MyCity » Ambulanta -> Arhiva Ambulante » conficker virus2

conficker virus2

Napisano na dan: 5.9.2009

conficker virus2

Sledeća strana

Pagination

Odgovori

ndragan Poslao: 05 Sep 2009 10:51 Idi na vrh
offline ndragan Novi MyCity građanin Pridružio: 04 Sep 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: imam conficker virus-AA,AB,AE,AL dobila sam ga preko usb-a.fajlovi su smjesteni u karantinali ne znam smijem li ih obrisati iz karantina i da lli smetaju ako tamo ostanu.imam 32-bitni windows,wireless adsl konekciju-100 mbps,a antivirus nod32. ukljucen mi je system restore monitoring, skinula sam MS08-67 zakrpu,skenirala sam ga i ne pokazuje mi da je prisutan i dalje, a problem se ispoljavao tako sto je prekidao internet konekciju i morala sam ga restartovati,ali i to je prestalo prije 2 dana kad sam primjetila da je to u stvari bio problem s virusom a ne sa konekcijom.evo kako je pocelo: 3.9.2009 9:57:45 IMON file http://79.126.194.224:9552/ydmjr a variant of Win32/Conficker.AE worm NT AUTHORITY\SYSTEM 2.9.2009 18:46:22 AMON file C:\WINDOWS\system32\elxan.dll Win32/Conficker.AA worm quarantined - deleted - error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. 2.9.2009 18:46:21 IMON file http://217.23.206.78:7172/sxvyl Win32/Conficker.AA worm Connection terminated NT AUTHORITY\SYSTEM 1.9.2009 15:30:51 AMON file C:\WINDOWS\system32\elxan.dll Win32/Conficker.AA worm quarantined - deleted - error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. 1.9.2009 15:30:50 IMON file http://217.23.206.170:7585/xkpn Win32/Conficker.AA worm Connection terminated NT AUTHORITY\SYSTEM 31.8.2009 10:10:38 IMON file http://80.242.127.31:8727/krweito a variant of Win32/Conficker.AE worm NT AUTHORITY\SYSTEM 30.8.2009 19:55:35 AMON file C:\WINDOWS\system32\elxan.dll Win32/Conficker.AL worm quarantined - deleted - error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. 30.8.2009 19:55:33 IMON file http://217.23.200.233:2273/vutk Win32/Conficker.AL worm Connection terminated NT AUTHORITY\SYSTEM 29.8.2009 19:01:02 AMON file C:\WINDOWS\system32\elxan.dll a variant of Win32/Conficker.Gen worm quarantined - deleted - error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. 29.8.2009 19:01:02 IMON file http://80.242.127.138:7094/yrxukh a variant of Win32/Conficker.X worm NT AUTHORITY\SYSTEM 28.8.2009 9:35:09 AMON file C:\WINDOWS\system32\elxan.dll a variant of Win32/Conficker.Gen worm quarantined - deleted - error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. 28.8.2009 9:35:08 IMON file http://80.242.127.159:4761/pbfv a variant of Win32/Conficker.X worm NT AUTHORITY\SYSTEM 27.8.2009 12:00:26 AMON file C:\WINDOWS\system32\elxan.dll a variant of Win32/Conficker.Gen worm quarantined - deleted - error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. 27.8.2009 12:00:25 IMON file http://80.242.127.204:7179/iebtu a variant of Win32/Conficker.X worm NT AUTHORITY\SYSTEM 26.8.2009 14:52:53 AMON file C:\WINDOWS\system32\elxan.dll Win32/Conficker.AB worm quarantined - deleted - error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. 26.8.2009 14:52:52 IMON file http://80.242.127.102:3477/bjtnwjg Win32/Conficker.AB worm Connection terminated NT AUTHORITY\SYSTEM 24.8.2009 19:50:06 AMON file C:\WINDOWS\system32\elxan.dll Win32/Conficker.AB worm quarantined - deleted - error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. 24.8.2009 19:50:06 IMON file http://80.242.127.102:3477/qmgt Win32/Conficker.AB worm Connection terminated NT AUTHORITY\SYSTEM 23.8.2009 19:39:18 AMON file C:\WINDOWS\system32\elxan.dll a variant of Win32/Conficker.Gen worm quarantined - deleted - error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. 23.8.2009 19:39:17 IMON file http://217.23.203.206:3214/ejou a variant of Win32/Conficker.X worm NT AUTHORITY\SYSTEM 22.8.2009 15:13:08 AMON file C:\WINDOWS\system32\elxan.dll a variant of Win32/Conficker.Gen worm quarantined - deleted - error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. 