MyCity » Ambulanta -> Arhiva Ambulante » Pomoc hitno potrebna!

Pomoc hitno potrebna!

Napisano na dan: 27.4.2010

Strana:
1
2

Pomoc hitno potrebna!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

maki170582 Poslao: 27 Apr 2010 22:57 Idi na vrh
offline maki170582 Građanin Pridružio: 11 Avg 2008 Poruke: 65 Gde živiš: Vancouver	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mladji brat mi je greskom ubacio flash disk i zarazio kompjuter. Na radnoj povrsini mi se javljaju neki novi programi i takodje precice za razne sajtove, programi se zovu nesto tipa security update, i prozorcic sa desne donje strane se stalno pojavljuje i upuzorava me da imam viruse u kompjuteru i nudi mi instalaciju i pokretanje nekih od njihovih programa. Ekran mi se zatamnjuje i nemogu da otvoris task manager!!!! sta da radim, molim vas pomozite... ps: ocajan sam!!!!

Profil

dr_Bora Poslao: 27 Apr 2010 22:58 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Isprati uputstvo i postavi ovde potrebne logove: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Profil

maki170582 Poslao: 30 Apr 2010 16:44 Idi na vrh
offline maki170582 Građanin Pridružio: 11 Avg 2008 Poruke: 65 Gde živiš: Vancouver	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 29 Apr 2010 10:47 Pre par dana mi se na kompjuteru pojavilo nekoliko programa i precica za programe koje nisam instalirao. Ti programi mi se sami nude i jedan od njih se zove digital protection, pored toga mi se povremeno zatamnjuje ekran i kompjuter otezano radi. Moj antivirus program nod32 mi prijavljuje da nemoze da ocisti win32/olmarik trojan..... DDS (Ver_10-03-17.01) - NTFSx86 Run by test at 10:34:00.79 on Thu 04/29/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.71 [GMT 2:00] AV: Digital Protection On-access scanning enabled (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9} AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe c:\windows\system32\svchost -k dcomlaunch svchost.exe c:\windows\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\Temp\wpv791272465393.exe c:\windows\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\userini.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\windows\system32\wuaucldt.exe C:\WINDOWS\system32\userini.exe C:\WINDOWS\system32\jaroul.exe c:\windows\system32\svchost.exe C:\WINDOWS\system32\userini.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\jaroul.exe C:\WINDOWS\system32\userini.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\system32\zychok.exe C:\WINDOWS\system32\zychok.exe c:\windows\system32\svchost.exe c:\windows\system32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe c:\windows\system32\svchost.exe c:\windows\system32\svchost.exe c:\windows\system32\svchost.exe C:\WINDOWS\explorer.exe C:\WINDOWS\Temp\wpv441272464248.exe C:\WINDOWS\system32\zychok.exe c:\windows\system32\svchost.exe C:\WINDOWS\Temp\wpv141272458432.exe C:\Program Files\Internet Explorer\iexplore.exe c:\windows\system32\svchost.exe C:\Documents and Settings\test\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ mWinlogon: Taskman=c:\documents and settings\test\application data\jlwcbb.exe uWinlogon: Shell=c:\documents and settings\test\application data\mnryv.exe,c:\documents and settings\test\application data\jlwcbb.exe,c:\documents and settings\test\csrss.exe,explorer.exe,c:\documents and settings\test\application data\wyzlo.exe BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [userini] c:\windows\system32\userini.exe uRun: [syncman] c:\documents and settings\test\wuaucldt.exe uRun: [zychok] c:\documents and settings\test\zychok.exe mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [syncman] c:\windows\system32\wuaucldt.exe mRun: [userini] c:\windows\system32\userini.exe mRun: [syguse] c:\windows\system32\jaroul.exe mRun: [Regedit32] c:\windows\system32\regedit.exe mRun: [zychok] c:\windows\system32\zychok.exe mRunServices: [syguse] c:\windows\system32\jaroul.exe uExplorerRun: [userini] c:\windows\system32\userini.exe mExplorerRun: [userini] c:\windows\system32\userini.exe uPolicies-system: DisableTaskMgr = 1 (0x1) mPolicies-system: DisableTaskMgr = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\mi699f~1\office10\EXCEL.EXE/3000 IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL ============= SERVICES / DRIVERS =============== R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-9-11 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-9-11 96408] R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-9-11 735960] S2 cgbdepndapsmr;\??\c:\docume;\??\c:\docume~1\test\locals~1\temp\szhrvblcohgudq.sys --> c:\docume~1\test\locals~1\temp\szhrvblcohgudq.sys [?] S2 gupdate1c9dee19208e8a;Google Update Service (gupdate1c9dee19208e8a);c:\program files\google\update\GoogleUpdate.exe [2009-5-27 133104] S2 wmwcmokfmfui;\??\c:\docum;\??\c:\docume~1\test\locals~1\temp\djwtcffh.sys --> c:\docume~1\test\locals~1\temp\djwtcffh.sys [?] S2 ye7j8iyuuyayhus;Crypkey License;c:\windows\system32\pohyb.exe [2010-4-13 285184] S3 FXDRV;FXDRV;\??\g:\fxdrv.sys --> g:\Fxdrv.sys [?] S3 protect;protect;c:\windows\system32\drivers\protect.sys [2010-4-27 18944] SUnknown pbuogrvtgdx;pbuogrvtgdx; [x] =============== Created Last 30 ================ 2010-04-29 08:34:01 1 ----a-w- c:\documents and settings\test\oashdihasidhasuidhiasdhiashdiuasdhasd 2010-04-29 08:28:51 29931 ----a-w- c:\documents and settings\test\zychok.exe 2010-04-29 08:28:50 29931 ----a-w- c:\windows\system32\zychok.exe 2010-04-29 08:19:51 84800 -c--a-w- c:\windows\system32\dllcache\cdrom.sys 2010-04-29 08:16:51 54784 ----a-w- c:\windows\system32\userini.exe 2010-04-27 19:17:27 2096 ----a-w- c:\docume~1\alluse~1\applic~1\fiosejgfse.dll 2010-04-27 19:14:46 29440 ----a-w- c:\windows\system32\wuaucldt.exe 2010-04-27 19:14:46 29440 ----a-w- c:\documents and settings\test\wuaucldt.exe 2010-04-27 18:27:47 0 d-----w- c:\program files\Digital Protection 2010-04-27 18:17:05 18944 ---ha-w- c:\windows\system32\drivers\protect.sys 2010-04-18 11:10:41 0 d-----w- C:\NOD_upd 2010-04-18 11:09:37 0 d-----w- c:\program files\ESET 2010-04-17 19:47:54 139264 --sh--r- c:\docume~1\test\applic~1\mnryv.exe 2010-04-13 19:24:57 285184 ----a-w- c:\windows\system32\pohyb.exe 2010-04-13 19:23:40 285184 ----a-w- c:\windows\system32\jaroul.exe 2010-04-13 17:19:42 118784 --sh--r- c:\docume~1\test\applic~1\jlwcbb.exe 2010-04-11 08:59:33 129024 --sh--r- c:\docume~1\test\applic~1\wyzlo.exe 2010-04-03 14:45:08 0 ----a-w- c:\documents and settings\test\Desktop.ini ==================== Find3M ==================== 2010-04-29 08:33:54 84800 ----a-w- c:\windows\system32\drivers\cdrom.sys 2010-04-27 20:40:21 1032192 ----a-w- c:\windows\explorer.exe 2010-03-31 19:08:40 107520 --sh--r- c:\documents and settings\test\csrss.exe 2010-03-02 12:58:57 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-03-02 12:58:57 348160 ----a-w- c:\windows\system32\msvcr71.dll ============= FINISH: 10:34:26.98 =============== mycity.rs/must-login.png Dopuna: 29 Apr 2010 10:52 KASNIJE CU PRIKACIT GMER LOG FILE...!!!! Dopuna: 30 Apr 2010 16:44 mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png To je to, molim vas recite mi sta dalje?!!

