Antivirus pro 2010

1

Antivirus pro 2010

offline
  • Stekss 
  • Novi MyCity građanin
  • Pridružio: 07 Sep 2009
  • Poruke: 13

Cistio sam racunar sa Malwarebytes i on je pronasao 60 fajlova koje je obrisao ali posle restarta racunara sve se vratilo ponovo. Combofix je takodje obrisao gomilu fajlova ali posle restarta isto. Saljem log Hijackthis inace non-stop iskace prozor Antivirus Pro 2010. Molim za pomoc



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:39:14, on 7.9.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\3S CoDeSys\GatewayPLC\GatewayService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Danfoss Drives\VLT Motion Control Tool\MCT 10 Set-up Software\MCTServ.exe
C:\Program Files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\3S CoDeSys\GatewayPLC\GatewaySysTray.exe
C:\WINDOWS\system32\S3Trayp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\sys32_nov.exe
C:\Program Files\KillSoft\FtpDrive\FtpDrive.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\braviax.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Odrzavanje\Desktop\123.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] "VTTimer.exe"
O4 - HKLM\..\Run: [Apoint] "C:\Program Files\Apoint2K\Apoint.exe"
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GatewaySysTray] "C:\Program Files\3S CoDeSys\GatewayPLC\GatewaySysTray.exe"
O4 - HKLM\..\Run: [S3Trayp] "S3Trayp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [sys32_nov] C:\WINDOWS\system32\sys32_nov.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [Antivirus Pro 2010] "C:\Program Files\AntivirusPro_2010\AntivirusPro_2010.exe" /hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [FtpDrive] "C:\Program Files\KillSoft\FtpDrive\FtpDrive.exe"
O4 - HKCU\..\Run: [sys32_nov] C:\Documents and Settings\Odrzavanje\sys32_nov.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Procitaj.txt
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....9297038328
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0C53F1F-B894-4187-8C88-E30165556C08}: NameServer = 192.168.2.1
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CoDeSys Gateway V3 Version 3.1.3.1 (CoDeSys Gateway V3) - 3S-Smart Software Solutions GmbH - C:\Program Files\3S CoDeSys\GatewayPLC\GatewayService.exe
O23 - Service: CoDeSys SP Win V3 Version 3.1.3.0 (CoDeSys SP Win V3) - Unknown owner - C:\Program Files\3S CoDeSys\GatewayPLC\CoDeSysSPService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MCT10 Service - Unknown owner - C:\Program Files\Danfoss Drives\VLT Motion Control Tool\MCT 10 Set-up Software\MCTServ.exe
O23 - Service: Visibroker Activation Daemon (oad) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\oad.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: VisiBroker Smart Agent (osagent) - Unknown owner - C:\PROGRA~1\Borland\vbroker\bin\osagent.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
O23 - Service: stunnel - Unknown owner - E:\LUKIC\stunnel-4.11.exe (file missing)

--
End of file - 7466 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Zdravo,

zasto si na svoju ruku koristio ComboFix?

A, ovde nisi ispratio uputstvo za postavljanje teme:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Stekss 
  • Novi MyCity građanin
  • Pridružio: 07 Sep 2009
  • Poruke: 13

Izvinjavam se sto nisam ispostovao proceduru nisam video da se promenila. Combofix sam koristio misleci da ce mi pomoci. Saljem fajlove ako mozete da ih pregledate.
mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Postavi mi taj log od ComboFixa ako ga jos imas?

offline
  • Stekss 
  • Novi MyCity građanin
  • Pridružio: 07 Sep 2009
  • Poruke: 13

Ostalo mi je ovo u c:\Combofix posto nisam uradio combofix \u
ComboFix 09-09-06.04 - Odrzavanje 07.09.2009 11:12:34.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.188 [GMT 2:00]
Running from: C:\Documents and Settings\Odrzavanje\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\dllcache\figaro.sys
C:\WINDOWS\system32\wisdstr.exe

C:\WINDOWS\system32\drivers\beep.sys . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
.

