win32.rootkit

1

win32.rootkit

offline
  • Pridružio: 18 Dec 2003
  • Poruke: 7953
  • Gde živiš: Graceland

SAnja je zapatila ovaj virus (ako KIS ne laze)...
Svaki put kad upali komp, zaskvici KIS i resetuje ga.

Posto nisam blizu nje, telefonski sam joj rekao da ode u Safe mode i odatle pokrene KIS i pusti dezinfekciju.

Trenutno joj komp to radi, i kao ocistio je neke fajlove, ali da li je to dovoljno?

Hoce li KIS moci da se izbori?

offline
  • Pridružio: 09 Jan 2006
  • Poruke: 317

Zdravo Leggy, prvo ako mozes daj nam tacno ime malware, onako kako ga KIS prepoznaje, a onda i HJT log da vidimo sa cim sve imamo posla.

offline
  • Pridružio: 18 Dec 2003
  • Poruke: 7953
  • Gde živiš: Graceland

HJT tesko dok se ne zavrsi skeniranje.
Nasao je ovo:
rootkit.win32.agent.ef

a nasao je i:
adware.win32.gator.3202

offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

Evo i mene.....

U safemodu mi je kav obrisao ta dva zarazena fajla kada sam onda win ponovo pokrenula, normalno, opet se kav oglasio daje pronasao isti zarazeni fajl i opet mi je restartovao racunar, sada sam kav ugasila i nije restartovao..... pomagajte....

evo log-a.....
https://www.mycity.rs/must-login.png
------------------

Logfile of HijackThis v1.99.1
Scan saved at 16:06:19, on 12.6.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PTBSync\PTBSync.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Poppeeper\POPPeeper.exe
C:\Program Files\Weather Watcher\ww.exe
C:\WINDOWS\9129837.exe
C:\WINDOWS\bdir\sdflkj3.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Tools\wincmd\WINCMD32.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.finderg.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [PTBSync] C:\Program Files\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\Poppeeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKCU\..\Run: [strkjhk] C:\WINDOWS\bdir\sdflkj3.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

offline
  • Pridružio: 09 Jan 2006
  • Poruke: 317

SAnja potvrdjujem da ti je kompjuter zarazen visestrukom infekcijom.

Prvo, sto ces uraditi je sledece, uploaduj nam sledeci fajl C:\WINDOWS\bdir\sdflkj3.exe na ovaj link http://www.mycity.rs/ambulanta-upload.php

Drugo, skeniraj komp sa GMER-om radi rootkitova.

Uradi sledeće:
Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.


Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili.

Trece, postavi nam novi log programa HijackThis ali ovoga puta preimenuj ga, daj mu neko drugo ime na primer Tip3.exe

offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

prvo.... uploadovala sam fajl

drugo... evo fajlova....

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

trece... valjda sam ovo trebala da uradim... ako ne napisi sta treba...
https://www.mycity.rs/must-login.png


p.s. samo da napomenem da mi komp radi "normalno" sve dok je kav iskljucen, cim ga ukljucim restartuje se.....

Logfile of HijackThis v1.99.1
Scan saved at 21:26:08, on 12.6.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PTBSync\PTBSync.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Poppeeper\POPPeeper.exe
C:\Program Files\Weather Watcher\ww.exe
C:\WINDOWS\9129837.exe
C:\WINDOWS\bdir\sdflkj3.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Opera\Opera.exe
C:\Tools\wincmd\WINCMD32.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.finderg.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [PTBSync] C:\Program Files\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\Poppeeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKCU\..\Run: [strkjhk] C:\WINDOWS\bdir\sdflkj3.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Dopuna: 12 Jun 2007 23:46

Logfile of HijackThis v1.99.1
Scan saved at 23:49:29, on 12.6.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\PTBSync\PTBSync.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Poppeeper\POPPeeper.exe
C:\Program Files\Weather Watcher\ww.exe
C:\WINDOWS\9129837.exe
C:\WINDOWS\bdir\sdflkj3.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Tools\wincmd\WINCMD32.EXE
C:\Program Files\HijackThis\sanja.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.finderg.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [PTBSync] C:\Program Files\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\Poppeeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKCU\..\Run: [strkjhk] C:\WINDOWS\bdir\sdflkj3.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Demian mi je rekao da objavim hjt ali sam promenila ime u sanja.exe a sad kacim rootchk.....

