MyCity » Ambulanta -> Arhiva Ambulante » Potrebna pomoc oko MSN-a

Potrebna pomoc oko MSN-a

Napisano na dan: 27.2.2008
1

Potrebna pomoc oko MSN-a
Sledeća strana Pagination

Idi na vrh

Poslao: 27 Feb 2008 14:04
Idi na vrh
offline
  • bolta 
  • Novi MyCity građanin
  • Pridružio: 12 Maj 2007
  • Poruke: 15

Postovani, vec nekoliko meseci koristim MSN i nisam imao nikakvih problema, medjutim u zadnje vreme imam probleme sa logovanjem i kad nekako uspem, MSN mi izbacuje razlicite slike, poruke sa nekih (film-za-odrasle)-ografskih sajtova..stavise, gotovo sam siguran da mi je firefox i rad na netu znacajno usporen..

sta da radim??

Unapred zahvalan, Predrag

Poslao: 27 Feb 2008 14:20
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Zdravo,
isprati temu:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Poslao: 27 Feb 2008 14:23
Idi na vrh
offline
  • bolta 
  • Novi MyCity građanin
  • Pridružio: 12 Maj 2007
  • Poruke: 15

Logfile of HijackThis v1.99.1
Scan saved at 14:23:31, on 27.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\Alcohol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bolta\Desktop\123456\exp.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Scr Less] C:\DOCUME~1\Bolta\APPLIC~1\TRUSTR~1\PollFragEach.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Birthday reminder check.lnk = C:\Program Files\Birthday Reminder\bday.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Preuzmi sa FlashGet-om - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Preuzmi sve sa FlashGet-om - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Poslao: 27 Feb 2008 17:05
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...


Preuzmi Deljob.
Dvoklikom pokreni deljob.exe
Logfile logit.txt će se otvoriti u Notepad-u (file će se nalaziti u folderu u kojem je i deljob.exe)
Iskopiraj sadržaj tog loga u temu na forumu



-------------------------------------------------------------------------------------



Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 27 Feb 2008 17:52
Idi na vrh
offline
  • bolta 
  • Novi MyCity građanin
  • Pridružio: 12 Maj 2007
  • Poruke: 15

--------------------------------------------------------
No LOP job-files found
--------------------------------------------------------
Files in Windows Tasks folder

--------------------------------------------------------
Export App Data folders
--------------------------------------------------------
Volume in drive C is BOLTA1
Volume Serial Number is D8CF-6409

Directory of C:\Documents and Settings\Bolta\Application Data

26.02.2008 00:09 <DIR> .
26.02.2008 00:09 <DIR> ..
19.01.2007 01:41 <DIR> ACDSYS~1 ACD Systems
25.02.2008 13:39 <DIR> Adobe
11.02.2008 22:28 <DIR> AdobeUM
27.09.2004 00:20 <DIR> Ahead
13.11.2007 14:51 <DIR> Contrast
12.12.2004 16:35 <DIR> Corel
17.05.2007 18:33 <DIR> DATALA~1 DataLayer
13.02.2008 16:06 <DIR> Google
02.02.2007 22:04 <DIR> Help
09.02.2008 16:36 <DIR> ICQTOO~1 ICQ Toolbar
04.05.2006 00:59 <DIR> ICQLite
26.09.2004 06:43 <DIR> IDENTI~1 Identities
20.04.2005 12:08 <DIR> Lavasoft
19.10.2006 02:51 <DIR> LEADER~1 Leadertech
26.02.2008 00:00 <DIR> LimeWire
23.12.2007 16:42 <DIR> MACROM~1 Macromedia
17.02.2008 23:14 <DIR> MEDIAP~1 Media Player Classic
09.02.2008 17:35 <DIR> MICROS~1 Microsoft
09.02.2008 16:05 <DIR> Mozilla
18.03.2006 00:23 <DIR> MSNINS~1 MSNInstaller
02.10.2006 17:35 <DIR> MYGAME~1 My Games
04.02.2007 23:06 <DIR> MySpace
14.08.2005 18:02 <DIR> NASA
26.02.2008 00:09 <DIR> Nokia
28.01.2008 19:11 <DIR> NOKIAM~1 Nokia Multimedia Player
26.02.2008 00:05 <DIR> PCSUIT~1 PC Suite
09.02.2008 17:54 <DIR> Real
11.02.2008 20:29 <DIR> SCREEN~1 Screenshot Sender
24.10.2007 13:26 <DIR> SecuROM
24.10.2007 13:30 <DIR> SPORTS~1 Sports Interactive
13.02.2008 02:01 <DIR> Sun
19.04.2005 15:15 <DIR> Symantec
09.02.2008 16:05 <DIR> Talkback
09.02.2008 19:32 <DIR> TRUSTR~1 trustroad
27.05.2007 12:01 <DIR> ULEADS~1 Ulead Systems
27.02.2008 15:24 <DIR> uTorrent
16.01.2008 08:57 <DIR> YAHOO!~1 Yahoo! Messenger
0 File(s) 0 bytes
39 Dir(s) 5.502.459.904 bytes free
Volume in drive C is BOLTA1
Volume Serial Number is D8CF-6409

