D-952D-87020C0C66CF}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\vlado\Local Settings\Application Data\Microsoft\Messenger\vladoleovac@hotmail.com\SharingMetadata\dorotea9@hotmail.co.uk\DFSR\Staging\CS{167361D6-9FE6-609D-72FA-F7E05E5605D6}\01\10-{167361D6-9FE6-609D-72FA-F7E05E5605D6}-v1-{22EA2ACA-E2FB-463D-952D-87020C0C66CF}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\vlado\Local Settings\Application Data\Microsoft\Messenger\vladoleovac@hotmail.com\SharingMetadata\dorotea9@hotmail.co.uk\DFSR\Staging\CS{167361D6-9FE6-609D-72FA-F7E05E5605D6}\01\10-{167361D6-9FE6-609D-72FA-F7E05E5605D6}-v1-{22EA2ACA-E2FB-463D-952D-87020C0C66CF}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\vlado\Local Settings\Application Data\Microsoft\Messenger\vladoleovac@hotmail.com\SharingMetadata\dorotea9@hotmail.co.uk\DFSR\Staging\CS{167361D6-9FE6-609D-72FA-F7E05E5605D6}\01\10-{167361D6-9FE6-609D-72FA-F7E05E5605D6}-v1-{22EA2ACA-E2FB-463D-952D-87020C0C66CF}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS 8 bytes hidden from API
C:\Documents and Settings\vlado\Local Settings\Temp\TFR61.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR62.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR66.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR6A.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR6E.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR72.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR75.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR79.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR61.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR62.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR66.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR6A.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR6E.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR72.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR75.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR79.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR61.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR62.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR66.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR6A.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR6E.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR72.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR75.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR79.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR61.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR62.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR66.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR6A.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR6E.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR72.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR75.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR79.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR61.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR62.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR66.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR6A.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR6E.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR72.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR75.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR79.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR61.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR62.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR66.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR6A.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR6E.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR72.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR75.tmp
C:\Documents and Settings\vlado\Local Settings\Temp\TFR79.tmp

