Worm.Win32.AutoRun.dui

1

Worm.Win32.AutoRun.dui

offline
  • mmll 
  • Novi MyCity građanin
  • Pridružio: 23 Dec 2008
  • Poruke: 13

F-secure ga detektuje kao Worm.Win32.AutoRun.dui kad ubacim mp3-player u USB.

Kako da ga se otarasim?

Zahvaljujem!

Hijackthis Log je:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:31, on 2008-12-23
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\F-Secure\FSGUI\scanwizard.exe
C:\Program Files\Adobe\Reader 9.0\Reader\LogTransport2.exe
C:\Documents and Settings\Mirko\Desktop\Mycity\MyCity.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....;pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = t-com.me/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = ie.redirect.hp.com/svs/rdr?TYPE=3&tp=ie.....;pf=laptop
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=64&bd=presario&pf=laptop
O17 - HKLM\System\CCS\Services\Tcpip\..\{87040893-5B08-43D1-98B8-CB7C6A0E3033}: NameServer = 195.66.160.1 195.66.160.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--
End of file - 6919 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Player ćemo da sredimo na kraju; prvo ćemo proveriti kakvo je stanje na PC-u. Player za sada nemoj priključivati.



Klikni desnim tasterom na F-Secure ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Unload.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.




Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • mmll 
  • Novi MyCity građanin
  • Pridružio: 23 Dec 2008
  • Poruke: 13

Ne znam da li sam u necemu pogrijesio, ali mi je skeniranje trajalo vise od 6 sati i nije doslo do kraja, tako da sam ga prekinuo gasenjem kompjutera.

U prozoru prorama nije se nista pojavilo, ali prilikom pokusaja gasenja programa javilo mi je da je proces u toku. Nikakva uputstva mi se nisu pojavljivala. Sken sam probao vise puta, svaki put sa istim rezultatom.

Jos jedna stvar, u opciji Unload F-secur-a postoje dva Unload-a,
prvi: Unload and continue with current security level,
drui: Unload and allow all network traffic.
Ja sam odabrao prvi Unload, da nije tu greska?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Probaj sa korišćenjem druge opcije. Samo skeniranje ne bi trebalo da traje više od 30-60 minuta. Ukoliko uspeš dobiti log, postavi ga u temu.

Ukoliko to ne prođe, uradi sledeće...

Arrow Skini program sa sledećeg linka:

http://images.malwareremoval.com/random/RSIT.exe


Dvoklikom ga pokreni a zatim klikni Continue.


Na kraju procesa će se otvoriti dva loga: prvi, log.txt će biti maksimizovan i njega je potrebno iskopirati u temu na forumu, te drugi, info.txt koji će biti minimizovan (koji nam za sada ne treba).


Znači, postavi sadržaj file-a log.txt u iduću poruku (taj file će biti sačuvan kao C:\rsit\log.txt).



-------------------------------------------------------------------------------------


Takođe, nakon što si odradio jedno od ovoga gore, opet isključi AV i isprati sledeće uputstvo.


Skini sledeci program - http://amf.mycity.rs/personal/bobby/USB_blocker/usb_blocker.exe
- startuj ga i odaberi opciju Auto block
- ubaci USB stick u komp i sacekaj koji sekund (recimo 5-10 sekundi)
- program je sada uradio analizu sticka (vidi se u donjem delu programa, u logu)
- gore levo klikni duplo na slovo koje oznacava particiju, tj. tvoj USB stick
- dole kraj sata ce se pojaviti poruka da smes da izvadis USB stick iz kompa
- ne gasi program, vec ubaci sledeci USB stick i za njega isto sacekaj par sekundi, i tako redom za sve stickove, MP3 plejere, mobilni
- zapamti kojim redom su ubacivani stickovi

Kada sve to zavrsis, log u donjem delu programa ce sadrzati sve podatke koji su meni potrebni da bih video koji stick je zarazen.
Klikni desnim dugmetom misa na log/izvestaj i odaberi Save log.
Automatski ce se otvoriti Notepad i u njemu izvestaj.
Iskopiraj mi taj izvestaj ovde na forum.

offline
  • mmll 
  • Novi MyCity građanin
  • Pridružio: 23 Dec 2008
  • Poruke: 13

Evo ga log.txt ovog RSIT programa koji si mi preporucio, ovaj prvi mi nije pomogao:

Logfile of random's system information tool 1.05 (written by random/random)
Run by Mirko at 2008-12-27 21:23:04
Microsoft Windows XP Professional Service Pack 3
System drive C: has 38 GB (56%) free of 68 GB
Total RAM: 1014 MB (24% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 322368]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-06-17 794713]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2006-06-19 40960]
"RecGuard"=C:\Windows\SMINST\RecGuard.exe [2005-10-11 1187840]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"F-Secure Manager"=C:\Program Files\F-Secure\Common\FSM32.EXE [2008-10-09 182936]
"F-Secure TNB"=C:\Program Files\F-Secure\FSGUI\TNBUtil.exe [2008-10-09 1182304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
C:\WINDOWS\ehome\ehtray.exe [2005-08-06 64512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe [2006-05-04 458752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.Exe [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2006-06-02 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
C:\Program Files\HP\QuickPlay\QPService.exe [2006-06-23 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2008-05-30 21718312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2005-09-25 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Mirko^Start Menu^Programs^StartUp^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-01-21 393216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSEXESVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PSEXESVC]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=36
"NoDriveAutoRun"=FFFFFFFF