Directory of C:\Documents and Settings\All Users\Application Data

13.02.2008 23:38 <DIR> .
13.02.2008 23:38 <DIR> ..
02.05.2006 22:21 <DIR> ACDSYS~1 ACD Systems
25.02.2008 13:39 <DIR> Adobe
02.11.2006 23:04 <DIR> ADOBES~1 Adobe Systems
02.11.2006 23:18 <DIR> APPLEC~1 Apple Computer
05.06.2005 14:43 <DIR> BITSTR~1 Bitstream Font Navigator
19.09.2005 22:49 <DIR> BLACKP~1 BlackPencil
06.09.2006 22:35 <DIR> BVRPSO~1 BVRP Software
13.11.2007 14:51 <DIR> Contrast
13.02.2008 01:34 <DIR> DOWNLO~1 Downloaded Installations
13.02.2008 01:28 <DIR> INSTAL~2 Installations
27.05.2007 12:00 <DIR> INSTAL~1 InstallShield
04.09.2006 22:59 <DIR> LACONI~1 Laconic Software
24.12.2007 22:44 <DIR> MACROV~1 Macrovision
12.02.2008 15:23 <DIR> MESSEN~1 Messenger Plus!
26.02.2008 00:06 <DIR> MICROS~1 Microsoft
07.12.2007 23:51 <DIR> MICROS~2 Microsoft Help
13.01.2007 15:23 <DIR> NVIDIA
26.02.2008 00:04 <DIR> PCSUIT~1 PC Suite
26.09.2004 06:57 <DIR> QUICKT~1 QuickTime
20.04.2005 12:09 <DIR> SPYBOT~1 Spybot - Search & Destroy
04.05.2005 02:22 <DIR> Symantec
21.02.2008 23:53 <DIR> TEMP
27.05.2007 12:01 <DIR> ULEADS~1 Ulead Systems
09.02.2008 17:15 <DIR> WLINST~1 WLInstaller
09.02.2008 17:10 <DIR> Yahoo!
0 File(s) 0 bytes
27 Dir(s) 5.502.455.808 bytes free
--------------------------------------------------------
All User Accounts
--------------------------------------------------------
Administrator
All Users
Application Data
Bolta
--------------------------------------------------------

