Pomoc oko Logfile

Pomoc oko Logfile

offline
  • zoxetf 
  • Novi MyCity građanin
  • Pridružio: 01 Dec 2008
  • Poruke: 9

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:20, on 12/1/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Zoran Durutovic\Desktop\ok\TR3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - Startup: CCC.lnk = ?
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Lookout Citadel Server (LkCitadelServer) - National Instruments, Inc. - C:\Windows\system32\lkcitdl.exe
O23 - Service: National Instruments PSP Server Locator (lkClassAds) - National Instruments, Inc. - C:\Windows\system32\lkads.exe
O23 - Service: National Instruments Time Synchronization (lkTimeSync) - National Instruments, Inc. - C:\Windows\system32\lktsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: National Instruments Domain Service (NIDomainService) - National Instruments, Inc. - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
O23 - Service: NILM License Manager - Macrovision Corporation - C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
O23 - Service: NI Service Locator (niSvcLoc) - National Instruments Corp. - C:\Windows\system32\nisvcloc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

--
End of file - 6376 bytes

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ne bi bilo lose i da napises na sta se to zalis. Sta nije u redu?

offline
  • zoxetf 
  • Novi MyCity građanin
  • Pridružio: 01 Dec 2008
  • Poruke: 9

Verovatno sam pogresio sto sam prvo skenirao racunar ComboFix-om.
Znaci prvo sam skenirao ComboFix-om pa onda Hijack-om
Evo sta mi je izbacio ComboFix:


ComboFix 08-11-27.07 - 2008-11-28 18:34:16.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.2123 [GMT 1:00]
Running from: c:\users\Zoran Durutovic\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\resycled
c:\resycled\boot.com
c:\windows\system32\acovcnt.exe
c:\windows\system32\awtsPFXo.dll
c:\windows\system32\awtuvTli.dll
c:\windows\system32\cbXNGyXO.dll
c:\windows\system32\cbXOEvvU.dll
c:\windows\system32\cbXPgfgh.dll
c:\windows\system32\cbXQiHBS.dll
c:\windows\system32\dbmmtqhn.ini
c:\windows\system32\efcASlJA.dll
c:\windows\system32\fccaXRHA.dll
c:\windows\system32\geBroPFY.dll
c:\windows\system32\geBsssqp.dll
c:\windows\system32\geBuSLBt.dll
c:\windows\system32\geBuUolm.dll
c:\windows\system32\hgGwUlmL.dll
c:\windows\system32\iesjafet.dll
c:\windows\system32\lfgslidl.ini
c:\windows\system32\ljJCuUll.dll
c:\windows\system32\mlJDwVOh.dll
c:\windows\system32\nhqtmmbd.dll
c:\windows\system32\nnnnKbBQ.dll
c:\windows\System32\nqXIRqss.ini
c:\windows\system32\nqXIRqss.ini2
c:\windows\system32\opnmNFVN.dll
c:\windows\system32\opnnkhIx.dll
c:\windows\system32\pmnlijkI.dll
c:\windows\system32\pmnnLCtr.dll
c:\windows\system32\pmnoPiIY.dll
c:\windows\system32\rqRHbYpN.dll
c:\windows\system32\rqRIyYRK.dll
c:\windows\system32\rqRJBQih.dll
c:\windows\system32\ssqPgDsT.dll
c:\windows\system32\ssqQkIYO.dll
c:\windows\system32\ssqRIXqn.dll
c:\windows\system32\ssqRJdCR.dll
c:\windows\system32\tefajsei.ini
c:\windows\system32\tuvTkjHY.dll
c:\windows\system32\urqQkifE.dll
c:\windows\system32\vtUnlLFX.dll
c:\windows\system32\vtUnnlLc.dll
c:\windows\system32\vtUnonlm.dll
c:\windows\system32\wvUkLFvW.dll
c:\windows\system32\xxywWmnL.dll
F:\autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-28 to 2008-11-28 )))))))))))))))))))))))))))))))
.

