HJT Log

1

HJT Log

offline
  • Acid_Burn  Male
  • Moderator foruma
  • Glavni moderator foruma Zabava
  • Hellraiser
  • Demon to some. Angel to others
  • Pridružio: 07 Jan 2005
  • Poruke: 25504
  • Gde živiš: Beneath the Black Sky

Radi se o kompu moje devojcice nesto je kliknula na MSN messengeru pa je zakachila nekog trojanaca....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:54:19, on 2.7.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP0.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 6714 bytes

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

Nije puno opasno.

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Acid_Burn  Male
  • Moderator foruma
  • Glavni moderator foruma Zabava
  • Hellraiser
  • Demon to some. Angel to others
  • Pridružio: 07 Jan 2005
  • Poruke: 25504
  • Gde živiš: Beneath the Black Sky

ComboFix 08-07-01.5 - Tanja 2008-07-02 21:17:28.1 - NTFSx86
Running from: C:\Users\Tanja\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.

2008-07-02 20:50 . 2008-07-02 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-22 21:42 . 2008-06-23 06:40 <DIR> d-------- C:\Program Files\MyPlayCity
2008-06-22 21:42 . 2008-06-22 21:42 <DIR> d-------- C:\Program Files\Conduit
2008-06-21 14:12 . 2008-06-21 14:15 <DIR> d-------- C:\Users\Tanja\dwhelper
2008-06-17 19:03 . 2008-07-02 21:12 <DIR> d-------- C:\Users\Tanja\AppData\Roaming\uTorrent
2008-06-17 19:03 . 2008-06-17 19:03 <DIR> d-------- C:\Program Files\uTorrent
2008-06-03 20:42 . 2008-06-03 20:43 22 --a------ C:\Windows\Benson.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 17:26 --------- d-----w C:\ProgramData\DVD Shrink
2008-06-21 23:41 --------- d-----w C:\Program Files\FlashGet
2008-05-23 14:58 --------- d-----w C:\Users\Tanja\AppData\Roaming\Ahead
2008-05-23 14:25 --------- d-----w C:\ProgramData\Nero
2008-05-23 14:25 --------- d-----w C:\Program Files\Nero
2008-05-23 14:25 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-21 04:45 --------- d-----w C:\Program Files\Google
2008-05-20 19:18 --------- d-----w C:\Program Files\McDonaldsDragons
2008-05-20 18:53 --------- d-----w C:\Users\Tanja\AppData\Roaming\CDBurnerXP_Soft
2008-05-20 18:53 --------- d-----w C:\Program Files\CDBurnerXP
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 17:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 16:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 19:12 174 --sha-w C:\Program Files\desktop.ini
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Defender
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Calendar
2008-05-13 18:36 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-05-13 18:36 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-05-13 18:36 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-05-13 18:36 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-05-13 18:36 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-05-13 18:36 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-05-13 18:36 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-05-13 18:36 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-13 18:36 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-05-13 18:36 2,923,520 ----a-w C:\Windows\explorer.exe
2008-05-13 18:35 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-05-13 18:35 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-05-13 18:31 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-05-13 18:31 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-05-13 18:30 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-05-13 18:30 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-05-13 18:30 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-05-13 18:30 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-05-13 18:29 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-05-13 18:29 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-05-13 18:29 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-05-13 18:29 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-05-13 18:29 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-05-13 18:29 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-05-13 18:29 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-05-13 18:29 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-05-13 18:29 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-05-13 18:28 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-05-13 18:28 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-05-13 18:28 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-05-13 18:28 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-05-13 18:28 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-05-13 18:28 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-05-13 18:27 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-05-13 18:27 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-05-13 18:26 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-05-13 18:26 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-05-13 18:26 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-05-13 18:26 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-05-13 18:26 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
2008-05-13 18:26 23,552 ----a-w C:\Windows\System32\lpremove.exe
2008-05-13 18:26 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-05-13 18:26 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-05-13 18:26 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-05-13 18:26 166,912 ----a-w C:\Windows\System32\lpksetup.exe
2008-05-13 18:26 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
2008-05-13 18:25 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-05-13 18:25 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-05-13 18:25 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-05-13 18:25 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-05-13 18:25 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-05-13 18:24 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-05-13 18:22 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-05-13 18:21 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-05-13 18:21 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-05-13 18:21 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-05-13 18:21 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-05-13 18:20 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-05-13 18:20 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-05-13 18:20 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-05-13 18:20 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-05-13 18:20 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-05-13 18:20 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-05-13 18:20 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-05-13 18:20 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-05-13 18:20 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-05-13 18:19 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-05-13 18:19 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-05-13 18:17 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-05-13 18:17 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-05-13 18:17 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-13 18:17 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-13 18:17 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-13 18:17 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-13 18:17 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-13 18:17 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-05-13 18:16 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-05-13 18:15 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-05-13 18:15 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-05-13 18:14 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-05-13 18:14 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-05-13 18:14 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-05-13 18:14 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-03-04 13:44 1470488 --a------ C:\Program Files\MyPlayCity\tbMyP0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "C:\Program Files\MyPlayCity\tbMyP0.dll" [2008-03-04 13:44 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "C:\Program Files\MyPlayCity\tbMyP0.dll" [2008-03-04 13:44 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-13 20:16 1232896]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 10:10 4468736 C:\Windows\RtHDVCpl.exe]