Profil

dr_Bora Poslao: 30 Apr 2010 16:56 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	1Ovo se svidja korisniku: maki170582 Registruj se da bi pohvalio/la poruku! Mnogo malware-a tu ima, baš mnogo. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. Napomena #2: ukoliko ne možeš da pokreneš ComboFix, klikni desnim tasterom na njegov file i izaberi Rename - kao novo ime upiši bilo šta, npr. 123 i zatim opet pokušaj da ga pokreneš.

Profil

maki170582 Poslao: 30 Apr 2010 21:14 Idi na vrh
offline maki170582 Građanin Pridružio: 11 Avg 2008 Poruke: 65 Gde živiš: Vancouver	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: pre combofix-a mi je nod32 prijavio sledeci fajl win32/kryptik.AF trojan a combofix mi je rekao da zapisem ove fajlove windows/system32/PRAGMASRCR.DAT windows/system32/pragmaserf.dll windows/system32/pragmabbr.dll ComboFix 10-04-29.05 - test 04/30/2010 20:25:30.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.275 [GMT 2:00] Running from: c:\documents and settings\test\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Created a new restore point * Resident AV is active . ADS - explorer.exe: deleted 55296 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\docume~1\test\LOCALS~1\Temp\bmqnxxnwp.sys c:\documents and settings\All Users\Application Data\fiosejgfse.dll c:\documents and settings\All Users\Application Data\HotbarSA c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSA.dat c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSA_hpk.dat c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSA_kyf.dat c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSAAbout.mht c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSAau.dat c:\documents and settings\All Users\Application Data\HotbarSA\HotbarSAEULA.mht c:\documents and settings\All Users\Application Data\pragmamfeklnmal.dll c:\documents and settings\All Users\Desktop\nudetube.com.lnk c:\documents and settings\All Users\Desktop\(film-za-odrasle)-otube.com.lnk c:\documents and settings\All Users\Desktop\youporn.com.lnk c:\documents and settings\All Users\Favorites\_favdata.dat c:\documents and settings\LocalService\Application Data\Microsoft\kuvog.exe c:\documents and settings\test\Application Data\Microsoft\Internet Explorer\Quick Launch\Digital Protection.lnk c:\documents and settings\test\Application Data\pard.exe c:\documents and settings\test\Application Data\wiaservg.log c:\documents and settings\test\csrss.exe c:\documents and settings\test\Desktop\Digital Protection Support.lnk c:\documents and settings\test\Desktop\Digital Protection.lnk c:\documents and settings\test\Local Settings\temp\bmqnxxnwp.sys c:\documents and settings\test\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\test\Start Menu\Programs\Digital Protection c:\documents and settings\test\Start Menu\Programs\Digital Protection\About.lnk c:\documents and settings\test\Start Menu\Programs\Digital Protection\Activate.lnk c:\documents and settings\test\Start Menu\Programs\Digital Protection\Buy.lnk c:\documents and settings\test\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk c:\documents and settings\test\Start Menu\Programs\Digital Protection\Digital Protection.lnk c:\documents and settings\test\Start Menu\Programs\Digital Protection\Scan.lnk c:\documents and settings\test\Start Menu\Programs\Digital Protection\Settings.lnk c:\documents and settings\test\Start Menu\Programs\Digital Protection\Update.lnk c:\documents and settings\test\wuaucldt.exe c:\documents and settings\test\zychok.exe c:\program files\Digital Protection c:\program files\Digital Protection\about.ico c:\program files\Digital Protection\activate.ico c:\program files\Digital Protection\buy.ico c:\program files\Digital Protection\dig.db c:\program files\Digital Protection\digext.dll c:\program files\Digital Protection\dighook.dll c:\program files\Digital Protection\digprot.exe c:\program files\Digital Protection\help.ico c:\program files\Digital Protection\scan.ico c:\program files\Digital Protection\settings.ico c:\program files\Digital Protection\splash.mp3 c:\program files\Digital Protection\Uninstall.exe c:\program files\Digital Protection\update.ico c:\program files\Digital Protection\virus.mp3 c:\recycler\S-1-5-21-1226010252-8792639800-903433954-2199 c:\recycler\S-1-5-21-1860910876-2864402084-399511330-1558 c:\recycler\S-1-5-21-4585648558-5816427483-207072895-5501 