HJT Log

1

HJT Log

offline
  • Acid_Burn  Male
  • Moderator foruma
  • Glavni moderator foruma Zabava
  • Hellraiser
  • Demon to some. Angel to others
  • Pridružio: 07 Jan 2005
  • Poruke: 25503
  • Gde živiš: Beneath the Black Sky

Radi se o kompu moje devojcice nesto je kliknula na MSN messengeru pa je zakachila nekog trojanaca....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:19, on 2.7.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 6714 bytes

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Nije puno opasno.

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Acid_Burn  Male
  • Moderator foruma
  • Glavni moderator foruma Zabava
  • Hellraiser
  • Demon to some. Angel to others
  • Pridružio: 07 Jan 2005
  • Poruke: 25503
  • Gde živiš: Beneath the Black Sky

ComboFix 08-07-01.5 - Tanja 2008-07-02 21:17:28.1 - NTFSx86
Running from: C:\Users\Tanja\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.

2008-07-02 20:50 . 2008-07-02 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-22 21:42 . 2008-06-23 06:40 <DIR> d-------- C:\Program Files\MyPlayCity
2008-06-22 21:42 . 2008-06-22 21:42 <DIR> d-------- C:\Program Files\Conduit
2008-06-21 14:12 . 2008-06-21 14:15 <DIR> d-------- C:\Users\Tanja\dwhelper
2008-06-17 19:03 . 2008-07-02 21:12 <DIR> d-------- C:\Users\Tanja\AppData\Roaming\uTorrent
2008-06-17 19:03 . 2008-06-17 19:03 <DIR> d-------- C:\Program Files\uTorrent
2008-06-03 20:42 . 2008-06-03 20:43 22 --a------ C:\Windows\Benson.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 17:26 --------- d-----w C:\ProgramData\DVD Shrink
2008-06-21 23:41 --------- d-----w C:\Program Files\FlashGet
2008-05-23 14:58 --------- d-----w C:\Users\Tanja\AppData\Roaming\Ahead
2008-05-23 14:25 --------- d-----w C:\ProgramData\Nero
2008-05-23 14:25 --------- d-----w C:\Program Files\Nero
2008-05-23 14:25 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-21 04:45 --------- d-----w C:\Program Files\Google
2008-05-20 19:18 --------- d-----w C:\Program Files\McDonaldsDragons
2008-05-20 18:53 --------- d-----w C:\Users\Tanja\AppData\Roaming\CDBurnerXP_Soft
2008-05-20 18:53 --------- d-----w C:\Program Files\CDBurnerXP
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 17:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 16:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 19:12 174 --sha-w C:\Program Files\desktop.ini
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Defender
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Calendar
2008-05-13 18:36 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-05-13 18:36 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-05-13 18:36 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-05-13 18:36 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-05-13 18:36 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-05-13 18:36 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-05-13 18:36 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-05-13 18:36 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-13 18:36 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-05-13 18:36 2,923,520 ----a-w C:\Windows\explorer.exe
2008-05-13 18:35 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-05-13 18:35 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-05-13 18:31 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-05-13 18:31 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-05-13 18:30 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-05-13 18:30 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-05-13 18:30 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-05-13 18:30 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-05-13 18:29 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-05-13 18:29 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-05-13 18:29 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-05-13 18:29 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-05-13 18:29 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-05-13 18:29 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-05-13 18:29 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-05-13 18:29 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-05-13 18:29 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-05-13 18:28 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-05-13 18:28 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-05-13 18:28 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-05-13 18:28 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-05-13 18:28 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-05-13 18:28 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-05-13 18:27 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-05-13 18:27 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-05-13 18:26 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-05-13 18:26 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-05-13 18:26 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-05-13 18:26 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-05-13 18:26 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
2008-05-13 18:26 23,552 ----a-w C:\Windows\System32\lpremove.exe
2008-05-13 18:26 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-05-13 18:26 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-05-13 18:26 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-05-13 18:26 166,912 ----a-w C:\Windows\System32\lpksetup.exe
2008-05-13 18:26 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
2008-05-13 18:25 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-05-13 18:25 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-05-13 18:25 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-05-13 18:25 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-05-13 18:25 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-05-13 18:24 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-05-13 18:22 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-05-13 18:21 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-05-13 18:21 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-05-13 18:21 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-05-13 18:21 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-05-13 18:20 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-05-13 18:20 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-05-13 18:20 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-05-13 18:20 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-05-13 18:20 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-05-13 18:20 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-05-13 18:20 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-05-13 18:20 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-05-13 18:20 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-05-13 18:19 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-05-13 18:19 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-05-13 18:17 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-05-13 18:17 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-05-13 18:17 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-13 18:17 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-13 18:17 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-13 18:17 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-13 18:17 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-13 18:17 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-05-13 18:16 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-05-13 18:15 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-05-13 18:15 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-05-13 18:14 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-05-13 18:14 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-05-13 18:14 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-05-13 18:14 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-03-04 13:44 1470488 --a------ C:\Program Files\MyPlayCity\tbMyP0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "C:\Program Files\MyPlayCity\tbMyP0.dll" [2008-03-04 13:44 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "C:\Program Files\MyPlayCity\tbMyP0.dll" [2008-03-04 13:44 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-13 20:16 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 10:10 4468736 C:\Windows\RtHDVCpl.exe]