********************************* ROOTCHK-(29-05-07b)-LOG, by ejvindh
uto 12.06.2007 23:51:28,60

Driver new_drv (visible) is present. Run COMBOFIX by sUBs or SDFIX by AndyManchesta.

********************************* ROOTCHK-LOG-end


catchme 0.3.692 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-12 23:51:28
Windows 5.1.2600 Service Pack 1
scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

hidden processes: 0
hidden services: 0
hidden files: 0

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Pozdrav SAnja!

Posto Marko nije online da ne bi cekala ja cu ti napisati uputstvo za otklanjanje ovog malware-a. Imas par razlicitih infekcija na sistemu i moracemo da to otklanjamo u nekoliko koraka.

Za pocetak ces uraditi sledece:

Skinuces ComboScan i SDFix na Desktop.

Zatim pokrenes HijackThis program i ides na opciju "Do a system scan only". Kada ti izlista sve linije pronacices ove koje ti budem dole napisao - stiklirati kvadratic ispred svake i kada to zavrsis kliknuti na dugme "Fix Checked".

O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKCU\..\Run: [strkjhk] C:\WINDOWS\bdir\sdflkj3.exe


Kada to zavrsis pokrenuces programe koje si malopre skinula sa neta po redosledu kako sam ti i postavio uputstva za njih. Procedura je sledeca:

-----------------------
Uputstvo za ComboScan

- Zatvori sve pokrenute programe
- Pokreni comboscan.exe i prati uputstva
- Kada se skeniranje zavrsi otvorice se prozor sa logom
- Iskopiraj taj log na forum
- Otvorice se i folder c:\comboscan u kojem se nalazi i fajl Supplementary.txt. Otvori ga u Notepadu i iskopiraj nam i njega kasnije sa svim ostalim logovima na forum.

----------------------------
Uputstvo za SDFix.

Dupli klik na SDFix.exe ce raspakovati program u folder C:\SDFix, osim ukoliko putanja nije drugacije odredjena pri raspakovanju.

Restartovati kompjuter u Safe Mode
Uci u folder u kojem je raspakovan SDFix i startovati RunThis.bat
Stisnuti Y da bi se zapocelo skeniranje
Nakon skeniranja ce se pojaviti poruka da ce kompjuter biti restartovan
Pritisnuti bilo koji taster da bi se kompjuter restartovao
Nakon restarta ce se automatski pokrenuti jos jedno skeniranje, i po njegovom zavrsetku ce se pojaviti poruka Finished
Nakon ucitavanja desktop ikonica, na ekranu ce se pojaviti izvestaj. Izvestaj ce ujedno biti snimljen i kao Report.txt u folderu u kojem je SDFix raspakovan
Iskopirati izvestaj u poruku na forumu, i postaviti i nov log programa HijackThis

--------------

Iskopiraj nam logove ovde kada zavrsis to da vidimo kako napredujemo.. Ukoliko imas nekih nejasnoca u vezi sa ovim uputstvima pre nego sto krenes sa ciscenjem racunara - slobodno pitaj.

offline
  • Pridružio: 18 Dec 2003
  • Poruke: 7953
  • Gde živiš: Graceland

Dok SAnja ne uradi sta ste joj rekli, juce sam joj rekao da zaustavi ova dva servisa:

C:\WINDOWS\9129837.exe
C:\WINDOWS\bdir\sdflkj3.exe

Onda sam joj rekao da obrise ova dva fajla i ceo folder bdir.
Nakon toga je pokrenula KIS i on je iz System Volume Information obrisao svasta.

offline
  • Pridružio: 01 Okt 2003
  • Poruke: 2383
  • Gde živiš: Beograd

Ne postoji vise comboscan sad se zove nesto dss.exe. Dobila sam dva fajla jedan se zove main drugi se zove extra i sad ih kopiram. Prvo ide main...