C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2005-03-01 14:39:43 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-04-30 06:19 118784 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 14:32 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4C4F7FA3-6326-4D88-B8FE-7E5D707C91D0}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{BDCE2112-3A86-493B-9980-108FD2A4BD16}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{480CBA2B-B3DC-4605-8E90-0680DF4800F5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2F94EB27-3979-471D-B47B-1DA4D748D73C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{03F1685A-4BA3-45E1-888F-159B60AC0A14}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:23]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 MyWebSearchService;My Web Search Service;C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe []
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 08:24]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]

*Newly Created Service* - CATCHME
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RegistryMechanic - (no file)
MSConfigStartUp-MyWebSearch Plugin - C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 21:20:52
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-02 21:21:51
ComboFix-quarantined-files.txt 2008-07-02 19:21:47

Pre-Run: 12,660,731,904 bytes free
Post-Run: 13,150,408,704 bytes free

204 --- E O F --- 2008-05-14 17:31:49

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

Otvoriti Notepad i iskopirati sledeci tekst:

Driver::
MyWebSearchService


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

E sada sledece: u IE-u postoji neki toolbar MyPlayCity. Jel namerno instaliran ili se sam nekako ubacio?

offline
  • Acid_Burn  Male
  • Moderator foruma
  • Glavni moderator foruma Zabava
  • Hellraiser
  • Demon to some. Angel to others
  • Pridružio: 07 Jan 2005
  • Poruke: 25504
  • Gde živiš: Beneath the Black Sky

ComboFix 08-07-01.5 - Tanja 2008-07-02 22:58:07.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.312 [GMT 2:00]
Running from: C:\Users\Tanja\Desktop\ComboFix.exe
Command switches used :: C:\Users\Tanja\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-06-02 to 2008-07-02 )))))))))))))))))))))))))))))))
.