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 55


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 55

file zipped: C:\Documents and Settings\vlado\Local Settings\Application Data\Microsoft\Messenger\vladoleovac@hotmail.com\SharingMetadata\dorotea9@hotmail.co.uk\DFSR\Staging\CS{167361D6-9FE6-609D-72FA-F7E05E5605D6}\01\10-{167361D6-9FE6-609D-72FA-F7E05E5605D6}-v1-{22EA2ACA-E2FB-463D-952D-87020C0C66CF}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS ( 8 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Application Data\Microsoft\Messenger\vladoleovac@hotmail.com\SharingMetadata\dorotea9@hotmail.co.uk\DFSR\Staging\CS{167361D6-9FE6-609D-72FA-F7E05E5605D6}\01\10-{167361D6-9FE6-609D-72FA-F7E05E5605D6}-v1-{22EA2ACA-E2FB-463D-952D-87020C0C66CF}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.1 ( 8 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Application Data\Microsoft\Messenger\vladoleovac@hotmail.com\SharingMetadata\dorotea9@hotmail.co.uk\DFSR\Staging\CS{167361D6-9FE6-609D-72FA-F7E05E5605D6}\01\10-{167361D6-9FE6-609D-72FA-F7E05E5605D6}-v1-{22EA2ACA-E2FB-463D-952D-87020C0C66CF}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.2 ( 8 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Application Data\Microsoft\Messenger\vladoleovac@hotmail.com\SharingMetadata\dorotea9@hotmail.co.uk\DFSR\Staging\CS{167361D6-9FE6-609D-72FA-F7E05E5605D6}\01\10-{167361D6-9FE6-609D-72FA-F7E05E5605D6}-v1-{22EA2ACA-E2FB-463D-952D-87020C0C66CF}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.3 ( 8 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Application Data\Microsoft\Messenger\vladoleovac@hotmail.com\SharingMetadata\dorotea9@hotmail.co.uk\DFSR\Staging\CS{167361D6-9FE6-609D-72FA-F7E05E5605D6}\01\10-{167361D6-9FE6-609D-72FA-F7E05E5605D6}-v1-{22EA2ACA-E2FB-463D-952D-87020C0C66CF}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.4 ( 8 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Application Data\Microsoft\Messenger\vladoleovac@hotmail.com\SharingMetadata\dorotea9@hotmail.co.uk\DFSR\Staging\CS{167361D6-9FE6-609D-72FA-F7E05E5605D6}\01\10-{167361D6-9FE6-609D-72FA-F7E05E5605D6}-v1-{22EA2ACA-E2FB-463D-952D-87020C0C66CF}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS -> catchme.zip -> {59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS.5 ( 8 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR61.tmp -> catchme.zip -> TFR61.tmp ( 46021 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR62.tmp -> catchme.zip -> TFR62.tmp ( 46660 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR66.tmp -> catchme.zip -> TFR66.tmp ( 59218 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR6A.tmp -> catchme.zip -> TFR6A.tmp ( 67560 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR6E.tmp -> catchme.zip -> TFR6E.tmp ( 27777 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR72.tmp -> catchme.zip -> TFR72.tmp ( 21122 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR75.tmp -> catchme.zip -> TFR75.tmp ( 23427 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR79.tmp -> catchme.zip -> TFR79.tmp ( 26241 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR61.tmp -> catchme.zip -> TFR61.tmp.1 ( 46021 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR62.tmp -> catchme.zip -> TFR62.tmp.1 ( 46660 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR66.tmp -> catchme.zip -> TFR66.tmp.1 ( 59218 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR6A.tmp -> catchme.zip -> TFR6A.tmp.1 ( 67560 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR6E.tmp -> catchme.zip -> TFR6E.tmp.1 ( 27777 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR72.tmp -> catchme.zip -> TFR72.tmp.1 ( 21122 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR75.tmp -> catchme.zip -> TFR75.tmp.1 ( 23427 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR79.tmp -> catchme.zip -> TFR79.tmp.1 ( 26241 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR61.tmp -> catchme.zip -> TFR61.tmp.2 ( 46021 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR62.tmp -> catchme.zip -> TFR62.tmp.2 ( 46660 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR66.tmp -> catchme.zip -> TFR66.tmp.2 ( 59218 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR6A.tmp -> catchme.zip -> TFR6A.tmp.2 ( 67560 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR6E.tmp -> catchme.zip -> TFR6E.tmp.2 ( 27777 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR72.tmp -> catchme.zip -> TFR72.tmp.2 ( 21122 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR75.tmp -> catchme.zip -> TFR75.tmp.2 ( 23427 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR79.tmp -> catchme.zip -> TFR79.tmp.2 ( 26241 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR61.tmp -> catchme.zip -> TFR61.tmp.3 ( 46021 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR62.tmp -> catchme.zip -> TFR62.tmp.3 ( 46660 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR66.tmp -> catchme.zip -> TFR66.tmp.3 ( 59218 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR6A.tmp -> catchme.zip -> TFR6A.tmp.3 ( 67560 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR6E.tmp -> catchme.zip -> TFR6E.tmp.3 ( 27777 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR72.tmp -> catchme.zip -> TFR72.tmp.3 ( 21122 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR75.tmp -> catchme.zip -> TFR75.tmp.3 ( 23427 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR79.tmp -> catchme.zip -> TFR79.tmp.3 ( 26241 bytes )

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 55

file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR61.tmp -> catchme.zip -> TFR61.tmp.4 ( 46021 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR62.tmp -> catchme.zip -> TFR62.tmp.4 ( 46660 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR66.tmp -> catchme.zip -> TFR66.tmp.4 ( 59218 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR6A.tmp -> catchme.zip -> TFR6A.tmp.4 ( 67560 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR6E.tmp -> catchme.zip -> TFR6E.tmp.4 ( 27777 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR72.tmp -> catchme.zip -> TFR72.tmp.4 ( 21122 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR75.tmp -> catchme.zip -> TFR75.tmp.4 ( 23427 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR79.tmp -> catchme.zip -> TFR79.tmp.4 ( 26241 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR61.tmp -> catchme.zip -> TFR61.tmp.5 ( 46021 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR62.tmp -> catchme.zip -> TFR62.tmp.5 ( 46660 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR66.tmp -> catchme.zip -> TFR66.tmp.5 ( 59218 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR6A.tmp -> catchme.zip -> TFR6A.tmp.5 ( 67560 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR6E.tmp -> catchme.zip -> TFR6E.tmp.5 ( 27777 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR72.tmp -> catchme.zip -> TFR72.tmp.5 ( 21122 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR75.tmp -> catchme.zip -> TFR75.tmp.5 ( 23427 bytes )
file zipped: C:\Documents and Settings\vlado\Local Settings\Temp\TFR79.tmp -> catchme.zip -> TFR79.tmp.5 ( 26241 bytes )