2009-09-07 09:21:21 . 2006-02-28 12:00:00 4224 ----a-w- C:\WINDOWS\system32\drivers\beep.sys
2009-09-02 04:57:49 . 2009-09-02 04:57:49 29216 ----a-w- C:\WINDOWS\system32\sys32_nov.exe
2009-08-10 12:52:27 . 2009-08-10 12:52:27 0 d-----w- C:\WINDOWS\Sun
2009-08-10 12:50:55 . 2009-08-10 12:50:36 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
2009-08-10 12:50:28 . 2009-08-10 12:50:28 0 d-----w- C:\Program Files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 07:37:15 . 2007-05-16 10:59:27 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-05 06:19:10 . 2008-02-21 07:54:30 0 d-----w- C:\Program Files\FreeCommander
2009-07-30 11:05:31 . 2009-07-30 11:05:31 0 d-----w- C:\Program Files\TrebingHimstedt
2009-07-30 11:05:19 . 2009-07-30 11:05:19 0 d-----w- C:\Program Files\Common Files\Softing
2009-07-30 11:04:38 . 2009-07-30 11:04:38 0 d-----w- C:\Program Files\PF_Activation_Tool
2009-07-30 11:04:38 . 2009-07-30 11:03:56 0 d-----w- C:\Program Files\Common Files\CWGenericFDT
2009-07-30 11:04:38 . 2009-07-30 11:03:07 0 d-----w- C:\Program Files\Common Files\DTMstudioPB
2009-07-30 11:04:36 . 2009-07-30 11:04:36 0 d-----w- C:\Program Files\Common Files\Pepperl+Fuchs GmbH
2009-07-30 11:04:34 . 2009-07-30 11:04:34 0 d-----w- C:\Program Files\Pepperl+Fuchs
2009-07-30 11:03:45 . 2009-07-30 11:03:45 0 d-----w- C:\Program Files\Common Files\OPC Foundation
2009-07-30 11:03:43 . 2009-07-30 11:00:05 0 d-----w- C:\Program Files\Endress+Hauser
2009-07-30 11:03:09 . 2009-07-30 11:03:09 0 d-----w- C:\Program Files\Common Files\DTMstudio
2009-07-30 11:03:09 . 2009-07-30 11:03:09 0 d-----w- C:\Program Files\Common Files\CWLicServer
2009-07-30 11:02:51 . 2009-07-30 11:02:51 0 d-----w- C:\Program Files\Common Files\_is Common
2009-07-30 11:02:46 . 2009-07-30 11:02:46 0 d-----w- C:\Program Files\Common Files\CodeWrights
2009-07-30 11:01:02 . 2009-07-30 11:01:02 86016 ----a-w- C:\WINDOWS\system32\OdbcJdbcSetup.dll
2009-07-30 11:01:02 . 2009-07-30 11:01:02 225280 ----a-w- C:\WINDOWS\system32\IscDbc.dll
2009-07-30 11:01:02 . 2009-07-30 11:01:02 200704 ----a-w- C:\WINDOWS\system32\OdbcJdbc.dll
2009-07-20 12:26:38 . 2009-07-20 12:24:29 0 d-----w- C:\Program Files\MSI Card Reader
2009-07-20 12:24:27 . 2007-05-16 06:09:23 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-07-20 12:05:53 . 2009-07-20 12:05:53 0 d-----w- C:\Program Files\MUP RS
2009-07-17 11:47:47 . 2009-07-17 11:47:47 0 d-----w- C:\Program Files\Common Files\Business Objects
2009-07-17 11:47:43 . 2009-07-17 11:47:43 0 d-----w- C:\Program Files\Fluke
2009-07-17 11:44:09 . 2009-07-17 11:44:09 0 d-----w- C:\Program Files\Microsoft SQL Server
2009-07-16 07:52:59 . 2009-07-16 07:52:59 0 d-----w- C:\Program Files\Compaq
2009-06-03 21:52:57 . 2009-06-03 21:52:57 18180 ----a-w- C:\Program Files\Common Files\somezyh.exe
2009-06-03 21:48:49 . 2009-06-03 21:48:49 18084 ----a-w- C:\Program Files\Common Files\otez.exe
2009-06-03 21:48:49 . 2009-06-03 21:48:49 13677 ----a-w- C:\Program Files\Common Files\sasaluko.db
2009-06-03 15:20:03 . 2009-06-03 15:20:03 18732 ----a-w- C:\Program Files\Common Files\amihiv.lib
2009-06-03 14:31:08 . 2009-06-03 14:31:08 19892 ----a-w- C:\Program Files\Common Files\uvico.lib
2009-06-03 14:31:08 . 2009-06-03 14:31:08 13152 ----a-w- C:\Program Files\Common Files\ihuborehyp.dat
2009-06-03 14:31:08 . 2009-06-03 14:31:08 12913 ----a-w- C:\Program Files\Common Files\ulusecevak.db
2008-03-03 07:05:27 . 2008-03-03 07:05:27 14290 ----a-w- C:\Program Files\settings.dat
2007-06-21 11:33:31 . 2007-06-21 11:33:31 35328 ----a-w- C:\Program Files\winbox.exe
2008-02-02 10:07:52 . 2008-02-21 11:25:44 67696 ----a-w- C:\Program Files\mozilla firefox\components\jar50.dll
2008-02-02 10:07:52 . 2008-02-21 11:25:44 54376 ----a-w- C:\Program Files\mozilla firefox\components\jsd3250.dll
2008-02-02 10:07:53 . 2008-02-21 11:25:44 34952 ----a-w- C:\Program Files\mozilla firefox\components\myspell.dll
2008-02-02 10:07:54 . 2008-02-21 11:25:44 46720 ----a-w- C:\Program Files\mozilla firefox\components\spellchk.dll
2008-02-02 10:07:55 . 2008-02-21 11:25:44 172144 ----a-w- C:\Program Files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

