Problem Slaper.c

2

Problem Slaper.c

offline
  • viper 
  • Novi MyCity građanin
  • Pridružio: 23 Dec 2006
  • Poruke: 27

Nije ga i dalje nasao podesio sam sve nista mi nije nasao

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ajde onda uploaduj mi onaj 1.exe kog si nasao, da bih video sa cime imamo posla.

Nakon toga:
- Skini program WinPFind
- restartuj komp u Safe Mode
- Startuj program i sledi sledece korake:
- Klik na tab Configuration
- Klikni na oba Select All dugmeta u donjem delu
- Odaberi Run Add ONs i stikliraj sve opcije na listi
- Klikni na Run all Scans
- Po zavrsetku skeniranja, u donjem levom delu programa ce se pojaviti poruka Scans Complete!
- Klikni na dugme Extended report i snimi log fajl koji ce da se pojavi

Po povratku u normalan mod rada, iskopiraj nam sadrzaj tog log-fajla ovde.

Dopuna: 23 Dec 2006 18:55

Pregledao sam fajl 1.exe, u pitanju je bot. To znaci da bi trebalo da stavis firewall, posto bi firewall sprecio upad ovog bota.
Ja cu da sacekam log programa WinPFind, pa da vidimo kako cemo dalje.

offline
  • viper 
  • Novi MyCity građanin
  • Pridružio: 23 Dec 2006
  • Poruke: 27

Ne moze da se izvrsi scan izbacuje mi poruku "grid index out of range"

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Probajmo onda sa starijom verzijom tog programa:
http://www.bleepingcomputer.com/files/winpfind.php

Nakon pokretanja programa klikni na Start Scan.
Kada zavrsi skeniranje, na izvestaju klikni desno dugme i odaberi Select All, pa onda opet desno dugme, pa odabery Copy.
Na forumu, u polju za upis poruke, klikni desno dugme i odaberi Paste.

offline
  • viper 
  • Novi MyCity građanin
  • Pridružio: 23 Dec 2006
  • Poruke: 27

Evo ga log

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows sometimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 12/23/2006 7:44:55 PM
WinPFind v1.5.0 Folder = C:\Documents and Settings\q\Desktop\DOWNLOAD\WinPFind\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 8/23/2004 1:04:56 AM 69120 C:\WINDOWS\daemon.dll ()

Checking %System% folder...
WSUD 6/21/2005 3:09:06 AM R 18751488 C:\WINDOWS\SYSTEM32\alsndmgr.cpl (Realtek Semiconductor Corp.)
aspack 5/26/2005 11:34:52 PM 2297552 C:\WINDOWS\SYSTEM32\d3dx9_26.dll (Microsoft Corporation)
aspack 7/23/2005 3:59:04 AM 2319568 C:\WINDOWS\SYSTEM32\d3dx9_27.dll (Microsoft Corporation)
PEC2 8/30/2002 3:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
PEC2 4/19/2006 9:09:20 PM 619156 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
PECompact2 4/19/2006 9:09:20 PM 619156 C:\WINDOWS\SYSTEM32\DivX.dll (DivX, Inc.)
WSUD 8/30/2002 3:00:00 PM 1135616 C:\WINDOWS\SYSTEM32\ntbackup.exe (Microsoft Corporation)
WSUD 8/30/2002 3:00:00 PM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/30/2002 3:00:00 PM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 8/30/2002 3:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/23/2006 7:44:22 PM S 2048 C:\WINDOWS\bootstat.dat ()
11/22/2006 10:03:00 PM H 380 C:\WINDOWS\WINRDP40.SYS ()
11/8/2006 9:49:28 AM HS 45056 C:\WINDOWS\Album\Thumbs.db ()
12/23/2006 7:44:18 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
12/23/2006 7:44:28 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
12/23/2006 7:44:22 PM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG ()
12/23/2006 7:45:28 PM H 94208 C:\WINDOWS\system32\config\software.LOG ()
12/23/2006 7:44:22 PM H 897024 C:\WINDOWS\system32\config\system.LOG ()
11/18/2006 2:43:52 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\c9dedfdd-4d0c-4eba-906c-c8dbe780a38f ()
11/18/2006 2:43:52 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
11/2/2006 5:00:04 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\3896f57d-6189-4579-9b7e-18a5e05de0c8 ()
11/2/2006 5:00:04 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
12/23/2006 7:43:26 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/30/2002 3:00:00 PM 66048 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
6/21/2005 3:09:06 AM R 18751488 C:\WINDOWS\SYSTEM32\alsndmgr.cpl (Realtek Semiconductor Corp.)
8/30/2002 3:00:00 PM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 129024 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 121856 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 65536 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 578560 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 129024 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 121856 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 65536 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 268288 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
8/30/2002 3:00:00 PM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl (Microsoft Corporation)