22.8.2009 15:13:07 IMON file http://217.23.203.206:3214/mrvdkt a variant of Win32/Conficker.X worm NT AUTHORITY\SYSTEM 20.8.2009 21:02:54 AMON file C:\WINDOWS\system32\elxan.dll Win32/Conficker.AA worm quarantined - deleted - error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. 20.8.2009 21:02:53 IMON file http://217.23.206.78:7172/rluzihtk Win32/Conficker.AA worm Connection terminated NT AUTHORITY\SYSTEM 14.8.2009 20:41:17 AMON file I:\Autorun.inf Win32/AutoRun.Agent.EF worm error while cleaning - operation unavailable for this type of object NT AUTHORITY\SYSTEM Event occurred at an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe. DDS (Ver_09-07-30.01) - NTFSx86 Run by Ljubisa at 9:47:10,62 on pet 04.09.2009 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.61 [GMT 2:00] AV: ESET NOD32 antivirus system 2.70 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Ljubisa\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Ljubisa\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = [Link mogu videti samo ulogovani korisnici] uSearchMigratedDefaultURL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&src={referrer:source?} mSearchAssistant = [Link mogu videti samo ulogovani korisnici] uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uURLSearchHooks: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll BHO: QUICKfind BHO Object: {c08df07a-3e49-4e25-9ab0-d3882835f153} - c:\progra~1\textware\quickf~1\plugins\IEHelp.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll TB: MyPlayCity Toolbar: {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - c:\program files\myplaycity\tbMyP1.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\axcmd.exe" /automount uRun: [Google Update] "c:\documents and settings\ljubisa\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [CTSysVol] c:\program files\creative\sb live! 24-bit\surround mixer\CTSysVol.exe /r mRun: [UpdReg] c:\windows\UpdReg.EXE mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe" mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe" mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [OrderReminder] c:\program files\hewlett-packard\orderreminder\OrderReminder.exe mRun: [services] c:\windows\services.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [D-Link AirPlus G] c:\program files\d-link\airplus g\AirGCFG.exe mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\ljubisa\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL LSP: imon.dll DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - [Link mogu videti samo ulogovani korisnici] DPF: {17492023-C23A-453E-A040-C7C580BBF700} - [Link mogu videti samo ulogovani korisnici] DPF: {233C1507-6A77-46A4-9443-F871F945D258} - [Link mogu videti samo ulogovani korisnici] DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - [Link mogu videti samo ulogovani korisnici] DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - [Link mogu videti samo ulogovani korisnici] DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [Link mogu videti samo ulogovani korisnici] DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - [Link mogu videti samo ulogovani korisnici] DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici] DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} - [Link mogu videti samo ulogovani korisnici] DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici] DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - [Link mogu videti samo ulogovani korisnici] TCP: {2738C1A1-6000-4AB0-921B-E67DAC3D8C90} = 217.23.192.9 217.23.192.14 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL Handler: textwareilluminatorbase - {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - c:\windows\system32\textwareilluminatorbaseProtocol.