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\SopCast\adv\SopAdver.exe"="C:\Program Files\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480


======List of files/folders created in the last 1 months======

2008-12-27 21:23:06 ----D---- C:\Program Files\trend micro
2008-12-27 21:23:04 ----D---- C:\rsit
2008-12-27 20:05:51 ----D---- C:\ComboFix
2008-12-27 20:05:50 ----A---- C:\WINDOWS\system32\CF4828.exe
2008-12-27 19:56:47 ----A---- C:\WINDOWS\system32\CF3051.exe
2008-12-26 18:17:35 ----D---- C:\Program Files\Sector 69
2008-12-25 19:34:49 ----A---- C:\WINDOWS\system32\CF24273.exe
2008-12-25 16:51:32 ----D---- C:\Documents and Settings\Mirko\Application Data\LimeWire
2008-12-25 16:50:55 ----D---- C:\Program Files\LimeWire
2008-12-24 17:26:30 ----A---- C:\WINDOWS\system32\CF11904.exe
2008-12-23 23:06:14 ----A---- C:\WINDOWS\system32\CF25699.exe
2008-12-23 22:43:18 ----A---- C:\WINDOWS\system32\CF21199.exe
2008-12-23 22:43:18 ----A---- C:\WINDOWS\system32\CF21196.exe
2008-12-23 22:07:19 ----A---- C:\WINDOWS\system32\CF14149.exe
2008-12-23 14:09:53 ----A---- C:\WINDOWS\NIRCMD.exe
2008-12-23 14:09:52 ----A---- C:\WINDOWS\zip.exe
2008-12-23 14:09:52 ----A---- C:\WINDOWS\SWREG.exe
2008-12-23 14:09:52 ----A---- C:\WINDOWS\sed.exe
2008-12-23 14:09:52 ----A---- C:\WINDOWS\grep.exe
2008-12-23 14:09:51 ----A---- C:\WINDOWS\VFIND.exe
2008-12-23 14:09:51 ----A---- C:\WINDOWS\SWXCACLS.exe
2008-12-23 14:09:51 ----A---- C:\WINDOWS\SWSC.exe
2008-12-23 14:09:51 ----A---- C:\WINDOWS\fdsv.exe
2008-12-23 14:09:40 ----D---- C:\WINDOWS\ERDNT
2008-12-23 14:09:40 ----D---- C:\Qoobox
2008-12-23 14:09:37 ----A---- C:\WINDOWS\system32\CF18861.exe
2008-12-23 13:49:47 ----RASHD---- C:\autorun.inf
2008-12-20 18:12:02 ----A---- C:\WINDOWS\ntbtlog.txt
2008-12-20 17:28:29 ----HD---- C:\WINDOWS\system32\GroupPolicy
2008-12-20 01:21:51 ----D---- C:\Documents and Settings\Mirko\Application Data\DivX
2008-12-14 20:58:58 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2008-12-14 20:58:58 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2008-12-14 19:41:03 ----D---- C:\Program Files\SopCast
2008-12-12 16:47:20 ----D---- C:\WINDOWS\Prefetch
2008-12-12 16:19:56 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2008-12-12 16:19:48 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2008-12-12 16:19:40 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2008-12-12 16:19:25 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2008-12-12 16:19:16 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2008-12-12 16:19:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2008-12-12 16:18:54 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2008-12-12 16:18:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2008-12-12 16:18:36 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2008-12-12 16:18:26 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2008-12-12 16:18:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2008-12-12 16:18:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2008-12-12 16:17:58 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2008-12-12 16:17:49 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2008-12-12 16:17:41 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$
2008-12-12 16:09:16 ----D---- C:\WINDOWS\system32\scripting
2008-12-12 16:09:14 ----D---- C:\WINDOWS\system32\en
2008-12-12 16:09:13 ----D---- C:\WINDOWS\system32\bits
2008-12-10 20:55:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2008-12-10 20:54:58 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2008-12-10 20:54:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956802_0$
2008-12-10 19:27:22 ----D---- C:\WINDOWS\system32\en-US
2008-12-10 19:24:49 ----N---- C:\WINDOWS\system32\xmllite.dll
2008-12-10 19:14:01 ----HDC---- C:\WINDOWS\$NtUninstallKB954600_0$
