Napadnut sam

Napadnut sam

offline
  • Pridružio: 23 Mar 2006
  • Poruke: 69

Napisano: 19 Maj 2019 14:50

Nekim slucajem sam posetio neki ruski sajt i od tada sam izlozen brutalnim napadima. Instalirani su mi neki programi, koje sam (nadam se uspesno) deinstalirao, a Firefox nonstop sam otvara nove jeizcke sa nekim nebuloznim adresama.
U toku noci ih je toliko ispootvarao da je laptop blokirao i pojavio mi se plavi ekran, koji sam nekako uspeo da saniram. Kao sto sam naveo, nakon toga sam u Firefoxu sve pozatvarao , pobrisao kolacice i restartovao sa onemogucenim dodacima.
Taj ruski sajt je postavio svoj pretrazivac kao podrazumevani i to sam uklonio.
Plavi ekran je bio rekao bih zbog preopterecenja memorije, jer sada se ne pojavljuje, ali je ostalo to otvaranje stranica, pokusao sam da blokiram java skripte ali nisam uspeo.
Eto, nadam se da sam dobro objasnio. U prilogu su izvestaji od FRST-a.
mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 19 Maj 2019 14:53

Eh, setio sam se jos necega, Windows DEfender je otkrio 3 malware-a od kojih 1 trojanac, i stavio u karantin a ja sam odredio da ih izbrise.




Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05.2019
Ran by ZokiVale (administrator) on DESKTOP-HB07RRJ (Dell Inc. Inspiron N5050) (19-05-2019 15:36:09)
Running from C:\Users\ZokiVale\Desktop
Loaded Profiles: ZokiVale (Available Profiles: ZokiVale)
Platform: Windows 10 Enterprise 10240.17443 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