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 55


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 55


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 55


a poslacu i zip

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Preuzeo sam ono što si upload-ovao. Proveriću ga u toku dana, oko 5 PM sam ovde, pa nastavljamo.
Izvini za juče, nisam mogao da izbegnem obaveze.

Dopuna: 08 Maj 2007 18:02

Ovi fajlovi koji su nam stigli nisu maliciozni.
Ostaje nam samo problem sa skrivenim xkwagrvl.sys, koga ne možeš da pronađeš na disku. Ni ovaj alat sa kojim smo sada probali da ga pronađemo i uklonimo nije dao rezultat.

Ne ostaje mi ništa drugo sem da te uputim na RootKit UnHooker (135 kb) i da te zamolim da obaviš skeniranje njime.

Kada instaliraš program, klikni na zadnji tab na kome piše Report, klikneš Scan, pojaviće se prozorče sa označenim opcijama za skeniranje (ako nisu označi ih), izaberi particije za skeniranje i kad završi iskopiraj nam log ovde..

offline
  • vl 
  • Novi MyCity građanin
  • Pridružio: 05 Maj 2007
  • Poruke: 18

Evo scan-a:


>SSDT State
NtCreateProcess
Actual Address 0xF752667C
Hooked by: C:\WINDOWS\System32\drivers\fsndis5.sys

NtCreateProcessEx
Actual Address 0xF7526710
Hooked by: C:\WINDOWS\System32\drivers\fsndis5.sys

NtCreateSection
Actual Address 0xF75260C0
Hooked by: C:\WINDOWS\System32\drivers\fsndis5.sys

NtCreateThread
Actual Address 0xF7525F76
Hooked by: C:\WINDOWS\System32\drivers\fsndis5.sys

NtOpenProcess
Actual Address 0xF3FB08AC
Hooked by: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

NtTerminateProcess
Actual Address 0xF3FB0812
Hooked by: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys

NtWriteVirtualMemory
Actual Address 0xF7525FF6
Hooked by: C:\WINDOWS\System32\drivers\fsndis5.sys

>Processes
>Drivers
>Files
Suspect File: C:\Documents and Settings\vlado\Local Settings\Temporary Internet Files\Content.IE5\1KXA8CGB\privmsg[4].htm Status: Hidden
Suspect File: C:\Documents and Settings\vlado\Local Settings\Temporary Internet Files\Content.IE5\7ND1KE2H\privmsg[3].php Status: Hidden
Suspect File: C:\Documents and Settings\vlado\Local Settings\Temporary Internet Files\Content.IE5\7ND1KE2H\privmsg[4].htm Status: Hidden
Suspect File: C:\Documents and Settings\vlado\Local Settings\Temporary Internet Files\Content.IE5\G3ILSH8D\privmsg[3].htm Status: Hidden
>Hooks
ndis.sys-->NdisCloseAdapter, Type: Inline - RelativeJump at address 0xF723561E hook handler located in [fsndis5.sys]
ndis.sys-->NdisDeregisterProtocol, Type: Inline - RelativeJump at address 0xF72357FD hook handler located in [fsndis5.sys]
ndis.sys-->NdisOpenAdapter, Type: Inline - RelativeJump at address 0xF722B397 hook handler located in [fsndis5.sys]
ndis.sys-->NdisRegisterProtocol, Type: Inline - RelativeJump at address 0xF722B17D hook handler located in [fsndis5.sys]
ndis.sys-->NdisRequest, Type: Inline - RelativeJump at address 0xF723896B hook handler located in [fsndis5.sys]
ndis.sys-->NdisReturnPackets, Type: Inline - RelativeJump at address 0xF7238800 hook handler located in [fsndis5.sys]
ndis.sys-->NdisSend, Type: Inline - RelativeJump at address 0xF723B977 hook handler located in [fsndis5.sys]
ndis.sys-->NdisSend, Type: Inline - RelativeJump at address 0xF723B994 hook handler located in [fsndis5.sys]
ndis.sys-->NdisSendPackets, Type: Inline - RelativeJump at address 0xF723B9AF hook handler located in [fsndis5.sys]
ntkrnlpa.exe-->IoCreateDevice, Type: Inline - RelativeJump at address 0x80574702 hook handler located in [fsndis5.sys]
[3948]msnmsgr.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - RelativeJump at address 0x7C810386 hook handler located in [msnmsgr.exe]
!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