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL ============= SERVICES / DRIVERS =============== R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-10-24 15424] R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2008-10-24 552064] S2 gwrlaa;Security Universal;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 hyxcmg;Windows Driver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 inevg;Windows Support;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 kernwgg;Driver Update;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 lasivn;Helper Config;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 lbfjtqyof;Installer System;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 nkxzfuv;Monitor Task;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 ottobngzk;Driver Microsoft;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 qxuyxileq;Center Image;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 sxmzgasl;Center Server;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 tqqiukr;Support Installer;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 ubyvdq;Security Driver;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S2 zatag;Monitor Support;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336] S3 Fltstcaindei;Fltstcaindei; [x] S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [2008-12-3 83496] S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [2008-12-3 15016] S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [2008-12-3 109992] S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [2008-12-3 103976] S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [2008-12-3 100008] =============== Created Last 30 ================ 2009-09-03 17:03 268,648 a------- c:\windows\system32\mucltui.dll 2009-09-03 17:03 27,496 a------- c:\windows\system32\mucltui.dll.mui 2009-09-03 17:01 <DIR> --d----- c:\windows\system32\PreInstall 2009-09-03 16:55 23,576 a------- c:\windows\system32\wuapi.dll.mui 2009-09-01 17:57 <DIR> --d----- C:\Warrior Gamez 2009-08-30 19:19 <DIR> --d----- c:\program files\Pet Racer 2009-08-26 18:02 <DIR> --d----- c:\docume~1\ljubisa\applic~1\Uniblue 2009-08-20 15:33 <DIR> --d----- c:\program files\common files\Symantec Shared 2009-08-20 15:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec 2009-08-20 15:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton 2009-08-20 15:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller 2009-08-20 14:56 <DIR> --d----- c:\windows\system32\Adobe 2009-08-18 17:13 1,962 a------- c:\windows\ST5UNST.009 ==================== Find3M ==================== 2009-08-23 19:41 717 a------- c:\program files\Yurecnik.ini 2009-08-14 16:39 3,688 a------- c:\windows\system32\d3d9caps.dat 2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll 2009-07-05 18:34 43,920 a------- c:\windows\AVI32HLM.DLL 2008-10-27 14:32 40 a------- c:\documents and settings\ljubisa\language.dat 2007-05-31 12:30 28,702 a------- c:\program files\Uninstal.exe 2007-05-31 12:30 1,998 a------- c:\program files\uninstal.log 1999-08-02 11:47 387,072 a------- c:\program files\YuRecnik.exe 1999-08-02 11:40 219,648 a------- c:\program files\MiniYuRecnik.exe 1999-08-02 11:35 9,559 a------- c:\program files\YURECNIK.HLP 1999-08-02 11:35 57 a------- c:\program files\Yurecnik.CNT 1999-07-29 11:43 2,447,472 a------- c:\program files\Reci.dat 1996-09-06 14:08 30,070 a------- c:\program files\Fb_deflt.dic 1996-02-23 17:26 469,504 a------- c:\program files\Fb_11k8.dll 1996-02-23 16:59 34,816 a------- c:\program files\Fb_spch.dll 1996-02-23 16:48 4,608 a------- c:\program files\Fb_timer.dll 1996-02-23 16:46 29,184 a------- c:\program files\Fb_ngn.exe 1996-02-23 16:21 16,896 a------- c:\program files\Uraspec.exe 1996-02-23 16:17 18,432 a------- c:\program files\Dictmgr.exe 1993-11-29 10:32 16,896 a------- c:\program files\Monologw.exe 2007-05-31 21:24 56 ---shr-- c:\windows\system32\A0DF0BA6BD.sys 2008-12-08 14:22 3,350 a--sh--- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 9:47:26,90 =============== [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] ne znam jesam li odradila sve kako treba. molim vas javite mi. pozdrav

