MyCity » Ambulanta -> Arhiva Ambulante » Zarazen komp + povremeno se "zaledi"

Zarazen komp + povremeno se "zaledi"

Napisano na dan: 14.3.2009

Strana:
1
2
3

Zarazen komp + povremeno se "zaledi"

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

Bespuche Poslao: 17 Mar 2009 16:19 Idi na vrh
offline Bespuche Građanin Pridružio: 20 Mar 2007 Poruke: 97	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-15.01 - Korisnik 2009-03-17 14:53:15.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.101 [GMT 1:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 3.0 On-access scanning enabled (Updated) * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\WinSpyKiller c:\program files\WinSpyKiller\WinSpyKiller.lic c:\program files\WinSpyKiller\WinSpyKiller1.wk . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{DEF85C80-216A-43AB-AF70-1665EDBE2780} -------\Service_{DEF85C80-216A-43ab-AF70-1665EDBE2780} ((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 ))))))))))))))))))))))))))))))) . 2009-03-17 10:43 . 2009-03-17 11:00 <DIR> d-------- c:\windows\system32\CatRoot_bak 2009-03-16 16:01 . 2009-03-16 16:01 <DIR> d-------- c:\program files\MSXML 4.0 2009-03-16 13:15 . 2009-03-16 13:16 3,084,099 --a------ C:\ComboFix.rar 2009-03-16 09:21 . 2009-03-16 09:20 66,048 --a------ C:\mbr.exe 2009-03-16 08:37 . 2009-03-16 08:37 <DIR> d-------- c:\windows\system32\LogFiles 2009-03-16 08:08 . 2008-12-12 18:33 3,060,224 -----c--- c:\windows\system32\dllcache\mshtml.dll 2009-03-16 08:08 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-16 08:08 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-16 08:08 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-16 08:08 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-03-16 08:04 . 2008-05-01 15:30 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2009-03-16 08:03 . 2008-04-11 19:50 683,520 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-03-16 08:03 . 2008-10-03 11:15 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll 2009-03-14 15:26 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-03-14 15:23 . 2009-03-14 15:23 <DIR> d-------- c:\program files\MSBuild 2009-03-14 15:23 . 2009-03-14 15:23 <DIR> d-------- c:\program files\Microsoft Works 2009-03-14 15:22 . 2009-03-14 15:22 <DIR> d-------- c:\program files\Microsoft.NET 2009-03-14 15:11 . 2003-02-28 18:26 139,536 --a------ c:\windows\system32\javaee.dll 2009-03-14 15:09 . 2009-03-14 15:09 <DIR> d-------- c:\program files\Microsoft Visual Studio 8 2009-03-14 15:07 . 2009-03-14 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-14 15:05 . 2009-03-14 15:05 <DIR> dr-h----- C:\MSOCache 2009-03-14 15:04 . 2009-03-14 15:04 316,640 --a------ c:\windows\WMSysPr9.prx 2009-03-14 14:47 . 2004-08-04 00:56 239,616 --------- c:\windows\system32\wstrenderer.ax 2009-03-14 14:47 . 2004-08-04 00:56 164,352 --------- c:\windows\system32\wstpager.ax 2009-03-14 14:47 . 2004-08-04 00:56 96,768 -----c--- c:\windows\system32\dllcache\dpcdll.dll 2009-03-14 14:47 . 2004-08-04 00:56 53,248 --------- c:\windows\system32\vbicodec.ax 2009-03-14 14:47 . 2004-08-03 23:08 40,832 --------- c:\windows\system32\drivers\irbus.sys 2009-03-14 14:47 . 2004-08-03 22:59 9,728 --------- c:\windows\system32\comsdupd.exe 2009-03-14 14:43 . 2009-03-14 14:43 <DIR> d-------- c:\windows\ServicePackFiles 2009-03-14 14:37 . 2004-07-17 11:40 19,528 --a------ c:\windows\002520_.tmp 2009-03-14 14:34 . 2009-03-14 14:34 <DIR> d-------- c:\windows\EHome 2009-03-14 13:35 . 2006-08-25 16:45 617,472 -----c--- c:\windows\system32\dllcache\comctl32.dll 2009-03-14 13:35 . 2008-06-20 11:45 360,320 --a--c--- c:\windows\system32\dllcache\tcpip.sys 2009-03-14 13:31 . 2006-07-14 16:25 546,304 -----c--- c:\windows\system32\dllcache\hhctrl.ocx 2009-03-14 13:31 . 2008-10-15 17:57 332,800 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-03-14 13:31 . 2008-06-20 10:52 225,920 --a--c--- c:\windows\system32\dllcache\tcpip6.sys 2009-03-14 13:31 . 2006-08-16 12:58 100,352 -----c--- c:\windows\system32\dllcache\6to4svc.dll 2009-03-14 13:30 . 2006-06-22 11:47 181,248 -----c--- c:\windows\system32\dllcache\rasmans.dll 2009-03-14 13:26 . 2006-05-19 13:59 111,616 -----c--- c:\windows\system32\dllcache\dhcpcsvc.dll 2009-03-14 13:26 . 2006-05-19 13:59 94,720 -----c--- c:\windows\system32\dllcache\iphlpapi.dll 2009-03-14 13:18 . 2009-03-14 13:18 <DIR> d-------- c:\windows\system32\bits 2009-03-14 13:17 . 2006-03-17 01:38 28,672 --------- c:\windows\system32\verclsid.exe 2009-03-14 13:17 . 2009-03-16 16:05 1,374 --a------ c:\windows\imsins.BAK 2009-03-14 13:16 . 2009-03-14 13:16 <DIR> d-------- c:\windows\system32\bfubackups 2009-03-14 12:41 . 2004-08-04 00:56 2,897,920 --------- c:\windows\system32\xpsp2res.dll 2009-03-14 12:41 . 2004-08-04 00:56 713,216 --a------ c:\windows\system32\sxs.dll 2009-03-14 12:41 . 2004-08-04 00:56 87,552 --a------ c:\windows\system32\fldrclnr.dll 2009-03-14 12:36 . 2009-03-16 16:05 <DIR> d--h----- c:\windows\$hf_mig$ 2009-03-14 12:36 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-03-14 12:35 . 2008-06-20 18:41 148,992 --a--c--- c:\windows\system32\dllcache\dnsapi.dll 2009-03-14 12:35 . 2006-06-26 18:37 8,192 -----c--- c:\windows\system32\dllcache\rasadhlp.dll 2009-03-14 12:30 . 2009-03-14 12:31 <DIR> d-------- c:\program files\Unlocker 2009-03-14 12:30 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui 2009-03-14 12:30 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui 2009-03-14 12:30 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2009-03-14 12:30 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui 2009-03-14 12:19 . 2009-03-14 12:19 <DIR> d-------- c:\program files\TuneUp Utilities 2007 2009-03-14 12:19 . 