MyCity » Ambulanta -> Arhiva Ambulante » Potpuno zapostavljen racunar

Potpuno zapostavljen racunar

Napisano na dan: 3.7.2010

Strana:
1
2

Potpuno zapostavljen racunar

Sledeća strana

Pagination

Odgovori

Strana:
1
2

KlinkaPalacinka Poslao: 03 Jul 2010 08:38 Idi na vrh
offline KlinkaPalacinka Prijatelj foruma Biljana Pridružio: 29 Nov 2009 Poruke: 2494	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Ljudi moji... Ja ne znam odakle da krenem! Dakle, radi se o kompu sestre od tetke.. Ubise me kao prutom pa reko' malo da sredim... Toliko je zapostavljeno odrzavanje da ne smem da zamislim koliko je zarazen i moram da potrazim vasu pomoc! Znaci... Racunar ima naviku da uspori, pun je nekih programa koji nemam pojma za sta ce joj... Izbacivao je da je puna C particija, to sam na neki nacin resila... 4gb sa desktopa sam prebacila u E particiju, deinstalirala neke programe, skinula CCleaner i pokrenula ga... On je uradio sledece... Umalo nisam pala u nesvest... Samim tim je veliki deo C particije oslobodjen! Pa... Posto sma primetila da je SP2, pokrenula sam update.. Medjutim nisam mogla da instaliram SP3... Dva puta sam probala i ista prica! Sada cu da krenem sa vasim uputstvima za otvaranje tema u ambulanti.. Pa polako I da... Sad ovo kod sestre radim, njoj je 1mb brzina, medjutim.. Dogovor je da predvece preuzmem komp i sredim... Meni je 256kb Tako da... Ako veceras nista ne odg na ovu temu, znajte da ga nisam preuzela ili da me nesto opako omelo da dodjem na forum... Unapred se izvinjavam i zahvaljujem na vasem vremenu posvecenom ovoj temi! DDS (Ver_10-03-17.01) - NTFSx86 Run by Admin at 8:17:39,73 on sub 03.07.2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.292 [GMT 2:00] AV: ESET NOD32 antivirus system 2.70 On-access scanning enabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\878RMTMon.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\PixArt\PAC207\Monitor.exe C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\878RMT.exe svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Admin\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uSearch Bar = hxxp://search.bearshare.com/sidebar.html?src=ssb uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/cse?cx=partner-pub-6222736672146837:njo3fe-77ac&ie=UTF-8&sa=Search&q={searchTerms} mWinlogon: Userinit=c:\windows\system32\userinit.exe mWinlogon: Taskman=c:\recycler\s-1-5-21-9116432707-7979738418-672356610-0213\sysdate.exe uWinlogon: Shell=c:\recycler\s-1-5-21-9116432707-7979738418-672356610-0213\sysdate.exe,explorer.exe,c:\recycler\s-1-5-21-2285218575-8662932316-175477825-2059\sysdate.exe BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\imesh\iMeshIEHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {B7D3E479-CC68-42B5-A338-938ECE35F419} - No File TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [MSConfig] c:\documents and settings\admin\aeodh.exe \u uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [Else dog] c:\docume~1\admin\applic~1\plan mp3 beep\Gpl Poll Chic.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE mRun: [TV Card Remote Control Device Monitor] c:\windows\878RMTMon.exe mRun: [PAC207_Monitor] c:\windows\pixart\pac207\Monitor.exe mRun: [Monitor] c:\windows\pixart\pac207\Monitor.exe mRun: [Long Internet Team Stupid] c:\documents and settings\all users\application data\comp two long internet\Rule delete.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1) mPolicies-explorer: ForceClassicControlPanel = 1 (0x1) mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0) mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0) IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZJxdm247YYRS IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL LSP: c:\windows\system32\imon.dll DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277392471531 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admin\applic~1\mozilla\firefox\profiles\46w6hjqz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Messenger Plus Live Customized Web Search FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=2&q= FF - plugin: c:\documents and settings\admin\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 vydpqmtz;vydpqmtz;c:\windows\system32\drivers\vydpqmtz.sys [2009-11-3 40128] R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-1-8 15424] R2 878TVCard;Bt878 TV Card - Video Capture;c:\windows\system32\drivers\Bt878.sys [2009-1-8 214692] R2 878TVTuner;Bt878 TV Card - TV Tuner;c:\windows\system32\drivers\BtTuner.sys [2009-1-8 12160] R2 878Xbar;Bt878 TV Card - Crossbar;c:\windows\system32\drivers\BtXbar.sys [2009-1-8 8704] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-21 54752] R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2009-1-8 552064] R2 TTFixerService;NST ToolTipFixer;c:\program files\neosmart technologies\tooltipfixer\ToolTipFixer.exe [2009-1-8 10240] R3 PAC207;Eye 110;c:\windows\system32\drivers\PFC027.SYS [2009-6-24 616064] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-18 135664] S3 fsssvc;Usluga Windows Live Porodicna bezbednost;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864] S3 pumkmnru;pumkmnru;\??\c:\windows\system32\drivers\pumkmnru.sys --> c:\windows\system32\drivers\pumkmnru.sys [?] =============== Created Last 30 ================ 2010-07-03 05:47:07 7208 -c--a-w- c:\windows\system32\dllcache\secupd.sig 2010-07-03 05:47:07 7208 ------w- c:\windows\system32\secupd.sig 2010-07-03 05:47:07 4569 -c--a-w- c:\windows\system32\dllcache\secupd.dat 2010-07-03 05:47:07 4569 ------w- c:\windows\system32\secupd.dat 2010-07-03 05:13:03 0 d-----w- c:\windows\system32\CatRoot_bak 2010-07-03 04:57:22 0 d-----w- c:\windows\pss 2010-07-03 04:48:51 0 d-----w- c:\program files\CCleaner 2010-07-03 04:48:23 0 d-----w- c:\program files\Defraggler 2010-07-03 04:07:16 0 d-----w- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2010-07-02 21:08:48 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2010-07-02 20:59:27 0 d-----w- c:\windows\ie8updates 2010-07-02 20:58:47 0 d-----w- c:\program files\MSXML 4.0 2010-07-02 20:58:13 0 d--h--w- c:\windows\$hf_mig$ 2010-06-24 22:02:02 0 d-----w- c:\docume~1\admin\applic~1\Facebook 2010-06-24 15:41:40 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-06-24 15:41:40 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-06-24 15:41:39 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-06-24 15:41:37 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-24 15:41:37 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-06-24 15:41:36 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-06-24 15:41:26 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-06-24 15:40:05 457216 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-06-24 15:26:45 360960 -c----w- c:\windows\system32\dllcache\tcpip.sys 2010-06-24 15:15:02 15064 ----a-w- c:\windows\system32\wuapi.dll.mui 2010-06-24 15:15:02 0 d-----w- c:\windows\system32\SoftwareDistribution 2010-06-23 23:12:16 0 d-----r- c:\program files\Skype ==================== Find3M ==================== 2010-06-25 10:43:25 304160 ----a-w- C:\PA207.DAT 2010-05-08 12:39:33 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 07:09:03 1859968 ----a-w- c:\windows\system32\win32k.sys 2010-04-12 15:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll 2009-12-20 17:28:56 456112 ----a-w- c:\program files\Uninstall Fun Web Products.dll 2009-01-08 08:10:57 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat 2009-01-08 08:11:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat 2009-01-08 08:11:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010820090109\index.dat 2009-01-08 08:10:57 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat ============= FINISH: 8:17:55,92 =============== https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png