Checking for Downloaded Program Files...
DirectAnimation Java Classes - - CodeBase = file://C:\WINDOWS\Java\classes\dajava.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
12/5/2006 4:35:08 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
8/4/2006 12:40:30 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
11/8/2006 10:09:40 PM 836 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk ()
8/4/2006 12:48:34 AM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ()
12/23/2006 4:58:38 PM 581 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
8/3/2006 5:33:22 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()

Checking files in %USERPROFILE%\Startup folder...
8/4/2006 12:40:30 AM HS 84 C:\Documents and Settings\q\Start Menu\Programs\Startup\desktop.ini ()
10/31/2006 9:57:08 PM 1466 C:\Documents and Settings\q\Start Menu\Programs\Startup\Shadow Ops_ Red Mercury Registration.lnk ()

Checking files in %USERPROFILE%\Application Data folder...
8/3/2006 5:33:22 PM HS 62 C:\Documents and Settings\q\Application Data\desktop.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
\\Search Page - microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
\\Default_Page_URL - microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Default_Search_URL - google.com/ie
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
\\Search Bar - google.com/ie
\\Search Page - google.com
\\Local Page - C:\WINDOWS\System32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - google.com/ie

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]
\\SearchAssistant - google.com/ie

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{02478D38-C3F9-4EFB-9B51-7695ECA05670} - Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - IeCatch5 Class = C:\PROGRA~1\FlashGet\jccatch.dll (FlashGet)
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
\{9030D464-4C02-4ABF-8ECC-5164760863C6} - Windows Live Sign-in Helper = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
\{AA58ED58-01DD-4d91-8333-CF10577473F7} - Google Toolbar Helper = c:\program files\google\googletoolbar2.dll (Google Inc.)
\{F156768E-81EF-470C-9057-481BA8380DBA} - gFlash Class = C:\PROGRA~1\FlashGet\getflash.dll ()

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} - File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} - Explorer Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc.)
\\{E0E899AB-F487-11D5-8D29-0050BA6940E3} - FlashGet Bar = C:\PROGRA~1\FlashGet\fgiebar.dll (Amaze Soft)
\\{8E718888-423F-11D2-876E-00A0C9082467} - &Radio = C:\WINDOWS\System32\msdxm.ocx ()
\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} - &Google = c:\program files\google\googletoolbar2.dll (Google Inc.)
\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\NEXTID - 8194
\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - 8193 = &FlashGet

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - ButtonText: FlashGet = C:\PROGRA~1\FlashGet\flashget.exe (FlashGet.com)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{B089FE88-FB52-11d3-BDF1-0050DA34150D} - NOD32 Context Menu Shell Extension = C:\Program Files\Eset\nodshex.dll (Eset )
\\{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} - UnlockerShellExtension = C:\Program Files\Unlocker\UnlockerCOM.dll ()
\\{E0D79304-84BE-11CE-9641-444553540000} - WinZip = E:\FILE\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)
\\{E0D79305-84BE-11CE-9641-444553540000} - WinZip = E:\FILE\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)
\\{E0D79306-84BE-11CE-9641-444553540000} - WinZip = E:\FILE\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)
\\{E0D79307-84BE-11CE-9641-444553540000} - WinZip = E:\FILE\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\NOD32 Context Menu Shell Extension - {B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll (Eset )
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = E:\FILE\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]
\UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll ()