2009-03-14 12:19 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\TuneUp Software 2009-03-14 12:19 . 2006-12-19 16:53 24,072 --a------ c:\windows\system32\uxtuneup.dll 2009-03-14 12:18 . 2009-03-14 12:18 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-03-14 12:18 . 2009-03-14 12:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-03-13 10:32 . 2009-03-13 10:32 <DIR> d-------- c:\windows\ePlusMenuCAD 2009-03-13 10:32 . 2009-03-13 10:36 <DIR> d-------- c:\program files\ePlusMenuCAD 2009-03-11 14:30 . 2009-03-14 12:43 <DIR> d-------- c:\program files\Google 2009-03-10 09:12 . 2009-03-14 12:51 <DIR> d-------- C:\Ulysse 2009-03-10 09:12 . 2009-03-13 13:44 2,229 --a------ c:\windows\ulysse.ini 2009-03-10 09:10 . 2009-03-10 09:10 <DIR> d-------- c:\documents and settings\Korisnik\WINDOWS 2009-03-09 09:54 . 2009-03-17 09:02 <DIR> d-------- c:\program files\ABBYY FineReader 7.0 Professional Edition 2009-03-09 08:36 . 2009-03-09 08:36 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\ABBYY 2009-03-09 08:35 . 2009-03-09 08:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ABBYY 2009-03-06 08:50 . 2009-03-06 08:50 <DIR> d-------- c:\windows\system32\Adobe 2009-03-06 08:50 . 2009-03-06 08:50 <DIR> d-------- c:\windows\Profiles 2009-03-06 08:50 . 2009-03-06 08:50 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\InterTrust 2009-03-06 08:50 . 1998-10-29 14:45 306,688 --a------ c:\windows\IsUninst.exe 2009-03-03 13:30 . 2009-03-03 13:30 0 --a------ c:\windows\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-17 11:13 --------- d-----w c:\program files\Rainlendar 2009-03-14 11:51 --------- d-----w c:\program files\totalcmd 2009-03-06 07:50 --------- d-----w c:\program files\Common Files\Adobe 2009-01-27 12:59 --------- d-----w c:\program files\GlobalMapper10 2008-03-13 22:34 2,568,840 ----a-w c:\program files\ask_install.exe . ((((((((((((((((((((((((((((( SnapShot@2009-03-17_10.16.57.37 ))))))))))))))))))))))))))))))))))))))))) . + 2004-08-03 23:56:52 93,184 -c--a-w c:\windows\system32\dllcache\iexplore.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] c:\documents and settings\Korisnik\Start Menu\Programs\Startup\ Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2006-01-21 118784] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 00:56 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro] --a------ 2009-03-17 08:10 20112 c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-12 01:30 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-12 01:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 18:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-03 04:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-31 00:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2004-12-20 19:41 33792 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -ra------ 2005-07-12 08:55 81920 c:\windows\SOUNDMAN.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\firebird\bin\fbguard.exe -s --> c:\firebird\bin\fbguard.exe -s [?] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\firebird\bin\fbserver.exe -s --> c:\firebird\bin\fbserver.exe -s [?] R3 WB6692;%WB6692.DeviceDesc%;c:\windows\system32\drivers\WB692pci.sys [2006-09-30 135122] S2 fips32cup;fips32cup;\??\c:\windows\system32\drivers\fips32cup.sys --> c:\windows\system32\drivers\fips32cup.sys [?] S2 NMEmployeesAgent;Net Monitor for Employees Agent;c:\program files\Network LookOut\Net Monitor for Employees Professional\bin\NLSAgentSvc.exe --> c:\program files\Network LookOut\Net Monitor for Employees Professional\bin\NLSAgentSvc.exe [?] S2 systemntmi;systemntmi;\??\c:\windows\system32\drivers\systemntmi.sys --> c:\windows\system32\drivers\systemntmi.sys [?] S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [2007-07-13 61504] S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [2007-07-13 9328] S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [2007-07-13 97056] S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [2007-07-13 88560] S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [2007-07-13 86368] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-03-14 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53] . - - - - ORPHANS REMOVED - - - - HKLM-Run-TWCU - c:\program files\TP-LINK\TWCU\TWCU.exe HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe HKLM-Run-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.lord-rs.com/ uDefault_Search_URL = hxxp://searchbar.findthewebsiteyouneed.com uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {38F7D43D-3EE3-4079-B6B7-3155ECCECE88} = 87.250.97.250,87.250.98.250 TCP: {A33E26F7-0F58-4B25-BE4E-695D784B58BC} = 87.250.98.250,87.250.97.250 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {33331111-1111-1111-1111-615111193427} FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\jbi84gfc.default\ . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-17 14:57:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(580) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\acs.exe c:\firebird\bin\fbguard.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\firebird\bin\fbserver.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-03-17 15:00:31 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-17 14:00:28 ComboFix2.txt 2009-03-17 09:18:17 Pre-Run: 17,275,207,680 bytes free Post-Run: 17,228,808,192 bytes free 221 --- E O F --- 2009-03-16 15:05:29 Dopuna: 17 Mar 2009 16:19 Ne znam da li si procitao na dnu prethodne poruke gdje sam napisao da mi je sada racunar jos vise usporio. NOD-a nema, sve se sporo otvara. U Task manageru su mi se pojavili neki porcesi pod imenima "1", "1066", "1786" i zauzimali su 100% procesora. Zatvorio sam ih sve. Evo jos jedan mi je ostao, pa ti saljem screenshot. Nisam do sada vidio da postoje ovakvi procesi.