( ) [File not signed] C:\Users\ZokiVale\AppData\Local\Temp\is-GVGP3.tmp\Mechiine.exe
( ) [File not signed] C:\Users\ZokiVale\AppData\Local\Temp\is-ILQJM.tmp\Mechiine.exe
() [File not signed] C:\Program Files (x86)\MachinerData\f13d2641b0fcbafb00803f96894a3808.exe
() [File not signed] C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1604.21020.2000_x64__8wekyb3d8bbwe\Calculator.exe
() [File not signed] C:\Users\ZokiVale\AppData\Local\Temp\is-0OROE.tmp\Mechiine.tmp
() [File not signed] C:\Users\ZokiVale\AppData\Local\Temp\is-41R0Q.tmp\Mechiine.tmp
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Alps Electric Co., LTD. -> Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(CodeLathe, LLC -> CodeLathe LLC) C:\Users\ZokiVale\AppData\Roaming\Tonido\tonido.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc. -> Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistUI.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel(R) pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(LAVASOFT SOFTWARE CANADA INC -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Users\ZokiVale\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(OpenVPN Technologies, Inc. -> ) C:\Program Files\OpenVPN\bin\openvpn-gui.exe
(OpenVPN Technologies, Inc. -> The OpenVPN Project) C:\Program Files\OpenVPN\bin\openvpnserv.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\DSAPI.exe
(PC-Doctor, Inc. -> PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\pcdrwi.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
(VMware, Inc. -> VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc. -> VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2018-11-23] (Alps Electric Co., LTD. -> Alps Electric Co., Ltd.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
HKU\S-1-5-21-112308427-2752319856-531434809-1001\...\Run: [Tonido] => C:\Users\ZokiVale\AppData\Roaming\Tonido\launcher.exe [197120 2017-01-12] (CodeLathe LLC) [File not signed]
HKU\S-1-5-21-112308427-2752319856-531434809-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [7511384 2019-05-09] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-112308427-2752319856-531434809-1001\...\Run: [OPENVPN-GUI] => C:\Program Files\OpenVPN\bin\openvpn-gui.exe [672384 2018-04-26] (OpenVPN Technologies, Inc. -> )
HKU\S-1-5-21-112308427-2752319856-531434809-1001\...\Run: [4377349] => C:\Users\ZokiVale\AppData\Local\Temp\is-GVGP3.tmp\Mechiine.exe [9190654 2019-05-16] ( ) [File not signed] <==== ATTENTION
HKU\S-1-5-21-112308427-2752319856-531434809-1001\...\Run: [2592201] => C:\Users\ZokiVale\AppData\Local\Temp\is-ILQJM.tmp\Mechiine.exe [9190654 2019-05-16] ( ) [File not signed] <==== ATTENTION
HKU\S-1-5-21-112308427-2752319856-531434809-1001\...\MountPoints2: {0750b68d-f196-11e8-9bc5-24b6fd39c918} - "W:\InstallLauncher.bat"
HKU\S-1-5-21-112308427-2752319856-531434809-1001\...\MountPoints2: {6a96525b-ef41-11e8-9bc4-24b6fd39c918} - "V:\SETUP.EXE"
HKU\S-1-5-21-112308427-2752319856-531434809-1001\...\MountPoints2: {88ae7f74-ef3e-11e8-9bc1-806e6f6e6963} - "D:\AutoRun.exe" "bin\VitalBrowser.exe" /splash "splash.bmp$5" /hide
HKU\S-1-5-21-112308427-2752319856-531434809-1001\...\MountPoints2: {bedeb1cf-f64e-11e8-9bc6-c01885794988} - "V:\InstallLauncher.bat"
HKU\S-1-5-21-112308427-2752319856-531434809-1001\...\MountPoints2: {bedeb333-f64e-11e8-9bc6-c01885794988} - "V:\InstallLauncher.bat"
HKU\S-1-5-21-112308427-2752319856-531434809-1001\...\MountPoints2: {bedeb39c-f64e-11e8-9bc6-c01885794988} - "V:\InstallLauncher.bat"
HKU\S-1-5-21-112308427-2752319856-531434809-1001\...\MountPoints2: {bedeb43f-f64e-11e8-9bc6-c01885794988} - "V:\InstallLauncher.bat"
HKU\S-1-5-21-112308427-2752319856-531434809-1001\...\MountPoints2: {bedeb4a7-f64e-11e8-9bc6-c01885794988} - "V:\InstallLauncher.bat"
HKU\S-1-5-21-112308427-2752319856-531434809-1001\...\MountPoints2: {bedeb4f4-f64e-11e8-9bc6-c01885794988} - "V:\InstallLauncher.bat"
HKLM\Software\Microsoft\Active Setup\Installed Components: [OpenVPN_UserSetup] -> reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v OPENVPN-GUI /t REG_SZ /d "C:\Program Files\OpenVPN\bin\openvpn-gui.exe" /f
HKLM\Software\...\Authentication\Credential Providers: [{8AF662BF-65A0-4D0A-A540-A338A999D36F}] -> C:\Windows\system32\FaceCredentialProvider.dll [2016-10-25] (Microsoft Windows -> )
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] -> C:\Windows\system32\FaceCredentialProvider.dll [2016-10-25] (Microsoft Windows -> )
IFEO\SppExtComObj.exe: [Debugger] SppExtComObjPatcher.exe
GroupPolicy: Restriction ? <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2D48A7F8-F80C-4749-8039-CEAED63808DD} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [316632 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {60B8899F-D987-40C1-8C2A-01BB96A6219B} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistInstaller.exe [1512920 2019-04-10] (Dell Inc. -> Dell Inc.)
Task: {E1965707-EA7B-43AA-AB09-F6F3D2F7EECE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {E3BE30E1-2C2A-4303-8440-15EFBFD4235E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [416432 2015-07-31] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{e91a1c3d-8442-4867-8f37-19c3d4383569}: [DhcpNameServer] 89.216.1.30 89.216.1.50

