MyCity » Ambulanta -> Arhiva Ambulante » Outlook nece da se poveze sa Exchange serverom

Outlook nece da se poveze sa Exchange serverom

Napisano na dan: 21.1.2008

Strana:
1
2
3

Outlook nece da se poveze sa Exchange serverom

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

Srki_82 Poslao: 21 Jan 2008 08:38 Idi na vrh
offline Srki_82 Moderator foruma Srđan Tot Am I evil? I am man, yes I am. Pridružio: 12 Jul 2005 Poruke: 2483 Gde živiš: Ljubljana	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Juce sam pokusao da uz pomoc nekih programa otvorim Access bazu za koju sam zaboravio sifru, i medju tim programima sam pokrenui i neki koji je imao virus kojeg AVG Free nije detektovao. Kasnije u toku dana sam pustio konzolnu verziju McAfee antivirusa koji je pronasao i obrisao neke .exe fajlove (nije mi palo na pamet da zapisem koje ). Sve u svemu... sada AVG Free nece da se pokrene (za njegove servise i .exe fajlove windows kaze da nisu validni Win32 fajlovi) i Outlook nece da se poveze na Exchange server. Predpostavljam da je jos nesto od tog virusa ostalo na racunaru. Evo log fajla. Logfile of HijackThis v1.99.1 Scan saved at 8:32:00, on 21.1.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\CLIENTSERVICE.EXE C:\Program Files\hMailServer\MySQL\Bin\mysqld-nt.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\hMailServer\Bin\hMailServer.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe C:\WINDOWS\Explorer.EXE C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe C:\DOCUME~1\srdjant\LOCALS~1\Temp\RtkBtMnt.EXE C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE C:\Program Files\CodeGear\RAD Studio\5.0\bin\bds.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\srdjant\Desktop\New Folder\gfd.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici] R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici] O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - [Link mogu videti samo ulogovani korisnici] O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici] O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = zaslon-telecom.si O17 - HKLM\Software\..\Telephony: DomainName = zaslon-telecom.si O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = zaslon-telecom.si O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = zaslon-telecom.si O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = zaslon-telecom.si O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: CTI Client (ClientService4Com) - Unknown owner - C:\WINDOWS\system32\CLIENTSERVICE.EXE O23 - Service: hMailServer - hMailServer - C:\Program Files\hMailServer\Bin\hMailServer.exe O23 - Service: hMailServerMySQL - Unknown owner - C:\Program Files\hMailServer\MySQL\Bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\hMailServer\MySQL\my.INI" hMailServerMySQL (file missing) O23 - Service: SQL Server FullText Search (MSSQLSERVER) (msftesql) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe" -s:MSSQL.1 -f:MSSQLSERVER (file missing) O23 - Service: SQL Server (MSSQLSERVER) (MSSQLSERVER) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER (file missing) O23 - Service: SQL Server Agent (MSSQLSERVER) (SQLSERVERAGENT) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE" -i MSSQLSERVER (file missing)

Profil

dr_Bora Poslao: 21 Jan 2008 09:09 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Pošalji mi sledeći file: C:\WINDOWS\system32\CLIENTSERVICE.EXE Upload link: [Link mogu videti samo ulogovani korisnici] ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Srki_82 Poslao: 21 Jan 2008 10:25 Idi na vrh
offline Srki_82 Moderator foruma Srđan Tot Am I evil? I am man, yes I am. Pridružio: 12 Jul 2005 Poruke: 2483 Gde živiš: Ljubljana	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poslao sam fajl. Dopuna: 21 Jan 2008 10:25 Sad sam primetio da u procesima imam jedan koji se zove wintems.exe. Koristio sam Total Commander da pronadjem taj fajl i nasao ga je u Windows\System32, ali kad taj folder otvorim tamo fajla nema (ukljucio sam da vidim sve fajlove... i skrivene i sistemske).

Profil

dr_Bora Poslao: 21 Jan 2008 10:39 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Isprati uputstvo za ComboFix...