Profil

dr_Bora Poslao: 17 Mar 2009 16:31 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: fips32cup systemntmi` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Bespuche Poslao: 17 Mar 2009 17:39 Idi na vrh
offline Bespuche Građanin Pridružio: 20 Mar 2007 Poruke: 97	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U medjuvremenu sam instalirao NOD, obrisao je neka 4 trojanca. A trenutak prije nego sto trebao da ti okacim log, recunar je zaledio. Morao sam da restartujem. ComboFix 09-03-15.01 - Korisnik 2009-03-17 17:02:23.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.193 [GMT 1:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 3.0 On-access scanning enabled (Updated) * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SYSTEMNTMI -------\Service_fips32cup -------\Service_systemntmi ((((((((((((((((((((((((( Files Created from 2009-02-17 to 2009-03-17 ))))))))))))))))))))))))))))))) . 2009-03-17 10:43 . 2009-03-17 17:08 <DIR> d-------- c:\windows\system32\CatRoot_bak 2009-03-16 16:01 . 2009-03-16 16:01 <DIR> d-------- c:\program files\MSXML 4.0 2009-03-16 13:15 . 2009-03-16 13:16 3,084,099 --a------ C:\ComboFix.rar 2009-03-16 09:21 . 2009-03-16 09:20 66,048 --a------ C:\mbr.exe 2009-03-16 08:37 . 2009-03-16 08:37 <DIR> d-------- c:\windows\system32\LogFiles 2009-03-16 08:08 . 2008-12-12 18:33 3,060,224 -----c--- c:\windows\system32\dllcache\mshtml.dll 2009-03-16 08:08 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-16 08:08 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-16 08:08 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-16 08:08 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-03-16 08:04 . 2008-05-01 15:30 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2009-03-16 08:03 . 2008-04-11 19:50 683,520 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-03-16 08:03 . 2008-10-03 11:15 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll 2009-03-14 15:26 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-03-14 15:23 . 2009-03-14 15:23 <DIR> d-------- c:\program files\MSBuild 2009-03-14 15:23 . 2009-03-14 15:23 <DIR> d-------- c:\program files\Microsoft Works 2009-03-14 15:22 . 2009-03-14 15:22 <DIR> d-------- c:\program files\Microsoft.NET 2009-03-14 15:11 . 2003-02-28 18:26 139,536 --a------ c:\windows\system32\javaee.dll 2009-03-14 15:09 . 2009-03-14 15:09 <DIR> d-------- c:\program files\Microsoft Visual Studio 8 2009-03-14 15:07 . 2009-03-14 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-14 15:05 . 2009-03-14 15:05 <DIR> dr-h----- C:\MSOCache 2009-03-14 15:04 . 2009-03-14 15:04 316,640 --a------ c:\windows\WMSysPr9.prx 2009-03-14 14:47 . 2004-08-04 00:56 239,616 --------- c:\windows\system32\wstrenderer.ax 2009-03-14 14:47 . 2004-08-04 00:56 164,352 --------- c:\windows\system32\wstpager.ax 2009-03-14 14:47 . 2004-08-04 00:56 96,768 -----c--- c:\windows\system32\dllcache\dpcdll.dll 2009-03-14 14:47 . 2004-08-04 00:56 53,248 --------- c:\windows\system32\vbicodec.ax 2009-03-14 14:47 . 2004-08-03 23:08 40,832 --------- c:\windows\system32\drivers\irbus.sys 2009-03-14 14:47 . 2004-08-03 22:59 9,728 --------- c:\windows\system32\comsdupd.exe 2009-03-14 14:43 . 2009-03-14 14:43 <DIR> d-------- c:\windows\ServicePackFiles 2009-03-14 14:37 . 2004-07-17 11:40 19,528 --a------ c:\windows\002520_.tmp 2009-03-14 14:34 . 2009-03-14 14:34 <DIR> d-------- c:\windows\EHome 2009-03-14 13:35 . 2006-08-25 16:45 617,472 -----c--- c:\windows\system32\dllcache\comctl32.dll 2009-03-14 13:35 . 2008-06-20 11:45 360,320 --a--c--- c:\windows\system32\dllcache\tcpip.sys 2009-03-14 13:31 . 2006-07-14 16:25 546,304 -----c--- c:\windows\system32\dllcache\hhctrl.ocx 2009-03-14 13:31 . 2008-10-15 17:57 332,800 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-03-14 13:31 . 2008-06-20 10:52 225,920 --a--c--- c:\windows\system32\dllcache\tcpip6.sys 2009-03-14 13:31 . 2006-08-16 12:58 100,352 -----c--- c:\windows\system32\dllcache\6to4svc.dll 2009-03-14 13:30 . 2006-06-22 11:47 181,248 -----c--- c:\windows\system32\dllcache\rasmans.dll 2009-03-14 13:26 . 2006-05-19 13:59 111,616 -----c--- c:\windows\system32\dllcache\dhcpcsvc.dll 2009-03-14 13:26 . 2006-05-19 13:59 94,720 -----c--- c:\windows\system32\dllcache\iphlpapi.dll 2009-03-14 13:18 . 2009-03-14 13:18 <DIR> d-------- c:\windows\system32\bits 2009-03-14 13:17 . 2006-03-17 01:38 28,672 --------- c:\windows\system32\verclsid.exe 2009-03-14 13:17 . 2009-03-16 16:05 1,374 --a------ c:\windows\imsins.BAK 2009-03-14 13:16 . 2009-03-14 13:16 <DIR> d-------- c:\windows\system32\bfubackups 2009-03-14 12:41 . 2004-08-04 00:56 2,897,920 --------- c:\windows\system32\xpsp2res.dll 2009-03-14 12:41 . 2004-08-04 00:56 713,216 --a------ c:\windows\system32\sxs.dll 2009-03-14 12:41 . 2004-08-04 00:56 87,552 --a------ c:\windows\system32\fldrclnr.dll 2009-03-14 12:36 . 2009-03-16 16:05 <DIR> d--h----- c:\windows\$hf_mig$ 2009-03-14 12:36 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-03-14 12:35 . 2008-06-20 18:41 148,992 --a--c--- c:\windows\system32\dllcache\dnsapi.dll 2009-03-14 12:35 . 2006-06-26 18:37 8,192 -----c--- c:\windows\system32\dllcache\rasadhlp.dll 2009-03-14 12:30 . 2009-03-14 12:31 <DIR> d-------- c:\program files\Unlocker 2009-03-14 12:30 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui 2009-03-14 12:30 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui 2009-03-14 12:30 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2009-03-14 12:30 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui 2009-03-14 12:19 . 2009-03-14 12:19 <DIR> d-------- c:\program files\TuneUp Utilities 2007 2009-03-14 12:19 . 2009-03-14 12:19 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\TuneUp Software 2009-03-14 12:19 . 2006-12-19 16:53 24,072 --a------ c:\windows\system32\uxtuneup.dll 2009-03-14 12:18 . 2009-03-14 12:18 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-03-14 12:18 . 