pomagajte ljudi-usporen komp

1

pomagajte ljudi-usporen komp

offline
  • biloxi 
  • Novi MyCity građanin
  • Pridružio: 15 Jul 2009
  • Poruke: 25

Ljudi komp mi sporo radi...
Neznam sta da radim...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:24:52 PM, on 7/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bojan Suvajac\Desktop\szfdfbcv\TR3.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 421.420.422:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: I&zvezi u program Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c9ef4c2f326b9a) (gupdate1c9ef4c2f326b9a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 5590 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



Jesi li nešto pokušao da uradiš po tom pitanju?

http://www.mycity.rs/Zastita/Usporen-Racunar-ili-Browser-Osnovni-Saveti.html


Prvo to, pa onda ćemo da tražimo dalje bude li bilo potrebno.

offline
  • biloxi 
  • Novi MyCity građanin
  • Pridružio: 15 Jul 2009
  • Poruke: 25

Probao sam i nista ne pomaze...
Kad se komp ukljuci prvo mi udje u neki notepad i ovo na njemu pise, a nod32 mi nista ne registruje:

[.ShellClassInfo]
LocalizedResourceName=@shell32.dll,-21786
[LocalizedFileNames]
Windows Catalog.lnk=@%SystemRoot%\system32\shell32.dll,-22075
Activate Windows.lnk=@%SystemRoot%\system32\oobe\msoobe.exe,-2000
Set Program Access and Defaults.lnk=@xpsp1res.dll,-10077

mislim da je komp pun virusa.

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Proverićemo...




Arrow Preuzmi program DDS sa ovog, ovog ili ovog linka na Desktop.


Dvoklikom pokreni DDS;

nakon par minuta će se pojaviti poruka o završetku procesa i otvoriće se dva izveštaja;

snimi oba izveštaja na Desktop (izborom File > Save As);

dvoklikom otvori DDS.txt i iskopiraj sadržaj u temu;

file Attach.txt priloži uz poruku korišćenjem opcije Prikači fajl.


Napomena: u slučaju da zaštitni softver omete DDS u radu, privremeno deaktiviraj isti (uputstvo) i ponovo pokreni DDS.






Arrow Preuzmi program RootRepeal na Desktop.

Raspakuj RootRepeal.zip u neki folder.
Dvoklikom pokreni RootRepeal.exe.
Pređi na Report karticu (klikom na Report taster, dole, desno).
Klikni Scan taster.
U prozoru koji se otvori (Select Scan), obeleži kućice ispred svih stavki i klikni OK.
U narednom prozoru (Select Drives) obeleži kućicu ispred sistemskog diska (obično C:\) i klikni OK.
Po završetku procesa, klikni Save Report i sačuvaj izveštaj o skeniranju.



Priloži izveštaj uz poruku korišćenjem opcije Prikači fajl.

offline
  • biloxi 
  • Novi MyCity građanin
  • Pridružio: 15 Jul 2009
  • Poruke: 25

Evo za DDS

mycity.rs/must-login.png

Evo za RootRepeal



mycity.rs/must-login.png

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Dvoklikom otvori DDS.txt i iskopiraj sadržaj u temu...

offline
  • biloxi 
  • Novi MyCity građanin
  • Pridružio: 15 Jul 2009
  • Poruke: 25

biloxi ::Evo za DDS

mycity.rs/must-login.png

Evo za RootRepeal



mycity.rs/must-login.png

Ovo nista nije dobro...