Profil

Srki_82 Poslao: 21 Jan 2008 10:43 Idi na vrh
offline Srki_82 Moderator foruma Srđan Tot Am I evil? I am man, yes I am. Pridružio: 12 Jul 2005 Poruke: 2483 Gde živiš: Ljubljana	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nisam imao vremena da ga pokrenem do sad. Evo loga. ComboFix 08-01-20.1 - srdjant 2008-01-21 10:27:32.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1577 [GMT 1:00] Running from: C:\Documents and Settings\srdjant\Desktop\New Folder\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\Cfx32.lic C:\WINDOWS\system32\cfx32.ocx C:\WINDOWS\system32\drivers\srosa.sys C:\WINDOWS\system32\wintems.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_SROSA -------\srosa ((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))) . 2008-01-21 10:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-18 14:19 . 2008-01-18 14:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-18 14:19 . 2008-01-18 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-01-18 14:00 . 2004-07-23 10:01 842,457 --------- C:\WINDOWS\system32\drivers\hldrrr.exe 2008-01-18 14:00 . 2008-01-18 14:40 70,660 --a------ C:\WINDOWS\system32\mdelk.exe 2008-01-18 13:58 . 2008-01-21 10:24 <DIR> d-------- C:\WINDOWS\system32\drivers\down 2008-01-18 13:56 . 2008-01-18 14:02 <DIR> d-------- C:\Program Files\Access Workgroup Password 2008-01-18 13:32 . 2008-01-18 13:32 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\DrekSoftware 2008-01-18 13:21 . 2008-01-18 13:22 275 --a------ C:\WINDOWS\acpr.ini 2008-01-18 13:19 . 2000-08-04 15:28 56 --a------ C:\WINDOWS\system32\Acpr.ini 2008-01-18 13:03 . 2008-01-18 13:03 249,856 --------- C:\WINDOWS\Setup1.exe 2008-01-18 13:03 . 2008-01-18 13:03 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-01-16 14:31 . 2008-01-16 14:31 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\.ICSharpCode 2008-01-16 14:30 . 2008-01-16 14:30 <DIR> d-------- C:\Program Files\SharpDevelop 2008-01-14 16:12 . 2008-01-14 16:12 4,916,736 --a------ C:\ODAP.BAK 2008-01-14 14:22 . 2008-01-14 14:22 24,371 --a------ C:\layout.ini 2008-01-07 20:43 . 2008-01-07 20:43 <DIR> d-------- C:\Program Files\Crystal Player 2008-01-06 00:51 . 2008-01-06 00:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-01-03 22:14 . 2008-01-18 13:58 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\AVG7 2008-01-03 22:13 . 2008-01-03 22:13 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7 2008-01-03 22:13 . 2008-01-20 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-01-03 22:13 . 2008-01-03 22:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-01-03 22:13 . 2008-01-03 22:13 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-01-02 00:50 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS 2008-01-02 00:50 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys 2008-01-01 23:48 . 2008-01-01 23:48 <DIR> d-------- C:\Program Files\Xvid 2008-01-01 23:48 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-01-01 23:48 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-01-01 23:48 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2007-12-30 13:50 . 2007-12-30 13:50 72 ---hs---- C:\desktop.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-21 07:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\CodeGear 2008-01-18 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-01-16 13:31 --------- d-----w C:\Documents and Settings\srdjant\Application Data\.ICSharpCode 2007-12-21 09:02 --------- d-----w C:\Program Files\Microsoft SQL Server 2007-12-19 14:10 --------- d-----w C:\Documents and Settings\srdjant\Application Data\CoSoSys 2007-12-14 13:07 --------- d-----w C:\Program Files\hMailServer 2007-12-12 12:06 --------- d-----w C:\Documents and Settings\srdjant\Application Data\ZASLON_TELECOM_d.o.o 2007-11-30 08:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-29 07:40 --------- d-----w C:\Program Files\ZASLON-TELECOM 2007-11-27 14:15 --------- d-----w C:\Program Files\Totalcmd . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN] @={30351346-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN] @={30351347-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN] @={30351348-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN] @={3035134B-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN] @={3035134C-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN] @={3035134D-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN] @={3035134E-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "eyeBeam SIP Client"="C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe" [2006-07-07 15:06 5186048] "german.exe"="C:\WINDOWS\system32\wintems.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" R2 ClientService4Com;CTI Client;C:\WINDOWS\system32\CLIENTSERVICE.EXE [2003-06-25 13:39] R2 hMailServer;hMailServer;C:\Program Files\hMailServer\Bin\hMailServer.exe RunAsService [] R2 hMailServerMySQL;hMailServerMySQL;"C:\Program Files\hMailServer\MySQL\Bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\hMailServer\MySQL\my.INI" hMailServerMySQL [] R2 MsDtsServer;SQL Server Integration Services;"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2005-10-14 03:45] S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53] S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2006-12-02 05:17] . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-01-21 10:36:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\msftesql] "ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER" . Completion time: 2008-01-21 10:41:07 - machine was rebooted ComboFix-quarantined-files.txt 2008-01-21 09:41:04 . 2008-01-15 02:02:37 --- E O F ---

