Recycler virus

2

Recycler virus

offline
  • Pridružio: 22 Nov 2010
  • Poruke: 31

ComboFix 10-11-22.05 - Hermann 11/23/2010 17:40:51.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.1014 [GMT 1:00]
Running from: c:\documents and settings\Hermann.HERMANN-1729E88\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hermann.HERMANN-1729E88\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Microsoft
c:\program files\microsoft\watermark.exe
c:\windows\system32\dmlconf.dat

.
((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-23 16:32 . 2010-11-23 16:33 -------- d-----w- c:\documents and settings\Hermann.HERMANN-1729E88\Application Data\MCShield
2010-11-23 16:32 . 2010-11-23 16:32 -------- d-----w- c:\program files\MCShield
2010-11-23 16:31 . 2010-11-23 16:31 -------- d-----w- c:\windows\LastGood
2010-11-23 16:06 . 2010-11-23 16:37 -------- d--h--w- c:\windows\$hf_mig$
2010-11-22 22:24 . 2010-11-22 22:24 61869 ----a-w- c:\windows\explorermgr.exe
2010-11-22 20:47 . 2010-11-23 16:02 -------- d-----w- C:\USBNoRisk
2010-11-22 19:58 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-22 19:58 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-22 19:58 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-22 19:58 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-22 19:58 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-22 19:58 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-22 19:58 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-22 19:58 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-22 19:58 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-22 19:57 . 2010-11-22 19:57 -------- d-----w- c:\program files\Alwil Software
2010-11-22 19:57 . 2010-11-22 19:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software
2010-11-22 11:46 . 2010-11-22 11:46 61869 ----a-w- c:\program files\Mozilla Firefox\firefoxmgr.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 03:57 . 2008-04-14 12:00 6656 ----a-w- c:\windows\system32\lpcio.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-22_11.43.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2010-11-23 16:28 . 2010-11-23 16:28 16384 c:\windows\Temp\Perflib_Perfdata_998.dat
+ 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-11-22 19:45 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2008-04-14 12:00 . 2010-10-31 08:42 67714 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-11-22 19:48 67714 c:\windows\system32\perfc009.dat
+ 2010-01-01 19:40 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2010-01-01 19:40 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
- 2008-04-14 12:00 . 2010-10-31 08:42 432924 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2010-11-22 19:48 432924 c:\windows\system32\perfh009.dat
+ 2010-01-01 19:40 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2010-01-01 19:40 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-11-22 19:58 . 2010-11-22 19:58 219648 c:\windows\Installer\d02ae.msi
+ 2010-01-01 19:40 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2010-01-01 19:40 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedswitchXP"="c:\program files\SpeedswitchXP\SpeedswitchXP.exe" [2006-07-14 692633]
"MCShield"="c:\program files\MCShield\MCShieldRTM.exe" [2010-11-04 261120]
"MCShieldTray"="c:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 127472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-03-15 02:08 1158872 ----a-w- c:\progra~1\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-06 17:56 136176 ----atw- c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 479653 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-12-23 13:40 90112 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-03-09 02:52 80877 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"SamSs"=2 (0x2)
"ERSvc"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"idsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/22/2010 2:29 AM 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/22/2010 2:29 AM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/22/2010 2:29 AM 656320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/22/2010 8:58 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/22/2010 8:58 PM 17744]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [5/30/2010 10:37 PM 20200]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [8/26/2010 11:47 AM 17408]
S2 ATE_PROCMON;ATE_PROCMON; [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [8/26/2010 11:47 AM 16384]
S3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\drivers\gMouUsb16.sys [8/26/2010 11:47 AM 9216]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [11/22/2010 2:29 AM 366840]
S3 tmeter;TMeter Service;c:\windows\system32\DRIVERS\tmeter.sys --> c:\windows\system32\DRIVERS\tmeter.sys [?]
S3 tmeterMP;tmeterMP;c:\windows\system32\DRIVERS\tmeter.sys --> c:\windows\system32\DRIVERS\tmeter.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-1417001333-1003Core.job
- c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-06 17:56]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-1417001333-1003UA.job
- c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-06 17:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bancaintesabeograd.com\online
FF - ProfilePath - c:\documents and settings\Hermann.HERMANN-1729E88\Application Data\Mozilla\Firefox\Profiles\hh64r8ec.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13
FF - plugin: c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-11-23 17:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-23 17:46:45
ComboFix-quarantined-files.txt 2010-11-23 16:46
ComboFix2.txt 2010-11-22 22:21
ComboFix3.txt 2010-11-22 11:45