I ovde ništa..

Proveri računar online preko ovog linka. Skeniranje je moguće jedino sa Internet Explorer browserom i uključenim ActiveX kontrolama.

Zapiši i postuj nam ovde ako detektuje neki malware.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Da bi AVG AS (Ewido) brisao kada nesto nadje, idi na ikonicu Scanner > kartica Settings. Tu imas opciju How to act? koju treba podesiti na Quarantine.

offline
  • vl 
  • Novi MyCity građanin
  • Pridružio: 05 Maj 2007
  • Poruke: 18

Zavrsio sam skeniranje i nisam nista nasao sa ovim bitdefenderom

Dopuna: 08 Maj 2007 22:45

Podesio sam na Quarantine

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Proskeniraj ponovo Ewidom (AVG AS) i postavi log. Postavi i novi HJT log.

offline
  • vl 
  • Novi MyCity građanin
  • Pridružio: 05 Maj 2007
  • Poruke: 18

Evo reporta scan-a:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:48:36 9.5.2007

+ Scan result:



C:\Program Files\Screensavers.com\SSSInst\bin\SSSInst.dll -> Adware.Comet : Cleaned.
C:\Program Files\Starware316\bin\Starware316.dll -> Adware.Comet : Cleaned.
C:\Documents and Settings\vlado\Desktop\backups\backup-20070507-090556-406.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{912E11A5-5A9F-4512-9386-C9016C68EC2F}\RP4\A0009641.dll -> Adware.Softomate : Cleaned.
C:\Documents and Settings\vlado\Desktop\backups\backup-20070507-090556-528.dll -> Adware.Yatool : Cleaned.
C:\System Volume Information\_restore{912E11A5-5A9F-4512-9386-C9016C68EC2F}\RP4\A0010698.dll -> Backdoor.Sdbot : Cleaned.
C:\WINDOWS\system32\sbdbaaaa.exe -> Backdoor.Sdbot : Cleaned.
C:\WINDOWS\system32\ws_imod.dll -> Logger.Nukulus.a : Cleaned.
C:\WINDOWS\system32\wsock.dll -> Logger.Nukulus.a : Cleaned.
C:\Program Files\RAdmin\R_server.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned.
C:\Program Files\RAdmin\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned.
C:\WINDOWS\system32\raddrv.dll -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.20 : Cleaned.
C:\Documents and Settings\vlado\Cookies\vlado@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Cleaned.
C:\System Volume Information\_restore{912E11A5-5A9F-4512-9386-C9016C68EC2F}\RP4\A0010720.exe -> Trojan.Zapchast.ca : Cleaned.
C:\System Volume Information\_restore{912E11A5-5A9F-4512-9386-C9016C68EC2F}\RP4\A0010773.exe -> Trojan.Zapchast.ca : Cleaned.