2008-11-28 01:14 . 2008-11-28 01:14 <DIR> d-------- c:\users\Zoran Durutovic\AppData\Roaming\skypePM
2008-11-28 01:14 . 2008-11-28 01:14 48 --ah----- c:\users\All Users\ezsidmv.dat
2008-11-28 01:14 . 2008-11-28 01:14 48 --ah----- c:\programdata\ezsidmv.dat
2008-11-28 01:10 . 2008-11-28 01:47 <DIR> d-------- c:\users\Zoran Durutovic\AppData\Roaming\Skype
2008-11-28 01:09 . 2008-11-28 01:09 <DIR> d-------- c:\users\All Users\Skype
2008-11-28 01:09 . 2008-11-28 01:09 <DIR> d-------- c:\programdata\Skype
2008-11-28 01:09 . 2008-11-28 01:09 <DIR> d-------- c:\program files\Skype
2008-11-20 00:38 . 2000-07-31 13:28 286,208 --a------ c:\windows\system\binkw32.dll
2008-11-19 22:46 . 2008-11-20 01:18 682,280 --a------ c:\windows\System32\pbsvc.exe
2008-11-19 22:46 . 2008-11-20 01:18 107,832 --a------ c:\windows\System32\PnkBstrB.exe
2008-11-19 22:46 . 2008-11-19 22:46 66,872 --a------ c:\windows\System32\PnkBstrA.exe
2008-11-19 22:46 . 2008-11-20 01:18 22,328 --a------ c:\windows\System32\drivers\PnkBstrK.sys
2008-11-19 22:46 . 2008-11-20 01:18 22,328 --a------ c:\users\Zoran Durutovic\AppData\Roaming\PnkBstrK.sys
2008-11-18 02:52 . 2008-11-18 02:52 <DIR> d-------- c:\users\Zoran Durutovic\P4P
2008-11-18 02:52 . 2008-11-28 18:24 <DIR> d-------- c:\users\All Users\P4G
2008-11-18 02:52 . 2008-11-28 18:24 <DIR> d-------- c:\programdata\P4G
2008-11-18 02:52 . 2008-11-18 02:52 <DIR> d-------- c:\program files\Power4Gear eXtreme
2008-11-18 02:52 . 2008-11-18 02:52 <DIR> d-------- c:\program files\P4P
2008-11-18 02:52 . 2008-11-18 02:52 <DIR> d-------- c:\program files\P4G
2008-11-17 02:53 . 2008-11-17 02:53 <DIR> d-------- c:\users\Zoran Durutovic\AppData\Roaming\GHISLER
2008-11-17 02:53 . 2008-11-17 03:02 <DIR> d-------- C:\totalcmd
2008-11-17 02:53 . 2007-01-01 06:56 545 --a------ c:\windows\UC.PIF
2008-11-17 02:53 . 2007-01-01 06:56 545 --a------ c:\windows\RAR.PIF
2008-11-17 02:53 . 2007-01-01 06:56 545 --a------ c:\windows\PKZIP.PIF
2008-11-17 02:53 . 2007-01-01 06:56 545 --a------ c:\windows\PKUNZIP.PIF
2008-11-17 02:53 . 2007-01-01 06:56 545 --a------ c:\windows\NOCLOSE.PIF
2008-11-17 02:53 . 2007-01-01 06:56 545 --a------ c:\windows\LHA.PIF
2008-11-17 02:53 . 2007-01-01 06:56 545 --a------ c:\windows\ARJ.PIF
2008-11-17 01:20 . 2008-11-17 01:20 <DIR> d-------- c:\program files\Mobiscope
2008-11-15 16:31 . 2008-11-15 17:13 2,584 --a------ c:\windows\SE.INI
2008-11-15 16:19 . 2008-11-15 16:19 <DIR> d-------- c:\users\Zoran Durutovic\AppData\Roaming\National Instruments
2008-11-15 16:19 . 2008-11-15 16:19 <DIR> d-------- c:\program files\Common Files\Bcgsoft
2008-11-15 16:06 . 2008-11-15 17:17 <DIR> d-------- c:\program files\HI-TECH Software
2008-11-15 16:03 . 2008-11-15 16:03 <DIR> d-------- c:\windows\System32\cvirte
2008-11-15 16:03 . 2008-11-15 16:03 <DIR> d-------- c:\users\All Users\National Instruments
2008-11-15 16:03 . 2008-11-15 16:03 <DIR> d-------- c:\programdata\National Instruments
2008-11-15 16:03 . 2008-11-15 16:06 <DIR> d-------- c:\program files\National Instruments
2008-11-15 16:03 . 2008-11-15 16:06 <DIR> d-------- c:\program files\Common Files\Merge Modules
2008-11-15 11:03 . 2008-11-15 11:03 <DIR> d-------- c:\users\Zoran Durutovic\AppData\Roaming\Design Science
2008-11-15 11:02 . 2008-11-15 11:02 <DIR> d-------- c:\program files\MathType
2008-11-14 20:55 . 2008-11-14 20:56 <DIR> d-------- c:\program files\AnswerWorks 4.0
2008-11-14 20:52 . 2008-11-14 21:01 <DIR> d-------- c:\users\Zoran Durutovic\AppData\Roaming\Autodesk
2008-11-14 20:52 . 2008-11-14 20:52 <DIR> d-------- c:\users\All Users\Autodesk
2008-11-14 20:52 . 2008-11-14 20:52 <DIR> d-------- c:\programdata\Autodesk