Dopuna: 27 Feb 2008 17:51

ComboFix 08-02-25.3 - Bolta 2008-02-27 17:45:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.416 [GMT 1:00]
Running from: C:\Documents and Settings\Bolta\Desktop\ComboFix(2).exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-27 17:33 . 2004-08-03 23:56 388,608 --a------ C:\WINDOWS\system32\kmd.exe
2008-02-27 14:10 . 2008-02-27 14:10 <DIR> d-------- C:\Program Files\THQ
2008-02-26 00:07 . 2008-02-26 00:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-26 00:07 . 2008-02-26 00:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-25 00:04 . 2008-02-25 00:04 <DIR> d-------- C:\Program Files\Creative
2008-02-25 00:04 . 2002-06-06 14:38 139,264 --a------ C:\WINDOWS\system32\eax.dll
2008-02-24 23:54 . 2008-02-25 00:16 <DIR> d-------- C:\Program Files\Mafia
2008-02-24 23:53 . 2003-04-09 10:28 233,472 -ra------ C:\WINDOWS\system32\MafiaSetup.exe
2008-02-24 10:30 . 2008-02-24 10:30 172 --ah----- C:\sqmnoopt03.sqm
2008-02-24 10:30 . 2008-02-24 10:30 172 --ah----- C:\sqmdata03.sqm
2008-02-24 10:26 . 2008-02-24 10:26 268 --ah----- C:\sqmdata02.sqm
2008-02-24 10:26 . 2008-02-24 10:26 244 --ah----- C:\sqmnoopt02.sqm
2008-02-24 00:43 . 2008-02-24 00:43 268 --ah----- C:\sqmdata00.sqm
2008-02-24 00:43 . 2008-02-24 00:43 244 --ah----- C:\sqmnoopt00.sqm
2008-02-24 00:43 . 2008-02-24 00:43 172 --ah----- C:\sqmnoopt01.sqm
2008-02-24 00:43 . 2008-02-24 00:43 172 --ah----- C:\sqmdata01.sqm
2008-02-22 23:11 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-02-22 22:48 . 2008-02-22 22:48 <DIR> d-------- C:\Program Files\Power Video Converter
2008-02-22 22:48 . 2008-02-22 22:48 <DIR> d-------- C:\movies
2008-02-22 22:48 . 2008-02-22 22:48 66 --a------ C:\WINDOWS\Power Video Converter.INI
2008-02-20 02:28 . 2008-02-20 12:17 <DIR> d--hs---- C:\Config.Msi
2008-02-17 23:34 . 2008-02-17 23:34 <DIR> d-------- C:\Program Files\XviD
2008-02-17 23:33 . 2008-02-17 23:33 <DIR> d-------- C:\Program Files\DSD
2008-02-17 23:32 . 2008-02-17 23:32 <DIR> d-------- C:\Program Files\MatrixMixer
2008-02-17 23:32 . 2008-02-17 23:32 <DIR> d-------- C:\Program Files\AC3Filter
2008-02-17 23:32 . 2003-08-19 08:20 180,224 --a------ C:\WINDOWS\system32\ac3filter.cpl
2008-02-17 23:14 . 2008-02-17 23:14 <DIR> d-------- C:\Documents and Settings\Bolta\Application Data\Media Player Classic
2008-02-15 19:25 . 2008-02-27 16:41 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-02-15 18:41 . 2008-02-15 18:41 <DIR> d-------- C:\Program Files\MC2
2008-02-15 15:21 . 2008-02-15 15:21 <DIR> d-------- C:\Program Files\LimeWire
2008-02-15 15:21 . 2008-02-26 00:00 <DIR> d-------- C:\Documents and Settings\Bolta\Application Data\LimeWire
2008-02-15 00:55 . 2008-02-22 23:00 <DIR> d-------- C:\Downloads
2008-02-14 03:20 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-02-14 03:20 . 2008-02-22 22:48 23,392 --a------ C:\WINDOWS\system32\nscompat.tlb
2008-02-14 03:20 . 2008-02-22 22:48 16,832 --a------ C:\WINDOWS\system32\amcompat.tlb
2008-02-13 23:38 . 2008-02-21 23:53 <DIR> d-------- C:\Program Files\Super Internet TV
2008-02-13 23:38 . 2008-02-21 23:53 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-13 02:11 . 2002-02-18 10:22 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-02-13 02:11 . 2002-02-18 10:23 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-02-13 02:11 . 2002-02-18 07:55 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-02-13 02:11 . 2002-02-18 07:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-02-13 02:10 . 2008-02-13 02:10 <DIR> d-------- C:\Program Files\Microsoft VM
2008-02-13 02:10 . 2002-02-18 07:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-02-13 02:10 . 2002-02-18 07:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-02-13 02:01 . 2008-02-13 02:01 <DIR> d-------- C:\WINDOWS\Sun
2008-02-13 01:56 . 2007-09-24 23:31 139,264 --a------ C:\WINDOWS\system32\javaws.exe
2008-02-13 01:56 . 2007-09-24 22:30 135,168 --a------ C:\WINDOWS\system32\javaw.exe
2008-02-13 01:56 . 2007-09-24 22:30 135,168 --a------ C:\WINDOWS\system32\java.exe
2008-02-13 01:56 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-13 01:55 . 2008-02-13 01:56 <DIR> d-------- C:\Program Files\Java
2008-02-13 01:50 . 2008-02-13 01:50 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-13 01:34 . 2008-02-13 01:34 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-02-13 01:34 . 2008-02-13 01:34 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-02-13 01:32 . 2008-02-13 01:32 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-02-13 01:31 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-02-13 01:31 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-02-13 01:31 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-02-13 01:31 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-02-13 01:31 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-02-13 01:28 . 2008-02-13 01:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-02-12 14:25 . 2006-10-04 15:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-02-12 14:25 . 2006-10-04 15:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-02-12 14:25 . 2006-10-04 15:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-02-12 14:25 . 2006-09-16 03:02 14,640 --------- C:\WINDOWS\system32\spmsg.dll
2008-02-12 14:24 . 2008-02-13 15:26 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-02-12 14:22 . 2008-02-26 00:06 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-02-11 01:50 . 2008-02-11 01:50 <DIR> d-------- C:\Program Files\FDRLab
2008-02-10 14:04 . 2008-02-11 20:29 <DIR> d-------- C:\Documents and Settings\Bolta\Application Data\Screenshot Sender
2008-02-10 13:06 . 2008-02-25 15:47 <DIR> d-------- C:\Program Files\AIMP2
2008-02-10 08:51 . 2008-02-12 14:22 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-09 22:27 . 2008-02-11 01:07 <DIR> d-------- C:\Program Files\Soulseek
2008-02-09 20:06 . 2008-02-27 17:38 <DIR> d-------- C:\Program Files\FlashGet
2008-02-09 20:06 . 2004-08-03 22:14 359,040 --a------ C:\WINDOWS\system32\drivers\tcpip.sys.flg
2008-02-09 19:32 . 2008-02-09 19:32 <DIR> d-------- C:\Program Files\trustroad
2008-02-09 19:32 . 2008-02-09 19:32 <DIR> d-------- C:\Documents and Settings\Bolta\Application Data\trustroad
2008-02-09 19:31 . 2008-02-09 19:31 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2008-02-09 19:31 . 2008-02-09 19:31 <DIR> d-------- C:\Program Files\Circle Developement
2008-02-09 19:22 . 2008-02-09 19:22 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-02-09 18:48 . 2008-02-09 18:48 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-09 18:47 . 2008-02-27 16:51 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-02-09 18:47 . 2007-11-14 16:04 472,552 --a------ C:\WINDOWS\system32\vsutil.dll
2008-02-09 18:47 . 2007-11-14 16:04 157,160 --a------ C:\WINDOWS\system32\vsinit.dll
2008-02-09 18:47 . 2007-11-14 16:04 83,432 --a------ C:\WINDOWS\system32\vsdata.dll
2008-02-09 17:36 . 2008-02-11 20:28 <DIR> d-------- C:\Documents and Settings\Bolta\Contacts
2008-02-09 17:10 . 2008-02-09 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-02-09 17:04 . 2008-02-13 02:02 1,279 --a------ C:\WINDOWS\mozver.dat
2008-02-09 17:00 . 2008-02-12 15:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-02-09 16:58 . 2008-02-09 17:31 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-09 16:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-09 16:58 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-02-09 16:58 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-09 16:57 . 2008-02-09 17:34 <DIR> d-------- C:\Program Files\Windows Live
2008-02-09 16:57 . 2008-02-09 17:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-09 16:46 . 2008-02-09 16:46 <DIR> d-------- C:\Program Files\MessengerPlus! 3
2008-02-09 16:46 . 2008-02-09 16:46 <DIR> d-------- C:\Program Files\Adverts
2008-02-09 16:36 . 2008-02-09 16:36 <DIR> d-------- C:\Documents and Settings\Bolta\Application Data\ICQ Toolbar
2008-02-09 16:27 . 2008-02-26 19:13 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-09 16:24 . 2008-02-09 16:24 <DIR> d-------- C:\Program Files\uTorrent
2008-02-09 16:23 . 2008-02-27 15:24 <DIR> d-------- C:\Documents and Settings\Bolta\Application Data\uTorrent
2008-02-09 16:05 . 2008-02-27 17:31 <DIR> d-------- C:\Program Files\Mozilla Firefox