2009-03-14 12:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-03-13 10:32 . 2009-03-13 10:32 <DIR> d-------- c:\windows\ePlusMenuCAD 2009-03-13 10:32 . 2009-03-13 10:36 <DIR> d-------- c:\program files\ePlusMenuCAD 2009-03-11 14:30 . 2009-03-14 12:43 <DIR> d-------- c:\program files\Google 2009-03-10 09:12 . 2009-03-14 12:51 <DIR> d-------- C:\Ulysse 2009-03-10 09:12 . 2009-03-13 13:44 2,229 --a------ c:\windows\ulysse.ini 2009-03-10 09:10 . 2009-03-10 09:10 <DIR> d-------- c:\documents and settings\Korisnik\WINDOWS 2009-03-09 09:54 . 2009-03-17 09:02 <DIR> d-------- c:\program files\ABBYY FineReader 7.0 Professional Edition 2009-03-09 08:36 . 2009-03-09 08:36 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\ABBYY 2009-03-09 08:35 . 2009-03-09 08:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ABBYY 2009-03-06 08:50 . 2009-03-06 08:50 <DIR> d-------- c:\windows\system32\Adobe 2009-03-06 08:50 . 2009-03-06 08:50 <DIR> d-------- c:\windows\Profiles 2009-03-06 08:50 . 2009-03-06 08:50 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\InterTrust 2009-03-06 08:50 . 1998-10-29 14:45 306,688 --a------ c:\windows\IsUninst.exe 2009-03-03 13:30 . 2009-03-03 13:30 0 --a------ c:\windows\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-17 15:19 --------- d-----w c:\program files\Rainlendar 2009-03-14 11:51 --------- d-----w c:\program files\totalcmd 2009-03-06 07:50 --------- d-----w c:\program files\Common Files\Adobe 2009-01-27 12:59 --------- d-----w c:\program files\GlobalMapper10 2008-03-13 22:34 2,568,840 ----a-w c:\program files\ask_install.exe . ((((((((((((((((((((((((((((( SnapShot@2009-03-17_10.16.57.37 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-17 15:31:30 10,134 ----a-r c:\windows\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\callmsi.exe + 2009-03-17 15:31:30 136,448 ----a-r c:\windows\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\egui.exe - 2008-06-26 16:49:08 25,214 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A71000000002}\SC_Reader.exe + 2009-03-17 15:49:41 25,214 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A71000000002}\SC_Reader.exe + 2004-08-03 23:56:52 93,184 -c--a-w c:\windows\system32\dllcache\iexplore.exe - 2008-07-01 07:56:22 39,944 ----a-w c:\windows\system32\drivers\eamon.sys + 2007-12-21 07:19:54 39,944 ----a-w c:\windows\system32\drivers\eamon.sys - 2008-07-01 07:57:14 53,256 ----a-w c:\windows\system32\drivers\easdrv.sys + 2007-12-21 07:20:14 30,216 ----a-w c:\windows\system32\drivers\easdrv.sys - 2008-07-01 08:04:40 34,312 ----a-w c:\windows\system32\drivers\epfwtdir.sys + 2007-12-21 07:21:56 33,800 ----a-w c:\windows\system32\drivers\epfwtdir.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] c:\documents and settings\Korisnik\Start Menu\Programs\Startup\ Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2006-01-21 118784] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro] --a------ 2009-03-17 08:10 20112 c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-12 01:30 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-12 01:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 18:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-03 04:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-31 00:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2004-12-20 19:41 33792 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -ra------ 2005-07-12 08:55 81920 c:\windows\SOUNDMAN.EXE [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\firebird\bin\fbguard.exe -s --> c:\firebird\bin\fbguard.exe -s [?] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\firebird\bin\fbserver.exe -s --> c:\firebird\bin\fbserver.exe -s [?] R3 WB6692;%WB6692.DeviceDesc%;c:\windows\system32\drivers\WB692pci.sys [2006-09-30 135122] S2 netsik;netsik;\??\c:\windows\system32\drivers\netsik.sys --> c:\windows\system32\drivers\netsik.sys [?] S2 NMEmployeesAgent;Net Monitor for Employees Agent;c:\program files\Network LookOut\Net Monitor for Employees Professional\bin\NLSAgentSvc.exe --> c:\program files\Network LookOut\Net Monitor for Employees Professional\bin\NLSAgentSvc.exe [?] S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [2007-07-13 61504] S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [2007-07-13 9328] S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [2007-07-13 97056] S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [2007-07-13 88560] S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [2007-07-13 86368] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-03-14 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.lord-rs.com/ uDefault_Search_URL = hxxp://searchbar.findthewebsiteyouneed.com uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {38F7D43D-3EE3-4079-B6B7-3155ECCECE88} = 87.250.97.250,87.250.98.250 TCP: {A33E26F7-0F58-4B25-BE4E-695D784B58BC} = 87.250.98.250,87.250.97.250 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {33331111-1111-1111-1111-615111193427} FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\jbi84gfc.default\ . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-17 17:09:38 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(576) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\acs.exe c:\firebird\bin\fbguard.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\firebird\bin\fbserver.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-03-17 17:13:24 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-17 16:13:22 ComboFix2.txt 2009-03-17 14:00:32 ComboFix3.txt 2009-03-17 09:18:17 Pre-Run: 17,294,442,496 bytes free Post-Run: 17,315,581,952 bytes free 227 --- E O F --- 2009-03-16 15:05:29 Dopuna: 17 Mar 2009 17:29 I jos jednom mi je racunar zaledio, odmah poslije postavljanja ovog loga. Poslije restarta nasao mi je jos 2 virusa, ova 2 na vrhu: Dopuna: 17 Mar 2009 17:39 I opet imam neki "numericki" proces:

Profil

dr_Bora Poslao: 17 Mar 2009 17:52 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hmm... Iz loga u log se pojavljuju nove infekcije. Postavi sveže Gmer logove.

Profil

Bespuche Poslao: 18 Mar 2009 09:51 Idi na vrh
offline Bespuche Građanin Pridružio: 20 Mar 2007 Poruke: 97	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: U medjuvremenu mi je nesto "pojelo" Mozilu, pa ne mogu da je pokrenem. Kaze, missing shortcut. Sreca pa radi explorer. mycity.rs/must-login.png mycity.rs/must-login.png

Profil

dr_Bora Poslao: 18 Mar 2009 10:09 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: netsik Rootkit:: c:\windows\system32\drivers\netsik.sys` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Bespuche Poslao: 18 Mar 2009 11:50 Idi na vrh
offline Bespuche Građanin Pridružio: 20 Mar 2007 Poruke: 97	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-15.01 - Korisnik 2009-03-18 11:33:54.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.111 [GMT 1:00] Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Korisnik\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 3.0 On-access scanning enabled (Updated) * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NETSIK -------\Service_netsik ((((((((((((((((((((((((( Files Created from 2009-02-18 to 2009-03-18 ))))))))))))))))))))))))))))))) . 2009-03-18 08:04 . 2009-03-18 08:21 <DIR> d-------- c:\documents and settings\Korisnik\Contacts 2009-03-18 08:01 . 2009-03-18 08:01 <DIR> d-------- c:\program files\MSN Messenger 2009-03-17 19:33 . 2009-03-17 19:33 <DIR> d-------- c:\program files\Network LookOut 2009-03-17 18:59 . 2009-03-17 19:06 25,171,704 --a------ c:\documents and settings\All Users\Application Data\nmemplpro.exe 2009-03-17 18:47 . 2009-03-17 18:47 45,056 --a------ c:\windows\system32\UTSCSI.EXE 2009-03-17 17:33 . 2009-03-17 17:33 <DIR> d-------- c:\program files\MathType 2009-03-17 10:43 . 2009-03-17 17:08 <DIR> d-------- c:\windows\system32\CatRoot_bak 2009-03-16 16:01 . 2009-03-16 16:01 <DIR> d-------- c:\program files\MSXML 4.0 2009-03-16 13:15 . 2009-03-16 13:16 3,084,099 --a------ C:\ComboFix.rar 2009-03-16 09:21 . 2009-03-16 09:20 66,048 --a------ C:\mbr.exe 2009-03-16 08:37 . 2009-03-16 08:37 <DIR> d-------- c:\windows\system32\LogFiles 2009-03-16 08:08 . 2008-12-12 18:33 3,060,224 -----c--- c:\windows\system32\dllcache\mshtml.dll 2009-03-16 08:08 . 2008-08-14 11:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-16 08:08 . 2008-08-14 10:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-16 08:08 . 2008-08-14 10:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-16 08:08 . 2008-08-14 10:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-03-16 08:04 . 2008-05-01 15:30 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2009-03-16 08:03 . 2008-04-11 19:50 683,520 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-03-16 08:03 . 2008-10-03 11:15 247,326 -----c--- c:\windows\system32\dllcache\strmdll.dll 2009-03-14 15:26 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-03-14 15:23 . 2009-03-14 15:23 <DIR> d-------- c:\program files\MSBuild 2009-03-14 15:23 . 2009-03-14 15:23 <DIR> d-------- c:\program files\Microsoft Works 2009-03-14 15:22 . 2009-03-14 15:22 <DIR> d-------- c:\program files\Microsoft.NET 2009-03-14 15:11 . 2003-02-28 18:26 139,536 --a------ c:\windows\system32\javaee.dll 2009-03-14 15:09 . 2009-03-14 15:09 <DIR> d-------- c:\program files\Microsoft Visual Studio 8 2009-03-14 15:07 . 2009-03-14 15:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-03-14 15:05 . 2009-03-14 15:05 <DIR> dr-h----- C:\MSOCache 2009-03-14 15:04 . 2009-03-14 15:04 316,640 --a------ c:\windows\WMSysPr9.prx 2009-03-14 14:47 . 2004-08-04 00:56 239,616 --------- c:\windows\system32\wstrenderer.ax 2009-03-14 14:47 . 2004-08-04 00:56 164,352 --------- c:\windows\system32\wstpager.ax 2009-03-14 14:47 . 2004-08-04 00:56 96,768 -----c--- c:\windows\system32\dllcache\dpcdll.dll 2009-03-14 14:47 . 2004-08-04 00:56 53,248 --------- c:\windows\system32\vbicodec.ax 2009-03-14 14:47 . 2004-08-03 23:08 40,832 --------- c:\windows\system32\drivers\irbus.sys 2009-03-14 14:47 . 2004-08-03 22:59 9,728 --------- c:\windows\system32\comsdupd.exe 2009-03-14 14:43 . 2009-03-14 14:43 <DIR> d-------- c:\windows\ServicePackFiles 2009-03-14 14:37 . 2004-07-17 11:40 19,528 --a------ c:\windows\002520_.tmp 2009-03-14 14:34 . 2009-03-14 14:34 <DIR> d-------- c:\windows\EHome 2009-03-14 13:35 . 2006-08-25 16:45 617,472 -----c--- c:\windows\system32\dllcache\comctl32.dll 2009-03-14 13:35 . 2008-06-20 11:45 360,320 --a--c--- c:\windows\system32\dllcache\tcpip.sys 2009-03-14 13:31 . 2006-07-14 16:25 546,304 -----c--- c:\windows\system32\dllcache\hhctrl.ocx 2009-03-14 13:31 . 