2008-11-14 20:52 . 2008-11-14 20:57 <DIR> d-------- c:\program files\AutoCAD 2007
2008-11-14 20:46 . 2008-11-14 20:57 <DIR> d-------- c:\program files\Common Files\Autodesk Shared
2008-11-14 20:46 . 2008-11-14 20:46 <DIR> d-------- c:\program files\Autodesk
2008-11-10 19:05 . 2008-11-10 19:13 <DIR> d-------- c:\program files\EWB512
2008-11-10 17:30 . 2008-11-12 09:10 <DIR> d-------- C:\TEMP
2008-11-10 17:30 . 1998-07-30 06:23 1,347,344 --a------ c:\windows\System32\Msvbvm50.dll
2008-11-10 17:30 . 1998-04-24 19:40 1,045,776 --------- c:\windows\System32\Msjet35.dll
2008-11-10 17:30 . 1998-04-24 19:40 407,312 --------- c:\windows\System32\Msrepl35.dll
2008-11-10 17:30 . 1998-04-24 20:09 368,912 --------- c:\windows\System32\Vbar332.dll
2008-11-10 17:30 . 1998-04-24 19:40 252,176 --------- c:\windows\System32\Msrd2x35.dll
2008-11-10 17:30 . 1998-04-24 19:40 123,664 --------- c:\windows\System32\Msjint35.dll
2008-11-10 17:30 . 1998-06-18 11:33 89,360 --------- c:\windows\System32\Vb5db.dll
2008-11-10 17:30 . 1998-04-24 19:40 24,848 --------- c:\windows\System32\Msjter35.dll
2008-11-10 17:29 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2008-11-09 23:33 . 2008-11-09 23:33 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-11-09 01:49 . 2008-11-09 01:49 268 --ah----- C:\sqmdata19.sqm
2008-11-09 01:49 . 2008-11-09 01:49 244 --ah----- C:\sqmnoopt19.sqm
2008-11-08 23:57 . 2008-11-24 13:28 49 --a------ c:\windows\NeroDigital.ini
2008-11-08 21:47 . 2008-11-08 21:47 268 --ah----- C:\sqmdata18.sqm
2008-11-08 21:47 . 2008-11-08 21:47 244 --ah----- C:\sqmnoopt18.sqm
2008-11-08 20:12 . 2008-11-08 20:12 0 --a------ c:\windows\PhotoNow.INI
2008-11-08 20:09 . 2008-11-08 20:09 <DIR> d-------- c:\program files\Common Files\LightScribe
2008-11-08 20:05 . 2007-01-08 22:17 47,136 --a------ c:\windows\System32\msxm255e.rra
2008-11-08 19:52 . 2007-01-08 22:17 47,136 --a------ c:\windows\System32\msxmf99d.rra
2008-11-08 19:51 . 2008-11-17 18:11 <DIR> d-------- C:\MyWorks
2008-11-08 19:47 . 2008-11-08 19:47 <DIR> d-------- c:\users\All Users\LightScribe
2008-11-08 19:47 . 2008-11-08 19:47 <DIR> d-------- c:\programdata\LightScribe
2008-11-08 16:53 . 2008-11-08 16:53 <DIR> dr------- c:\windows\System32\config\systemprofile\Music
2008-11-08 12:11 . 2008-11-08 12:11 268 --ah----- C:\sqmdata17.sqm
2008-11-08 12:11 . 2008-11-08 12:11 244 --ah----- C:\sqmnoopt17.sqm
2008-11-08 02:55 . 2008-11-08 02:55 268 --ah----- C:\sqmdata16.sqm
2008-11-08 02:55 . 2008-11-08 02:55 244 --ah----- C:\sqmnoopt16.sqm
2008-11-07 21:04 . 2008-11-07 21:04 268 --ah----- C:\sqmdata15.sqm
2008-11-07 21:04 . 2008-11-07 21:04 244 --ah----- C:\sqmnoopt15.sqm
2008-11-07 21:00 . 2008-11-07 21:00 268 --ah----- C:\sqmdata14.sqm
2008-11-07 21:00 . 2008-11-07 21:00 244 --ah----- C:\sqmnoopt14.sqm
2008-11-07 17:32 . 2008-11-07 17:32 287 --a------ c:\windows\game.ini
2008-11-07 17:24 . 2008-11-19 21:48 <DIR> d-------- c:\program files\Activision
2008-11-07 17:16 . 2008-11-07 17:16 <DIR> d--hs---- c:\windows\ftpcache
2008-11-07 16:55 . 2008-11-07 16:55 <DIR> d-------- c:\users\All Users\Nero
2008-11-07 16:55 . 2008-11-07 16:55 <DIR> d-------- c:\programdata\Nero
2008-11-07 16:33 . 2008-11-07 16:33 268 --ah----- C:\sqmdata13.sqm
2008-11-07 16:33 . 2008-11-07 16:33 244 --ah----- C:\sqmnoopt13.sqm
2008-11-07 15:59 . 2008-11-07 17:05 <DIR> d-------- c:\users\Zoran Durutovic\AppData\Roaming\Ahead
2008-11-07 15:58 . 2008-11-07 15:58 <DIR> d-------- c:\users\All Users\Ahead
2008-11-07 15:58 . 2008-11-07 15:58 <DIR> d-------- c:\programdata\Ahead
2008-11-07 15:55 . 2008-11-07 16:57 <DIR> d-------- c:\program files\Common Files\Ahead