[-] 5FD32526EDA7ED3ADB2E077B8255A566 [------] C:\WINDOWS\system32\dllcache\beep.sys
[-] 5FD32526EDA7ED3ADB2E077B8255A566 [------] C:\WINDOWS\system32\drivers\beep.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-07_07.25.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-07 09:23:45 . 2009-09-07 09:23:45 16384 C:\WINDOWS\temp\Perflib_Perfdata_234.dat
+ 2009-09-07 09:23:42 . 2009-09-07 09:23:42 16384 C:\WINDOWS\temp\Perflib_Perfdata_1b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 14:07:20 2260480]
"FtpDrive"="C:\Program Files\KillSoft\FtpDrive\FtpDrive.exe" [2006-11-05 23:44:48 300653]
"sys32_nov"="C:\Documents and Settings\Odrzavanje\sys32_nov.exe" [BU]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 12:00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2005-04-16 15:08:00 172032]
"S7UB Start"="C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2003-12-17 22:20:12 110645]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16:38 39792]
"GatewaySysTray"="C:\Program Files\3S CoDeSys\GatewayPLC\GatewaySysTray.exe" [2007-12-13 18:46:34 311409]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-08-10 12:50:37 149280]
"sys32_nov"="C:\WINDOWS\system32\sys32_nov.exe" [2009-09-02 04:57:49 29216]
"VTTimer"="VTTimer.exe" - C:\WINDOWS\system32\VTTimer.exe [2006-08-03 12:53:02 53248]
"S3Trayp"="S3Trayp.exe" - C:\WINDOWS\system32\S3Trayp.exe [2006-07-11 00:33:16 176128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-02-28 12:00:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Procitaj.txt [2009-6-4 199]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Ovo nije ceo log. Kopiraj mi ga lepo.

offline
  • Stekss 
  • Novi MyCity građanin
  • Pridružio: 07 Sep 2009
  • Poruke: 13

Napisano: 07 Sep 2009 14:38

Nazalost u tom txt-u je samo toliko nema dalje.Da li da pustim ponovo?