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 16:04 1,207,959,552 --sha-w C:\pagefile.sys
2008-02-27 13:09 6,572 ----a-w C:\WINDOWS\system32\drivers\CDSpace.cfg
2008-02-25 23:09 --------- d-----w C:\Documents and Settings\Bolta\Application Data\Nokia
2008-02-25 23:05 --------- d-----w C:\Documents and Settings\Bolta\Application Data\PC Suite
2008-02-25 23:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-02-20 01:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-20 01:29 --------- d-----w C:\Program Files\Adobe
2008-02-17 22:33 --------- d-----w C:\Program Files\ffdshow
2008-02-17 22:32 --------- d-----w C:\Program Files\DivX
2008-02-15 19:50 --------- d-----w C:\Program Files\Winamp
2008-02-14 02:19 --------- d-----w C:\Program Files\Windows Media Player
2008-02-13 15:05 --------- d-----w C:\Program Files\Google
2008-02-13 00:50 --------- d-----w C:\Program Files\Common Files
2008-02-13 00:36 --------- d-----w C:\Program Files\DIFX
2008-02-13 00:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-02-13 00:31 --------- d-----w C:\Program Files\Nokia
2008-02-11 21:28 --------- d-----w C:\Documents and Settings\Bolta\Application Data\AdobeUM
2008-02-11 14:44 --------- d-----w C:\Program Files\FLV Player
2008-02-09 18:40 --------- d-----w C:\Program Files\DAP
2008-02-09 16:53 --------- d-----w C:\Program Files\Real
2008-02-09 16:53 --------- d-----w C:\Program Files\Common Files\Real
2008-02-09 16:52 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll
2008-02-09 16:52 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll
2008-02-09 16:52 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll
2008-02-09 16:52 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll
2008-02-09 16:37 --------- d-----w C:\Program Files\Common Files\Microsoft Shared
2008-02-09 16:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-09 15:27 --------- d-----w C:\Program Files\ICQLite
2008-01-27 22:23 3,001 --sha-w C:\Documents and Settings\Bolta\ppUser.dat
2008-01-16 07:57 --------- d-----w C:\Documents and Settings\Bolta\Application Data\Yahoo! Messenger
2007-12-30 15:50 --------- d-----w C:\Program Files\EA GAMES
2007-12-30 15:49 --------- d-----w C:\Program Files\FireFly Studios
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-21 22:59 35,152 ----a-w C:\Documents and Settings\Bolta\Application Data\GDIPFONTCACHEV1.DAT
2004-09-26 06:08 8 --sh--r C:\WINDOWS\system32\CC68F50FD3.sys
.

