MyCity » Ambulanta -> Arhiva Ambulante » zarazen :(

zarazen :(

Napisano na dan: 26.3.2009

Strana:
1
2

zarazen :(

Sledeća strana

Pagination

Odgovori

Strana:
1
2

mladenreg Poslao: 26 Mar 2009 08:33 Idi na vrh
offline mladenreg Novi MyCity građanin Pridružio: 25 Mar 2009 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Od antivirus programa koristim avast, pri startovanju racunara prijavi mi uvek da mi je zarazen fajl C:\WINDOWS\TEMP\BN2.tmp, a pri zadnjem startovanju mi je prijavio i C:\WINDOWS\system32\drivers\restore.sys. Internet mi radi nenormalno sporo. Unapred hvala na pomoci. A evo ga i log-a programa HijackThis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:16:44, on 26.3.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20935) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Synaptics\SynTP\Toshiba.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\No-IP\DUC20.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Winamp\winamp.exe C:\Documents and Settings\Mladen\Desktop\New Folder\TR3.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = go.microsoft.com/fwlink/?LinkId=74005 O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Edgios IE Toolbar - {C9642A6B-9467-4EB5-9168-F141744AA27F} - C:\Program Files\Edgios\ext\eiexxpw.dll O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: No-IP DUC.lnk = C:\Program Files\No-IP\DUC20.exe O4 - Startup: SDK Tray Menu.lnk = ? O4 - Global Startup: Bluetooth Monitor.lnk = C:\Program Files\TOSHIBA\Bluetooth Monitor\BtMon2.exe O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{57EE2FA2-866F-4123-A125-55DBBACE4FAC}: NameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{57EE2FA2-866F-4123-A125-55DBBACE4FAC}: NameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{57EE2FA2-866F-4123-A125-55DBBACE4FAC}: NameServer = 192.168.1.1 O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- End of file - 8619 bytes

Profil

argus Poslao: 26 Mar 2009 09:13 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav! Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

mladenreg Poslao: 26 Mar 2009 09:30 Idi na vrh
offline mladenreg Novi MyCity građanin Pridružio: 25 Mar 2009 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skinuo sam ComboFix, iskljucio sam avast, ali kada pokusam da startujem ComboFix, samo mi napuni onaj loading bar do kraja i to je to. Cekao sam 10min, ali opet nista, a i nema ga u task manageru.

Profil

argus Poslao: 26 Mar 2009 10:27 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini sa ovog linka http://amf.mycity.rs/programs/mirrored/C-F.exe Obavezno dozvoli update CF-a i instalaciju R.Conzole.

Profil

mladenreg Poslao: 26 Mar 2009 10:46 Idi na vrh
offline mladenreg Novi MyCity građanin Pridružio: 25 Mar 2009 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! I dalje isto. Znaci samo prikaze ucitavanje, na trenutak nestanu ikone, odmah se pojave ponovo i to je to. Ma koliko dugo cekao, opet isto. Dopuna: 26 Mar 2009 10:46 E da, sad mi je napravio folder na c particiji pod nazivom 32788R22FWJFW i unutra se nalaze neki dat i cmd fajlovi.

Profil

argus Poslao: 26 Mar 2009 10:58 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hmm... Moraces da sacekas da se konsultujem sa nekim od kolega.