Profil

helen1 Poslao: 05 Sep 2009 12:29 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8630 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

ndragan Poslao: 12 Sep 2009 09:37 Idi na vrh
offline ndragan Novi MyCity građanin Pridružio: 04 Sep 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-09-11.01 - Ljubisa 12.09.2009 9:13.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.234 [GMT 2:00] Running from: c:\documents and settings\Ljubisa\Desktop\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\RelevantKnowledge c:\program files\RelevantKnowledge\rlservice.exe c:\windows\AVI32HLM.DLL c:\windows\Installer\10929.msi c:\windows\MSWHLP16.DLL c:\windows\system32\Data . ((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 ))))))))))))))))))))))))))))))) . 2009-09-06 10:30 . 2009-09-06 10:30 -------- d-----w- c:\program files\Opera 2009-09-03 15:03 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-09-03 12:15 . 2009-09-03 12:38 -------- d-----w- c:\program files\Windows Live Safety Center 2009-09-01 15:57 . 2009-09-01 15:57 -------- d-----w- C:\Warrior Gamez 2009-08-30 17:19 . 2009-08-30 17:20 -------- d-----w- c:\program files\Pet Racer 2009-08-26 16:02 . 2009-08-26 16:02 -------- d-----w- c:\documents and settings\Ljubisa\Application Data\Uniblue 2009-08-20 13:33 . 2009-08-20 14:30 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-20 13:21 . 2009-08-20 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-08-20 13:21 . 2009-08-20 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-08-20 13:21 . 2009-08-20 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-08-20 12:56 . 2009-08-20 12:58 -------- d-----w- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-12 07:11 . 2007-05-30 11:43 8912896 ---ha-w- c:\documents and settings\Ljubisa\NTUSER.DAT 2009-09-08 08:51 . 2009-02-28 10:23 -------- d-----w- c:\program files\TurtleBay 2009-09-01 17:51 . 2009-02-28 10:07 39 ----a-w- c:\windows\popcinfo.dat 2009-08-31 09:22 . 2007-05-30 11:44 77416 ----a-w- c:\documents and settings\Ljubisa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-26 16:09 . 2008-12-30 09:20 -------- d-----w- c:\program files\Disney Interactive 2009-08-26 07:50 . 2007-05-31 10:04 -------- d-----w- c:\program files\Java 2009-08-23 17:41 . 2008-11-30 18:20 717 ----a-w- c:\program files\Yurecnik.ini 2009-08-14 14:39 . 2009-07-29 19:16 3688 ----a-w- c:\windows\system32\d3d9caps.dat 2009-07-29 19:26 . 2009-07-29 19:26 -------- d-----w- c:\documents and settings\Ljubisa\Application Data\Thinstall 2009-07-25 03:23 . 2009-01-22 17:35 411368 ----a-w- c:\windows\system32\deploytk.dll 2007-05-31 10:30 . 2007-05-31 10:30 1998 ----a-w- c:\program files\uninstal.log 2007-05-31 10:30 . 1999-01-25 04:27 28702 ----a-w- c:\program files\Uninstal.exe 1999-08-02 09:47 . 1999-08-02 09:47 387072 ----a-w- c:\program files\YuRecnik.exe 1999-08-02 09:40 . 1999-08-02 09:40 219648 ----a-w- c:\program files\MiniYuRecnik.exe 1999-08-02 09:35 . 1999-08-02 09:35 9559 ----a-w- c:\program files\YURECNIK.HLP 1999-08-02 09:35 . 1999-08-02 09:35 57 ----a-w- c:\program files\Yurecnik.CNT 1999-07-29 09:43 . 1999-07-29 09:43 2447472 ----a-w- c:\program files\Reci.dat 1996-09-06 12:08 . 1996-09-06 12:08 30070 ----a-w- c:\program files\Fb_deflt.dic 1996-02-23 15:26 . 1996-02-23 15:26 469504 ----a-w- c:\program files\Fb_11k8.dll 1996-02-23 14:59 . 1996-02-23 14:59 34816 ----a-w- c:\program files\Fb_spch.dll 1996-02-23 14:48 . 1996-02-23 14:48 4608 ----a-w- c:\program files\Fb_timer.dll 1996-02-23 14:46 . 1996-02-23 14:46 29184 ----a-w- c:\program files\Fb_ngn.exe 1996-02-23 14:21 . 1996-02-23 14:21 16896 ----a-w- c:\program files\Uraspec.exe 1996-02-23 14:17 . 1996-02-23 14:17 18432 ----a-w- c:\program files\Dictmgr.exe 1993-11-29 08:32 . 1993-11-29 08:32 16896 ----a-w- c:\program files\Monologw.exe 2007-05-31 19:24 . 2007-05-31 13:56 56 --sh--r- c:\windows\system32\A0DF0BA6BD.sys 2008-12-08 12:22 . 