Evo sad je dobro:

Za DDS


DDS (Ver_09-06-26.01) - NTFSx86
Run by Bojan Suvajac at 14:47:05.81 on Sun 07/26/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.509 [GMT 2:00]

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Bojan Suvajac\Desktop\dds(2).scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ba/
uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
uInternet Settings,ProxyServer = 421.420.422:80
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live pomagac za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [nwiz] nwiz.exe /install
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [update.dll] c:\windows\system32\vsnpstd3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: I&zvezi u program Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bojans~1\applic~1\mozilla\firefox\profiles\ed19s0zo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319744&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - RapidSerbia 2 Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319744&SearchSource=2&q=
FF - component: c:\documents and settings\bojan suvajac\application data\mozilla\firefox\profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\FFExternalAlert.dll
FF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-7-24 28544]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 107256]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-5-14 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-6-3 604416]
S2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
S2 gupdate1c9ef4c2f326b9a;Google Update Service (gupdate1c9ef4c2f326b9a);c:\program files\google\update\GoogleUpdate.exe [2009-6-17 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-6-14 13224]
S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [2009-5-13 11648]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [2008-6-24 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\drivers\kwflower.sys --> c:\windows\system32\drivers\kwflower.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

=============== Created Last 30 ================

2009-07-26 12:54 98,304 a------- c:\windows\system32CmdLineExt.dll
2009-07-26 12:01 41,984 a------- c:\windows\system32\vsnpstd3.exe
2009-07-24 22:09 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-07-24 22:07 <DIR> --d----- c:\program files\Panda Security
2009-07-24 20:12 93,669 a------- c:\windows\system32\drivers\explorer.exe
2009-07-21 11:21 1,696 a------- c:\windows\Ky5s96SF.csa
2009-07-21 11:21 566,784 a------- c:\windows\~de74bc.tmp
2009-07-21 11:21 697,884 a------- c:\windows\~df394b.tmp
2009-07-21 11:21 567,296 a------- c:\windows\n.tmp
2009-07-21 11:20 <DIR> --d----- c:\program files\common files\Autodata Limited Shared
2009-07-21 11:20 <DIR> --d----- C:\Adcda2
2009-07-17 21:15 <DIR> --d----- c:\windows\pss
2009-07-17 10:58 <DIR> --d----- c:\program files\Lavasoft
2009-07-17 10:56 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-07-17 10:52 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-07-17 10:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-07-15 14:00 <DIR> --dsh--- c:\documents and settings\bojan suvajac\IECompatCache
2009-07-15 12:47 <DIR> --dsh--- c:\documents and settings\bojan suvajac\PrivacIE
2009-07-15 12:45 <DIR> --dsh--- c:\documents and settings\bojan suvajac\IETldCache
2009-07-15 12:27 <DIR> --d----- c:\windows\ie8updates
2009-07-15 12:22 <DIR> -cd-h--- c:\windows\ie8
2009-07-15 12:12 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-07-15 12:11 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-07-15 12:11 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-07-15 11:58 218,624 a------- c:\windows\system32\uxtheme.dll.backup
2009-07-15 11:58 <DIR> --d-h--- c:\windows\NiwradSoft Shell Pack
2009-07-14 11:05 <DIR> --d----- c:\docume~1\bojans~1\applic~1\ESET
2009-07-14 11:04 <DIR> --d----- c:\program files\ESET
2009-07-09 14:26 <DIR> --d----- c:\program files\directx
2009-07-09 14:15 <DIR> --d----- c:\program files\TDK
2009-07-04 10:48 <DIR> --d----- c:\program files\UltraISO
2009-07-03 12:00 <DIR> --d----- c:\program files\Urban Jungle
2009-07-01 14:36 268,648 a------- c:\windows\system32\mucltui.dll
2009-07-01 14:36 208,744 a------- c:\windows\system32\muweb.dll
2009-07-01 14:36 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-07-01 14:10 1,897 a------- c:\windows\system32\BIN_STRSBW.SPT
2009-06-30 11:32 20,661 a------- c:\program files\config.dat
2009-06-30 11:22 41,472 a------- c:\program files\DrvMgt.dll
2009-06-30 11:22 12,528 a------- c:\program files\SECDRV.SYS
2009-06-30 11:22 3,985,408 -------- c:\program files\fifa2005.exe
2009-06-30 11:21 <DIR> --d----- c:\program files\Support
2009-06-30 11:21 <DIR> --d----- c:\program files\data
2009-06-29 11:21 <DIR> --d----- c:\program files\Elltube
2009-06-27 18:18 <DIR> --d----- c:\program files\UlisesSoft