Profil

mladenreg Poslao: 26 Mar 2009 11:16 Idi na vrh
offline mladenreg Novi MyCity građanin Pridružio: 25 Mar 2009 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini, moja greska. Izbrisao mi je antivirus cmd, pa sam se tek kasnije setio da sam zaboravio da ga vratim. Cim sam ga vratio, odmah je proradilo. Evo ga i log: ComboFix 09-03-25.03 - Mladen 2009-03-26 11:03:07.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1628 [GMT 1:00] Running from: c:\documents and settings\Mladen\Desktop\eeb.exe AV: avast! antivirus 4.8.1335 [VPS 090325-0] On-access scanning disabled (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\pthreadGC2.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_RESTORE ((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 ))))))))))))))))))))))))))))))) . 2009-03-26 11:05 . 2009-03-26 11:05 <DIR> d-------- c:\windows\system32\xircom 2009-03-26 11:05 . 2009-03-26 11:05 <DIR> d-------- c:\program files\microsoft frontpage 2009-03-26 10:59 . 2008-04-14 05:42 389,120 --a------ c:\windows\system32\cmd.exe 2009-03-26 10:59 . 2008-04-14 05:42 69,120 --a------ c:\windows\system32\notepad.exe 2009-03-26 10:16 . 2009-03-26 10:16 <DIR> d-------- c:\documents and settings\Mladen\Application Data\Wowd 2009-03-24 22:47 . 2009-03-24 22:47 <DIR> d-------- c:\windows\Sun 2009-03-24 20:55 . 2009-03-24 20:54 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-24 20:55 . 2009-03-24 20:54 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-24 20:54 . 2009-03-24 20:54 <DIR> d-------- c:\program files\Java 2009-03-24 17:00 . 2009-03-24 17:00 <DIR> d-------- c:\program files\uTorrent 2009-03-24 17:00 . 2009-03-24 17:21 <DIR> d-------- c:\documents and settings\Mladen\Application Data\uTorrent 2009-03-20 14:16 . 2009-03-20 14:16 <DIR> d-------- c:\program files\Alwil Software 2009-03-20 10:08 . 2009-03-20 10:08 182,912 --a------ c:\windows\system32\dllcache\ndis.sys 2009-03-20 10:06 . 2009-03-20 10:06 124 --a------ c:\windows\system32\17C8.tmp 2009-03-20 10:03 . 2009-03-20 10:07 <DIR> d-------- c:\documents and settings\Mladen\Application Data\Sports Interactive 2009-03-20 10:03 . 2009-03-20 10:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive 2009-03-20 10:02 . 2009-03-20 10:02 <DIR> d-------- c:\windows\Logs 2009-03-20 10:00 . 2009-03-20 10:02 <DIR> d--h----- c:\program files\Zero G Registry 2009-03-20 10:00 . 2009-03-20 10:00 <DIR> d-------- c:\program files\Sports Interactive 2009-03-20 10:00 . 2009-03-20 10:00 <DIR> d--h----- c:\documents and settings\Mladen\InstallAnywhere 2009-03-20 00:12 . 2009-03-20 00:12 <DIR> d-------- c:\program files\QuickTime 2009-03-20 00:12 . 2009-03-20 00:12 <DIR> d-------- c:\program files\Apple Software Update 2009-03-20 00:12 . 2009-03-20 00:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-03-20 00:12 . 2009-03-20 00:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2009-03-18 19:46 . 2009-03-18 19:46 <DIR> d--h----- c:\program files\InstallJammer Registry 2009-03-18 19:45 . 2009-03-26 06:53 <DIR> d-------- c:\program files\Edgios 2009-03-18 16:34 . 2009-03-18 16:49 <DIR> d-------- c:\program files\ZAR 2009-03-18 16:34 . 2009-03-25 11:05 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-03-18 15:52 . 2009-03-26 06:54 <DIR> d-------- c:\documents and settings\Mladen\Application Data\Edgios 2009-03-18 15:37 . 2009-03-18 15:37 <DIR> d-------- c:\program files\No-IP 2009-03-18 00:27 . 2009-03-18 00:27 <DIR> d-------- c:\documents and settings\Mladen\Application Data\Media Player Classic 2009-03-17 21:45 . 2009-03-17 21:45 <DIR> d-------- c:\documents and settings\Mladen\Application Data\Subversion 2009-03-12 03:34 . 2009-03-12 03:36 <DIR> d-------- C:\xampp 2009-03-12 03:31 . 2009-03-12 03:31 <DIR> d-------- c:\program files\Adobe Media Player 2009-03-12 03:27 . 2009-03-12 03:27 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-03-12 01:23 . 2009-03-12 01:24 23,500 --a------ c:\windows\system32\productregistry 2009-03-12 01:22 . 2009-03-12 01:22 <DIR> d-------- c:\program files\Sun 2009-03-11 16:18 . 2009-03-11 16:18 <DIR> d--h----- c:\windows\PIF 2009-03-11 01:13 . 2009-03-11 01:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles 2009-03-11 01:11 . 2009-03-11 01:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet 2009-03-11 01:10 . 2009-03-11 01:10 <DIR> d-------- c:\program files\Common Files\Macrovision Shared 2009-03-11 01:09 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll 2009-03-11 01:09 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll 2009-03-10 13:57 . 2009-03-12 03:31 <DIR> d-------- c:\program files\Common Files\Adobe 2009-03-10 13:56 . 2009-03-10 13:56 <DIR> d-------- c:\documents and settings\Mladen\Application Data\Thinstall 2009-03-10 01:00 . 2009-03-10 01:00 <DIR> d-------- c:\program files\Microsoft.NET 2009-03-10 01:00 . 2009-03-10 01:00 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-03-10 01:00 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll 2009-03-10 01:00 . 2009-03-10 01:00 376 --a------ c:\windows\ODBC.INI 2009-03-10 00:59 . 2009-03-10 00:59 <DIR> d-------- c:\windows\SHELLNEW 2009-03-10 00:49 . 2009-03-10 00:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-03-10 00:48 . 2009-03-10 00:49 <DIR> d-------- c:\documents and settings\Mladen\Application Data\DAEMON Tools Pro 2009-03-10 00:47 . 