Profil

argus Poslao: 03 Jul 2010 09:20 Idi na vrh
rip argus Anti Malware Fighter Rank 2 Pridružio: 27 Apr 2008 Poruke: 9160 Gde živiš: Prokuplje	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. ----------------------------------------------- Prihvati instalaciju Recovery Console

Profil

KlinkaPalacinka Poslao: 05 Jul 2010 00:32 Idi na vrh
offline KlinkaPalacinka Prijatelj foruma Biljana Pridružio: 29 Nov 2009 Poruke: 2494	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 04 Jul 2010 17:10 ComboFix 10-07-03.06 - Admin 04.07.2010 16:56:18.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.621 [GMT 2:00] Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe AV: ESET NOD32 antivirus system 2.70 On-access scanning disabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Admin\aeodh.exe c:\documents and settings\Admin\Application Data\FunWebProducts c:\documents and settings\Admin\dbbujlg.exe c:\documents and settings\Admin\npkn.exe c:\documents and settings\Admin\secupdat.dat c:\program files\FunWebProducts c:\program files\FunWebProducts\ScreenSaver\Images\011A015C.urr c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\History\search3 c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\program files\MyWebSearch\bar\Settings\setting2.htm c:\program files\MyWebSearch\bar\Settings\settings.dat c:\program files\Uninstall Fun Web Products.dll c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf c:\windows\system\WINSPOOL.DRV c:\windows\system32\Drivers\vydpqmtz.sys c:\windows\system32\msgsvc.dll . . . is infected!! c:\windows\system32\calc.exe . . . is infected!! c:\windows\system32\winlogon.exe . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_vydpqmtz -------\Service_vydpqmtz ((((((((((((((((((((((((( Files Created from 2010-06-04 to 2010-07-04 ))))))))))))))))))))))))))))))) . 2010-07-03 05:47 . 2006-12-31 05:57 4569 -c--a-w- c:\windows\system32\dllcache\secupd.dat 2010-07-03 05:47 . 2006-12-31 05:57 4569 ------w- c:\windows\system32\secupd.dat 2010-07-03 05:13 . 2010-07-03 05:59 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-07-03 04:48 . 2010-07-03 04:48 -------- d-----w- c:\program files\CCleaner 2010-07-03 04:48 . 2010-07-03 04:48 -------- d-----w- c:\program files\Defraggler 2010-07-03 04:14 . 2010-07-03 04:14 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\PCHealth 2010-07-03 04:07 . 2010-07-03 04:07 -------- d-----w- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2010-07-02 21:08 . 2010-07-02 21:08 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2010-07-02 20:59 . 2010-07-02 21:06 -------- d-----w- c:\windows\ie8updates 2010-07-02 20:58 . 2010-07-02 20:58 -------- d-----w- c:\program files\MSXML 4.0 2010-07-02 20:58 . 2010-07-02 23:41 -------- d--h--w- c:\windows\$hf_mig$ 2010-06-24 22:02 . 2010-06-24 22:02 50354 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\uninstall.exe 2010-06-24 22:02 . 2010-06-24 22:02 -------- d-----w- c:\documents and settings\Admin\Application Data\Facebook 2010-06-24 15:41 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-06-24 15:41 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-06-24 15:41 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-06-24 15:41 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-06-24 15:41 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-24 15:41 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-06-24 15:41 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-06-24 15:40 . 2010-02-24 12:48 457216 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-06-24 15:26 . 2008-06-20 10:44 360960 -c----w- c:\windows\system32\dllcache\tcpip.sys 2010-06-23 23:12 . 2010-06-23 23:12 -------- d-----w- c:\program files\Common Files\Skype 2010-06-23 23:12 . 2010-06-23 23:12 -------- d-----r- c:\program files\Skype 2010-06-15 10:59 . 2010-06-15 10:59 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-363f1eeb-n\msvcp71.dll 2010-06-15 10:59 . 2010-06-15 10:59 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-363f1eeb-n\jmc.dll 2010-06-15 10:59 . 2010-06-15 10:59 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-363f1eeb-n\msvcr71.dll 2010-06-15 10:59 . 2010-06-15 10:59 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1309a6ef-n\decora-sse.dll 2010-06-15 10:59 . 2010-06-15 10:59 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1309a6ef-n\decora-d3d.dll 2010-06-09 10:45 . 