c:\windows\PRAGMAiorjkbxpir c:\windows\PRAGMAiorjkbxpir\PRAGMAc.dll c:\windows\PRAGMAiorjkbxpir\PRAGMAcfg.ini c:\windows\PRAGMAiorjkbxpir\PRAGMAd.sys c:\windows\prefetch\explorer.exe c:\windows\system32\drivers\str.sys c:\windows\system32\pragmabbr.dll c:\windows\system32\pragmaserf.dll c:\windows\system32\PRAGMAsrcr.dat c:\windows\system32\userini.exe c:\windows\system32\wbem\grpconv.exe c:\windows\system32\wuaucldt.exe c:\windows\system32\zychok.exe D:\autorun.inf E:\Autorun.inf F:\Autorun.inf Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected Restored copy from - Kitty had a snack :p c:\windows\system32\drivers\cdrom.sys . . . is infected!! c:\windows\system32\grpconv.exe was missing Restored copy from - c:\system volume information\_restore{9896F155-968E-4374-B479-F89EA049B290}\RP225\A0059867.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_PRAGMAiorjkbxpir -------\Legacy_PRAGMAiorjkbxpir -------\Legacy_PBUOGRVTGDX -------\Service_protect ((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-30 ))))))))))))))))))))))))))))))) . 2010-04-30 18:59 . 2004-08-03 22:56 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2010-04-30 18:59 . 2004-08-03 22:56 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-04-30 18:25 . 2010-04-30 18:25 -------- d-----w- c:\documents and settings\test\Local Settings\Application Data\ESET 2010-04-30 17:45 . 2010-04-30 17:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-04-30 17:45 . 2010-04-13 19:23 285184 ----a-w- c:\windows\system32\pohyb.exe 2010-04-29 08:25 . 2010-04-29 08:25 -------- d-----w- c:\documents and settings\Administrator.TESTERI-26A99C5\Local Settings\Application Data\Opera 2010-04-27 20:12 . 2010-04-27 20:12 -------- d-----w- c:\documents and settings\Administrator.TESTERI-26A99C5\Application Data\DivX 2010-04-19 12:59 . 2010-04-19 12:59 255472 ----a-w- c:\documents and settings\test\Application Data\Mozilla\plugins\npgoogletalk.dll 2010-04-18 11:10 . 2010-04-18 11:10 -------- d-----w- C:\NOD_upd 2010-04-18 11:09 . 2010-04-18 11:09 -------- d-----w- c:\program files\ESET 2010-04-18 11:09 . 2010-04-18 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2010-04-17 19:47 . 2010-04-17 19:47 139264 --sh--r- c:\documents and settings\test\Application Data\mnryv.exe 2010-04-13 19:23 . 2010-04-13 19:23 285184 ----a-w- c:\windows\system32\jaroul.exe 2010-04-11 08:59 . 2010-04-11 08:59 129024 --sh--r- c:\documents and settings\test\Application Data\wyzlo.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-04-30 19:04 . 2004-08-03 20:59 84800 ----a-w- c:\windows\system32\drivers\cdrom.sys 2010-04-27 20:40 . 2004-08-03 22:56 1032192 ----a-w- c:\windows\explorer.exe 2010-04-27 20:40 . 2009-03-29 20:26 -------- d-----w- c:\documents and settings\test\Application Data\uTorrent 2010-04-27 20:15 . 2009-03-29 18:20 -------- d-----w- c:\program files\Unlocker 2010-04-25 18:40 . 2009-03-29 16:36 -------- d-----w- c:\documents and settings\test\Application Data\Skype 2010-04-25 15:15 . 2009-03-29 16:38 -------- d-----w- c:\documents and settings\test\Application Data\skypePM 2010-04-18 15:20 . 2009-03-30 15:24 10 ----a-w- c:\windows\popcinfo.dat 2010-04-13 17:19 . 2010-04-27 20:07 118784 --sh--r- c:\documents and settings\Administrator.TESTERI-26A99C5\Application Data\jlwcbb.exe 2010-04-13 17:19 . 2010-04-27 20:07 118784 --sh--r- c:\documents and settings\Administrator.TESTERI-26A99C5\Application Data\jlwcbb.exe 2010-03-03 13:05 . 2009-07-20 09:45 -------- d-----w- c:\documents and settings\test\Application Data\Any DVD Converter Professional 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-02 12:59 . 2010-03-02 12:59 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-02 12:59 . 2010-03-02 12:59 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-02 12:59 . 2009-03-29 20:21 -------- d-----w- c:\program files\Common Files\Real 2010-03-02 12:59 . 2009-03-29 20:21 -------- d-----w- c:\program files\Real 2010-03-02 12:58 . 2009-05-10 00:07 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-03-02 12:58 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll . ((((((((((((((((((((((((((((( SnapShot@2009-12-05_17.58.23 ))))))))))))))))))))))))))))))))))))))))) . + 2010-04-30 19:02 . 2010-04-30 19:02 16384 c:\windows\Temp\Perflib_Perfdata_694.dat + 2009-03-29 21:51 . 2006-10-26 18:56 33104 c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll - 2009-03-29 21:51 . 