2009-03-10 00:58 <DIR> d-------- c:\program files\DAEMON Tools Pro 2009-03-09 23:19 . 2009-03-09 23:19 <DIR> d-------- c:\program files\Google 2009-03-09 23:15 . 2009-03-09 23:15 <DIR> d-------- c:\program files\IDM Computer Solutions 2009-03-09 23:15 . 2009-03-09 23:15 <DIR> d-------- c:\documents and settings\Mladen\Application Data\IDMComp 2009-03-09 23:02 . 2009-03-09 23:03 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-03-09 23:01 . 2009-03-09 23:02 <DIR> d-------- c:\program files\Common Files\ACD Systems 2009-03-09 23:01 . 2009-03-09 23:01 <DIR> d-------- c:\program files\ACD Systems 2009-03-09 23:01 . 2009-03-09 23:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems 2009-03-09 22:37 . 2009-03-09 22:37 <DIR> d-------- c:\documents and settings\Mladen\Application Data\Systweak 2009-03-09 22:36 . 2009-03-09 22:36 <DIR> d-------- c:\program files\Advanced System Optimizer 2009-03-09 22:35 . 2006-04-17 20:29 569,856 --a------ c:\windows\system32\drivers\CHDAud.sys 2009-03-09 22:35 . 2006-06-27 15:28 122,880 --a------ c:\windows\system32\UCI32107.dll 2009-03-09 22:35 . 2006-04-17 20:29 61,952 --a------ c:\windows\system32\CHDAudPropShortcut.exe 2009-03-09 22:35 . 2006-04-17 20:29 24,064 --a------ c:\windows\system32\CHdAudprop.dll 2009-03-09 22:35 . 2006-04-17 20:29 5,120 --a------ c:\windows\system32\CHdAudPropres.dll 2009-03-09 22:30 . 2009-03-25 01:19 <DIR> d-------- c:\program files\Winamp 2009-03-09 22:30 . 2009-03-09 22:31 <DIR> d-------- c:\documents and settings\Mladen\Application Data\Winamp 2009-03-09 22:24 . 2009-03-25 14:19 <DIR> d-------- c:\program files\Internet Download Manager 2009-03-09 22:24 . 2009-03-22 14:39 <DIR> d-------- c:\documents and settings\Mladen\Application Data\IDM 2009-03-09 22:24 . 2009-03-26 11:06 <DIR> d-------- c:\documents and settings\Mladen\Application Data\DMCache 2009-03-09 22:07 . 2009-03-09 22:07 0 --a------ c:\windows\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-20 09:08 182,912 ----a-w c:\windows\system32\drivers\ndis.sys 2009-03-09 21:01 --------- d-----w c:\program files\CONEXANT 2009-03-09 20:54 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-09 20:54 --------- d-----w c:\program files\TOSHIBA 2009-03-09 20:52 --------- d-----w c:\program files\NetWaiting 2009-03-09 20:52 --------- d-----w c:\documents and settings\Mladen\Application Data\InstallShield 2009-03-09 20:51 --------- d-----w c:\program files\Synaptics 2009-03-09 20:51 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-09 20:41 --------- d-----w c:\program files\Windows Desktop Search 2009-03-09 20:29 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel 2009-03-09 20:29 --------- d-----w c:\documents and settings\Mladen\Application Data\Intel 2009-03-09 20:29 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel 2009-03-09 20:28 21,361 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-03-09 20:28 21,361 ----a-w c:\windows\AegisP.sys 2009-03-09 20:28 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intel 2009-03-09 20:28 --------- d-----w c:\program files\Intel 2009-03-09 20:28 --------- d-----w c:\documents and settings\All Users\Application Data\Intel 2009-03-09 20:27 --------- d-----w c:\program files\DIFX 2009-03-09 20:11 --------- d-----w c:\documents and settings\Mladen\Application Data\Windows Search 2009-03-09 20:07 --------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-03-09 20:04 --------- d-----w c:\documents and settings\Mladen\Application Data\Windows Desktop Search 2009-03-09 19:57 --------- d-----w c:\program files\Windows Media Connect 2 2009-03-09 19:57 --------- d-----w c:\program files\Alky for Applications 2009-03-09 19:46 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-01 09:17 58,112 ----a-w c:\windows\system32\drivers\vdmindvd.sys 2009-02-01 09:17 51,712 ----a-w c:\windows\system32\drivers\tosdvd.sys 2009-02-01 09:17 262,528 ----a-w c:\windows\system32\drivers\cinemst2.sys 2009-02-01 09:17 21,376 ----a-w c:\windows\system32\drivers\tsbvcap.sys 2009-02-01 09:17 18,688 ----a-w c:\windows\system32\drivers\cdaudio.sys 2009-02-01 09:17 12,160 ----a-w c:\windows\system32\drivers\mouhid.sys 2009-02-01 09:17 12,160 ----a-w c:\windows\system32\drivers\fsvga.sys 2009-02-01 09:17 12,032 ----a-w c:\windows\system32\drivers\riodrv.sys 2009-02-01 09:17 12,032 ----a-w c:\windows\system32\drivers\rio8drv.sys 2009-02-01 09:17 12,032 ----a-w c:\windows\system32\drivers\nikedrv.sys 2009-02-01 09:17 11,776 ----a-w c:\windows\system32\drivers\cpqdap01.sys 2009-02-01 09:08 82,944 ----a-w c:\windows\system32\drivers\wudfrd.sys 2009-02-01 09:08 77,568 ----a-w c:\windows\system32\drivers\wudfpf.sys 2009-02-01 09:08 38,528 ----a-w c:\windows\system32\drivers\wpdusb.sys 2009-02-01 09:07 62,848 ----a-w c:\windows\system32\drivers\rspndr.sys 2009-02-01 09:00 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys 2009-02-01 09:00 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2009-02-01 09:00 225,856 ----a-w c:\windows\system32\drivers\tcpip6.sys 2009-02-01 08:59 91,776 ----a-w c:\windows\system32\drivers\ndiswan.sys 2009-02-01 08:59 61,824 ----a-w c:\windows\system32\drivers\ohci1394.sys 2009-02-01 08:59 203,136 ----a-w c:\windows\system32\drivers\RMCast.sys 2009-02-01 08:59 174,848 ----a-w c:\windows\system32\drivers\rdbss.sys 2009-02-01 08:59 139,656 ----a-w