2010-06-09 10:45 5591040 ----a-w- c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll 2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\6433\AdobeARM.exe 2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\6433\AdobeExtractFiles.dll 2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\6433\ReaderUpdater.exe 2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\6433\AcrobatUpdater.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-04 15:01 . 2009-12-29 19:02 716800 ----a-w- c:\documents and settings\All Users\Application Data\comp two long internet\Rule delete.exe 2010-07-04 11:40 . 2010-03-01 14:15 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype 2010-07-03 14:05 . 2009-07-06 23:02 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM 2010-07-03 04:10 . 2009-04-29 21:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-02 23:38 . 2009-01-08 08:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-02 23:19 . 2009-09-12 14:36 -------- d-----w- c:\program files\YouTube Downloader 2010-07-02 23:18 . 2010-05-08 12:17 -------- d-----w- c:\program files\Real 2010-07-02 23:18 . 2010-05-08 12:16 -------- d-----w- c:\program files\Common Files\Real 2010-06-25 10:43 . 2010-05-06 20:14 304160 ----a-w- C:\PA207.DAT 2010-06-23 23:12 . 2009-07-06 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-06-18 18:07 . 2009-07-03 16:24 -------- d-----w- c:\program files\Messenger Plus! Live 2010-06-08 09:55 . 2010-05-18 10:03 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-27 15:12 . 2010-05-27 15:12 -------- d-----w- c:\documents and settings\Admin\Application Data\PhotoScape 2010-05-27 15:11 . 2009-05-16 12:57 -------- d-----w- c:\program files\PhotoScape 2010-05-15 08:40 . 2010-05-15 08:40 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61fb7479-n\msvcp71.dll 2010-05-15 08:40 . 2010-05-15 08:40 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61fb7479-n\jmc.dll 2010-05-15 08:40 . 2010-05-15 08:40 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61fb7479-n\msvcr71.dll 2010-05-15 08:39 . 2010-05-15 08:39 -------- d-----w- c:\program files\Common Files\Java 2010-05-15 08:39 . 2010-05-15 08:39 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1d5ebae2-n\decora-sse.dll 2010-05-15 08:39 . 2010-05-15 08:39 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1d5ebae2-n\decora-d3d.dll 2010-05-15 08:39 . 2009-01-08 08:05 -------- d-----w- c:\program files\Java 2010-05-08 12:40 . 2010-05-08 12:40 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-05-08 12:40 . 2010-05-08 12:40 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-05-08 12:40 . 2010-05-08 12:40 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-05-08 12:39 . 2009-01-08 07:53 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-05-06 10:41 . 2002-12-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 07:09 . 2002-12-31 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys 2010-04-12 15:29 . 2010-05-15 08:39 411368 ----a-w- c:\windows\system32\deployJava1.dll . ------- Sigcheck ------- [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe [-] 2002-12-31 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] 2009-05-04 10:54 398768 ----a-w- c:\program files\iMesh Applications\iMesh\iMeshIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] "Else dog"="c:\docume~1\Admin\APPLIC~1\Plan Mp3 Beep\Gpl Poll Chic.exe" [2009-12-29 487424] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "nwiz"="nwiz.exe" [2007-12-05 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-01-08 949376] "TV Card Remote Control Device Monitor"="c:\windows\878RMTMon.exe" [2005-07-14 352256] "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Long Internet Team Stupid"="c:\documents and settings\All Users\Application Data\comp two long internet\Rule delete.exe" [2010-07-04 716800] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Scheduler for OEM.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Scheduler for OEM.lnk backup=c:\windows\pss\Scheduler for OEM.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2002-12-31 12:00 110592 ----a-w- c:\windows\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor] 2009-01-21 16:34 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] 2009-01-21 16:34 532808 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Else dog] 2009-12-29 19:00 487424 ----a-w- c:\docume~1\Admin\APPLIC~1\Plan Mp3 Beep\Gpl Poll Chic.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2006-04-13 10:09 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] 2006-10-11 11:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD] 2006-04-29 19:54 929792 ------w- c:\program files\CyberLink\PowerDVD\PowerDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] 2008-07-08 15:41 2828184 ----a-w- c:\program files\Registry Mechanic\RegMech.