Jer moze neko da pogleda ovaj log

1

Jer moze neko da pogleda ovaj log

offline
  • Pridružio: 21 Dec 2005
  • Poruke: 228
  • Gde živiš: Kostolac

Napisano: 01 Sep 2009 2:28

Pokupio sam preko flash-a od prijatelju gomilu virusa i NOD mi je prijavio da ih je nasao i prebacio ih je u karantin ali sada malo malo pa izbaci da je pronasao neki virus
"C:\System Volume Information\_restore{9EC09578-B35E-4D26-8888-66EA3594EE97}\RP430\A0066907.exe a variant of Win32/Kryptik.ABT trojan quarantined - deleted NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\System32\svchost.exe. The file was moved to quarantine. You may close this window. "

Evo loga DDS


DDS (Ver_09-07-30.01) - NTFSx86
Run by AdministratoriNET at 2:19:41,93 on uto 01.09.2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1383 [GMT 2:00]

AV: Eset NOD32 antivirus system 2.51 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\IoctlSvc.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Office Mouse Driver\MouseDrv.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\AdministratoriNET\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\msupdt.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [googletalk] "c:\program files\google\google talk\googletalk.exe" /autostart
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [servises] c:\windows\system32\servises.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] HDAShCut.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [DU Meter] c:\program files\du meter\DUMeter.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [CorelDRAW Graphics Suite 11b] c:\program files\corel\corel graphics 12\languages\en\programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=090809 serial=DR12WNG-0249275-TMV lang=EN
mRun: [WireLessMouse] c:\program files\office mouse driver\StartAutorun.exe MouseDrv.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [BigDogPath] c:\windows\VM_STI.EXE CANYON CN-WCAM23 PC-Camera
mRun: [servises] c:\windows\system32\servises.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uExplorerRun: [servises] c:\windows\system32\servises.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office 2002\office10\OSA.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.1.11.30.dll/206
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: imon.dll
Trusted Zone: raiffeisenbank.rs\rol
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
TCP: {078F2A67-650C-42AB-8E0B-39812A506184} = 212.200.191.166,212.200.190.166
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\winfax\WfxSeh32.Dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\webcw7nt.default\
FF - prefs.js: browser.search.selectedEngine - Pogodak.rs
FF - component: c:\documents and settings\administratorinet\application data\mozilla\firefox\profiles\webcw7nt.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\winnt_x86-msvc\components\pagespeed.dll
FF - component: c:\documents and settings\administratorinet\application data\mozilla\firefox\profiles\webcw7nt.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\administratorinet\application data\mozilla\firefox\profiles\webcw7nt.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\administratorinet\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2007-11-28 25105]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2007-2-27 51440]
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};c:\program files\cyberlink\powerdvd\000.fcl [2007-11-3 41456]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [2008-2-17 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [2008-2-17 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [2008-2-17 8864]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2007-12-16 507904]
R3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\system32\drivers\MOUSEWD.SYS [2008-11-21 6528]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\mediacoder\SysInfo.sys [2007-9-25 15152]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]

=============== Created Last 30 ================

2009-08-31 20:09 <DIR> --dshr-- C:\Win
2009-08-30 11:56 203,776 a------- c:\windows\system32\EBAPI.dll
2009-08-30 11:56 108,032 a------- c:\windows\system32\EBUtil.dll
2009-08-30 11:56 100,864 a------- c:\windows\system32\ebpthp.dll
2009-08-30 11:56 60,020 a------- c:\windows\system32\EBPMON2.DLL
2009-08-30 11:56 32,768 a------- c:\windows\system32\ECBTEG.DLL
2009-08-30 11:56 110 a------- c:\windows\system32\EBPPORT.DAT
2009-08-30 11:56 <DIR> --d----- c:\program files\common files\EPSON
2009-08-30 11:55 <DIR> --d----- C:\EPSON
2009-08-25 21:16 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-08-05 18:59 <DIR> --d----- c:\program files\Motorola
2009-08-05 18:56 196,608 a------- c:\windows\system32\sm56co6a.dll
2009-08-05 17:31 0 a------- c:\windows\WTNSETUP.INI
2009-08-05 17:27 <DIR> --d----- c:\program files\common files\Concord Shared
2009-08-05 17:26 <DIR> --d----- c:\docume~1\admini~1\applic~1\Symantec
2009-08-05 17:26 437,528 a------- c:\windows\system32\401COMUPD.EXE
2009-08-05 17:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2009-08-05 17:26 <DIR> --d----- c:\program files\Symantec
2009-08-05 17:25 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-08-05 17:25 <DIR> --d----- c:\program files\common files\Novell Shared
2009-08-05 17:25 <DIR> --d----- c:\program files\WinFax
2009-08-03 21:35 1,071 a------- c:\windows\AWMODEM.INF
2009-08-03 19:38 18,944 a------- c:\windows\system32\ventmon.dll
2009-08-03 19:38 <DIR> --d----- c:\program files\Venta