c:\windows\system32\drivers\rdpwd.sys 2009-02-01 08:59 105,344 ----a-w c:\windows\system32\drivers\mup.sys 2009-02-01 08:58 92,544 ----a-w c:\windows\system32\drivers\mqac.sys 2009-02-01 08:58 456,704 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2009-02-01 08:58 180,096 ----a-w c:\windows\system32\drivers\mrxdav.sys 2009-02-01 08:57 62,976 ----a-w c:\windows\system32\drivers\cdrom.sys 2009-02-01 08:57 53,504 ----a-w c:\windows\system32\drivers\1394bus.sys 2009-02-01 08:57 36,352 ----a-w c:\windows\system32\drivers\disk.sys 2009-02-01 08:57 138,496 ----a-w c:\windows\system32\drivers\afd.sys 2009-02-01 08:57 1,033,728 ----a-w c:\windows\explorer.exe 2008-09-18 11:06 94,208 ----a-w c:\program files\mozilla firefox\components\eff30pw.dll . ------- Sigcheck ------- 2009-03-20 10:08 213376 b5b1080d35974c0e718d64280761bcd5 c:\windows\system32\dllcache\ndis.sys 2009-03-20 10:08 213376 b5b1080d35974c0e718d64280761bcd5 c:\windows\system32\drivers\ndis.sys 2009-02-01 10:18 2185216 2fad2a355ab8d2611f009c303973fa03 c:\windows\system32\ntkrnlpa.exe 2009-02-01 10:10 2306560 7b7107676307d5ac8f31fbc771492df9 c:\windows\system32\ntoskrnl.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{C9642A6B-9467-4EB5-9168-F141744AA27F}"= "c:\program files\Edgios\ext\eiexxpw.dll" [2008-09-19 151552] [HKEY_CLASSES_ROOT\clsid\{c9642a6b-9467-4eb5-9168-f141744aa27f}] [HKEY_CLASSES_ROOT\EdgiosPlugin.EdgiosToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{67206978-4FEA-42B0-B3FC-DB1D38276494}] [HKEY_CLASSES_ROOT\EdgiosPlugin.EdgiosToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{C9642A6B-9467-4EB5-9168-F141744AA27F}"= "c:\program files\Edgios\ext\eiexxpw.dll" [2008-09-19 151552] [HKEY_CLASSES_ROOT\clsid\{c9642a6b-9467-4eb5-9168-f141744aa27f}] [HKEY_CLASSES_ROOT\EdgiosPlugin.EdgiosToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{67206978-4FEA-42B0-B3FC-DB1D38276494}] [HKEY_CLASSES_ROOT\EdgiosPlugin.EdgiosToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-07-15 931248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 761945] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-16 7557120] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-24 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "_nltide_3"="advpack.dll" [2009-02-01 c:\windows\system32\advpack.dll] c:\documents and settings\Mladen\Start Menu\Programs\Startup\ No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [2009-03-18 1172992] SDK Tray Menu.lnk - c:\program files\Sun\SDK\jdk\bin\javaw.exe [2009-03-12 139264] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Monitor.lnk - c:\program files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2009-03-09 65536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=acaptuser32.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\xampp\\apache\\bin\\apache.exe"= "c:\\xampp\\mysql\\bin\\mysqld.exe"= "c:\\Program Files\\Sun\\SDK\\jdk\\bin\\javaw.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\edgios.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-20 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-20 20560] S3 restore;restore;\??\c:\windows\system32\drivers\restore.sys --> c:\windows\system32\drivers\restore.sys [?] . - - - - ORPHANS REMOVED - - - - HKCU-Run-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe . ------- Supplementary Scan ------- . IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {57EE2FA2-866F-4123-A125-55DBBACE4FAC} = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Mladen\Application Data\Mozilla\Firefox\Profiles\msnc6wty.default\ FF - component: c:\program files\Mozilla Firefox\components\eff30pw.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-26 11:06:50 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-329068152-602609370-1801674531-1003\Software\Genie"!\FM Genie Scout 2009 XE] "GameDir"="c:\\Documents and Settings\\Mladen\\My Documents\\Sports Interactive\\Football Manager 2009\\games" "ShortlistDir"="" "ScreenshotsDir"="c:\\Documents and Settings\\Mladen\\My Documents\\Sports Interactive\\Football Manager 2009" "SaveDir"="c:\\Documents and Settings\\Mladen\\My Documents\\Sports Interactive\\Football Manager 2009\\" "HistoryDir"="g:\\ceo d\\Downloads\\Comperessed\\FM Genie Scout 2009 XE\\History Points" "LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat" "LastSaveGame"="c:\\Documents and Settings\\Mladen\\My Documents\\Sports Interactive\\Football Manager 2009\\games\\Partizan.fm" "Language"="English" "LoadLangDB"=dword:00000001 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:0000005f "SkinName"="Champions League" "LastUpdateCheck"=dword:00000000 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000066 "UniqueID"="A4-A700-EA8F" "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" "Currency"=dword:00000056 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(984) c:\windows\system32\netprovcredman.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\windows\Temp\BN1.tmp c:\program files\Internet Explorer\IEXPLORE.EXE c:\program files\Synaptics\SynTP\Toshiba.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************* . Completion time: 2009-03-26 11:08:50 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-26 10:08:48 Pre-Run: 48.391.634.944 bytes free Post-Run: 48,401,747,968 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 314