Deckard's System Scanner v20070611.50
Run by Administrator on 2007-06-13 at 10:20:41
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
51: 2007-06-13 08:20:47 UTC - RP51 - Deckard's System Scanner Restore Point
50: 2007-06-12 22:24:30 UTC - RP50 - System Checkpoint
49: 2007-06-11 13:13:33 UTC - RP49 - System Checkpoint
48: 2007-06-10 12:50:57 UTC - RP48 - System Checkpoint
47: 2007-06-09 12:10:10 UTC - RP47 - System Checkpoint


-- First Restore Point --
1: 2007-04-21 15:33:37 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Administrator.exe) ---------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 10:21:53, on 13.6.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Documents and Settings\Administrator\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.finderg.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [PTBSync] C:\Program Files\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\Poppeeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe
O4 - HKCU\..\Run: [strkjhk] C:\WINDOWS\bdir\sdflkj3.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R2 PortTalk - c:\windows\system32\drivers\ptbtalk.sys <Not Verified; Beyond Logic http://www.beyondlogic.org; PortTalk Driver V2.0>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 ham50 (Intel V92 HaM Data Fax Voice) - c:\windows\system32\drivers\intelh51.sys <Not Verified; Intel Corporation; Intel® Hardware accelerated Modem Driver>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus(R) ASPI Shell>
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 new_drv (!!!!) - c:\windows\new_drv.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>


-- Files created between 2007-05-13 and 2007-06-13 -----------------------------

2007-06-12 11:10:03 1156 --a------ C:\WINDOWS\mozver.dat
2007-06-12 10:57:45 0 d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2007-06-11 20:38:20 0 d-------- C:\Program Files\UltraSnap
2007-06-11 17:43:43 1536 --a------ C:\WINDOWS\104562.exe
2007-06-09 16:08:23 0 d-------- C:\Program Files\Trillian
2007-06-09 15:11:58 102400 --a------ C:\WINDOWS\System32\unzip32.dll <Not Verified; Info-ZIP; Info-ZIP's UnZip Windows DLL>
2007-06-09 15:11:57 0 d-------- C:\Program Files\Weather Watcher
2007-06-09 15:07:49 0 d-------- C:\Program Files\eMule
2007-06-09 15:02:27 0 d-------- C:\Documents and Settings\Administrator\Application Data\POP Peeper
2007-06-09 15:01:27 0 d-------- C:\Program Files\Poppeeper
2007-06-07 17:13:32 1277197 --a------ C:\WINDOWS\AVON Screensaver.scr <Not Verified; Goldshell Digital Media; FlashForge>
2007-05-24 15:02:10 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nokia Multimedia Player
2007-05-14 14:17:37 0 d-------- C:\Documents and Settings\Administrator\Phone Browser
2007-05-14 14:15:33 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-05-14 14:15:06 0 d-------- C:\Documents and Settings\Administrator\Application Data\Nokia
2007-05-14 14:13:20 0 d-------- C:\Program Files\Common Files\PCSuite
2007-05-14 14:13:16 0 d-------- C:\Program Files\Common Files\Nokia
2007-05-14 14:12:49 0 d-------- C:\Program Files\DIFX
2007-05-14 14:12:46 0 d-------- C:\Documents and Settings\Administrator\Application Data\PC Suite
2007-05-14 14:12:29 0 d-------- C:\Program Files\PC Connectivity Solution
2007-05-14 14:12:16 0 d------c- C:\WINDOWS\System32\DRVSTORE
2007-05-14 14:12:12 0 d-------- C:\Program Files\Nokia
2007-05-14 14:11:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations


-- Find3M Report ---------------------------------------------------------------

2007-06-10 20:06:55 0 d-------- C:\Program Files\ICQ6
2007-05-06 11:00:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\ICQ
2007-05-06 11:00:37 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-05 20:02:58 0 d-------- C:\Program Files\Opera
2007-05-04 19:49:14 0 d-------- C:\Program Files\IVT Corporation
2007-04-25 22:15:53 0 d-------- C:\Documents and Settings\Administrator\Application Data\AdobeUM
2007-04-22 22:54:24 0 d-------- C:\Documents and Settings\Administrator\Application Data\Macromedia
2007-04-22 19:10:51 0 d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-04-22 15:24:36 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-04-22 15:20:23 0 d-------- C:\Documents and Settings\Administrator\Application Data\Opera
2007-04-22 15:20:04 0 d-------- C:\Documents and Settings\Administrator\Application Data\Sun
2007-04-22 15:20:00 0 d-------- C:\Program Files\Java
2007-04-22 15:19:28 0 d-------- C:\Program Files\Common Files\Java
2007-04-22 15:17:44 0 d-------- C:\Documents and Settings\Administrator\Application Data\URUSoft
2007-04-22 15:17:40 0 d-------- C:\Program Files\URUSoft
2007-04-22 14:55:50 0 d-------- C:\Documents and Settings\Administrator\Application Data\ACD Systems
2007-04-22 14:53:28 0 d---s---- C:\Program Files\PTBSync
2007-04-22 14:44:13 0 d-------- C:\Program Files\WordWeb
2007-04-21 21:32:50 0 d-------- C:\Program Files\MSN Messenger
2007-04-21 21:16:09 0 d-------- C:\Documents and Settings\Administrator\Application Data\ICQLite
2007-04-21 20:18:33 0 d--h----- C:\Program Files\WindowsUpdate
2007-04-21 20:18:17 0 d-------- C:\Documents and Settings\Administrator\Application Data\Avant Profiles
2007-04-21 20:15:04 0 d-------- C:\Program Files\Windows Journal Viewer
2007-04-21 20:12:57 0 d-------- C:\Program Files\MSN Toolbar
2007-04-21 19:16:41 0 d-------- C:\Program Files\Common Files\ODBC
2007-04-21 19:16:38 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-04-21 19:16:10 62 --ahs---- C:\Documents and Settings\Administrator\Application Data\desktop.ini
2007-04-21 18:31:26 0 d-------- C:\Program Files\Kaspersky Lab
2007-04-21 18:18:58 0 d-------- C:\Program Files\Common Files\ACD Systems
2007-04-21 18:18:57 0 d-------- C:\Program Files\ACD Systems
2007-04-21 18:17:19 0 d-------- C:\Program Files\Winamp
2007-04-21 18:16:14 0 d-------- C:\Program Files\CyberLink
2007-04-21 18:15:55 0 d-------- C:\Program Files\Common Files\InstallShield
2007-04-21 18:15:14 0 d-------- C:\Documents and Settings\Administrator\Application Data\Ahead
2007-04-21 18:14:32 0 d-------- C:\Program Files\Ahead
2007-04-21 18:14:31 0 d-------- C:\Program Files\Common Files\Ahead
2007-04-21 18:13:22 0 d-------- C:\Program Files\AC3Filter
2007-04-21 18:13:18 0 d-------- C:\Program Files\XviD
2007-04-21 18:13:10 0 d-------- C:\Program Files\ffdshow
2007-04-21 18:12:52 0 d-------- C:\Program Files\DivX
2007-04-21 18:00:15 0 d-------- C:\Program Files\Common Files\L&H
2007-04-21 17:59:57 0 d-------- C:\Program Files\Microsoft.NET
2007-04-21 17:59:36 0 d-------- C:\Program Files\Microsoft ActiveSync
2007-04-21 17:58:16 0 d-------- C:\Program Files\Microsoft Works
2007-04-21 17:52:38 0 d-------- C:\Program Files\Common Files\Adobe
2007-04-21 17:48:15 0 d-------- C:\Program Files\Realtek
2007-04-21 17:41:44 0 d-------- C:\Program Files\S3
2007-04-21 17:37:10 0 d-------- C:\Program Files\VIA
2007-04-21 17:33:21 0 d-------- C:\Documents and Settings\Administrator\Application Data\Identities
2007-04-21 17:29:00 0 d-------- C:\Program Files\microsoft frontpage
2007-04-21 17:28:39 0 -rahs---- C:\MSDOS.SYS
2007-04-21 17:28:39 0 -rahs---- C:\IO.SYS
2007-04-21 17:28:39 0 --a------ C:\CONFIG.SYS
2007-04-21 17:28:39 0 --a------ C:\AUTOEXEC.BAT
2007-04-21 17:27:06 0 d-------- C:\Program Files\Online Services
2007-04-21 17:26:33 0 d-------- C:\Program Files\Movie Maker
2007-04-21 17:25:52 0 d-------- C:\Program Files\Common Files\MSSoap
2007-04-21 17:24:55 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-04-21 17:24:20 0 d-------- C:\Program Files\Messenger
2007-04-21 17:24:13 0 d-------- C:\Program Files\MSN Gaming Zone
2007-04-21 17:24:09 0 d-------- C:\Program Files\Windows NT


