MyCity » Ambulanta -> Arhiva Ambulante » Malware itd...

Malware itd...

Napisano na dan: 14.2.2010

Strana:
1
2

Malware itd...

Pagination

Prethodna strana

Odgovori

Strana:
1
2

Braco_Cacak Poslao: 17 Feb 2010 01:04 Idi na vrh
offline Braco_Cacak Novi MyCity građanin Pridružio: 14 Feb 2010 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! helen1 ::Otvoriti Notepad i iskopirati sledeci tekst: `Firefox:: FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\48hlf7sm.default\ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCfox000&fl=0&ptb=araVbGtBvwB2r5ypNid4vg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. ComboFix 10-02-12.01 - Admin 17.02.2010 0:23.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.286 [GMT 1:00] Running from: d:\downloads\ComboFix.exe Command switches used :: d:\downloads\CFScript.txt AV: ESET NOD32 Antivirus 4.0 On-access scanning enabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\FunWebProducts c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\CHROME.MANIFEST c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\1.bin\F3DTactl.dll c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3HTmlmu.dll c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR c:\program files\MyWebSearch\bar\1.bin\F3REGHK.DLL c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG c:\program files\MyWebSearch\bar\1.bin\INSTALL.RDF c:\program files\MyWebSearch\bar\1.bin\M3AUXSTB.DLL c:\program files\MyWebSearch\bar\1.bin\M3DLGHK.DLL c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE c:\program files\MyWebSearch\bar\1.bin\M3HTml.dll c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S c:\program files\MyWebSearch\bar\Game\CHESS.F3S c:\program files\MyWebSearch\bar\Game\REVERSI.F3S c:\program files\MyWebSearch\bar\icons\CM.ICO c:\program files\MyWebSearch\bar\icons\MFC.ICO c:\program files\MyWebSearch\bar\icons\PSS.ICO c:\program files\MyWebSearch\bar\icons\SMILEY.ICO c:\program files\MyWebSearch\bar\icons\WB.ICO c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\windows\system32\f3PSSavr.scr Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll c:\windows\system32\calc.exe . . . is infected!! c:\windows\system32\winlogon.exe . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE -------\Service_MyWebSearchService ((((((((((((((((((((((((( Files Created from 2010-01-16 to 2010-02-16 ))))))))))))))))))))))))))))))) . 9999-02-10 23:17 . 9999-02-10 23:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-02-06 23:08 . 2010-02-06 23:08 -------- d-----w- c:\program files\Google 2010-02-05 09:23 . 2010-02-05 09:23 -------- d-----w- c:\documents and settings\Admin\Application Data\CoSoSys 2010-01-27 00:27 . 2010-01-27 00:27 -------- d-----w- c:\program files\iXi Tools 2010-01-27 00:22 . 2010-01-27 00:22 -------- d-----w- c:\program files\Lavalys 2010-01-27 00:11 . 2010-01-27 00:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-27 00:04 . 2009-01-27 01:07 -------- d-----w- c:\program files\SpeedFan 2010-01-26 23:02 . 2010-01-26 23:08 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-01-26 20:27 . 2010-01-26 20:37 -------- d-----w- c:\program files\EASEUS 2010-01-25 17:37 . 2010-01-25 17:37 -------- d-----w- c:\program files\EA GAMES 2010-01-25 17:03 . 2010-01-25 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2010-01-25 16:59 . 2009-02-25 14:15 593920 ------w- c:\windows\system32\ati2sgag.exe 2010-01-25 16:34 . 2010-01-25 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2010-01-21 16:47 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 9999-10-01 14:28 . 2002-02-13 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-02-14 21:07 . 2009-10-13 14:29 -------- d-----w- c:\program files\Cheat Engine 2010-01-26 23:50 . 2002-02-13 10:20 -------- d-----w- c:\program files\Ahead 2010-01-26 20:27 . 2002-02-13 10:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-26 20:27 . 2009-11-01 23:38 -------- d-----w- c:\documents and settings\Admin\Application Data\GetRightToGo 2010-01-26 14:54 . 2002-02-13 10:28 46648 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-25 17:01 . 2002-02-13 10:25 -------- d-----w- c:\program files\ATI Technologies 2010-01-24 22:59 . 2002-02-13 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-21 16:26 . 2009-05-14 07:42 -------- d-----w- c:\documents and settings\Admin\Application Data\Wildfire 2010-01-21 01:29 . 2009-06-17 17:14 -------- d-----w- c:\program files\AlienGUIse 2010-01-21 01:28 . 2009-06-17 17:14 -------- d-----w- c:\program files\Common Files\Stardock 2010-01-20 10:19 . 2009-05-20 11:19 -------- d-----w- c:\program files\AutoCAD 2006 2010-01-20 10:19 . 2009-05-20 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2010-01-20 10:19 . 2009-05-20 11:18 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2010-01-20 10:09 . 