Problem sa Task Manager-om

1

Problem sa Task Manager-om

offline
  • Pridružio: 23 Jan 2008
  • Poruke: 65
  • Gde živiš: Beograd

Molim za proveru.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53:36, on 19/01/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\drivers\SbiCtr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\WINDOWS\LTMSG.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\Program Files\Fujitsu Siemens\Hard Disk Noise Control\HDDFC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer3\TeamViewer_Host.exe
C:\Program Files\TeamViewer3\TeamViewer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\user\Desktop\New Folder\Azra.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
F2 - REG:system.ini: Shell=Explorer.exe %windir%\system32\drivers\SbiCtr.exe
O1 - Hosts: 72.14.207.99 facebook.com
O1 - Hosts: 72.14.207.99 myspace.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [RestoreIT!] "C:\Program Files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SbiCtr.exe] C:\WINDOWS\system32\drivers\SbiCtr.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: KTITOR_2009.lnk = C:\Program Files\2009\2009.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{11E41D21-F58E-4956-938C-41741B79A8A7}: NameServer = 192.168.0.11,91.150.90.2,91.150.90.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{11E41D21-F58E-4956-938C-41741B79A8A7}: NameServer = 192.168.0.11,91.150.90.2,91.150.90.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Hard Disk Noise Control (HDDFC) - Fujitsu Siemens Computers - c:\Program Files\Fujitsu Siemens\Hard Disk Noise Control\HDDFC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TeamViewer 3 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer3\TeamViewer_Host.exe

--
End of file - 8323 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Kakav je to problem?

Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


---------------------------------


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 23 Jan 2008
  • Poruke: 65
  • Gde živiš: Beograd

Evo i log ComboFix-a
Problem je bio u tome da je Task Manager bio do skeniranja sa ComboFix-om bio desable i nisam mogao da mu pridjem. Jutros kad sam upalio komp avast je prijavio dva zarazena fajla koja je prilikom svakog restarta racunara ponavljao. Pokusavao sam i sa Malwarebytes' Anti-Malware-om da ih uklonim ali su se svaki put ''vracali''.

ComboFix 09-01-18.03 - user 2009-01-19 13:26:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.1002 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\New Folder\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090118-0] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 )))))))))))))))))))))))))))))))
.

2009-01-19 11:58 . 2009-01-19 11:58 <DIR> d-------- c:\documents and settings\user\Application Data\Malwarebytes
2009-01-19 11:57 . 2009-01-19 11:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-19 11:57 . 2009-01-19 11:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-19 11:57 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-19 11:57 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-19 11:27 . 2009-01-19 11:27 1,409 --a------ c:\windows\system32\tmpE1028.FOT
2009-01-19 11:27 . 2009-01-19 11:27 1,409 --a------ c:\windows\system32\tmp54428.FOT
2009-01-19 09:48 . 2009-01-19 09:48 1,409 --a------ c:\windows\system32\tmpCD9A0.FOT
2009-01-19 09:48 . 2009-01-19 09:48 1,409 --a------ c:\windows\system32\tmp039A0.FOT
2009-01-19 09:22 . 2009-01-19 09:22 1,409 --a------ c:\windows\system32\tmpE41B0.FOT
2009-01-19 09:22 . 2009-01-19 09:22 1,409 --a------ c:\windows\system32\tmp333B0.FOT
2009-01-19 08:44 . 2009-01-19 08:44 715,776 -r-hs---- c:\windows\system32\drivers\SbiCtr.exe
2009-01-19 08:43 . 2009-01-19 08:43 1,409 --a------ c:\windows\system32\tmpA66D0.FOT
2009-01-19 08:43 . 2009-01-19 08:43 1,409 --a------ c:\windows\system32\tmp7E6D0.FOT
2008-12-31 10:32 . 2008-12-31 10:32 1,409 --a------ c:\windows\system32\tmpFC3D5.FOT
2008-12-31 10:32 . 2008-12-31 10:32 1,409 --a------ c:\windows\system32\tmpD14D5.FOT
2008-12-27 08:38 . 2008-12-27 08:38 1,409 --a------ c:\windows\system32\tmp6A801.FOT
2008-12-27 08:38 . 2008-12-27 08:38 1,409 --a------ c:\windows\system32\tmp2A601.FOT
2008-12-26 13:22 . 2009-01-19 12:49 <DIR> d-------- c:\program files\2009