Profil

argus Poslao: 26 Mar 2009 12:41 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\drivers\restore.sys Driver:: restore` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

mladenreg Poslao: 26 Mar 2009 12:58 Idi na vrh
offline mladenreg Novi MyCity građanin Pridružio: 25 Mar 2009 Poruke: 10	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-25.03 - Mladen 2009-03-26 12:45:20.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1582 [GMT 1:00] Running from: c:\documents and settings\Mladen\Desktop\eeb.exe Command switches used :: c:\documents and settings\Mladen\Desktop\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 090325-0] On-access scanning disabled (Updated) * Created a new restore point FILE :: c:\windows\system32\drivers\restore.sys . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_restore ((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 ))))))))))))))))))))))))))))))) . 2009-03-26 11:05 . 2009-03-26 11:05 <DIR> d-------- c:\windows\system32\xircom 2009-03-26 11:05 . 2009-03-26 11:05 <DIR> d-------- c:\program files\microsoft frontpage 2009-03-26 10:59 . 2008-04-14 05:42 389,120 --a------ c:\windows\system32\cmd.exe 2009-03-26 10:59 . 2008-04-14 05:42 69,120 --a------ c:\windows\system32\notepad.exe 2009-03-26 10:16 . 2009-03-26 10:16 <DIR> d-------- c:\documents and settings\Mladen\Application Data\Wowd 2009-03-24 22:47 . 2009-03-24 22:47 <DIR> d-------- c:\windows\Sun 2009-03-24 20:55 . 2009-03-24 20:54 410,984 --a------ c:\windows\system32\deploytk.dll 2009-03-24 20:55 . 2009-03-24 20:54 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-03-24 20:54 . 2009-03-24 20:54 <DIR> d-------- c:\program files\Java 2009-03-24 17:00 . 2009-03-24 17:00 <DIR> d-------- c:\program files\uTorrent 2009-03-24 17:00 . 2009-03-24 17:21 <DIR> d-------- c:\documents and settings\Mladen\Application Data\uTorrent 2009-03-20 14:16 . 2009-03-20 14:16 <DIR> d-------- c:\program files\Alwil Software 2009-03-20 10:08 . 2009-03-20 10:08 182,912 --a------ c:\windows\system32\dllcache\ndis.sys 2009-03-20 10:06 . 2009-03-20 10:06 124 --a------ c:\windows\system32\17C8.tmp 2009-03-20 10:03 . 2009-03-20 10:07 <DIR> d-------- c:\documents and settings\Mladen\Application Data\Sports Interactive 2009-03-20 10:03 . 2009-03-20 10:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sports Interactive 2009-03-20 10:02 . 2009-03-20 10:02 <DIR> d-------- c:\windows\Logs 2009-03-20 10:00 . 2009-03-20 10:02 <DIR> d--h----- c:\program files\Zero G Registry 2009-03-20 10:00 . 2009-03-20 10:00 <DIR> d-------- c:\program files\Sports Interactive 2009-03-20 10:00 . 2009-03-20 10:00 <DIR> d--h----- c:\documents and settings\Mladen\InstallAnywhere 2009-03-20 00:12 . 2009-03-20 00:12 <DIR> d-------- c:\program files\QuickTime 2009-03-20 00:12 . 2009-03-20 00:12 <DIR> d-------- c:\program files\Apple Software Update 2009-03-20 00:12 . 2009-03-20 00:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-03-20 00:12 . 2009-03-20 00:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2009-03-18 19:46 . 2009-03-18 19:46 <DIR> d--h----- c:\program files\InstallJammer Registry 2009-03-18 19:45 . 2009-03-26 06:53 <DIR> d-------- c:\program files\Edgios 2009-03-18 16:34 . 2009-03-18 16:49 <DIR> d-------- c:\program files\ZAR 2009-03-18 16:34 . 2009-03-25 11:05 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-03-18 15:52 . 2009-03-26 06:54 <DIR> d-------- c:\documents and settings\Mladen\Application Data\Edgios 2009-03-18 15:37 . 2009-03-18 15:37 <DIR> d-------- c:\program files\No-IP 2009-03-18 00:27 . 2009-03-18 00:27 <DIR> d-------- c:\documents and settings\Mladen\Application Data\Media Player Classic 2009-03-17 21:45 . 2009-03-17 21:45 <DIR> d-------- c:\documents and settings\Mladen\Application Data\Subversion 2009-03-12 03:34 . 2009-03-12 03:36 <DIR> d-------- C:\xampp 2009-03-12 03:31 . 2009-03-12 03:31 <DIR> d-------- c:\program files\Adobe Media Player 2009-03-12 03:27 . 2009-03-12 03:27 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-03-12 01:23 . 2009-03-12 01:24 23,500 --a------ c:\windows\system32\productregistry 2009-03-12 01:22 . 2009-03-12 01:22 <DIR> d-------- c:\program files\Sun 2009-03-11 16:18 . 2009-03-11 16:18 <DIR> d--h----- c:\windows\PIF 2009-03-11 01:13 . 2009-03-11 01:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\nView_Profiles 2009-03-11 01:11 . 2009-03-11 01:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet 2009-03-11 01:10 . 2009-03-11 01:10 <DIR> d-------- c:\program files\Common Files\Macrovision Shared 2009-03-11 01:09 . 2008-04-07 05:38 45,392 -ra------ c:\windows\system32\AdobePDF.dll 2009-03-11 01:09 . 