MyCity » Ambulanta -> Arhiva Ambulante » Veliki problemi sa kompjuterom!

Veliki problemi sa kompjuterom!

Napisano na dan: 23.7.2010

Strana:
1
2
3

Veliki problemi sa kompjuterom!

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

50nE Poslao: 23 Jul 2010 15:29 Idi na vrh
offline 50nE Građanin Pridružio: 01 Nov 2008 Poruke: 87 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Teško otvara bilo koju aplikaciju...bilo koji program... Kada uključim kompjuter,pojavi se desktop ali nakon minut/2 tek se pojavi zvuk WELCOME.... Internet slabo radi...Google Chrom,neće ni da čuje... U bilo koji veći program da uđem za koji je potreban malo više kukica ovo ono...Plavo na ekreanu se pojavi...Opšte rasulo...Pokušajte i vidite u čemu je problem! Hvala!!! ......... DDS (Ver_10-03-17.01) - NTFSx86 Run by Sone at 15:22:19,81 on pet 23.07.2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.639.298 [GMT 2:00] AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\CTFMON.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Sone\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\system32\wscntfy.exe C:\Documents and Settings\Sone\Desktop\dds.scr C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=GRman000&ptb=4Yewad9Ji5xiKh.xL2ns3A uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=4Yewad9Ji5xiKh.xL2ns3A&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uURLSearchHooks: ImTranslator Pro Toolbar: {fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - c:\program files\imtranslator_pro\tbImTr.dll uURLSearchHooks: MB2 Toolbar: {013a635f-e3aa-4371-b682-ece95ca974b0} - c:\program files\mb2\tbMB2.dll mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - BHO: MB2 Toolbar: {013a635f-e3aa-4371-b682-ece95ca974b0} - c:\program files\mb2\tbMB2.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: ImTranslator Pro Toolbar: {fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - c:\program files\imtranslator_pro\tbImTr.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: ImTranslator Pro Toolbar: {fae3e6b1-1936-40d6-9acc-59ebcf661ccb} - c:\program files\imtranslator_pro\tbImTr.dll TB: MB2 Toolbar: {013a635f-e3aa-4371-b682-ece95ca974b0} - c:\program files\mb2\tbMB2.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S uRun: [DLD.EXE] c:\program files\download direct\DLD.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\sone\local settings\application data\google\update\GoogleUpdate.exe" /c mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe" mRun: [SoundMan] SOUNDMAN.EXE mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" mRun: [snpstd] c:\windows\vsnpstd.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\documents and settings\sone\start menu\programs\startup\srvklw32.exe IE: &Search IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\sone\applic~1\mozilla\firefox\profiles\8hmgzklw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT189560&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=4Yewad9Ji5xiKh.xL2ns3A&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - component: c:\documents and settings\sone\application data\mozilla\firefox\profiles\8hmgzklw.default\extensions\{acec1e3d-3ead-4377-a931-1354bb4380d4}\components\FFExternalAlert.dll FF - plugin: c:\documents and settings\sone\application data\facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\sone\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\sone\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nppl3260.dll FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-18 11608] R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [2009-12-15 9728] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-18 56816] =============== Created Last 30 ================ ==================== Find3M ==================== 2010-07-23 13:23:41 565280 ----a-w- c:\windows\system32\drivers\aec.sys 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys ============= FINISH: 15:27:04,40 =============== mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 23 Jul 2010 15:56 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav i dobro dosao u Ambulantu MyCity foruma. U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK Nije ti prvi put da otvaras temu u Ambulanti pa bih te zamolio da ispostujes Uputstvo za otvaranje teme do kraja. Postavi GMER (ili Root Repeal) log-ove. -> http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html goran9888 (AMF Tim)

Profil

50nE Poslao: 23 Jul 2010 18:30 Idi na vrh
offline 50nE Građanin Pridružio: 01 Nov 2008 Poruke: 87 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nije mi prvi put! Slažem se! Znam detaljna upustva kako ide..POstavljanje logova i td... Postavio sam samo ova dva loga od DDS-a jer pri radu GMER (ili Root Repeal) meni se kompjuter restartuje i kaže da postoji neka fatalna greška (Fatal Error)! Tako da ne mogu da postavim logove od bilo koja ova dva programa sem DDS-a... Postoji li neki drugi način,jer je haos u ovoj mašini... A obaranje systema mi zadnje pada na pamet! Mora da postoji neki način!

