Trojan.Win32.FakeAV.LVT

Trojan.Win32.FakeAV.LVT

offline
  • Sam633 
  • Novi MyCity građanin
  • Pridružio: 23 Avg 2011
  • Poruke: 13

Nadam se da ću uz Vašu pomoć, probati da "zalečim" jedan laptop, koji nije moj. Reč je o već sada čuvenom "FB virusu". Koliko sam video fajl "Flash-player.exe" skinut je pre oko dva dana, oko 9 uveče. Pretpostavljam da je i u isto vreme pokrenut, samim tim i zaražen PC. Primećujem da nod32 bio "narodske" verzije. Uglavnom antivirusa nema, njega je zamenio virus koji se ponaša kao antivirus. Kad se prključi internet, prikazuje poruku da je "ažuriran", nekoliko puta izbaci (crvene boje sa naslovom antivirusa koji je korišćen) obaveštenje da se kao nalazi u enhanced protection mode-u. Tu su još i folderi koji se nalaze u %windir%, update.* gde je znak * predstavlja broj, tekstualni fajlovi sa IP adresama, service32.exe, hosts fajl koji je prepun adresa, itd. Sve se ovo videlo u Puppy-ju (Linux).
Uostalom, najbolje je opisano na ovoj lokaciji,
xylibox.blogspot.com/2011/07/trojanfakeavlvt.html

Nikakve akcije još uvek nisam preduzeo. Mislim da je internet bežični, Wi-Fi ili 3G, ne znam.

