MyCity » Ambulanta -> Arhiva Ambulante » problem sa flash karticom od 1gb

problem sa flash karticom od 1gb

Napisano na dan: 11.4.2008
2

problem sa flash karticom od 1gb
Pagination Prethodna strana

Idi na vrh

Poslao: 12 Apr 2008 11:51
Idi na vrh
offline
  • Pridružio: 26 Jan 2006
  • Poruke: 233

poslao sam fajl preko upload linka catchme.zip



Poslao: 12 Apr 2008 13:06
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8630
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\wcqvlcer.dll
C:\WINDOWS\system32\ypvbrphj.dll
C:\WINDOWS\system32\kepmougi.dll
C:\WINDOWS\system32\dmrxjflb.dll
C:\WINDOWS\system32\gjtoauqh.ini
C:\WINDOWS\system32\yuxoxflm.ini
C:\WINDOWS\system32\k120726382618.exe
C:\WINDOWS\system32\k12072638083.exe
C:\WINDOWS\system32\aogyrfdj.ini
C:\WINDOWS\system32\k120721179016.exe
C:\WINDOWS\system32\k12072117797.exe
C:\WINDOWS\system32\iulvtvdk.ini
C:\WINDOWS\system32\scadeiax.ini
C:\WINDOWS\system32\k12070688966.exe
C:\WINDOWS\system32\k12070688923.exe
C:\WINDOWS\system32\k120706890211.exe
C:\WINDOWS\system32\k12069121733.exe
C:\WINDOWS\system32\k12069114436.exe
C:\WINDOWS\system32\k12069114382.exe
C:\WINDOWS\system32\k12069114404.exe
C:\WINDOWS\system32\k12069090675.exe
C:\WINDOWS\system32\k12069090642.exe
C:\WINDOWS\system32\k12069090707.exe
C:\WINDOWS\system32\k12069090653.exe
C:\WINDOWS\system32\k120690907612.exe
C:\WINDOWS\system32\k12069079223.exe
C:\WINDOWS\system32\k12069079234.exe
C:\WINDOWS\system32\k120686776010.exe
C:\WINDOWS\system32\k12068677502.exe
C:\WINDOWS\system32\k12066123486.exe
C:\WINDOWS\system32\k12066123465.exe
C:\WINDOWS\system32\k12066123443.exe
C:\autorun.inf.mwt
C:\Program Files\Common Files\WIN.exe.mwt
C:\WINDOWS\system32\drivers\core.sys.mwt
C:\WINDOWS\system32\mrwfbdeb.dll
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\MsIMMs32.exE
C:\WINDOWS\system32\mrwfbdeb.dll
C:\WINDOWS\nss3.dll
C:\WINDOWS\softokn3.dll
C:\WINDOWS\nspr4.dll
C:\WINDOWS\Projekt1.exe
C:\WINDOWS\FirePassword.exe
C:\WINDOWS\plc4.dll
C:\WINDOWS\plds4.dll
C:\Program.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\urqOGVpO]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMdbb61280]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmdbcs]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsIMMs32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BMdbb61280"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2b15085-97af-11dc-9f90-0040f4bf0254}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c4b607-4bdd-11dc-9f5e-0040f4bf0254}]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Poslao: 13 Apr 2008 01:08
Idi na vrh
offline
  • Pridružio: 26 Jan 2006
  • Poruke: 233