2008-07-02 21:15 . 2008-07-02 22:57 <DIR> d-------- C:\327882R2FWJFW
2008-07-02 20:50 . 2008-07-02 20:50 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-22 21:42 . 2008-06-23 06:40 <DIR> d-------- C:\Program Files\MyPlayCity
2008-06-22 21:42 . 2008-06-22 21:42 <DIR> d-------- C:\Program Files\Conduit
2008-06-21 14:12 . 2008-06-21 14:15 <DIR> d-------- C:\Users\Tanja\dwhelper
2008-06-17 19:03 . 2008-07-02 22:53 <DIR> d-------- C:\Users\Tanja\AppData\Roaming\uTorrent
2008-06-17 19:03 . 2008-06-17 19:03 <DIR> d-------- C:\Program Files\uTorrent
2008-06-03 20:42 . 2008-06-03 20:43 22 --a------ C:\Windows\Benson.INI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 17:26 --------- d-----w C:\ProgramData\DVD Shrink
2008-06-21 23:41 --------- d-----w C:\Program Files\FlashGet
2008-05-23 14:58 --------- d-----w C:\Users\Tanja\AppData\Roaming\Ahead
2008-05-23 14:25 --------- d-----w C:\ProgramData\Nero
2008-05-23 14:25 --------- d-----w C:\Program Files\Nero
2008-05-23 14:25 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-21 04:45 --------- d-----w C:\Program Files\Google
2008-05-20 19:18 --------- d-----w C:\Program Files\McDonaldsDragons
2008-05-20 18:53 --------- d-----w C:\Users\Tanja\AppData\Roaming\CDBurnerXP_Soft
2008-05-20 18:53 --------- d-----w C:\Program Files\CDBurnerXP
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 17:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 17:30 54,784 ----a-w C:\Windows\system32\drivers\i8042prt.sys
2008-05-14 17:30 495,160 ----a-w C:\Windows\system32\drivers\Wdf01000.sys
2008-05-14 17:30 35,384 ----a-w C:\Windows\system32\drivers\WdfLdr.sys
2008-05-14 17:30 35,384 ----a-w C:\Windows\system32\drivers\kbdclass.sys
2008-05-14 17:30 34,360 ----a-w C:\Windows\system32\drivers\mouclass.sys
2008-05-14 17:30 19,968 ----a-w C:\Windows\system32\drivers\sermouse.sys
2008-05-14 17:30 15,872 ----a-w C:\Windows\system32\drivers\mouhid.sys
2008-05-14 16:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 19:12 174 --sha-w C:\Program Files\desktop.ini
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Defender
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Calendar
2008-05-13 18:38 70,144 ----a-w C:\Windows\system32\drivers\pacer.sys
2008-05-13 18:38 619,008 ----a-w C:\Windows\system32\drivers\dxgkrnl.sys
2008-05-13 18:38 61,952 ----a-w C:\Windows\system32\drivers\wanarp.sys
2008-05-13 18:38 48,640 ----a-w C:\Windows\system32\drivers\ndproxy.sys
2008-05-13 18:38 20,480 ----a-w C:\Windows\system32\drivers\ndistapi.sys
2008-05-13 18:36 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-13 18:36 2,923,520 ----a-w C:\Windows\explorer.exe
2008-05-13 18:35 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-05-13 18:31 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-05-13 18:31 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-05-13 18:29 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-05-13 18:29 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-05-13 18:29 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-05-13 18:28 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-05-13 18:28 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-05-13 18:28 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-05-13 18:28 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-05-13 18:26 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-05-13 18:26 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-05-13 18:26 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-05-13 18:26 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-05-13 18:26 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-05-13 18:25 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-05-13 18:25 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-05-13 18:18 320,000 ----a-w C:\Windows\system32\drivers\csc.sys
2008-05-13 18:18 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-05-13 18:17 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-13 18:17 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-13 18:17 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-13 18:17 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-13 18:14 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-05-13 18:14 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-05-13 18:14 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-05-13 18:14 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2008-05-13 18:14 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2008-05-13 18:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-05-11 09:20 --------- d-----w C:\Program Files\Windows Live
2008-05-11 09:19 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-11 09:18 --------- d-----w C:\ProgramData\WLInstaller
2008-05-09 19:39 --------- d-----w C:\Users\Tanja\AppData\Roaming\Rainlendar
2008-05-09 15:45 --------- d-----w C:\Users\Tanja\AppData\Roaming\GameHouse
2008-05-07 16:05 --------- d-----w C:\Users\Tanja\AppData\Roaming\AdobeUM
2008-05-06 15:40 --------- d-----w C:\Program Files\ATI
2008-05-06 15:39 --------- d-----w C:\Users\Tanja\AppData\Roaming\ATI
2008-05-06 15:39 --------- d-----w C:\ProgramData\ATI
2008-05-06 15:36 --------- d-----w C:\Program Files\ATI Technologies
2008-05-06 15:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-06 15:19 --------- d-----w C:\Program Files\DriverCleanerDotNET
2008-05-05 15:46 15,600 ----a-w C:\Windows\gdrv.sys
2008-05-05 14:27 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-29 07:30 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-04-29 07:30 315,392 ----a-w C:\Windows\HideWin.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-02_21.21.18,91 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-01 19:23:26 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-02 21:02:19 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-07-01 19:24:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-02 21:02:49 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-07-01 19:24:43 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-02 21:02:49 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-07-01 19:23:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-02 21:03:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-01 19:23:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-02 21:03:01 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-01 19:23:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-02 21:03:01 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-02 18:24:49 103,818 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-02 19:29:22 103,818 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-02 18:24:49 618,410 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-02 19:29:22 618,410 ----a-w C:\Windows\System32\perfh009.dat
- 2008-07-01 19:25:41 6,972 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-662675259-2252122621-2224030840-1000_UserData.bin
+ 2008-07-02 19:26:43 6,972 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-662675259-2252122621-2224030840-1000_UserData.bin
- 2008-07-01 19:25:41 45,870 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-02 19:26:43 46,028 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-01 19:25:37 29,294 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-02 19:26:41 29,574 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2008-03-04 13:44 1470488 --a------ C:\Program Files\MyPlayCity\tbMyP0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "C:\Program Files\MyPlayCity\tbMyP0.dll" [2008-03-04 13:44 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "C:\Program Files\MyPlayCity\tbMyP0.dll" [2008-03-04 13:44 1470488]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-13 20:16 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 11:45 222208]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 10:10 4468736 C:\Windows\RtHDVCpl.exe]
"RegistryMechanic"="" [BU]