Profil

1l padr1n0 Poslao: 23 Jul 2010 20:35 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi SysProt AntiRootkit sa sledeće stranice: SysProt downlaod Na strani koja se otvori treba kliknuti "here" link. Raspakuj arhivu u neki folder (uputstvo), a zatim: dvoklikom pokreni program i pređi na Log karticu; štikliraj svih osam stavki i klikni Create log; nakon određenog vremena će se pojaviti upit u kome treba obeležiti Scan root drive only i kliknuti Start; po završetku skeniranja pojaviće se obaveštenje koje treba zatvoriti klikom na OK; izveštaj (log) će biti sačuvan u istom folderu u kome se nalazi i sam program. Slikoviti prikaz postupka Priloži kreirani izveštaj uz poruku korišćenjem opcije Prikači fajl.

Profil

50nE Poslao: 23 Jul 2010 21:17 Idi na vrh
offline 50nE Građanin Pridružio: 01 Nov 2008 Poruke: 87 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Hvala ti,nadam se da je ovaj log od pomoći! Nadam se da će mi biti od pomoći. mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 24 Jul 2010 07:25 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

50nE Poslao: 24 Jul 2010 12:35 Idi na vrh
offline 50nE Građanin Pridružio: 01 Nov 2008 Poruke: 87 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 10-07-23.02 - Sone 24.07.2010 12:19:36.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.639.431 [GMT 2:00] Running from: c:\documents and settings\Sone\Desktop\ComboFix.exe AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Sone\Application Data\Desktopicon c:\documents and settings\Sone\Application Data\Desktopicon\config.ini c:\documents and settings\Sone\Start Menu\Programs\Startup\srvklw32.exe C:\Thumbs.db . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYWEBSEARCHSERVICE ((((((((((((((((((((((((( Files Created from 2010-06-24 to 2010-07-24 ))))))))))))))))))))))))))))))) . 2010-07-24 10:29 . 2010-07-24 10:29 -------- d-----w- c:\windows\LastGood 2010-07-23 17:45 . 2010-07-24 10:30 767488 ----a-w- c:\windows\system32\drivers\yiuukchi.sys 1601-01-01 00:00 . 1601-01-01 00:00 -------- d-----w- c:\windows\LastGood.Tmp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-24 10:32 . 2009-03-20 09:32 565280 ----a-w- c:\windows\system32\drivers\aec.sys 2010-07-24 10:29 . 2009-12-15 16:39 16 ----a-w- c:\windows\system32\magicpvt.dat 2010-07-23 17:45 . 2010-07-23 17:45 16 ----a-w- c:\documents and settings\Sone\Application Data\hwzypv.dat 2010-07-23 12:46 . 2009-03-20 19:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-22 16:44 . 2010-07-22 16:44 16 ----a-w- c:\documents and settings\LocalService\Application Data\hwzypv.dat 2010-07-12 18:29 . 2009-12-15 16:39 32 ----a-w- c:\windows\system32\driver.dat 2010-06-22 22:01 . 2009-03-20 17:12 -------- d-----w- c:\documents and settings\Sone\Application Data\Winamp 2010-06-19 21:58 . 2009-03-25 16:26 -------- d-----w- c:\documents and settings\Sone\Application Data\uTorrent 2010-06-19 10:17 . 2010-06-19 10:17 -------- d-----w- c:\program files\MB2 2010-06-14 14:31 . 2009-03-20 08:38 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-09 02:14 . 2009-03-20 17:06 -------- d-----w- c:\program files\Valve 2010-06-07 11:45 . 2009-11-20 23:10 -------- d-----w- c:\documents and settings\Sone\Application Data\Skype 2010-06-07 06:00 . 2009-11-20 23:14 -------- d-----w- c:\documents and settings\Sone\Application Data\skypePM 2010-06-07 02:22 . 2009-06-26 12:30 -------- d-----w- c:\documents and settings\Sone\Application Data\AIMP 2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\ImTranslator_Pro 2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\Conduit 2010-05-27 23:04 . 2009-03-20 09:23 18048 ----a-w- c:\documents and settings\Sone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-25 08:24 . 2010-05-25 08:24 503808 ----a-w- c:\documents and settings\Sone\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4e1cb26a-n\msvcp71.dll 2010-05-25 08:24 . 2010-05-25 08:24 499712 ----a-w- c:\documents and settings\Sone\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4e1cb26a-n\jmc.dll 2010-05-25 08:24 . 2010-05-25 08:24 348160 ----a-w- c:\documents and settings\Sone\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4e1cb26a-n\msvcr71.dll 2010-05-06 10:41 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2008-04-14 00:00 1851264 ----a-w- c:\windows\system32\win32k.sys . ------- Sigcheck ------- [-] 2010-07-24 10:32 . !HASH: COULD NOT OPEN FILE !!!!! . 565280 . . [------] . . c:\windows\system32\drivers\aec.