==================== Find3M ====================

2009-07-25 05:23 411,368 a------- c:\windows\system32\deploytk.dll
2009-06-27 18:11 253,952 -------- c:\windows\Setup1.exe
2009-06-27 18:11 73,216 a------- c:\windows\ST6UNST.EXE
2009-05-24 09:04 2,568 a--sh--- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2008-06-28 15:32 8 ---shr-- c:\docume~1\alluse~1\applic~1\2C5937E254.sys
2008-01-02 22:43 32 ac------ c:\docume~1\alluse~1\applic~1\ezsid.dat

============= FINISH: 2:20:03,00 ===============




https://www.mycity.rs/must-login.png

Dopuna: 01 Sep 2009 7:11

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8518
  • Gde živiš: Novi Beograd

Zdravo,

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 21 Dec 2005
  • Poruke: 228
  • Gde živiš: Kostolac

Napisano: 03 Sep 2009 18:08

Cao helen, probao sam pre juce da uradim scan sa combo fixom i ostavio racunar da ga skenira i kada sam se vratio racunar je bio restartovan i pisalo je da se Windows oporavio od neke greske, pa sam skeniranje ponovio danas i evo loga.

ComboFix 09-09-02.02 - AdministratoriNET 03.09.2009 17:53.9.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1582 [GMT 2:00]
Running from: c:\documents and settings\AdministratoriNET\Desktop\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\AdministratoriNET\Favorites\Mp3 Download.url
c:\windows\Fonts\deartheo.ttf
c:\windows\Fonts\NAUTICAL.TTF
c:\windows\Fonts\TT8729Z_.TTF
c:\windows\Fonts\TT8730Z_.TTF
c:\windows\Fonts\TT8731Z_.TTF
c:\windows\Installer\6dfb0d.msi
c:\windows\system32\_id.dat