2002-02-13 09:47 -------- d-----w- c:\program files\Winamp 2010-01-20 09:58 . 2009-07-02 02:19 -------- d-----w- c:\program files\DaemonTools_WhenUSave_Installer 2010-01-07 15:07 . 2003-02-12 04:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2003-02-12 04:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-26 15:56 . 2009-12-26 15:56 -------- d-----w- c:\program files\Opera . ------- Sigcheck ------- [-] 2002-12-31 . CE3EC03C9F65302E44AF5C452D20A86F . 360832 . . [5.1.2600.3244] . . c:\windows\system32\drivers\tcpip.sys [-] 2002-12-31 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-06 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 22:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\wbsys.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0smrgdf c:\program files\iolo\System Mechanic 4 [HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Alienware Dock.lnk] path=c:\documents and settings\Admin\Start Menu\Programs\Startup\Alienware Dock.lnk backup=c:\windows\pss\Alienware Dock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\Admin\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Yahoo! Widgets.lnk] path=c:\documents and settings\Admin\Start Menu\Programs\Startup\Yahoo! Widgets.lnk backup=c:\windows\pss\Yahoo! Widgets.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=c:\windows\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RtlWake.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RtlWake.lnk backup=c:\windows\pss\RtlWake.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2004-08-03 23:56 110592 ----a-w- c:\windows\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2002-12-31 12:00 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] 2009-05-14 14:47 2029640 ----a-w- c:\program files\Eset\ESET NOD32 Antivirus\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-09-06 03:06 133104 ----atw- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-09-02 14:27 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2009-02-25 14:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-02-22 03:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu] 2009-03-19 15:38 2171392 ----a-w- c:\program files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YahooWidgets] 2009-03-19 15:38 4742184 ----a-w- c:\program files\Transform XP to Vista\Yahoo! Widgets\Widgets\YahooWidgets.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.5.2009 12:44 639224] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360] R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9.12.2009 21:30 54752] R2 TTFixerService;NST ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [13.2.2002 10:40 10240] S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 22:48 704864] S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl8180.sys [13.2.2002 11:38 180736] --- Other Services/Drivers In Memory --- NewlyCreated* - ASPI32 . Contents of the 'Scheduled Tasks' folder 2010-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-492894223-1343024091-1004Core.job - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-06 03:06] 2010-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-492894223-1343024091-1004UA.job - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-06 03:06] . . ------- Supplementary Scan ------- . uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZNfox000&ptb=1awO03hNycnevG2uL1FKSg mStart Page = about:blank FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\48hlf7sm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . - - - - ORPHANS REMOVED - - - - HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-02-17 00:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x823D41D8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf859af10 \Driver\ACPI -> ACPI.sys @ 0xf83fecb8 \Driver\atapi -> 0x823d41d8 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a00ad ParseProcedure -> ntoskrnl.exe @ 0x80570e7d \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a00ad ParseProcedure -> ntoskrnl.exe @ 0x80570e7d NDIS: VIA Compatable Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf827eba0 PacketIndicateHandler -> NDIS.sys @ 0xf828bb21 SendHandler -> NDIS.sys @ 0xf826987b Warning: possible MBR rootkit infection ! user & kernel MBR OK ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-448539723-492894223-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(828-) c:\windows\system32\Ati2evxx.dll c:\program files\AlienGUIse\fastload.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2010-02-17 00:32:36 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-16 23:32 ComboFix2.txt 2010-02-15 10:59 ComboFix3.txt 2010-02-14 21:14 Pre-Run: 11.626.565.632 bytes free Post-Run: 11.618.750.464 bytes free - - End Of File - - 5D1B25BE1CF0CFAF7F1EDFFB2787CAAD