2008-04-07 05:38 22,872 -ra------ c:\windows\system32\AdobePDFUI.dll 2009-03-10 13:57 . 2009-03-12 03:31 <DIR> d-------- c:\program files\Common Files\Adobe 2009-03-10 13:56 . 2009-03-10 13:56 <DIR> d-------- c:\documents and settings\Mladen\Application Data\Thinstall 2009-03-10 01:00 . 2009-03-10 01:00 <DIR> d-------- c:\program files\Microsoft.NET 2009-03-10 01:00 . 2009-03-10 01:00 <DIR> d-------- c:\program files\Microsoft ActiveSync 2009-03-10 01:00 . 2003-06-18 17:31 17,920 --a------ c:\windows\system32\mdimon.dll 2009-03-10 01:00 . 2009-03-10 01:00 376 --a------ c:\windows\ODBC.INI 2009-03-10 00:59 . 2009-03-10 00:59 <DIR> d-------- c:\windows\SHELLNEW 2009-03-10 00:49 . 2009-03-10 00:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-03-10 00:48 . 2009-03-10 00:49 <DIR> d-------- c:\documents and settings\Mladen\Application Data\DAEMON Tools Pro 2009-03-10 00:47 . 2009-03-10 00:58 <DIR> d-------- c:\program files\DAEMON Tools Pro 2009-03-09 23:19 . 2009-03-09 23:19 <DIR> d-------- c:\program files\Google 2009-03-09 23:15 . 2009-03-09 23:15 <DIR> d-------- c:\program files\IDM Computer Solutions 2009-03-09 23:15 . 2009-03-09 23:15 <DIR> d-------- c:\documents and settings\Mladen\Application Data\IDMComp 2009-03-09 23:02 . 2009-03-09 23:03 <DIR> d-------- c:\program files\K-Lite Codec Pack 2009-03-09 23:01 . 2009-03-09 23:02 <DIR> d-------- c:\program files\Common Files\ACD Systems 2009-03-09 23:01 . 2009-03-09 23:01 <DIR> d-------- c:\program files\ACD Systems 2009-03-09 23:01 . 2009-03-09 23:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems 2009-03-09 22:37 . 2009-03-09 22:37 <DIR> d-------- c:\documents and settings\Mladen\Application Data\Systweak 2009-03-09 22:36 . 2009-03-09 22:36 <DIR> d-------- c:\program files\Advanced System Optimizer 2009-03-09 22:35 . 2006-04-17 20:29 569,856 --a------ c:\windows\system32\drivers\CHDAud.sys 2009-03-09 22:35 . 2006-06-27 15:28 122,880 --a------ c:\windows\system32\UCI32107.dll 2009-03-09 22:35 . 2006-04-17 20:29 61,952 --a------ c:\windows\system32\CHDAudPropShortcut.exe 2009-03-09 22:35 . 2006-04-17 20:29 24,064 --a------ c:\windows\system32\CHdAudprop.dll 2009-03-09 22:35 . 2006-04-17 20:29 5,120 --a------ c:\windows\system32\CHdAudPropres.dll 2009-03-09 22:30 . 2009-03-25 01:19 <DIR> d-------- c:\program files\Winamp 2009-03-09 22:30 . 2009-03-09 22:31 <DIR> d-------- c:\documents and settings\Mladen\Application Data\Winamp 2009-03-09 22:24 . 2009-03-25 14:19 <DIR> d-------- c:\program files\Internet Download Manager 2009-03-09 22:24 . 2009-03-22 14:39 <DIR> d-------- c:\documents and settings\Mladen\Application Data\IDM 2009-03-09 22:24 . 2009-03-26 12:49 <DIR> d-------- c:\documents and settings\Mladen\Application Data\DMCache 2009-03-09 22:07 . 2009-03-09 22:07 0 --a------ c:\windows\nsreg.dat . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-20 09:08 182,912 ----a-w c:\windows\system32\drivers\ndis.sys 2009-03-09 21:01 --------- d-----w c:\program files\CONEXANT 2009-03-09 20:54 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-09 20:54 --------- d-----w c:\program files\TOSHIBA 2009-03-09 20:52 --------- d-----w c:\program files\NetWaiting 2009-03-09 20:52 --------- d-----w c:\documents and settings\Mladen\Application Data\InstallShield 2009-03-09 20:51 --------- d-----w c:\program files\Synaptics 2009-03-09 20:51 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-09 20:41 --------- d-----w c:\program files\Windows Desktop Search 2009-03-09 20:29 --------- d-----w c:\documents and settings\NetworkService\Application Data\Intel 2009-03-09 20:29 --------- d-----w c:\documents and settings\Mladen\Application Data\Intel 2009-03-09 20:29 --------- d-----w c:\documents and settings\LocalService\Application Data\Intel 2009-03-09 20:28 21,361 ----a-w c:\windows\system32\drivers\AegisP.sys 2009-03-09 20:28 21,361 ----a-w c:\windows\AegisP.sys 2009-03-09 20:28 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Intel 2009-03-09 20:28 --------- d-----w c:\program files\Intel 2009-03-09 20:28 --------- d-----w c:\documents and settings\All Users\Application Data\Intel 2009-03-09 20:27 --------- d-----w c:\program files\DIFX 2009-03-09 20:11 --------- d-----w c:\documents and settings\Mladen\Application Data\Windows Search 2009-03-09 20:07 --------- d-----w c:\documents and settings\All Users\Application Data\ESET 2009-03-09 20:04 --------- d-----w c:\documents and settings\Mladen\Application Data\Windows Desktop Search 2009-03-09 19:57 --------- d-----w c:\program files\Windows Media Connect 2 2009-03-09 19:57 --------- d-----w c:\program files\Alky for Applications 2009-03-09 19:46 --------- d-----w c:\program files\Microsoft Silverlight 