2008-10-15 17:57 332,800 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-03-14 13:31 . 2008-06-20 10:52 225,920 --a--c--- c:\windows\system32\dllcache\tcpip6.sys 2009-03-14 13:31 . 2006-08-16 12:58 100,352 -----c--- c:\windows\system32\dllcache\6to4svc.dll 2009-03-14 13:30 . 2006-06-22 11:47 181,248 -----c--- c:\windows\system32\dllcache\rasmans.dll 2009-03-14 13:26 . 2006-05-19 13:59 111,616 -----c--- c:\windows\system32\dllcache\dhcpcsvc.dll 2009-03-14 13:26 . 2006-05-19 13:59 94,720 -----c--- c:\windows\system32\dllcache\iphlpapi.dll 2009-03-14 13:18 . 2009-03-14 13:18 <DIR> d-------- c:\windows\system32\bits 2009-03-14 13:17 . 2006-03-17 01:38 28,672 --------- c:\windows\system32\verclsid.exe 2009-03-14 13:17 . 2009-03-16 16:05 1,374 --a------ c:\windows\imsins.BAK 2009-03-14 13:16 . 2009-03-14 13:16 <DIR> d-------- c:\windows\system32\bfubackups 2009-03-14 12:41 . 2004-08-04 00:56 2,897,920 --------- c:\windows\system32\xpsp2res.dll 2009-03-14 12:41 . 2004-08-04 00:56 713,216 --a------ c:\windows\system32\sxs.dll 2009-03-14 12:41 . 2004-08-04 00:56 87,552 --a------ c:\windows\system32\fldrclnr.dll 2009-03-14 12:36 . 2009-03-16 16:05 <DIR> d--h----- c:\windows\$hf_mig$ 2009-03-14 12:36 . 2005-02-25 04:35 22,752 --a------ c:\windows\system32\spupdsvc.exe 2009-03-14 12:35 . 2008-06-20 18:41 148,992 --a--c--- c:\windows\system32\dllcache\dnsapi.dll 2009-03-14 12:35 . 2006-06-26 18:37 8,192 -----c--- c:\windows\system32\dllcache\rasadhlp.dll 2009-03-14 12:30 . 2009-03-14 12:31 <DIR> d-------- c:\program files\Unlocker 2009-03-14 12:30 . 2008-10-16 14:09 31,768 --a------ c:\windows\system32\wucltui.dll.mui 2009-03-14 12:30 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuaucpl.cpl.mui 2009-03-14 12:30 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui 2009-03-14 12:30 . 2008-10-16 14:07 18,456 --a------ c:\windows\system32\wuaueng.dll.mui 2009-03-14 12:19 . 2009-03-14 12:19 <DIR> d-------- c:\program files\TuneUp Utilities 2007 2009-03-14 12:19 . 2009-03-14 12:19 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\TuneUp Software 2009-03-14 12:19 . 2006-12-19 16:53 24,072 --a------ c:\windows\system32\uxtuneup.dll 2009-03-14 12:18 . 2009-03-14 12:18 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-03-14 12:18 . 2009-03-14 12:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-03-13 10:32 . 2009-03-13 10:32 <DIR> d-------- c:\windows\ePlusMenuCAD 2009-03-13 10:32 . 2009-03-13 10:36 <DIR> d-------- c:\program files\ePlusMenuCAD 2009-03-11 14:30 . 2009-03-14 12:43 <DIR> d-------- c:\program files\Google 2009-03-10 09:12 . 2009-03-14 12:51 <DIR> d-------- C:\Ulysse 2009-03-10 09:12 . 2009-03-13 13:44 2,229 --a------ c:\windows\ulysse.ini 2009-03-10 09:10 . 2009-03-10 09:10 <DIR> d-------- c:\documents and settings\Korisnik\WINDOWS 2009-03-09 09:54 . 2009-03-18 11:35 <DIR> d-------- c:\program files\ABBYY FineReader 7.0 Professional Edition 2009-03-09 08:36 . 2009-03-09 08:36 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\ABBYY 2009-03-09 08:35 . 2009-03-09 08:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\ABBYY 2009-03-06 08:50 . 2009-03-06 08:50 <DIR> d-------- c:\windows\system32\Adobe 2009-03-06 08:50 . 2009-03-06 08:50 <DIR> d-------- c:\windows\Profiles 2009-03-06 08:50 . 2009-03-06 08:50 <DIR> d-------- c:\documents and settings\Korisnik\Application Data\InterTrust 2009-03-06 08:50 . 1998-10-29 14:45 306,688 --a------ c:\windows\IsUninst.exe 2009-03-03 13:30 . 2009-03-03 13:30 0 --a------ c:\windows\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-17 17:17 --------- d-----w c:\program files\Rainlendar 2009-03-14 11:51 --------- d-----w c:\program files\totalcmd 2009-03-06 07:50 --------- d-----w c:\program files\Common Files\Adobe 2009-01-27 12:59 --------- d-----w c:\program files\GlobalMapper10 2008-03-13 22:34 2,568,840 ----a-w c:\program files\ask_install.exe . ((((((((((((((((((((((((((((( SnapShot@2009-03-17_10.16.57.37 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-18 07:02:13 29,926 ----a-r c:\windows\Installer\{571700F0-DB9D-4B3A-B03D-35A14BB5939F}\MsblIco.Exe + 2009-03-17 15:31:30 10,134 ----a-r c:\windows\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\callmsi.exe + 2009-03-17 15:31:30 136,448 ----a-r c:\windows\Installer\{57ECFB4D-FE11-491A-9AA0-0AF7C3ABC51D}\egui.exe - 2008-06-26 16:49:08 25,214 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A71000000002}\SC_Reader.exe + 2009-03-17 15:49:41 25,214 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A71000000002}\SC_Reader.exe + 2004-08-03 23:56:52 93,184 -c--a-w c:\windows\system32\dllcache\iexplore.exe - 2008-07-01 