Nažalost, Gmer1 log nije moguće dostaviti, jer uvek "pukne" prilikom scan-a Device/Harddisk/VolumeShadowCopy.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_26
Run by Dolores at 14:53:20 on 2011-08-23
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3066.1950 [GMT 2:00]
.
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe
C:\Program Files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Alice Mobile Olicard 100\ConnMonitor.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
"C:\Windows\update.tray-15-0\svchost.exe"
"C:\Windows\update.tray-2-0\svchost.exe"
C:\Windows\systemup.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Dolores\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\update.5.0\svchost.exe srv
C:\Windows\update.2\svchost.exe srv
"C:\Windows\update.5.0\svchost.exe" stand
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\update.1\svchost.exe srv
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\UI0Detect.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"C:\Windows\update.2\svchost.exe" stand
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=24f7afd4000000000000001e65975820&tlver=1.4.19.19&affID=17160
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0210&m=aspire_5738
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0210&m=aspire_5738
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=24f7afd4000000000000001e65975820&tlver=1.4.19.19&affID=17160
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Interest recogniser for Freecompressor (powered by Spointer): {a83c3565-302c-4bf8-b000-6b6f1811d892} - c:\program files\freecompressor\spointer\extensions\freecompressor_air_ie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.415.1646\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: OfferBox: {fc0d62c2-9640-4aeb-a5d5-cf25df11fa8c} - c:\program files\offerbox\OfferBoxBHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ArcadeDeluxeAgent] "c:\program files\acer arcade deluxe\acer arcade deluxe\ArcadeDeluxeAgent.exe"
mRun: [CLMLServer] "c:\program files\acer arcade deluxe\acer arcade deluxe\kernel\clml\CLMLSvc.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [BackupManagerTray] "c:\program files\newtech infosystems\acer backup manager\BackupManagerTray.exe" -k
mRun: [Acer ePower Management] c:\program files\acer\acer powersmart manager\ePowerTrayLauncher.exe
mRun: [EgisTecLiveUpdate] "c:\program files\egistec egis software update\EgisUpdate.exe"
mRun: [mwlDaemon] c:\program files\egistec\mywinlocker 3\x86\mwlDaemon.exe
mRun: [PlayMovie] "c:\program files\acer arcade deluxe\playmovie\PMVService.exe"
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [ConnMonitor] c:\program files\alice mobile olicard 100\ConnMonitor.exe start
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [<NO NAME>]
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [wxpdrv] c:\windows\services32.exe
mRun: [tray_ico]
mRun: [tray_ico0] c:\windows\update.tray-15-0\svchost.exe
mRun: [tray_ico1] c:\windows\update.tray-2-0\svchost.exe
mRun: [tray_ico2]
mRun: [tray_ico3]
mRun: [tray_ico4]
mRun: [1411139.exe] "c:\windows\temp\1411139.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [systemup] "c:\windows\systemup.exe" stand
StartupFolder: c:\users\dolores\appdata\roaming\micros~1\windows\startm~1\programs\startup\gamera~1.lnk - c:\users\dolores\appdata\roaming\gameranger\gameranger\GameRanger.exe
StartupFolder: c:\users\dolores\appdata\roaming\micros~1\windows\startm~1\programs\startup\needfo~1.lnk - c:\program files\ea games\need for speed undercover\support\EAregister.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&sporta in Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856} : NameServer = 192.168.1.20
TCP: Interfaces\{C8529090-2CFC-4598-B252-93B53E5ED5EC} : DhcpNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{F6115CBF-9708-4440-AF73-0CB71FCC62B0} : DhcpNameServer = 217.200.200.42 213.230.129.10
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dolores\appdata\roaming\mozilla\firefox\profiles\rgj9muib.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\freecompressor\spointer\extensions\freecompressor@spointer.com\components\freecompressor_air_ff.dll