Pre-Run: 12,992,180,224 bytes free
Post-Run: 12,986,494,976 bytes free

- - End Of File - - 3DA708181EBC3A92CE4CB2CEED17E474

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow Korak 1

Upload-uj mi fajl: c:\windows\system32\lpcio.dll preko ovog linka: http://www.mycity.rs/ambulanta-upload.php



Arrow Korak 2

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\program files\mozilla firefox\firefoxmgr.exe
c:\windows\explorermgr.exe


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.




goran9888 (AMF Tim)

offline
  • Pridružio: 22 Nov 2010
  • Poruke: 31

lpcio.dll je uplodovan.



ComboFix 10-11-22.05 - Hermann 11/23/2010 19:29:00.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.1007 [GMT 1:00]
Running from: c:\documents and settings\Hermann.HERMANN-1729E88\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hermann.HERMANN-1729E88\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\program files\mozilla firefox\firefoxmgr.exe"
"c:\windows\explorermgr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\mozilla firefox\firefoxmgr.exe
c:\windows\explorermgr.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-23 16:32 . 2010-11-23 17:01 -------- d-----w- c:\documents and settings\Hermann.HERMANN-1729E88\Application Data\MCShield
2010-11-23 16:32 . 2010-11-23 16:32 -------- d-----w- c:\program files\MCShield
2010-11-23 16:31 . 2010-11-23 16:31 -------- d-----w- c:\windows\LastGood
2010-11-23 16:06 . 2010-11-23 16:37 -------- d--h--w- c:\windows\$hf_mig$
2010-11-22 20:47 . 2010-11-23 16:02 -------- d-----w- C:\USBNoRisk
2010-11-22 19:58 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-22 19:58 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-22 19:58 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-22 19:58 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-22 19:58 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-22 19:58 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-22 19:58 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-22 19:58 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-22 19:58 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-22 19:57 . 2010-11-22 19:57 -------- d-----w- c:\program files\Alwil Software
2010-11-22 19:57 . 2010-11-22 19:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 03:57 . 2008-04-14 12:00 6656 ----a-w- c:\windows\system32\lpcio.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-22_11.43.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2010-11-23 16:28 . 2010-11-23 16:28 16384 c:\windows\Temp\Perflib_Perfdata_998.dat
+ 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-11-22 19:45 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2008-04-14 12:00 . 2010-10-31 08:42 67714 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-11-22 19:48 67714 c:\windows\system32\perfc009.dat
+ 2010-01-01 19:40 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2010-01-01 19:40 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
- 2008-04-14 12:00 . 2010-10-31 08:42 432924 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2010-11-22 19:48 432924 c:\windows\system32\perfh009.dat
+ 2010-01-01 19:40 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2010-01-01 19:40 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-11-22 19:58 . 2010-11-22 19:58 219648 c:\windows\Installer\d02ae.msi
+ 2010-01-01 19:40 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2010-01-01 19:40 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedswitchXP"="c:\program files\SpeedswitchXP\SpeedswitchXP.exe" [2006-07-14 692633]
"MCShield"="c:\program files\MCShield\MCShieldRTM.exe" [2010-11-04 261120]
"MCShieldTray"="c:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 127472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-03-15 02:08 1158872 ----a-w- c:\progra~1\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-06 17:56 136176 ----atw- c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 479653 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-12-23 13:40 90112 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-03-09 02:52 80877 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"SamSs"=2 (0x2)
"ERSvc"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"idsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/22/2010 2:29 AM 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/22/2010 2:29 AM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/22/2010 2:29 AM 656320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/22/2010 8:58 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/22/2010 8:58 PM 17744]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [5/30/2010 10:37 PM 20200]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [8/26/2010 11:47 AM 17408]
S2 ATE_PROCMON;ATE_PROCMON; [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [8/26/2010 11:47 AM 16384]
S3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\drivers\gMouUsb16.sys [8/26/2010 11:47 AM 9216]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [11/22/2010 2:29 AM 366840]
S3 tmeter;TMeter Service;c:\windows\system32\DRIVERS\tmeter.sys --> c:\windows\system32\DRIVERS\tmeter.sys [?]
S3 tmeterMP;tmeterMP;c:\windows\system32\DRIVERS\tmeter.sys --> c:\windows\system32\DRIVERS\tmeter.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-1417001333-1003Core.job
- c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-06 17:56]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-1417001333-1003UA.job
- c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-06 17:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bancaintesabeograd.com\online
FF - ProfilePath - c:\documents and settings\Hermann.HERMANN-1729E88\Application Data\Mozilla\Firefox\Profiles\hh64r8ec.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13
FF - plugin: c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-11-23 19:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-23 19:35:50
ComboFix-quarantined-files.txt 2010-11-23 18:35
ComboFix2.txt 2010-11-23 16:46
ComboFix3.txt 2010-11-22 22:21
ComboFix4.txt 2010-11-22 11:45