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{013a635f-e3aa-4371-b682-ece95ca974b0}] 2010-06-13 17:10 2734688 ----a-w- c:\program files\MB2\tbMB2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] 2010-05-20 13:35 2675296 ----a-w- c:\program files\ImTranslator_Pro\tbImTr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296] "{013A635F-E3AA-4371-B682-ECE95CA974B0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Google Update"="c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-20 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "SoundMan"="SOUNDMAN.EXE" [2005-06-14 77824] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-30 148888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656] "nwiz"="nwiz.exe" [2005-08-02 1519616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-02-27 15872] "snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-03-20 16:57 133104 ----atw- c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicRotation] 2008-02-11 11:07 1097728 ----a-w- c:\program files\MagicRotation\MagicPvt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-06-24 17:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [15.12.2009 18:39 9728] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.12.2009 16:48 108289] S0 yiqeivm;yiqeivm;c:\windows\system32\drivers\qredn.sys --> c:\windows\system32\drivers\qredn.sys [?] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5.1.2010 11:38 38224] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 3:49 242712] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2009 15:10 685816] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688] --- Other Services/Drivers In Memory --- Deregistered - yiuukchi . Contents of the 'Scheduled Tasks' folder 2010-07-24 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-24 17:21] 2010-07-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 17:25] 2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 17:25] 2010-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2147195035-1417001333-1003Core.job - c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 16:57] 2010-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2147195035-1417001333-1003UA.job - c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 16:57] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=GRman000&ptb=4Yewad9Ji5xiKh.xL2ns3A uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=4Yewad9Ji5xiKh.xL2ns3A&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT189560&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=4Yewad9Ji5xiKh.xL2ns3A&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= FF - component: c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\extensions\{acec1e3d-3ead-4377-a931-1354bb4380d4}\components\FFExternalAlert.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Sone\Application Data\Facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\Sone\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe HKCU-Run-DLD.EXE - c:\program files\Download Direct\DLD.exe MSConfigStartUp-ares - c:\program files\Ares\Ares.exe MSConfigStartUp-MultiScreen - c:\program files\MultiScreen\MultiScreen.exe AddRemove-HijackThis - c:\documents and settings\Sone\Desktop\New Folder\HijackThis.exe AddRemove-MAX+plus II 10.2 BASELINE - c:\maxplus2\Uninst.isu AddRemove-The Sims 8 in 1 - c:\program files\Maxis\The Sims 8 in 1\uninstall.exe AddRemove-Media Player - Codec Pack - c:\windows\system32\C2MP\Uninst.exe AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\DivXConverterUninstall.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-07-24 12:30 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec] "ImagePath"="system32\drivers\aec.sys" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yiuukchi] . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-299502267-2147195035-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5EA9CD06-DC37-F090-BC03-D84E9C99D351}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "abbejdceidlbjdghkhonbfeojcachebnok"=hex:65,62,62,65,61,61,6c,70,6c,6d,68,65, 67,62,63,64,61,69,6b,6d,6b,61,65,63,61,64,70,6d,67,6f,66,6b,68,65,6a,6a,6d,\ "bbbejdceidlbjdghkhnngppendipghmikdnp"=hex:61,62,6b,6a,70,63,62,63,6a,61,64,70, 65,61,69,6b,68,68,63,63,63,6f,6d,6e,69,6f,68,6c,65,6e,6d,6a,6d,6a,00,6a [HKEY_USERS\S-1-5-21-299502267-2147195035-1417001333-1003\Software\YourCompanyName\YourProductName\Version] "VersionData"=hex:2b,fa,b8,ad,54,7c,53,28,9e,8f,71,42,2c,ae,45,69,df,2a,49,e8, cf,47,a7,a9,06,88,97,76,2f,eb,5b,48,82,e4,e1,ed,48,09,f0,37,bd,3f,3b,22,02,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(464) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\mmfinfo.dll c:\windows\system32\mkunicode.dll c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.1833_x-ww_2fd6f5db\MFC80.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WgaTray.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\SOUNDMAN.EXE c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\windows\system32\RUNDLL32.EXE c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe c:\nvidia\NetworkAccessManager\bin\nSvcIp.exe c:\nvidia\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-07-24 12:34:04 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-24 10:34 Pre-Run: 11.313.152 bytes free Post-Run: 2.082.242.560 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe - - End Of File - - 03D2FB8496994F112562CA213E39643E