C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2005-03-01 14:39:43 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-04-30 06:19 118784 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 14:32 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4C4F7FA3-6326-4D88-B8FE-7E5D707C91D0}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{BDCE2112-3A86-493B-9980-108FD2A4BD16}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{480CBA2B-B3DC-4605-8E90-0680DF4800F5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2F94EB27-3979-471D-B47B-1DA4D748D73C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{03F1685A-4BA3-45E1-888F-159B60AC0A14}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:23]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 08:24]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]

.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - C:\Program Files\MSN Messenger\MsnMsgr.Exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-02 23:03:03
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\conime.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-07-02 23:05:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-02 21:05:22
ComboFix2.txt 2008-07-02 19:21:52

Pre-Run: 13,946,499,072 bytes free
Post-Run: 13,490,528,256 bytes free

221 --- E O F --- 2008-05-14 17:31:49





Sto se tiche ovog myplaycity-ija i to treba da leti nije inastalirano sa namerom vec je uletelo prilikom instalacije nekih malih igrica.....

Dopuna: 07 Jul 2008 19:10

Opet problemi...MSN izgleda siri opet neke malware,spyware i sl...

Evo loga:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:25, on 7.7.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1392740
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 5359 bytes

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

Preimenuj HijackThis i folder u kojem se nalazi, tako da se u imenu vise ne spominje HijackThis niti bilo sta slicno. Isto preimenuj i folder TrendMicro.

Daj mi onda novi HijackThis log, i nov ComboFix log.

offline
  • Acid_Burn  Male
  • Moderator foruma
  • Glavni moderator foruma Zabava
  • Hellraiser
  • Demon to some. Angel to others
  • Pridružio: 07 Jan 2005
  • Poruke: 25504
  • Gde živiš: Beneath the Black Sky

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:01, on 9.7.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TM\otmicmari\OtMicMari.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 5346 bytes


ComboFix Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:01, on 9.7.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\TM\otmicmari\OtMicMari.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &Search - ?p=ZJfox000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

--
End of file - 5346 bytes

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

Dao si mi dva puta HijackThis log. Daj i ComboFix log, mozda se tamo vidi nesto, posto je HJT log cist.

offline
  • Acid_Burn  Male
  • Moderator foruma
  • Glavni moderator foruma Zabava
  • Hellraiser
  • Demon to some. Angel to others
  • Pridružio: 07 Jan 2005
  • Poruke: 25504
  • Gde živiš: Beneath the Black Sky

My mistake...

ComboFix 08-07-01.5 - Tanja 2008-07-09 15:47:10.3 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.263 [GMT 2:00]
Running from: C:\Users\Tanja\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-06-09 to 2008-07-09 )))))))))))))))))))))))))))))))
.