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2005-12-07 21:57 30208 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-09-28 12:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDesktop.Exe] 2008-12-28 21:04 737280 ----a-w- c:\program files\StudioZ\VideoDesktop\VideoDesktop.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"= "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4497:UDP"= 4497:UDP:Windows Media Format SDK (firefox.exe) "4496:UDP"= 4496:UDP:Windows Media Format SDK (firefox.exe) "4499:UDP"= 4499:UDP:Windows Media Format SDK (firefox.exe) R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [8.1.2009 10:18 15424] R2 878TVCard;Bt878 TV Card - Video Capture;c:\windows\system32\drivers\Bt878.sys [8.1.2009 17:18 214692] R2 878TVTuner;Bt878 TV Card - TV Tuner;c:\windows\system32\drivers\BtTuner.sys [8.1.2009 17:19 12160] R2 878Xbar;Bt878 TV Card - Crossbar;c:\windows\system32\drivers\BtXbar.sys [8.1.2009 17:18 8704] R2 TTFixerService;NST ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [8.1.2009 9:52 10240] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18.1.2010 22:34 135664] S3 PAC207;Eye 110;c:\windows\system32\drivers\PFC027.SYS [24.6.2009 17:56 616064] S3 pumkmnru;pumkmnru;\??\c:\windows\System32\Drivers\pumkmnru.sys --> c:\windows\System32\Drivers\pumkmnru.sys [?] --- Other Services/Drivers In Memory --- NewlyCreated - ASPI32 . Contents of the 'Scheduled Tasks' folder 2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 20:33] 2010-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 20:33] 2010-07-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-838170752-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] 2010-07-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-838170752-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\46w6hjqz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Messenger Plus Live Customized Web Search FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=2&q= FF - plugin: c:\documents and settings\Admin\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) SafeBoot-vydpqmtz.sys ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-04 17:03 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run TV Card Remote Control Device Monitor = c:\windows\878RMTMon.exe????????????????T?a?PF??m?a?????????????????????????????????????????x????????A??????????????????x???????XF??????????T?a?x???m?a????????????????\|(F??????????????????????????????????????????????????????x???????T?a?h?o?m?a???????????A???? scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(752) c:\windows\system32\imon.dll - - - - - - - > 'explorer.exe'(2620) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Eset\nod32krn.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\program files\Internet Explorer\IEXPLORE.EXE c:\program files\Internet Explorer\IEXPLORE.EXE c:\windows\878RMT.exe c:\windows\system32\wbem\wmiapsrv.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2010-07-04 17:04:29 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-04 15:04 Pre-Run: 18.566.594.560 bytes free Post-Run: 18.471.198.720 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - FDC4D935458B93AFAAC444D82A39082F A evo i sa C particije... https://www.mycity.rs/must-login.png Dopuna: 05 Jul 2010 0:32 Da mi ovo ne bi mnogo razvlacili, dok mi vi odgovorite za prethodno da ja postavim jos pitanja... Prvo da kazem da malopre prilikom gasenja izbacio mi je da instalira nekih 27 abdejta! SP se jos uvek nije promenio! To izbacuje prilikom paljenja! Mislila sam da deinstaliram BearShare, Ovo prvo za slike i da ubacim XnView, Canon, BS ubacim GOM, Expres Burn i Nero a da instaliram Ashampoo, FB Plugin, Girl Script, iMesh... Sta je ovo DVD Decrypter i Shrink ? ScanSoft OmniPage? ToolTip Fixer? Video Dekstop DreamScape? Mislim da cu vecinu ovih sto sam vas pitala u drugom redu deinstalirati... Samo mi ipak odg da znam... Vec sam skinula Nod4 i to sto mislim da bi mi trebalo i sta ja imam.. Ali cu to ostaviti kad mi ovo procistimo! Sve to sto stoji u Cleaneru, sve se to dizalo sa sistemom... Posle ciscenja istorije (sto sam vam vec izbacila u prvoj poruci) vidite koje sam ugasila... Ugasila sma bila i msn, ali ostao je.. Ne znam sto.. nema veze, ugasicu opet... Ali mi vi recite sta jos?! Mislim da je to to za sada sto bi vas pitala... Hvala unapred! Pozz