Profil

dr_Bora Poslao: 21 Jan 2008 11:10 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini i pokreni sledeći program: [Link mogu videti samo ulogovani korisnici] ------------------------------------------------------------------------------------- Ponovo ćemo koristiti program ComboFix... Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\drivers\hldrrr.exe C:\WINDOWS\system32\mdelk.exe DirLook:: C:\WINDOWS\system32\drivers\down Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "german.exe"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Srki_82 Poslao: 21 Jan 2008 11:34 Idi na vrh
offline Srki_82 Moderator foruma Srđan Tot Am I evil? I am man, yes I am. Pridružio: 12 Jul 2005 Poruke: 2483 Gde živiš: Ljubljana	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! SafeBootKeyRepair log Reg export of SafeBoot key after repair: ======================== Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot] "AlternateShell"="cmd.exe" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}] @="Universal Serial Bus controllers" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}] @="CD-ROM Drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}] @="Standard floppy disk controller" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}] @="PCMCIA Adapters" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}] @="SCSIAdapter" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}] @="Floppy disk drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] @="Human Interface Devices" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus Extender] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI] @="Driver Group" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WZCSVC] @="Service" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}] @="Universal Serial Bus controllers" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}] @="CD-ROM Drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}] @="Standard floppy disk controller" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}] @="Net" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}] @="NetClient" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}] @="NetService" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}] @="NetTrans" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}] @="PCMCIA Adapters" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}] @="SCSIAdapter" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}] @="Floppy disk drive" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}] @="Human Interface Devices" ======================== Dopuna: 21 Jan 2008 11:29 ComboFix log ComboFix 08-01-20.1 - srdjant 2008-01-21 11:21:48.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1453 [GMT 1:00] Running from: C:\Documents and Settings\srdjant\Desktop\New Folder\ComboFix.exe Command switches used :: C:\Documents and Settings\srdjant\Desktop\New Folder\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE C:\WINDOWS\system32\drivers\hldrrr.exe C:\WINDOWS\system32\mdelk.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\hldrrr.exe C:\WINDOWS\system32\mdelk.exe . ((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))) . 2008-01-21 10:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-18 14:19 . 2008-01-18 14:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-18 14:19 . 2008-01-18 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-01-18 13:58 . 2008-01-21 10:24 <DIR> d-------- C:\WINDOWS\system32\drivers\down 2008-01-18 13:32 . 2008-01-18 13:32 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\DrekSoftware 2008-01-18 13:21 . 2008-01-18 13:22 275 --a------ C:\WINDOWS\acpr.ini 2008-01-18 13:19 . 2000-08-04 15:28 56 --a------ C:\WINDOWS\system32\Acpr.ini 2008-01-18 13:03 . 2008-01-18 13:03 249,856 --------- C:\WINDOWS\Setup1.exe 2008-01-18 13:03 . 2008-01-18 13:03 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-01-16 14:31 . 2008-01-16 14:31 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\.ICSharpCode 2008-01-16 14:30 . 2008-01-16 14:30 <DIR> d-------- C:\Program Files\SharpDevelop 2008-01-14 16:12 . 2008-01-14 16:12 4,916,736 --a------ C:\ODAP.BAK 2008-01-14 14:22 . 2008-01-14 14:22 24,371 --a------ C:\layout.ini 2008-01-07 20:43 . 2008-01-07 20:43 <DIR> d-------- C:\Program Files\Crystal Player 2008-01-06 00:51 . 2008-01-06 00:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-01-03 22:14 . 2008-01-18 13:58 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\AVG7 2008-01-03 22:13 . 2008-01-03 22:13 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7 2008-01-03 22:13 . 2008-01-20 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-01-03 22:13 . 2008-01-03 22:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-01-03 22:13 . 2008-01-03 22:13 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-01-02 00:50 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS 2008-01-02 00:50 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys 2008-01-01 23:48 . 2008-01-01 23:48 <DIR> d-------- C:\Program Files\Xvid 2008-01-01 23:48 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-01-01 23:48 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-01-01 23:48 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2007-12-30 13:50 . 2007-12-30 13:50 72 ---hs---- C:\desktop.