2008-07-04 16:39 . 2008-07-04 16:39 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-07-02 20:50 . 2008-07-09 15:45 <DIR> d-------- C:\Program Files\TM
2008-06-22 21:42 . 2008-07-04 16:40 <DIR> d-------- C:\Program Files\MyPlayCity
2008-06-22 21:42 . 2008-07-04 16:40 <DIR> d-------- C:\Program Files\Conduit
2008-06-21 14:12 . 2008-06-21 14:15 <DIR> d-------- C:\Users\Tanja\dwhelper
2008-06-17 19:03 . 2008-07-09 11:29 <DIR> d-------- C:\Users\Tanja\AppData\Roaming\uTorrent
2008-06-17 19:03 . 2008-06-17 19:03 <DIR> d-------- C:\Program Files\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 17:26 --------- d-----w C:\ProgramData\DVD Shrink
2008-06-21 23:41 --------- d-----w C:\Program Files\FlashGet
2008-05-23 14:58 --------- d-----w C:\Users\Tanja\AppData\Roaming\Ahead
2008-05-23 14:25 --------- d-----w C:\ProgramData\Nero
2008-05-23 14:25 --------- d-----w C:\Program Files\Nero
2008-05-23 14:25 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-21 04:45 --------- d-----w C:\Program Files\Google
2008-05-20 19:18 --------- d-----w C:\Program Files\McDonaldsDragons
2008-05-20 18:53 --------- d-----w C:\Users\Tanja\AppData\Roaming\CDBurnerXP_Soft
2008-05-20 18:53 --------- d-----w C:\Program Files\CDBurnerXP
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-14 17:34 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 16:19 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 19:12 174 --sha-w C:\Program Files\desktop.ini
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Sidebar
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Defender
2008-05-13 19:07 --------- d-----w C:\Program Files\Windows Calendar
2008-05-13 18:36 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-05-13 18:36 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-05-13 18:36 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-05-13 18:36 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-05-13 18:36 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-05-13 18:36 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-05-13 18:36 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-05-13 18:36 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-05-13 18:36 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-05-13 18:36 2,923,520 ----a-w C:\Windows\explorer.exe
2008-05-13 18:35 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-05-13 18:35 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-05-13 18:31 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2008-05-13 18:31 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-05-13 18:30 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-05-13 18:30 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-05-13 18:30 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-05-13 18:30 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-05-13 18:29 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-05-13 18:29 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-05-13 18:29 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-05-13 18:29 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-05-13 18:29 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-05-13 18:29 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-05-13 18:29 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-05-13 18:29 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-05-13 18:29 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-05-13 18:28 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-05-13 18:28 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-05-13 18:28 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-05-13 18:28 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-05-13 18:28 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-05-13 18:28 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-05-13 18:27 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2008-05-13 18:27 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-05-13 18:26 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-05-13 18:26 8,704 ----a-w C:\Windows\System32\hccoin.dll
2008-05-13 18:26 5,888 ----a-w C:\Windows\system32\drivers\usbd.sys
2008-05-13 18:26 38,400 ----a-w C:\Windows\system32\drivers\usbehci.sys
2008-05-13 18:26 25,600 ----a-w C:\Windows\System32\LangCleanupSysprepAction.dll
2008-05-13 18:26 23,552 ----a-w C:\Windows\System32\lpremove.exe
2008-05-13 18:26 224,768 ----a-w C:\Windows\system32\drivers\usbport.sys
2008-05-13 18:26 192,000 ----a-w C:\Windows\system32\drivers\usbhub.sys
2008-05-13 18:26 19,456 ----a-w C:\Windows\system32\drivers\usbohci.sys
2008-05-13 18:26 166,912 ----a-w C:\Windows\System32\lpksetup.exe
2008-05-13 18:26 10,240 ----a-w C:\Windows\System32\MUILanguageCleanup.dll
2008-05-13 18:25 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-05-13 18:25 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-05-13 18:25 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-05-13 18:25 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-05-13 18:25 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-05-13 18:24 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-05-13 18:22 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-05-13 18:21 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-05-13 18:21 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-05-13 18:21 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-05-13 18:21 2,048 ----a-w C:\Windows\System32\asferror.dll
2008-05-13 18:20 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-05-13 18:20 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-05-13 18:20 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-05-13 18:20 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-05-13 18:20 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-05-13 18:20 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-05-13 18:20 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-05-13 18:20 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-05-13 18:20 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-05-13 18:19 2,048 ----a-w C:\Windows\System32\msxml6r.dll
2008-05-13 18:19 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-05-13 18:17 84,480 ----a-w C:\Windows\System32\INETRES.dll
2008-05-13 18:17 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2008-05-13 18:17 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-13 18:17 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-05-13 18:17 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-13 18:17 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-05-13 18:17 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-13 18:17 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-05-13 18:16 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-05-13 18:15 84,480 ----a-w C:\Windows\System32\dnsrslvr.dll
2008-05-13 18:15 24,576 ----a-w C:\Windows\System32\dnscacheugc.exe
2008-05-13 18:14 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-05-13 18:14 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2008-05-13 18:14 53,760 ----a-w C:\Windows\system32\drivers\hdaudbus.sys
2008-05-13 18:14 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-02_21.21.18,91 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-04 14:39:20 2,560 ----a-w C:\Windows\_MSRSTRT.EXE
- 2008-07-01 19:23:26 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-09 13:05:45 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-07-09 13:47:02 6,230,016 ----a-w C:\Windows\erdnt\Hiv-backup\SCHEMA.DAT
+ 2005-10-20 18:02:28 163,328 ----a-w C:\Windows\erdnt\subs\ERDNT.EXE
- 2008-07-01 19:23:28 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-07-09 13:05:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-07-01 19:23:28 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-07-09 13:05:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-07-01 19:24:43 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-07-09 13:07:32 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-07-01 19:24:43 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-07-09 13:07:27 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-07-01 19:23:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-09 13:06:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-07-01 19:23:47 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-07-09 13:06:20 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-01 19:23:47 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-09 13:06:20 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-02 18:24:49 103,818 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-07-09 13:12:36 103,818 ----a-w C:\Windows\System32\perfc009.dat
- 2008-07-02 18:24:49 618,410 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-07-09 13:12:36 618,410 ----a-w C:\Windows\System32\perfh009.dat
- 2008-06-11 19:37:30 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-07-09 13:18:45 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-07-01 19:25:41 6,972 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-662675259-2252122621-2224030840-1000_UserData.bin
+ 2008-07-09 13:07:56 7,282 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-662675259-2252122621-2224030840-1000_UserData.bin
- 2008-07-01 19:25:41 45,870 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-09 13:07:56 46,234 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-07-01 19:25:37 29,294 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-07-09 13:07:56 29,916 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-05-13 20:16 1232896]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-10 10:10 4468736 C:\Windows\RtHDVCpl.exe]
"RegistryMechanic"="" [BU]