Internet Explorer:
==================
HKU\S-1-5-21-112308427-2752319856-531434809-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mail.ru/cnt/10445?gp=834423
SearchScopes: HKU\S-1-5-21-112308427-2752319856-531434809-1001 -> DefaultScope {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxps://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B845AB665-1439-4ED6-874B-CB4B7FDD4557%7D&gp=811610
SearchScopes: HKU\S-1-5-21-112308427-2752319856-531434809-1001 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
SearchScopes: HKU\S-1-5-21-112308427-2752319856-531434809-1001 -> {BDF61FAE-9D19-40F0-8F34-688DEB334CA9} URL = hxxp://securedsearch.lavasoft.com/results.php?pr=vmn&id=webcompa&ent=ch_WCYID10420__181124&q={searchTerms}
SearchScopes: HKU\S-1-5-21-112308427-2752319856-531434809-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxps://go.mail.ru/distib/ep/?q={searchTerms}&fr=ntg&product_id=%7B845AB665-1439-4ED6-874B-CB4B7FDD4557%7D&gp=811610
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2019-04-16] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2019-04-17] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Search@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\ZokiVale\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll [2019-05-19] (LLC Mail.Ru -> Mail.Ru)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-03-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-03-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2019-03-12] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2019-03-12] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF DefaultProfile: dg1ezxu1.default-1558257990495
FF ProfilePath: C:\Users\ZokiVale\AppData\Roaming\Mozilla\Firefox\Profiles\dg1ezxu1.default-1558257990495 [2019-05-19]
FF HKLM\...\Firefox\Extensions: [support@geticommerce.com] - C:\Program Files (x86)\Up Pro\up_pro-1.5.16.1-an+fx-windows.xpi
FF Extension: (Up Pro) - C:\Program Files (x86)\Up Pro\up_pro-1.5.16.1-an+fx-windows.xpi [2017-12-08]
FF HKLM-x32\...\Firefox\Extensions: [support@geticommerce.com] - C:\Program Files (x86)\Up Pro\up_pro-1.5.16.1-an+fx-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=3.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-01-10] (VideoLAN -> VideoLAN)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-10-16] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation -> Microsoft Corporation)
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox.js [2019-05-19]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2019-02-28] (Dell Inc -> Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3363824 2019-02-28] (Dell Inc -> Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2019-02-28] (Dell Inc -> Dell Inc.)
R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1542\DSAPI.exe [1038144 2019-04-29] (PC-Doctor, Inc. -> PC-Doctor, Inc.)
S2 localNETService; C:\ProgramData\localNETService\localNETService.exe [457944 2019-05-19] (Pragramatic Limited -> )
R2 Main Service; C:\Program Files (x86)\MachinerData\f13d2641b0fcbafb00803f96894a3808.exe [2699776 2019-05-19] () [File not signed]
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv2.exe [24192 2018-03-06] (OpenVPN Technologies, Inc. -> )
R2 OpenVPNServiceInteractive; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
S3 OpenVPNServiceLegacy; C:\Program Files\OpenVPN\bin\openvpnserv.exe [75392 2018-04-26] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [39896 2019-04-10] (Dell Inc. -> Dell Inc.)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25944 2019-05-09] (LAVASOFT SOFTWARE CANADA INC -> )
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2016-10-25] (Microsoft Corporation -> Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-06-03] (Microsoft Corporation -> Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-07-10] (Microsoft Windows -> Qualcomm Atheros Communications, Inc.)
R3 BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys [610336 2018-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros)
R3 DDDriver; C:\Windows\System32\drivers\dddriver64Dcsa.sys [40824 2019-02-27] (Microsoft Windows Hardware Compatibility Publisher -> Dell Inc.)
R3 igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [5382856 2018-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Microsoft Windows -> Realtek )
R3 tap0901; C:\Windows\System32\drivers\tap0901.sys [27136 2016-04-21] (OpenVPN Technologies, Inc. -> The OpenVPN Project)