2006-10-26 17:56 33104 c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll - 2009-03-29 21:51 . 2006-10-26 17:56 67408 c:\windows\system32\spool\drivers\w32x86\msonpui.dll + 2009-03-29 21:51 . 2006-10-26 18:56 67408 c:\windows\system32\spool\drivers\w32x86\msonpui.dll + 2009-03-29 21:51 . 2006-10-26 18:56 67408 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll - 2009-03-29 21:51 . 2006-10-26 17:56 67408 c:\windows\system32\spool\drivers\w32x86\3\msonpui.dll - 2001-08-23 10:00 . 2009-10-25 12:29 60952 c:\windows\system32\perfc009.dat + 2001-08-23 10:00 . 2010-03-28 17:56 60952 c:\windows\system32\perfc009.dat + 2009-03-29 21:51 . 2006-10-26 18:56 32592 c:\windows\system32\msonpmon.dll - 2009-03-29 21:51 . 2006-10-26 17:56 32592 c:\windows\system32\msonpmon.dll + 1998-03-25 23:00 . 1998-03-25 23:00 38160 c:\windows\system32\MAPISRVR.EXE - 2009-06-21 10:13 . 2009-06-21 10:13 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2009-06-21 10:13 . 2010-02-17 18:58 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe + 2009-03-29 19:10 . 2010-01-10 10:21 84507 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe + 2009-09-11 05:26 . 2009-09-11 05:26 96408 c:\windows\system32\drivers\epfwtdir.sys + 2009-11-18 21:36 . 2009-12-07 14:44 56816 c:\windows\system32\drivers\avgntflt.sys + 2009-03-29 15:43 . 2010-04-30 18:24 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2009-03-29 15:43 . 2009-03-29 15:43 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-03-29 15:43 . 2010-04-30 18:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-03-29 15:43 . 2009-03-29 15:43 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2010-04-18 11:06 . 2010-04-30 18:24 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-03-29 15:43 . 2009-03-29 15:43 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2010-03-20 17:49 . 2010-03-20 17:49 22528 c:\windows\Installer\aa4e1.msi + 2010-03-02 12:59 . 2010-03-02 12:59 20480 c:\windows\Installer\97f2ac.msi + 2010-04-18 11:10 . 2010-04-18 11:10 10134 c:\windows\Installer\{EFA800BF-C5C8-46D1-B49D-13920D05417C}\callmsi.exe - 2009-03-29 21:51 . 2009-12-05 06:39 35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe + 2009-03-29 21:51 . 2010-01-02 15:59 35088 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\oisicon.exe - 2009-03-29 21:51 . 2009-12-05 06:39 18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe + 2009-03-29 21:51 . 2010-01-02 15:59 18704 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\mspicons.exe - 2009-03-29 21:51 . 2009-12-05 06:39 20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe + 2009-03-29 21:51 . 2010-01-02 15:59 20240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\cagicon.exe + 2009-12-06 17:16 . 2009-12-06 17:16 90112 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe + 2009-12-06 17:16 . 2009-12-06 17:16 45056 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe + 2009-12-06 17:16 . 2009-12-06 17:16 22528 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe + 2009-12-06 17:16 . 2009-12-06 17:16 30720 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe + 2009-12-06 17:16 . 2009-12-06 17:16 16384 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe + 2009-12-06 17:16 . 2009-12-06 17:16 34304 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe + 2009-12-06 17:16 . 2009-12-06 17:16 81920 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe - 2009-05-10 00:07 . 2009-05-10 00:07 5632 c:\windows\system32\pndx5032.dll + 2009-05-10 00:07 . 2010-03-02 12:59 5632 c:\windows\system32\pndx5032.dll - 2009-05-10 00:07 . 2009-05-10 00:07 6656 c:\windows\system32\pndx5016.dll + 2009-05-10 00:07 . 2010-03-02 12:59 6656 c:\windows\system32\pndx5016.dll + 2009-12-06 17:16 . 2009-12-06 17:16 3584 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe + 2009-12-06 17:16 . 2009-12-06 17:16 8192 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe + 2009-12-06 17:16 . 2009-12-06 17:16 2560 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe + 2009-03-29 21:51 . 2006-10-26 18:56 864080 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll - 2009-03-29 21:51 . 2006-10-26 17:56 864080 c:\windows\system32\spool\drivers\w32x86\msonpdrv.dll + 2009-03-29 21:51 . 2006-10-26 18:56 864080 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll - 2009-03-29 21:51 . 2006-10-26 17:56 864080 c:\windows\system32\spool\drivers\w32x86\3\msonpdrv.dll + 2009-05-10 00:07 . 