FF - component: c:\users\dolores\appdata\roaming\mozilla\firefox\profiles\rgj9muib.default\extensions\{d3f4b70a-92e0-4393-a0f3-976d03b1ebf5}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\dolores\appdata\roaming\mozilla\firefox\profiles\rgj9muib.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dolores\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\dolores\appdata\roaming\facebook\npfbplugin_1_0_3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-11-16 108792]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [2008-12-4 19504]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [2008-12-4 16432]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [2008-12-4 59952]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-2-13 176128]
R2 CLHNService;CLHNService;c:\program files\acer arcade deluxe\homemedia\kernel\dmp\CLHNService.exe [2009-2-25 75048]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-11-16 95896]
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer powersmart manager\ePowerSvc.exe [2010-5-1 707104]
R2 FontCache;Servizio cache tipi di carattere Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MWLService;MyWinLocker Service;c:\program files\egistec\mywinlocker 3\x86\MWLService.exe [2009-5-14 305448]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-4-11 61184]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R2 srvbtcclient;srvbtcclient;c:\windows\update.5.0\svchost.exe srv --> c:\windows\update.5.0\svchost.exe srv [?]
R2 srviecheck;srviecheck;c:\windows\update.2\svchost.exe srv --> c:\windows\update.2\svchost.exe srv [?]
R2 wxpdrivers;wxpdrivers;c:\windows\update.1\svchost.exe srv --> c:\windows\update.1\svchost.exe srv [?]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2008-9-4 223232]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-2-13 3666432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ekrn;ESET Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" --> c:\program files\eset\eset nod32 antivirus\ekrn.exe [?]
S2 gupdate;Servizio di Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-22 136176]
S2 r_server;Remote Administrator Service;c:\windows\pif\smss.exe [2010-12-27 245760]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2008-1-21 179712]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-5-1 30192]
S3 gupdatem;Servizio Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-22 136176]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2010-6-21 103040]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 pmx3gmdm;Olivetti USB Device for Legacy Serial Communication;c:\windows\system32\drivers\pmx3gmdm.sys [2010-6-9 103552]
S3 pmx3gnet;Olivetti USB-NDIS miniport;c:\windows\system32\drivers\pmx3gnet.sys [2010-6-9 116736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-08-23 12:49:45 -------- d-----w- c:\users\dolores\appdata\local\{31C2C900-2CB7-4649-8200-19B05D01EE5F}
2011-08-23 09:42:06 -------- d-----w- c:\users\dolores\appdata\local\{BBF7328B-6821-430C-903B-BF6292560D59}
2011-08-23 09:29:26 -------- d-----w- c:\users\dolores\appdata\local\{ED291484-D10B-438E-AF89-0F68B6988250}
2011-08-23 09:29:11 -------- d-----w- c:\users\dolores\appdata\local\{78C7F16C-FF42-424E-8CDF-8C9687622551}
2011-08-23 06:28:40 -------- d-----w- c:\users\dolores\appdata\local\{DA66B9FA-711C-42B4-B887-516C48955119}
2011-08-23 06:28:27 -------- d-----w- c:\users\dolores\appdata\local\{BD02BF4C-66BD-4818-A43F-BB17DC727B37}
2011-08-22 19:11:24 -------- d-----w- c:\users\dolores\appdata\local\{10BF844D-C56A-43B2-B394-AC26117F4904}
2011-08-22 19:11:13 -------- d-----w- c:\users\dolores\appdata\local\{CD54EE85-BF3B-4AF8-8CFF-311DDE75B818}
2011-08-22 19:05:32 -------- d-----w- c:\users\dolores\appdata\local\{9E33D805-A2A1-4867-8176-DA9DFE576E32}
2011-08-22 19:05:20 -------- d-----w- c:\users\dolores\appdata\local\{4CA7CE08-8C12-4975-98EB-7E7F3F5DA981}
2011-08-22 18:57:46 -------- d-----w- c:\users\dolores\appdata\local\{B6477500-52D2-4B79-8AD1-15561A18B844}
2011-08-22 18:57:28 -------- d-----w- c:\users\dolores\appdata\local\{367E9A15-1013-4D80-AF89-FD20A4A5D825}
2011-08-22 18:38:58 -------- d-----w- c:\users\dolores\appdata\local\{BBDC743F-D84D-432D-8BD9-35FC2C9FEB84}
2011-08-22 18:35:22 -------- d-----w- c:\users\dolores\appdata\local\{E62892BA-EFA4-4386-A168-D7CFEE35666A}
2011-08-22 17:05:24 -------- d-----w- c:\users\dolores\appdata\local\{1961742C-12E9-4281-B6A5-729031BB3F93}
2011-08-22 17:05:07 -------- d-----w- c:\users\dolores\appdata\local\{99E6EE68-7ABD-471B-93B6-D87F8835EB90}
2011-08-22 17:00:53 -------- d-----w- c:\users\dolores\appdata\local\{B0EFF968-02B5-4EFE-8DCC-AD3FB0F0CF52}
2011-08-22 17:00:41 -------- d-----w- c:\users\dolores\appdata\local\{B0F4F8D3-7D43-40BE-BD56-198EEF5E2C10}
2011-08-22 16:47:30 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-22 08:44:55 -------- d-----w- c:\users\dolores\appdata\local\{5C3F446F-6744-4A1C-8605-B3B9E56A7A26}