2009-02-01 09:17 58,112 ----a-w c:\windows\system32\drivers\vdmindvd.sys 2009-02-01 09:17 51,712 ----a-w c:\windows\system32\drivers\tosdvd.sys 2009-02-01 09:17 262,528 ----a-w c:\windows\system32\drivers\cinemst2.sys 2009-02-01 09:17 21,376 ----a-w c:\windows\system32\drivers\tsbvcap.sys 2009-02-01 09:17 18,688 ----a-w c:\windows\system32\drivers\cdaudio.sys 2009-02-01 09:17 12,160 ----a-w c:\windows\system32\drivers\mouhid.sys 2009-02-01 09:17 12,160 ----a-w c:\windows\system32\drivers\fsvga.sys 2009-02-01 09:17 12,032 ----a-w c:\windows\system32\drivers\riodrv.sys 2009-02-01 09:17 12,032 ----a-w c:\windows\system32\drivers\rio8drv.sys 2009-02-01 09:17 12,032 ----a-w c:\windows\system32\drivers\nikedrv.sys 2009-02-01 09:17 11,776 ----a-w c:\windows\system32\drivers\cpqdap01.sys 2009-02-01 09:08 82,944 ----a-w c:\windows\system32\drivers\wudfrd.sys 2009-02-01 09:08 77,568 ----a-w c:\windows\system32\drivers\wudfpf.sys 2009-02-01 09:08 38,528 ----a-w c:\windows\system32\drivers\wpdusb.sys 2009-02-01 09:07 62,848 ----a-w c:\windows\system32\drivers\rspndr.sys 2009-02-01 09:00 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys 2009-02-01 09:00 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2009-02-01 09:00 225,856 ----a-w c:\windows\system32\drivers\tcpip6.sys 2009-02-01 08:59 91,776 ----a-w c:\windows\system32\drivers\ndiswan.sys 2009-02-01 08:59 61,824 ----a-w c:\windows\system32\drivers\ohci1394.sys 2009-02-01 08:59 203,136 ----a-w c:\windows\system32\drivers\RMCast.sys 2009-02-01 08:59 174,848 ----a-w c:\windows\system32\drivers\rdbss.sys 2009-02-01 08:59 139,656 ----a-w c:\windows\system32\drivers\rdpwd.sys 2009-02-01 08:59 105,344 ----a-w c:\windows\system32\drivers\mup.sys 2009-02-01 08:58 92,544 ----a-w c:\windows\system32\drivers\mqac.sys 2009-02-01 08:58 456,704 ----a-w c:\windows\system32\drivers\mrxsmb.sys 2009-02-01 08:58 180,096 ----a-w c:\windows\system32\drivers\mrxdav.sys 2009-02-01 08:57 62,976 ----a-w c:\windows\system32\drivers\cdrom.sys 2009-02-01 08:57 53,504 ----a-w c:\windows\system32\drivers\1394bus.sys 2009-02-01 08:57 36,352 ----a-w c:\windows\system32\drivers\disk.sys 2009-02-01 08:57 138,496 ----a-w c:\windows\system32\drivers\afd.sys 2009-02-01 08:57 1,033,728 ----a-w c:\windows\explorer.exe 2008-09-18 11:06 94,208 ----a-w c:\program files\mozilla firefox\components\eff30pw.dll . ------- Sigcheck ------- 2009-03-20 10:08 213376 b5b1080d35974c0e718d64280761bcd5 c:\windows\system32\dllcache\ndis.sys 2009-03-20 10:08 213376 b5b1080d35974c0e718d64280761bcd5 c:\windows\system32\drivers\ndis.sys 2009-02-01 10:18 2185216 2fad2a355ab8d2611f009c303973fa03 c:\windows\system32\ntkrnlpa.exe 2009-02-01 10:10 2306560 7b7107676307d5ac8f31fbc771492df9 c:\windows\system32\ntoskrnl.exe . ((((((((((((((((((((((((((((( SnapShot@2009-03-26_11.08.17.17 ))))))))))))))))))))))))))))))))))))))))) . - 2009-03-26 10:06:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-03-26 11:48:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-03-26 10:06:05 1,048,576 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2009-03-26 11:48:52 1,064,960 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-03-26 10:06:04 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009032620090327\index.dat + 2009-03-26 11:48:52 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012009032620090327\index.dat - 2009-03-26 10:06:04 49,152 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-03-26 11:48:52 49,152 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2009-03-26 09:34:15 40,394 ----a-w c:\windows\system32\perfc009.dat + 2009-03-26 10:09:45 40,394 ----a-w c:\windows\system32\perfc009.dat - 2009-03-26 09:34:15 312,172 ----a-w c:\windows\system32\perfh009.dat + 2009-03-26 10:09:45 312,172 ----a-w c:\windows\system32\perfh009.dat + 2009-03-26 11:48:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_76c.dat + 2009-03-26 11:48:25 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_cc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{C9642A6B-9467-4EB5-9168-F141744AA27F}"= "c:\program files\Edgios\ext\eiexxpw.dll" [2008-09-19 151552] [HKEY_CLASSES_ROOT\clsid\{c9642a6b-9467-4eb5-9168-f141744aa27f}] [HKEY_CLASSES_ROOT\EdgiosPlugin.EdgiosToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{67206978-4FEA-42B0-B3FC-DB1D38276494}] [HKEY_CLASSES_ROOT\EdgiosPlugin.EdgiosToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{C9642A6B-9467-4EB5-9168-F141744AA27F}"= "c:\program files\Edgios\ext\eiexxpw.dll" [2008-09-19 151552] [HKEY_CLASSES_ROOT\clsid\{c9642a6b-9467-4eb5-9168-f141744aa27f}] [HKEY_CLASSES_ROOT\EdgiosPlugin.EdgiosToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{67206978-4FEA-42B0-B3FC-DB1D38276494}] [HKEY_CLASSES_ROOT\EdgiosPlugin.EdgiosToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-07-15 