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"VTTimer"="VTTimer.exe"
"VTTrayp"="VTtrayp.exe"
"SkyTel"="SkyTel.EXE"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"kis"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 6.0\\avp.exe\""
@=""
"PTBSync"="C:\\Program Files\\PTBSync\\PTBSync.exe /Start"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_06\\bin\\jusched.exe"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ICQ"="\"C:\\Program Files\\ICQ6\\ICQ.exe\" silent"
"POP Peeper"="\"C:\\Program Files\\Poppeeper\\POPPeeper.exe\" -min"
"WeatherWatcher"="C:\\Program Files\\Weather Watcher\\ww.exe"
"ttool"="C:\\WINDOWS\\9129837.exe"
"strkjhk"="C:\\WINDOWS\\bdir\\sdflkj3.exe"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"Nokia.PCSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-06-13 at 10:22:18 ---------

A sad extra

Deckard's System Scanner v20070611.50
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 1.0
Architecture: X86; Language: English

CPU 0: Intel(R) Celeron(R) CPU 2.53GHz
Percentage of Memory in Use: 55%
Physical Memory (total/avail): 447.17 MiB / 199.71 MiB
Pagefile Memory (total/avail): 1055.91 MiB / 885.42 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1971.45 MiB

A: is Removable (No Media)
C: is Fixed (NTFS) - 19.13 GiB total, 7.02 GiB free.
D: is Fixed (NTFS) - 37.28 GiB total, 11.26 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is disabled.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Administrator\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=ASUS
ComSpec=C:\WINDOWS\system32\cmd.exe
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Administrator
LOGONSERVER=\\ASUS
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
USERDOMAIN=ASUS
USERNAME=Administrator
USERPROFILE=C:\Documents and Settings\Administrator
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
ACDSee 6.0 PowerPack --> MsiExec.exe /I{38A0BB97-772D-422E-BCCA-4BA2A5D81F42}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\System32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Reader 7.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
AVON Screensaver --> C:\WINDOWS\AVON Screensaver.scr /U
BlueSoleil --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B9F499B8-D1F0-42FC-84BE-CC552123CCCB}\setup.exe" -l0x9
DivX Codec --> C:\WINDOWS\unvise32.exe C:\Program Files\DivX\DivX Bundle.log
eMule --> "C:\Program Files\eMule\Uninstall.exe"
ffdshow --> "C:\Program Files\ffdshow\uninstall.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXP$\spuninst\spuninst.exe"
HijackThis 1.99.1 --> C:\Program Files\HijackThis\HijackThis.exe /uninstall
ICQ6 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -l0x9 -removeonly
Java 2 Runtime Environment, SE v1.4.2_06 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142060}
Kaspersky Internet Security 6.0 --> MsiExec.exe /I{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Messenger 7.0 --> MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314600816}
MSN Toolbar --> C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\mtbs.exe c
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_eng_web.exe /LANG="2057"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
Opera 9.20 --> MsiExec.exe /X{B1FD0F2A-192A-441D-9F23-86C45C913048}
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PTBSync (Atomic Clock Synchronization & Organizer) --> C:\Program Files\PTBSync\PTBSync.exe /UnInstall
Realtek High Definition Audio Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -l0x9 -removeonly
Trillian --> C:\Program Files\Trillian\trillian.exe /uninstall
UltraSnap Trial 1.8 --> "C:\Program Files\UltraSnap\unins000.exe"
URUSoft ViPlay --> "C:\Program Files\URUSoft\ViPlay\uninstall.exe"
VIA Platform Device Manager --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VIA Rhine-Family Fast Ethernet Adapter --> Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA
VIA/S3G Display Driver --> C:\PROGRA~1\S3\UChromeP\S3MINSET.EXE /u UChromeP.uns
Weather Watcher --> "C:\Program Files\Weather Watcher\unins000.exe"
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Commander (Remove or Repair) --> c:\Tools\wincmd\wcuninst.exe
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\System32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\System32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\System32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
WordWeb --> C:\Program Files\WordWeb\uninst.exe
XviD 1.2.-127 +SMP Alpha uninstall --> "C:\Program Files\XviD\unins000.exe"