2008-12-09 11:52:21 ----N---- C:\WINDOWS\system32\wmphoto.dll
2008-12-09 11:52:15 ----N---- C:\WINDOWS\system32\wlanapi.dll
2008-12-09 11:52:10 ----N---- C:\WINDOWS\system32\windowscodecsext.dll
2008-12-09 11:52:10 ----N---- C:\WINDOWS\system32\windowscodecs.dll
2008-12-09 11:52:01 ----N---- C:\WINDOWS\system32\verclsid.exe
2008-12-09 11:51:51 ----N---- C:\WINDOWS\system32\tspkg.dll
2008-12-09 11:51:50 ----N---- C:\WINDOWS\system32\tsgqec.dll
2008-12-09 11:51:35 ----N---- C:\WINDOWS\system32\spupdwxp.exe
2008-12-09 11:51:32 ----A---- C:\WINDOWS\system32\spdwnwxp.exe
2008-12-09 11:51:29 ----N---- C:\WINDOWS\system32\slserv.exe
2008-12-09 11:51:29 ----N---- C:\WINDOWS\system32\slrundll.exe
2008-12-09 11:51:29 ----N---- C:\WINDOWS\system32\slgen.dll
2008-12-09 11:51:28 ----N---- C:\WINDOWS\system32\slextspk.dll
2008-12-09 11:51:28 ----N---- C:\WINDOWS\system32\slcoinst.dll
2008-12-09 11:51:20 ----N---- C:\WINDOWS\system32\setupn.exe
2008-12-09 11:51:13 ----N---- C:\WINDOWS\system32\s3gnb.dll
2008-12-09 11:51:10 ----N---- C:\WINDOWS\system32\rhttpaa.dll
2008-12-09 11:51:07 ----N---- C:\WINDOWS\system32\rasqec.dll
2008-12-09 11:51:05 ----N---- C:\WINDOWS\system32\qutil.dll
2008-12-09 11:51:02 ----N---- C:\WINDOWS\system32\qcliprov.dll
2008-12-09 11:51:01 ----N---- C:\WINDOWS\system32\qagentrt.dll
2008-12-09 11:51:01 ----N---- C:\WINDOWS\system32\qagent.dll
2008-12-09 11:50:57 ----N---- C:\WINDOWS\system32\photometadatahandler.dll
2008-12-09 11:50:53 ----N---- C:\WINDOWS\system32\onex.dll
2008-12-09 11:50:43 ----N---- C:\WINDOWS\system32\nv4_disp.dll
2008-12-09 11:50:25 ----N---- C:\WINDOWS\system32\napstat.exe
2008-12-09 11:50:24 ----N---- C:\WINDOWS\system32\napmontr.dll
2008-12-09 11:50:23 ----N---- C:\WINDOWS\system32\napipsec.dll
2008-12-09 11:50:22 ----N---- C:\WINDOWS\system32\mtxparhd.dll
2008-12-09 11:50:21 ----N---- C:\WINDOWS\system32\msxml6.dll
2008-12-09 11:50:15 ----N---- C:\WINDOWS\system32\msshavmsg.dll
2008-12-09 11:50:14 ----N---- C:\WINDOWS\system32\mssha.dll
2008-12-09 11:49:41 ----N---- C:\WINDOWS\system32\mmcperf.exe
2008-12-09 11:49:40 ----N---- C:\WINDOWS\system32\mmcfxcommon.dll
2008-12-09 11:49:40 ----N---- C:\WINDOWS\system32\mmcex.dll
2008-12-09 11:49:39 ----N---- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-12-09 11:49:29 ----N---- C:\WINDOWS\system32\l2gpstore.dll
2008-12-09 11:49:28 ----N---- C:\WINDOWS\system32\kmsvc.dll
2008-12-09 11:49:27 ----N---- C:\WINDOWS\system32\kbdpash.dll
2008-12-09 11:49:27 ----N---- C:\WINDOWS\system32\kbdnepr.dll
2008-12-09 11:49:27 ----N---- C:\WINDOWS\system32\kbdiultn.dll
2008-12-09 11:49:26 ----N---- C:\WINDOWS\system32\kbdbhc.dll
2008-12-09 11:48:52 ----N---- C:\WINDOWS\system32\smtpapi.dll
2008-12-09 11:48:51 ----N---- C:\WINDOWS\system32\rwnh.dll
2008-12-09 11:48:42 ----N---- C:\WINDOWS\system32\comsdupd.exe
2008-12-09 11:48:33 ----N---- C:\WINDOWS\system32\hsfcisp2.dll
2008-12-09 11:48:23 ----A---- C:\WINDOWS\005873_.tmp
2008-12-09 11:48:22 ----N---- C:\WINDOWS\system32\faxpatch.exe
2008-12-09 11:48:18 ----N---- C:\WINDOWS\system32\eapsvc.dll
2008-12-09 11:48:18 ----N---- C:\WINDOWS\system32\eapqec.dll
2008-12-09 11:48:18 ----N---- C:\WINDOWS\system32\eappprxy.dll
2008-12-09 11:48:18 ----N---- C:\WINDOWS\system32\eapphost.dll
2008-12-09 11:48:18 ----N---- C:\WINDOWS\system32\eappgnui.dll
2008-12-09 11:48:18 ----N---- C:\WINDOWS\system32\eappcfg.dll
2008-12-09 11:48:18 ----N---- C:\WINDOWS\system32\eapp3hst.dll
2008-12-09 11:48:18 ----N---- C:\WINDOWS\system32\eapolqec.dll
2008-12-09 11:48:11 ----N---- C:\WINDOWS\system32\dot3ui.dll
2008-12-09 11:48:11 ----N---- C:\WINDOWS\system32\dot3svc.dll
2008-12-09 11:48:11 ----N---- C:\WINDOWS\system32\dot3msm.dll
2008-12-09 11:48:11 ----N---- C:\WINDOWS\system32\dot3gpclnt.dll
2008-12-09 11:48:11 ----N---- C:\WINDOWS\system32\dot3dlg.dll