------- Sigcheck -------

6a603809f598332dbedd535bdbce313e C:\WINDOWS\system32\drivers\tcpip.sys
-c----w 332,928 2002-08-28 23:58:12 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
------w 359,040 2004-08-03 21:14:42 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
----a-w 359,040 2004-08-03 21:14:42 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2008-02-09 16:46 190024]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"Scr Less"="C:\DOCUME~1\Bolta\APPLIC~1\TRUSTR~1\PollFragEach.exe" [2008-02-09 19:32 484864]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SMSERIAL"="sm56hlpr.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-11-02 23:19 98304]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-09 17:52 185896]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 09:10 2007088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-03 23:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-09-26 07:04:22 113664]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LCDPlayer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LCDPlayer.lnk
backup=C:\WINDOWS\pss\LCDPlayer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Bolta^Favorites^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Bolta\Favorites\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
c:\program files\zango\zango.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\SIERRA\\Half-Life\\hl.exe"=
"C:\\Program Files\\Macromedia\\Flash MX\\Flash.exe"=
"C:\\Program Files\\Macromedia\\Dreamweaver MX\\Dreamweaver.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 LIKECDN2;LIKECDN2;C:\WINDOWS\system32\DRIVERS\LIKECDN2.sys [2001-09-29 09:43]
R2 XSPACEWG;XSPACEWG;C:\WINDOWS\system32\drivers\XSpaceWg.sys [2001-09-21 09:14]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\Windows Live\Messenger\usnsvc.exe" [2007-10-18 11:31]
S3 Intels51;Intel(R) 536EP V.92 Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2002-05-10 22:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14371930-5a24-11dc-9121-000c6e98907e}]
\Shell\AutoRun\command - I:\xfoolavp.com
\Shell\explore\Command - I:\xfoolavp.com
\Shell\open\Command - I:\xfoolavp.com