Profil

helen1 Poslao: 17 Feb 2010 08:26 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jos malo pa gotovo: Otvoriti Notepad i iskopirati sledeci tekst: `DDS:: uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZNfox000&ptb=1awO03hNycnevG2uL1FKSg` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Braco_Cacak Poslao: 17 Feb 2010 12:36 Idi na vrh
offline Braco_Cacak Novi MyCity građanin Pridružio: 14 Feb 2010 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! helen1 ::Jos malo pa gotovo: Otvoriti Notepad i iskopirati sledeci tekst: `DDS:: uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZNfox000&ptb=1awO03hNycnevG2uL1FKSg` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. ComboFix 10-02-12.01 - Admin 17.02.2010 11:57:11.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.296 [GMT 1:00] Running from: d:\downloads\ComboFix.exe Command switches used :: d:\downloads\CFScript.txt AV: ESET NOD32 Antivirus 4.0 On-access scanning enabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll c:\windows\system32\calc.exe . . . is infected!! c:\windows\system32\winlogon.exe . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2010-01-17 to 2010-02-17 ))))))))))))))))))))))))))))))) . 9999-02-10 23:17 . 9999-02-10 23:17 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2010-02-06 23:08 . 2010-02-06 23:08 -------- d-----w- c:\program files\Google 2010-02-05 09:23 . 2010-02-05 09:23 -------- d-----w- c:\documents and settings\Admin\Application Data\CoSoSys 2010-01-27 00:27 . 2010-01-27 00:27 -------- d-----w- c:\program files\iXi Tools 2010-01-27 00:22 . 2010-01-27 00:22 -------- d-----w- c:\program files\Lavalys 2010-01-27 00:11 . 2010-01-27 00:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-27 00:04 . 2009-01-27 01:07 -------- d-----w- c:\program files\SpeedFan 2010-01-26 23:02 . 2010-01-26 23:08 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-01-26 20:27 . 2010-01-26 20:37 -------- d-----w- c:\program files\EASEUS 2010-01-25 17:37 . 2010-01-25 17:37 -------- d-----w- c:\program files\EA GAMES 2010-01-25 17:03 . 2010-01-25 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2010-01-25 16:59 . 2009-02-25 14:15 593920 ------w- c:\windows\system32\ati2sgag.exe 2010-01-25 16:34 . 2010-01-25 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters 2010-01-21 16:47 . 1998-10-29 15:45 306688 ----a-w- c:\windows\IsUninst.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 9999-10-01 14:28 . 2002-02-13 09:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-02-14 21:07 . 2009-10-13 14:29 -------- d-----w- c:\program files\Cheat Engine 2010-01-26 23:50 . 2002-02-13 10:20 -------- d-----w- c:\program files\Ahead 2010-01-26 20:27 . 2002-02-13 10:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-26 20:27 . 2009-11-01 23:38 -------- d-----w- c:\documents and settings\Admin\Application Data\GetRightToGo 2010-01-26 14:54 . 2002-02-13 10:28 46648 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-01-25 17:01 . 2002-02-13 10:25 -------- d-----w- c:\program files\ATI Technologies 2010-01-24 22:59 . 2002-02-13 10:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-01-21 16:26 . 2009-05-14 07:42 -------- d-----w- c:\documents and settings\Admin\Application Data\Wildfire 2010-01-21 01:29 . 2009-06-17 17:14 -------- d-----w- c:\program files\AlienGUIse 2010-01-21 01:28 . 2009-06-17 17:14 -------- d-----w- c:\program files\Common Files\Stardock 2010-01-20 10:19 . 2009-05-20 11:19 -------- d-----w- c:\program files\AutoCAD 2006 2010-01-20 10:19 . 2009-05-20 11:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Autodesk 2010-01-20 10:19 . 2009-05-20 11:18 -------- d-----w- c:\program files\Common Files\Autodesk Shared 2010-01-20 10:09 . 2002-02-13 09:47 -------- d-----w- c:\program files\Winamp 2010-01-20 09:58 . 2009-07-02 02:19 -------- d-----w- c:\program files\DaemonTools_WhenUSave_Installer 2010-01-07 15:07 . 2003-02-12 04:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2003-02-12 04:30 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-26 15:56 . 2009-12-26 15:56 -------- d-----w- c:\program files\Opera . ------- Sigcheck ------- [-] 2002-12-31 . CE3EC03C9F65302E44AF5C452D20A86F . 360832 . . [5.1.2600.3244] . . c:\windows\system32\drivers\tcpip.sys [-] 2002-12-31 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-06 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-11-21 35328] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] 2001-12-20 22:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\wbsys.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0smrgdf c:\program files\iolo\System Mechanic 4 [HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Alienware Dock.lnk] path=c:\documents and settings\Admin\Start Menu\Programs\Startup\Alienware Dock.lnk backup=c:\windows\pss\Alienware Dock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\documents and settings\Admin\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^Yahoo! Widgets.lnk] path=c:\documents and settings\Admin\Start Menu\Programs\Startup\Yahoo! Widgets.lnk backup=c:\windows\pss\Yahoo! Widgets.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=c:\windows\pss\BlueSoleil.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RtlWake.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RtlWake.lnk backup=c:\windows\pss\RtlWake.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-10-14 23:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2004-08-03 23:56 110592 ----a-w- c:\windows\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2002-12-31 12:00 15360 ------w- c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] 2006-11-12 10:48 157592 ----a-w- c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] 2009-05-14 14:47 2029640 ----a-w- c:\program files\Eset\ESET NOD32 Antivirus\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-09-06 03:06 133104 ----atw- c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-09-02 14:27 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2009-02-25 14:38 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2008-02-22 03:25 144784 ----a-w- c:\program files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu] 2009-03-19 15:38 2171392 ----a-w- c:\program files\Transform XP to Vista\Vista Start Menu\VistaStartMenu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YahooWidgets] 2009-03-19 15:38 4742184 ----a-w- c:\program files\Transform XP to Vista\Yahoo! Widgets\Widgets\YahooWidgets.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.5.2009 12:44 639224] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14.5.2009 15:47 107256] R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [14.5.2009 15:49 94360] R2 ekrn;ESET Service;c:\program files\Eset\ESET NOD32 Antivirus\ekrn.exe [14.5.2009 15:47 731840] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [9.12.2009 21:30 54752] R2 TTFixerService;NST ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [13.2.2002 10:40 10240] S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 22:48 704864] S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\rtl8180.sys [13.2.2002 11:38 180736] --- Other Services/Drivers In Memory --- NewlyCreated* - ASPI32 . Contents of the 'Scheduled Tasks' folder 2010-02-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-492894223-1343024091-1004Core.job - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-06 03:06] 2010-02-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-492894223-1343024091-1004UA.job - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-06 03:06] . . ------- Supplementary Scan ------- . mStart Page = about:blank FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\48hlf7sm.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-02-17 12:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x823D41D8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf859af10 \Driver\ACPI -> ACPI.sys @ 0xf83fecb8 \Driver\atapi -> 0x823d41d8 IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a00ad ParseProcedure -> ntoskrnl.exe @ 0x80570e7d \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a00ad ParseProcedure -> ntoskrnl.exe @ 0x80570e7d NDIS: VIA Compatable Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf827eba0 PacketIndicateHandler -> NDIS.sys @ 0xf828bb21 SendHandler -> NDIS.sys @ 0xf826987b Warning: possible MBR rootkit infection ! user & kernel MBR OK ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-448539723-492894223-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] @Denied: (Full) (LocalSystem) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(828-) c:\windows\system32\Ati2evxx.dll c:\program files\AlienGUIse\fastload.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\windows\system32\wscntfy.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe . ************************************************************************ . Completion time: 2010-02-17 12:05:39 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-17 11:05 ComboFix2.txt 2010-02-16 23:32 ComboFix3.txt 2010-02-15 10:59 ComboFix4.txt 2010-02-14 21:14 Pre-Run: 11.638.312.960 bytes free Post-Run: 11.630.755.840 bytes free - - End Of File - - 6D9D021B7B3A3CE2BC3B66BCC85BBA16