==================== Find3M ====================

2009-07-17 14:58 218,624 a------- c:\windows\system32\uxtheme.dll
2009-07-15 13:12 2,320,640 a------- c:\windows\system32\TUKernel.exe
2009-06-25 12:28 6,028 a------- c:\windows\system32\drivers\kwflower.log
2009-06-25 12:26 2,965 a------- c:\windows\system32\drivers\kwfupper.log
2009-06-14 15:16 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-06-14 15:16 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-14 15:10 1,112,288 a------- c:\windows\system32\WdfCoInstaller01007.dll
2009-06-14 15:10 25,512 a------- c:\windows\system32\drivers\ggsemc.sys
2009-06-14 15:10 13,224 a------- c:\windows\system32\drivers\ggflt.sys
2009-06-03 09:38 604,416 a------- c:\windows\system32\TUProgSt.exe
2009-06-03 09:38 361,216 a------- c:\windows\system32\TuneUpDefragService.exe
2009-06-01 16:56 4,608 a------- c:\windows\system32\w95inf32.dll
2009-06-01 16:56 2,272 a------- c:\windows\system32\w95inf16.dll
2009-05-21 12:44 107,888 a------- c:\windows\system32\CmdLineExt.dll
2009-05-19 21:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 18:09 720,896 a------- c:\windows\iun6002.exe
2009-05-10 17:00 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-05-10 16:12 2,678 a------- c:\windows\java\packages\data\TR13DVRF.DAT
2009-05-10 16:12 558,142 a------- c:\windows\java\packages\5Z3TB97D.ZIP
2009-05-10 16:12 2,678 a------- c:\windows\java\packages\data\TBTFJVZ1.DAT
2009-05-10 16:12 155,995 a------- c:\windows\java\packages\3B9N5R1V.ZIP
2009-05-10 16:12 2,678 a------- c:\windows\java\packages\data\WCTRT7J7.DAT
2009-05-10 16:12 2,678 a------- c:\windows\java\packages\data\BP3PJPJR.DAT
2009-05-10 16:12 2,678 a------- c:\windows\java\packages\data\NVB3TB79.DAT
2009-05-10 16:09 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-04-28 11:47 499,712 a------- c:\windows\system32\msvcp71.dll
2009-04-28 11:47 348,160 a------- c:\windows\system32\msvcr71.dll
2007-03-15 18:03 215,453 a------- c:\documents and settings\bojan suvajac\we07keygen.exe
2004-08-04 00:56 24,804 ----h--- c:\docume~1\bojans~1\applic~1\addons.dat

============= FINISH: 14:47:41.65 ===============


mycity.rs/must-login.png

Za RootRepeal




mycity.rs/must-login.png

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • biloxi 
  • Novi MyCity građanin
  • Pridružio: 15 Jul 2009
  • Poruke: 25