Dopuna: 07 Sep 2009 14:45

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Pronasao sam ove fajlove u karantinu

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Ne radi vise nista sto ti ja ne kazem.


Skeniraj jos jednom sa ComboFixom u Normal Modu.

Postavi mi log i onda cekaj.

offline
  • Stekss 
  • Novi MyCity građanin
  • Pridružio: 07 Sep 2009
  • Poruke: 13

Morao sam da preimenujem Combofix.exe u 1234.exe jer nije hteo da se startuje. Evo ga log

ComboFix 09-09-06.04 - Odrzavanje 07.09.2009 16:21.4.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.113 [GMT 2:00]
Running from: c:\documents and settings\Odrzavanje\Desktop\1234.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documents\emet.dl
c:\documents and settings\Odrzavanje\Application Data\juripir.pif
c:\documents and settings\Odrzavanje\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Odrzavanje\Cookies\itimohise.bin
c:\documents and settings\Odrzavanje\Cookies\ivub.pif
c:\documents and settings\Odrzavanje\Cookies\zicerad.bin
c:\documents and settings\Odrzavanje\Local Settings\Application Data\ipew.ban
c:\documents and settings\Odrzavanje\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\program files\Common Files\enacapefyd.reg
c:\program files\Common Files\ihygavyfe.bat
c:\windows\amyd.reg
c:\windows\aqizitasot.bat
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\qerico.inf
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\dllcache\beep.sys
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\purewuviqu.reg
c:\windows\system32\wisdstr.exe
c:\windows\system32\ypyser.bin
c:\windows\xesis.vbs
.
---- Previous Run -------
.
c:\windows\system32\dllcache\beep.sys
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\wisdstr.exe

c:\windows\system32\drivers\beep.sys . . . is infected!!

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{6EE2268B-AB94-4A1D-8654-7F7088B2CBF8}\RP2\A0000279.sys

.
((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
.