2010-03-02 12:59 185920 c:\windows\system32\rmoc3260.dll - 2009-05-10 00:07 . 2009-05-10 00:07 185920 c:\windows\system32\rmoc3260.dll + 2009-05-10 00:07 . 2010-03-02 12:58 278528 c:\windows\system32\pncrt.dll - 2009-05-10 00:07 . 2009-05-10 00:07 278528 c:\windows\system32\pncrt.dll + 2001-08-23 10:00 . 2010-03-28 17:56 401084 c:\windows\system32\perfh009.dat - 2001-08-23 10:00 . 2009-10-25 12:29 401084 c:\windows\system32\perfh009.dat + 1998-10-01 11:00 . 1998-10-01 11:00 520128 c:\windows\system32\MAPI.DLL + 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2009-10-28 03:31 . 2009-10-28 03:31 257440 c:\windows\system32\Macromed\Flash\FlashUtil10d.exe + 2009-03-29 17:28 . 2010-01-03 15:13 286904 c:\windows\system32\FNTCACHE.DAT - 2009-03-29 17:28 . 2009-12-03 15:47 286904 c:\windows\system32\FNTCACHE.DAT + 2009-09-11 05:23 . 2009-09-11 05:23 108792 c:\windows\system32\drivers\ehdrv.sys + 2009-09-11 05:17 . 2009-09-11 05:17 116008 c:\windows\system32\drivers\eamon.sys + 2010-04-25 15:46 . 2010-04-25 15:46 305664 c:\windows\Installer\1ef676.msi + 2010-04-18 11:10 . 2010-04-18 11:10 101480 c:\windows\Installer\{EFA800BF-C5C8-46D1-B49D-13920D05417C}\egui.exe - 2009-03-29 21:51 . 2009-12-05 06:39 888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe + 2009-03-29 21:51 . 2010-01-02 15:59 888080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\wordicon.exe + 2009-03-29 21:51 . 2010-01-02 15:59 272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe - 2009-03-29 21:51 . 2009-12-05 06:39 272648 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pubs.exe - 2009-03-29 21:51 . 2009-12-05 06:39 922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe + 2009-03-29 21:51 . 2010-01-02 15:59 922384 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\pptico.exe - 2009-03-29 21:51 . 2009-12-05 06:39 845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe + 2009-03-29 21:51 . 2010-01-02 15:59 845584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\outicon.exe + 2009-03-29 21:51 . 2010-01-02 15:59 217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe - 2009-03-29 21:51 . 2009-12-05 06:39 217864 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\misc.exe + 2009-03-29 21:51 . 2010-01-02 15:59 184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe - 2009-03-29 21:51 . 2009-12-05 06:39 184080 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\joticon.exe + 2009-03-29 21:51 . 2010-01-02 15:59 159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe - 2009-03-29 21:51 . 2009-12-05 06:39 159504 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\inficon.exe + 2009-12-06 17:16 . 2009-12-06 17:16 114688 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe + 2009-12-06 17:16 . 2009-12-06 17:16 167936 c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe - 2009-12-03 14:33 . 2009-12-03 14:33 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe + 2010-01-02 16:01 . 2010-01-02 16:01 217864 c:\windows\Installer\{90120000-006E-0409-0000-0000000FF1CE}\misc.exe + 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll - 2004-08-03 22:56 . 2004-08-03 22:56 1032192 c:\windows\system32\dllcache\explorer.exe + 2004-08-03 22:56 . 2010-04-27 20:40 1032192 c:\windows\system32\dllcache\explorer.exe - 2009-03-29 17:52 . 2009-12-05 17:38 2248192 c:\windows\Installer\64e25d.msi + 2009-03-29 17:52 . 2010-03-03 07:33 2248192 c:\windows\Installer\64e25d.msi + 2009-12-06 17:16 . 2009-12-06 17:16 3485184 c:\windows\Installer\57af4.msi + 2010-04-18 11:10 . 2010-04-18 11:10 1130496 c:\windows\Installer\2f239.msi - 2009-03-29 21:51 . 2009-12-05 06:39 1172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe + 2009-03-29 21:51 . 2010-01-02 15:59 1172240 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\xlicons.exe + 2009-03-29 21:51 . 2010-01-02 15:59 1165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe - 2009-03-29 21:51 . 2009-12-05 06:39 1165584 c:\windows\Installer\{91120000-002E-0000-0000-0000000FF1CE}\accicons.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360] "syguse"="c:\windows\system32\jaroul.exe" [2010-04-13 285184] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-11-07 19:31 135664 ----atw- c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\syguse] 2010-04-13 19:23 285184 ----a-w- c:\windows\system32\jaroul.