Profil

1l padr1n0 Poslao: 26 Jul 2010 11:04 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\documents and settings\Sone\Application Data\hwzypv.dat c:\documents and settings\LocalService\Application Data\hwzypv.dat c:\windows\system32\drivers\qredn.sys DDS:: uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=GRman000&ptb=4Yewad9Ji5xiKh.xL2ns3A uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=4Yewad9Ji5xiKh.xL2ns3A&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} Firefox:: FF - ProfilePath - c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\ FF - prefs.js: browser.search.selectedEngine - MyWebSearch FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=4Yewad9Ji5xiKh.xL2ns3A&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor= Driver:: yiqeivm RegNull:: [HKEY_USERS\S-1-5-21-299502267-2147195035-1417001333-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5EA9CD06-DC37-F090-BC03-D84E9C99D351}*] FileLook:: c:\windows\system32\drivers\aec.sys c:\windows\system32\drivers\yiuukchi.sys Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

50nE Poslao: 26 Jul 2010 22:26 Idi na vrh
offline 50nE Građanin Pridružio: 01 Nov 2008 Poruke: 87 Gde živiš: Kragujevac	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mislim da je završilo i da je sada Ok ! ))) Evo ovo je log nakon čišćenja! Imam jedno pitanje: Da li je bilo toliko zaražen ovaj moj kompjuter? Hvala ti! ComboFix 10-07-24.06 - Sone 26.07.2010 21:58:52.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.639.299 [GMT 2:00] Running from: c:\documents and settings\Sone\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Sone\Desktop\CFScript.txt AV: AntiVir Desktop On-access scanning disabled (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} FILE :: "c:\documents and settings\LocalService\Application Data\hwzypv.dat" "c:\documents and settings\Sone\Application Data\hwzypv.dat" "c:\windows\system32\drivers\qredn.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\LocalService\Application Data\hwzypv.dat c:\documents and settings\Sone\Application Data\hwzypv.dat . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_yiqeivm ((((((((((((((((((((((((( Files Created from 2010-06-26 to 2010-07-26 ))))))))))))))))))))))))))))))) . 2010-07-26 20:09 . 2010-07-26 20:09 -------- d-----w- c:\windows\LastGood 2010-07-23 17:45 . 2010-07-26 20:09 767488 ----a-w- c:\windows\system32\drivers\yiuukchi.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-26 20:11 . 2009-03-20 09:32 565280 ----a-w- c:\windows\system32\drivers\aec.sys 2010-07-26 20:06 . 2009-12-15 16:39 16 ----a-w- c:\windows\system32\magicpvt.dat 2010-07-24 11:17 . 2009-06-18 23:43 -------- d-----w- c:\program files\Red-Devils S©®ipt 2010-07-23 12:46 . 2009-03-20 19:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-12 18:29 . 2009-12-15 16:39 32 ----a-w- c:\windows\system32\driver.dat 2010-06-22 22:01 . 2009-03-20 17:12 -------- d-----w- c:\documents and settings\Sone\Application Data\Winamp 2010-06-19 21:58 . 2009-03-25 16:26 -------- d-----w- c:\documents and settings\Sone\Application Data\uTorrent 2010-06-19 10:17 . 2010-06-19 10:17 -------- d-----w- c:\program files\MB2 2010-06-14 14:31 . 2009-03-20 08:38 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-09 02:14 . 2009-03-20 17:06 -------- d-----w- c:\program files\Valve 2010-06-07 11:45 . 2009-11-20 23:10 -------- d-----w- c:\documents and settings\Sone\Application Data\Skype 2010-06-07 06:00 . 2009-11-20 23:14 -------- d-----w- c:\documents and settings\Sone\Application Data\skypePM 2010-06-07 02:22 . 2009-06-26 12:30 -------- d-----w- c:\documents and settings\Sone\Application Data\AIMP 2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\ImTranslator_Pro 2010-06-01 16:17 . 2010-06-01 16:17 -------- d-----w- c:\program files\Conduit 2010-05-27 23:04 . 2009-03-20 09:23 18048 ----a-w- c:\documents and settings\Sone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-25 08:24 . 2010-05-25 08:24 503808 ----a-w- c:\documents and settings\Sone\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4e1cb26a-n\msvcp71.dll 2010-05-25 08:24 . 2010-05-25 08:24 499712 ----a-w- c:\documents and settings\Sone\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4e1cb26a-n\jmc.dll 2010-05-25 08:24 . 2010-05-25 08:24 348160 ----a-w- c:\documents and settings\Sone\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-4e1cb26a-n\msvcr71.dll 2010-05-06 10:41 . 2008-04-14 04:42 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2008-04-14 00:00 1851264 ----a-w- c:\windows\system32\win32k.sys . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . --- c:\windows\system32\drivers\aec.sys --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File size: 565280 Created time: 2009-03-20 09:32 Modified time: 2010-07-26 19:58 MD5: !HASH: COULD NOT OPEN FILE !!!!! SHA1: !HASH: COULD NOT OPEN FILE !!!!! --- c:\windows\system32\drivers\yiuukchi.sys --- Company: ------ File Description: ------ File Version: ------ Product Name: ------ Copyright: ------ Original Filename: ------ File size: 767488 Created time: 2010-07-23 17:45 Modified time: 2010-07-26 19:58 MD5: !HASH: COULD NOT OPEN FILE !!!!! SHA1: !HASH: COULD NOT OPEN FILE !!!!! ------- Sigcheck ------- [-] 2010-07-26 20:12 . !HASH: COULD NOT OPEN FILE !!!!! . 