Profil

helen1 Poslao: 17 Feb 2010 13:59 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kakvo je sada stanje?

Profil

Braco_Cacak Poslao: 17 Feb 2010 19:19 Idi na vrh
offline Braco_Cacak Novi MyCity građanin Pridružio: 14 Feb 2010 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! helen1 ::Kakvo je sada stanje? Deluje ok,samo cim otvorim GoogleChrome pojavi se plavi ekran,i mora da se gasi komp.. :/

Profil

helen1 Poslao: 17 Feb 2010 20:52 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! To bi bilo to. To za Chrome nije vezano za malware. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi.

Profil

Braco_Cacak Poslao: 17 Feb 2010 21:57 Idi na vrh
offline Braco_Cacak Novi MyCity građanin Pridružio: 14 Feb 2010 Poruke: 9	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok,hvala puno,stvarno sam vam zahvalan!Malo je ljudi koji danas zele da pomognu nekom bez ikakve nadoknade ili nekog drugog interesa...Pozz!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Malware itd...

Ko je trenutno na forumu

Ukupno su 993 korisnika na forumu :: 35 registrovanih, 6 sakrivenih i 952 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., aramis s, avijacija, Bobrock1, bojanM84, BSD, cemix, colji, Georgius, ivan1973, ivan979, Kanader, kikisp, Koja79, kybonacci, laki_bb, lcc, Libertas, menges, Mercury, Metanoja, nebojsag, novator, Panter, pein, Povratak1912, Prašinar, rodoljub, sabac015555m, Sir Budimir, vaso1, Vatreni Zmaj, vladaa012, wolverined4, yrraf

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by