-- End of Deckard's System Scanner: finished at 2007-06-13 at 10:22:18 ---------

Dopuna: 13 Jun 2007 10:38

Uradila sam sdfix i dobila sam sledeci report...

SDFix: Version 1.87

Run by Administrator - sre 13.06.2007 - 10:30:37,45

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
new_drv

ImagePath:
\??\C:\WINDOWS\new_drv.sys

new_drv - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.

Checking if ADS is attached to ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Listing Files with Hidden Attributes:

C:\Documents and Settings\Administrator\Desktop\Fax\Seminarski\~WRL2634.tmp
C:\Documents and Settings\Administrator\Desktop\Opus\~WRL0002.tmp
C:\WINDOWS\LastGood.Tmp\INF\oem0.inf
C:\WINDOWS\LastGood.Tmp\INF\oem0.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem1.inf
C:\WINDOWS\LastGood.Tmp\INF\oem1.PNF
C:\WINDOWS\LastGood.Tmp\INF\oem2.inf
C:\WINDOWS\LastGood.Tmp\INF\oem2.PNF

Listing User Accounts:

User accounts for \\ASUS

Administrator Guest HelpAssistant
SUPPORT_388945a0


Finished


Promenila sam hjk u leggy.exe i dobila sam ovo....

Logfile of HijackThis v1.99.1
Scan saved at 10:39:39, on 13.6.2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\PTBSync\PTBSync.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Poppeeper\POPPeeper.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\HijackThis\leggy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.finderg.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [PTBSync] C:\Program Files\PTBSync\PTBSync.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\Poppeeper\POPPeeper.exe" -min
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [strkjhk] C:\WINDOWS\bdir\sdflkj3.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O8 - Extra context menu item: Add to Kaspersky Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Dopuna: 13 Jun 2007 10:41

A evo i catchme.log koji mi se pojavio na desktopu...

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-13 10:36:40
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\0bb6_Scan_Startup_eventlog.rpt

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1

offline
  • Pridružio: 18 Dec 2003
  • Poruke: 7953
  • Gde živiš: Graceland

Da ponovim, rekao sam joj pre svega ovoga da pobrise te fajlove koji su bili sumnjivi. Njih vise nema i KIS vise nista ne prijavljuje, za sada.

Ko je trenutno na forumu
 

Ukupno su 942 korisnika na forumu :: 23 registrovanih, 1 sakriven i 918 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, Bobrock1, bojank, Djordje29, draganl, dragoljub11987, HrcAk47, ILGromovnik, Karla, kjkszpj, Kriglord, krkalon, Krvava Devetka, LUDI, Nemanja.M, panzerwaffe, raykan, Regrut Boskica, Shilok, slonic_tonic, sovanova95, styg, zlaya011