565280 . . [------] . . c:\windows\system32\drivers\aec.sys . ((((((((((((((((((((((((((((( SnapShot@2010-07-24_10.30.22 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-26 20:06 . 2010-07-26 20:06 16384 c:\windows\Temp\Perflib_Perfdata_7e4.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{013a635f-e3aa-4371-b682-ece95ca974b0}] 2010-06-13 17:10 2734688 ----a-w- c:\program files\MB2\tbMB2.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] 2010-05-20 13:35 2675296 ----a-w- c:\program files\ImTranslator_Pro\tbImTr.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296] "{013a635f-e3aa-4371-b682-ece95ca974b0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FAE3E6B1-1936-40D6-9ACC-59EBCF661CCB}"= "c:\program files\ImTranslator_Pro\tbImTr.dll" [2010-05-20 2675296] "{013A635F-E3AA-4371-B682-ECE95CA974B0}"= "c:\program files\MB2\tbMB2.dll" [2010-06-13 2734688] [HKEY_CLASSES_ROOT\clsid\{fae3e6b1-1936-40d6-9acc-59ebcf661ccb}] [HKEY_CLASSES_ROOT\clsid\{013a635f-e3aa-4371-b682-ece95ca974b0}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Google Update"="c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-20 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072] "SoundMan"="SOUNDMAN.EXE" [2005-06-14 77824] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-30 148888] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656] "nwiz"="nwiz.exe" [2005-08-02 1519616] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-02-27 15872] "snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-03-20 16:57 133104 ----atw- c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MagicRotation] 2008-02-11 11:07 1097728 ----a-w- c:\program files\MagicRotation\MagicPvt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2009-10-09 12:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-06-24 17:21 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [15.12.2009 18:39 9728] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [18.12.2009 16:48 108289] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5.1.2010 11:38 38224] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11.7.2008 2:28 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [10.7.2008 3:49 242712] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [20.4.2009 15:10 685816] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [11.7.2008 2:28 369688] --- Other Services/Drivers In Memory --- Deregistered - yiuukchi . Contents of the 'Scheduled Tasks' folder 2010-07-26 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-24 17:21] 2010-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 17:25] 2010-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-24 17:25] 2010-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2147195035-1417001333-1003Core.job - c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 16:57] 2010-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-2147195035-1417001333-1003UA.job - c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-20 16:57] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=GRman000&fl=0&ptb=4Yewad9Ji5xiKh.xL2ns3A&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=sb&searchfor={searchTerms} uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT189560&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: c:\documents and settings\Sone\Application Data\Mozilla\Firefox\Profiles\8hmgzklw.default\extensions\{acec1e3d-3ead-4377-a931-1354bb4380d4}\components\FFExternalAlert.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\documents and settings\Sone\Application Data\Facebook\npfbplugin_1_0_1.dll FF - plugin: c:\documents and settings\Sone\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHANS REMOVED - - - - AddRemove-mIRC - c:\program files\Red-Devils S©®ipt\Mirc.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2010-07-26 22:09 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec] "ImagePath"="system32\drivers\aec.sys" -- [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\yiuukchi] . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-299502267-2147195035-1417001333-1003\Software\YourCompanyName\YourProductName\Version] "VersionData"=hex:2b,fa,b8,ad,54,7c,53,28,9e,8f,71,42,2c,ae,45,69,df,2a,49,e8, cf,47,a7,a9,06,88,97,76,2f,eb,5b,48,82,e4,e1,ed,48,09,f0,37,bd,3f,3b,22,02,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2436) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe c:\nvidia\NetworkAccessManager\bin\nSvcIp.exe c:\nvidia\NetworkAccessManager\bin\nSvcLog.exe c:\windows\system32\nvsvc32.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe c:\windows\system32\wscntfy.exe c:\windows\system32\WgaTray.exe c:\windows\SOUNDMAN.EXE c:\windows\system32\RUNDLL32.EXE c:\documents and settings\Sone\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe . ************************************************************************* . Completion time: 2010-07-26 22:13:35 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-26 20:13 ComboFix2.txt 2010-07-24 10:34 Pre-Run: 1.997.447.168 bytes free Post-Run: 1.989.607.424 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Nesa-Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 2FE511C7F8D25B7D87B254F6DC342369