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-19 12:25 --------- d-----w c:\documents and settings\user\Application Data\Skype
2009-01-19 11:49 --------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2
2009-01-19 11:41 --------- d-----w c:\program files\CCLEANER
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
2008-11-21 13:52 --------- d-----w c:\program files\TeamViewer3
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-04-03 08:04 14,290 ----a-w c:\program files\settings.dat
2007-07-10 08:40 114 -c--a-w c:\program files\plugin.ini
2004-10-05 15:12 138,430 -c--a-w c:\program files\Readme.rtf
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-01-22 184320]
"RestoreIT!"="c:\program files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" [2004-05-27 114688]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-09-14 249927]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SbiCtr.exe"="c:\windows\system32\drivers\SbiCtr.exe" [2009-01-19 715776]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-23 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe]
"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\user\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-03 113664]
KTITOR_2009.lnk - c:\program files\2009\2009.exe [2008-12-26 2249384]
OpenOffice.org 2.3.lnk - c:\program files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-03 113664]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\3d max\\3dsmax.exe"=
"c:\\Program Files\\backburner 2\\monitor.exe"=
"c:\\Program Files\\backburner 2\\manager.exe"=
"c:\\Program Files\\backburner 2\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\drivers\\SbiCtr.exe"=

R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [2006-04-14 43512]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [2006-04-14 179482]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-02 111184]
R3 SMBus_2k;SMBus_2k;c:\windows\system32\drivers\SMBus_2k.sys [2006-04-04 14208]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-02 20560]
R4 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [2006-04-14 5088]
R4 HDDFC;Hard Disk Noise Control;c:\program files\Fujitsu Siemens\Hard Disk Noise Control\HDDFC.exe [2005-03-22 155745]
R4 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Host.exe [2008-03-12 181544]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6056a756-35f6-11dd-8847-003005ace4d4}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad545a9c-808f-11dc-bed3-003005ace4d4}]
\Shell\AutoRun\command - F:\gmbcjmly.exezjpjkbuy.exe
\Shell\explore\Command - F:\gmbcjmly.exezjpjkbuy.exe
\Shell\open\Command - F:\gmbcjmly.exezjpjkbuy.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e788fd06-bf94-11dd-88d9-003005ace4d4}]
\Shell\AutoRun\command - f:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
\Shell\open\command - f:\restore\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fadfa616-2bc2-11dd-883a-003005ace4d4}]
\Shell\Auto\command - setup.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL setup.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {11E41D21-F58E-4956-938C-41741B79A8A7} = 192.168.0.11,91.150.90.2,91.150.90.3
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\ltag9nch.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-19 13:27:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-19 13:29:33
ComboFix-quarantined-files.txt 2009-01-19 12:29:22

Pre-Run: 10,699,431,936 bytes free
Post-Run: 10,889,236,480 bytes free

149 --- E O F --- 2009-01-14 15:04:03

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.


Priloži dobijeni izveštaj uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 23 Jan 2008
  • Poruke: 65
  • Gde živiš: Beograd

Evo izvestaja.
Nisam najbolje razumeo poslednju recenicu uputstva?
mycity.rs/must-login.png

ROOTREPEAL (c) AD, 2007-2008
==================================================
Scan Time: 2009/01/19 15:04
Program Version: Version 1.2.3.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: catchme.sys
Image Path: C:\ComboFix\catchme.sys
Address: 0xBAC58000 Size: 30592 File Visible: No
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6817000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBADE4000 Size: 8192 File Visible: No
Status: -

Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xBAE56000 Size: 6464 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB5540000 Size: 45056 File Visible: No
Status: -

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb685a576

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb685a432

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb685a910

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb685a00a

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb685a50c

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6859f4a

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6859fae

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb685a62c

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb685a5ec

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb685a76c

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Uploaduj mi sledece fajlove:

c:\windows\system32\drivers\FBAPI.sys
c:\windows\system32\tmpE41B0.FOT

preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 23 Jan 2008
  • Poruke: 65
  • Gde živiš: Beograd

Uradio sam sve kako si mi napisao.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Ponovo iskljuci Antivirus:

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\drivers\SbiCtr.exe

Folder::
c:\program files\2009

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6056a756-35f6-11dd-8847-003005ace4d4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad545a9c-808f-11dc-bed3-003005ace4d4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e788fd06-bf94-11dd-88d9-003005ace4d4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fadfa616-2bc2-11dd-883a-003005ace4d4}]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\drivers\\SbiCtr.exe"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 23 Jan 2008
  • Poruke: 65
  • Gde živiš: Beograd

Prilikom podizanja sistema, avast mi je signalizirao da je pronadjen virus i naravno pitao je za akciju. Ja sam pomenuti fajl premestio u kovceg.
Ovo je iz avastovog dnevnika:
21/01/2009 08:41:09 SYSTEM 1376 Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\drivers\SbiCtr.exe" file.

Kasnije sam video u tvom log-u da si taj fajl ubacio u skriptu pa sad ne znam da li sam uradio sve kako bi trebalo.