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-21 09:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\CodeGear 2008-01-18 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-01-16 13:31 --------- d-----w C:\Documents and Settings\srdjant\Application Data\.ICSharpCode 2007-12-21 09:02 --------- d-----w C:\Program Files\Microsoft SQL Server 2007-12-19 14:10 --------- d-----w C:\Documents and Settings\srdjant\Application Data\CoSoSys 2007-12-14 13:07 --------- d-----w C:\Program Files\hMailServer 2007-12-12 12:06 --------- d-----w C:\Documents and Settings\srdjant\Application Data\ZASLON_TELECOM_d.o.o 2007-11-30 08:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-29 07:40 --------- d-----w C:\Program Files\ZASLON-TELECOM 2007-11-27 14:15 --------- d-----w C:\Program Files\Totalcmd 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\WINDOWS\system32\drivers\down ---- 2008-01-21 10:24 9761 --a------ C:\WINDOWS\system32\drivers\down\308359.exe 2008-01-21 10:24 873 --a------ C:\WINDOWS\system32\drivers\down\297265.exe 2008-01-21 10:24 115 --a------ C:\WINDOWS\system32\drivers\down\300671.exe 2008-01-21 10:23 7896 --a------ C:\WINDOWS\system32\drivers\down\258546.exe 2008-01-21 10:23 648 --a------ C:\WINDOWS\system32\drivers\down\232875.exe 2008-01-21 10:23 34214 --a------ C:\WINDOWS\system32\drivers\down\217125.exe 2008-01-21 10:23 212 --a------ C:\WINDOWS\system32\drivers\down\266312.exe 2008-01-21 10:23 212 --a------ C:\WINDOWS\system32\drivers\down\263859.exe 2008-01-21 10:23 212 --a------ C:\WINDOWS\system32\drivers\down\261109.exe 2008-01-21 10:23 1621 --a------ C:\WINDOWS\system32\drivers\down\270890.exe 2008-01-21 10:23 1609 --a------ C:\WINDOWS\system32\drivers\down\264359.exe 2008-01-21 10:23 115 --a------ C:\WINDOWS\system32\drivers\down\268437.exe 2008-01-21 10:22 8085 --a------ C:\WINDOWS\system32\drivers\down\191375.exe 2008-01-21 10:22 805 --a------ C:\WINDOWS\system32\drivers\down\194500.exe 2008-01-21 10:22 8035 --a------ C:\WINDOWS\system32\drivers\down\174609.exe 2008-01-21 10:22 70656 --a------ C:\WINDOWS\system32\drivers\down\165187.exe 2008-01-21 10:22 6958 --a------ C:\WINDOWS\system32\drivers\down\199718.exe 2008-01-21 10:22 685 --a------ C:\WINDOWS\system32\drivers\down\215531.exe 2008-01-21 10:22 657412 --a------ C:\WINDOWS\system32\drivers\down\156468.exe 2008-01-21 10:22 628 --a------ C:\WINDOWS\system32\drivers\down\169328.exe 2008-01-21 10:22 494 --a------ C:\WINDOWS\system32\drivers\down\213671.exe 2008-01-21 10:22 1125 --a------ C:\WINDOWS\system32\drivers\down\195375.exe 2008-01-21 10:21 70656 --a------ C:\WINDOWS\system32\drivers\down\140687.exe 2008-01-21 10:21 13824 --a------ C:\WINDOWS\system32\drivers\down\155093.exe 2008-01-21 08:23 9761 --a------ C:\WINDOWS\system32\drivers\down\204093.exe 2008-01-21 08:23 873 --a------ C:\WINDOWS\system32\drivers\down\199281.exe 2008-01-21 08:23 632 --a------ C:\WINDOWS\system32\drivers\down\200640.exe 2008-01-21 08:22 8085 --a------ C:\WINDOWS\system32\drivers\down\120390.exe 2008-01-21 08:22 805 --a------ C:\WINDOWS\system32\drivers\down\121937.exe 2008-01-21 08:22 7896 --a------ C:\WINDOWS\system32\drivers\down\154343.exe 2008-01-21 08:22 6958 --a------ C:\WINDOWS\system32\drivers\down\142828.exe 2008-01-21 08:22 685 --a------ C:\WINDOWS\system32\drivers\down\146203.exe 2008-01-21 08:22 648 --a------ C:\WINDOWS\system32\drivers\down\148734.exe 2008-01-21 08:22 608 --a------ C:\WINDOWS\system32\drivers\down\171343.exe 2008-01-21 08:22 494 --a------ C:\WINDOWS\system32\drivers\down\144375.exe 2008-01-21 08:22 34214 --a------ C:\WINDOWS\system32\drivers\down\147671.exe 2008-01-21 08:22 212 --a------ C:\WINDOWS\system32\drivers\down\169828.exe 2008-01-21 08:22 212 --a------ C:\WINDOWS\system32\drivers\down\158937.exe 2008-01-21 08:22 212 --a------ C:\WINDOWS\system32\drivers\down\157187.exe 2008-01-21 08:22 1621 --a------ C:\WINDOWS\system32\drivers\down\172968.exe 2008-01-21 08:22 1609 --a------ C:\WINDOWS\system32\drivers\down\160421.exe 2008-01-21 08:21 8035 --a------ C:\WINDOWS\system32\drivers\down\102015.exe 2008-01-21 08:21 70656 --a------ C:\WINDOWS\system32\drivers\down\79609.exe 2008-01-21 08:21 657412 --a------ C:\WINDOWS\system32\drivers\down\85828.exe 2008-01-21 08:21 628 --a------ C:\WINDOWS\system32\drivers\down\89546.exe 2008-01-21 08:21 13824 --a------ C:\WINDOWS\system32\drivers\down\85203.exe 2008-01-18 14:41 9761 --a------ C:\WINDOWS\system32\drivers\down\186359.exe 2008-01-18 14:41 873 --a------ C:\WINDOWS\system32\drivers\down\181875.exe 2008-01-18 14:41 7896 --a------ C:\WINDOWS\system32\drivers\down\145437.exe 2008-01-18 14:41 685 --a------ C:\WINDOWS\system32\drivers\down\139843.exe 2008-01-18 14:41 648 --a------ C:\WINDOWS\system32\drivers\down\142062.exe 2008-01-18 14:41 632 --a------ C:\WINDOWS\system32\drivers\down\183031.exe 2008-01-18 14:41 608 --a------ C:\WINDOWS\system32\drivers\down\155343.exe 2008-01-18 14:41 494 --a------ C:\WINDOWS\system32\drivers\down\134953.exe 2008-01-18 14:41 34214 --a------ C:\WINDOWS\system32\drivers\down\141015.exe 2008-01-18 14:41 212 --a------ C:\WINDOWS\system32\drivers\down\152750.exe 2008-01-18 14:41 212 --a------ C:\WINDOWS\system32\drivers\down\147109.exe 2008-01-18 14:41 1621 --a------ C:\WINDOWS\system32\drivers\down\156828.exe 2008-01-18 14:41 1609 --a------ C:\WINDOWS\system32\drivers\down\147890.exe 2008-01-18 14:40 8085 --a------ C:\WINDOWS\system32\drivers\down\113937.exe 2008-01-18 14:40 805 --a------ C:\WINDOWS\system32\drivers\down\116343.exe 2008-01-18 14:40 8035 --a------ C:\WINDOWS\system32\drivers\down\102750.exe 2008-01-18 14:40 70660 --a------ C:\WINDOWS\system32\drivers\down\97312.exe 2008-01-18 14:40 70660 --a------ C:\WINDOWS\system32\drivers\down\90734.exe 2008-01-18 14:40 6958 --a------ C:\WINDOWS\system32\drivers\down\121562.exe 2008-01-18 14:40 657412 --a------ C:\WINDOWS\system32\drivers\down\96109.exe 2008-01-18 14:40 628 --a------ C:\WINDOWS\system32\drivers\down\99515.exe 2008-01-18 14:40 3502 --a------ C:\WINDOWS\system32\drivers\down\108812.exe 2008-01-18 14:40 13824 --a------ C:\WINDOWS\system32\drivers\down\95546.exe 2008-01-18 14:40 1125 --a------ C:\WINDOWS\system32\drivers\down\116812.exe 2008-01-18 14:12 9761 --a------ C:\WINDOWS\system32\drivers\down\213468.exe 2008-01-18 14:12 873 --a------ C:\WINDOWS\system32\drivers\down\208406.exe 2008-01-18 14:12 632 --a------ C:\WINDOWS\system32\drivers\down\210156.exe 2008-01-18 14:11 93188 --a------ C:\WINDOWS\system32\drivers\down\143234.exe 2008-01-18 14:11 8085 --a------ C:\WINDOWS\system32\drivers\down\161140.exe 2008-01-18 14:11 805 --a------ C:\WINDOWS\system32\drivers\down\162484.exe 2008-01-18 14:11 8035 --a------ C:\WINDOWS\system32\drivers\down\150031.exe 2008-01-18 14:11 7896 --a------ C:\WINDOWS\system32\drivers\down\175968.exe 2008-01-18 14:11 6958 --a------ C:\WINDOWS\system32\drivers\down\164562.exe 2008-01-18 14:11 685 --a------ C:\WINDOWS\system32\drivers\down\167500.exe 2008-01-18 14:11 657412 --a------ C:\WINDOWS\system32\drivers\down\139875.exe 2008-01-18 14:11 648 --a------ C:\WINDOWS\system32\drivers\down\172250.exe 2008-01-18 14:11 628 --a------ C:\WINDOWS\system32\drivers\down\146156.exe 2008-01-18 14:11 608 --a------ C:\WINDOWS\system32\drivers\down\182093.exe 2008-01-18 14:11 494 --a------ C:\WINDOWS\system32\drivers\down\165828.exe 2008-01-18 14:11 3502 --a------ C:\WINDOWS\system32\drivers\down\155218.exe 2008-01-18 14:11 34214 --a------ C:\WINDOWS\system32\drivers\down\171156.exe 2008-01-18 14:11 212 --a------ C:\WINDOWS\system32\drivers\down\180515.exe 2008-01-18 14:11 212 --a------ C:\WINDOWS\system32\drivers\down\177593.exe 2008-01-18 14:11 212 --a------ C:\WINDOWS\system32\drivers\down\177437.exe 2008-01-18 14:11 1621 --a------ C:\WINDOWS\system32\drivers\down\183546.exe 2008-01-18 14:11 1609 --a------ C:\WINDOWS\system32\drivers\down\177812.exe 2008-01-18 14:11 1125 --a------ C:\WINDOWS\system32\drivers\down\163015.exe 2008-01-18 14:10 70660 --a------ C:\WINDOWS\system32\drivers\down\135156.exe 2008-01-18 14:10 483844 --a------ C:\WINDOWS\system32\drivers\down\137109.exe 2008-01-18 14:10 13824 --a------ C:\WINDOWS\system32\drivers\down\139406.exe 2008-01-18 14:03 9761 --a------ C:\WINDOWS\system32\drivers\down\6396468.exe 2008-01-18 14:02 7896 --a------ C:\WINDOWS\system32\drivers\down\6342453.exe 2008-01-18 14:02 632 --a------ C:\WINDOWS\system32\drivers\down\6392812.exe 2008-01-18 14:02 608 --a------ C:\WINDOWS\system32\drivers\down\6355578.exe 2008-01-18 14:02 212 --a------ C:\WINDOWS\system32\drivers\down\6351359.exe 2008-01-18 14:02 212 --a------ C:\WINDOWS\system32\drivers\down\6346390.exe 2008-01-18 14:02 212 --a------ C:\WINDOWS\system32\drivers\down\6345593.exe 2008-01-18 14:02 1621 --a------ C:\WINDOWS\system32\drivers\down\6357843.exe 2008-01-18 14:02 1609 --a------ C:\WINDOWS\system32\drivers\down\6347562.exe 2008-01-18 14:01 8085 --a------ C:\WINDOWS\system32\drivers\down\6300921.exe 2008-01-18 14:01 805 --a------ C:\WINDOWS\system32\drivers\down\6310328.exe 2008-01-18 14:01 8035 --a------ C:\WINDOWS\system32\drivers\down\6275906.exe 2008-01-18 14:01 6958 --a------ C:\WINDOWS\system32\drivers\down\6326421.exe 2008-01-18 14:01 685 --a------ C:\WINDOWS\system32\drivers\down\6330125.exe 2008-01-18 14:01 648 --a------ C:\WINDOWS\system32\drivers\down\6334281.exe 2008-01-18 14:01 494 --a------ C:\WINDOWS\system32\drivers\down\6327890.exe 2008-01-18 14:01 3502 --a------ C:\WINDOWS\system32\drivers\down\6289359.exe 2008-01-18 14:01 34214 --a------ C:\WINDOWS\system32\drivers\down\6331906.exe 2008-01-18 14:01 1125 --a------ C:\WINDOWS\system32\drivers\down\6311031.exe 2008-01-18 14:00 70660 --a------ C:\WINDOWS\system32\drivers\down\6267609.exe 2008-01-18 14:00 70660 --a------ C:\WINDOWS\system32\drivers\down\6261484.exe 2008-01-18 14:00 657412 --a------ C:\WINDOWS\system32\drivers\down\6266000.exe 2008-01-18 14:00 483844 --a------ C:\WINDOWS\system32\drivers\down\6263750.exe 2008-01-18 14:00 13824 --a------ C:\WINDOWS\system32\drivers\down\6265281.exe ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-21 09:27:00 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-21 10:21:42 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-21 09:27:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-21 10:21:42 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-21 09:27:00 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-21 10:21:42 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-21 09:27:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-21 10:21:43 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-21 09:27:00 6,393,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-21 10:21:44 6,393,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-21 09:27:00 20,480 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-21 10:21:44 20,480 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat - 2008-01-20 11:48:41 90,332 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-21 09:40:30 90,332 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-01-20 11:48:41 487,390 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-21 09:40:30 487,390 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN] @={30351346-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN] @={30351347-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN] @={30351348-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN] @={3035134B-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN] @={3035134C-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN] @={3035134D-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN] @={3035134E-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "eyeBeam SIP Client"="C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe" [2006-07-07 15:06 5186048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) R2 ClientService4Com;CTI Client;C:\WINDOWS\system32\CLIENTSERVICE.EXE [2003-06-25 13:39] R2 hMailServer;hMailServer;C:\Program Files\hMailServer\Bin\hMailServer.exe RunAsService [] R2 hMailServerMySQL;hMailServerMySQL;"C:\Program Files\hMailServer\MySQL\Bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\hMailServer\MySQL\my.INI" hMailServerMySQL [] R2 MsDtsServer;SQL Server Integration Services;"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2005-10-14 03:45] S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53] S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2006-12-02 05:17] . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-01-21 11:23:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\msftesql] "ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER" . Completion time: 2008-01-21 11:23:38 ComboFix-quarantined-files.txt 2008-01-21 10:23:23 ComboFix2.txt 2008-01-21 09:41:07 . 2008-01-15 02:02:37 --- E O F --- BTW Sad vise ne mogu sa svig racunara da idem na internet. Probacu da ga resetujem. Dopuna: 21 Jan 2008 11:34 Posle restarta proradio net.