C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2005-03-01 14:39:43 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-04-30 06:19 118784 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 14:32 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4C4F7FA3-6326-4D88-B8FE-7E5D707C91D0}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{BDCE2112-3A86-493B-9980-108FD2A4BD16}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{480CBA2B-B3DC-4605-8E90-0680DF4800F5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2F94EB27-3979-471D-B47B-1DA4D748D73C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{03F1685A-4BA3-45E1-888F-159B60AC0A14}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:23]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 08:24]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]

*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RegistryMechanic - (no file)
MSConfigStartUp-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 21:20:52
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-02 21:21:51
ComboFix-quarantined-files.txt 2008-07-02 19:21:47

Pre-Run: 12,660,731,904 bytes free
Post-Run: 13,150,408,704 bytes free

204 --- E O F --- 2008-05-14 17:31:49

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
MyWebSearchService


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

E sada sledece: u IE-u postoji neki toolbar MyPlayCity. Jel namerno instaliran ili se sam nekako ubacio?

offline
  • Acid_Burn  Male
  • Moderator foruma
  • Glavni moderator foruma Zabava
  • Hellraiser
  • Demon to some. Angel to others
  • Pridružio: 07 Jan 2005
  • Poruke: 25503
  • Gde živiš: Beneath the Black Sky

ComboFix 08-07-01.5 - Tanja 2008-07-02 22:58:07.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.312 [GMT 2:00]
Running from: C:\Users\Tanja\Desktop\ComboFix.exe
Command switches used :: C:\Users\Tanja\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.