Evo i ComboFix log/a:

ComboFix 09-01-20.05 - user 2009-01-21 8:48:38.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1534.943 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\New Folder\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\New Folder\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090120-0] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\drivers\SbiCtr.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\2009
c:\program files\2009\2009.exe
c:\program files\2009\agenda.dxr
c:\program files\2009\editor\calc.exe
c:\program files\2009\editor\Notepad2.exe
c:\program files\2009\editor\Notepad2.reg
c:\program files\2009\files\licencesr.txt
c:\program files\2009\files\meseci\april.txt
c:\program files\2009\files\meseci\august.txt
c:\program files\2009\files\meseci\december.txt
c:\program files\2009\files\meseci\february.txt
c:\program files\2009\files\meseci\january.txt
c:\program files\2009\files\meseci\july.txt
c:\program files\2009\files\meseci\june.txt
c:\program files\2009\files\meseci\march.txt
c:\program files\2009\files\meseci\may.txt
c:\program files\2009\files\meseci\november.txt
c:\program files\2009\files\meseci\october.txt
c:\program files\2009\files\meseci\september.txt
c:\program files\2009\files\mjeseci\APRIL.txt
c:\program files\2009\files\mjeseci\AVGUST.txt
c:\program files\2009\files\mjeseci\CONTACTS.txt
c:\program files\2009\files\mjeseci\DECEMBAR.txt
c:\program files\2009\files\mjeseci\FEBRUAR.txt
c:\program files\2009\files\mjeseci\JANUAR.txt
c:\program files\2009\files\mjeseci\JULI.txt
c:\program files\2009\files\mjeseci\JUNI.txt
c:\program files\2009\files\mjeseci\MAJ.txt
c:\program files\2009\files\mjeseci\MART.txt
c:\program files\2009\files\mjeseci\NOTES.txt
c:\program files\2009\files\mjeseci\NOVEMBAR.txt
c:\program files\2009\files\mjeseci\OKTOBAR.txt
c:\program files\2009\files\mjeseci\SEPTEMBAR.txt
c:\program files\2009\files\prezentacija\1.txt
c:\program files\2009\files\prezentacija\3.txt
c:\program files\2009\img.cxt
c:\program files\2009\kLODOVIK.url
c:\program files\2009\Notes.txt
c:\program files\2009\PF2009.ico
c:\program files\2009\start.dxr
c:\program files\2009\unins000.dat
c:\program files\2009\unins000.exe
c:\program files\2009\Xtras\budapi.x32
c:\program files\2009\Xtras\Flash Asset\Flash Asset.x32
c:\program files\2009\Xtras\Media Support\Actor Control.x32
c:\program files\2009\Xtras\Media Support\Cursor Asset.x32
c:\program files\2009\Xtras\Media Support\Cursor Options.x32
c:\program files\2009\Xtras\Media Support\FileIo.x32
c:\program files\2009\Xtras\Media Support\Font Asset Dialog.x32
c:\program files\2009\Xtras\Media Support\Font Asset.x32
c:\program files\2009\Xtras\Media Support\Font Xtra.x32
c:\program files\2009\Xtras\Media Support\LZComprs.x32
c:\program files\2009\Xtras\Media Support\Squish.x32
c:\program files\2009\Xtras\Media Support\SWADCmpr.x32
c:\program files\2009\Xtras\Media Support\Text Asset.x32
c:\program files\2009\Xtras\Media Support\TextAuth.x32
c:\program files\2009\Xtras\Media Support\TextXtra.x32
c:\program files\2009\Xtras\Media Support\ZipXtra.x32
c:\program files\2009\Xtras\PMATIC.reg
c:\program files\2009\Xtras\PMATIC.X32

.
((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 )))))))))))))))))))))))))))))))
.