Profil

dr_Bora Poslao: 21 Jan 2008 12:18 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix prekida internet konekciju kako bi sprečio download novog malware-a u toku čišćenja/skeniranja - znači, ništa zabrinjavajuće oko toga. Treba da odradimo još neke stvari... Otvoriti Notepad i iskopirati sledeci tekst: `Folder:: C:\WINDOWS\system32\drivers\down Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Dopuna: 21 Jan 2008 12:18 Jedno pitanje - kakvu konekciju koristiš? Da li ti je problem da download-uješ nekih 15 MB?

Profil

Srki_82 Poslao: 21 Jan 2008 12:20 Idi na vrh
offline Srki_82 Moderator foruma Srđan Tot Am I evil? I am man, yes I am. Pridružio: 12 Jul 2005 Poruke: 2483 Gde živiš: Ljubljana	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nije problem... konekcija je 10MB/10MB Evo loga ComboFix 08-01-20.1 - srdjant 2008-01-21 12:12:35.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1472 [GMT 1:00] Running from: C:\Documents and Settings\srdjant\Desktop\New Folder\ComboFix.exe Command switches used :: C:\Documents and Settings\srdjant\Desktop\New Folder\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\down C:\WINDOWS\system32\drivers\down\102015.exe C:\WINDOWS\system32\drivers\down\102750.exe C:\WINDOWS\system32\drivers\down\108812.exe C:\WINDOWS\system32\drivers\down\113937.exe C:\WINDOWS\system32\drivers\down\116343.exe C:\WINDOWS\system32\drivers\down\116812.exe C:\WINDOWS\system32\drivers\down\120390.exe C:\WINDOWS\system32\drivers\down\121562.exe C:\WINDOWS\system32\drivers\down\121937.exe C:\WINDOWS\system32\drivers\down\134953.exe C:\WINDOWS\system32\drivers\down\135156.exe C:\WINDOWS\system32\drivers\down\137109.exe C:\WINDOWS\system32\drivers\down\139406.exe C:\WINDOWS\system32\drivers\down\139843.exe C:\WINDOWS\system32\drivers\down\139875.exe C:\WINDOWS\system32\drivers\down\140687.exe C:\WINDOWS\system32\drivers\down\141015.exe C:\WINDOWS\system32\drivers\down\142062.exe C:\WINDOWS\system32\drivers\down\142828.exe C:\WINDOWS\system32\drivers\down\143234.exe C:\WINDOWS\system32\drivers\down\144375.exe C:\WINDOWS\system32\drivers\down\145437.exe C:\WINDOWS\system32\drivers\down\146156.exe C:\WINDOWS\system32\drivers\down\146203.exe C:\WINDOWS\system32\drivers\down\147109.exe C:\WINDOWS\system32\drivers\down\147671.exe C:\WINDOWS\system32\drivers\down\147890.exe C:\WINDOWS\system32\drivers\down\148734.exe C:\WINDOWS\system32\drivers\down\150031.exe C:\WINDOWS\system32\drivers\down\152750.exe C:\WINDOWS\system32\drivers\down\154343.exe C:\WINDOWS\system32\drivers\down\155093.exe C:\WINDOWS\system32\drivers\down\155218.exe C:\WINDOWS\system32\drivers\down\155343.exe C:\WINDOWS\system32\drivers\down\156468.exe C:\WINDOWS\system32\drivers\down\156828.exe C:\WINDOWS\system32\drivers\down\157187.exe C:\WINDOWS\system32\drivers\down\158937.exe C:\WINDOWS\system32\drivers\down\160421.exe C:\WINDOWS\system32\drivers\down\161140.exe C:\WINDOWS\system32\drivers\down\162484.exe C:\WINDOWS\system32\drivers\down\163015.exe C:\WINDOWS\system32\drivers\down\164562.exe C:\WINDOWS\system32\drivers\down\165187.exe C:\WINDOWS\system32\drivers\down\165828.exe C:\WINDOWS\system32\drivers\down\167500.exe C:\WINDOWS\system32\drivers\down\169328.exe C:\WINDOWS\system32\drivers\down\169828.exe C:\WINDOWS\system32\drivers\down\171156.exe C:\WINDOWS\system32\drivers\down\171343.exe C:\WINDOWS\system32\drivers\down\172250.exe C:\WINDOWS\system32\drivers\down\172968.exe C:\WINDOWS\system32\drivers\down\174609.exe C:\WINDOWS\system32\drivers\down\175968.exe C:\WINDOWS\system32\drivers\down\177437.exe C:\WINDOWS\system32\drivers\down\177593.exe C:\WINDOWS\system32\drivers\down\177812.exe C:\WINDOWS\system32\drivers\down\180515.exe C:\WINDOWS\system32\drivers\down\181875.exe C:\WINDOWS\system32\drivers\down\182093.exe C:\WINDOWS\system32\drivers\down\183031.exe C:\WINDOWS\system32\drivers\down\183546.exe C:\WINDOWS\system32\drivers\down\186359.exe C:\WINDOWS\system32\drivers\down\191375.exe C:\WINDOWS\system32\drivers\down\194500.exe C:\WINDOWS\system32\drivers\down\195375.exe C:\WINDOWS\system32\drivers\down\199281.exe C:\WINDOWS\system32\drivers\down\199718.exe C:\WINDOWS\system32\drivers\down\200640.exe C:\WINDOWS\system32\drivers\down\204093.exe C:\WINDOWS\system32\drivers\down\208406.exe C:\WINDOWS\system32\drivers\down\210156.exe C:\WINDOWS\system32\drivers\down\213468.exe C:\WINDOWS\system32\drivers\down\213671.exe C:\WINDOWS\system32\drivers\down\215531.exe C:\WINDOWS\system32\drivers\down\217125.exe C:\WINDOWS\system32\drivers\down\232875.exe C:\WINDOWS\system32\drivers\down\258546.exe C:\WINDOWS\system32\drivers\down\261109.exe C:\WINDOWS\system32\drivers\down\263859.exe C:\WINDOWS\system32\drivers\down\264359.exe C:\WINDOWS\system32\drivers\down\266312.exe C:\WINDOWS\system32\drivers\down\268437.exe C:\WINDOWS\system32\drivers\down\270890.exe C:\WINDOWS\system32\drivers\down\297265.exe C:\WINDOWS\system32\drivers\down\300671.exe C:\WINDOWS\system32\drivers\down\308359.exe C:\WINDOWS\system32\drivers\down\6261484.exe C:\WINDOWS\system32\drivers\down\6263750.exe C:\WINDOWS\system32\drivers\down\6265281.exe C:\WINDOWS\system32\drivers\down\6266000.exe C:\WINDOWS\system32\drivers\down\6267609.exe C:\WINDOWS\system32\drivers\down\6275906.exe C:\WINDOWS\system32\drivers\down\6289359.exe C:\WINDOWS\system32\drivers\down\6300921.exe C:\WINDOWS\system32\drivers\down\6310328.exe C:\WINDOWS\system32\drivers\down\6311031.exe C:\WINDOWS\system32\drivers\down\6326421.exe C:\WINDOWS\system32\drivers\down\6327890.exe C:\WINDOWS\system32\drivers\down\6330125.exe C:\WINDOWS\system32\drivers\down\6331906.exe C:\WINDOWS\system32\drivers\down\6334281.exe C:\WINDOWS\system32\drivers\down\6342453.exe C:\WINDOWS\system32\drivers\down\6345593.exe C:\WINDOWS\system32\drivers\down\6346390.exe C:\WINDOWS\system32\drivers\down\6347562.exe C:\WINDOWS\system32\drivers\down\6351359.exe C:\WINDOWS\system32\drivers\down\6355578.exe C:\WINDOWS\system32\drivers\down\6357843.exe C:\WINDOWS\system32\drivers\down\6392812.exe C:\WINDOWS\system32\drivers\down\6396468.exe C:\WINDOWS\system32\drivers\down\79609.exe C:\WINDOWS\system32\drivers\down\85203.exe C:\WINDOWS\system32\drivers\down\85828.exe C:\WINDOWS\system32\drivers\down\89546.exe C:\WINDOWS\system32\drivers\down\90734.exe C:\WINDOWS\system32\drivers\down\95546.exe C:\WINDOWS\system32\drivers\down\96109.exe C:\WINDOWS\system32\drivers\down\97312.exe C:\WINDOWS\system32\drivers\down\99515.exe . ((((((((((((((((((((((((( Files Created from 2007-12-21 to 2008-01-21 ))))))))))))))))))))))))))))))) . 