ComboFix 09-07-25.06 - Bojan Suvajac 07/26/2009 18:11.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.517 [GMT 2:00]
Running from: c:\documents and settings\Bojan Suvajac\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bojan Suvajac\Application Data\addons.dat
c:\windows\n.tmp
c:\windows\system32\drivers\1.txt
c:\windows\system32\drivers\explorer.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-26 10:54 . 2009-07-26 10:54 98304 ----a-w- c:\windows\system32CmdLineExt.dll
2009-07-26 10:01 . 2009-07-26 10:01 41984 ----a-w- c:\windows\system32\vsnpstd3.exe
2009-07-24 20:09 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-07-24 20:07 . 2009-07-24 20:07 -------- d-----w- c:\program files\Panda Security
2009-07-21 09:20 . 2009-07-21 09:20 -------- d-----w- c:\program files\Common Files\Autodata Limited Shared
2009-07-21 09:20 . 2009-07-21 19:21 -------- d-----w- C:\Adcda2
2009-07-17 08:58 . 2009-07-17 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-17 08:58 . 2009-07-17 08:58 -------- d-----w- c:\program files\Lavasoft
2009-07-17 08:56 . 2009-07-17 08:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-17 08:52 . 2009-07-17 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-17 08:52 . 2009-07-17 08:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-15 16:53 . 2009-07-15 16:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-07-15 15:55 . 2009-07-15 16:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-15 12:00 . 2009-07-15 12:00 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\IECompatCache
2009-07-15 10:47 . 2009-07-15 10:47 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\PrivacIE
2009-07-15 10:45 . 2009-07-15 10:45 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\IETldCache
2009-07-15 10:27 . 2009-07-15 10:27 -------- d-----w- c:\windows\ie8updates
2009-07-15 10:22 . 2009-07-15 10:22 -------- dc-h--w- c:\windows\ie8
2009-07-15 10:12 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-07-15 10:11 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-07-15 10:11 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-07-15 09:58 . 2009-07-17 13:26 -------- d--h--w- c:\windows\NiwradSoft Shell Pack
2009-07-14 09:05 . 2009-07-14 09:05 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\ESET
2009-07-14 09:04 . 2009-07-14 09:04 -------- d-----w- c:\program files\ESET
2009-07-09 12:26 . 2009-07-09 12:26 -------- d-----w- c:\program files\directx
2009-07-09 12:15 . 2009-07-09 12:15 -------- d-----w- c:\program files\TDK
2009-07-06 11:26 . 2009-07-01 16:22 52224 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\FFExternalAlert.dll
2009-07-06 11:26 . 2009-07-01 16:22 114688 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\npmozax.dll
2009-07-04 08:48 . 2009-07-04 09:10 -------- d-----w- c:\program files\UltraISO
2009-07-03 10:00 . 2009-07-03 10:02 -------- d-----w- c:\program files\Urban Jungle
2009-07-01 12:36 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-07-01 12:36 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-06-30 09:32 . 2004-09-09 16:36 20661 ----a-w- c:\program files\config.dat
2009-06-30 09:22 . 2004-02-25 04:41 41472 ----a-w- c:\program files\DrvMgt.dll
2009-06-30 09:22 . 2004-02-25 04:41 12528 ----a-w- c:\program files\SECDRV.SYS
2009-06-30 09:22 . 2004-10-08 17:51 3985408 ------w- c:\program files\fifa2005.exe
2009-06-30 09:21 . 2006-08-08 14:41 -------- d-----w- c:\program files\Support
2009-06-30 09:21 . 2004-10-10 10:48 -------- d-----w- c:\program files\data
2009-06-29 09:21 . 2009-06-30 08:58 -------- d-----w- c:\program files\Elltube
2009-06-27 16:18 . 2009-06-27 16:18 -------- d-----w- c:\program files\UlisesSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 08:43 . 2009-06-25 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-21 19:20 . 2009-07-21 09:21 566784 ----a-w- c:\windows\~de74bc.tmp
2009-07-17 12:58 . 2002-08-29 01:41 218624 ----a-w- c:\windows\system32\uxtheme.dll
2009-07-15 11:12 . 2009-06-03 09:20 2320640 ----a-w- c:\windows\system32\TUKernel.exe
2009-07-15 09:29 . 2009-06-14 08:49 -------- d-----w- c:\program files\Winamp
2009-07-14 14:03 . 2009-05-10 15:23 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-14 09:04 . 2009-05-10 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-13 19:33 . 2009-05-20 16:50 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-06 11:03 . 2009-05-11 09:23 -------- d-----w- c:\program files\Microsoft
2009-06-27 16:44 . 2009-05-11 16:47 -------- d-----w- c:\program files\CODTR
2009-06-26 09:01 . 2009-06-26 09:01 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-06-26 09:00 . 2009-06-26 09:00 -------- d-----w- c:\program files\MSECache
2009-06-25 14:08 . 2009-05-10 15:22 69232 ----a-w- c:\documents and settings\Bojan Suvajac\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-25 14:00 . 2009-06-25 14:00 -------- d-----w- c:\program files\Microsoft Works