2009-01-21 08:42 . 2009-01-21 08:42 720,896 -r-hs---- c:\windows\system32\drivers\SbCtri.exe
2009-01-21 08:41 . 2009-01-19 08:44 715,776 --------- c:\windows\system32\drivers\trz1.tmp
2009-01-19 11:58 . 2009-01-19 11:58 <DIR> d-------- c:\documents and settings\user\Application Data\Malwarebytes
2009-01-19 11:57 . 2009-01-19 11:57 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-19 11:57 . 2009-01-19 11:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-19 11:57 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-19 11:57 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-19 11:27 . 2009-01-19 11:27 1,409 --a------ c:\windows\system32\tmpE1028.FOT
2009-01-19 11:27 . 2009-01-19 11:27 1,409 --a------ c:\windows\system32\tmp54428.FOT
2009-01-19 09:48 . 2009-01-19 09:48 1,409 --a------ c:\windows\system32\tmpCD9A0.FOT
2009-01-19 09:48 . 2009-01-19 09:48 1,409 --a------ c:\windows\system32\tmp039A0.FOT
2009-01-19 09:22 . 2009-01-19 09:22 1,409 --a------ c:\windows\system32\tmpE41B0.FOT
2009-01-19 09:22 . 2009-01-19 09:22 1,409 --a------ c:\windows\system32\tmp333B0.FOT
2009-01-19 08:43 . 2009-01-19 08:43 1,409 --a------ c:\windows\system32\tmpA66D0.FOT
2008-12-31 10:32 . 2008-12-31 10:32 1,409 --a------ c:\windows\system32\tmpFC3D5.FOT
2008-12-31 10:32 . 2008-12-31 10:32 1,409 --a------ c:\windows\system32\tmpD14D5.FOT
2008-12-27 08:38 . 2008-12-27 08:38 1,409 --a------ c:\windows\system32\tmp6A801.FOT
2008-12-27 08:38 . 2008-12-27 08:38 1,409 --a------ c:\windows\system32\tmp2A601.FOT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-21 07:43 --------- d-----w c:\documents and settings\user\Application Data\Skype
2009-01-21 07:42 --------- d-----w c:\documents and settings\user\Application Data\OpenOffice.org2
2009-01-19 11:41 --------- d-----w c:\program files\CCLEANER
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\dllcache\srv.sys
2008-11-21 13:52 --------- d-----w c:\program files\TeamViewer3
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-04-03 08:04 14,290 ----a-w c:\program files\settings.dat
2007-07-10 08:40 114 -c--a-w c:\program files\plugin.ini
2004-10-05 15:12 138,430 -c--a-w c:\program files\Readme.rtf
.

((((((((((((((((((((((((((((( snapshot@2009-01-19_13.28.12.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-21 07:40:45 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_560.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-09-13 22880040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2003-01-22 184320]
"RestoreIT!"="c:\program files\Phoenix Technologies Ltd\RecoverPro_XP\VBPTASK.EXE" [2004-05-27 114688]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-09-14 249927]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-23 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2005-08-02 c:\windows\system32\nwiz.exe]
"LTMSG"="LTMSG.exe" [2003-07-14 c:\windows\ltmsg.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-03 113664]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\3d max\\3dsmax.exe"=
"c:\\Program Files\\backburner 2\\monitor.exe"=
"c:\\Program Files\\backburner 2\\manager.exe"=
"c:\\Program Files\\backburner 2\\server.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 RITCPT;RITCPT;c:\windows\system32\drivers\RITCPT.SYS [2006-04-14 43512]
R0 VVBackd5;VVBackd5;c:\windows\system32\drivers\VVBackd5.sys [2006-04-14 179482]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-04-02 111184]
R3 SMBus_2k;SMBus_2k;c:\windows\system32\drivers\SMBus_2k.sys [2006-04-04 14208]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-04-02 20560]
R4 FBAPI;FBAPI;c:\windows\system32\drivers\FBAPI.sys [2006-04-14 5088]
R4 HDDFC;Hard Disk Noise Control;c:\program files\Fujitsu Siemens\Hard Disk Noise Control\HDDFC.exe [2005-03-22 155745]
R4 Service Controler;Service Controler;c:\windows\system32\drivers\SbCtri.exe [2009-01-21 720896]
R4 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Host.exe [2008-03-12 181544]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SERVICE_CONTROLER
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {11E41D21-F58E-4956-938C-41741B79A8A7} = 192.168.0.11,91.150.90.2,91.150.90.3
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\ltag9nch.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-21 08:50:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-21 8:52:12
ComboFix-quarantined-files.txt 2009-01-21 07:52:06
ComboFix2.txt 2009-01-19 12:29:35

Pre-Run: 10,841,579,520 bytes free
Post-Run: 10,823,143,424 bytes free

202 --- E O F --- 2009-01-14 15:04:03

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zdravo,

kopiraj mi sadrzaj sledeceg fajla ovde na forum:

C:\Qoobox\ComboFix-quarantined-files.txt

Ko je trenutno na forumu
 

Ukupno su 1066 korisnika na forumu :: 45 registrovanih, 9 sakrivenih i 1012 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Alibaba1981, Andrija357, Apok, Bobrock1, Bubimir, dane007, Denaya, djboj, DPera, draganl, draggan, DragoslavS, Excalibur13, FOX, Hans Gajger, HrcAk47, ikan, ivica976, JimmyNapoli, Kibice, Koridor, Kubovac, laurusri, lcc, Lieutenant, Lošmi, mercedesamg, milenko crazy north, MiroslavD, Miškić, mkukoleca, pein, royst33, solic, Srky Boy, stegonosa, styg, Tandrkalo, Tvrtko I, VP6919, zdrebac, Zoca, Žoržo, Žrnov, 223223