R0 vsock; C:\Windows\System32\DRIVERS\vsock.sys [92040 2018-06-22] (VMware, Inc. -> VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Windows -> Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Windows -> Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-19 15:36 - 2019-05-19 15:38 - 000017715 _____ C:\Users\ZokiVale\Desktop\FRST.txt
2019-05-19 15:36 - 2019-05-19 15:36 - 000000000 ____D C:\FRST
2019-05-19 15:35 - 2019-05-19 15:36 - 002435072 _____ (Farbar) C:\Users\ZokiVale\Desktop\FRST64.exe
2019-05-19 15:23 - 2019-05-19 15:23 - 000016148 _____ C:\Windows\system32\DESKTOP-HB07RRJ_ZokiVale_HistoryPrediction.bin
2019-05-19 12:39 - 2019-05-19 12:39 - 000322384 _____ (Mozilla) C:\Users\ZokiVale\Downloads\Firefox Installer(1).exe
2019-05-19 11:26 - 2019-05-19 11:26 - 000000000 ____D C:\Users\ZokiVale\Desktop\Стари Firefox подаци
2019-05-19 11:11 - 2019-05-19 11:13 - 000000004 _____ C:\ProgramData\lock.dat
2019-05-19 11:11 - 2019-05-19 11:11 - 000000008 _____ C:\ProgramData\ts.dat
2019-05-19 11:11 - 2019-05-19 11:11 - 000000004 _____ C:\ProgramData\irw.atsd
2019-05-19 00:36 - 2019-05-19 00:36 - 000000000 ____D C:\Program Files (x86)\FastDataX
2019-05-19 00:35 - 2019-05-19 00:35 - 000000000 ____D C:\ProgramData\localNETService
2019-05-19 00:35 - 2019-05-19 00:35 - 000000000 ____D C:\ProgramData\{30B28943-8959-8150-2194-D30D21738A5C}
2019-05-19 00:35 - 2019-05-19 00:35 - 000000000 ____D C:\ProgramData\{1C95979A-9780-AD77-F88A-F421F86DAD70}
2019-05-19 00:34 - 2019-05-19 11:15 - 000000000 ____D C:\Program Files (x86)\Multitimer
2019-05-19 00:32 - 2019-05-19 11:13 - 000000000 ____D C:\Program Files (x86)\Mail.Ru
2019-05-19 00:32 - 2019-05-19 11:11 - 000000000 ____D C:\Program Files (x86)\SQLtask
2019-05-19 00:32 - 2019-05-19 00:34 - 000000000 ____D C:\Program Files (x86)\MachinerData
2019-05-19 00:32 - 2019-05-19 00:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Up Pro
2019-05-19 00:32 - 2019-05-19 00:32 - 000000000 ____D C:\ProgramData\fb
2019-05-19 00:32 - 2019-05-19 00:32 - 000000000 ____D C:\Program Files (x86)\Up Pro
2019-05-19 00:31 - 2019-05-19 11:13 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\Mail.Ru
2019-05-19 00:31 - 2019-05-19 00:32 - 000000000 ____D C:\ProgramData\Mail.Ru
2019-05-18 20:37 - 2019-05-18 20:37 - 000003382 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-112308427-2752319856-531434809-1001
2019-05-18 20:37 - 2019-05-18 20:37 - 000002380 _____ C:\Users\ZokiVale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2019-05-15 21:50 - 2019-05-15 21:50 - 000000825 _____ C:\Users\ZokiVale\Desktop\Tixati.lnk
2019-05-15 21:49 - 2019-05-15 21:50 - 014719640 _____ C:\Users\ZokiVale\Downloads\tixati-2.61-1.win64-install.exe
2019-05-15 20:59 - 2019-05-15 20:59 - 000010363 _____ C:\Users\ZokiVale\AppData\Local\recently-used.xbel
2019-05-11 17:05 - 2019-05-11 17:05 - 000000000 ____D C:\Users\ZokiVale\AppData\LocalLow\uTorrent
2019-05-09 23:03 - 2019-05-19 12:40 - 000000000 ____D C:\Program Files\Mozilla Firefox
2019-05-09 16:56 - 2019-05-09 16:56 - 000404944 _____ C:\Users\ZokiVale\Downloads\repository.kodibalkan-2.0.1.zip
2019-05-09 16:55 - 2019-05-09 16:55 - 000558904 _____ C:\Users\ZokiVale\Downloads\repository.kodibalkan-2.1.1.zip
2019-05-09 16:52 - 2019-05-09 16:52 - 060885766 _____ (Kato, Inc. ) C:\Users\ZokiVale\Downloads\Kato MC Fork Of Krypton.exe
2019-05-06 16:43 - 2019-05-06 16:43 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\Encryptomatic,_LLC
2019-05-06 16:42 - 2019-05-06 16:42 - 000002493 _____ C:\Users\Public\Desktop\PSTViewer Pro 8.lnk
2019-05-06 16:42 - 2019-05-06 16:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Encryptomatic, LLC
2019-05-06 16:42 - 2019-05-06 16:42 - 000000000 ____D C:\ProgramData\Encryptomatic, LLC
2019-05-06 16:42 - 2019-05-06 16:42 - 000000000 ____D C:\Program Files\Encryptomatic, LLC
2019-05-06 16:41 - 2019-05-06 16:41 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\IsolatedStorage
2019-05-06 16:41 - 2019-05-06 16:41 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\Encryptomatic, LLC
2019-05-06 16:41 - 2019-05-06 16:41 - 000000000 ____D C:\ProgramData\IsolatedStorage
2019-05-06 16:40 - 2019-05-06 16:40 - 057874445 _____ C:\Users\ZokiVale\Downloads\MHTViewerPro.zip
2019-05-03 17:25 - 2019-05-06 16:33 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\VMware
2019-05-03 17:25 - 2019-05-06 16:32 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\VMware