2008-12-09 11:48:10 ----N---- C:\WINDOWS\system32\dot3cfg.dll
2008-12-09 11:48:10 ----N---- C:\WINDOWS\system32\dot3api.dll
2008-12-09 11:48:05 ----N---- C:\WINDOWS\system32\dimsroam.dll
2008-12-09 11:48:05 ----N---- C:\WINDOWS\system32\dimsntfy.dll
2008-12-09 11:48:04 ----N---- C:\WINDOWS\system32\dhcpqec.dll
2008-12-09 11:47:57 ----N---- C:\WINDOWS\system32\credssp.dll
2008-12-09 11:47:44 ----N---- C:\WINDOWS\system32\bitsprx4.dll
2008-12-09 11:47:38 ----N---- C:\WINDOWS\system32\azroles.dll
2008-12-09 11:47:35 ----N---- C:\WINDOWS\system32\ativvaxx.dll
2008-12-09 11:47:35 ----N---- C:\WINDOWS\system32\ativtmxx.dll
2008-12-09 11:47:34 ----N---- C:\WINDOWS\system32\ati3duag.dll
2008-12-09 11:47:34 ----N---- C:\WINDOWS\system32\ati3d1ag.dll
2008-12-09 11:47:33 ----N---- C:\WINDOWS\system32\ati2dvag.dll
2008-12-09 11:47:33 ----N---- C:\WINDOWS\system32\ati2dvaa.dll
2008-12-09 11:47:32 ----N---- C:\WINDOWS\system32\ati2cqag.dll
2008-12-09 11:47:21 ----N---- C:\WINDOWS\system32\aaclient.dll
2008-12-08 19:12:14 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-07 14:18:34 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$
2008-12-07 14:18:11 ----HDC---- C:\WINDOWS\$NtUninstallKB944338-v2$
2008-12-06 17:31:16 ----D---- C:\WINDOWS\system32\PreInstall
2008-12-06 15:23:20 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2008-12-04 20:19:53 ----D---- C:\Documents and Settings\Mirko\Application Data\skypePM
2008-12-04 20:13:07 ----D---- C:\Documents and Settings\Mirko\Application Data\Skype
2008-12-04 15:23:13 ----A---- C:\WINDOWS\system32\mdimon.dll
2008-12-04 15:22:06 ----D---- C:\Program Files\Common Files\L&H
2008-12-04 15:20:36 ----D---- C:\Program Files\Microsoft Visual Studio
2008-12-03 12:23:16 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-03 12:23:16 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-03 12:23:16 ----A---- C:\WINDOWS\system32\java.exe
2008-12-03 12:22:02 ----D---- C:\Documents and Settings\Mirko\Application Data\Sun
2008-12-02 11:03:58 ----D---- C:\Documents and Settings\Mirko\Application Data\GRETECH
2008-12-02 11:02:58 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2008-12-02 11:02:58 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2008-12-02 11:02:58 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2008-12-02 11:02:58 ----N---- C:\WINDOWS\system32\pxafs.dll
2008-12-01 00:50:20 ----D---- C:\Documents and Settings\Mirko\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2008-12-01 00:48:48 ----D---- C:\Program Files\Common Files\Adobe AIR
2008-12-01 00:03:58 ----D---- C:\Documents and Settings\Mirko\Application Data\AdobeUM
2008-12-01 00:03:23 ----D---- C:\Documents and Settings\Mirko\Application Data\Adobe
2008-11-30 23:39:40 ----A---- C:\WINDOWS\system32\hidserv.dll
2008-11-30 23:07:25 ----D---- C:\Documents and Settings\Mirko\Application Data\Mozilla
2008-11-30 22:20:00 ----D---- C:\Documents and Settings\Mirko\Application Data\F-Secure
2008-11-30 21:58:50 ----D---- C:\WINDOWS\system32\appmgmt
2008-11-30 21:44:03 ----D---- C:\Documents and Settings\Mirko\Application Data\OpenOffice.org2
2008-11-30 19:18:52 ----ASH---- C:\Documents and Settings\Mirko\Application Data\desktop.ini
2008-11-30 19:18:50 ----D---- C:\Documents and Settings\Mirko\Application Data\Identities
2008-11-30 19:18:49 ----SD---- C:\Documents and Settings\Mirko\Application Data\Microsoft
2008-11-30 19:18:49 ----D---- C:\Documents and Settings\Mirko\Application Data\Macromedia
2008-11-30 19:07:20 ----A---- C:\WINDOWS\system32\Thawbrkr.dll
2008-11-30 19:07:20 ----A---- C:\WINDOWS\system32\c_iscii.dll
2008-11-30 19:07:19 ----A---- C:\WINDOWS\system32\kbdusa.dll
2008-11-30 19:07:19 ----A---- C:\WINDOWS\system32\ftlx041e.dll
2008-11-30 18:25:59 ----D---- C:\Quarantine
2008-11-30 18:24:26 ----D---- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