2009-06-25 10:28 . 2009-06-25 10:19 6028 ----a-w- c:\windows\system32\drivers\kwflower.log
2009-06-25 10:26 . 2009-06-25 10:19 2965 ----a-w- c:\windows\system32\drivers\kwfupper.log
2009-06-25 10:20 . 2009-06-25 10:20 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\Kerio
2009-06-23 10:43 . 2009-05-12 18:03 -------- d-----w- c:\program files\EA GAMES
2009-06-23 09:20 . 2009-06-23 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NFS Underground
2009-06-22 16:17 . 2009-06-22 16:17 -------- d-----w- c:\program files\Na_Kosovo_ravno
2009-06-18 21:20 . 2009-06-17 10:29 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\DNA
2009-06-18 20:29 . 2009-05-20 17:22 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\Dev-Cpp
2009-06-17 16:26 . 2009-06-17 13:02 -------- d-----w- c:\program files\Google
2009-06-17 06:27 . 2009-06-17 06:26 -------- d-----w- c:\program files\18 Wheels of Steel Convoy
2009-06-16 11:32 . 2009-06-04 13:30 -------- d-----w- c:\program files\18 WoS Pedal to the Metal
2009-06-14 13:16 . 2009-06-14 13:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf
2009-06-14 13:16 . 2009-06-14 13:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-06-14 13:10 . 2009-06-14 13:10 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-06-14 13:10 . 2009-06-14 13:10 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-06-14 13:10 . 2009-06-14 13:10 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-06-14 13:06 . 2009-05-13 11:14 -------- d-----w- c:\program files\Sony Ericsson
2009-06-07 14:56 . 2009-06-07 14:55 -------- d-----w- c:\program files\Dream Match Tennis Pro
2009-06-07 14:27 . 2009-06-07 14:24 -------- d-----w- c:\program files\VIRTUA TENNIS
2009-06-04 13:15 . 2009-06-02 16:36 -------- d-----w- c:\program files\18 WoS Across America
2009-06-03 07:38 . 2009-06-03 07:38 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-03 07:38 . 2009-06-03 07:38 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-02 16:36 . 2009-05-24 16:54 -------- d-----w- c:\program files\InstallShield Installation Information
2009-06-01 15:05 . 2009-06-01 15:05 -------- d-----w- c:\program files\Ligos
2009-06-01 14:56 . 2009-06-01 14:56 4608 ----a-w- c:\windows\system32\w95inf32.dll
2009-06-01 14:56 . 2009-06-01 14:56 2272 ----a-w- c:\windows\system32\w95inf16.dll
2009-05-28 14:51 . 2009-05-28 14:50 -------- d-----w- c:\program files\Ahead
2009-05-28 14:50 . 2009-05-28 14:50 -------- d-----w- c:\program files\Common Files\Ahead
2009-05-27 20:42 . 2009-05-27 20:41 -------- d-----w- c:\program files\CDex_150
2009-05-24 17:28 . 2009-05-24 17:28 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-05-22 20:43 . 2009-05-22 20:43 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys
2009-05-22 20:43 . 2009-05-22 20:43 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2009-05-22 20:43 . 2009-05-22 20:43 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-05-21 10:44 . 2009-05-21 10:44 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-20 16:51 . 2009-05-20 16:53 38200 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-05-19 19:35 . 2009-05-19 19:35 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-19 19:34 . 2009-05-19 19:34 152576 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-14 13:49 . 2009-05-14 13:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 13:49 . 2009-05-14 13:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 13:49 . 2009-05-14 13:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 13:47 . 2009-02-06 12:23 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2008-07-01 06:56 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-13 18:11 . 2009-05-13 18:11 0 ----a-w- c:\windows\nsreg.dat
2009-05-13 16:09 . 2009-05-13 16:09 720896 ----a-w- c:\windows\iun6002.exe
2009-05-10 15:00 . 2009-05-10 14:11 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\TR13DVRF.DAT
2009-05-10 14:12 . 2009-05-10 14:12 558142 ----a-w- c:\windows\java\Packages\5Z3TB97D.ZIP
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\TBTFJVZ1.DAT
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\WCTRT7J7.DAT
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\BP3PJPJR.DAT
2009-05-10 14:12 . 2009-05-10 14:12 155995 ----a-w- c:\windows\java\Packages\3B9N5R1V.ZIP
2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\NVB3TB79.DAT
2009-05-10 14:09 . 2009-05-10 14:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-16 01:53 . 2009-05-13 18:10 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[7] 2004-08-03 22:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2004-08-03 22:56 576512 939DF837B04A85963D295E25CBE449AD c:\windows\ServicePackFiles\i386\user32.dll
[-] 2004-08-03 22:56 576512 939DF837B04A85963D295E25CBE449AD c:\windows\system32\user32.dll