07:56:22 39,944 ----a-w c:\windows\system32\drivers\eamon.sys + 2007-12-21 07:19:54 39,944 ----a-w c:\windows\system32\drivers\eamon.sys - 2008-07-01 07:57:14 53,256 ----a-w c:\windows\system32\drivers\easdrv.sys + 2007-12-21 07:20:14 30,216 ----a-w c:\windows\system32\drivers\easdrv.sys - 2008-07-01 08:04:40 34,312 ----a-w c:\windows\system32\drivers\epfwtdir.sys + 2007-12-21 07:21:56 33,800 ----a-w c:\windows\system32\drivers\epfwtdir.sys - 2009-03-17 06:51:55 583,016 ----a-w c:\windows\system32\FNTCACHE.DAT + 2009-03-17 17:16:56 596,552 ----a-w c:\windows\system32\FNTCACHE.DAT + 2007-01-19 11:53:04 51,056 ----a-w c:\windows\system32\sirenacm.dll + 2006-06-05 13:14:28 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll + 2006-06-05 13:14:28 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll + 2006-06-05 13:14:28 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] "MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] c:\documents and settings\Korisnik\Start Menu\Programs\Startup\ Rainlendar.lnk - c:\program files\Rainlendar\Rainlendar.exe [2006-01-21 118784] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-12 01:30 249856 c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-12 01:30 81920 c:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 18:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --a------ 2004-11-03 04:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr] -ra------ 2006-03-31 00:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] --a------ 2004-12-20 19:41 33792 c:\program files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] -ra------ 2005-07-12 08:55 81920 c:\windows\SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "400:TCP"= 400:TCP:Net Monitor for Employees Configuration R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800] R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224] R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\firebird\bin\fbguard.exe -s --> c:\firebird\bin\fbguard.exe -s [?] R2 NMEmployeesAgent;Net Monitor for Employees Agent;c:\program files\Network LookOut\mpNet Monitor for Employees Professional\bin\NLSAgentSvc.exe [2009-03-17 1136640] R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\firebird\bin\fbserver.exe -s --> c:\firebird\bin\fbserver.exe -s [?] R3 WB6692;%WB6692.DeviceDesc%;c:\windows\system32\drivers\WB692pci.sys [2006-09-30 135122] S2 nicsk32;nicsk32;\??\c:\windows\system32\drivers\nicsk32.sys --> c:\windows\system32\drivers\nicsk32.sys [?] S2 ws2_32sik;ws2_32sik;\??\c:\windows\system32\drivers\ws2_32sik.sys --> c:\windows\system32\drivers\ws2_32sik.sys [?] S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [2007-07-13 61504] S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [2007-07-13 9328] S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [2007-07-13 97056] S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [2007-07-13 88560] S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [2007-07-13 86368] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\VoIPFlashDisk.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a206cff6-131b-11de-a43e-000021fec628}] \Shell\AutoRun\command - F:\VoIPFlashDisk.exe . Contents of the 'Scheduled Tasks' folder 2009-03-14 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2006-12-19 16:53] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-FineReader7NewsReaderPro - c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.lord-rs.com/ uDefault_Search_URL = hxxp://searchbar.findthewebsiteyouneed.com uInternet Connection Wizard,ShellNext = iexplore IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: {38F7D43D-3EE3-4079-B6B7-3155ECCECE88} = 87.250.97.250,87.250.98.250 TCP: {A33E26F7-0F58-4B25-BE4E-695D784B58BC} = 87.250.98.250,87.250.97.250 DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {33331111-1111-1111-1111-615111193427} . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-18 11:39:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(576) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\acs.exe c:\firebird\bin\fbguard.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\UTSCSI.EXE c:\firebird\bin\fbserver.exe c:\windows\system32\wscntfy.exe c:\program files\Network LookOut\mpNet Monitor for Employees Professional\bin\NLSAgent.exe . ************************************************************************ . Completion time: 2009-03-18 11:43:03 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-18 10:43:00 ComboFix2.txt 2009-03-17 16:13:26 ComboFix3.txt 2009-03-17 14:00:32 ComboFix4.txt 2009-03-17 09:18:17 Pre-Run: 17,322,369,024 bytes free Post-Run: 17,435,873,280 bytes free 255 --- E O F --- 2009-03-16 15:05:29