.
((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-08-31 18:09 . 2009-08-31 18:09 -------- d-sh--r- C:\Win
2009-08-30 09:56 . 2009-08-30 09:56 -------- d-----w- c:\program files\Common Files\EPSON
2009-08-30 09:56 . 2000-06-26 00:20 32768 ----a-w- c:\windows\system32\ECBTEG.DLL
2009-08-30 09:56 . 2000-05-22 00:08 60020 ----a-w- c:\windows\system32\EBPMON2.DLL
2009-08-30 09:56 . 2000-04-18 00:02 110 ----a-w- c:\windows\system32\EBPPORT.DAT
2009-08-30 09:56 . 1999-07-19 08:27 203776 ----a-w- c:\windows\system32\EBAPI.dll
2009-08-30 09:56 . 1999-07-15 23:01 100864 ----a-w- c:\windows\system32\ebpthp.dll
2009-08-30 09:56 . 1998-04-03 15:15 108032 ----a-w- c:\windows\system32\EBUtil.dll
2009-08-30 09:55 . 2009-08-30 09:55 -------- d-----w- C:\EPSON
2009-08-25 19:16 . 2009-08-25 19:16 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-08-25 19:16 . 2009-08-25 19:16 -------- d-----w- c:\program files\Common Files\Skype
2009-08-05 16:59 . 2009-08-05 16:59 -------- d-----w- c:\program files\Motorola
2009-08-05 16:56 . 2008-03-04 12:43 196608 ----a-w- c:\windows\system32\sm56co6a.dll
2009-08-05 15:27 . 2009-08-05 15:27 -------- d-----w- c:\program files\Common Files\Concord Shared
2009-08-05 15:26 . 2009-08-05 15:26 -------- d-----w- c:\documents and settings\AdministratoriNET\Application Data\Symantec
2009-08-05 15:26 . 1999-06-10 12:50 437528 ----a-w- c:\windows\system32\401COMUPD.EXE
2009-08-05 15:26 . 2009-08-05 15:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-05 15:26 . 2009-08-05 15:26 -------- d-----w- c:\program files\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-02 21:39 . 2008-04-27 18:52 -------- d-----w- c:\documents and settings\AdministratoriNET\Application Data\uTorrent
2009-08-31 21:06 . 2008-03-01 13:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-28 05:07 . 2009-01-31 18:28 -------- d-----w- c:\program files\Java
2009-08-26 18:08 . 2008-01-02 20:42 -------- d-----w- c:\documents and settings\AdministratoriNET\Application Data\Skype
2009-08-26 15:48 . 2008-01-02 20:43 -------- d-----w- c:\documents and settings\AdministratoriNET\Application Data\skypePM
2009-08-25 19:16 . 2008-01-02 20:41 -------- d-----r- c:\program files\Skype
2009-08-25 19:16 . 2008-01-02 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-08-23 18:03 . 2009-03-09 18:42 -------- d-----w- c:\documents and settings\AdministratoriNET\Application Data\Corel
2009-08-18 21:40 . 2007-12-23 00:57 -------- d-----w- c:\program files\BitComet
2009-08-08 12:26 . 2009-08-05 15:25 -------- d-----w- c:\program files\WinFax
2009-08-08 12:25 . 2009-04-06 20:35 -------- d-----w- c:\program files\QuickTime
2009-08-08 12:25 . 2009-04-06 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-05 15:28 . 2009-08-05 15:25 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-05 15:27 . 2007-11-28 21:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 15:25 . 2009-08-05 15:25 -------- d-----w- c:\program files\Common Files\Novell Shared
2009-08-05 15:25 . 2009-08-05 15:25 41 ----a-w- c:\windows\WFXDEL.BAT
2009-08-03 17:38 . 2009-08-03 17:38 -------- d-----w- c:\program files\Venta
2009-07-26 12:51 . 2007-12-16 12:57 -------- d-----w- c:\program files\Trillian
2009-07-25 03:23 . 2009-01-31 18:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 23:50 . 2009-07-22 23:48 -------- d-----w- c:\documents and settings\AdministratoriNET\Application Data\PMCallCenter
2009-07-15 17:23 . 2007-12-16 12:19 1110464 ----a-w- c:\documents and settings\AdministratoriNET\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 15:52 . 2009-07-07 15:51 -------- d-----w- c:\program files\Microsoft Office 2002
2009-06-27 16:11 . 2009-06-27 16:10 253952 ------w- c:\windows\Setup1.exe
2009-06-27 16:11 . 2009-06-27 16:10 73216 ----a-w- c:\windows\ST6UNST.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-12-16 917504]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2005-02-01 1469952]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"WireLessMouse"="c:\program files\Office Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"BigDogPath"="c:\windows\VM_STI.EXE" [2004-08-20 40960]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2008-03-04 638976]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-03-23 14202368]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check(3).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2000-2-3 222720]
Microsoft Office.lnk - c:\program files\Microsoft Office 2002\Office10\OSA.EXE [2001-2-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\WinFax\WfxSeh32.Dll" [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 ------w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^AdministratoriNET^Start Menu^Programs^Startup^ProjectWhois.lnk]
path=c:\documents and settings\AdministratoriNET\Start Menu\Programs\Startup\ProjectWhois.lnk
backup=c:\windows\pss\ProjectWhois.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^AdministratoriNET^Start Menu^Programs^Startup^VentaDrv.lnk]
path=c:\documents and settings\AdministratoriNET\Start Menu\Programs\Startup\VentaDrv.lnk
backup=c:\windows\pss\VentaDrv.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAID Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAID Manager.lnk
backup=c:\windows\pss\RAID Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27159:TCP"= 27159:TCP:BitComet 27159 TCP
"27159:UDP"= 27159:UDP:BitComet 27159 UDP

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [28.11.2007 23:25 25105]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10.10.2006 14:53 5632]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [27.2.2007 13:39 51440]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [17.2.2008 21:38 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [17.2.2008 21:38 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [17.2.2008 21:38 8864]
R3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\system32\drivers\MOUSEWD.SYS [21.11.2008 0:28 6528]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\MediaCoder\SysInfo.sys [25.9.2007 16:59 15152]
S3 FXDRV;FXDRV;\??\d:\fxdrv.sys --> d:\Fxdrv.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16.2.2006 18:51 4096]
.
Contents of the 'Scheduled Tasks' folder

2009-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1390067357-725345543-1003Core.job
- c:\documents and settings\AdministratoriNET\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 21:55]

2009-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1390067357-725345543-1003UA.job
- c:\documents and settings\AdministratoriNET\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-06-11 21:55]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: imon.dll
Trusted Zone: raiffeisenbank.rs\rol
TCP: {078F2A67-650C-42AB-8E0B-39812A506184} = 212.200.191.166,212.200.190.166
FF - ProfilePath - c:\documents and settings\AdministratoriNET\Application Data\Mozilla\Firefox\Profiles\webcw7nt.default\
FF - prefs.js: browser.search.selectedEngine - Pogodak.rs
FF - component: c:\documents and settings\AdministratoriNET\Application Data\Mozilla\Firefox\Profiles\webcw7nt.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: c:\documents and settings\AdministratoriNET\Application Data\Mozilla\Firefox\Profiles\webcw7nt.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\AdministratoriNET\Application Data\Mozilla\Firefox\Profiles\webcw7nt.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\AdministratoriNET\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 17:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1004336348-1390067357-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(568-)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(624)
c:\windows\system32\imon.dll
.
Completion time: 2009-09-03 18:01
ComboFix-quarantined-files.txt 2009-09-03 16:00
ComboFix2.txt 2008-12-16 22:29