2008-11-07 15:30 . 2008-11-07 15:30 268 --ah----- C:\sqmdata12.sqm
2008-11-07 15:30 . 2008-11-07 15:30 244 --ah----- C:\sqmnoopt12.sqm
2008-11-07 15:26 . 2008-04-17 02:36 171,136 -rahs---- C:\grldr
2008-11-07 11:13 . 2008-11-07 11:13 268 --ah----- C:\sqmdata11.sqm
2008-11-07 11:13 . 2008-11-07 11:13 244 --ah----- C:\sqmnoopt11.sqm
2008-11-05 18:22 . 2008-11-05 18:22 <DIR> d-------- c:\program files\Microsoft
2008-11-05 18:16 . 2008-11-05 18:16 268 --ah----- C:\sqmdata10.sqm
2008-11-05 18:16 . 2008-11-05 18:16 244 --ah----- C:\sqmnoopt10.sqm
2008-11-05 18:09 . 2008-11-05 18:09 268 --ah----- C:\sqmdata09.sqm
2008-11-05 18:09 . 2008-11-05 18:09 244 --ah----- C:\sqmnoopt09.sqm
2008-11-05 17:59 . 2008-11-05 17:59 268 --ah----- C:\sqmdata07.sqm
2008-11-05 17:59 . 2008-11-05 17:59 244 --ah----- C:\sqmnoopt07.sqm
2008-11-05 17:59 . 2008-11-05 17:59 172 --ah----- C:\sqmnoopt08.sqm
2008-11-05 17:59 . 2008-11-05 17:59 172 --ah----- C:\sqmdata08.sqm
2008-11-05 17:56 . 2008-11-05 17:56 268 --ah----- C:\sqmdata06.sqm
2008-11-05 17:56 . 2008-11-05 17:56 244 --ah----- C:\sqmnoopt06.sqm
2008-11-05 17:35 . 2008-11-05 17:35 <DIR> d-------- C:\PerfLogs
2008-11-05 17:13 . 2008-11-05 16:49 152,576 --a------ c:\windows\System32\SPWizUI.dll
2008-11-05 17:13 . 2008-11-05 16:49 47,560 --a------ c:\windows\System32\SPReview.exe
2008-11-05 17:13 . 2008-11-10 23:20 268 --ah----- C:\sqmdata05.sqm
2008-11-05 17:13 . 2008-11-10 23:20 244 --ah----- C:\sqmnoopt05.sqm
2008-11-05 16:59 . 2008-01-18 23:33 193,024 --a------ c:\windows\System32\recdisc.exe
2008-11-05 16:59 . 2008-01-18 23:36 6,656 --a------ c:\windows\System32\sdspres.dll
2008-11-05 16:58 . 2008-01-18 23:33 599,552 --a------ c:\windows\System32\vsp1cln.exe
2008-11-05 16:58 . 2008-01-18 23:36 142,336 --a------ c:\windows\System32\spp.dll
2008-11-05 16:58 . 2008-01-18 23:36 28,160 --a------ c:\windows\System32\sxproxy.dll
2008-11-05 16:52 . 2007-12-06 05:04 6,656 --a------ c:\windows\System32\kbd106n.dll
2008-11-05 16:51 . 2008-01-18 23:33 44,032 --a------ c:\windows\System32\cbsra.exe
2008-11-05 16:49 . 2008-11-07 16:34 327,680 --a------ c:\windows\SPInstall.etl
2008-11-05 00:50 . 2008-11-10 22:37 268 --ah----- C:\sqmdata04.sqm
2008-11-05 00:50 . 2008-11-10 22:37 244 --ah----- C:\sqmnoopt04.sqm
2008-11-04 18:34 . 2008-11-04 18:34 <DIR> d-------- c:\users\All Users\Autodata Limited
2008-11-04 18:34 . 2008-11-04 18:34 <DIR> d-------- c:\programdata\Autodata Limited
2008-11-04 18:31 . 2008-11-04 18:31 <DIR> d-------- c:\program files\Common Files\Autodata Limited Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-05 16:44 174 --sha-w c:\program files\desktop.ini
2008-11-05 16:37 --------- d-----w c:\program files\Windows Sidebar
2008-11-05 16:37 --------- d-----w c:\program files\Windows Photo Gallery
2008-11-05 16:37 --------- d-----w c:\program files\Windows Mail
2008-11-05 16:37 --------- d-----w c:\program files\Windows Journal
2008-11-05 16:37 --------- d-----w c:\program files\Windows Defender
2008-11-05 16:37 --------- d-----w c:\program files\Windows Collaboration
2008-11-05 16:37 --------- d-----w c:\program files\Windows Calendar
2008-11-05 16:22 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-11-05 16:21 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-11-03 18:17 --------- d-----w c:\program files\MSBuild
2008-11-03 17:23 319,456 ----a-w c:\windows\DIFxAPI.dll
2008-11-03 17:23 315,392 ----a-w c:\windows\HideWin.exe
2006-01-23 09:32 131,072 ----a-w c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 13:40 132,848 ----a-w c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-09 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-08-03 c:\windows\SkyTel.exe]

