MyCity » Ambulanta -> Arhiva Ambulante » CRCK_NSANE.A

CRCK_NSANE.A

Napisano na dan: 23.5.2008

CRCK_NSANE.A

Idi na vrh

Poslao: 23 Maj 2008 17:51
Idi na vrh
offline
  • Pridružio: 21 Apr 2008
  • Poruke: 102
  • Gde živiš: Maklosevac, Nasice, Hrvatska

Pozdrav jos jednom.
E ovako.... Danas sam si preko LAN mreze prebacivao neke programe sa koleginog kompa. Nakon kopiranja Trend Micro PC-cillin mi izbacuje sljedece:

Trend Micro PC-cillin Internet Security Notification

Real-time Scan
Trend Micro PC-cillin Internet Security has detected a virus, spyware application, or other Internet threat, and performed the action specified.

Infected file: E:\System Volume Information\_restore{E5E46525-A299-4347-95C8-BAABA7F331C9}\RP6\A0001378.exe
Virus name: CRCK_NSANE.A
User name: Zoran
Scan action result: Denied Access.
Note: If Search for and clean Trojans is enabled and is executed after scanning, you can click Next to view final scan result information.


Pronaso sam zarazeni folder.... ali je problem sto mi windows ne dopusta ulazak u taj folder, a na manual scan-u pc-cillin nista ne pronadje.


Evo ga HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:31, on 23.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = vip.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 4695 bytes



Napravio sam i combofix scan ali on nije nista takodjer nasao. Evo ga i log od combofix-a:

ComboFix 08-05-21.3 - Zoran 2008-05-23 17:13:36.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.233 [GMT 2:00]
Running from: C:\Documents and Settings\Zoran.ZRDESING\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.

2008-05-23 15:18 . 2003-03-05 15:07 54,784 --a------ C:\WINDOWS\system32\drivers\ousb2hub.sys
2008-05-23 15:18 . 2003-03-05 15:07 39,680 --a------ C:\WINDOWS\system32\drivers\ousbehci.sys
2008-05-23 15:17 . 2008-05-23 15:17 <DIR> d-------- C:\Program Files\Winbond
2008-05-23 15:17 . 2002-09-09 10:06 19,164 --a------ C:\WINDOWS\system32\wbhwdoct.VXD
2008-05-23 15:17 . 2002-09-09 10:04 7,312 --a------ C:\WINDOWS\system32\drivers\WBHWDOCT.sys
2008-05-23 14:25 . 2000-03-29 08:17 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-05-23 14:25 . 2008-05-23 14:25 2,551 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-05-22 15:40 . 2008-05-22 15:40 <DIR> d-------- C:\Program Files\ESET
2008-05-21 19:30 . 2008-05-21 19:30 <DIR> d-------- C:\Program Files\WS_FTP
2008-05-15 15:28 . 2008-05-15 15:38 <DIR> d-------- C:\Program Files\NeoTrace
2008-05-12 22:18 . 2008-05-12 22:42 <DIR> d-------- C:\UnrealTournament
2008-05-08 17:44 . 2008-05-08 17:44 <DIR> d-------- C:\Program Files\Bugatron
2008-05-05 18:11 . 2008-05-05 19:30 <DIR> d-------- C:\Program Files\Pizza Frenzy
2008-05-05 17:42 . 2008-05-05 17:42 <DIR> d-------- C:\Program Files\Funky Farm
2008-05-05 17:25 . 2008-05-05 17:25 <DIR> d-------- C:\Program Files\Alien Shooter
2008-05-05 17:15 . 2008-05-05 17:20 281 --a------ C:\WINDOWS\EReg072.dat
2008-04-28 18:42 . 2008-04-28 18:42 <DIR> d-------- C:\Program Files\Electronic Arts
2008-04-26 19:03 . 2008-04-26 19:03 <DIR> d-------- C:\Program Files\Cactus Bruce
2008-04-26 19:02 . 2008-04-26 19:02 <DIR> d-------- C:\Program Files\AquaPOP
2008-04-26 17:57 . 2008-04-26 17:57 1,024 --a------ C:\WINDOWS\jericho_game_ra.dat
2008-04-26 17:49 . 2008-04-26 17:49 <DIR> d-------- C:\Program Files\The Walls of Jericho
2008-04-26 17:45 . 2008-04-26 17:45 <DIR> d-------- C:\Program Files\Double Digger
2008-04-26 16:59 . 2008-04-26 16:59 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-04-26 16:57 . 2008-04-26 16:57 611,064 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-23 17:59 . 2008-04-23 18:07 <DIR> d-------- C:\Program Files\Electra
2008-04-23 17:54 . 2008-04-23 17:58 <DIR> d-------- C:\Program Files\Bombard Deluxe
2008-04-23 17:50 . 2008-04-23 17:53 <DIR> d-------- C:\Program Files\Break Ball 2 Gold
2008-04-23 15:36 . 2008-04-23 15:36 <DIR> d-------- C:\Program Files\Sunny Ball
2008-04-23 14:50 . 2008-05-01 22:08 <DIR> d-------- C:\Program Files\Snail Mail
2008-04-23 14:13 . 2008-05-15 17:14 250 --a------ C:\WINDOWS\gmer.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-22 12:01 --------- d-----w C:\Program Files\Mah Jong Quest
2008-05-18 22:59 --------- d-----w C:\Program Files\Wonderland Secret Worlds
2008-04-26 15:07 155,995 ----a-w C:\WINDOWS\java\Packages\PFBFJ57R.ZIP
2008-04-26 12:21 --------- d-----w C:\Program Files\Jigsaw365
2008-04-22 09:24 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-04-22 09:23 --------- d-----w C:\Program Files\Lavasoft
2008-04-22 09:22 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 21:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-17 20:31 --------- d-----w C:\Program Files\Activision
2008-04-17 00:22 --------- d-----w C:\Program Files\Trend Micro
2008-04-14 17:45 --------- d-----w C:\Program Files\ATI Technologies
2008-04-12 12:57 --------- d-----w C:\Program Files\Anti-Blaxx
2008-04-10 23:39 --------- d-----w C:\Program Files\Mah Jong Medley
2008-04-10 23:38 --------- d-----w C:\Program Files\Mahjong Mania Deluxe
2008-04-01 10:10 --------- d-----w C:\Program Files\Winamp
2008-03-29 19:51 --------- d-----w C:\Program Files\5 Spots II
2008-03-27 22:16 --------- d-----w C:\Documents and Settings\NetworkService.NT AUTHORITY.000\Application Data\Xfire
2008-03-24 11:48 --------- d-----w C:\Program Files\Magic Inlay
2008-03-23 21:37 --------- d-----w C:\Program Files\Dropheads
2008-03-23 21:33 --------- d-----w C:\Program Files\Bricks of Egypt
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 20:49 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2008-03-12 20:49 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2008-03-12 20:49 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2008-02-29 14:39 156,312 ----a-w C:\WINDOWS\Ahriman's Prophecy Uninstaller.exe
2007-12-23 18:21 19,936 ----a-w C:\Documents and Settings\Zoran.ZRDESING\Application Data\GDIPFONTCACHEV1.DAT
2003-12-31 22:43 24,192 -c--a-w C:\Documents and Settings\Zoran\usbsermptxp.sys
2003-12-31 22:43 22,768 -c--a-w C:\Documents and Settings\Zoran\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MULTIMEDIA KEYBOARD"="C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe" [2000-09-28 13:11 135168]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe" [2005-11-25 21:51 819262]
"SoundMan"="SOUNDMAN.EXE" [2003-06-11 04:12 55296 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-12 21:10 339968]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 22:09 157592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 14:00 15360]