======List of files/folders modified in the last 1 months======

2008-12-27 21:24:03 ----D---- C:\WINDOWS\Temp
2008-12-27 21:23:06 ----RD---- C:\Program Files
2008-12-27 21:17:07 ----D---- C:\Program Files\Mozilla Firefox
2008-12-27 20:53:41 ----D---- C:\WINDOWS\system32
2008-12-27 20:53:41 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-27 20:49:57 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-27 20:49:23 ----D---- C:\WINDOWS\Registration
2008-12-27 20:49:10 ----D---- C:\WINDOWS
2008-12-27 20:47:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-27 20:47:07 ----RASH---- C:\boot.ini
2008-12-27 20:47:07 ----A---- C:\WINDOWS\win.ini
2008-12-27 20:47:07 ----A---- C:\WINDOWS\system.ini
2008-12-27 20:25:22 ----A---- C:\WINDOWS\ModemLog_HDAUDIO Soft Data Fax Modem with SmartCP.txt
2008-12-27 19:04:58 ----D---- C:\Program Files\F-Secure
2008-12-26 15:45:44 ----HD---- C:\WINDOWS\inf
2008-12-25 16:16:18 ----SHD---- C:\WINDOWS\Installer
2008-12-25 16:16:18 ----SHD---- C:\Config.Msi
2008-12-25 16:15:35 ----D---- C:\WINDOWS\WinSxS
2008-12-25 16:15:35 ----D---- C:\Program Files\MSN Messenger
2008-12-23 22:43:20 ----D---- C:\WINDOWS\system32\drivers
2008-12-22 12:41:26 ----D---- C:\Documents and Settings\All Users\Application Data\Google
2008-12-20 18:21:54 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2008-12-20 17:56:19 ----D---- C:\WINDOWS\security
2008-12-20 10:35:28 ----RSHD---- C:\RECYCLER
2008-12-18 13:10:51 ----RSHD---- C:\WINDOWS\system32\dllcache
2008-12-18 13:10:46 ----D---- C:\WINDOWS\ie7updates
2008-12-18 13:10:28 ----HD---- C:\WINDOWS\$hf_mig$
2008-12-14 20:59:35 ----D---- C:\Program Files\DivX
2008-12-13 18:28:49 ----A---- C:\WINDOWS\imsins.BAK
2008-12-13 18:28:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2008-12-13 18:28:16 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2008-12-13 07:40:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2008-12-12 17:14:48 ----D---- C:\WINDOWS\system32\CatRoot
2008-12-12 16:49:05 ----A---- C:\WINDOWS\OEWABLog.txt
2008-12-12 16:47:26 ----A---- C:\WINDOWS\setuplog.txt
2008-12-12 16:46:50 ----D---- C:\WINDOWS\system32\wbem
2008-12-12 16:46:50 ----D---- C:\WINDOWS\system32\Setup
2008-12-12 16:46:50 ----D---- C:\WINDOWS\AppPatch
2008-12-12 16:46:50 ----D---- C:\Program Files\Messenger
2008-12-12 16:46:49 ----RSD---- C:\WINDOWS\Fonts
2008-12-12 16:09:56 ----D---- C:\WINDOWS\system32\inetsrv
2008-12-12 16:09:54 ----D---- C:\WINDOWS\ime
2008-12-12 16:09:54 ----D---- C:\WINDOWS\Help
2008-12-12 16:09:19 ----D---- C:\WINDOWS\system32\usmt
2008-12-12 16:09:13 ----D---- C:\WINDOWS\PeerNet
2008-12-12 16:09:12 ----D---- C:\Program Files\Movie Maker
2008-12-12 16:08:45 ----D---- C:\WINDOWS\system32\Restore
2008-12-12 16:08:44 ----D---- C:\WINDOWS\system32\npp
2008-12-12 16:08:44 ----D---- C:\WINDOWS\mui
2008-12-12 16:08:41 ----D---- C:\WINDOWS\msagent
2008-12-12 16:08:38 ----D---- C:\WINDOWS\srchasst
2008-12-12 16:08:36 ----D---- C:\Program Files\NetMeeting
2008-12-12 16:08:31 ----D---- C:\WINDOWS\system32\Com
2008-12-12 16:08:28 ----D---- C:\Program Files\Windows NT
2008-12-12 16:08:27 ----D---- C:\Program Files\Outlook Express
2008-12-12 16:08:21 ----D---- C:\Program Files\Common Files\System
2008-12-12 16:08:04 ----D---- C:\WINDOWS\system32\oobe
2008-12-12 16:07:59 ----D---- C:\WINDOWS\system
2008-12-12 16:03:37 ----D---- C:\WINDOWS\system32\ReinstallBackups
2008-12-12 16:03:22 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2008-12-12 15:58:34 ----D---- C:\WINDOWS\ehome
2008-12-10 19:41:06 ----D---- C:\Program Files\Internet Explorer
2008-12-10 19:27:29 ----D---- C:\WINDOWS\system32\config
2008-12-10 19:27:04 ----HDC---- C:\WINDOWS\ie7
2008-12-10 19:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2008-12-10 19:22:39 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2008-12-07 14:50:10 ----SD---- C:\WINDOWS\Downloaded Program Files
2008-12-07 14:25:41 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2008-12-07 14:25:32 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2008-12-07 14:25:22 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2008-12-07 14:25:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2008-12-07 14:25:05 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2008-12-07 14:24:56 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2008-12-07 14:24:44 ----HDC---- C:\WINDOWS\$NtUninstallKB950974_0$
2008-12-07 14:24:33 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2008-12-07 14:24:21 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2008-12-07 14:24:13 ----D---- C:\Program Files\Windows Media Player
2008-12-07 14:24:12 ----HDC---- C:\WINDOWS\$NtUninstallKB926251$
2008-12-07 14:23:47 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2008-12-07 14:23:21 ----HDC---- C:\WINDOWS\$NtUninstallKB913800$
2008-12-07 14:21:20 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2008-12-07 14:21:05 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2008-12-07 14:20:53 ----HDC---- C:\WINDOWS\$NtUninstallKB957097_0$
2008-12-07 14:20:42 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2008-12-07 14:20:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2008-12-07 14:20:15 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2008-12-07 14:19:59 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2008-12-07 14:19:36 ----HDC---- C:\WINDOWS\$NtUninstallKB930494$
2008-12-07 14:19:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2008-12-07 14:19:02 ----HDC---- C:\WINDOWS\$NtUninstallKB955069_0$
2008-12-07 14:17:51 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP10$
2008-12-06 17:31:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
2008-12-06 17:31:13 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2008-12-06 15:23:28 ----D---- C:\WINDOWS\SoftwareDistribution
2008-12-05 16:29:11 ----SD---- C:\WINDOWS\Tasks