931248] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-10-08 995328] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-10-08 1101824] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-12-17 761945] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-16 7557120] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-24 148888] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "_nltide_3"="advpack.dll" [2009-02-01 c:\windows\system32\advpack.dll] c:\documents and settings\Mladen\Start Menu\Programs\Startup\ No-IP DUC.lnk - c:\program files\No-IP\DUC20.exe [2009-03-18 1172992] SDK Tray Menu.lnk - c:\program files\Sun\SDK\jdk\bin\javaw.exe [2009-03-12 139264] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth Monitor.lnk - c:\program files\TOSHIBA\Bluetooth Monitor\BtMon2.exe [2009-03-09 65536] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=acaptuser32.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\xampp\\apache\\bin\\apache.exe"= "c:\\xampp\\mysql\\bin\\mysqld.exe"= "c:\\Program Files\\Sun\\SDK\\jdk\\bin\\javaw.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\edgios.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-20 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-20 20560] --- Other Services/Drivers In Memory --- NewlyCreated - RESTORE . . ------- Supplementary Scan ------- . IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {57EE2FA2-866F-4123-A125-55DBBACE4FAC} = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Mladen\Application Data\Mozilla\Firefox\Profiles\msnc6wty.default\ FF - component: c:\program files\Mozilla Firefox\components\eff30pw.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-26 12:49:32 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-329068152-602609370-1801674531-1003\Software\Genie"!\FM Genie Scout 2009 XE] "GameDir"="c:\\Documents and Settings\\Mladen\\My Documents\\Sports Interactive\\Football Manager 2009\\games" "ShortlistDir"="" "ScreenshotsDir"="c:\\Documents and Settings\\Mladen\\My Documents\\Sports Interactive\\Football Manager 2009" "SaveDir"="c:\\Documents and Settings\\Mladen\\My Documents\\Sports Interactive\\Football Manager 2009\\" "HistoryDir"="g:\\ceo d\\Downloads\\Comperessed\\FM Genie Scout 2009 XE\\History Points" "LangDB"="c:\\Program Files\\Sports Interactive\\Football Manager 2009\\data\\updates\\update-910\\db\\910\\lang_db.dat" "LastSaveGame"="c:\\Documents and Settings\\Mladen\\My Documents\\Sports Interactive\\Football Manager 2009\\games\\Partizan.fm" "Language"="English" "LoadLangDB"=dword:00000001 "CompressHistoryPoints"=dword:00000000 "HighlightedAttributes"=dword:00000000 "MinCondition"=dword:0000005f "SkinName"="Champions League" "LastUpdateCheck"=dword:00000000 "HighQualityGUI"=dword:00000001 "AutomaticallyUpdateCheck"=dword:00000001 "AdvancedGeneration"=dword:00000000 "TranslateStaffSkills"=dword:00000001 "TranslatePlayerSkills"=dword:00000001 "TranslatePositions"=dword:00000001 "ShowHistory"=dword:00000001 "Version"=dword:00000066 "UniqueID"="A4-A700-EA8F" "UseProxy"=dword:00000000 "ProxyHost"="" "ProxyPort"="" "UseAuthentication"=dword:00000000 "UserName"="" "UserPassword"="" "Currency"=dword:00000056 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(984) c:\windows\system32\netprovcredman.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\windows\Temp\BN1.tmp c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Internet Explorer\IEXPLORE.EXE c:\program files\Synaptics\SynTP\Toshiba.exe c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe . ************************************************************************* . Completion time: 2009-03-26 12:51:28 - machine was rebooted ComboFix-quarantined-files.txt 2009-03-26 11:51:25 ComboFix2.txt 2009-03-26 10:08:51 Pre-Run: 48.396.689.408 bytes free Post-Run: 48,384,065,536 bytes free 326

Profil

argus Poslao: 26 Mar 2009 13:05 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kazi kakva je situacija sada ?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » zarazen :(

Ko je trenutno na forumu

Ukupno su 975 korisnika na forumu :: 30 registrovanih, 4 sakrivenih i 941 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: aleksmajstor, arsa, Atomski čoban, banebeograd, boske81, branko7, cikadeda, Hexe, HrcAk47, Istman, kuntalo, Lieutenant, Metanoja, Mi lao shu, Milometer, Milos1389, MrNo, nenad81, Oscar, Sass Drake, shaja1, theNedjeljko, tmanda323, Tvrtko I, vasa.93, vathra, virked, voja64, x9, zbazin

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by