log fajl od ComboFixa

ComboFix 08-04-11.1 - mafija75 2008-04-13 1:00:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.539 [GMT 2:00]
Running from: C:\Documents and Settings\mafija75\Desktop\virusi\ComboFix.exe
Command switches used :: C:\Documents and Settings\mafija75\Desktop\virusi\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\autorun.inf.mwt
C:\Program Files\Common Files\WIN.exe.mwt
C:\Program.exe
C:\WINDOWS\cmdbcs.exe
C:\WINDOWS\FirePassword.exe
C:\WINDOWS\MsIMMs32.exE
C:\WINDOWS\nspr4.dll
C:\WINDOWS\nss3.dll
C:\WINDOWS\plc4.dll
C:\WINDOWS\plds4.dll
C:\WINDOWS\Projekt1.exe
C:\WINDOWS\softokn3.dll
C:\WINDOWS\system32\aogyrfdj.ini
C:\WINDOWS\system32\dmrxjflb.dll
C:\WINDOWS\system32\drivers\core.sys.mwt
C:\WINDOWS\system32\gjtoauqh.ini
C:\WINDOWS\system32\iulvtvdk.ini
C:\WINDOWS\system32\k12066123443.exe
C:\WINDOWS\system32\k12066123465.exe
C:\WINDOWS\system32\k12066123486.exe
C:\WINDOWS\system32\k12068677502.exe
C:\WINDOWS\system32\k120686776010.exe
C:\WINDOWS\system32\k12069079223.exe
C:\WINDOWS\system32\k12069079234.exe
C:\WINDOWS\system32\k12069090642.exe
C:\WINDOWS\system32\k12069090653.exe
C:\WINDOWS\system32\k12069090675.exe
C:\WINDOWS\system32\k12069090707.exe
C:\WINDOWS\system32\k120690907612.exe
C:\WINDOWS\system32\k12069114382.exe
C:\WINDOWS\system32\k12069114404.exe
C:\WINDOWS\system32\k12069114436.exe
C:\WINDOWS\system32\k12069121733.exe
C:\WINDOWS\system32\k12070688923.exe
C:\WINDOWS\system32\k12070688966.exe
C:\WINDOWS\system32\k120706890211.exe
C:\WINDOWS\system32\k12072117797.exe
C:\WINDOWS\system32\k120721179016.exe
C:\WINDOWS\system32\k12072638083.exe
C:\WINDOWS\system32\k120726382618.exe
C:\WINDOWS\system32\kepmougi.dll
C:\WINDOWS\system32\mrwfbdeb.dll
C:\WINDOWS\system32\scadeiax.ini
C:\WINDOWS\system32\wcqvlcer.dll
C:\WINDOWS\system32\ypvbrphj.dll
C:\WINDOWS\system32\yuxoxflm.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf.mwt
C:\Program Files\Common Files\WIN.exe.mwt
C:\WINDOWS\FirePassword.exe
C:\WINDOWS\nspr4.dll
C:\WINDOWS\nss3.dll
C:\WINDOWS\plc4.dll
C:\WINDOWS\plds4.dll
C:\WINDOWS\Projekt1.exe
C:\WINDOWS\regedit.com
C:\WINDOWS\softokn3.dll
C:\WINDOWS\system32\aogyrfdj.ini
C:\WINDOWS\system32\dmrxjflb.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys.mwt
C:\WINDOWS\system32\gjtoauqh.ini
C:\WINDOWS\system32\iulvtvdk.ini
C:\WINDOWS\system32\k12066123443.exe
C:\WINDOWS\system32\k12066123465.exe
C:\WINDOWS\system32\k12066123486.exe
C:\WINDOWS\system32\k12068677502.exe
C:\WINDOWS\system32\k120686776010.exe
C:\WINDOWS\system32\k12069079223.exe
C:\WINDOWS\system32\k12069079234.exe
C:\WINDOWS\system32\k12069090642.exe
C:\WINDOWS\system32\k12069090653.exe
C:\WINDOWS\system32\k12069090675.exe
C:\WINDOWS\system32\k12069090707.exe
C:\WINDOWS\system32\k120690907612.exe
C:\WINDOWS\system32\k12069114382.exe
C:\WINDOWS\system32\k12069114404.exe
C:\WINDOWS\system32\k12069114436.exe
C:\WINDOWS\system32\k12069121733.exe
C:\WINDOWS\system32\k12070688923.exe
C:\WINDOWS\system32\k12070688966.exe
C:\WINDOWS\system32\k120706890211.exe
C:\WINDOWS\system32\k12072117797.exe
C:\WINDOWS\system32\k120721179016.exe
C:\WINDOWS\system32\k12072638083.exe
C:\WINDOWS\system32\k120726382618.exe
C:\WINDOWS\system32\kepmougi.dll
C:\WINDOWS\system32\scadeiax.ini
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\W007T32W.DLL
C:\WINDOWS\system32\wcqvlcer.dll
C:\WINDOWS\system32\ypvbrphj.dll
C:\WINDOWS\system32\yuxoxflm.ini