::Report end



evo i log-a:

Logfile of HijackThis v1.99.1
Scan saved at 9:52:55, on 9.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\AtmeyeServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\r_server.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\LClock\LClock.exe
C:\Program Files\VisualTooltip\VisualToolTip.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
C:\Program Files\Styler\Styler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\DOCUME~1\vlado\LOCALS~1\Temp\{63DEF128-8EF6-4B2A-B051-AA3DF9F2A101}\Blaero Start Orb.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\DOCUME~1\vlado\LOCALS~1\Temp\{164E179F-00AC-47AD-A422-7DAE7A44616D}\sidebar.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Banka\VerPex.exe
C:\BANKA\AVISTA.EXE
C:\Program Files\RAdmin\Radmin.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\isqlw.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\vlado\Desktop\New Folder (2)\vvv.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = kingkongsearch.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = windowsxlive.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?LinkId=488
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5488E24F-B8E4-43B7-8726-F314FF7FEE98} - c:\windows\system32\dmhadmh.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [Vista Sidebar] C:\Program Files\Vista Sidebar\sidebar.exe
O4 - HKLM\..\Run: [VisualTooltip] C:\Program Files\VisualTooltip\VisualToolTip.exe
O4 - HKLM\..\Run: [Blaero Start Orb] C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe
O4 - HKLM\..\Run: [Styler] C:\Program Files\Styler\Styler.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\f-secure\fsps\program\fslsp.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = nikbanka.cg.rs
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F5325BC-2881-4CE2-9419-BF5F4C41D508}: NameServer = 172.16.1.5,172.16.1.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = nikbanka.cg.rs
O17 - HKLM\System\CS1\Services\Tcpip\..\{4F5325BC-2881-4CE2-9419-BF5F4C41D508}: NameServer = 172.16.1.5,172.16.1.15
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: poibqqbc - dmhadmh.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AtmEyeServ - BS/2 - C:\WINDOWS\system32\AtmeyeServ.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - InterBase Software Corp. - C:\Program Files\InterBase Corp\InterBase\bin\ibserver.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)

Dopuna: 09 Maj 2007 11:31

Evo i poruka koje mi je javio f-secure:

Malicious code found in file C:\SYSTEM VOLUME INFORMATION\_RESTORE{912E11A5-5A9F-4512-9386-C9016C68EC2F}\RP4\A0008645.DLL.
Infection: Packed.Win32.Morphine.a

Malicious code found in file C:\SYSTEM VOLUME INFORMATION\_RESTORE{912E11A5-5A9F-4512-9386-C9016C68EC2F}\RP4\A0008645.DLL.
Infection: Packed.Win32.Morphine.a

Infection: Trojan-Downloader.Win32.Small.ehe
Action: The file was deleted.

Malicious code found in file C:\SYSTEM VOLUME INFORMATION\_RESTORE{912E11A5-5A9F-4512-9386-C9016C68EC2F}\RP5\A0010882.DLL.
Infection: Trojan-Downloader.Win32.Small.ehe

Malicious code found in file C:\SYSTEM VOLUME INFORMATION\_RESTORE{912E11A5-5A9F-4512-9386-C9016C68EC2F}\RP5\A0010883.DLL.
Infection: Trojan.Win32.Pakes

Malicious code found in file C:\SYSTEM VOLUME INFORMATION\_RESTORE{912E11A5-5A9F-4512-9386-C9016C68EC2F}\RP5\A0010884.DLL.
Infection: Trojan.Win32.Agent.aet

Malicious code found in file C:\SYSTEM VOLUME INFORMATION\_RESTORE{912E11A5-5A9F-4512-9386-C9016C68EC2F}\RP5\A0010885.DLL.
Infection: Trojan-Downloader.Win32.Small.ehe

Malicious code found in file C:\SYSTEM VOLUME INFORMATION\_RESTORE{912E11A5-5A9F-4512-9386-C9016C68EC2F}\RP5\A0010886.DLL.
Infection: Trojan-Downloader.Win32.Small.ehe

Malicious code found in file C:\WINDOWS\SYSTEM32\DSXZPSJC.DLL.
Infection: Packed.Win32.Morphine.a
Action: failed.

Malicious code found in file C:\WINDOWS\SYSTEM32\DSXZPSJC.DLL.
Infection: Packed.Win32.Morphine.a
Action: failed.