Profil

1l padr1n0 Poslao: 05 Jul 2010 18:36 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav. Ja cu preuzeti slucaj jer je kolega zauzet. Da napomenem da je ovo Ambulanta, deo foruma gde se resavaju problemi sa malware-om i da nas jednostavno ne zanimaju programi koji su instalirani na racunaru (ako su legitimni) tako da ti ja ovde necu objasnjavati koja je funkcija svakog programa koji je instaliran na racunaru. Odgovore na tvoja pitanja vezana za Add/Remove i opis programa mozes potraziti u Windows forumu. Sto se tice naseg problema sa malware-om: Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\System32\Drivers\pumkmnru.sys Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Else dog] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Else dog"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Long Internet Team Stupid"=- Drivers:: pumkmnru FileLook:: c:\windows\system32\msgsvc.dll c:\windows\system32\calc.exe Folder:: c:\docume~1\admin\applic~1\plan mp3 beep c:\documents and settings\All Users\Application Data\comp two long internet C:\Program Files\plan mp3 beep Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

KlinkaPalacinka Poslao: 05 Jul 2010 19:12 Idi na vrh
offline KlinkaPalacinka Prijatelj foruma Biljana Pridružio: 29 Nov 2009 Poruke: 2494	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 05 Jul 2010 18:57 Pazite ovako... Posto sam obrisala CF, skinula sam opet, instalirala, skinula novu verziju.. Ubacila ovaj Notepad, on je odbrojavao, restartovao komp i nikakav izvestaj nije izbacio! Sad cu da kopiram opet ovo u NP i sve ispocetka, pa cemo da vidimo... Dopuna: 05 Jul 2010 19:12 https://www.mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 05 Jul 2010 20:02 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Necemo ovako da radimo. Da bi slucaj bio uspesno resen u sto kracem roku, moraces uputstva koja ti dajem detaljno da pratis i postujes, jer u suprotnom komplikujes/otezavas stvari. Da li je moj kolega napisao negde da trebas obrisati/uninstall-irati ComboFix?! Da li si deaktivirala Nod32 prilikom pokretanja ComboFix-a?! Otvoriti Notepad i iskopirati sledeci tekst: `Driver:: pumkmnru File:: c:\windows\System32\Drivers\pumkmnru.sys` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Upload-uj mi sledeci file: c:\qoobox\quarantine\c\windows\system\WINSPOOL.DRV.vir preko sledeg link-a: -> http://www.mycity.rs/ambulanta-upload.php Predlog: Uninstall-iraj Facebook Plug-in.