.
((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-12 03:00 . 2008-04-12 03:00 <DIR> d-------- C:\VundoFix Backups
2008-04-11 16:49 . 2004-02-23 01:00 1,386,496 --a------ C:\WINDOWS\system\MSVBVM60.DLL
2008-04-11 06:46 . 2008-04-11 09:26 817,369,826 --a------ C:\superdvdripper.avi
2008-04-11 00:18 . 2008-04-11 06:49 <DIR> d-------- C:\Program Files\Max DVD to AVI Converter 4.0
2008-04-10 21:42 . 2008-04-10 23:57 0 --a------ C:\WINDOWS\system32\video.avs
2008-04-10 21:36 . 2008-04-10 21:36 <DIR> d-------- C:\Program Files\Agogo DVD Ripper
2008-04-10 21:36 . 2004-07-03 07:59 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-10 21:36 . 2004-07-03 08:08 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-10 21:36 . 2004-09-06 03:06 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2008-04-06 11:52 . 2008-04-06 11:54 6,942,778 --a------ C:\WINDOWS\REGBK00.ZIP
2008-04-03 23:59 . 2008-04-03 23:59 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-04-03 23:59 . 2008-04-03 23:59 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-04-03 23:59 . 2008-04-03 23:59 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-04-03 23:59 . 2008-04-03 23:59 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-04-03 23:59 . 2008-04-03 23:59 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-04-03 23:59 . 2008-04-03 23:59 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-04-01 18:21 . 2006-03-28 08:54 696,320 --a------ C:\WINDOWS\system32\libeay32.dll
2008-04-01 18:21 . 2006-03-28 08:55 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-04-01 18:19 . 2008-04-01 18:19 <DIR> d-------- C:\Documents and Settings\mafija75\Application Data\iolo
2008-04-01 18:19 . 2008-04-01 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-03-30 21:23 . 2008-03-30 22:05 280 --a------ C:\WINDOWS\wininit.ini
2008-03-30 19:54 . 2008-03-30 22:30 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-29 19:02 . 2008-03-15 14:07 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-29 19:02 . 2008-03-15 13:12 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-03-12 19:17 . 2008-03-30 22:33 <DIR> d-------- C:\Program Files\Imenik
2008-03-12 19:16 . 2000-09-04 15:24 8,055 --a------ C:\WINDOWS\Serbian2.gpl
2008-03-12 19:04 . 2008-03-12 19:04 <DIR> d-------- C:\Program Files\SmileSoft
2008-03-12 19:04 . 2008-03-12 19:04 8 --ah----- C:\dbisam.lck

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 23:01 --------- d-----w C:\Documents and Settings\mafija75\Application Data\uTorrent
2008-04-12 09:50 --------- d-----w C:\Program Files\Soulseek
2008-04-11 17:52 --------- d-----w C:\Program Files\GetRight
2008-04-11 13:25 --------- d-----w C:\Documents and Settings\mafija75\Application Data\AVG7
2008-04-09 19:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-09 16:57 --------- d-----w C:\Documents and Settings\mafija75\Application Data\Canon
2008-04-07 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-07 20:37 --------- d-----w C:\Program Files\Di recnik
2008-04-06 09:21 --------- d-----w C:\Program Files\UltraLott Ticket Printing
2008-04-06 09:21 --------- d-----w C:\Program Files\Net Tools
2008-04-06 09:21 --------- d-----w C:\Program Files\DBPut
2008-04-06 09:21 --------- d-----w C:\Documents and Settings\mafija75\Application Data\Skype
2008-04-06 09:21 --------- d-----w C:\Documents and Settings\mafija75\Application Data\phpDesigner 2008
2008-04-06 09:21 --------- d-----w C:\Documents and Settings\mafija75\Application Data\Azureus
2008-03-30 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 20:28 --------- d-----w C:\Program Files\DivX
2008-03-30 20:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-30 17:43 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-03-29 17:02 --------- d-----w C:\Program Files\ffdshow
2008-03-28 09:04 --------- d-----w C:\Documents and Settings\mafija75\Application Data\SolidDocuments
2008-03-20 22:55 --------- d-----w C:\Program Files\Safari
2008-02-27 23:13 --------- d-----w C:\Program Files\uTorrent
2008-02-25 23:18 --------- d-----w C:\Program Files\WinPcap
2008-02-17 22:06 --------- d-----w C:\Program Files\kmp
2008-02-12 19:29 --------- d-----w C:\Program Files\GNU
2007-12-04 23:37 2,339 ----a-w C:\Program Files\Common Files\m3.exe
2007-12-04 23:37 2,339 ----a-w C:\Program Files\Common Files\m2.exe
2007-12-04 23:37 2,339 ----a-w C:\Program Files\Common Files\m1.exe
.

