Sumnjam na rootkit

Sumnjam na rootkit

offline
  • Pridružio: 15 Avg 2013
  • Poruke: 4

Ovako pre nekih mesec dana mi je ortak ubacio svoj USB flash i preko windows explorera otvorio sadrzaj i u tom trenutku se explorer restartovao. Odmah sam posumnjao na virus ili neku drugu napast, odradio full scan sa Avastom, izvrsio skeniranje iz drugog OS-a, i odradio skeniranje sa Kaspersky Rescue diskom 10, ali nista nije nadjeno ni nam mom OS-u, niti na USB flesci, cak i pod Linuxom.

mycity.rs/must-login.png



Ali sam pre neki dan video ovo(slika u attachu) i resio da proverim sistem. Probao sam sa reinstalacijom AMD AHCI drajvera sumnjajuci da su mozda ovi zaarzeni, ali i cak sa MS drajverima mi se javlja ista poruka samo sto sada stoji msahci drajver a ne AMD. Imao sam dosta igara koje imaju razlicite zastite - starforce, tages, safedisc isl pa je mozda moguce da je ovo i do zastite, ali rekoh nije lose proveriti.

Inace vodim racuna o sistemu i pazim da ne instaliram toolbarove i razne sitne gluposti, ali eto drugareva ruka je bila brza ovaj put.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Ivan at 7:15:51 on 2013-08-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8154.6997 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\alg.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uPolicies-Explorer: NoDriveTypeAutoRun = dword:181
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1367667057383
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0AC6213B-75C0-4765-8491-F98B60D4D267} : DHCPNameServer = 192.168.1.1
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-7-1 82048]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-7-1 35456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-13 283200]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-4-19 139592]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-4-19 418632]
R3 cmudaxp;ASUS Xonar DS Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2013-2-2 2733568]
R3 CorsairCAHS1;CA-HS1 Interface;C:\Windows\System32\drivers\CAHS164.sys [2013-1-1 1308160]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-12 805088]
S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-7-24 239616]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-1-9 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-3-15 131912]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-4-18 137336]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-5-4 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-23 59392]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="E:\Novi programi\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .ini: Applications\notepad++.exe="E:\Novi programi\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: Applications\notepad++.exe="E:\Novi programi\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-08-14 16:49:04 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-14 16:41:58 941720 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6485BA3-A554-490A-A46A-9376719BBFDC}\gapaengine.dll
2013-08-14 16:41:55 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AD2994D-3C3A-4D12-8701-2174422154F1}\mpengine.dll
2013-08-14 16:38:17 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-08-14 16:38:16 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-08-13 17:50:29 -------- d-----w- C:\Users\Ivan\AppData\Roaming\HandBrake
2013-08-04 12:17:58 -------- d-----w- C:\Users\Ivan\AppData\Local\Arma 3
2013-08-03 10:58:06 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2013-08-02 04:32:18 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-07-24 00:39:22 157736 ----a-w- C:\Windows\System32\amdhcp64.dll
2013-07-24 00:39:22 142304 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2013-07-24 00:39:20 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-07-24 00:39:20 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-07-24 00:39:20 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-07-24 00:39:20 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-07-24 00:39:14 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-07-24 00:39:10 1251120 ----a-w- C:\Windows\System32\aticfx64.dll
2013-07-24 00:39:04 9066784 ----a-w- C:\Windows\System32\atidxx64.dll
2013-07-24 00:39:00 7918816 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-07-24 00:38:44 7093744 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-07-24 00:38:42 7607720 ----a-w- C:\Windows\System32\atiumd64.dll
2013-07-24 00:36:40 12721664 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-07-24 00:19:12 229376 ----a-w- C:\Windows\System32\clinfo.exe
2013-07-24 00:18:56 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-07-24 00:18:50 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-07-24 00:18:46 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-07-24 00:18:40 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-07-24 00:18:24 28193280 ----a-w- C:\Windows\System32\amdocl64.dll
2013-07-24 00:16:54 129536 ----a-w- C:\Windows\System32\coinst_13.20.dll
2013-07-24 00:16:14 23761408 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-07-24 00:14:24 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-07-24 00:14:20 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-07-24 00:04:04 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-07-24 00:03:54 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-07-24 00:03:52 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-07-24 00:03:46 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-07-24 00:03:44 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-07-24 00:03:28 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-07-24 00:00:42 25609728 ----a-w- C:\Windows\System32\atio6axx.dll
2013-07-24 00:00:08 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-07-23 23:42:04 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-07-23 23:41:54 26112 ----a-w- C:\Windows\System32\atimuixx.dll
2013-07-23 23:41:52 21624832 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-07-23 23:41:46 574976 ----a-w- C:\Windows\System32\atieclxx.exe
2013-07-23 23:40:52 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-07-23 23:39:20 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-07-23 23:11:24 1091584 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-07-23 23:11:12 824320 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-07-23 23:10:54 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-07-23 23:10:50 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-07-23 23:10:50 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-07-23 23:10:44 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-07-23 23:10:36 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-07-23 23:10:26 617472 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-07-23 23:08:14 95744 ----a-w- C:\Windows\System32\amdave64.dll
2013-07-23 23:08:10 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
2013-07-23 23:08:00 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2013-07-23 23:07:56 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2013-07-23 23:06:48 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-07-23 16:36:27 -------- d-----w- C:\Users\Ivan\AppData\Local\bitComposer
2013-07-22 18:51:54 -------- d-----w- C:\Users\Ivan\AppData\Roaming\Natural Selection 2
2013-07-20 17:43:48 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
.
==================== Find3M ====================
.
2013-07-24 00:39:14 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-07-24 00:39:12 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-07-24 00:39:12 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-07-24 00:39:08 1043000 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-07-24 00:38:56 6475232 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-07-24 00:38:50 6532912 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-07-20 08:50:07 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-07-20 08:50:07 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-07-20 08:49:25 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-07-20 08:49:19 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-07-18 15:43:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-18 15:43:36 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-05 08:40:38 96256 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2013-07-05 08:40:26 110080 ----a-w- C:\Windows\System32\DelayAPO.dll
2013-06-18 19:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-18 19:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-04 23:12:02 139696 ----a-w- C:\Windows\System32\SETACDC.tmp
2013-06-04 23:12:00 113464 ----a-w- C:\Windows\System32\SETACBB.tmp
2013-06-04 22:00:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2013-06-04 22:00:22 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
.
============= FINISH: 7:15:57.81 ===============