2009-09-07 09:28 . 2009-09-07 09:30 -------- d-----w- c:\program files\AntivirusPro_2010
2009-09-07 09:21 . 2006-02-28 12:00 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-09-07 09:08 . 2009-09-07 14:20 -------- d-s---w- C:\ComboFix
2009-09-02 04:57 . 2009-09-02 04:57 29216 ----a-w- c:\windows\system32\sys32_nov.exe
2009-08-10 12:52 . 2009-08-10 12:52 -------- d-----w- c:\windows\Sun
2009-08-10 12:50 . 2009-08-10 12:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-10 12:50 . 2009-08-10 12:50 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 09:28 . 2009-09-07 09:28 14960 ----a-w- c:\documents and settings\All Users\Application Data\ocodac.dat
2009-09-07 07:37 . 2007-05-16 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-05 06:19 . 2008-02-21 07:54 -------- d-----w- c:\program files\FreeCommander
2009-07-30 11:05 . 2009-07-30 11:05 -------- d-----w- c:\program files\TrebingHimstedt
2009-07-30 11:05 . 2009-07-30 11:05 -------- d-----w- c:\program files\Common Files\Softing
2009-07-30 11:04 . 2009-07-30 11:04 -------- d-----w- c:\program files\PF_Activation_Tool
2009-07-30 11:04 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\CWGenericFDT
2009-07-30 11:04 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\DTMstudioPB
2009-07-30 11:04 . 2009-07-30 11:04 -------- d-----w- c:\program files\Common Files\Pepperl+Fuchs GmbH
2009-07-30 11:04 . 2009-07-30 11:04 -------- d-----w- c:\program files\Pepperl+Fuchs
2009-07-30 11:03 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\OPC Foundation
2009-07-30 11:03 . 2009-07-30 11:00 -------- d-----w- c:\program files\Endress+Hauser
2009-07-30 11:03 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\DTMstudio
2009-07-30 11:03 . 2009-07-30 11:03 -------- d-----w- c:\program files\Common Files\CWLicServer
2009-07-30 11:02 . 2009-07-30 11:02 -------- d-----w- c:\program files\Common Files\_is Common
2009-07-30 11:02 . 2009-07-30 11:02 -------- d-----w- c:\program files\Common Files\CodeWrights
2009-07-30 11:01 . 2009-07-30 11:01 86016 ----a-w- c:\windows\system32\OdbcJdbcSetup.dll
2009-07-30 11:01 . 2009-07-30 11:01 225280 ----a-w- c:\windows\system32\IscDbc.dll
2009-07-30 11:01 . 2009-07-30 11:01 200704 ----a-w- c:\windows\system32\OdbcJdbc.dll
2009-07-20 12:26 . 2009-07-20 12:24 -------- d-----w- c:\program files\MSI Card Reader
2009-07-20 12:24 . 2007-05-16 06:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-20 12:05 . 2009-07-20 12:05 -------- d-----w- c:\program files\MUP RS
2009-07-17 11:47 . 2009-07-17 11:47 -------- d-----w- c:\program files\Common Files\Business Objects
2009-07-17 11:47 . 2009-07-17 11:47 -------- d-----w- c:\program files\Fluke
2009-07-17 11:44 . 2009-07-17 11:44 -------- d-----w- c:\program files\Microsoft SQL Server
2009-07-16 07:52 . 2009-07-16 07:52 -------- d-----w- c:\program files\Compaq
2009-06-03 21:52 . 2009-06-03 21:52 18180 ----a-w- c:\program files\Common Files\somezyh.exe
2009-06-03 21:48 . 2009-06-03 21:48 18084 ----a-w- c:\program files\Common Files\otez.exe
2009-06-03 21:48 . 2009-06-03 21:48 13677 ----a-w- c:\program files\Common Files\sasaluko.db
2009-06-03 15:20 . 2009-06-03 15:20 18732 ----a-w- c:\program files\Common Files\amihiv.lib
2009-06-03 14:31 . 2009-06-03 14:31 19892 ----a-w- c:\program files\Common Files\uvico.lib
2009-06-03 14:31 . 2009-06-03 14:31 13152 ----a-w- c:\program files\Common Files\ihuborehyp.dat
2009-06-03 14:31 . 2009-06-03 14:31 12913 ----a-w- c:\program files\Common Files\ulusecevak.db
2008-03-03 07:05 . 2008-03-03 07:05 14290 ----a-w- c:\program files\settings.dat
2007-06-21 11:33 . 2007-06-21 11:33 35328 ----a-w- c:\program files\winbox.exe
2008-02-02 10:07 . 2008-02-21 11:25 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-02-02 10:07 . 2008-02-21 11:25 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-02-02 10:07 . 2008-02-21 11:25 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-02-02 10:07 . 2008-02-21 11:25 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-02-02 10:07 . 2008-02-21 11:25 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