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-02 12:58 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2009-12-16 21:02 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Documents and Settings\\test\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\test\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Opera\\opera.exe"= "$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/11/2009 7:26 AM 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/11/2009 7:24 AM 735960] S2 cgbdepndapsmr;\??\c:\docume;\??\c:\docume~1\test\LOCALS~1\Temp\szhrvblcohgudq.sys --> c:\docume~1\test\LOCALS~1\Temp\szhrvblcohgudq.sys [?] S2 gupdate1c9dee19208e8a;Google Update Service (gupdate1c9dee19208e8a);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2009 5:37 PM 133104] S2 pbuogrvtgdx;\??\c:\docu;\??\c:\docume~1\test\LOCALS~1\Temp\bmqnxxnwp.sys --> c:\docume~1\test\LOCALS~1\Temp\bmqnxxnwp.sys [?] S2 wmwcmokfmfui;\??\c:\docum;\??\c:\docume~1\test\LOCALS~1\Temp\djwtcffh.sys --> c:\docume~1\test\LOCALS~1\Temp\djwtcffh.sys [?] S2 ye7j8iyuuyayhus;Crypkey License;c:\windows\system32\pohyb.exe [4/30/2010 7:45 PM 285184] S3 FXDRV;FXDRV;\??\g:\fxdrv.sys --> g:\Fxdrv.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/29/2009 11:32 PM 682232] . Contents of the 'Scheduled Tasks' folder 2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 15:37] 2010-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 15:37] 2010-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1801674531-1003Core.job - c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 19:31] 2010-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1801674531-1003UA.job - c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 19:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MI699F~1\Office10\EXCEL.EXE/3000 . - - - - ORPHANS REMOVED - - - - HKCU-Run-userini - c:\windows\system32\userini.exe HKCU-Run-syncman - c:\documents and settings\test\wuaucldt.exe HKCU-Run-zychok - c:\documents and settings\test\zychok.exe HKLM-Run-syncman - c:\windows\system32\wuaucldt.exe HKLM-Run-userini - c:\windows\system32\userini.exe HKLM-Run-zychok - c:\windows\system32\zychok.exe HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe HKLM-Explorer_Run-userini - c:\windows\system32\userini.exe MSConfigStartUp-12CFG214-K641-24SF-N85P - c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1859\ls888.exe MSConfigStartUp-12CFG914-K641-26SF-N32P - c:\recycler\S-1-5-21-0243336031-4052116379-881863308-0851\vse432.exe MSConfigStartUp-Advanced DHTML Enable - c:\docume~1\test\LOCALS~1\Temp\165.exe MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe MSConfigStartUp-cdoosoft - c:\docume~1\test\LOCALS~1\Temp\herss.exe MSConfigStartUp-Digital Protection - c:\program files\Digital Protection\digprot.exe MSConfigStartUp-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe MSConfigStartUp-schvkost - c:\windows\system32\schvkost\schvkost.exe MSConfigStartUp-syncman - c:\documents and settings\test\wuaucldt.exe MSConfigStartUp-sysmon64x - c:\docume~1\test\LOCALS~1\Temp\sysmon64x.exe MSConfigStartUp-Test321 - c:\recycler\S-1-5-21-0243556031-888888379-781863308-1455\fresdg.exe MSConfigStartUp-userini - c:\windows\explorer.exe:userini.exe MSConfigStartUp-Windows Network Data Management System Service - c:\docume~1\test\LOCALS~1\Temp\131.exe AddRemove-Digital Protection - c:\program files\Digital Protection\Pklkvqdii+`}` ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-04-30 21:02 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{56d3df43-34d8-483c-8ecd-a6fe3ba4b11b}] @Denied: (Full) (Everyone) "Model"=dword:00000092 "Therad"=dword:00000001 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d, df,1c,2f,3b,8a,0a,32,11,89,01,b5,d4,ad,be,af,c7,ac,81,43,42,df,67,86,56,7b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):83,d9,4b,20,00,7f,47,58,72,2d,f3,33,1d,a0,51,29,70,e9,92,38,0d, 30,3a,9a,94,b8,fb,b9,07,7e,24,a1,6a,ff,62,20,7d,1a,49,19,00,00,00,00,00,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(676) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2012) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2010-04-30 21:06:42 - machine was rebooted ComboFix-quarantined-files.txt 2010-04-30 19:06 ComboFix2.txt 2009-12-06 15:48 ComboFix3.txt 2009-12-05 18:01 Pre-Run: 2,936,815,616 bytes free Post-Run: 2,914,320,384 bytes free - - End Of File - - 9EF562ECB3BFCEA349C922EEEC7D961A mycity.rs/must-login.png