------- Sigcheck -------

2007-10-31 00:00 360448 5f252dd88b0841e64010d058e02af929 C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-10-31 00:00 360448 5f252dd88b0841e64010d058e02af929 C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 09:32 579072]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 17:46 172032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 14:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 08:34 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2007-01-09 23:20:44 41041]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-08-12 21:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--------- 2003-06-18 01:00 45056 C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-06-18 08:01 16384 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--------- 2005-02-15 16:10 57344 C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DbgHlp32]
C:\WINDOWS\DbgHlp32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-18 19:55 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-03-04 17:46 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAVMon32]
C:\WINDOWS\NAVMon32.exE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-17 03:45 23120680 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-03-03 03:39 6144 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Firebird"=C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe -a

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R2 CX88XBAR;MSI 8606 Crossbar;C:\WINDOWS\system32\drivers\CX88XBar.SYS [2003-03-19 07:50]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2007-09-03 17:13]
S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 09:32]
S4 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2002-12-31 14:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-10-05 21:29:20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-04-13 01:02:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-04-13 1:03:23
ComboFix-quarantined-files.txt 2008-04-12 23:03:05
ComboFix2.txt 2008-04-11 18:01:59
Pre-Run: 16,072,454,144 bytes free
Post-Run: 16,059,101,184 bytes free

Poslao: 13 Apr 2008 21:10
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8630
  • Gde živiš: Novi Beograd

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\DbgHlp32.exe
C:\WINDOWS\NAVMon32.exE
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NAVMon32]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DbgHlp32]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 13 Apr 2008 22:16
Idi na vrh
offline
  • Pridružio: 26 Jan 2006
  • Poruke: 233

log combofix-a je sledeci


ComboFix 08-04-11.1 - mafija75 2008-04-13 22:09:05.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.497 [GMT 2:00]
Running from: C:\Documents and Settings\mafija75\Desktop\virusi\ComboFix.exe
Command switches used :: C:\Documents and Settings\mafija75\Desktop\virusi\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\DbgHlp32.exe
C:\WINDOWS\NAVMon32.exE
.

((((((((((((((((((((((((( Files Created from 2008-03-13 to 2008-04-13 )))))))))))))))))))))))))))))))
.