c:\users\Zoran Durutovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-07-17 49152]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"msacm.l3codecp"= l3codecp.acm
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Zoran Durutovic^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Zoran Durutovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]
--a------ 2008-11-03 18:32 37232 c:\windows\ASScrProlog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
--a------ 2008-11-03 18:32 33136 c:\windows\ASScrPro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
--------- 2008-03-21 09:21 91432 c:\program files\CyberLink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 09:27 153136 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
--a------ 2007-09-06 14:08 136136 c:\program files\DAEMON Tools Pro\DTProAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--a------ 2008-02-22 11:19 62760 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobiscope]
--a------ 2008-10-27 08:00 1551360 c:\program files\Mobiscope\mobiscope_cpanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
--------- 2007-12-14 11:36 50472 c:\program files\CyberLink\PowerDVD8\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerForPhone]
--a------ 2007-08-02 20:52 778240 c:\program files\P4P\P4P.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2008-04-02 19:09 87336 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
--------- 2008-03-20 20:23 83240 c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePPShortCut]
--------- 2008-01-04 11:02 222504 c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-18 23:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1399243743-1973129243-1207720426-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7A7F2106-AED4-4790-94C3-038A89A2D943}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A03AB87A-A203-4328-B92A-DAE698B49A4E}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A2CB0950-996E-4DE6-87F2-D9765415F033}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{E98F2CAD-4216-42CF-9005-A1C72FD75B7A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A12720E8-C1A3-41AD-A4DA-189FDD8B49C7}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EA1736C7-7B54-4CAB-A266-6B75212B73B2}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{287C8B33-DB89-4AAA-82E8-66811E4517C6}"= c:\program files\CyberLink\PowerDVD8\PowerDVD8.EXE:CyberLink PowerDVD 8.0
"{5DCB1FA0-0998-4B5E-923A-88F778BE050C}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{5058ED74-B87E-4CC4-B059-F560FACDCBE2}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{26C07A49-717E-4695-BA99-816D6408ADF1}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"TCP Query User{BDD7AB71-370C-4E32-8EED-6F068D601A3F}c:\\program files\\mobiscope\\mobiscope_server.exe"= UDP:c:\program files\mobiscope\mobiscope_server.exe:mobiscope_server
"UDP Query User{6E2E365D-F2B2-44FB-B5FD-43B60D37AC1B}c:\\program files\\mobiscope\\mobiscope_server.exe"= TCP:c:\program files\mobiscope\mobiscope_server.exe:mobiscope_server
"{B53F5DB8-44AB-4A79-A0A1-B7B6100DE209}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{853216C2-BA6B-4F78-8D5C-3ED98791CA66}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{DEB11C64-1DE8-42D0-9FBF-79D299F4E0CC}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{3B68299F-1785-48FE-B092-895986E2A9E6}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{74481657-8A5D-40C8-B372-03C4A0E2F8EF}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{B76AABF7-C112-4A5A-91E0-3F34181DD63A}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaWmp.exe:Call of Duty(R) - World at War(TM)
"{8C09FF0A-6A01-45EC-ABCD-ECF5BCF6367E}"= UDP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)
"{AD3CF7B3-1937-44AA-A5AC-B1B631BC29C3}"= TCP:c:\program files\Activision\Call of Duty - World at War\CoDWaW.exe:Call of Duty(R) - World at War(TM)