2019-05-03 17:24 - 2019-05-03 17:24 - 000884040 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-05-03 17:24 - 2019-05-03 17:24 - 000001265 _____ C:\Users\Public\Desktop\VMware Workstation 15 Player.lnk
2019-05-03 17:24 - 2019-05-03 17:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2019-05-03 17:24 - 2019-03-25 19:44 - 001266096 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2019-05-03 17:24 - 2019-03-25 19:43 - 000397232 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2019-05-03 17:24 - 2019-03-25 19:43 - 000374192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2019-05-03 17:24 - 2019-03-25 19:43 - 000134104 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2019-05-03 17:24 - 2019-03-25 19:43 - 000043992 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2019-05-03 17:24 - 2019-03-25 19:36 - 000099272 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2019-05-03 17:24 - 2018-11-02 05:21 - 000084752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2019-05-03 17:24 - 2018-06-22 01:31 - 000092040 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2019-05-03 17:24 - 2018-06-22 01:31 - 000046472 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2019-05-03 17:24 - 2018-06-22 01:31 - 000042376 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2019-05-03 17:23 - 2019-05-19 11:09 - 000000000 ____D C:\ProgramData\VMware
2019-05-03 17:23 - 2019-05-03 17:23 - 000000000 ____D C:\Program Files\Common Files\VMware
2019-05-03 17:23 - 2019-05-03 17:23 - 000000000 ____D C:\Program Files (x86)\VMware
2019-05-03 17:20 - 2019-05-03 17:21 - 138733576 _____ (VMware, Inc.) C:\Users\ZokiVale\Downloads\VMware-player-15.0.4-12990004.exe
2019-04-29 13:45 - 2019-04-29 13:45 - 000002202 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2019-04-29 13:45 - 2019-04-29 13:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2019-04-25 11:40 - 2019-04-28 17:39 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\Popcorn-Time-CE
2019-04-25 11:40 - 2019-04-25 11:40 - 000002255 _____ C:\Users\Public\Desktop\Popcorn Time Community.lnk
2019-04-25 11:39 - 2019-04-25 11:40 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\Popcorn Time Community
2019-04-25 11:39 - 2019-04-25 11:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Popcorn Time Community
2019-04-25 11:38 - 2019-04-25 11:39 - 042609152 _____ C:\Users\ZokiVale\Downloads\popcorn-time-latest.msi
2019-04-24 12:44 - 2019-04-24 12:44 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\fontconfig
2019-04-24 12:43 - 2019-04-24 12:43 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\inkscape
2019-04-24 12:39 - 2019-04-24 12:39 - 000000865 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inkscape.lnk
2019-04-24 12:39 - 2019-04-24 12:39 - 000000853 _____ C:\Users\Public\Desktop\Inkscape.lnk
2019-04-24 12:38 - 2019-04-24 12:42 - 000000000 ____D C:\Program Files\Inkscape
2019-04-24 12:36 - 2019-04-24 12:37 - 066983821 _____ (Inkscape project) C:\Users\ZokiVale\Downloads\inkscape-0.92.4-x64.exe
2019-04-24 12:30 - 2019-04-24 12:32 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\Downloaded Installations
2019-04-24 11:18 - 2019-04-24 11:18 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\OneDrive
2019-04-24 10:19 - 2019-04-24 10:19 - 001233768 _____ (Apowersoft Ltd. ) C:\Users\ZokiVale\Downloads\apowersoft-online-launcher.exe
2019-04-24 10:19 - 2019-04-24 10:19 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\Apowersoft
2019-04-24 10:19 - 2019-04-24 10:19 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\Apowersoft
2019-04-23 21:12 - 2019-04-23 21:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteus 8 Professional
2019-04-23 21:03 - 2019-04-23 21:05 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\PDFescape Desktop
2019-04-23 21:02 - 2019-04-23 21:02 - 012095280 _____ (© RedSoftware) C:\Users\ZokiVale\Downloads\PDFescape_Desktop_Installer.exe
2019-04-23 11:46 - 2019-04-23 11:46 - 000000000 ____D C:\Users\ZokiVale\AppData\LocalLow\Temp
2019-04-23 11:44 - 2019-04-23 11:47 - 000000000 ___RD C:\Users\ZokiVale\3D Objects
2019-04-22 13:58 - 2019-04-22 13:58 - 000000000 ____D C:\Users\ZokiVale\Documents\ExpressPCB
2019-04-22 13:57 - 2019-04-22 13:57 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\Downloaded Installations
2019-04-20 17:13 - 2019-04-20 17:13 - 000204509 _____ C:\Users\ZokiVale\Documents\40xx.lib