Pre-Run: 12,949,143,552 bytes free
Post-Run: 12,943,171,584 bytes free

- - End Of File - - C46BA0A5DFB23F694490F36B942E0BAE

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Restartuj racunar, pokreni ComboFix i postavi nam taj novi log koji ti izbaci.


Kakvo je sada stanje racunara?

offline
  • Pridružio: 22 Nov 2010
  • Poruke: 31

Gorane firefox se podigne, ali ne daje znake zivota kada pokusam pristupiti bilo kojoj stranici; IE se uopste ne podize; jedino radi chrome i portable opera. Na d: particiji se dalje nalazi recycler folder. Usb stick nisam stavljao, ako ti kazes onda cu ga prikljuciti. Da li trebam proveriti ostale instalirane programe?



ComboFix 10-11-23.01 - Hermann 11/23/2010 20:23:17.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.1062 [GMT 1:00]
Running from: c:\documents and settings\Hermann.HERMANN-1729E88\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\microsoft\watermark.exe
c:\windows\system32\dmlconf.dat

.
((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-23 19:20 . 2010-11-23 19:20 -------- d-----w- c:\windows\LastGood
2010-11-23 19:14 . 2010-11-23 19:27 -------- d-----w- c:\program files\Microsoft
2010-11-23 16:32 . 2010-11-23 19:16 -------- d-----w- c:\documents and settings\Hermann.HERMANN-1729E88\Application Data\MCShield
2010-11-23 16:32 . 2010-11-23 16:32 -------- d-----w- c:\program files\MCShield
2010-11-23 16:06 . 2010-11-23 19:22 -------- d--h--w- c:\windows\$hf_mig$
2010-11-22 20:47 . 2010-11-23 16:02 -------- d-----w- C:\USBNoRisk
2010-11-22 19:58 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-11-22 19:58 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-11-22 19:58 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-11-22 19:58 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-11-22 19:58 . 2010-09-07 15:47 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-11-22 19:58 . 2010-09-07 15:47 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-11-22 19:58 . 2010-09-07 15:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-11-22 19:58 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-11-22 19:58 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-11-22 19:57 . 2010-11-22 19:57 -------- d-----w- c:\program files\Alwil Software
2010-11-22 19:57 . 2010-11-22 19:57 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 03:57 . 2008-04-14 12:00 6656 ----a-w- c:\windows\system32\lpcio.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-11-22_11.43.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:02 . 2009-07-11 23:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2010-11-23 19:15 . 2010-11-23 19:15 16384 c:\windows\Temp\Perflib_Perfdata_9f8.dat
+ 2009-08-06 18:24 . 2009-08-06 18:24 44768 c:\windows\system32\wups2.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 35552 c:\windows\system32\wups.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 53472 c:\windows\system32\wuauclt.exe
+ 2010-11-22 19:45 . 2009-08-06 18:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
- 2008-04-14 12:00 . 2010-10-31 08:42 67714 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2010-11-22 19:48 67714 c:\windows\system32\perfc009.dat
+ 2010-01-01 19:40 . 2009-08-06 18:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\dllcache\cdm.dll
+ 2008-04-14 12:00 . 2009-08-06 18:24 96480 c:\windows\system32\cdm.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 209632 c:\windows\system32\wuweb.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 327896 c:\windows\system32\wucltui.dll
+ 2010-01-01 19:40 . 2009-08-06 18:23 575704 c:\windows\system32\wuapi.dll
- 2008-04-14 12:00 . 2010-10-31 08:42 432924 c:\windows\system32\perfh009.dat
+ 2008-04-14 12:00 . 2010-11-22 19:48 432924 c:\windows\system32\perfh009.dat
+ 2010-01-01 19:40 . 2009-08-06 18:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2010-01-01 19:40 . 2009-08-06 18:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2010-01-01 19:40 . 2009-08-06 18:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2010-11-22 19:58 . 2010-11-22 19:58 219648 c:\windows\Installer\d02ae.msi