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-02-27 17:46:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SMSERIAL = sm56hlpr.exe?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.

Dopuna: 27 Feb 2008 17:52

da li je ovo, ono sto ste trazili?

Poslao: 27 Feb 2008 18:20
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Uploaduj mi sledeći file na proveru:

C:\WINDOWS\system32\drivers\tcpip.sys

preko sledeće forme: http://www.mycity.rs/ambulanta-upload.php



-------------------------------------------------------------------------------------



Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.

Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili.

Poslao: 27 Feb 2008 18:27
Idi na vrh
offline
  • bolta 
  • Novi MyCity građanin
  • Pridružio: 12 Maj 2007
  • Poruke: 15

Citat:Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u

izgleda da fajl nije ispravan, skinem ga na desktop ali ne mogu da ga otpakujem, prijavljuje ostecenje..postoji li neki drugi link?

Poslao: 27 Feb 2008 18:52
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Probaj sa ovog linka:

http://www.majorgeeks.com/GMER_d5198.html

Poslao: 27 Feb 2008 21:13
Idi na vrh
offline
  • bolta 
  • Novi MyCity građanin
  • Pridružio: 12 Maj 2007
  • Poruke: 15

GMER 1.0.14.14116 - gmer.net
Rootkit scan 2008-02-27 21:11:37
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwClose [0xF77F3C58]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0xF594B040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0xF5947930]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateKey [0xF5952A80]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwCreatePagingFile [0xF77E7C70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0xF594B510]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcess [0xF5951870]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateProcessEx [0xF5951AA0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0xF5954FD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0xF594B600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0xF5947F20]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteKey [0xF59536E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteValueKey [0xF5953440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0xF5951580]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateKey [0xF77E84FE]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwEnumerateValueKey [0xF77F3D50]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadDriver [0xF59453F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0xF59538B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwMapViewOfSection [0xF5955270]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0xF5947D70]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwOpenKey [0xF77F3BD4]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0xF5951350]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0xF5951150]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryKey [0xF77E851E]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwQueryValueKey [0xF77F3CA6]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRenameKey [0xF5954250]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0xF5953CB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0xF594AC00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0xF5954080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0xF594B220]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0xF5948120]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetSystemInformation [0xF59451C0]
SSDT Vax347b.sys (Plug and Play BIOS Extension/ ) ZwSetSystemPowerState [0xF77F34F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetValueKey [0xF5953140]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwTerminateProcess [0xF5951CD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwUnloadDriver [0xF59455F0]

INT 0x20 srescan.sys F7610C70

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_abnormal_termination + 103 804E2DD4 16 Bytes [ 70, 7C, 7E, F7, 10, B5, 94, ... ]
.text ntoskrnl.exe!_abnormal_termination + 40F 804E30E0 1 Byte [ C0 ]
.text ntoskrnl.exe!_abnormal_termination + 411 804E30E2 6 Bytes [ 94, F5, F0, 34, 7F, F7 ]
? srescan.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\system32\ZoneLabs\vsmon.exe[1404] ntdll.dll!KiFastSystemCall + 2 7C90EB8D 2 Bytes [ CD, 20 ]

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F594FCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F59501C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F5950320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F594FE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F594FE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F594FCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F59501C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F5950320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F594FCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F5950320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F59501C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F594FE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F5950320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F594FCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F59501C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F595D330] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F594FE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F594FCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F59501C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F5950320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F594FCA0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F594FE10] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F5950320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F59501C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [F5948670] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [F59485C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [F5948770] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [F59482D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [01937376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [01937376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [01937376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [01937376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [01937376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [01937376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [01937376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [01937376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [01937376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [01937376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [01937376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [01937376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [01937376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [01937376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [01937376] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[2972] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [019373CC] C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\FULLSOFT.DLL (Talkback Library/Full Circle Software, Inc.)