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-19 15:25 - 2018-11-23 19:25 - 000000000 ____D C:\Users\ZokiVale\AppData\LocalLow\Mozilla
2019-05-19 12:40 - 2018-11-23 19:25 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2019-05-19 12:40 - 2018-11-23 19:25 - 000000999 _____ C:\Users\Public\Desktop\Firefox.lnk
2019-05-19 12:40 - 2018-11-23 19:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-19 11:16 - 2018-11-23 18:48 - 000879274 _____ C:\Windows\system32\PerfStringBackup.INI
2019-05-19 11:16 - 2015-07-10 13:02 - 000000000 ____D C:\Windows\INF
2019-05-19 11:09 - 2015-07-10 14:21 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-19 10:52 - 2015-07-10 11:05 - 000524288 ___SH C:\Windows\system32\config\BBI
2019-05-19 10:51 - 2019-04-14 22:32 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\tixati
2019-05-19 10:51 - 2018-11-23 18:56 - 000000000 ____D C:\Users\ZokiVale
2019-05-19 10:50 - 2018-11-24 18:53 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\uTorrent
2019-05-19 09:46 - 2018-12-17 00:49 - 000004170 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{781556F2-720F-4AF5-A857-A0596C0A14DB}
2019-05-19 00:33 - 2015-07-10 13:04 - 000000000 ___HD C:\Windows\system32\GroupPolicy
2019-05-19 00:33 - 2015-07-10 13:04 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2019-05-18 20:37 - 2018-11-23 18:58 - 000000000 ___RD C:\Users\ZokiVale\OneDrive
2019-05-16 17:05 - 2019-03-21 17:56 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\BitTorrentHelper
2019-05-15 21:50 - 2019-04-14 22:32 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2019-05-15 21:50 - 2019-04-14 22:31 - 000000000 ____D C:\Program Files\tixati
2019-05-15 21:00 - 2019-04-14 23:47 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\kicad
2019-05-15 11:39 - 2018-11-23 18:52 - 000000000 ____D C:\Windows\system32\MRT
2019-05-15 11:35 - 2018-11-23 18:52 - 132445408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2019-05-09 23:50 - 2018-12-28 23:19 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\Kodi
2019-05-07 20:36 - 2015-07-10 13:04 - 000000000 ____D C:\Windows\AppReadiness
2019-05-06 16:29 - 2018-11-23 18:56 - 000000000 ____D C:\Users\ZokiVale\AppData\Local\Packages
2019-05-06 16:29 - 2015-07-10 13:04 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-03 17:22 - 2018-11-24 18:44 - 000000000 ____D C:\ProgramData\Package Cache
2019-05-02 11:06 - 2019-02-10 20:18 - 000266776 _____ C:\Windows\system32\FNTCACHE.DAT
2019-04-29 13:47 - 2018-12-15 11:43 - 000000000 ____D C:\ProgramData\PCDr
2019-04-29 13:44 - 2018-12-15 11:41 - 000000000 ____D C:\ProgramData\SupportAssist
2019-04-25 23:43 - 2019-01-04 20:03 - 000000000 ____D C:\Users\ZokiVale\AppData\Roaming\vlc
2019-04-23 21:11 - 2019-03-18 19:49 - 000000000 ____D C:\Program Files (x86)\Sprint-Layout50