C:\Users\Tanja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainlendar.lnk - C:\Program Files\Rainlendar\Rainlendar.exe [2005-03-01 14:39:43 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-03-12 13:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2008-04-30 06:19 118784 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-09 18:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
--a------ 2006-11-02 14:32 2159104 C:\Windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiSpywareOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4C4F7FA3-6326-4D88-B8FE-7E5D707C91D0}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{BDCE2112-3A86-493B-9980-108FD2A4BD16}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"{480CBA2B-B3DC-4605-8E90-0680DF4800F5}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2F94EB27-3979-471D-B47B-1DA4D748D73C}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{03F1685A-4BA3-45E1-888F-159B60AC0A14}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-10-30 17:23]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-03-29 08:24]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 15:49:41
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-09 15:50:45
ComboFix-quarantined-files.txt 2008-07-09 13:50:38
ComboFix2.txt 2008-07-02 21:05:37
ComboFix3.txt 2008-07-02 19:21:52

Pre-Run: 15,406,141,440 bytes free
Post-Run: 15,422,676,992 bytes free

221 --- E O F --- 2008-05-14 17:31:49

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24130
  • Gde živiš: Wien

Skinuti MsnCleaner.zip , ali ne pokretati program jos uvek.
Restartovati kompjuter u Safe Mode
Pokrenuti MsnCleaner_eng.exe
Kliknuti dugme Analyze
Kada se zavrsi skeniranje pojavice se izvestaj
Ukoliko je pronadjena neka infekcija, kliknuti dugme Deleted
Restartovati kompjuter u normalan rezim rada

Otvoriti u Notepad-u fajl C:\MsnCleaner.txt i iskopirati sadrzaj fajla u poruku na forumu.


Kazi mi jos i tacne simptome. Sta se tacno desava/pojavljuje?

Ko je trenutno na forumu
 

Ukupno su 847 korisnika na forumu :: 40 registrovanih, 3 sakrivenih i 804 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 2967 - dana 31 Okt 2019 06:37

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Petar, _Sale, aljosa7, cavatina, darkangel, DENA, drdoca, Drug pukovnik, Fog of War, FOX, Gama, goxin, ikan, ivance95, Kaplar2, Kos93, Kubovac, Ljubitelj2, ltcolonel, majorgaspar, Marko Marković2, MB120mm, Mihajlo2, MikeHammer, NenadG, Nennad, nikoladi, panticstefan53, perko91, Profica2, Rakenica, Recce, Sall, Skijavoneska, stegonosa, USSVoyager, vathra, vrag81, x92, zdrebac2