2008-12-04 20:12:16 ----D---- C:\Program Files\Skype
2008-12-04 15:23:29 ----A---- C:\WINDOWS\ODBC.INI
2008-12-04 15:22:06 ----D---- C:\Program Files\Common Files
2008-12-04 15:21:51 ----D---- C:\Program Files\Common Files\Microsoft Shared
2008-12-04 15:20:25 ----D---- C:\Program Files\Microsoft Office
2008-12-04 15:20:15 ----D---- C:\WINDOWS\SHELLNEW
2008-12-03 12:23:56 ----D---- C:\Program Files\OpenOffice.org 2.4
2008-12-03 12:23:15 ----D---- C:\Program Files\Java
2008-12-03 12:14:51 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2008-12-02 11:03:56 ----D---- C:\Program Files\Winamp
2008-12-02 11:00:48 ----D---- C:\Program Files\WinRAR
2008-12-01 02:59:15 ----RD---- C:\WINDOWS\Web
2008-12-01 02:59:15 ----D---- C:\WINDOWS\twain_32
2008-12-01 02:58:53 ----D---- C:\WINDOWS\system32\URTTemp
2008-12-01 02:58:50 ----D---- C:\WINDOWS\system32\spool
2008-12-01 02:58:35 ----D---- C:\WINDOWS\system32\ras
2008-12-01 02:58:21 ----D---- C:\WINDOWS\system32\mui
2008-12-01 02:58:13 ----D---- C:\WINDOWS\system32\msmq
2008-12-01 02:58:09 ----D---- C:\WINDOWS\system32\MsDtc
2008-12-01 02:58:05 ----SD---- C:\WINDOWS\system32\Microsoft
2008-12-01 02:58:04 ----D---- C:\WINDOWS\system32\Macromed
2008-12-01 02:57:50 ----D---- C:\WINDOWS\system32\IME
2008-12-01 02:57:47 ----D---- C:\WINDOWS\system32\icsxml
2008-12-01 02:57:47 ----D---- C:\WINDOWS\system32\ias
2008-12-01 02:57:40 ----DC---- C:\WINDOWS\system32\DRVSTORE
2008-12-01 02:57:23 ----D---- C:\WINDOWS\system32\DirectX
2008-12-01 02:57:02 ----D---- C:\WINDOWS\system32\1033
2008-12-01 02:56:59 ----D---- C:\WINDOWS\SMINST
2008-12-01 02:56:52 ----D---- C:\WINDOWS\repair
2008-12-01 02:55:59 ----RD---- C:\WINDOWS\Offline Web Pages
2008-12-01 02:55:31 ----D---- C:\WINDOWS\Media
2008-12-01 02:53:02 ----D---- C:\WINDOWS\Debug
2008-12-01 02:53:02 ----D---- C:\WINDOWS\Cursors
2008-12-01 02:53:00 ----D---- C:\WINDOWS\CREATOR
2008-12-01 02:52:28 ----RSD---- C:\WINDOWS\assembly
2008-12-01 02:52:25 ----HD---- C:\WINDOWS\$NtUninstallKB915381$
2008-12-01 02:52:23 ----HD---- C:\WINDOWS\$NtUninstallKB913580$
2008-12-01 02:52:23 ----HD---- C:\WINDOWS\$NtUninstallKB913446$
2008-12-01 02:52:22 ----HDC---- C:\WINDOWS\$NtUninstallKB912436$
2008-12-01 02:52:22 ----HD---- C:\WINDOWS\$NtUninstallKB912919$
2008-12-01 02:52:22 ----HD---- C:\WINDOWS\$NtUninstallKB912067$
2008-12-01 02:52:20 ----HD---- C:\WINDOWS\$NtUninstallKB911927$
2008-12-01 02:52:19 ----HD---- C:\WINDOWS\$NtUninstallKB911565$
2008-12-01 02:52:19 ----HD---- C:\WINDOWS\$NtUninstallKB911564$
2008-12-01 02:52:19 ----HD---- C:\WINDOWS\$NtUninstallKB911164$
2008-12-01 02:52:18 ----HD---- C:\WINDOWS\$NtUninstallKB910728$
2008-12-01 02:52:17 ----HD---- C:\WINDOWS\$NtUninstallKB910393$
2008-12-01 02:52:16 ----HDC---- C:\WINDOWS\$NtUninstallKB909095$
2008-12-01 02:52:15 ----HD---- C:\WINDOWS\$NtUninstallKB908519$
2008-12-01 02:52:14 ----HD---- C:\WINDOWS\$NtUninstallKB904706$
2008-12-01 02:52:14 ----HD---- C:\WINDOWS\$NtUninstallKB903235$
2008-12-01 02:52:14 ----HD---- C:\WINDOWS\$NtUninstallKB901214$
2008-12-01 02:52:14 ----HD---- C:\WINDOWS\$NtUninstallKB896727$
2008-12-01 02:52:13 ----HD---- C:\WINDOWS\$NtUninstallKB896423$
2008-12-01 02:52:13 ----HD---- C:\WINDOWS\$NtUninstallKB896422$
2008-12-01 02:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB896256$
2008-12-01 02:52:12 ----HD---- C:\WINDOWS\$NtUninstallKB893066$
2008-12-01 02:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB890546$
2008-12-01 02:52:11 ----HD---- C:\WINDOWS\$NtUninstallKB891781$
2008-12-01 02:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB888239$
2008-12-01 02:52:10 ----HD---- C:\WINDOWS\$NtUninstallKB888113$
2008-12-01 02:52:09 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2008-12-01 02:52:09 ----HD---- C:\WINDOWS\$NtUninstallKB885250$
2008-12-01 02:45:20 ----D---- C:\Program Files\RGB
2008-12-01 02:45:19 ----D---- C:\Program Files\Online Services
2008-12-01 02:44:43 ----D---- C:\Program Files\NetWaiting
2008-12-01 02:44:33 ----D---- C:\Program Files\Microsoft Works
2008-12-01 02:42:02 ----D---- C:\Program Files\GemMaster
2008-12-01 02:41:58 ----D---- C:\Program Files\ESPNMotion
2008-12-01 02:41:58 ----D---- C:\Program Files\EnglishOtto
2008-12-01 02:41:52 ----D---- C:\Program Files\DIGStream
2008-12-01 02:41:49 ----D---- C:\Program Files\CONEXANT
2008-12-01 02:41:15 ----D---- C:\Program Files\Common Files\SureThing Shared
2008-12-01 02:41:15 ----D---- C:\Program Files\Common Files\Sonic Shared
2008-12-01 02:41:10 ----D---- C:\Program Files\Common Files\Services
2008-12-01 02:39:52 ----D---- C:\I386
2008-12-01 02:34:24 ----D---- C:\Documents and Settings\All Users\Application Data\Sonic
2008-12-01 00:49:08 ----D---- C:\Program Files\Adobe
2008-12-01 00:47:40 ----D---- C:\Program Files\Common Files\Adobe
2008-11-30 23:09:55 ----A---- C:\hpqp.ini
2008-11-30 23:08:43 ----A---- C:\XP_TV.ini
2008-11-30 23:01:34 ----D---- C:\Program Files\Common Files\Symantec Shared
2008-11-30 23:01:34 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2008-11-30 22:16:46 ----D---- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-11-30 22:09:33 ----D---- C:\Program Files\Symantec
2008-11-30 21:57:54 ----D---- C:\Documents and Settings\All Users\Application Data\fssg
2008-11-30 19:26:57 ----D---- C:\Program Files\Hewlett-Packard
2008-11-30 19:24:01 ----HD---- C:\system.sav
2008-11-30 19:24:01 ----D---- C:\SwSetup
2008-11-30 19:21:02 ----D---- C:\hp
2008-11-30 19:18:48 ----D---- C:\Documents and Settings
2008-11-30 19:17:39 ----SHD---- C:\System Volume Information
2008-11-30 18:24:56 ----D---- C:\DOWNLOADS
2008-11-30 18:24:51 ----D---- C:\Program Files\iTunes
2008-11-30 18:24:31 ----D---- C:\Program Files\iPod
2008-11-30 18:24:07 ----D---- C:\Program Files\QuickTime
2008-11-30 18:23:06 ----D---- C:\Program Files\Bonjour