+ 2010-01-01 19:40 . 2009-08-06 18:23 1929952 c:\windows\system32\wuaueng.dll
+ 2010-01-01 19:40 . 2009-08-06 18:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedswitchXP"="c:\program files\SpeedswitchXP\SpeedswitchXP.exe" [2006-07-14 692633]
"MCShield"="c:\program files\MCShield\MCShieldRTM.exe" [2010-11-04 261120]
"MCShieldTray"="c:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2007-12-17 127472]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-03-15 02:08 1158872 ----a-w- c:\progra~1\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-06 17:56 136176 ----atw- c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 16:18 479653 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 15:57 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-12-23 13:40 90112 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-03-09 02:52 80877 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"SharedAccess"=2 (0x2)
"SamSs"=2 (0x2)
"ERSvc"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"idsvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [11/22/2010 2:29 AM 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [11/22/2010 2:29 AM 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [11/22/2010 2:29 AM 656320]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/22/2010 8:58 PM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/22/2010 8:58 PM 17744]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [5/30/2010 10:37 PM 20200]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [8/26/2010 11:47 AM 17408]
S2 ATE_PROCMON;ATE_PROCMON; [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [8/26/2010 11:47 AM 16384]
S3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\drivers\gMouUsb16.sys [8/26/2010 11:47 AM 9216]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [11/22/2010 2:29 AM 366840]
S3 tmeter;TMeter Service;c:\windows\system32\DRIVERS\tmeter.sys --> c:\windows\system32\DRIVERS\tmeter.sys [?]
S3 tmeterMP;tmeterMP;c:\windows\system32\DRIVERS\tmeter.sys --> c:\windows\system32\DRIVERS\tmeter.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-1417001333-1003Core.job
- c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-06 17:56]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-492894223-1417001333-1003UA.job
- c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-06 17:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: bancaintesabeograd.com\online
FF - ProfilePath - c:\documents and settings\Hermann.HERMANN-1729E88\Application Data\Mozilla\Firefox\Profiles\hh64r8ec.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13
FF - plugin: c:\documents and settings\Hermann.HERMANN-1729E88\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-11-23 20:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-11-23 20:29:45
ComboFix-quarantined-files.txt 2010-11-23 19:29
ComboFix2.txt 2010-11-23 18:35
ComboFix3.txt 2010-11-23 16:46
ComboFix4.txt 2010-11-22 22:21
ComboFix5.txt 2010-11-23 19:21

Pre-Run: 12,913,000,448 bytes free
Post-Run: 12,905,086,976 bytes free

- - End Of File - - 89FEF0DA2F7A451A3C89ECC6C631AA53

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

U tvom racunaru je prisutna ozbiljna infekcija. Potrebno je da detaljno pratis moja uputstva.


Arrow Korak 1

Nadji i upload-uj mi sledece fajlove:

C:\Program Files\Internet Explorer\IEXPLORE.exe
C:\Program Files\Mozilla Firefox\firefox.exe


preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php



Arrow Korak 2

Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

Folders to delete:
c:\program files\Microsoft

Files to delete:
c:\program files\microsoft\watermark.exe
c:\windows\system32\dmlconf.dat


Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u

Iskopiraj sadržaj dobijenog loga u temu na forumu.



goran9888 (AMF Tim)

offline
  • Pridružio: 22 Nov 2010
  • Poruke: 31

Neverovatne stvari se desavaju, pri pokusaju odpakivanja avengera primetim da mi je nestao winrar.exe, pa sam ga morao ponovo instalirati.




Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "c:\program files\Microsoft" deleted successfully.