Pre-Run: 8.361.046.016 bytes free
Post-Run: 8.432.934.912 bytes free

210



Ako mozes reci mi zasto je obrisao ove fontove i da li treba da ih obrisem sa drugog racunara jer iste fontove koristim.
Hvala unapred.
PoZ

Dopuna: 03 Sep 2009 18:25

Nadam se da nisam pogresio ali obrisao sam folder Win na C particiji jer mi je Avast na drugom racunaru odakle sam preneo virus na ovaj sa koga saljem log prijavio da je u tom folderu neki trojanac.

Dopuna: 03 Sep 2009 18:26

Pardon, nije avast nego AVG free edition Sad

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8518
  • Gde živiš: Novi Beograd

Nisi pogresio, ali to je moj posao. Smile

Dok ja nesto proverim, ti se zabavi:

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 21 Dec 2005
  • Poruke: 228
  • Gde živiš: Kostolac

Napisano: 03 Sep 2009 18:43

Ok, izvini sto sam ti se umesao u posao Smile ali nastao je jedan problem Sad
Pokrenuo sam program i sacekao da se izvrsi inicijalno skeniranje i ubacivao jedan po jedan flash i kada sam dosao do jednog flash-a koji mi je prijatelj dao da mu presnimim nesto na njega, nod mi je izbacio crveni prozor i istog trenutka mi je izasao plavi ekran i restartovao mi se racunar. Sta da radim dalje i kako da ocistim taj flash ?

Dopuna: 03 Sep 2009 18:46

Sada sam pogledao u NOD-u threat log ali nema nista zabelezeno za danasnji datum Sad

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8518
  • Gde živiš: Novi Beograd

Zipuj/raruj mi sledece fajlove pa mi uploaduj:


C:\Qoobox\Quarantine\C\WINDOWS\Fonts\deartheo.ttf.vir
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\NAUTICAL.ttf.vir
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\TT8729Z_.ttf.vir
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\TT8730Z_.ttf.vir
C:\Qoobox\Quarantine\C\WINDOWS\Fonts\TT8731Z_.ttf.vir

preko ovog linka:

http://www.mycity.rs/ambulanta-upload.php

offline
  • Pridružio: 21 Dec 2005
  • Poruke: 228
  • Gde živiš: Kostolac

Zipovao sam i uploadovao.
A reci mi sta to bi pa se restartova komp, jer to ovaj program za usb ili neki virus na flashu Sad ?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8518
  • Gde živiš: Novi Beograd

Probaj ponovo da skeniras sa onim programom, ali ugasi antivirus.

offline
  • Pridružio: 21 Dec 2005
  • Poruke: 228
  • Gde živiš: Kostolac

Evo ponovo scan sa Combo fix-om ako si na to mislila ili sam trebao da uradim scan sa onim programom ?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8518
  • Gde živiš: Novi Beograd

Trebalo je da skeniras sa USBNoRisk programom.

Ko je trenutno na forumu
 

Ukupno su 1163 korisnika na forumu :: 87 registrovanih, 8 sakrivenih i 1068 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., AK - 230, Alibaba1981, arzak, awathorn, b_z_b, babaroga, Bane san, Batinas, Ben Roj, Bobrock1, botta, Bubili, Buda Baba, Cranium, Dannyboy, darkstar101, Denaya, DENIRO, Drug pukovnik, dukajov, goran.vvv, goranperović66, GORDI, GreenMan, Griffon vulture, haris1913, helen1, Insan, Istman, ivica976, Iwo Jima, Joja, JOntra, kairos, Konda, konstruktor, Kordon, krlebgd77, Lieutenant, ljuba, loon123, mb1213, mercedesamg, Milan A. Nikolic, milos.cbr, MiroslavD, Miskohd, mushroom, neko_drugi, nemkea71, nenad81, nobutado, novator, opt1, pacika, pandur, Rakenica, raskoljnikov, repac, Ripanjac, RJ, royst33, S2M, sakota79, Shinobi, sickmouse, Simon simonović, slonic_tonic, Stoilkovic, Toni, torlak 1, trajkoni018, vasa.93, vathra, VJ, Vlada1389, vladetije, vobo, voja64, vranjanac29, vsn111, wexy, x9, z.milosh, Živković, Čivi