2007-05-31 13:09 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-06-01 2094616] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] 2009-06-01 12:00 2094616 ----a-w- c:\program files\MyPlayCity\tbMyP1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-06-01 2094616] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-06-01 2094616] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544] "Google Update"="c:\documents and settings\Ljubisa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-07 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-10-24 949376] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-30 98304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] c:\documents and settings\Ljubisa\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Ljubisa^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\Ljubisa\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Graphisoft\\ArchiCAD 10\\ArchiCAD.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"= "c:\\Program Files\\Google\\Google Earth\\googleearth.exe"= "c:\\Program Files\\MSN Gaming Zone\\Windows\\hrtzzm.exe"= "c:\\Program Files\\Eset\\nod32.exe"= "c:\\Program Files\\Eset\\nod32kui.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\Ljubisa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Ljubisa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [24.10.2008 15:06 15424] S2 gwrlaa;Security Universal;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336] S2 hyxcmg;Windows Driver;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336] S2 inevg;Windows Support;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336] S2 kernwgg;Driver Update;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336] S2 lasivn;Helper Config;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336] S2 lbfjtqyof;Installer System;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336] S2 nkxzfuv;Monitor Task;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336] S2 ottobngzk;Driver Microsoft;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336] S2 qxuyxileq;Center Image;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336] S2 sxmzgasl;Center Server;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336] S2 tqqiukr;Support Installer;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336] S2 ubyvdq;Security Driver;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336] S2 zatag;Monitor Support;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 0:56 14336] S3 Fltstcaindei;Fltstcaindei; [x] S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [3.12.2008 21:23 83496] S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [3.12.2008 21:23 15016] S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [3.12.2008 21:23 109992] S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [3.12.2008 21:23 103976] S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [3.12.2008 21:23 100008] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs kernwgg tqqiukr sxmzgasl lasivn ottobngzk gwrlaa zatag inevg hyxcmg ubyvdq nkxzfuv lbfjtqyof qxuyxileq [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2009-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2049760794-725345543-1003Core.job - c:\documents and settings\Ljubisa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-07 16:28] 2009-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2049760794-725345543-1003UA.job - c:\documents and settings\Ljubisa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-07 16:28] 2009-09-12 c:\windows\Tasks\User_Feed_Synchronization-{A2809D2A-5C6D-420C-AF86-9869A4E65638}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uSearchMigratedDefaultURL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&src={referrer:source?} IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: imon.dll TCP: {2738C1A1-6000-4AB0-921B-E67DAC3D8C90} = 217.23.192.9 217.23.192.14 . - - - - ORPHANS REMOVED - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-09-12 09:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... c:\windows\system32\zshp1018.exe [2496] 0x82067DA0 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(756) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(812) c:\windows\system32\imon.dll . Completion time: 2009-09-12 9:31 ComboFix-quarantined-files.txt 2009-09-12 07:31 Pre-Run: 13.790.142.464 bytes free Post-Run: 15.862.546.432 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 234