2008-04-12 03:00 . 2008-04-12 03:00 <DIR> d-------- C:\VundoFix Backups
2008-04-11 16:49 . 2004-02-23 01:00 1,386,496 --a------ C:\WINDOWS\system\MSVBVM60.DLL
2008-04-11 06:46 . 2008-04-11 09:26 817,369,826 --a------ C:\superdvdripper.avi
2008-04-11 00:18 . 2008-04-11 06:49 <DIR> d-------- C:\Program Files\Max DVD to AVI Converter 4.0
2008-04-10 21:42 . 2008-04-10 23:57 0 --a------ C:\WINDOWS\system32\video.avs
2008-04-10 21:36 . 2008-04-10 21:36 <DIR> d-------- C:\Program Files\Agogo DVD Ripper
2008-04-10 21:36 . 2004-07-03 07:59 524,288 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-04-10 21:36 . 2004-07-03 08:08 139,264 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-04-10 21:36 . 2004-09-06 03:06 53,248 --a------ C:\WINDOWS\system32\xvid.ax
2008-04-06 11:52 . 2008-04-06 11:54 6,942,778 --a------ C:\WINDOWS\REGBK00.ZIP
2008-04-03 23:59 . 2008-04-03 23:59 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-04-03 23:59 . 2008-04-03 23:59 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-04-03 23:59 . 2008-04-03 23:59 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-04-03 23:59 . 2008-04-03 23:59 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-04-03 23:59 . 2008-04-03 23:59 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-04-03 23:59 . 2008-04-03 23:59 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-04-01 18:21 . 2006-03-28 08:54 696,320 --a------ C:\WINDOWS\system32\libeay32.dll
2008-04-01 18:21 . 2006-03-28 08:55 155,648 --a------ C:\WINDOWS\system32\ssleay32.dll
2008-04-01 18:19 . 2008-04-01 18:19 <DIR> d-------- C:\Documents and Settings\mafija75\Application Data\iolo
2008-04-01 18:19 . 2008-04-01 18:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo
2008-03-30 21:23 . 2008-03-30 22:05 280 --a------ C:\WINDOWS\wininit.ini
2008-03-30 19:54 . 2008-03-30 22:30 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-29 19:02 . 2008-03-15 14:07 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-03-29 19:02 . 2008-03-15 13:12 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-13 20:08 --------- d-----w C:\Program Files\Soulseek
2008-04-13 20:08 --------- d-----w C:\Documents and Settings\mafija75\Application Data\uTorrent
2008-04-11 17:52 --------- d-----w C:\Program Files\GetRight
2008-04-11 13:25 --------- d-----w C:\Documents and Settings\mafija75\Application Data\AVG7
2008-04-09 19:07 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-09 16:57 --------- d-----w C:\Documents and Settings\mafija75\Application Data\Canon
2008-04-07 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-07 20:37 --------- d-----w C:\Program Files\Di recnik
2008-04-06 09:21 --------- d-----w C:\Program Files\UltraLott Ticket Printing
2008-04-06 09:21 --------- d-----w C:\Program Files\Net Tools
2008-04-06 09:21 --------- d-----w C:\Program Files\DBPut
2008-04-06 09:21 --------- d-----w C:\Documents and Settings\mafija75\Application Data\Skype
2008-04-06 09:21 --------- d-----w C:\Documents and Settings\mafija75\Application Data\phpDesigner 2008
2008-04-06 09:21 --------- d-----w C:\Documents and Settings\mafija75\Application Data\Azureus
2008-03-30 20:33 --------- d-----w C:\Program Files\Imenik
2008-03-30 20:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 20:28 --------- d-----w C:\Program Files\DivX
2008-03-30 20:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-30 17:43 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-03-29 17:02 --------- d-----w C:\Program Files\ffdshow
2008-03-28 09:04 --------- d-----w C:\Documents and Settings\mafija75\Application Data\SolidDocuments
2008-03-20 22:55 --------- d-----w C:\Program Files\Safari
2008-03-12 17:04 --------- d-----w C:\Program Files\SmileSoft
2008-02-27 23:13 --------- d-----w C:\Program Files\uTorrent
2008-02-25 23:18 --------- d-----w C:\Program Files\WinPcap
2008-02-17 22:06 --------- d-----w C:\Program Files\kmp
2007-12-04 23:37 2,339 ----a-w C:\Program Files\Common Files\m3.exe
2007-12-04 23:37 2,339 ----a-w C:\Program Files\Common Files\m2.exe
2007-12-04 23:37 2,339 ----a-w C:\Program Files\Common Files\m1.exe
.

------- Sigcheck -------

2007-10-31 00:00 360448 5f252dd88b0841e64010d058e02af929 C:\WINDOWS\system32\dllcache\TCPIP.SYS
2007-10-31 00:00 360448 5f252dd88b0841e64010d058e02af929 C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-06-16 18:25 49152]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 09:32 579072]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 17:46 172032]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2002-12-31 14:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 08:34 219136]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Monitor Apache Servers.lnk - C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2007-01-09 23:20:44 41041]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GetRight - Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GetRight - Tray Icon.lnk
backup=C:\WINDOWS\pss\GetRight - Tray Icon.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2004-08-12 21:10 339968 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
--------- 2004-12-02 18:23 102400 C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
--------- 2003-06-18 01:00 45056 C:\Program Files\Creative\SBAudigy4\DVDAudio\CTDVDDET.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2005-06-18 08:01 16384 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--------- 2005-02-15 16:10 57344 C:\Program Files\Creative\SBAudigy4\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 08:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-02-18 19:55 49152 C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-03-04 17:46 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-17 03:45 23120680 C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-03-03 03:39 6144 C:\Program Files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Firebird"=C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe -a

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R2 CX88XBAR;MSI 8606 Crossbar;C:\WINDOWS\system32\drivers\CX88XBar.SYS [2003-03-19 07:50]
R2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe [2007-09-03 17:13]
S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 09:32]
S4 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2002-12-31 14:00]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2007-09-14 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-10-05 21:29:20 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-04-13 22:10:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MySQL]
"ImagePath"="\"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"C:\Program Files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-04-13 22:11:22
ComboFix-quarantined-files.txt 2008-04-13 20:11:05
ComboFix2.txt 2008-04-12 23:03:23
ComboFix3.txt 2008-04-11 18:01:59
Pre-Run: 15,969,816,576 bytes free
Post-Run: 15,956,090,880 bytes free

Poslao: 13 Apr 2008 22:54
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8630
  • Gde živiš: Novi Beograd

Poslao: 14 Apr 2008 06:54
Idi na vrh
offline
  • Pridružio: 26 Jan 2006
  • Poruke: 233

jesu li virusi sada sklonjeni? mozes li mi reci koji su virusi bili i nesto detaljnije u vezi virusa koje sam imao?