2011-08-22 08:44:43 137728 ----a-w- c:\windows\systemup.exe
2011-08-22 08:44:36 -------- d-----w- c:\users\dolores\appdata\local\{5B4E6300-766E-4CD2-A106-09CE205675A3}
2011-08-21 20:19:00 -------- d-----w- c:\users\dolores\appdata\local\{5CF84580-CB09-4E4B-B931-CF9011254A3C}
2011-08-21 20:18:47 -------- d-----w- c:\users\dolores\appdata\local\{9E97F59E-CDE7-4E0E-8F23-BB1C2D2B7A40}
2011-08-21 20:12:26 -------- d-----w- c:\users\dolores\appdata\local\{7279DDD8-A3C4-4E6F-BBBB-93888824547C}
2011-08-21 20:11:51 -------- d-----w- c:\users\dolores\appdata\local\{429E19FD-FF72-488F-9249-6B2B34B25D6D}
2011-08-21 20:07:39 -------- d-----w- c:\users\dolores\appdata\local\{A352327E-5164-47F6-8462-3434A265521B}
2011-08-21 20:07:28 -------- d-----w- c:\users\dolores\appdata\local\{48799710-D8D8-414D-9192-98A0AC3E735E}
2011-08-21 19:44:03 -------- d-----w- c:\users\dolores\appdata\local\{6BC269C4-4B30-489D-915F-85C62F95B005}
2011-08-21 19:43:52 -------- d-----w- c:\users\dolores\appdata\local\{9969612B-FB98-433A-AADE-1976054C3B88}
2011-08-21 19:38:59 -------- d-----w- c:\users\dolores\appdata\local\{A8474D7A-17E4-4875-95CF-BC9C87DC5B39}
2011-08-21 19:38:48 -------- d-----w- c:\users\dolores\appdata\local\{360A4998-1232-417C-A5E4-B4626447DF51}
2011-08-21 19:31:27 -------- d-----w- c:\users\dolores\appdata\local\{95A6303F-5D65-430F-81FB-CD25C8FF8E6D}
2011-08-21 19:31:16 -------- d-----w- c:\users\dolores\appdata\local\{5A84B3C6-200E-4786-92A1-8A313390CF83}
2011-08-21 19:24:21 -------- d-----w- c:\users\dolores\appdata\local\{3C995DDD-04DB-48A8-BFAF-50D3784D1680}
2011-08-21 19:24:05 -------- d-----w- c:\users\dolores\appdata\local\{49F07D1E-489F-40A9-8C92-71C983EB528D}
2011-08-21 19:21:23 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-08-21 19:21:23 -------- d--h--w- c:\windows\update.tray-15-0
2011-08-21 19:14:58 -------- d-----w- c:\windows\ufa
2011-08-21 19:14:58 -------- d-----w- c:\windows\rpcminer
2011-08-21 19:14:58 -------- d-----w- c:\windows\phoenix
2011-08-21 19:05:06 -------- d--h--w- c:\windows\update.7.1
2011-08-21 19:04:46 -------- d--h--w- c:\windows\update.2
2011-08-21 19:04:09 246272 ----a-w- c:\windows\unrar.exe
2011-08-21 19:03:52 -------- d--h--w- c:\windows\update.5.0
2011-08-21 19:03:05 -------- d-----w- c:\users\dolores\appdata\local\{2AD3D21C-FD57-4055-AEE7-3D215269E525}
2011-08-21 19:02:08 -------- d-----w- c:\windows\av_ico
2011-08-21 19:00:04 -------- d--h--w- c:\windows\update.1
2011-08-21 19:00:00 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-08-21 19:00:00 -------- d--h--w- c:\windows\update.tray-2-0
2011-08-21 18:48:23 1213440 ----a-w- c:\windows\services32.exe
2011-08-20 21:59:14 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-20 21:59:14 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-20 21:59:13 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-20 21:59:01 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 21:59:01 247808 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-08-20 21:59:01 129536 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-08-20 16:58:06 -------- d-----w- c:\users\dolores\appdata\local\{32A5C7F9-4A62-4616-8D32-C8C82CCA86E4}
2011-08-20 16:13:23 -------- d-----w- c:\users\dolores\appdata\local\{606EBD24-8E3D-4F99-99DD-560BDC94FB9C}
2011-08-18 08:46:36 -------- d-----w- c:\users\dolores\appdata\local\{1853B3C9-AA9D-4B9D-A84C-70A83DAF8F79}
2011-08-10 16:22:22 -------- d-----w- c:\users\dolores\appdata\local\{162636F6-7D6A-4E17-9A6D-E1D303105D3D}
2011-08-10 16:15:46 -------- d-----w- c:\program files\common files\PCSuite
2011-08-10 16:15:43 -------- d-----w- c:\program files\common files\Nokia
2011-08-10 16:15:24 -------- d-----w- c:\program files\PC Connectivity Solution
2011-08-10 16:11:23 -------- d-----w- c:\program files\Nokia
2011-08-10 08:02:31 -------- d-----w- c:\users\dolores\appdata\local\{6E1BACC4-F1C2-47FD-84A7-2D1D943151C8}
2011-08-09 07:38:06 -------- d-----w- c:\users\dolores\appdata\local\{3D0FD06D-CD64-4554-9B92-90DC67D395B4}
2011-07-31 08:16:28 -------- d-----w- c:\users\dolores\appdata\local\{8790DF4A-1DAA-4C92-9582-E81E80B954B5}
2011-07-25 10:27:48 -------- d-----w- c:\users\dolores\appdata\local\{FE0189F3-61B1-4D26-B503-15B99E1C8F40}
.
==================== Find3M ====================
.
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-01 18:40:23 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-01 18:40:16 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13:55 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 14:54:16.58 ===============




mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav Sam633!










U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.

Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------


Arrow



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.









goran9888 (AMF Tim)

offline
  • Sam633 
  • Novi MyCity građanin
  • Pridružio: 23 Avg 2011
  • Poruke: 13

Vista je na italijanskom, i ja se jedva snalazim. Smile Evo ComboFix loga.

ComboFix 11-08-23.03 - Dolores 08/23/2011 19:38:15.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3066.2068 [GMT 2:00]
Eseguito da: c:\users\Dolores\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\OfferBox
c:\program files\OfferBox\OfferBox.exe
c:\program files\OfferBox\OfferBoxBHO.dll
c:\program files\OfferBox\OfferBoxChromeExtension.crx
c:\program files\OfferBox\OfferBoxEngine.dll
c:\program files\OfferBox\offerboxffx@offerbox(3).com\chrome\content\overlay.xul
c:\program files\OfferBox\offerboxffx@offerbox(3).com\components\OfferBoxXpCom.xpt
c:\program files\OfferBox\offerboxffx@offerbox(3).com\install.rdf
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome.manifest
c:\program files\OfferBox\offerboxffx@offerbox.com\chrome\content\events.js
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
c:\program files\OfferBox\OfferBoxLauncher.exe
c:\program files\OfferBox\res\Language.xml
c:\program files\OfferBox\res\loader.gif
c:\programdata\ntuser.dat
c:\users\Dolores\AppData\Roaming\.#
c:\users\Dolores\AppData\Roaming\Microsoft\Windows\Recent\Attiva e Disattiva Connessione(2).url
c:\users\Dolores\AppData\Roaming\Microsoft\Windows\Recent\Attiva e Disattiva Connessione(3).url
c:\users\Dolores\AppData\Roaming\Microsoft\Windows\Recent\Attiva e Disattiva Connessione(4).url
c:\users\Dolores\AppData\Roaming\Microsoft\Windows\Recent\Attiva e Disattiva Connessione(5).url
c:\users\Dolores\AppData\Roaming\OfferBox
c:\users\Dolores\AppData\Roaming\OfferBox\config.dat
c:\users\Dolores\AppData\Roaming\OfferBox\config.xml
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\PIF\cmd.vbe
c:\windows\PIF\firewall.vbe
c:\windows\PIF\reg.reg
c:\windows\PIF\reg1.reg
c:\windows\PIF\smss.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\Temp\log.txt
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.7.1
c:\windows\update.tray-15-0\svchost.exe
c:\windows\update.tray-2-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_wxpdrivers
-------\Service_r_server
.
.
((((((((((((((((((((((((( Files Creati Da 2011-07-23 al 2011-08-23 )))))))))))))))))))))))))))))))))))
.
.
2011-08-23 17:45 . 2011-08-23 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-23 15:36 . 2011-08-23 15:36 -------- d-----w- c:\users\Dolores\AppData\Roaming\HD Tune Pro
2011-08-23 14:41 . 2011-08-23 14:41 -------- d-----w- C:\found.000
2011-08-22 16:47 . 2011-05-24 17:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-21 19:21 . 2011-08-23 17:45 -------- d--h--w- c:\windows\update.tray-15-0
2011-08-21 19:21 . 2011-08-21 19:21 -------- d--h--w- c:\windows\update.tray-15-0-lnk
2011-08-21 19:14 . 2011-08-21 19:14 -------- d-----w- c:\windows\ufa
2011-08-21 19:04 . 2011-08-21 19:14 246272 ----a-w- c:\windows\unrar.exe
2011-08-21 19:02 . 2011-08-21 19:23 -------- d-----w- c:\windows\av_ico
2011-08-21 19:00 . 2011-08-23 17:45 -------- d--h--w- c:\windows\update.tray-2-0
2011-08-21 19:00 . 2011-08-21 19:00 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-08-20 21:59 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-20 21:59 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-20 21:59 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-20 21:59 . 2011-07-23 11:04 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 21:59 . 2011-07-23 11:04 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-08-20 21:59 . 2011-07-23 10:59 247808 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-08-10 16:15 . 2011-08-10 16:15 -------- d-----w- c:\program files\Common Files\PCSuite
2011-08-10 16:15 . 2011-08-10 16:15 -------- d-----w- c:\program files\Common Files\Nokia
2011-08-10 16:15 . 2011-08-10 16:15 -------- d-----w- c:\program files\PC Connectivity Solution
2011-08-10 16:11 . 2011-08-10 16:15 -------- d-----w- c:\program files\Nokia
2011-07-31 08:35 . 2011-07-31 08:35 -------- d-----w- c:\program files\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 18:40 . 2010-06-07 16:28 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-01 18:40 . 2010-06-07 16:28 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-02 13:34 . 2011-07-13 15:54 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 19:08 . 2011-05-11 15:29 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-28 19:15 . 2010-05-01 21:59 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a83c3565-302c-4bf8-b000-6b6f1811d892}]
2010-07-12 09:30 135840 ----a-w- c:\program files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-02 399736]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"ConnMonitor"="c:\program files\Alice Mobile Olicard 100\ConnMonitor.exe" [2009-06-18 401408]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Dolores\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameRanger.lnk - c:\users\Dolores\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2011-4-28 1449696]
Need for SpeedT Undercover Registration.lnk - c:\program files\EA Games\Need for Speed Undercover\Support\EAregister.exe [2008-10-21 4369408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 136176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-28 30192]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 pmx3gmdm;Olivetti USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\pmx3gmdm.sys [2009-03-26 103552]
R3 pmx3gnet;Olivetti USB-NDIS miniport;c:\windows\system32\DRIVERS\pmx3gnet.sys [2009-03-26 116736]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-03 176128]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-11-16 95896]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-06-23 707104]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 21:56]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 21:56]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{716FFCB4-E4A0-494E-B4EE-4A0127191E8C}.job
- c:\windows\system32\msfeedssync.exe [2011-08-20 09:26]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=24f7afd4000000000000001e65975820&tlver=1.4.19.19&affID=17160
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0210&m=aspire_5738
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: NameServer = 192.168.1.20
FF - ProfilePath - c:\users\Dolores\AppData\Roaming\Mozilla\Firefox\Profiles\rgj9muib.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - CHIAVI ORFANE RIMOSSE - - - -
.
HKLM-Run-NeroFilterCheck - c:\windows\system32\NeroCheck.exe
HKLM-Run-wxpdrv - c:\windows\services32.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-15-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-2-0\svchost.exe
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
HKLM-Run-systemup - c:\windows\systemup.exe
.
.
.
**************************************************************************
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti:
.
**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000059
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------
.
- - - - - - - > 'Explorer.exe'(5240)
c:\program files\EgisTec\MyWinLocker 3\x86\psdprotect.dll
c:\program files\EgisTec\MyWinLocker 3\x86\sysenv.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\windows\system32\conime.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Acer\Acer PowerSmart Manager\ePowerTray.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\users\Dolores\AppData\Local\Temp\RtkBtMnt.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Ora fine scansione: 2011-08-23 19:54:11 - Il pc č stato riavviato
ComboFix-quarantined-files.txt 2011-08-23 17:54
.
Pre-Run: 160,303,149,056 byte disponibili
Post-Run: 185,579,294,720 byte disponibili
.
- - End Of File - - 77DEC82C0F5E92077BA2203D2072844C