Profil

helen1 Poslao: 12 Sep 2009 19:08 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8630 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: kernwgg tqqiukr sxmzgasl lasivn ottobngzk gwrlaa zatag inevg hyxcmg ubyvdq nkxzfuv lbfjtqyof qxuyxileq Fltstcaindei NetSvc:: kernwgg tqqiukr sxmzgasl lasivn ottobngzk gwrlaa zatag inevg hyxcmg ubyvdq nkxzfuv lbfjtqyof qxuyxileq` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

ndragan Poslao: 13 Sep 2009 16:16 Idi na vrh
offline ndragan Novi MyCity građanin Pridružio: 04 Sep 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-09-12.A0 - Ljubisa 13.09.2009 15:40.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.209 [GMT 2:00] Running from: c:\documents and settings\Ljubisa\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Ljubisa\Desktop\CFScript.txt AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_GWRLAA -------\Legacy_HYXCMG -------\Legacy_INEVG -------\Legacy_KERNWGG -------\Legacy_LASIVN -------\Legacy_LBFJTQYOF -------\Legacy_NKXZFUV -------\Legacy_OTTOBNGZK -------\Legacy_QXUYXILEQ -------\Legacy_SXMZGASL -------\Legacy_TQQIUKR -------\Legacy_UBYVDQ -------\Legacy_ZATAG -------\Service_Fltstcaindei -------\Service_gwrlaa -------\Service_hyxcmg -------\Service_inevg -------\Service_kernwgg -------\Service_lasivn -------\Service_lbfjtqyof -------\Service_nkxzfuv -------\Service_ottobngzk -------\Service_qxuyxileq -------\Service_sxmzgasl -------\Service_tqqiukr -------\Service_ubyvdq -------\Service_zatag ((((((((((((((((((((((((( Files Created from 2009-08-13 to 2009-09-13 ))))))))))))))))))))))))))))))) . 2009-09-06 10:30 . 2009-09-06 10:30 -------- d-----w- c:\program files\Opera 2009-09-03 15:03 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-09-03 12:15 . 2009-09-03 12:38 -------- d-----w- c:\program files\Windows Live Safety Center 2009-09-01 15:57 . 2009-09-01 15:57 -------- d-----w- C:\Warrior Gamez 2009-08-30 17:19 . 2009-08-30 17:20 -------- d-----w- c:\program files\Pet Racer 2009-08-26 16:02 . 2009-08-26 16:02 -------- d-----w- c:\documents and settings\Ljubisa\Application Data\Uniblue 2009-08-20 13:33 . 2009-08-20 14:30 -------- d-----w- c:\program files\Common Files\Symantec Shared 2009-08-20 13:21 . 2009-08-20 14:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton 2009-08-20 13:21 . 2009-08-20 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec 2009-08-20 13:21 . 2009-08-20 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-08-20 12:56 . 2009-08-20 12:58 -------- d-----w- c:\windows\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-13 14:01 . 2007-05-30 11:43 8912896 ---ha-w- c:\documents and settings\Ljubisa\NTUSER.DAT 2009-09-08 08:51 . 2009-02-28 10:23 -------- d-----w- c:\program files\TurtleBay 2009-09-01 17:51 . 2009-02-28 10:07 39 ----a-w- c:\windows\popcinfo.dat 2009-08-31 09:22 . 2007-05-30 11:44 77416 ----a-w- c:\documents and settings\Ljubisa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-26 16:09 . 2008-12-30 09:20 -------- d-----w- c:\program files\Disney Interactive 2009-08-26 07:50 . 2007-05-31 10:04 -------- d-----w- c:\program files\Java 2009-08-23 17:41 . 2008-11-30 18:20 717 ----a-w- c:\program files\Yurecnik.ini 2009-08-14 14:39 . 2009-07-29 19:16 3688 ----a-w- c:\windows\system32\d3d9caps.dat 2009-07-29 19:26 . 2009-07-29 19:26 -------- d-----w- c:\documents and settings\Ljubisa\Application Data\Thinstall 2009-07-25 03:23 . 2009-01-22 17:35 411368 ----a-w- c:\windows\system32\deploytk.dll 2007-05-31 10:30 . 2007-05-31 10:30 1998 ----a-w- c:\program files\uninstal.log 2007-05-31 10:30 . 1999-01-25 04:27 28702 ----a-w- c:\program files\Uninstal.exe 1999-08-02 09:47 . 1999-08-02 09:47 387072 ----a-w- c:\program files\YuRecnik.exe 1999-08-02 09:40 . 1999-08-02 09:40 219648 ----a-w- c:\program files\MiniYuRecnik.exe 1999-08-02 09:35 . 1999-08-02 09:35 9559 ----a-w- c:\program files\YURECNIK.HLP 1999-08-02 09:35 . 1999-08-02 09:35 57 ----a-w- c:\program files\Yurecnik.CNT 1999-07-29 09:43 . 1999-07-29 09:43 2447472 ----a-w- c:\program files\Reci.dat 1996-09-06 12:08 . 1996-09-06 12:08 30070 ----a-w- c:\program files\Fb_deflt.dic 1996-02-23 15:26 . 1996-02-23 15:26 469504 ----a-w- c:\program files\Fb_11k8.dll 1996-02-23 14:59 . 1996-02-23 14:59 34816 ----a-w- c:\program files\Fb_spch.dll 1996-02-23 14:48 . 1996-02-23 14:48 4608 ----a-w- c:\program files\Fb_timer.dll 1996-02-23 14:46 . 1996-02-23 14:46 29184 ----a-w- c:\program files\Fb_ngn.exe 1996-02-23 14:21 . 1996-02-23 14:21 16896 ----a-w- c:\program files\Uraspec.exe 1996-02-23 14:17 . 