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 11:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"\\\\RAJIC-510981905\\E\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"C:\\Program Files\\Mad Cars\\madcars.exe"=
"E:\\Program Files\\Croteam\\Serious Sam\\Bin\\SeriousSam.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"E:\\Program Files\\Bela\\bela.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"E:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"25600:TCP"= 25600:TCP:*:Disabled:class

R1 msikbd2k;Multimedia Keyboard Filter Driver;C:\WINDOWS\system32\DRIVERS\msikbd2k.sys [2000-06-06 14:51]
R2 AVMPORT;AVMPORT;C:\WINDOWS\system32\drivers\avmport.sys [2000-11-14 00:00]
R2 nhksrv;Netropa NHK Server;C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe [2000-09-13 17:18]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-05-23 17:17:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\snmp.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Netropa\Multimedia Keyboard\Traymon.exe
C:\Program Files\Netropa\Onscreen Display\osd.exe
.
**************************************************************************
.
Completion time: 2008-05-23 17:19:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-23 15:19:46
ComboFix2.txt 2008-05-21 16:03:14

Pre-Run: 5,464,887,296 bytes free
Post-Run: 5,427,933,184 bytes free

163 --- E O F --- 2008-04-26 16:36:33





Molim vas za pomoc jer neznam da li moze kakve stete napraviti ovaj file.
Unaprijed hvala!

Poslao: 23 Maj 2008 17:57
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Kako znas da ComboFix nije nista nasao?

Evo info o malweru:

http://www.trendmicro.com/vinfo/grayware/ve_graywa.....p;VSect=Td

Iz prilozenog se vidi da kreira folder ESET u Program Files folder.

Taj folder kod tebe postoji:

2008-05-22 15:40 . 2008-05-22 15:40 <DIR> d-------- C:\Program Files\ESET


To je uostalom program za krekovanje(to sto ti je Trend Micro nasao), da li si ga ti prebacivao sebi?

Poslao: 23 Maj 2008 18:19
Idi na vrh
offline
  • Pridružio: 21 Apr 2008
  • Poruke: 102
  • Gde živiš: Maklosevac, Nasice, Hrvatska

Pretpostavljam da nije nista naso jer sam pratio sta combofix radi i procitao sam log..... ali mozda nisam u pravu. Ubiti prebacivao sam si neke programe za web ukljucujuci i sam NOD32..... kod kolege je isto instaliran PC-cillin i kod njega nista ne pokazuje...... da si iskopiram ono HKEY_LOCAL_MACHINE... (sa int. str. koja je navedena gore) u CFScript i da probam tako ili da jednostavno obrisem C:\Program Files\Eset..... Ja sam obrisao file koji je bio u folder-u (uostalom jos uvijek je u zip-u) pod imenom NOD32.FiX.v1.9-nsane.exe.

Poslao: 23 Maj 2008 22:20
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Poslao: 24 Maj 2008 13:22
Idi na vrh
offline
  • Pridružio: 21 Apr 2008
  • Poruke: 102
  • Gde živiš: Maklosevac, Nasice, Hrvatska

Hvala na pomoci!

MyCity » Ambulanta -> Arhiva Ambulante » CRCK_NSANE.A

Ko je trenutno na forumu
 

Ukupno su 825 korisnika na forumu :: 6 registrovanih, 1 sakriven i 818 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Bokiboks, goxin, Marko Marković, mige, MilosKop, Shilok