2008-07-02 21:15 . 2008-07-02 22:57 <DIR> d-------- C:\327882R2FWJFW
2008-07-02 20:50 . 2008-07-02 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-22 21:42 . 2008-06-23 06:40 <DIR> d-------- C:\Program Files\MyPlayCity
2008-06-22 21:42 . 2008-06-22 21:42 <DIR> d-------- C:\Program Files\Conduit
2008-06-21 14:12 . 2008-06-21 14:15 <DIR> d-------- C:\Users\Tanja\dwhelper
2008-06-17 19:03 . 2008-07-02 22:53 <DIR> d-------- C:\Users\Tanja\AppData\Roaming\uTorrent
2008-06-17 19:03 . 2008-06-17 19:03 <DIR> d-------- C:\Program Files\uTorrent
2008-06-03 20:42 . 2008-06-03 20:43 22 --a------ C:\Windows\Benson.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 17:26 --------- d-----w C:\ProgramData\DVD Shrink
2008-06-21 23:41 --------- d-----w C:\Program Files\FlashGet
2008-05-23 14:58 --------- d-----w C:\Users\Tanja\AppData\Roaming\Ahead
2008-05-23 14:25 --------- d-----w C:\ProgramData\Nero
2008-05-23 14:25 --------- d-----w C:\Program Files\Nero
2008-05-23 14:25 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-21 04:45 --------- d-----w C:\Program Files\Google
2008-05-20 19:18 --------- d-----w C:\Program Files\McDonaldsDragons
2008-05-20 18:53 --------- d-----w C:\Users\Tanja\AppData\Roaming\CDBurnerXP_Soft
2008-05-20 18:53 --------- d-----w C:\Program Files\CDBurnerXP
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 17:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 17:30 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-05-14 17:30 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-05-14 17:30 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-05-14 17:30 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-05-14 17:30 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-05-14 17:30 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-05-14 17:30 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-05-14 16:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 19:12 174 --sha-w C:\Program Files\desktop.ini
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Defender
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Calendar
2008-05-13 18:38 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-05-13 18:38 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-05-13 18:38 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-05-13 18:38 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-05-13 18:38 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-05-13 18:36 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-13 18:36 2,923,520 ----a-w C:\Windows\explorer.exe
2008-05-13 18:35 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-05-13 18:31 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-05-13 18:31 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-05-13 18:29 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-05-13 18:29 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-05-13 18:29 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-05-13 18:28 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-05-13 18:28 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-05-13 18:28 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-05-13 18:28 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-05-13 18:26 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-05-13 18:26 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-05-13 18:26 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-05-13 18:26 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-05-13 18:26 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-05-13 18:25 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-05-13 18:25 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-05-13 18:18 320,000 ----a-w C:\Windows\system32\drivers\csc.sys
2008-05-13 18:18 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-13 18:17 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-13 18:17 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-13 18:17 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-13 18:17 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-13 18:14 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-05-13 18:14 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-05-13 18:14 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-05-13 18:14 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-05-13 18:14 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-05-13 18:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-11 09:20 --------- d-----w C:\Program Files\Windows Live
2008-05-11 09:19 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-11 09:18 --------- d-----w C:\ProgramData\WLInstaller
2008-05-09 19:39 --------- d-----w C:\Users\Tanja\AppData\Roaming\Rainlendar
2008-05-09 15:45 --------- d-----w C:\Users\Tanja\AppData\Roaming\GameHouse
2008-05-07 16:05 --------- d-----w C:\Users\Tanja\AppData\Roaming\AdobeUM
2008-05-06 15:40 --------- d-----w C:\Program Files\ATI
2008-05-06 15:39 --------- d-----w C:\Users\Tanja\AppData\Roaming\ATI
2008-05-06 15:39 --------- d-----w C:\ProgramData\ATI
2008-05-06 15:36 --------- d-----w C:\Program Files\ATI Technologies
2008-05-06 15:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 15:19 --------- d-----w C:\Program Files\DriverCleanerDotNET
2008-05-05 15:46 15,600 ----a-w C:\Windows\gdrv.sys
2008-05-05 14:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-29 07:30 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-29 07:30 315,392 ----a-w C:\Windows\HideWin.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-02_21.21.18,91 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-01 19:23:26 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-02 21:02:19 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-07-01 19:24:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-02 21:02:49 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-07-01 19:24:43 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-02 21:02:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-07-01 19:23:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-02 21:03:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-01 19:23:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-02 21:03:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-01 19:23:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-02 21:03:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-02 18:24:49 103,818 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-02 19:29:22 103,818 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-02 18:24:49 618,410 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-02 19:29:22 618,410 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-01 19:25:41 6,972 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-662675259-2252122621-2224030840-1000_UserData.bin
+ 2008-07-02 19:26:43 6,972 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-662675259-2252122621-2224030840-1000_UserData.bin
- 2008-07-01 19:25:41 45,870 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-02 19:26:43 46,028 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-01 19:25:37 29,294 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-02 19:26:41 29,574 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-03-04 13:44 1470488 --a------ C:\Program Files\MyPlayCity\tbMyP0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "C:\Program Files\MyPlayCity\tbMyP0.dll" [2008-03-04 13:44 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "C:\Program Files\MyPlayCity\tbMyP0.dll" [2008-03-04 13:44 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-13 20:16 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 10:10 4468736 C:\Windows\RtHDVCpl.exe]
"RegistryMechanic"="" [BU]

C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2005-03-01 14:39:43 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-04-30 06:19 118784 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 14:32 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4C4F7FA3-6326-4D88-B8FE-7E5D707C91D0}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{BDCE2112-3A86-493B-9980-108FD2A4BD16}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{480CBA2B-B3DC-4605-8E90-0680DF4800F5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2F94EB27-3979-471D-B47B-1DA4D748D73C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{03F1685A-4BA3-45E1-888F-159B60AC0A14}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:23]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 08:24]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]

.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 23:03:03
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-07-02 23:05:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-02 21:05:22
ComboFix2.txt 2008-07-02 19:21:52

Pre-Run: 13,946,499,072 bytes free
Post-Run: 13,490,528,256 bytes free

221 --- E O F --- 2008-05-14 17:31:49





Sto se tiche ovog myplaycity-ija i to treba da leti nije inastalirano sa namerom vec je uletelo prilikom instalacije nekih malih igrica.....