[-] 5FD32526EDA7ED3ADB2E077B8255A566 [------] c:\windows\system32\dllcache\beep.sys
[-] 5FD32526EDA7ED3ADB2E077B8255A566 [------] c:\windows\system32\drivers\beep.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-07_07.25.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-07 14:33 . 2009-09-07 14:33 16384 c:\windows\temp\Perflib_Perfdata_25c.dat
+ 2009-09-07 14:33 . 2009-09-07 14:33 16384 c:\windows\temp\Perflib_Perfdata_164.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"FtpDrive"="c:\program files\KillSoft\FtpDrive\FtpDrive.exe" [2006-11-05 300653]
"sys32_nov"="c:\documents and settings\Odrzavanje\sys32_nov.exe" [BU]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"braviax"="" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-04-16 172032]
"S7UB Start"="c:\program files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2003-12-17 110645]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GatewaySysTray"="c:\program files\3S CoDeSys\GatewayPLC\GatewaySysTray.exe" [2007-12-13 311409]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-10 149280]
"sys32_nov"="c:\windows\system32\sys32_nov.exe" [2009-09-02 29216]
"Antivirus Pro 2010"="c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe" [2009-09-06 589312]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-08-03 53248]
"S3Trayp"="S3Trayp.exe" - c:\windows\system32\S3Trayp.exe [2006-07-11 176128]
"braviax"="" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Procitaj.txt [2009-6-4 199]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv7.exe"=
"c:\\Program Files\\Siemens\\Step7\\S7BIN\\S7tgtopx.exe"=
"c:\\Program Files\\Siemens\\Step7\\S7INF\\S7usiapx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1005MC.EXE"=
"c:\\Program Files\\3S CoDeSys\\CoDeSys\\Common\\CoDeSys.exe"=
"c:\\Program Files\\3S CoDeSys\\CoDeSys\\Common\\RepTool.exe"=
"c:\\Program Files\\3S CoDeSys\\CoDeSys\\Common\\IPMCLI.exe"=
"c:\\Program Files\\3S CoDeSys\\GatewayPLC\\GatewayService.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6160:TCP"= 6160:TCP:Seagull Driver Networking
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [21.7.2005 12:40 622654]
R2 CoDeSys Gateway V3;CoDeSys Gateway V3 Version 3.1.3.1;c:\program files\3S CoDeSys\GatewayPLC\GatewayService.exe [13.12.2007 20:43 843897]
R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [14.1.2008 12:03 30224]
R2 MCT10 Service;MCT10 Service;c:\program files\Danfoss Drives\VLT Motion Control Tool\MCT 10 Set-up Software\MCTServ.exe [5.12.2008 13:04 192512]
R2 MSSQL$FLUKE;MSSQL$FLUKE;c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe -sFLUKE --> c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe -sFLUKE [?]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 22:22 34064]
R2 PROFIbrd;PROFIBUS V5 Hardware Driver (Softing);c:\windows\system32\drivers\PROFIbrd.sys [30.7.2009 13:05 184832]
R2 PROFIprt;PROFIBUS Protocol Driver (Softing);c:\windows\system32\drivers\PROFIprt.sys [30.7.2009 13:05 35968]
R2 PROFIstack;PROFIBUS V6 Hardware Driver (Softing);c:\windows\system32\drivers\PROFIstack.sys [30.7.2009 13:05 250112]
R2 s7asysvx;S7 Global Services;c:\program files\Siemens\Step7\S7BIN\s7asysvx.exe [26.7.2004 21:13 69685]
R2 s7odpx2x;SIMATIC MPI/PROFIBUS DPX2 Driver;c:\windows\system32\drivers\s7odpx2x.sys [5.10.2007 11:40 78408]
R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [5.10.2007 11:51 208968]
R2 s7osmcax;s7osmcax;c:\windows\system32\drivers\s7osmcax.sys [5.10.2007 11:44 194120]
R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [30.7.2007 12:06 71168]
R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [31.8.2007 11:32 163840]
R2 scpdrv;scpdrv;c:\program files\Common Files\Siemens\SWS\plugins\scp\scpdrv.sys [14.10.2003 2:44 26944]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [12.9.2006 10:43 659456]
S2 CoDeSys SP Win V3;CoDeSys SP Win V3 Version 3.1.3.0;c:\program files\3S CoDeSys\GatewayPLC\CoDeSysSPService.exe --> c:\program files\3S CoDeSys\GatewayPLC\CoDeSysSPService.exe [?]
S3 AIDA32Driver;AIDA32Driver;\??\e:\ aaaaaaaaaaaa\aida32.sys --> e:\ aaaaaaaaaaaa\aida32.sys [?]
S3 IRIMAGER;Fluke Ti30, IR-Imager USB Driver (irimager.sys);c:\windows\system32\drivers\irimager.sys [21.4.2006 16:48 19263]
S3 oad;Visibroker Activation Daemon;c:\progra~1\Borland\vbroker\bin\oad.exe [31.5.2007 13:41 1781248]
S3 osagent;VisiBroker Smart Agent;c:\progra~1\Borland\vbroker\bin\osagent.exe [31.5.2007 13:41 193536]
S3 PROFIpnp;PROFIBUS PnP Hardware Driver (Softing);c:\windows\system32\drivers\PROFIpnp.sys [30.7.2009 13:05 12416]
S3 PROFIusb;PROFIusb Device Driver (Softing AG);c:\windows\system32\drivers\PROFIusb.sys [30.7.2009 13:05 30464]
S3 S5AS511;S5AS511;c:\windows\system32\drivers\S5AS511.SYS [3.9.2008 20:03 15360]
S3 S5MCD;S5MCD;c:\windows\system32\drivers\S5MCD.SYS [3.9.2008 20:03 188416]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [18.10.2002 2:34 30512]
S3 s7oupc2x;SIMATIC PC Adapter USB Driver;c:\windows\system32\drivers\s7oupc2x.sys [28.5.2008 9:55 12333]
S3 SQLAgent$FLUKE;SQLAgent$FLUKE;c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlagent.EXE -i FLUKE --> c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlagent.EXE -i FLUKE [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
iguafxuz
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Regedit32 - c:\windows\system32\regedit.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {C0C53F1F-B894-4187-8C88-E30165556C08} = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Odrzavanje\Application Data\Mozilla\Firefox\Profiles\ydhnp2au.default\
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-09-07 16:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\braviax.exe 11264 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2600)
c:\program files\KillSoft\FtpDrive\FtpDrive.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\logonui.exe
c:\windows\system32\scardsvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL$FLUKE\Binn\sqlservr.exe
c:\windows\system32\rdpclip.exe
c:\program files\Apoint2K\ApntEx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Siemens\SQLANY\dbsrv7.exe
c:\windows\system32\braviax.exe
.
**************************************************************************
.
Completion time: 2009-09-07 16:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-07 14:41
ComboFix2.txt 2009-09-07 07:28
ComboFix3.txt 2009-06-03 15:14