2008-01-21 10:25 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-18 14:19 . 2008-01-18 14:19 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-01-18 14:19 . 2008-01-18 14:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-01-18 13:32 . 2008-01-18 13:32 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\DrekSoftware 2008-01-18 13:21 . 2008-01-18 13:22 275 --a------ C:\WINDOWS\acpr.ini 2008-01-18 13:19 . 2000-08-04 15:28 56 --a------ C:\WINDOWS\system32\Acpr.ini 2008-01-18 13:03 . 2008-01-18 13:03 249,856 --------- C:\WINDOWS\Setup1.exe 2008-01-18 13:03 . 2008-01-18 13:03 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-01-16 14:31 . 2008-01-16 14:31 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\.ICSharpCode 2008-01-16 14:30 . 2008-01-16 14:30 <DIR> d-------- C:\Program Files\SharpDevelop 2008-01-14 16:12 . 2008-01-14 16:12 4,916,736 --a------ C:\ODAP.BAK 2008-01-14 14:22 . 2008-01-14 14:22 24,371 --a------ C:\layout.ini 2008-01-07 20:43 . 2008-01-07 20:43 <DIR> d-------- C:\Program Files\Crystal Player 2008-01-06 00:51 . 2008-01-06 00:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7 2008-01-03 22:14 . 2008-01-18 13:58 <DIR> d-------- C:\Documents and Settings\srdjant\Application Data\AVG7 2008-01-03 22:13 . 2008-01-03 22:13 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\AVG7 2008-01-03 22:13 . 2008-01-20 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7 2008-01-03 22:13 . 2008-01-03 22:13 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-01-03 22:13 . 2008-01-03 22:13 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll 2008-01-02 00:50 . 2001-08-17 13:56 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS 2008-01-02 00:50 . 2001-08-17 13:56 7,552 --a--c--- C:\WINDOWS\system32\dllcache\sonypvu1.sys 2008-01-01 23:48 . 2008-01-01 23:48 <DIR> d-------- C:\Program Files\Xvid 2008-01-01 23:48 . 2007-06-28 18:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll 2008-01-01 23:48 . 2007-06-28 18:54 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2008-01-01 23:48 . 2007-06-28 18:55 77,824 --a------ C:\WINDOWS\system32\xvid.ax 2007-12-30 13:50 . 2007-12-30 13:50 72 ---hs---- C:\desktop.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-21 09:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\CodeGear 2008-01-18 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-01-16 13:31 --------- d-----w C:\Documents and Settings\srdjant\Application Data\.ICSharpCode 2007-12-21 09:02 --------- d-----w C:\Program Files\Microsoft SQL Server 2007-12-19 14:10 --------- d-----w C:\Documents and Settings\srdjant\Application Data\CoSoSys 2007-12-14 13:07 --------- d-----w C:\Program Files\hMailServer 2007-12-12 12:06 --------- d-----w C:\Documents and Settings\srdjant\Application Data\ZASLON_TELECOM_d.o.o 2007-11-30 08:19 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-11-29 07:40 --------- d-----w C:\Program Files\ZASLON-TELECOM 2007-11-27 14:15 --------- d-----w C:\Program Files\Totalcmd 2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . - 2008-01-21 09:27:00 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT + 2008-01-21 11:12:29 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT - 2008-01-21 09:27:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat + 2008-01-21 11:12:29 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat - 2008-01-21 09:27:00 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT + 2008-01-21 11:12:29 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT - 2008-01-21 09:27:00 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat + 2008-01-21 11:12:29 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat - 2008-01-21 09:27:00 6,393,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT + 2008-01-21 11:12:29 6,393,856 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT - 2008-01-21 09:27:00 20,480 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat + 2008-01-21 11:12:30 20,480 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat - 2008-01-20 11:48:41 90,332 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-01-21 09:40:30 90,332 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-01-20 11:48:41 487,390 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-01-21 09:40:30 487,390 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN] @={30351346-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN] @={30351347-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN] @={30351348-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN] @={3035134B-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN] @={3035134C-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN] @={3035134D-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN] @={3035134E-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}] 2007-08-26 10:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360] "eyeBeam SIP Client"="C:\Program Files\CounterPath\eyeBeam 1.5\eyeBeam.exe" [2006-07-07 15:06 5186048] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 13:00 110592 C:\WINDOWS\system32\bthprops.cpl] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 02:06 40048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) R2 ClientService4Com;CTI Client;C:\WINDOWS\system32\CLIENTSERVICE.EXE [2003-06-25 13:39] R2 hMailServer;hMailServer;C:\Program Files\hMailServer\Bin\hMailServer.exe RunAsService [] R2 hMailServerMySQL;hMailServerMySQL;"C:\Program Files\hMailServer\MySQL\Bin\mysqld-nt.exe" "--defaults-file=C:\Program Files\hMailServer\MySQL\my.INI" hMailServerMySQL [] R2 MsDtsServer;SQL Server Integration Services;"C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe" [2005-10-14 03:45] S3 SQLWriter;SQL Server VSS Writer;"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2005-10-14 02:53] S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" [2006-12-02 05:17] . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2008-01-21 12:17:20 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet002\Services\msftesql] "ImagePath"="\"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER" . Completion time: 2008-01-21 12:17:56 ComboFix-quarantined-files.txt 2008-01-21 11:17:42 ComboFix2.txt 2008-01-21 10:23:38 ComboFix3.txt 2008-01-21 09:41:07 . 2008-01-15 02:02:37 --- E O F ---