Dopuna: 07 Jul 2008 19:10

Opet problemi...MSN izgleda siri opet neke malware,spyware i sl...

Evo loga:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:25, on 7.7.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 5359 bytes

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Preimenuj HijackThis i folder u kojem se nalazi, tako da se u imenu vise ne spominje HijackThis niti bilo sta slicno. Isto preimenuj i folder TrendMicro.

Daj mi onda novi HijackThis log, i nov ComboFix log.

offline
  • Acid_Burn  Male
  • Moderator foruma
  • Glavni moderator foruma Zabava
  • Hellraiser
  • Demon to some. Angel to others
  • Pridružio: 07 Jan 2005
  • Poruke: 25503
  • Gde živiš: Beneath the Black Sky

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:01, on 9.7.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TM\otmicmari\OtMicMari.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 5346 bytes


ComboFix Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:01, on 9.7.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TM\otmicmari\OtMicMari.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 5346 bytes

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Dao si mi dva puta HijackThis log. Daj i ComboFix log, mozda se tamo vidi nesto, posto je HJT log cist.

offline
  • Acid_Burn  Male
  • Moderator foruma
  • Glavni moderator foruma Zabava
  • Hellraiser
  • Demon to some. Angel to others
  • Pridružio: 07 Jan 2005
  • Poruke: 25503
  • Gde živiš: Beneath the Black Sky

My mistake...

ComboFix 08-07-01.5 - Tanja 2008-07-09 15:47:10.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.263 [GMT 2:00]
Running from: C:\Users\Tanja\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

2008-07-04 16:39 . 2008-07-04 16:39 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-07-02 20:50 . 2008-07-09 15:45 <DIR> d-------- C:\Program Files\TM
2008-06-22 21:42 . 2008-07-04 16:40 <DIR> d-------- C:\Program Files\MyPlayCity
2008-06-22 21:42 . 2008-07-04 16:40 <DIR> d-------- C:\Program Files\Conduit
2008-06-21 14:12 . 2008-06-21 14:15 <DIR> d-------- C:\Users\Tanja\dwhelper
2008-06-17 19:03 . 2008-07-09 11:29 <DIR> d-------- C:\Users\Tanja\AppData\Roaming\uTorrent
2008-06-17 19:03 . 2008-06-17 19:03 <DIR> d-------- C:\Program Files\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 17:26 --------- d-----w C:\ProgramData\DVD Shrink
2008-06-21 23:41 --------- d-----w C:\Program Files\FlashGet
2008-05-23 14:58 --------- d-----w C:\Users\Tanja\AppData\Roaming\Ahead
2008-05-23 14:25 --------- d-----w C:\ProgramData\Nero
2008-05-23 14:25 --------- d-----w C:\Program Files\Nero
2008-05-23 14:25 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-21 04:45 --------- d-----w C:\Program Files\Google
2008-05-20 19:18 --------- d-----w C:\Program Files\McDonaldsDragons
2008-05-20 18:53 --------- d-----w C:\Users\Tanja\AppData\Roaming\CDBurnerXP_Soft
2008-05-20 18:53 --------- d-----w C:\Program Files\CDBurnerXP
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 17:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 16:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 19:12 174 --sha-w C:\Program Files\desktop.ini
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Defender
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Calendar
2008-05-13 18:36 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-05-13 18:36 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-05-13 18:36 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-05-13 18:36 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-05-13 18:36 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-05-13 18:36 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-05-13 18:36 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-05-13 18:36 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-13 18:36 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-05-13 18:36 2,923,520 ----a-w C:\Windows\explorer.exe
2008-05-13 18:35 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-05-13 18:35 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-05-13 18:31 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-05-13 18:31 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-05-13 18:30 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-05-13 18:30 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-05-13 18:30 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-05-13 18:30 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-05-13 18:29 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-05-13 18:29 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-05-13 18:29 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-05-13 18:29 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-05-13 18:29 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-05-13 18:29 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-05-13 18:29 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-05-13 18:29 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-05-13 18:29 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-05-13 18:28 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-05-13 18:28 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-05-13 18:28 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-05-13 18:28 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-05-13 18:28 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-05-13 18:28 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-05-13 18:27 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-05-13 18:27 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-05-13 18:26 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-05-13 18:26 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-05-13 18:26 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-05-13 18:26 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-05-13 18:26 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
2008-05-13 18:26 23,552 ----a-w C:\Windows\System32\lpremove.exe
2008-05-13 18:26 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-05-13 18:26 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-05-13 18:26 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-05-13 18:26 166,912 ----a-w C:\Windows\System32\lpksetup.exe
2008-05-13 18:26 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
2008-05-13 18:25 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-05-13 18:25 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-05-13 18:25 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-05-13 18:25 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-05-13 18:25 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-05-13 18:24 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-05-13 18:22 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-05-13 18:21 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-05-13 18:21 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-05-13 18:21 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-05-13 18:21 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-05-13 18:20 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-05-13 18:20 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-05-13 18:20 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-05-13 18:20 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-05-13 18:20 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-05-13 18:20 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-05-13 18:20 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-05-13 18:20 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-05-13 18:20 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-05-13 18:19 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-05-13 18:19 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-05-13 18:17 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-05-13 18:17 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-05-13 18:17 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-13 18:17 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-13 18:17 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-13 18:17 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-13 18:17 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-13 18:17 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-05-13 18:16 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-05-13 18:15 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-05-13 18:15 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-05-13 18:14 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-05-13 18:14 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-05-13 18:14 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-05-13 18:14 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-02_21.21.18,91 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-04 14:39:20 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
- 2008-07-01 19:23:26 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-09 13:05:45 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-09 13:47:02 6,230,016 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
+ 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-07-01 19:23:28 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-09 13:05:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-01 19:23:28 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-07-09 13:05:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-07-01 19:24:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-09 13:07:32 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-07-01 19:24:43 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-09 13:07:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-07-01 19:23:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-09 13:06:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-01 19:23:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-09 13:06:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-01 19:23:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-09 13:06:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-02 18:24:49 103,818 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-09 13:12:36 103,818 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-02 18:24:49 618,410 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-09 13:12:36 618,410 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-11 19:37:30 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-07-09 13:18:45 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-07-01 19:25:41 6,972 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-662675259-2252122621-2224030840-1000_UserData.bin
+ 2008-07-09 13:07:56 7,282 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-662675259-2252122621-2224030840-1000_UserData.bin
- 2008-07-01 19:25:41 45,870 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-09 13:07:56 46,234 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-01 19:25:37 29,294 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-09 13:07:56 29,916 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-13 20:16 1232896]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 10:10 4468736 C:\Windows\RtHDVCpl.exe]
"RegistryMechanic"="" [BU]