==================== Files in the root of some directories =======

2019-05-19 11:11 - 2019-05-19 11:13 - 000000004 _____ () C:\ProgramData\lock.dat
2019-05-19 11:11 - 2019-05-19 11:11 - 000000008 _____ () C:\ProgramData\ts.dat
2018-12-14 17:03 - 2018-12-23 17:02 - 000000128 ____H () C:\Users\ZokiVale\microsoft.dat
2018-12-02 18:12 - 2018-12-02 18:12 - 000000069 _____ () C:\Program Files (x86)\dialogysclip.bat
2018-12-02 18:11 - 2018-12-02 18:40 - 000001815 _____ () C:\Program Files (x86)\DialogysUninstWPS.bat
2018-12-02 18:11 - 2018-12-02 18:11 - 000000840 _____ () C:\Program Files (x86)\INSTALL.LOG
2018-12-02 18:11 - 2017-11-08 17:09 - 000176040 _____ () C:\Program Files (x86)\UninstScript.EXE
2019-02-09 19:05 - 2019-04-18 23:19 - 000004372 _____ () C:\Users\ZokiVale\AppData\Roaming\LTspiceXVII.ini
2019-05-15 20:59 - 2019-05-15 20:59 - 000010363 _____ () C:\Users\ZokiVale\AppData\Local\recently-used.xbel

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-05-16 18:42
==================== End of FRST.txt ============================

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10460
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Otvori Notepad i iskopiraj sljedeæi tekst koji se nalazi unutar Kod polja.

HKU\S-1-5-21-112308427-2752319856-531434809-1001\...\Run: [4377349] => C:\Users\ZokiVale\AppData\Local\Temp\is-GVGP3.tmp\Mechiine.exe [9190654 2019-05-16] ( ) [File not signed] <==== ATTENTION
HKU\S-1-5-21-112308427-2752319856-531434809-1001\...\Run: [2592201] => C:\Users\ZokiVale\AppData\Local\Temp\is-ILQJM.tmp\Mechiine.exe [9190654 2019-05-16] ( ) [File not signed] <==== ATTENTION
FF HKLM\...\Firefox\Extensions: [support@geticommerce.com] - C:\Program Files (x86)\Up Pro\up_pro-1.5.16.1-an+fx-windows.xpi
FF Extension: (Up Pro) - C:\Program Files (x86)\Up Pro\up_pro-1.5.16.1-an+fx-windows.xpi [2017-12-08]
FF ExtraCheck: C:\Program Files\mozilla firefox\browser\defaults\preferences\firefox.js [2019-05-19]
C:\Users\ZokiVale\AppData\Local\Temp\is-GVGP3.tmp\Mechiine.exe
C:\Users\ZokiVale\AppData\Local\Temp\is-ILQJM.tmp\Mechiine.exe
C:\Program Files (x86)\Up Pro


U okviru Notepad-a klikni na File --> Save As
Pod Encoding izaberi UTF-8.
Fajl nazovi Fixlist i saèuvaj na Desktop
Dvoklikom ponovo pokreni FRST.exe
Klikni na Fix i saèekaj dok program ne završi.
Ukoliko program zatraži restart raèunara, omoguæi mu da to nesmetano obavi.
Nakon završetka rada, otvoriæe se fixlog.txt, sa sadržajem koji treba da kopiraš u temu.
Takoðe, na Desktop-u æe se nalaziti (fixlog.txt).