Error: could not open file "c:\program files\microsoft\watermark.exe"
Deletion of file "c:\program files\microsoft\watermark.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist

File "c:\windows\system32\dmlconf.dat" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow Korak 1

Preuzmi Kaspersky Virus Removal Tool 2010 sa sledece adrese na Desktop:


Kaspersky Virus Removal Tool 2010
Klikni na link i idi na Save file;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje bude zavrseno:
- Dvoklikom pokreni setup_9.0.0.xxx_2x.11.2010_xx-xx.exe koji si skinuo na Desktop;
- Instaliraj program na lokaciju koju on sam bude ponudio;
- Nakon sto se program pokrene stikliraj sve ponudjene stavke i klikni na Start Scan;
- U toku skeniranja uvek izaberi Recommended akciju koju ti program ponudi.


Nakon uspesno zavrsenog skeniranja i dezinfekcije, restartuj racunar. Pokrenuce se KVT2010, klikni na Report i idi na Save (za lokaciju odaberi Desktop, a za naziv proizvoljno). Okaci taj log u sledecoj poruci.


Arrow Korak 2

Restartuj racunar


Arrow Korak 3

Okaci svez (novi) DDS log





goran9888 (AMF Tim)

offline
  • Pridružio: 22 Nov 2010
  • Poruke: 31

Napisano: 24 Nov 2010 17:59

Situacija je izgleda veoma ozbiljna i ocituje se u totalno nepredvidljivim reakcijama bilo kog softvera tako da znate da vase instrukcije pratim doslovno, ali se uvek desavaju neprijatna iznenadjenja.

Preuzeo sam Kaspersky, krenuo sa skeniranjem i u toku rada je tri puta sam prekidao skeniranje pa sam ja pokretao da nastavi gde je stao. Nije stigao do kraja vec je na 98% sam stao i sam restartovao racunar. Kada se racunar podigao Kaspersky se nije hteo sam startovati vec sam ga ja opet manuelno pronasao i mozda sam tu pogresio jer sam ponovo pokrenuo skeniranje. Sada je skroz zavrsio i izbacio je sledeci report