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eabfiltr;eabfiltr; C:\WINDOWS\system32\DRIVERS\eabfiltr.sys [2005-09-19 7808]
R1 F-Secure HIPS;F-Secure HIPS Driver; \??\C:\Program Files\F-Secure\HIPS\drivers\fshs.sys []
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-02-15 12672]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys []
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2005-09-19 9344]
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2006-06-02 572928]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-22 1035008]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-08-22 201600]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2006-02-27 81408]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-06-17 193120]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-22 718464]
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 catchme;catchme; \??\C:\DOCUME~1\Mirko\LOCALS~1\Temp\catchme.sys []
S3 eabusb;eabusb; C:\WINDOWS\system32\DRIVERS\eabusb.sys [2005-09-19 5760]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-11 11008]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 SYMIDSCO;SYMIDSCO; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20081127.001\symidsco.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-22 1429632]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-18 13952]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys []
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys []
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-16 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-06 102912]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe [2008-10-09 215648]
R2 FSMA;F-Secure Management Agent; C:\Program Files\F-Secure\Common\FSMA32.EXE [2008-10-09 117400]
R2 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2006-05-02 135168]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-06 99328]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\F-Secure\FSAUA\program\fsaua.exe [2008-10-09 490080]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe [2008-10-09 510560]
R3 F-Secure Network Request Broker;F-Secure Network Request Broker; C:\Program Files\F-Secure\Common\FNRB32.EXE [2008-10-09 162456]
R3 FSORSPClient;F-Secure ORSP Client; C:\Program Files\F-Secure\ORSP Client\fsorsp.exe [2008-10-09 55904]
S3 AddFiltr;AddFiltr; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe [2006-05-08 98304]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-16 32768]
S3 IDriverT;InstallDriver Table Manager; c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-08-04 38912]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

-----------------EOF-----------------





Evo i izvjestaj usb_blocker-a:



USB_blocker by bobby

Started at 2008-12-27 22:49:19

Scanning for connected USB Mass storage...
========================================
========================================
Scanning for other storage...
========================================
C: 38b4d46e-bf09-11dd-9d0d-806d6172696f
D: 38b4d46f-bf09-11dd-9d0d-806d6172696f
========================================

Scanning fixed storage for autorun.inf files...
========================================

autorun.inf found on D:
========================================
Sanitize shell menu for fixed drives:
No key found for C:
No key found for D:
========================================



New device connected at 2008-12-27 22:50:06

Scanning for connected USB Mass storage...
========================================
F: f14571cd-d350-11dd-9d60-0016d49a75c4
========================================

Scanning USB mass storage for autorun.inf and desktop.ini files...
========================================

autorun.inf found on F:
========================================


New device connected at 2008-12-27 22:52:04

Scanning for connected USB Mass storage...
========================================
F: 2050a608-bfb5-11dd-9d19-0016d49a75c4
========================================

Scanning USB mass storage for autorun.inf and desktop.ini files...
========================================

autorun.inf found on F:
========================================


Pozdrav!

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ponovi postupak sa USB_blocker-om ali ovaj put detaljno isprati uputstvo (znači, aktiviraj opciju Auto block).


Nakon toga...

Na D particiji tvoga hard diska kao i na oba usb uređaja koja si priključivao će se nalaziti file pod nazivom autorun.inf.blocked - otvori svaki od tih file-ova u Notepad-u i iskopiraj ovde njihov sadržaj.

offline
  • mmll 
  • Novi MyCity građanin
  • Pridružio: 23 Dec 2008
  • Poruke: 13

Oprosti za prvi put (ne mogu da vjerujem da nisam ukljucio Auto block). Evo ovaj put sa aktiviranom opcijom:

USB_blocker by bobby

Started at 2008-12-28 10:14:13

Scanning for connected USB Mass storage...
========================================
========================================
Scanning for other storage...
========================================
C: 38b4d46e-bf09-11dd-9d0d-806d6172696f
D: 38b4d46f-bf09-11dd-9d0d-806d6172696f
========================================

Scanning fixed storage for autorun.inf files...
========================================

autorun.inf found on D:
========================================
Sanitize shell menu for fixed drives:
No key found for C:
No key found for D:
========================================



New device connected at 2008-12-28 10:14:43

Scanning for connected USB Mass storage...
========================================
F: f14571cd-d350-11dd-9d60-0016d49a75c4
========================================

Scanning USB mass storage for autorun.inf and desktop.ini files...
========================================

autorun.inf found on F:
File F:\autorun.inf renamed successfully
Sanitizing Shell Menu...
No key for GUID: f14571cd-d350-11dd-9d60-0016d49a75c4
========================================


New device connected at 2008-12-28 10:16:11

Scanning for connected USB Mass storage...
========================================
F: 2050a608-bfb5-11dd-9d19-0016d49a75c4
========================================

Scanning USB mass storage for autorun.inf and desktop.ini files...
========================================

autorun.inf found on F:
File F:\autorun.inf renamed successfully
Sanitizing Shell Menu...
No key for GUID: 2050a608-bfb5-11dd-9d19-0016d49a75c4
========================================


Ne mou da nadjem autorun.inf.blocked na D particiji, postoji samo autorun.inf, dok na prvom USB uredjaju je:

[autorun]
open=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
shell\open\default=1

na drugom je:

[autorun]
open=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
icon=%SystemRoot%\system32\SHELL32.dll,4
action=Open folder to view files
shell\open=Open
shell\open\command=RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\wab32.exe
shell\open\default=1

Treba li da ponovim jos jednom citav postupak, mozda sam opet nesto zaboravio da odradim?

Dopuna: 28 Dec 2008 10:51

Prije nisam ima pristup svojoj D particiji koja je Recovery, sada imam. Je li to uopste bitno?

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Sa oba USB uređaja možeš obrisati folder RECYCLER kao i file autorun.inf.blocked.


Takođe, iskopiraj sadržaj file-a autorun.inf sa D particije.

offline
  • mmll 
  • Novi MyCity građanin
  • Pridružio: 23 Dec 2008
  • Poruke: 13

Sadrzaj file-a autorun.inf sa D particije:

[AUTORUN]
ShellExecute=Info.exe protect.ed 480 480

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ok. Trenutno stanje?

Detektuje li AV nešto?

Ko je trenutno na forumu
 

Ukupno su 1433 korisnika na forumu :: 54 registrovanih, 9 sakrivenih i 1370 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, 357magnum, 39mm, A.R.Chafee.Jr., amaterSRB, Atomski čoban, bankulen, Batinas, bojank, Boris90, Brana01, cemix, darkangel, DeerHunter, Dežurni pod palubom, Dimitrise93, Dorcolac, drimer, Duh sa sekirom, Georgius, HogarStrashni, ikan, Ilija Cvorovic, kinez88, Klecaviks, kokodakalo, Kruger, Krvava Devetka, Kubovac, kunktator, Kure126-7, Litostroton, LUDI, Lukaaa, milenko crazy north, MrNo, Nemanja.M, nemkea71, oganj123, oldtimer, opt1, robert1979, royst33, sap, sasa87, slonic_tonic, stegonosa, StepskiVuk, suton, Tvrtko I, virked, VJ, vukdra, zlaya011