offline
  • Pridružio: 23 Mar 2006
  • Poruke: 69

Zavrseno, nije trazen restart. Evo log u prilogu.
U medjuvremenu sam instalirao <BAM i ocistio gamad, ali koliko vidim onaj js je ostao.
Hvala na pomoci.
mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10460
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Preuzmi Malwarebytes Anti-Malware sa ovog ili ovog ili ovog linka i instaliraj aplikaciju.
Pokreni mb3-setup-consumer-{verzija}.exe i isprati uputstva za instalaciju programa. Nakon instalacije, klikni na Finish

Prilikom prvog pokretanja, program će prikazati prozor "dobrodošlice". Slobodno zatvori taj prozor.
Napomena: Premium funkcije programa su već aktivirane i važe 13 dana od trenutka instalacije. Premium funkcije možeš isključiti preko Settings > My Account tab podešavanja.

• Podešavanja skenera - u Settings, klikni na Protection tab. Ispod Scan Options sekcije, uključi "Scan for rootkits" opciju.
• Pripremi podešavanja za Threat Scan - u Dashboard , klikni na Scan Now dugme. MBAM će ažurirati bazu i započeti skeniranje.

Kada se skeniranje završi, ako je infekcija detektovana, obrati pažnju da je sve označeno, pa klikni na Remove Selected. Restartuj računar ako program upita za restart.
• Dostavi log: Pod Reports izaberi trenutni datum izveštaja Scan Report i potom klikni na View Report.

Izvezi log na Desktop;
- Klikni na Export dugme na dnu, pa onda izaberi 'Text file (*.txt)'
# U Save File dijalogu koji se pojavi, klikni na Desktop. U File name: polje, upiši "mbam" (bez navodnika) i klikni na Save.
- Pojaviće se poruka "Your file has been successfully exported", klikni Ok i zatvori prozor.



• U odgovoru prikači mbam.txt log koristeći "Prikači fajl" opciju.

offline
  • Pridružio: 23 Mar 2006
  • Poruke: 69

Evo loga, u stvari to je drugi log skeniranja, od nocas. Prvi je bio pre ciscenja sa FRST.
U medjuvremenu, i pre toga i posle toga uredno blokira neki trojan i aplikaciju utorrent koja do sada nije pravila probleme. Saljem oba loga.
mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • Pridružio: 26 Avg 2010
  • Poruke: 10460
  • Gde živiš: Hypnos Control Room, Tokyo Metropolitan Government Building

Sad si čist, a ovo što ti se javlja je blokiranje IP adrese (tj. opsega IP adresa). Realtime zaštitu u Malwarebytesu možeš slobodno ugasiti.
Možeš li m idati više detalja o js-u koji je ostao?

offline
  • Pridružio: 23 Mar 2006
  • Poruke: 69

Na zalost, ne. Kada je MBAM zavrsio skeniranje i potrpao svasta u karantin, ja sam oznacio sve i pritisnuo da ocisti. Kada je zavrsio prikazao je da je ostao neki java skript (digackog naziva sa ekstenzijom .js). Ocekivao sam da ce da se pojavi u izvestaju, medjutim nema ga. Sad, tako je kako je. Ni ovaj utorent vise ne smara. Hvala na pomoci.

Ko je trenutno na forumu
 

Ukupno su 667 korisnika na forumu :: 43 registrovanih, 0 sakrivenih i 624 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _commandos_, aleksandar_tatic, aljosa7, Apok, aramis s, axa, Boris902, BSD, caesar, celik, darkangel, Djole, DM1994, drimer, Drug pukovnik, Duh sa sekirom, duskovuk63, goxin, Jethro, kalens021, ladro, madza2, Marko Marković, mercedesamg, mgaji21, MikeHammer, Miskohd, nemkea71, Radovan Vinčić, Raptor12, renoje2, RJ, rkekoke, robertino, StefanNBG90, suton, USSVoyager, vladom6, vlahale, voja64, x92, zlatkovuka, Zori