C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2005-03-01 14:39:43 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-04-30 06:19 118784 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 14:32 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4C4F7FA3-6326-4D88-B8FE-7E5D707C91D0}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{BDCE2112-3A86-493B-9980-108FD2A4BD16}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{480CBA2B-B3DC-4605-8E90-0680DF4800F5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2F94EB27-3979-471D-B47B-1DA4D748D73C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{03F1685A-4BA3-45E1-888F-159B60AC0A14}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:23]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 08:24]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 15:49:41
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-09 15:50:45
ComboFix-quarantined-files.txt 2008-07-09 13:50:38
ComboFix2.txt 2008-07-02 21:05:37
ComboFix3.txt 2008-07-02 19:21:52

Pre-Run: 15,406,141,440 bytes free
Post-Run: 15,422,676,992 bytes free

221 --- E O F --- 2008-05-14 17:31:49

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skinuti MsnCleaner.zip , ali ne pokretati program jos uvek.
Restartovati kompjuter u Safe Mode
Pokrenuti MsnCleaner_eng.exe
Kliknuti dugme Analyze
Kada se zavrsi skeniranje pojavice se izvestaj
Ukoliko je pronadjena neka infekcija, kliknuti dugme Deleted
Restartovati kompjuter u normalan rezim rada

Otvoriti u Notepad-u fajl C:\MsnCleaner.txt i iskopirati sadrzaj fajla u poruku na forumu.


Kazi mi jos i tacne simptome. Sta se tacno desava/pojavljuje?

Ko je trenutno na forumu
 

Ukupno su 600 korisnika na forumu :: 24 registrovanih, 2 sakrivenih i 574 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aleksmajstor, ArmyBoss, babaroga, bato3, dragon986, Drug Platov, gagidjuric, helen1, ivica976, LUDI, mean_machine, pavlest1906, Perko91, peruni, raketaš, repac2, robertino, sakota79, Srki94, Sveto, VJ, Vlada1389, vlvl, voja64