Pre-Run: 24.279.076.864 bytes free
Post-Run: 24.240.381.952 bytes free

265

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8515
  • Gde živiš: Novi Beograd

Uploaduj mi:

c:\program files\Common Files\somezyh.exe

preko sledeceg linka:

http://www.mycity.rs/ambulanta-upload.php

Ko je trenutno na forumu
 

Ukupno su 1011 korisnika na forumu :: 78 registrovanih, 9 sakrivenih i 924 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: aboris, amaterSRB, anbeast, aramis s, armor, b_z_b, Beria, Boris Bosiljčić, Brada i Gibanica, Buda Baba, cavatina, chichabg, darkangel, dekan.m, Denaya, Dorcolac, Drug pukovnik, Džordžino, Fog of War, FOX, francis begbie, GandorCC, gomago, goran.vvv, goxin, Griffon vulture, ikan, ivica976, Jester, Jethro, JOntra, krlebgd77, kunktator, kybonacci, Lieutenant, Lord Nem, LUDI, Markoni29, mcgunner, Mimikrija, MiroslavD, Mixelotti, moldway, novator, nuke92, Panter, panzerwaffe, pedja2506, poChetnikk, proka89, Rakenica, raskoljnikov, raykan, rikirubio, RobinHood12, Rocker, Rogan33, S-lash, sabros, Sirius, Sitan_Lopov, slonic_tonic, Sr.Stat., stagezin, strn, Tenk, Tschetschen, Vatrogasaccc, virked, vladom6, vobo, zastavnik, zillbg, zixmix, zogi036, |_MeD_|, Živković, šumar bk2