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 33800]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\CyberLink\PowerDVD8\000.fcl [2008-02-01 17:24:04 41456]
R2 cvintdrv;cvintdrv;c:\windows\system32\drivers\cvintdrv.sys [2006-07-27 4096]
R3 atikmdag;atikmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2007-12-20 3478528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5748a3c8-b002-11dd-8e72-001f3c903f55}]
\shell\AutoRun\command - dwg3gngs.exe
\shell\explore\Command - dwg3gngs.exe
\shell\open\Command - dwg3gngs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c35f1b8f-99c2-11db-854a-002215ed2235}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL i:\resycled\boot.com h:
\shell\Open\command - i:\resycled\boot.com h:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e764c051-a9cd-11dd-8181-001f3c903f55}]
\shell\AutoRun\command - dwg3gngs.exe
\shell\explore\Command - dwg3gngs.exe
\shell\open\Command - dwg3gngs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
BHO-{5600363C-B1A7-464C-9D48-B57A901A74FA} - c:\windows\system32\geBuUolm.dll
BHO-{BE6FA9ED-1667-4A07-81BC-B11D1005FE9F} - c:\windows\system32\ssqRIXqn.dll
HKCU-Run-0099e9e1 - c:\windows\system32\nhqtmmbd.dll
ShellExecuteHooks-{5600363C-B1A7-464C-9D48-B57A901A74FA} - c:\windows\system32\geBuUolm.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\users\Zoran Durutovic\AppData\Roaming\Mozilla\Firefox\Profiles\hmneuj2a.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ba
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-28 18:53:57
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4984)
c:\users\ZORAND~1\AppData\Local\Temp\catchme.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\ATK Hotkey\AsLdrSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\ATK Hotkey\HControl.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\System32\lkcitdl.exe
c:\windows\System32\lkads.exe
c:\windows\System32\lktsrv.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\System32\nisvcloc.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\windows\System32\ACEngSvr.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\System32\wbem\unsecapp.exe
c:\combofix\hidec.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\combofix\Catchme.tmp
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-11-28 18:58:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-28 17:57:05