Profil

dr_Bora Poslao: 21 Jan 2008 12:39 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi Norman Malware Cleaner na Desktop. Uraditi sledeće: Dvoklikom pokrenuti Norman_Malware_Cleaner.exe Kliknuti Accept da bi prešli na sledeći ekran Pokrenuti skeniranje klikom na Start Scan i sačekati da se završi Ukoliko se pojavi upit o restartovanju kompjutera: Kliknuti Yes Nakon restarta, skeniranje/čišćenje će biti nastavljeno Kada proces bude završen, zatvoriti program klikom na Quit Uz iduću poruku priložiti logfile NFix_datum_vreme.log koji se nalazi na Desktopu Kad ovo gore odradiš, restartuj PC i reci mi kakvo je sada stanje. Inače, zašto ne koristiš AV?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Outlook nece da se poveze sa Exchange serverom

Ko je trenutno na forumu

Ukupno su 1066 korisnika na forumu :: 110 registrovanih, 7 sakrivenih i 949 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, _stipa_, Alexandar-1973, Aristotle2002, Asteker, bgs, Bojan198527, bokisha253, Boris BM, boro975, BORUTUS, Cian, Cirkon, cojapop, colji, crazydkure, cyprus, DalmatinacMF, darkangel, darkojbn, Dimitrise93, Django777, Dogma21, Dorcolac, dule10savic, Dzoni Stek, feanor, Feller, Fullback, gacesam, GandorCC, ginjica, goran.vvv, HogarStrashni, ikan, Jakonjveliki, jalos, JankoS, Jonbonjovi, Jose, Josef, Kalem, Konda, KonstantinR, kontrasvijeta, krkalon, Krusarac, Kukuvaja, Leonov, Lieutenant, ljuba.b, macak44, MaksicZoran, mercedesamg, Metanoja, miki kv, mikrimaus, Miletić Zoran, Milos1389, mist-mist, mkukoleca, mocnijogurt, moldway, mrav pesadinac, nebojsag, Nomica, novator, obsc, oldtimer, orah, pablojepao, panzerwaffe, pceklic, pein, pisac12, Pururin, raketaš, Ranutovac, raykan, Razdroid, rovac, Sančo, sekretar, Shinobi, shone34, Sr.Stat., stalja, stegonosa, TalicniTom, TBoy, tecataki, tehnika, tenkiasta71, tihi-posmatrac, Tribal, uruk, vensla, voja64, Vojkan Petrovic, vrag81, Vzor50, X3, XBMC, zeo, ZetaMan, zokizemun, Zorge, Zrcalo, 787, 1453

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by