1996-02-23 14:17 18432 ----a-w- c:\program files\Dictmgr.exe 1993-11-29 08:32 . 1993-11-29 08:32 16896 ----a-w- c:\program files\Monologw.exe 2007-05-31 19:24 . 2007-05-31 13:56 56 --sh--r- c:\windows\system32\A0DF0BA6BD.sys 2008-12-08 12:22 . 2007-05-31 13:09 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2009-09-13 14:01 . 2009-09-13 14:01 16384 c:\windows\temp\Perflib_Perfdata_474.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-06-01 2094616] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] 2009-06-01 12:00 2094616 ----a-w- c:\program files\MyPlayCity\tbMyP1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-06-01 2094616] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-06-01 2094616] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 220544] "Google Update"="c:\documents and settings\Ljubisa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-07 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="c:\program files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-10-24 949376] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-07-30 98304] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "D-Link AirPlus G"="c:\program files\D-Link\AirPlus G\AirGCFG.exe" [2005-07-22 1519616] "ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-12-16 49152] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-10-19 286720] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] c:\documents and settings\Ljubisa\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Ljubisa^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=c:\documents and settings\Ljubisa\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=c:\windows\pss\Adobe Gamma.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Graphisoft\\ArchiCAD 10\\ArchiCAD.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\MSN\\MSNCoreFiles\\Install\\msnsusii.exe"= "c:\\Program Files\\Google\\Google Earth\\googleearth.exe"= "c:\\Program Files\\MSN Gaming Zone\\Windows\\hrtzzm.exe"= "c:\\Program Files\\Eset\\nod32.exe"= "c:\\Program Files\\Eset\\nod32kui.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Documents and Settings\\Ljubisa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Ljubisa\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [24.10.2008 15:06 15424] S3 s916bus;Sony Ericsson Device 916 driver (WDM);c:\windows\system32\drivers\s916bus.sys [3.12.2008 21:23 83496] S3 s916mdfl;Sony Ericsson Device 916 USB WMC Modem Filter;c:\windows\system32\drivers\s916mdfl.sys [3.12.2008 21:23 15016] S3 s916mdm;Sony Ericsson Device 916 USB WMC Modem Driver;c:\windows\system32\drivers\s916mdm.sys [3.12.2008 21:23 109992] S3 s916mgmt;Sony Ericsson Device 916 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s916mgmt.sys [3.12.2008 21:23 103976] S3 s916obex;Sony Ericsson Device 916 USB WMC OBEX Interface;c:\windows\system32\drivers\s916obex.sys [3.12.2008 21:23 100008] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 13:57] 2009-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2049760794-725345543-1003Core.job - c:\documents and settings\Ljubisa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-07 16:28] 2009-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-2049760794-725345543-1003UA.job - c:\documents and settings\Ljubisa\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-07 16:28] 2009-09-13 c:\windows\Tasks\User_Feed_Synchronization-{A2809D2A-5C6D-420C-AF86-9869A4E65638}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 02:31] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uSearchMigratedDefaultURL = [Link mogu videti samo ulogovani korisnici]{searchTerms}&src={referrer:source?} IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: imon.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-09-13 16:01 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(760) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(816) c:\windows\system32\imon.dll - - - - - - - > 'explorer.exe'(2376) c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\drivers\CDAC11BA.EXE c:\windows\system32\CTSVCCDA.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Eset\nod32krn.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\MsPMSPSv.exe c:\program files\Windows Live\Contacts\wlcomm.exe . ************************************************************************ . Completion time: 2009-09-13 16:05 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-13 14:05 ComboFix2.txt 2009-09-12 07:31 Pre-Run: 15.830.249.472 bytes free Post-Run: 15.719.546.880 bytes free 245