Autoscan: malfunction (events: 5, objects: 1, time: Unknown)
11/24/2010 2:18:57 PM Untreated: Trojan-DDoS.Win32.Agent.bv C:\Qoobox\Quarantine.rar/Quarantine/C/RECYCLER/S-1-5-21-1482476501-1644491937-682003330-1013/ise32.exe.vir/PE_Patch.PNH/PE-Crypt.PNH Write not supported
11/24/2010 2:18:55 PM Detected: Trojan-DDoS.Win32.Agent.bv C:\Qoobox\Quarantine.rar/Quarantine/C/RECYCLER/S-1-5-21-1482476501-1644491937-682003330-1013/ise32.exe.vir/PE_Patch.PNH/PE-Crypt.PNH
11/24/2010 2:18:53 PM Untreated: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine.rar/Quarantine/C/Program Files/Microsoft/WaterMark.exe.vir Write not supported
11/24/2010 2:16:51 PM Detected: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine.rar/Quarantine/C/Program Files/Microsoft/WaterMark.exe.vir
11/24/2010 1:43:02 PM Task started
Autoscan: completed 5 minutes ago (events: 16, objects: 267040, time: 02:53:31)
11/24/2010 2:40:56 PM Task started
11/24/2010 3:33:50 PM Detected: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine.rar/Quarantine/C/Program Files/Microsoft/WaterMark.exe.vir
11/24/2010 3:33:52 PM Untreated: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine.rar/Quarantine/C/Program Files/Microsoft/WaterMark.exe.vir Write not supported
11/24/2010 3:33:54 PM Detected: Trojan-DDoS.Win32.Agent.bv C:\Qoobox\Quarantine.rar/Quarantine/C/RECYCLER/S-1-5-21-1482476501-1644491937-682003330-1013/ise32.exe.vir/PE_Patch.PNH/PE-Crypt.PNH
11/24/2010 3:33:55 PM Untreated: Trojan-DDoS.Win32.Agent.bv C:\Qoobox\Quarantine.rar/Quarantine/C/RECYCLER/S-1-5-21-1482476501-1644491937-682003330-1013/ise32.exe.vir/PE_Patch.PNH/PE-Crypt.PNH Write not supported
11/24/2010 4:25:24 PM Processing error D:\Instalacija\Portable Studio V5 Logo Maker 2.0 [h33t][Dave3737]\Portable Studio V5 Logo Maker 2.0.exe Read error
11/24/2010 4:38:03 PM Detected: Trojan.Win32.Refroso.cjlq D:\Instalacija\TechSmith Camtasia Studio 7.0.1\TechSmith.Camtasia.Studio.v7.0.0.Keymaker-ZWT.rar/keygen.exe
11/24/2010 4:38:17 PM Untreated: Trojan.Win32.Refroso.cjlq D:\Instalacija\TechSmith Camtasia Studio 7.0.1\TechSmith.Camtasia.Studio.v7.0.0.Keymaker-ZWT.rar/keygen.exe Write not supported
11/24/2010 5:26:05 PM Detected: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine.rar/Quarantine/C/Program Files/Microsoft/WaterMark.exe.vir
11/24/2010 5:26:22 PM Untreated: HEUR:Trojan.Win32.Generic C:\Qoobox\Quarantine.rar/Quarantine/C/Program Files/Microsoft/WaterMark.exe.vir Write not supported
11/24/2010 5:26:23 PM Detected: Trojan-DDoS.Win32.Agent.bv C:\Qoobox\Quarantine.rar/Quarantine/C/RECYCLER/S-1-5-21-1482476501-1644491937-682003330-1013/ise32.exe.vir/PE_Patch.PNH/PE-Crypt.PNH
11/24/2010 5:26:26 PM Untreated: Trojan-DDoS.Win32.Agent.bv C:\Qoobox\Quarantine.rar/Quarantine/C/RECYCLER/S-1-5-21-1482476501-1644491937-682003330-1013/ise32.exe.vir/PE_Patch.PNH/PE-Crypt.PNH Write not supported
11/24/2010 5:33:10 PM Detected: Trojan.Win32.Refroso.cjlq D:\Instalacija\TechSmith Camtasia Studio 7.0.1\TechSmith.Camtasia.Studio.v7.0.0.Keymaker-ZWT.rar/keygen.exe
11/24/2010 5:33:15 PM Untreated: Trojan.Win32.Refroso.cjlq D:\Instalacija\TechSmith Camtasia Studio 7.0.1\TechSmith.Camtasia.Studio.v7.0.0.Keymaker-ZWT.rar/keygen.exe Write not supported
11/24/2010 5:34:06 PM Processing error D:\Instalacija\Portable Studio V5 Logo Maker 2.0 [h33t][Dave3737]\Portable Studio V5 Logo Maker 2.0.exe Read error
11/24/2010 5:34:31 PM Task completed


DDS je


DDS (Ver_10-11-10.01) - NTFSx86
Run by Hermann at 17:47:26.64 on Wed 11/24/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1471.1078 [GMT 1:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Hermann.HERMANN-1729E88\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uURLSearchHooks: H - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [SpeedswitchXP] c:\program files\speedswitchxp\SpeedswitchXP.exe
uRun: [MCShield] c:\program files\mcshield\MCShieldRTM.exe
uRun: [MCShieldTray] c:\program files\mcshield\MCShieldTray.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\herman~1.her\startm~1\programs\startup\setup_~1.lnk - c:\documents and settings\hermann.hermann-1729e88\desktop\virus removal tool1\setup_9.0.0.722_24.11.2010_10-13\startup.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: bancaintesabeograd.com\online
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\herman~1.her\applic~1\mozilla\firefox\profiles\hh64r8ec.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Softonic-Eng7 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2405280&SearchSource=13
FF - plugin: c:\documents and settings\hermann.hermann-1729e88\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 16282342;16282342 Boot Guard Driver;c:\windows\system32\drivers\16282342.sys [2010-11-24 37392]
R0 74671502;74671502 Boot Guard Driver;c:\windows\system32\drivers\74671502.sys [2010-11-24 37392]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-22 237632]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-22 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-22 656320]
R1 16282341;16282341;c:\windows\system32\drivers\16282341.sys [2010-11-24 128016]
R1 74671501;74671501;c:\windows\system32\drivers\74671501.sys [2010-11-24 128016]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-11-22 165584]
R1 setup_9.0.0.722_24.11.2010_10-13drv;setup_9.0.0.722_24.11.2010_10-13drv;c:\windows\system32\drivers\1628234.sys [2010-11-24 315408]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-11-22 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-5-30 20200]
R3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [2010-8-26 17408]
S2 ATE_PROCMON;ATE_PROCMON; [x]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-22 40384]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [2010-8-26 16384]
S3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\drivers\gMouUsb16.sys [2010-8-26 9216]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2010-11-22 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2010-11-22 1145304]
S3 tmeter;TMeter Service;c:\windows\system32\drivers\tmeter.sys --> c:\windows\system32\drivers\tmeter.sys [?]
S3 tmeterMP;tmeterMP;c:\windows\system32\drivers\tmeter.sys --> c:\windows\system32\drivers\tmeter.sys [?]