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Potrebno je da deinstaliras NOD32 Anti-Virus sa sistema.
Takodje, nakon deinstalacije potrebno je da ispratis uputstvo sa ovog link-a i uklonis ostatke NOD32 AV-a: http://kb.eset.com/esetkb/index?page=content&id=SOLN2289

Skines doticni alat, pokrenes racunar u Safe mode i tamo ga pokrenes.





Tek nakon toga predji na sledeci korak ...




Arrow


Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\unrar.exe

Folder::
c:\windows\update.tray-15-0
c:\windows\update.tray-15-0-lnk
c:\windows\ufa
c:\windows\av_ico
c:\windows\update.tray-2-0
c:\windows\update.tray-2-0-lnk

DDS::
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=24f7afd4000000000000001e65975820&tlver=1.4.19.19&affID=17160

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
 @Denied: (A) (Users)
 @Denied: (A) (Everyone)
 @Allowed: (B 1 2 3 4 5) (S-1-5-20)
 "BlindDial"=dword:00000000
 "MSCurrentCountry"=dword:00000059
 .
 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
 @Denied: (A) (Users)
 @Denied: (A) (Everyone)
 @Allowed: (B 1 2 3 4 5) (S-1-5-20)
 "BlindDial"=dword:00000000
 .
 [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
 @Denied: (A) (Users)
 @Denied: (A) (Everyone)
 @Allowed: (B 1 2 3 4 5) (S-1-5-20)
 "BlindDial"=dword:00000000


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.






Arrow


Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).









goran9888 (AMF Tim)

offline
  • Sam633 
  • Novi MyCity građanin
  • Pridružio: 23 Avg 2011
  • Poruke: 13

Radim ovo prvo za NOD32, ali je mali previd je u pitanju. To sa ComboFix-om odraditi u "normalnom" modu ili Safe modu?

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Sam633 ::Radim ovo prvo za NOD32, ali je mali previd je u pitanju. To sa ComboFix-om odraditi u "normalnom" modu ili Safe modu?



-Deinstalacija NOD32 iz Normal mode-a (Start -> Control Panel -> Programs and Features; ukoliko ne postoji u listi predji na sledeci korak);
-Pokretanje alata za uklanjanje ostataka NOD32 AV-a iz Safe mode Windows-a;
-Pokretanje skripte ComboFix-a iz Normal mode-a Windows-a.











goran9888 (AMF Tim)

offline
  • Sam633 
  • Novi MyCity građanin
  • Pridružio: 23 Avg 2011
  • Poruke: 13

Nod32 Uninstaller odradio posao u Safe modu i prilažem drugi ComboFix log.