[7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll
[7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
[7] 2004-08-03 22:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\ie7\wininet.dll
[7] 2007-08-13 16:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB963027-IE7\wininet.dll
[-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\ie8\wininet.dll
[7] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll
[7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll
[-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\system32\wininet.dll
[-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\system32\dllcache\wininet.dll

[7] 2004-08-03 22:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2004-08-03 22:56 541696 55ACA85EB80E2155E20211AAADDD711A c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2004-08-03 22:56 541696 55ACA85EB80E2155E20211AAADDD711A c:\windows\system32\winlogon.exe

[7] 2004-08-03 20:59 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe
[-] 2004-08-03 20:59 2219392 7C1A605F4CB69848662ECAAAF6A8D02D c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[-] 2004-08-03 20:59 2219392 7C1A605F4CB69848662ECAAAF6A8D02D c:\windows\system32\ntkrnlpa.exe

[7] 2004-08-03 21:20 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe
[-] 2004-08-03 21:20 2343552 6BC846EE7B53C526D2A1C6E6676C4726 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[-] 2004-08-03 21:20 2343552 6BC846EE7B53C526D2A1C6E6676C4726 c:\windows\system32\ntoskrnl.exe

[-] 2004-08-03 22:56 1539072 A8E5C63DC67BD7B78F72FB3819EB07C2 c:\windows\explorer.exe
[7] 2004-08-03 22:56 1032192 A0732187050030AE399B241436565E64 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2004-08-03 22:56 1539072 A8E5C63DC67BD7B78F72FB3819EB07C2 c:\windows\ServicePackFiles\i386\explorer.exe

[7] 2004-08-03 22:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2004-08-03 22:56 40448 E00DFA816FA5521EB44C5D63109DE2A9 c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2004-08-03 22:56 40448 E00DFA816FA5521EB44C5D63109DE2A9 c:\windows\system32\ctfmon.exe

[7] 2004-08-03 22:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\NiwradSoft Shell Pack\Backup\comres.dll
[-] 2004-08-03 22:56 1493504 843EB0A73E327BE505F44A27CBB757F8 c:\windows\ServicePackFiles\i386\comres.dll
[-] 2004-08-03 22:56 1493504 843EB0A73E327BE505F44A27CBB757F8 c:\windows\system32\comres.dll