Profil

dr_Bora Poslao: 18 Mar 2009 12:15 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hajde da odradimo jedan AV scan... Preuzmi Dr.Web CureIt (~12 MB). Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode) Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i, u meniju koji se otvori, klikni Move incurable: Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu. Nakon toga, postavi i svež ComboFix log.

Profil

Bespuche Poslao: 01 Apr 2009 08:18 Idi na vrh
offline Bespuche Građanin Pridružio: 20 Mar 2007 Poruke: 97	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Molim te izvini na kašnjenju, bio sam u frci ovih dana. E ovako, ovo sto ti saljem je rezultat treceg po redu skeniranja sa DrWeb-om. Prva 2 nisu otisla do kraja. Ostavljao sam racunar da skenira i oba puta bi mi ganeko ugasio. Prvi put mi je nasao neki fajl pri onom pocetnom skeniranju i njega sam isao na "Move incurable". Drugi put mi je u toku kompletnog skeniranja nasao neki fajl i dao opcije "da" i "ne", to sam isao "da", ali ni taj sken nije zavrsen do kraja. Ovo ti govorim iz razloga sto sam znaci ta 2 neka fajla obrisao (ili sta je vec program uradio) a ne mozes vidjeti koji su, pa ne znam koliko ti je to bitno. Uglavnom, ova 2 fajla je nasao iz treceg puta: `psexec.cfexe C:\ComboFix Program.PsExec.171 Incurable.Moved.` `NLSAgent.exe C:\Program Files\Network LookOut\mpNet Monitor for Employees Professional\bin Program.Netlookout Incurable.Moved.`

Profil

dr_Bora Poslao: 01 Apr 2009 16:32 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini novi ComboFix (sa gore datih linkova), pokreni ga i postavi log koji dobiješ.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Zarazen komp + povremeno se "zaledi"

Ko je trenutno na forumu

Ukupno su 979 korisnika na forumu :: 28 registrovanih, 4 sakrivenih i 947 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., bojan_t, bokisha253, CrazySerb_MLD, Dežurni_Automatičar, drimer, esx66, FOX, Frunze, GandorCC, ILGromovnik, Lieutenant, mercedesamg, Mi lao shu, miodrag, Mlav, MrNo, nikoli_ca, panzerwaffe, pein, raptorsi, savaskytec, Sir Budimir, skvara, stegonosa, vathra, ZetaMan, zlaya011

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by