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = E:\FILE\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\FineReader - {AC0DD14A-8F29-4F88-BE1D-0F0ED1B06C9F} = C:\Program Files\ABBYY FineReader 6.0\FECMenu.dll (ABBYY (BIT Software))
\NOD32 Context Menu Shell Extension - {B089FE88-FB52-11d3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll (Eset )
\UnlockerShellExtension - {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} = C:\Program Files\Unlocker\UnlockerCOM.dll ()
\WinZip - {E0D79304-84BE-11CE-9641-444553540000} = E:\FILE\WINZIP\WZSHLSTB.DLL (WinZip Computing LP)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NeroFilterCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
SoundMan - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
DAEMON Tools-1033 - C:\Program Files\D-Tools\daemon.exe (DAEMON'S HOME)
snpstd - C:\WINDOWS\vsnpstd.exe ()
nod32kui - C:\Program Files\Eset\nod32kui.exe (Eset )
WinampAgent - C:\Program Files\Winamp\winampa.exe ()
UnlockerAssistant - C:\Program Files\Unlocker\UnlockerAssistant.exe ()
msvcc25 - svcchost.exe ()
sysemls - C:\Documents and Settings\q\1.exe ()
srpskey - C:\WINDOWS\SYSTEM32\SRPSKEY.EXE ()
MSConfig - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
msvcc25 - svcchost.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe - C:\WINDOWS\System32\ctfmon.exe (Microsoft Corporation)
swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe (Google Inc.)
sysemls - C:\Documents and Settings\q\1.exe ()

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk - E:\file\WinZip\WZQKPICK.EXE (WinZip Computing LP)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\q\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\q\Start Menu\Programs\Startup\Shadow Ops_ Red Mercury Registration.lnk - C:\Documents and Settings\q\Local Settings\Temp\{0B7E09AE-A2D2-41E8-A28C-E1D20FA53B0A}\{021CB753-D388-4C3B-8E40-554E226F54F2}\ATR1.EXE ()

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 0
startup 0


[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\AtiExtEvent - Ati2evxx.dll = (ATI Technologies Inc.)
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)
\WRNotifier - WRLogonNTF.dll = ()

>>> DNS Name Servers <<<
{7530DC08-2038-4FE4-A99B-61DC3FE4B53A} - ()
{C49EDC6D-BD85-4850-8F63-29116E44E6EA} - ()

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - iimon.dll ()
\000000000002\\PackedCatalogItem - iimon.dll ()
\000000000003\\PackedCatalogItem - iimon.dll ()
\000000000004\\PackedCatalogItem - iimon.dll ()
\000000000005\\PackedCatalogItem - iimon.dll ()
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000020\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000021\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000022\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000023\\PackedCatalogItem - iimon.dll ()

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()
\vnd.ms.radio - C:\WINDOWS\System32\msdxm.ocx ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

OK, izgleda da nema skrivenih procesa. Ima samo nekih zaostalih kljuceva u registry bazi od nekih infekcija koje su izgleda obrisane vec.