ComboFix 11-08-23.03 - Dolores 08/23/2011 21:11:58.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.3066.2036 [GMT 2:00]
Eseguito da: c:\users\Dolores\Desktop\ComboFix.exe
Opzioni usate :: c:\users\Dolores\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\unrar.exe"
.
.
((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_defender_start.ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.tray-15-0-lnk
c:\windows\update.tray-15-0-lnk\svchost.exe
c:\windows\update.tray-15-0
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0-lnk\svchost.exe
c:\windows\update.tray-2-0
.
.
((((((((((((((((((((((((( Files Creati Da 2011-07-23 al 2011-08-23 )))))))))))))))))))))))))))))))))))
.
.
2011-08-23 19:16 . 2011-08-23 19:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-23 15:36 . 2011-08-23 15:36 -------- d-----w- c:\users\Dolores\AppData\Roaming\HD Tune Pro
2011-08-23 14:41 . 2011-08-23 14:41 -------- d-----w- C:\found.000
2011-08-22 16:47 . 2011-05-24 17:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-20 21:59 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-20 21:59 . 2011-06-17 16:03 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-20 21:59 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-08-20 21:59 . 2011-07-23 11:04 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 21:59 . 2011-07-23 11:04 129536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-08-20 21:59 . 2011-07-23 10:59 247808 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2011-08-10 16:15 . 2011-08-10 16:15 -------- d-----w- c:\program files\Common Files\PCSuite
2011-08-10 16:15 . 2011-08-10 16:15 -------- d-----w- c:\program files\Common Files\Nokia
2011-08-10 16:15 . 2011-08-10 16:15 -------- d-----w- c:\program files\PC Connectivity Solution
2011-08-10 16:11 . 2011-08-10 16:15 -------- d-----w- c:\program files\Nokia
2011-07-31 08:35 . 2011-07-31 08:35 -------- d-----w- c:\program files\7-Zip
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 18:40 . 2010-06-07 16:28 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-01 18:40 . 2010-06-07 16:28 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-02 13:34 . 2011-07-13 15:54 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-22 19:08 . 2011-05-11 15:29 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-28 19:15 . 2010-05-01 21:59 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a83c3565-302c-4bf8-b000-6b6f1811d892}]
2010-07-12 09:30 135840 ----a-w- c:\program files\FreeCompressor\spointer\extensions\freecompressor_air_ie.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 14:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-05-14 21:02 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-11-10 4240760]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-04-02 399736]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-01-20 156968]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-01-20 202024]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-28 30192]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-02 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-19 6793760]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-25 1069576]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-04-11 249600]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-06-23 440864]
"EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-05-13 199464]
"mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-05-14 345384]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-12-26 173288]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"ConnMonitor"="c:\program files\Alice Mobile Olicard 100\ConnMonitor.exe" [2009-06-18 401408]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-03-22 74752]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
c:\users\Dolores\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameRanger.lnk - c:\users\Dolores\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2011-4-28 1449696]
Need for SpeedT Undercover Registration.lnk - c:\program files\EA Games\Need for Speed Undercover\Support\EAregister.exe [2008-10-21 4369408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 136176]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-07-28 30192]
R3 gupdatem;Servizio Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 136176]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-12-30 103040]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 pmx3gmdm;Olivetti USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\pmx3gmdm.sys [2009-03-26 103552]
R3 pmx3gnet;Olivetti USB-NDIS miniport;c:\windows\system32\DRIVERS\pmx3gnet.sys [2009-03-26 116736]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-12-04 19504]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-12-04 16432]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-12-04 59952]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-03 176128]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-06-23 707104]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-05-14 305448]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenuto della cartella 'Scheduled Tasks'
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 21:56]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 21:56]
.
2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{716FFCB4-E4A0-494E-B4EE-4A0127191E8C}.job
- c:\windows\system32\msfeedssync.exe [2011-08-20 09:26]
.
.
------- Scansione supplementare -------
.
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0410&s=2&o=vp32&d=0210&m=aspire_5738
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Invia immagine alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Invia pagina alla periferica &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{C50B5E64-FEB9-43A5-8D7F-A5168348F856}: NameServer = 192.168.1.20
FF - ProfilePath - c:\users\Dolores\AppData\Roaming\Mozilla\Firefox\Profiles\rgj9muib.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-08-23 21:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scansione processi nascosti ...
.
scansione entrate autostart nascoste ...
.
Scansione files nascosti ...
.
Scansione completata con successo
Files nascosti: 0
.
**************************************************************************
.
Ora fine scansione: 2011-08-23 21:17:52
ComboFix-quarantined-files.txt 2011-08-23 19:17
ComboFix2.txt 2011-08-23 17:54
.
Pre-Run: 185,327,230,976 byte disponibili
Post-Run: 185,286,729,728 byte disponibili
.
- - End Of File - - FE3C6ADCBE1CA1A0E698C8E40865DA84

Quick Scan of Malwarebytes:

Malwarebytes' Anti-Malware 1.51.1.1800
malwarebytes.org

Database version: 7547

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

8/24/2011 12:43:02 AM
mbam-log-2011-08-24 (00-43-02).txt

Scan type: Quick scan
Objects scanned: 168290
Time elapsed: 2 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Nadam se da nećete zameriti, odradio sam i Full Scan of Malwarebytes:

Malwarebytes' Anti-Malware 1.51.1.1800
malwarebytes.org

Database version: 7547

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

8/24/2011 1:31:15 AM
mbam-log-2011-08-24 (01-31-15).txt

Scan type: Full scan (C:\Smajli
Objects scanned: 308887
Time elapsed: 43 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Qoobox\quarantine\C\Windows\services32.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\PIF\smss.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\update.1\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\update.tray-15-0\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\update.tray-15-0-lnk\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\update.tray-2-0\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Qoobox\quarantine\C\Windows\update.tray-2-0-lnk\svchost.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.