Profil

KlinkaPalacinka Poslao: 05 Jul 2010 20:19 Idi na vrh
offline KlinkaPalacinka Prijatelj foruma Biljana Pridružio: 29 Nov 2009 Poruke: 2494	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Napisano: 05 Jul 2010 20:06 Uploadovala sam i deinstalirala FB-PI Sad cu da odradim ovo sa CF Dopuna: 05 Jul 2010 20:19 https://www.mycity.rs/must-login.png ComboFix 10-07-04.04 - Admin 05.07.2010 20:09:38.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.604 [GMT 2:00] Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt AV: ESET NOD32 antivirus system 2.70 On-access scanning enabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Resident AV is active FILE :: "c:\windows\System32\Drivers\pumkmnru.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected Restored copy from - c:\windows\ERDNT\cache\msgsvc.dll c:\windows\system32\calc.exe . . . is infected!! c:\windows\system32\winlogon.exe . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_pumkmnru ((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 ))))))))))))))))))))))))))))))) . 2010-07-04 22:04 . 2010-07-04 22:04 -------- d-----w- c:\windows\ServicePackFiles 2010-07-03 11:35 . 2009-10-20 14:41 265728 -c----w- c:\windows\system32\dllcache\http.sys 2010-07-03 05:47 . 2006-12-31 05:57 4569 -c--a-w- c:\windows\system32\dllcache\secupd.dat 2010-07-03 05:47 . 2006-12-31 05:57 4569 ------w- c:\windows\system32\secupd.dat 2010-07-03 05:13 . 2010-07-04 23:46 -------- d-----w- c:\windows\system32\CatRoot_bak 2010-07-03 04:48 . 2010-07-03 04:48 -------- d-----w- c:\program files\CCleaner 2010-07-03 04:48 . 2010-07-03 04:48 -------- d-----w- c:\program files\Defraggler 2010-07-03 04:14 . 2010-07-03 04:14 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\PCHealth 2010-07-03 04:07 . 2010-07-03 04:07 -------- d-----w- c:\windows\DED53B0BB67C4244AE6AD6FD3C28D1EF.TMP 2010-07-02 21:08 . 2010-07-02 21:08 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2010-07-02 20:59 . 2010-07-02 21:06 -------- d-----w- c:\windows\ie8updates 2010-07-02 20:58 . 2010-07-02 20:58 -------- d-----w- c:\program files\MSXML 4.0 2010-07-02 20:58 . 2010-07-04 22:08 -------- d--h--w- c:\windows\$hf_mig$ 2010-06-24 15:41 . 2010-05-06 10:41 599040 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-06-24 15:41 . 2010-05-06 10:41 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-06-24 15:41 . 2010-05-06 10:41 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2010-06-24 15:41 . 2010-05-06 10:41 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2010-06-24 15:41 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-24 15:41 . 2010-05-06 10:41 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-06-24 15:41 . 2010-05-06 10:41 11076096 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-06-24 15:40 . 2010-02-24 12:48 457216 -c----w- c:\windows\system32\dllcache\mrxsmb.sys 2010-06-24 15:33 . 2009-06-09 14:53 53248 -c----w- c:\windows\system32\dllcache\tsgqec.dll 2010-06-24 15:33 . 2009-06-09 14:53 290816 -c----w- c:\windows\system32\dllcache\rhttpaa.dll 2010-06-24 15:33 . 2009-06-09 14:53 136192 -c----w- c:\windows\system32\dllcache\aaclient.dll 2010-06-24 15:30 . 2010-02-16 17:37 2186880 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe 2010-06-24 15:30 . 2010-02-16 17:35 2143744 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe 2010-06-24 15:30 . 2010-02-17 09:57 2063744 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe 2010-06-24 15:30 . 2010-02-16 16:57 2021888 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe 2010-06-24 15:26 . 2008-06-20 10:44 360960 -c----w- c:\windows\system32\dllcache\tcpip.sys 2010-06-23 23:12 . 2010-06-23 23:12 -------- d-----w- c:\program files\Common Files\Skype 2010-06-23 23:12 . 2010-06-23 23:12 -------- d-----r- c:\program files\Skype 2010-06-15 10:59 . 2010-06-15 10:59 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-363f1eeb-n\msvcp71.dll 2010-06-15 10:59 . 2010-06-15 10:59 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-363f1eeb-n\jmc.dll 2010-06-15 10:59 . 2010-06-15 10:59 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-363f1eeb-n\msvcr71.dll 2010-06-15 10:59 . 2010-06-15 10:59 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1309a6ef-n\decora-sse.dll 2010-06-15 10:59 . 2010-06-15 10:59 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1309a6ef-n\decora-d3d.dll 2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\6433\AdobeARM.exe 2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\6433\AdobeExtractFiles.dll 2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\6433\ReaderUpdater.exe 2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\8.2\ARM\6433\AcrobatUpdater.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-05 17:40 . 2010-03-01 14:15 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype 2010-07-05 17:40 . 2009-07-06 23:02 -------- d-----w- c:\documents and settings\Admin\Application Data\skypePM 2010-07-04 22:10 . 2009-01-08 07:58 -------- d-----w- c:\program files\Microsoft Silverlight 2010-07-04 22:07 . 2009-01-08 08:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-07-03 04:10 . 2009-04-29 21:07 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-02 23:19 . 2009-09-12 14:36 -------- d-----w- c:\program files\YouTube Downloader 2010-07-02 23:18 . 2010-05-08 12:17 -------- d-----w- c:\program files\Real 2010-07-02 23:18 . 2010-05-08 12:16 -------- d-----w- c:\program files\Common Files\Real 2010-06-25 10:43 . 2010-05-06 20:14 304160 ----a-w- C:\PA207.DAT 2010-06-23 23:12 . 2009-07-06 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2010-06-18 18:07 . 2009-07-03 16:24 -------- d-----w- c:\program files\Messenger Plus! Live 2010-06-08 09:55 . 2010-05-18 10:03 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-27 15:12 . 2010-05-27 15:12 -------- d-----w- c:\documents and settings\Admin\Application Data\PhotoScape 2010-05-27 15:11 . 2009-05-16 12:57 -------- d-----w- c:\program files\PhotoScape 2010-05-15 08:40 . 2010-05-15 08:40 503808 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61fb7479-n\msvcp71.dll 2010-05-15 08:40 . 2010-05-15 08:40 499712 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61fb7479-n\jmc.dll 2010-05-15 08:40 . 