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 83FE5230

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fastfat \FatCdrom 83C6D3B0
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\Rdbss \Device\FsWrap 83CADC78
Device \Driver\atapi \Device\Ide\IdePort0 83D24008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 83D24008
Device \Driver\atapi \Device\Ide\IdePort1 83D24008
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 83D24008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-18 83D24008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-20 83D24008
Device \FileSystem\Srv \Device\LanmanServer 83A076A8
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 83CB5118
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 83CB5118
Device \FileSystem\Npfs \Device\NamedPipe 83C97888
Device \FileSystem\Msfs \Device\Mailslot 83C97A50
Device \Driver\Vax347s \Device\Scsi\Vax347s1 83B65820
Device \Driver\Vax347s \Device\Scsi\Vax347s1Port2Path0Target0Lun0 83B65820
Device \Driver\LIKECDN2 \Device\Scsi\LIKECDN21Port3Path0Target0Lun0 83B63C70
Device \Driver\LIKECDN2 \Device\Scsi\LIKECDN21 83B63C70
Device \FileSystem\Fastfat \Fat 83C6D3B0

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 83CAEC78
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 83CAEC78
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 83CAEC78
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 83CAEC78
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 83CAEC78
Device \FileSystem\Cdfs \Cdfs 83C78DA8

---- Modules - GMER 1.0.14 ----

Module _________ F774A000-F7762000 (98304 bytes)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40@ujdew 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\Vax347s\Config\jdgg40@ljej40 0x65 0x51 0x01 0xB2 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BA045A70587D5D11E89800097285260A\Usage@ThumbnailDisplay 945491473
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E9F81423-211E-46B6-9AE0-38568BC5CF6F}@DisplayName Alcohol 120%
Reg HKLM\SOFTWARE\Classes\Installer\Products\32418F9EE1126B64A90E8365B85CFCF6@ProductName Alcohol 120%