[7] 2004-08-03 22:56 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2004-08-03 22:56 636928 4F625DB27C33EB26CC883E952C4E10A3 c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2004-08-03 22:56 636928 4F625DB27C33EB26CC883E952C4E10A3 c:\windows\system32\comctl32.dll
[7] 2001-08-23 11:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2002-08-29 01:41 921600 76B90BD220F1B1CC9E183C6B1AE9FBB4 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll
[7] 2004-08-03 22:57 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 40448]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2002-12-27 774213]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
"update.dll"="c:\windows\system32\vsnpstd3.exe" [2009-07-26 41984]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-12-27 315392]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-13 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun
"Yodm3D"=c:\documents and settings\Bojan Suvajac\Desktop\Ubuntu_XP_by_ShamusHand\3D Desktop\yodm3D\Yodm3D.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Na_Kosovo_ravno\\Na Kosovo ravno\\hl.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:*:Disabled:@xpsp2res.dll,-22004
"445:TCP"= 445:TCP:*:Disabled:@xpsp2res.dll,-22005
"137:UDP"= 137:UDP:*:Disabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:*:Disabled:@xpsp2res.dll,-22002

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/24/2009 10:09 PM 28544]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [6/3/2009 9:38 AM 604416]
S2 gupdate1c9ef4c2f326b9a;Google Update Service (gupdate1c9ef4c2f326b9a);c:\program files\Google\Update\GoogleUpdate.exe [6/17/2009 3:04 PM 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [6/14/2009 3:10 PM 13224]
S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [5/13/2009 1:14 PM 11648]
S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [6/24/2008 10:36 AM 65024]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2BEE6818-80CE-52F9-4A3B-4A96100BABC0}]
c:\windows\system32\$NtUninstallKB9\update.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7E988172-BF51-8785-D7C6-19BEEAC234E3}]
c:\windows\system32\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DED0715F-0B03-9A01-2CF0-AC2116E3D4BD}]
c:\windows\system32\$NtUninstallKB9\alg.exe s
.
Contents of the 'Scheduled Tasks' folder

2009-07-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 13:04]

2009-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 13:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uInternet Settings,ProxyServer = 421.420.422:80
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: I&zvezi u program Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319744&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - RapidSerbia 2 Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319744&SearchSource=2&q=
FF - component: c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\FFExternalAlert.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-26 18:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

c:\program files\Internet Explorer\iexplore.exe [8188] 0x84FB6520

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
update.dll = c:\windows\system32\vsnpstd3.exe???????????????????????????????????????????????
???????????????????????????????????????????????????????????????????????
???????????????????????????????????????????????????????????????????????
?????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1104)
c:\windows\system32\SETUPAPI.dll
.
Completion time: 2009-07-26 18:20
ComboFix-quarantined-files.txt 2009-07-26 16:19

Pre-Run: 10,689,171,456 bytes free
Post-Run: 11,246,395,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn /TUTag=2WH7U3 /Kernel=TUKernel.exe
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /fastdetect /NoExecute=OptIn /TUTag=2WH7U3-BAK

341 --- E O F --- 2009-05-10 15:26

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Aktiviraj prikaz skrivenih file-ova: http://www.mycity.rs/Uputstva/Kako-videti-skrivene-fajlove.html


Upload-uj sledeće file-ove (poslednja dva možda ne postoje):

c:\windows\system32\vsnpstd3.exe
c:\windows\system32\$NtUninstallKB9\update.exe
c:\windows\system32\$NtUninstallKB9\alg.exe

preko ovog linka: http://www.mycity.rs/ambulanta-upload.php

Ko je trenutno na forumu
 

Ukupno su 870 korisnika na forumu :: 31 registrovanih, 3 sakrivenih i 836 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., AC-DC, Andrija357, awathorn, Bane san, Chainsaw, crnitrn, Dorcolac, dragon986, Echo, goflja76, goran.vvv, goxin, Helket, hyla, Lieutenant, madza, Marko Marković, Markoni29, MB120mm, Mercury, moldway, nemkea71, nikoladim, pein, pera12345, stegonosa, time, TITAN DUDIN JARAN, vlvl, zajcev1