Restartuj komp u Safe Mode i obrisi fajl C:\Documents and Settings\q\1.exe

Nakon toga se vrati u normalan mod i napravi mi svez log programa HijackThis.

offline
  • viper 
  • Novi MyCity građanin
  • Pridružio: 23 Dec 2006
  • Poruke: 27

Uradjeno(log HijackThis):
Logfile of HijackThis v1.99.1
Scan saved at 8:14:40 PM, on 12/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\SYSTEM32\SRPSKEY.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
E:\file\WinZip\WZQKPICK.EXE
C:\Documents and Settings\q\Desktop\New Folder\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [sysemls] C:\Documents and Settings\q\1.exe
O4 - HKLM\..\Run: [srpskey] C:\WINDOWS\SYSTEM32\SRPSKEY.EXE
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [sysemls] C:\Documents and Settings\q\1.exe
O4 - Startup: Shadow Ops_ Red Mercury Registration.lnk = C:\Documents and Settings\q\Local Settings\Temp\{0B7E09AE-A2D2-41E8-A28C-E1D20FA53B0A}\{021CB753-D388-4C3B-8E40-554E226F54F2}\ATR1.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = E:\file\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html
O8 - Extra context menu item: Preuzmi sa FlashGet-om - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Preuzmi sve sa FlashGet-om - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0C9B7B5-7C9E-4068-B94B-33C4FF8D6A86}: NameServer = 194.247.192.1 194.247.192.33
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

PS: Fajl je uspesno obrisan

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Jos jedno pitanje (malopre sam zaboravio):
- da li imas Olidata ili LG web-kameru?

Dopuna

Pregledaj C:\Windows\System32, i vidi da li se onaj svcchost.exe ne nalazi u njemu?
Nemoj ga samo zameniti za legitimni svchost.exe

offline
  • viper 
  • Novi MyCity građanin
  • Pridružio: 23 Dec 2006
  • Poruke: 27

Imam Genius VideoCAM Messenger . Pogledao sam System 32 nema ga tamo tu je samo svchost.exe.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

OK. Startuj HijackThis, udri Scan i nakon zavrsenog skeniranja stikliraj polja ispred sledecih linija:

O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [sysemls] C:\Documents and Settings\q\1.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKCU\..\Run: [sysemls] C:\Documents and Settings\q\1.exe
O4 - Startup: Shadow Ops_ Red Mercury Registration.lnk = C:\Documents and Settings\q\Local Settings\Temp\{0B7E09AE-A2D2-41E8-A28C-E1D20FA53B0A}\{021CB753-D388-4C3B-8E40-554E226F54F2}\ATR1.EXE
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)


i klikni na dugme Fix Checked

To bi trebalo da zavrsi sve sto se imalo uraditi.
Da bi smo bili sigurni, kada sledecu put budes restartovao komp, postavi nam svez HJT log ovde, cisto da proverimo da li je sve OK, tj. da se nesto nije vratilo.

Dopuna: 23 Dec 2006 21:08

Zaboravih da ti kazem i sledece:
- instaliraj Service Pack 2 za Windows, posto si sa SP1 jako ugrozen
- instaliraj neki firewall program, to ce te puno zastititi od upada botova i crva (sto je tebi i napravilo problem u ovom slucaju).

Dopuna: 23 Dec 2006 21:38

Viper, zivini, ali primetio sam jos nesto cudno to je fajl
C:\WINDOWS\WINRDP40.SYS
U Windows folderu ne bi trebalo da ima SYS fajlova.
Zamolio bih te da mi uploadujes i taj fajl, bitno je.

Ko je trenutno na forumu
 

Ukupno su 1012 korisnika na forumu :: 49 registrovanih, 9 sakrivenih i 954 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, 357magnum, 8u47, _Rade, A.R.Chafee.Jr., Asparagus, babaroga, Boris Bosiljčić, bufanje, cemix, Centauro, DENIRO, Dimitrise93, Duh sa sekirom, dzoni19, FileFinder, Georgius, h8propaganda, ILGromovnik, Istman, jackreacher011011, JOntra, Kubovac, kybonacci, ladro, laganini123, ljuba, Magistar78, maiden6657, Milometer, MiroslavD, misa1xx, mkukoleca, mnn2, muaddib, Nemanja.M, Panter, Posmatrac77OKB, RJ, sap, Shinobi, SlaKoj, stegonosa, VJ, vladulns, wolverined4, zziko, šumar bk2, Čivi