---- EOF - GMER 1.0.14 ----

Dopuna: 27 Feb 2008 21:13

GMER 1.0.14.14116 - gmer.net
Autostart scan 2008-02-27 21:13:00
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv@ = "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus@ = "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SoundMAX Agent Service (default)@ = C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
StarWindService@ = C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
vsmon@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@SMSERIALsm56hlpr.exe /*file not found*/ = sm56hlpr.exe /*file not found*/
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
@ISUSPM Startup"C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup = "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
@ISUSScheduler"C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start = "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
@TkBellExe"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
@ZoneAlarm Client"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
@FlashgetC:\Program Files\FlashGet\FlashGet.exe /min /*file not found*/ = C:\Program Files\FlashGet\FlashGet.exe /min /*file not found*/
@SunJavaUpdateSched"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@MessengerPlus3"C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
@msnmsgr"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
@Scr LessC:\DOCUME~1\Bolta\APPLIC~1\TRUSTR~1\PollFragEach.exe = C:\DOCUME~1\Bolta\APPLIC~1\TRUSTR~1\PollFragEach.exe
@Yahoo! Pager"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
@PC Suite Tray"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray = "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{32683183-48a0-441b-a342-7c2a440a9478} /*Media Band*/(null) =
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{4CCEFB41-18FA-11D3-9EF3-00A0C9E897FD} /*CorelDRAW Shell Extension Component*/C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll = C:\Program Files\Corel\Corel Graphics 11\DRAW\CDRVIEWER\CrlShell110.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealOne Player\rpshell.dll = C:\Program Files\Real\RealOne Player\rpshell.dll
@{cff79e04-6987-11d4-b94f-006097975dba} /*LcdFriendly*/c:\program files\space international\cdspace 4.0\lcdshell.dll = c:\program files\space international\cdspace 4.0\lcdshell.dll
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\System32\twext.dll = C:\WINDOWS\System32\twext.dll
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\System32\extmgr.dll = C:\WINDOWS\System32\extmgr.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Program Files\Alwil Software\Avast4\ashShell.dll = C:\Program Files\Alwil Software\Avast4\ashShell.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{32020A01-506E-484D-A2A8-BE3CF17601C3} /*AlcoholShellEx*/C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll = C:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll
@{73B24247-042E-4EF5-ADC2-42F62E6FD654} /*ICQ Lite Shell Extension*/C:\Program Files\ICQLite\ICQLiteShell.dll = C:\Program Files\ICQLite\ICQLiteShell.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
@{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} /*Microsoft Office OneNote Namespace Extension for Windows Desktop Search*/C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL = C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll = C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
@{1F77B17B-F531-44DB-ACA4-76ABB5010A28} /*AIMP2: Shell Extention*/C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL = C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} /*Nokia Phone Browser*/C:\Program Files\Nokia\Nokia PC Suite 6\phonebrowser.dll = C:\Program Files\Nokia\Nokia PC Suite 6\phonebrowser.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AIMPClassic@{1F77B17B-F531-44DB-ACA4-76ABB5010A28} = C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Program Files\ICQLite\ICQLiteShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
AIMPClassic@{1F77B17B-F531-44DB-ACA4-76ABB5010A28} = C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
ICQLiteMenu@{73B24247-042E-4EF5-ADC2-42F62E6FD654} = C:\Program Files\ICQLite\ICQLiteShell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
LcdFriendly@{cff79e04-6987-11d4-b94f-006097975dba} = c:\program files\space international\cdspace 4.0\lcdshell.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{055FD26D-3A88-4e15-963D-DC8493744B1D}C:\PROGRA~1\ICQTOO~1\toolbaru.dll = C:\PROGRA~1\ICQTOO~1\toolbaru.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}C:\Program Files\FlashGet\jccatch.dll = C:\Program Files\FlashGet\jccatch.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{F156768E-81EF-470C-9057-481BA8380DBA}C:\Program Files\FlashGet\getflash.dll = C:\Program Files\FlashGet\getflash.dll
@{F4D76F01-7896-458a-890F-E1F05C46069F}C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL = C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\System32\itss.dll
livecall@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\System32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\System32\itss.dll
msnim@CLSID = C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\System32\wiascr.dll

C:\Documents and Settings\Bolta\Favorites\Start Menu\Programs\Startup >>>
Adobe Gamma.lnk = Adobe Gamma.lnk
Birthday reminder check.lnk = Birthday reminder check.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Adobe Gamma Loader.lnk = Adobe Gamma Loader.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.14 ----

Poslao: 27 Feb 2008 22:15
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Preporučio bih ti da deinstaliraš program MessengerPlus! pošto je on uzročnik infekcije čiji su tragovi vidljivi u logu.

Nakon deinstalacije možeš obrisati folder:
C:\Program Files\MessengerPlus! 3



-------------------------------------------------------------------------------------



Zatim je potrebno otvoriti Notepad i iskopirati sledeci tekst:

Folder::
C:\Program Files\trustroad
C:\Documents and Settings\Bolta\Application Data\trustroad
C:\Program Files\Adverts
C:\Program Files\Circle Developement
c:\program files\zango

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Scr Less"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zango]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14371930-5a24-11dc-9121-000c6e98907e}]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.

Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

MyCity » Ambulanta -> Arhiva Ambulante » Potrebna pomoc oko MSN-a

Ko je trenutno na forumu
 

Ukupno su 1224 korisnika na forumu :: 39 registrovanih, 5 sakrivenih i 1180 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, Apok, cenejac111, crnitrn, deLacy, DonRumataEstorski, dragoljub11987, Gall, hyla, jackreacher011011, janbo, Joco Skljoco, Karla, Krusarac, Kubovac, laurusri, Leonov, Lošmi, mercedesamg, milutin134, MrNo, opt1, Oscar, panonski mornar, pein, procesor, Ripanjac, sasa87, Srle993, suton, Trpe Grozni, tubular, Tvrtko I, Valter071, Vladko, wizzardone, xpforswodniw, šumar bk2, žeks62