Profil

helen1 Poslao: 13 Sep 2009 18:39 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8630 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ima li sad nekih problema?

Profil

ndragan Poslao: 14 Sep 2009 11:45 Idi na vrh
offline ndragan Novi MyCity građanin Pridružio: 04 Sep 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! nisam za sada nista primjetila.vjerovatno je u redu. hvala jos jednom.pozdrav

Profil

helen1 Poslao: 14 Sep 2009 12:14 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8630 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Onda jos ovo: Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: combofix /u Primeti da postoji razmak između "ComboFix" i "/u". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » conficker virus2

Ko je trenutno na forumu

Ukupno su 1369 korisnika na forumu :: 133 registrovanih, 13 sakrivenih i 1223 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, Abebe Bikila, Ahilius, ALEXV, AndrejPetar, Andrija357, aramis s, Bahuss, Beardonitch, Belac91, Ben Roj, bestguarder, Betta, Bobrock1, bojan_t, bojcistv, bokicacar, BOXRR, bozo13, ceman, cifra, Comyymoc, Czrweni, d.arsenal321, DejanSt, Deki Duga Devetka, Demi87, despodovski.s, Despot Đurađ, Dioniss, djboj, djonsule, Djota1, Djuza, Dorcolac, Draganeli, draganl, DrMrPr, drugpredratni, Duschi, gajca1977, Geodezist58, Giskard, GrobarPovratak, halkin gol, hnjo, Igritelj, Isnogood, JK, jodzula, Jomini, Kanader, Kaponi, Karla, Kichma, kljift, Kriglord, Kubovac, kybonacci, lafa008, larix, lelan, Lucije Kvint, lukac, m94j, MadMike, MajorPaton, mean_machine, mercedesamg, Metanoja, milenko crazy north, Milos1389, mist-mist, mkukoleca, MrG, N.e.m.a.nj.a., nebkv, nelezele, nenad81, Nepopravljivi, Neutral-M, niksa517, nixos, opt1, ozzy, panonski mornar, Pavel Medved, pceklic, pein, Pekman, Pewac21, Pilence, ping15, PlayerOne, Prometeus, raptorsi, RJ, sales, samojednoimeznam, sap, sasa76, savaskytec, Seeker, sekretar, shota91, Sir Budimir, Siti2, st4nk3la, stefan95, stegonosa, Tandrčak, Tas011, The Joker, Tila Painen, TRABAKULA, Username1000, vaci, VaRvArI 85, Velizar Laro, vensla, vidra boy, vidra1, virked, VJ, voja64, zax22r, Zec, ziggga, zil10, zlaya011, zombicar153, zzapNDjuric99, Žrnov

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by