2010-05-15 08:40 348160 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-61fb7479-n\msvcr71.dll 2010-05-15 08:39 . 2010-05-15 08:39 -------- d-----w- c:\program files\Common Files\Java 2010-05-15 08:39 . 2010-05-15 08:39 61440 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1d5ebae2-n\decora-sse.dll 2010-05-15 08:39 . 2010-05-15 08:39 12800 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1d5ebae2-n\decora-d3d.dll 2010-05-15 08:39 . 2009-01-08 08:05 -------- d-----w- c:\program files\Java 2010-05-08 12:40 . 2010-05-08 12:40 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll 2010-05-08 12:40 . 2010-05-08 12:40 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll 2010-05-08 12:40 . 2010-05-08 12:40 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll 2010-05-08 12:39 . 2009-01-08 07:53 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-05-06 10:41 . 2002-12-31 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 07:09 . 2002-12-31 12:00 1859968 ----a-w- c:\windows\system32\win32k.sys 2010-04-20 05:51 . 2002-12-31 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-12 15:29 . 2010-05-15 08:39 411368 ----a-w- c:\windows\system32\deployJava1.dll . ------- Sigcheck ------- [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe [-] 2002-12-31 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe . ((((((((((((((((((((((((((((( SnapShot_2010-07-05_17.06.15 ))))))))))))))))))))))))))))))))))))))))) . + 2010-07-05 18:15 . 2010-07-05 18:15 16384 c:\windows\Temp\Perflib_Perfdata_4a8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}] 2009-05-04 10:54 398768 ----a-w- c:\program files\iMesh Applications\iMesh\iMeshIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776] "nwiz"="nwiz.exe" [2007-12-05 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-05 81920] "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 16859648] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-01-08 949376] "TV Card Remote Control Device Monitor"="c:\windows\878RMTMon.exe" [2005-07-14 352256] "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Scheduler for OEM.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Scheduler for OEM.lnk backup=c:\windows\pss\Scheduler for OEM.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent] 2002-12-31 12:00 110592 ----a-w- c:\windows\system32\bthprops.cpl [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor] 2009-01-21 16:34 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader] 2009-01-21 16:34 532808 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2006-04-13 10:09 49152 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2009-07-26 14:44 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] 2006-10-11 11:45 75304 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerDVD] 2006-04-29 19:54 929792 ------w- c:\program files\CyberLink\PowerDVD\PowerDVD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] 2008-07-08 15:41 2828184 ----a-w- c:\program files\Registry Mechanic\RegMech.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2005-12-07 21:57 30208 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-09-28 12:16 185896 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 09:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VideoDesktop.Exe] 2008-12-28 21:04 737280 ----a-w- c:\program files\StudioZ\VideoDesktop\VideoDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"= "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "4497:UDP"= 4497:UDP:Windows Media Format SDK (firefox.exe) "4496:UDP"= 4496:UDP:Windows Media Format SDK (firefox.exe) "4499:UDP"= 4499:UDP:Windows Media Format SDK (firefox.exe) R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [8.1.2009 10:18 15424] R2 878TVCard;Bt878 TV Card - Video Capture;c:\windows\system32\drivers\Bt878.sys [8.1.2009 17:18 214692] R2 878TVTuner;Bt878 TV Card - TV Tuner;c:\windows\system32\drivers\BtTuner.sys [8.1.2009 17:19 12160] R2 878Xbar;Bt878 TV Card - Crossbar;c:\windows\system32\drivers\BtXbar.sys [8.1.2009 17:18 8704] R2 TTFixerService;NST ToolTipFixer;c:\program files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe [8.1.2009 9:52 10240] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18.1.2010 22:34 135664] S3 PAC207;Eye 110;c:\windows\system32\drivers\PFC027.SYS [24.6.2009 17:56 616064] --- Other Services/Drivers In Memory --- NewlyCreated - ASPI32 . Contents of the 'Scheduled Tasks' folder 2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 20:33] 2010-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-18 20:33] 2010-07-05 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1123561945-838170752-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] 2010-07-03 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1123561945-838170752-839522115-1004.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 20:09] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\46w6hjqz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2124320&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Messenger Plus Live Customized Web Search FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2233703&SearchSource=2&q= FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-05 20:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run TV Card Remote Control Device Monitor = c:\windows\878RMTMon.exe????????????????T?a?PF??m?a?????????????????????????????????????????x????????A??????????????????x???????XF??????????T?a?x???m?a?????????????1??\|(F??????????????????????????????????????????????????????x???????T?a?h?o?m?a???????????A???? scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(752) c:\windows\system32\imon.dll - - - - - - - > 'explorer.exe'(2824) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\RUNDLL32.EXE c:\windows\RTHDCPL.EXE c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Eset\nod32krn.exe c:\windows\878RMT.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************ . Completion time: 2010-07-05 20:18:25 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-05 18:18 ComboFix2.txt 2010-07-05 17:11 ComboFix3.txt 2010-07-04 15:04 Pre-Run: 17.722.908.672 bytes free Post-Run: 17.726.631.936 bytes free - - End Of File - - 7BF36F66BDA0F9225E6ADDB0B8A87BD9