=============== Created Last 30 ================

2010-11-24 12:41:31 37392 ----a-w- c:\windows\system32\drivers\16282342.sys
2010-11-24 12:41:31 315408 ----a-w- c:\windows\system32\drivers\1628234.sys
2010-11-24 12:41:31 128016 ----a-w- c:\windows\system32\drivers\16282341.sys
2010-11-24 09:24:11 37392 ----a-w- c:\windows\system32\drivers\74671502.sys
2010-11-24 09:24:11 315408 ----a-w- c:\windows\system32\drivers\7467150.sys
2010-11-24 09:24:11 128016 ----a-w- c:\windows\system32\drivers\74671501.sys
2010-11-23 20:41:11 -------- d-----w- c:\program files\Microsoft
2010-11-23 16:34:48 5120 ------w- c:\windows\system32\xpsp4res.dll
2010-11-23 16:32:38 -------- d-----w- c:\docume~1\herman~1.her\applic~1\MCShield
2010-11-23 16:32:36 -------- d-----w- c:\program files\MCShield
2010-11-23 16:06:08 -------- d-----w- c:\windows\system32\PreInstall
2010-11-23 16:06:06 -------- d--h--w- c:\windows\$hf_mig$
2010-11-22 20:47:04 -------- d-----w- C:\USBNoRisk
2010-11-22 19:58:05 38848 ----a-w- c:\windows\avastSS.scr
2010-11-22 19:57:50 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Alwil Software
2010-11-22 19:45:45 -------- d-----w- c:\windows\system32\SoftwareDistribution
2010-11-22 11:39:45 -------- d-sha-r- C:\cmdcons
2010-11-22 11:38:28 98816 ----a-w- c:\windows\sed.exe
2010-11-22 11:38:28 89088 ----a-w- c:\windows\MBR.exe
2010-11-22 11:38:28 256512 ----a-w- c:\windows\PEV.exe
2010-11-22 11:38:28 161792 ----a-w- c:\windows\SWREG.exe
2010-11-22 01:24:38 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\PC Tools

==================== Find3M ====================

2010-11-24 16:35:46 6656 ----a-w- c:\windows\system32\lpcio.dll

============= FINISH: 17:48:00.54 ===============


Recycler folder se i dalje nalazi na d: particiji i ne mogu ga izbrisati. I jedno pitanje, u kakvom stanju mi je sada memory stick da li ga mogu koristiti ili je i dalje zarazen?

Hvala momci!

Dopuna: 24 Nov 2010 19:58

Dodatak, na c: particiji se opet pojavio recycler folder!

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Arrow Korak 1

Restartuj racunar


Arrow Korak 2

Sada obrisi sledeci folder sa racunara: c:\program files\Microsoft
Ukoliko ne mozes da ga izbrises klasicnom Delete opcijom, obavesti me koju ti gresku izbacuje



Arrow

Sto se tice flesh-a, trebalo bi da je cist (ako ga nisi ponovo zarazio), no bilo bi pozeljno da sacekas da prvo pokusamo racunar da ocistimo, pa nakon toga, jos jednom proverimo flesh uredjaj.

Recycler folder na hard disku je legitiman folder. Ne mozes, i ne trebas ga brisati.





goran9888 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 522 korisnika na forumu :: 4 registrovanih, 0 sakrivenih i 518 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Filip Marinković, prekodrinski, saputnik plavetnila, Zi0mek