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmite program GMER sa donjeg linka na Desktop:


GMER download
Kliknite dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.



Dvoklikom pokrenite GMER.
Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No;

kliknite Scan i sačekajte da skeniranje bude završeno;

kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1);

kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan;

po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2);

kliknite taster >>> i odaberite Autostart karticu;

po završetku kratkotrajnog skeniranja, kliknite Copy;

otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.

offline
  • Pridružio: 15 Avg 2013
  • Poruke: 4

Evo i izvestaja u prilogu.

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Uradićemo još jednu provjeru da budemo sigurni.


Arrow Korak 1

Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


Zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sljedeći tekst:

C:\System32\Drivers\acxogice.SYS;i
resetwmi;


Klikni na dugme i pričekaj da se skeniranje završi.


Zoek će po potrebi restartovati Windows, a na kraju rada otvoriti Notepad sa izvještajem o skeniranju.

Napomena: Izvještaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadržaj tog loga u poruku.




Arrow Korak 2

Preuzmi TDSSKiller sa sljedeće adrese na Desktop:

TDSSKiller


Kad preuzimanje bude završeno:

Preimenuj TDSSKiller.exe u MyCity.exe

Pokreni MyCity.exe i klikni na Change parametres.

U dijelu Additional options štrikliraj opcije Verify driver signatures i Detect TDLFS file system, a zatim klikni na OK.

Klikni na Start scan.

Kad završi prikazaće ti rezultate skeniranja.

Za sve ponađene objekte odaberi akciju Skip.

Klikni na Continue.

Prikači uz poruku izvještaj koji se nalazi na sljedećoj lokaciji:
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt
(DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vrijeme kada je log napravljen)

offline
  • Pridružio: 15 Avg 2013
  • Poruke: 4

Zoek.exe Version 4.0.0.4 Updated 10-August-2013
Tool run by Ivan on Thu 08/15/2013 at 18:59:34.77.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ivan\Desktop\zoek.exe [Script inserted]

==== System Restore Info ======================

8/15/2013 19:00:16 Zoek.exe System Restore Point Created Succesfully.

==== File Information Results ======================


==== Reset WMI ======================

The following services are dependent on the Windows Management Instrumentation service.
Stopping the Windows Management Instrumentation service will also stop these services.

Internet Connection Sharing (ICS)
IP Helper

.
The Internet Connection Sharing (ICS) service was stopped successfully.

The IP Helper service is stopping.
The IP Helper service was stopped successfully.

The Windows Management Instrumentation service is stopping.
The Windows Management Instrumentation service was stopped successfully.

C:\Windows\system32\wbem\repository renamed to repository.old
C:\Windows\syswow64\wbem\repository renamed to repository.old

==== After Reboot ======================

==== EOF on Thu 08/15/2013 at 19:01:13.74 ======================

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10622
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

U postavljenim izvještajima ne vidim tragove malware-a. Ostaje ti još da uradiš sljedeće.


Arrow

Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Kada alat završi, otvoriće izvestaj u notepadu.

Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Taj izvještaj n emoraš da postavljaš na forum.

Arrow

Posjeti temu Testirajte da li vam je pretraživač ranjiv, pročitaj i isprati link koji stoji u njoj.



Arrow

Preporučujem da za zaštitu USB memorijskih uređaja koristiš MCShield.
Nema nikakve veze sa antivirus-om tj. neće ometati njegov rad, a pokazao se kao jedan od najboljih vida zaštite od malware-a koji se prenosi putem USB mem. uređaja.


Home Page MCShield-a: http://www.mcshield.net

Više o MCShield-u možeš saznati u ovoj temi: http://www.mycity.rs/MyCity-Laboratorija/MCShield-v2.html

Facebook stranica MCShield-a: http://www.facebook.com/MCShield


Pozdrav.

offline
  • Pridružio: 15 Avg 2013
  • Poruke: 4

Hvala, odradio sam ovo sa delFixom, a kasnije cu baciti pogled i na MCShield.

Inace gotovo nikada ne koristim windows explorer, i za gledanje sadrzaja flesha koristim freecommander koji prikazuje skrivene fajlove i iskljucio sam automatski autorun, ali eto uvek se nadje neko da pokvari rutinu.

Ko je trenutno na forumu
 

Ukupno su 1296 korisnika na forumu :: 25 registrovanih, 6 sakrivenih i 1265 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: amaterSRB, babaroga, CikaKURE, Dimitrije Paunovic, draganca, Georgius, Hexe, Ivan001, jaeger, JOntra, Još malo pa deda, mile23, mrav pesadinac, nesa1962, ostoja, raptorsi, ruma, S2M, sevenino, skvara, stegonosa, vandrej, vathra, Vlada1389, vladulns