Profil

1l padr1n0 Poslao: 26 Jul 2010 23:56 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jos uvek nismo zavrsili. Recicu ti kada budemo. Upload-uj/posalji mi sledece file-ove preko ovog link-a: -> http://www.mycity.rs/ambulanta-upload.php c:\windows\system32\drivers\aec.sys c:\windows\system32\drivers\yiuukchi.sys Predlog: Primarna particija (C:\) je (bila) prepuna. Ne bi bilo lose osloboditi mesta sa nje brisanjem nepotrebnih programa/igara/file-ova. Takodje i neki junk cleaner mozes da pustis da pomogne u oslobadjanju slobodnog prostora sa te particije. Nakon toga ukljuci defragmentaciju.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Veliki problemi sa kompjuterom!

Ko je trenutno na forumu

Ukupno su 1040 korisnika na forumu :: 44 registrovanih, 5 sakrivenih i 991 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., amaterSRB, aramis s, babaroga, bigfoot, bojan_t, Brana01, comi_pfc, darkangel, Dukelander, Fog of War, Georgius, gomago, goranperović66, Insan, Koridor, kunktator, laki_bb, loon123, lord sir giga, mercedesamg, Miki01, mile23, milenko crazy north, Nemanja.M, Panter, procesor, raptorsi, royst33, ruso, S2M, Shinobi, ss10, Stanlio, trajkoni018, vathra, Vlad000, vladas87, voja64, Yellow Pinky, YugoSlav, zdrebac, zuxbg

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by