Profil

dr_Bora Poslao: 30 Apr 2010 22:23 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\pohyb.exe c:\documents and settings\test\Application Data\mnryv.exe c:\windows\system32\jaroul.exe c:\documents and settings\test\Application Data\wyzlo.exe c:\documents and settings\Administrator.TESTERI-26A99C5\Application Data\jlwcbb.exe c:\docume~1\test\LOCALS~1\Temp\szhrvblcohgudq.sys c:\docume~1\test\LOCALS~1\Temp\bmqnxxnwp.sys c:\docume~1\test\LOCALS~1\Temp\djwtcffh.sys Driver:: cgbdepndapsmr pbuogrvtgdx wmwcmokfmfui ye7j8iyuuyayhus Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "syguse"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\syguse] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

maki170582 Poslao: 01 Maj 2010 17:17 Idi na vrh
offline maki170582 Građanin Pridružio: 11 Avg 2008 Poruke: 65 Gde živiš: Vancouver	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovo je novi log file posle brisanja fajlova.... ComboFix 10-04-30.03 - test 05/01/2010 17:06:21.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.250 [GMT 2:00] Running from: c:\documents and settings\test\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\test\Desktop\CFScript.txt AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FILE :: "c:\docume~1\test\LOCALS~1\Temp\bmqnxxnwp.sys" "c:\docume~1\test\LOCALS~1\Temp\djwtcffh.sys" "c:\docume~1\test\LOCALS~1\Temp\szhrvblcohgudq.sys" "c:\documents and settings\Administrator.TESTERI-26A99C5\Application Data\jlwcbb.exe" "c:\documents and settings\test\Application Data\mnryv.exe" "c:\documents and settings\test\Application Data\wyzlo.exe" "c:\windows\system32\jaroul.exe" "c:\windows\system32\pohyb.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator.TESTERI-26A99C5\Application Data\jlwcbb.exe c:\documents and settings\LocalService\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\test\Application Data\mnryv.exe c:\documents and settings\test\Application Data\wyzlo.exe c:\program files\WindowsUpdate c:\windows\system32\jaroul.exe c:\windows\system32\pohyb.exe c:\windows\system32\drivers\cdrom.sys . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_CGBDEPNDAPSMR -------\Legacy_WMWCMOKFMFUI -------\Legacy_YE7J8IYUUYAYHUS -------\Service_cgbdepndapsmr -------\Service_pbuogrvtgdx -------\Service_wmwcmokfmfui -------\Service_ye7j8iyuuyayhus ((((((((((((((((((((((((( Files Created from 2010-04-01 to 2010-05-01 ))))))))))))))))))))))))))))))) . 2010-04-30 18:59 . 2004-08-03 22:56 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2010-04-30 18:59 . 2004-08-03 22:56 39424 ----a-w- c:\windows\system32\grpconv.exe 2010-04-30 18:25 . 2010-04-30 18:25 -------- d-----w- c:\documents and settings\test\Local Settings\Application Data\ESET 2010-04-30 17:45 . 2010-04-30 17:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET 2010-04-29 08:25 . 2010-04-29 08:25 -------- d-----w- c:\documents and settings\Administrator.TESTERI-26A99C5\Local Settings\Application Data\Opera 2010-04-27 20:12 . 2010-04-27 20:12 -------- d-----w- c:\documents and settings\Administrator.TESTERI-26A99C5\Application Data\DivX 2010-04-19 12:59 . 2010-04-19 12:59 255472 ----a-w- c:\documents and settings\test\Application Data\Mozilla\plugins\npgoogletalk.dll 2010-04-18 11:10 . 2010-04-18 11:10 -------- d-----w- C:\NOD_upd 2010-04-18 11:09 . 2010-04-18 11:09 -------- d-----w- c:\program files\ESET 2010-04-18 11:09 . 2010-04-18 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-01 14:58 . 2004-08-03 20:59 84800 ----a-w- c:\windows\system32\drivers\cdrom.sys 2010-04-27 20:40 . 2004-08-03 22:56 1032192 ----a-w- c:\windows\explorer.exe 2010-04-27 20:40 . 2009-03-29 20:26 -------- d-----w- c:\documents and settings\test\Application Data\uTorrent 2010-04-27 20:15 . 2009-03-29 18:20 -------- d-----w- c:\program files\Unlocker 2010-04-25 18:40 . 2009-03-29 16:36 -------- d-----w- c:\documents and settings\test\Application Data\Skype 2010-04-25 15:15 . 2009-03-29 16:38 -------- d-----w- c:\documents and settings\test\Application Data\skypePM 2010-04-18 15:20 . 2009-03-30 15:24 10 ----a-w- c:\windows\popcinfo.dat 2010-03-03 13:05 . 2009-07-20 09:45 -------- d-----w- c:\documents and settings\test\Application Data\Any DVD Converter Professional 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-03-02 12:59 . 2010-03-02 12:59 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll 2010-03-02 12:59 . 2010-03-02 12:59 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-03-02 12:59 . 2010-03-02 12:59 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll 2010-03-02 12:58 . 2009-05-10 00:07 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-03-02 12:58 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll . ((((((((((((((((((((((((((((( SnapShot_2010-04-30_19.02.48 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-01 15:12 . 2010-05-01 15:12 16384 c:\windows\Temp\Perflib_Perfdata_398.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2007-04-03 22:29 165784 ----a-w- c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-11-07 19:31 135664 ----atw- c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-03-02 12:58 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] 2008-05-02 04:15 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2009-12-16 21:02 289584 ----a-w- c:\program files\uTorrent\uTorrent.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Documents and Settings\\test\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\test\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Opera\\opera.exe"= "$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9/11/2009 7:23 AM 108792] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9/11/2009 7:26 AM 96408] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9/11/2009 7:24 AM 735960] S2 gupdate1c9dee19208e8a;Google Update Service (gupdate1c9dee19208e8a);c:\program files\Google\Update\GoogleUpdate.exe [5/27/2009 5:37 PM 133104] S3 FXDRV;FXDRV;\??\g:\fxdrv.sys --> g:\Fxdrv.sys [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/29/2009 11:32 PM 682232] . Contents of the 'Scheduled Tasks' folder 2010-03-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 15:37] 2010-04-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-27 15:37] 2010-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1801674531-1003Core.job - c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 19:31] 2010-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1229272821-1801674531-1003UA.job - c:\documents and settings\test\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-14 19:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MI699F~1\Office10\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-05-01 17:13 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{56d3df43-34d8-483c-8ecd-a6fe3ba4b11b}] @Denied: (Full) (Everyone) "Model"=dword:00000092 "Therad"=dword:00000001 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d, df,1c,2f,3b,8a,0a,32,11,89,01,b5,d4,ad,be,af,c7,ac,81,43,42,df,67,86,56,7b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):83,d9,4b,20,00,7f,47,58,72,2d,f3,33,1d,a0,51,29,70,e9,92,38,0d, 30,3a,9a,94,b8,fb,b9,07,7e,24,a1,6a,ff,62,20,7d,1a,49,19,00,00,00,00,00,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(676) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2940) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2010-05-01 17:17:08 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-01 15:17 ComboFix2.txt 2010-04-30 19:06 ComboFix3.txt 2009-12-06 15:48 ComboFix4.txt 2009-12-05 18:01 Pre-Run: 2,912,374,784 bytes free Post-Run: 2,879,475,712 bytes free - - End Of File - - 5AB038451763BB25A3DE845336D9C8B7