Poslao: 14 Apr 2008 07:28
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8630
  • Gde živiš: Novi Beograd

Sada bi sve trebalo da bude uredu. Logovi kazu da si cist. Pravo je pitanje cega tu nije bilo. Bio je tu Vundo, razni trijanci, spyware...

Poslao: 14 Apr 2008 09:58
Idi na vrh
offline
  • Pridružio: 26 Jan 2006
  • Poruke: 233

da li se ova metoda moze primeniti i na jos nekom kompjuteru, jer sam moju flash karticu kacio na jos dva racunara?

Poslao: 14 Apr 2008 10:35
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8630
  • Gde živiš: Novi Beograd

gogi100 ::da li se ova metoda moze primeniti i na jos nekom kompjuteru, jer sam moju flash karticu kacio na jos dva racunara?

Sasvim je moguce da su i oni zarazeni. Ali ne mora da znaci da su sa istim infekcijama.

MyCity » Ambulanta -> Arhiva Ambulante » problem sa flash karticom od 1gb

Ko je trenutno na forumu
 

Ukupno su 1698 korisnika na forumu :: 208 registrovanih, 19 sakrivenih i 1471 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 6018 - dana 19 Dec 2025 13:41

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 015, 04bokibole, 1MAP, 252., _stipa_, A.R.Chafee.Jr., AleksSE, aleph_one, Alojzije, alternator, AndrejPetar, Apok, Asparagus, Avalon015, avijacija, AxeleX, babaroga, bakos022, bavar357, baza, BB, BlekMen, bojan313, bojank, Bokiboks, bolenbgd, boromir, Borski1977, borya90, Bosnjo, BOXRR, BrcakRS, Bubimir, BUDDAR70, Buk, Buzdovan, BWG, casual03, Centauro, CioRio, Ciri1994, comi_pfc, crazydkure, DavidA, Deki Duga Devetka, deki1001, Dekster, Despot1, Dexlex, Df410, Dimitrije Paunovic, Dioniss, Dixtrix, dj.ape, Djokislav, djonsule, DJUNTA, Djuza, dnr, dragan4s, draganl, dulleo, dunavzed, DzigiNS, Dzoni2412, Džekson, eagle.rs, Electron, feanor, Feller, FileFinder, Filip1, fireball021, Futog 74, gajca1977, Geran136, Giskard, Goran 0000, goxin, grokek, ikan, Ilija Grubor, Imperator_Aleksandr_lll, Jan, Jezekijel, Joksss, K-1A, Kajzer Soze, Kalem, Karaula, knutveliki, Kordon, kozhedub, Krusarac, kubura91, laganini123, Lance Guest, ljuba, ljubo70, loon123, Macalone, mackenzie, Makarid, Marko Marković, MarkoD, Maruti, maxim_von_burdengate, Md84, mean_machine, mercedesamg, Mercury, metallac777, Mig 29, milanpb, milenko crazy north, Miler88, MILO-VAN, MiroslavD, mishkooo, Murko, mxzzz, Natuzzi, Ne doznajem se u oružje, nelezele, nemkea71, Neutral-M, nikolapetkovic, Nole, Nomica, nuke92, ObelixSRB, orfanel, pablojepao, pacika, Panter, pceklic, Pero, Peruta, Petrusci, Pewac21, Polemarchoi, Polifon, Povratak1912, prasinar, Prečanin30, proka89, Pururin, Ray1973, Razdroid, repac, RiV, rovac, royst33, ruso, S-lash, sale76, samo_srpski, sap, saputnik plavetnila, sasa87, Savantije, Savkec, savuni, sedan, sekretar, Sharpshooter, shlauf, Sirius, Sitan_Lopov, skok, skvara, Sky diver 29, sosko, spektorsky, Srle993, srpskasparta, starlights, Steeeefan, strn, SympathyForTheDevil, Tajpan, Tandrčak, taomaster, TheDictator, theNedjeljko, Tragač, troki1971, tuf, Tunguska55, urosbg, Vanderx, VaRvArI 85, vazduh, vdeki, Veless, Velibor Radoja, veljkovicdani, Veselimalisa, VJ, Vlada78, Vojo06, Vojvoda81, W123, xAlex2, Zdenko, zil10, Zukov, šumar bk2