Koliko sam shvatio, Malwarebytes zapravo izbrisao ono što se nalazilo u karantinu Combofix-a. Valjda nisam pogrešio u poslednjem postupku? Uglavnom, nakon svega ovoga laptop se boot-uje znatno brže, rekao bih čak i do 30%. Kombinacija tastera Win+E se otvara gotovo trenutno, ranije je trebalo i do pet sekundi.

Pretpostavljam da na kraju treba da deinstaliram ComboFix i stavim neki antivirus poput Avast-a ili Avire.

Mogu da kažem već sada u ime vlasnice laptopa, hvala Vam najlepše! A s moje strane svaka čast! Very Happy

offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Taj sistem je cist sto se malware-a tice.




Potrebno je odraditi sledece ....


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.




Arrow


Ostale koriscene programe u slucaju mozes obrisati.



Arrow


Potrebno je da instaliras Anti-Virus na sistem. Moj predlog ti je da koristis besplatan Anti-Virus ukoliko nemas licencu za komercijalnu verziju AV-a. Besplatni Anti-Virusi su: Avast, Avira, AVG, Panda Cloud, MSE, itd ... Odluci se za jedan.

Tema koja ti moze biti od pomoci je: Izbor besplatnog antivirusa



Arrow


Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.

Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.



----------------------------------------------------------



- Sredi Startup:
Pritisni dugme i R.

Pojaviće se sledeći prozor:



Potrebno je upisati msconfig i pritisnuti OK.

Otvoriće se novi prozor u kom je potrebno preći na karticu Startup

Destrikliraj sve aplikacije koje nisu potrebne da se startuju sa sistemom; pozeljno je da ostanu samo Anti-Malware programi (AV i FW); sve ostalo destrikliraj


- Preporucujem ti da instaliras Service Pack 3 za Windows XP tj. update-ujes svoj Operativni Sistem. Necu govoriti o njegovim prednostima u odnosu na Service Pack 2. Te informacije mozes naci na MS-ovom sajtu. Uglavnom, MS je 13.jula 2010 prekinuo podrsku za Service Pack 2 koji je instaliran na tvom racunaru.

Sta to znaci? Pogledaj link: http://windows.microsoft.com/en-US/windows/help/what-does-end-of-support-mean;

**** Ukoliko se odlucis na ovaj korak (instaliranje SP3), preporucujem ti da prethodno uradis backup svih bitnih podataka.



- Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/

Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html


- Start -> Control Panel -> Add or Remove Programs - deinstaliraj sve aplikacije koje su visak, tj. ne trebaju ti. Takodje preporucio bih ti i deinstaliranje toolbar-ova ako ih ne koristis: Ask Toolbar, Facebook Plug-In, YouTube Downloader Toolbar v4.3. Time ces znato ubrzati rad sistema.

- Poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj. Bilo koji dodatak da je stare verzije, bilo bi pozeljno nadograditi ga na najnoviju verziju (time ces dodatno osigurati pretrazivac). Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html








Ko je trenutno na forumu
 

Ukupno su 645 korisnika na forumu :: 53 registrovanih, 8 sakrivenih i 584 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1567 - dana 15 Jul 2016 19:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., awathorn, blue2, branko7, darkstar101, dejoglina, djboj, Duh sa sekirom, feniks12, Gama, Gerilac, goxin, indja, kalens021, kosticmilanko, kunktator, Lieutenant, lojola, lovac12, ltcolonel, Lucije Kvint, marko308, MB120mm, mercedesamg, MILO-VAN, Milos ZA, Miskohd, mladen.zovko, mračni čovek, nradukic, nuke92, orjen2, ozz, pavlo2, pera12345, prekodrinski, Recce, samsung2, shaja1, Skijavoneska, Skywhaler, snik, SsssssNOVI, Toni, USSVoyager, vathra, VJ, voja64, Vojne Strasti, Warhawk, wolf431, Zvrk2, Živković