Profil

dr_Bora Poslao: 01 Maj 2010 20:49 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imaš li Windows Setup CD (ili neki drugi boot CD) i znaš li startovati računar sa njega?

Profil

maki170582 Poslao: 02 Maj 2010 15:06 Idi na vrh
offline maki170582 Građanin Pridružio: 11 Avg 2008 Poruke: 65 Gde živiš: Vancouver	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nacicu ga negde... Koliko znam treba podesiti da je cd rom prvi boot sektor, jeli tako? jer bi onda trebao da digne windows sa cd a ne sa hard disk-a..? A sta bi trebao da radim dalje, posto mi nod prijavljuje jos neke viruse koje nemoze izbrisati i to su svi u c:windows\system32\ folderu???

Profil

dr_Bora Poslao: 02 Maj 2010 15:48 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	1Ovo se svidja korisniku: maki170582 Registruj se da bi pohvalio/la poruku! Kad pribaviš CD, javi i usput postavi svež ComboFix log. Takođe, napiši i šta to NOD detektuje (kompletne putanje do file-ova).

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pomoc hitno potrebna!

Ko je trenutno na forumu

Ukupno su 755 korisnika na forumu :: 39 registrovanih, 6 sakrivenih i 710 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., antonije64, cavatina, ccoogg123, celik, CikaKURE, comi_pfc, crnitrn, debeli, deLacy, Dimitrise93, DonRumataEstorski, Dorcolac, DPera, Karla, Krusarac, Krvava Devetka, Kubovac, kybonacci, ljuba, madza, Marko Marković, mercedesamg, Mi lao shu, mikrimaus, mnn2, ruger357, saputnik plavetnila, Smiljke, Srle993, StepskiVuk, TheBeastOfMG, uruk, vathra, VJ, vlajkox, wolf431, YugoSlav, Zoca

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by