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

C:\WINDOWS\system32\AtmeyeServ.exe
O23 - Service: AtmEyeServ - BS/2 - C:\WINDOWS\system32\AtmeyeServ.exe

Jel' ti je poznat ovaj proces i njegov servis ? Ovo je novo, a nema informacija o tome šta bi to moglo biti. Jesi li ti to instalirao ? Ako nisi šalji nam na upload.

O2 - BHO: (no name) - {5488E24F-B8E4-43B7-8726-F314FF7FEE98} - c:\windows\system32\dmhadmh.dll (file missing)
O20 - Winlogon Notify: poibqqbc - dmhadmh.dll (file missing)

To treba da se čekira u HJT i obriše ali mi ne ide u glavu kako neće da nestane.

C:\Banka\VerPex.exe
C:\BANKA\AVISTA.EXE

Pretpostavljam da si ti instalirao ovo. Jel' možeš da mi potvrdiš da je to legitimno, pošto takođe nemam informacija o tim procesima.


C:\DOCUME~1\vlado\LOCALS~1\Temp\{164E179F-00AC-47AD-A422-7DAE7A44616D}\sidebar.e xe

Ovo bi trebalo da bude na putanji :"C:\Program Files\Windows Sidebar\" a kod tebe se startuje uporno iz temp foldera i ima čudnu extenziju. Zamolio bih te da privremeno bar ukloniš taj program sa računara (dok traje čišćenje) jer mi je sumnjiv. Obriši i taj temp fajl.
-------------------------------------
U vezi ovoga :
Citat:Malicious code found in file C:\WINDOWS\SYSTEM32\DSXZPSJC.DLL.
Infection: Packed.Win32.Morphine.a
Action: failed.

Takođe nemam informacija o ovoj detekciji. Uploaduj mi i taj fajl.

offline
  • vl 
  • Novi MyCity građanin
  • Pridružio: 05 Maj 2007
  • Poruke: 18

C:\WINDOWS\system32\AtmeyeServ.exe
O23 - Service: AtmEyeServ - BS/2 - C:\WINDOWS\system32\AtmeyeServ.exe

C:\Banka\VerPex.exe
C:\BANKA\AVISTA.EXE

Ovo gore su stvari koje sam ja instalirao i koje mi trebaju.

ovaj sidebar.exe je nesto bezveze. kao neki dodatak skinu za vistu. to sam skinuo sa provjerenog sajta. ne vjerujem da je problematicno. dok je bio upaljen nije mi dao da ga obrisem a kad sam ga izgasio sad ga vise nema na putanji C:\DOCUME~1\vlado\LOCALS~1\Temp\{164E179F-00AC-47AD-A422-7DAE7A44616D}\sidebar.e xe a ni na putanji C:\Program Files\Windows Sidebar\

Dopuna: 09 Maj 2007 16:32

C:\WINDOWS\SYSTEM32\DSXZPSJC.DLL ovaj mi ne da da ga kopiram. ja ga nadjem i kad ocu da ga paste-jem onda mi izadje ona poruka koju sam vec poslao da je to virus i ta brisanje nije uspjelo. On mi pravi problem. To je definitivno. Samo ne znam kako da ga maknemo

Dopuna: 09 Maj 2007 16:35

Cekirao sam ovoga sto nece da nestane. Treba li da posaljem log?

Dopuna: 09 Maj 2007 16:42

Kad pokusam uplaodujem ovaj C:\WINDOWS\SYSTEM32\DSXZPSJC.DLL. kaze mi da je prevelik iako ima 100 i nesto KB. dok god radim sa njim javlja mi one greske. ne znam sta da mu radim

Ko je trenutno na forumu
 

Ukupno su 705 korisnika na forumu :: 29 registrovanih, 5 sakrivenih i 671 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ALBION101, Apok, djordje92sm, dragoljub11987, dragon986, ILGromovnik, Insan, ivan979, krlebgd77, kybonacci, Lieutenant, MiG-29M2, MiGac, Mixelotti, mnn2, mushroom, nemkea71, nenad81, pavle_pzs, pein, proleter373, ruso, sovanova95, Steeeefan, stegonosa, stug, vathra, vlvl