Profil

1l padr1n0 Poslao: 05 Jul 2010 20:38 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `DeQuarantine:: c:\qoobox\quarantine\c\windows\system\WINSPOOL.DRV.vir Quit::` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

KlinkaPalacinka Poslao: 05 Jul 2010 20:43 Idi na vrh
offline KlinkaPalacinka Prijatelj foruma Biljana Pridružio: 29 Nov 2009 Poruke: 2494	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! c:\qoobox\quarantine\c\windows\system\WINSPOOL.DRV.vir -> c:\windows\system\WINSPOOL.DRV ( 146432 bytes ) c:\qoobox\quarantine\c\windows\system\WINSPOOL.DRV.vir -> c:\windows\system\WINSPOOL.DRV ( 146432 bytes )

Profil

1l padr1n0 Poslao: 05 Jul 2010 21:03 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovim mojim post-om cemo zavrsiti slucaj. Tvoj racunar je cist sto se tice malware-a. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: ComboFix /Uninstall Primeti da postoji razmak između "ComboFix" i "/Uninstall". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Predlog: - Instalirati Service Pack 3. Download-uj pa instaliraj, ne moras preko Update-a. - Instaliraj noviju verziju NOD32 antivirusa (ova trenutno instalirana je poprilicno stara) s'tim da naglasavam, nemoj da pokusavas da ga cr@ck-ujes, patch-ujes itd jer time nista neces dobiti a mozes mnogo izgubiti. Ukoliko ne zelis kupiti licencu za NOD32 instaliraj neku besplatnu alternativu. Ima ih na pretek. Navestu samo par njih: avira, avast, Panda Cloud, AVG, itd itd... - Ukoliko imas pitanja vezana za sredjivanje racunara obrati se u Windows forum: http://www.mycity.rs/Windows/ Pozdrav.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Potpuno zapostavljen racunar

Ko je trenutno na forumu

Ukupno su 976 korisnika na forumu :: 69 registrovanih, 9 sakrivenih i 898 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Acivi, alkatraz080, amstel, Bloody, bokisha253, Brana01, cavatina, cenejac111, cinoeye, crnitrn, darkangel, Darko8, Denaya, Djokkinen, djordje92sm, draganca, dragoljub11987, DragoslavS, dule10savic, GORDI, goxin, HrcAk47, ILGromovnik, Istman, ivicasimo, JimmyNapoli, kikisp, kljift, kuntalo, Lieutenant, Litostroton, ljuba, Luka Blažević, markF, Marko Marković, MikeHammer, mikrimaus, milenko crazy north, Milometer, Misirac, naki011, Ne doznajem se u oružje, nebkv, Nemanja.M, nemkea71, Panter, pein, Petarvu, raketaš, repac, Ripanjac, S.Palestinac, sasakrajina, slonic_tonic, solic, Srle993, Steeeefan, tmanda323, trutcina, tubular, Vatreni Zmaj, virked, Vlad000, vladaa012, vladulns, VP6919, ZetaMan, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by