Pre-Run: 251,110,780,928 bytes free
Post-Run: 258,825,494,528 bytes free

385

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Izvini, ali moram da pitam - ko ti je rekao da racunar uopste skeniras ComboFixom?

ComboFix nije alat koji svako treba da pusta na svoju ruku. On je napravljen za analize prvenstveno, i samo neko ko je naucio da rukuje njima moze da proceni kada je trenutak da se pusti ComboFix.

Generalno, ComboFix ce da ocisti kompjuter tako da nama ovde ostaje jako malo tragova originalne infekcije, i onda moze da se desi da nemamo odakle da pocnemo vise analizu.

Kod tebe se cak desilo da je jedan deo ComboFixa bio blokiran od strane NOD-a, tako da je pitanje i taj log koliko je sada tacan.

Pokusacu da se snadjem u ovome sto si postavio, ali bih te zamolio da, ukoliko zelis nasu pomoc, da onda pratis nasa upustva.

Ono sto sada vidim je da ovde ima tragova infekcija koje se prenose USB stickovima (tu spada i mobilni, digitalni foto-aparat sa memorijskom karticom, MP3 plejeri itd.), pa bih te zamolio da te uredjaje ne koristis dok ovde ne zavrsimo ono sto ima da se uradi.

offline
  • zoxetf 
  • Novi MyCity građanin
  • Pridružio: 01 Dec 2008
  • Poruke: 9

Rekao mi drug koji ocigledno nije upucen!
Posle sam saznao za vas sajt i na kojem sam i procitao uputstvo i skontao da sam pogresio sto sam koristio ComboFix!
dalje se pridrzavam vasih saveta!

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Je li ovo laptop?

Imas li neki USB memorijski uredjaj? Treba da utvrdimo odakle je potekla infekcija koja se siri putem USB memorija.

offline
  • zoxetf 
  • Novi MyCity građanin
  • Pridružio: 01 Dec 2008
  • Poruke: 9

Jeste laptop. Imam imam USB stick

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini sledeci program - http://amf.mycity.rs/personal/bobby/USB_blocker/usb_blocker.exe
- startuj ga i odaberi opciju Auto block
- ubaci USB stick u komp i sacekaj koji sekund (recimo 5-10 sekundi)
- program je sada uradio analizu sticka (vidi se u donjem delu programa, u logu)
- gore levo klikni duplo na slovo koje oznacava particiju, tj. tvoj USB stick
- dole kraj sata ce se pojaviti poruka da smes da izvadis USB stick iz kompa
- ne gasi program, vec ubaci sledeci USB stick i za njega isto sacekaj par sekundi, i tako redom za sve stickove, MP3 plejere, mobilni
- zapamti kojim redom su ubacivani stickovi

Kada sve to zavrsis, log u donjem delu programa ce sadrzati sve podatke koji su meni potrebni da bih video koji stick je zarazen.
Klikni desnim dugmetom misa na log/izvestaj i odaberi Save log.
Automatski ce se otvoriti Notepad i u njemu izvestaj.
Iskopiraj mi taj izvestaj ovde na forum.

Ko je trenutno na forumu
 

Ukupno su 731 korisnika na forumu :: 31 registrovanih, 5 sakrivenih i 695 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., aleksmajstor, aramis s, cenejac111, Cigi, damirZR, dankisha, DENIRO, Djokislav, Drug pukovnik, ekser222, goxin, HrcAk47, jaeger, Jester, Klecaviks, LeGrandCharles, Lucije Kvint, lukac, MB120mm, Mixelotti, Pakito93, repac, stug, Toni, Toper, V.P., vasa.93, vlvl, vukdra