MyCity » Ambulanta -> Arhiva Ambulante » registry virus

registry virus

Napisano na dan: 13.11.2011
1

registry virus
Sledeća strana Pagination

Idi na vrh

Poslao: 13 Nov 2011 20:34
Idi na vrh
offline
  • Pridružio: 13 Nov 2011
  • Poruke: 20

Ovako, imam virus koji mi zabranjuje da pokrenem bilo koji reg file, da pokrenem task manager i ne mogu da pokrenem po neki exe file. Probao sam formatiranjem celog harda, ali sam preneo neke podatke koji su mi bitni na eksterni hard i vratio kad sam ponovo instalirao windows, tako da je virus ostao tu gde jeste. Cekam uputstva. Smile Hvala!

Poslao: 13 Nov 2011 20:40
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Pozrav i dobrodosao na forum.

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Poslao: 13 Nov 2011 20:53
Idi na vrh
offline
  • Pridružio: 13 Nov 2011
  • Poruke: 20

Nadam se da radim sve po propisima.
Inace imam window xp professional, a sto se interneta tice nisam ni sam siguran zato sto zivim u studentskom domu i svi smo umrezeni preko beogradskog univerziteta. poslacu i sliku sa speedtesta

mycity.rs/must-login.png
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512
Run by Shera at 20:43:45 on 2011-11-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2351 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\totalcmd\TOTALCMD.EXE
C:\Documents and Settings\Shera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Shera\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uInternet Settings,ProxyServer = proxy.rcub.bg.ac.rs:8080
uURLSearchHooks: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFree.dll
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFree.dll
TB: FreeSoundRecorder Toolbar: {32b29df0-2237-4370-9a29-37cebb730e9b} - c:\program files\freesoundrecorder\prxtbFree.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-explorer: NoResolveTrack = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-system: DisableRegistryTools = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: NoSMHelp = 1 (0x1)
dPolicies-explorer: NoResolveTrack = 1 (0x1)
dPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableRegistryTools = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 147.91.1.5
TCP: Interfaces\{A2B9B62B-336E-481D-878C-00B7468F0E6C} : DhcpNameServer = 147.91.1.5
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\shera\application data\mozilla\firefox\profiles\xpb5q7ji.default\
FF - component: c:\program files\mozilla firefox\extensions\talkback@mozilla.org\components\qfaservices.dll
.
============= SERVICES / DRIVERS ===============
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2011-10-19 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2011-10-19 5248]
R2 hl_mull;hl_mull;c:\windows\system32\drivers\hl_mull.sys [2011-11-4 67712]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-19 366152]
R3 amsint32;amsint32;\??\c:\windows\system32\drivers\isrum.sys --> c:\windows\system32\drivers\isrum.sys [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-19 22216]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2011-10-19 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2011-10-19 43608]
S2 rovllx;Security Monitor;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2011-11-13 19:39:50 -------- d-s---w- C:\ComboFix
2011-11-12 15:02:53 103140 ----a-w- C:\vsqv.pif
2011-11-04 18:25:09 -------- d-----w- C:\ArmCAD 2005 Server
2011-11-04 18:22:49 67712 ----a-w- c:\windows\system32\drivers\hl_mull.sys
2011-11-04 18:22:49 57344 ----a-w- c:\windows\system32\drivers\wdreg.exe
2011-11-04 18:09:25 191488 ----a-w- c:\windows\system32\hlvdd.dll
2011-11-04 18:09:24 234496 ----a-w- c:\windows\system32\UNWISE.EXE
2011-11-03 18:19:55 -------- d-----w- c:\windows\SHELLNEW
2011-11-03 18:19:41 -------- d-----w- c:\documents and settings\shera\local settings\application data\Microsoft Help
2011-10-30 11:17:49 -------- d-----w- c:\documents and settings\shera\application data\Radimpex
2011-10-25 17:26:51 -------- d-----w- C:\games
2011-10-24 17:37:22 -------- d-----w- c:\program files\Radimpex
2011-10-24 17:35:50 -------- d-----w- c:\program files\ArmCAD 2005 DEMO (build 1207)
2011-10-24 15:55:11 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-10-24 00:53:11 -------- d-----w- c:\documents and settings\shera\application data\Cool Record Edit Pro
2011-10-24 00:51:12 -------- d-----w- c:\program files\Conduit
2011-10-24 00:51:12 -------- d-----w- c:\documents and settings\shera\local settings\application data\FreeSoundRecorder
2011-10-24 00:51:10 -------- d-----w- c:\program files\ConduitEngine
2011-10-24 00:51:10 -------- d-----w- c:\documents and settings\shera\local settings\application data\ConduitEngine
2011-10-24 00:51:08 -------- d-----w- c:\program files\FreeSoundRecorder
2011-10-24 00:51:08 -------- d-----w- c:\documents and settings\shera\local settings\application data\Temp
2011-10-24 00:51:08 -------- d-----w- c:\documents and settings\shera\local settings\application data\Conduit
2011-10-23 17:19:58 -------- d-----w- c:\program files\MSECache
2011-10-20 22:01:02 -------- d-----w- c:\program files\GRETECH
2011-10-19 17:12:37 -------- d-----w- c:\documents and settings\shera\local settings\application data\Adobe
2011-10-19 13:56:31 -------- d-----w- c:\program files\CCleaner
2011-10-19 13:33:23 -------- d-----w- c:\documents and settings\shera\application data\Malwarebytes
2011-10-19 13:33:19 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-10-19 13:33:16 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-19 13:33:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-19 12:52:54 -------- d-----w- c:\documents and settings\shera\local settings\application data\Google
2011-10-19 12:52:02 -------- d-----w- c:\documents and settings\shera\local settings\application data\Mozilla
2011-10-19 10:29:41 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-10-19 10:29:36 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-10-19 04:05:06 -------- d-----w- c:\program files\common files\Autodesk Shared
2011-10-19 04:05:06 -------- d-----w- c:\program files\AutoCAD 2009
2011-10-19 04:05:06 -------- d-----w- c:\documents and settings\shera\local settings\application data\Autodesk
2011-10-19 04:05:06 -------- d-----w- c:\documents and settings\shera\application data\Autodesk
.
==================== Find3M ====================
.
2011-10-19 02:12:39 0 ----a-w- c:\windows\ativpsrm.bin
2011-10-19 01:53:23 315392 ----a-w- c:\windows\HideWin.exe
.
============= FINISH: 20:44:04.96 ===============

Poslao: 13 Nov 2011 21:29
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Dok ne zavrsimo, ne ubacuj usb uredjaje, diskove i sl.

Kazi mi, pokretao si Combofix? Jel zavrsio do kraja. Jel imas izvestaje ?

Poslao: 13 Nov 2011 21:34
Idi na vrh
offline
  • Pridružio: 13 Nov 2011
  • Poruke: 20

Napisano: 13 Nov 2011 21:30

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Recite ako je potrebno jos nesto. Hvala jos jednom Smile

Dopuna: 13 Nov 2011 21:32

sad sam video da treci nema ekstenziju
mycity.rs/must-login.png

Dopuna: 13 Nov 2011 21:34

diarno ::Dok ne zavrsimo, ne ubacuj usb uredjaje, diskove i sl.

Kazi mi, pokretao si Combofix? Jel zavrsio do kraja. Jel imas izvestaje ?
Nisam pokretao combofox. sad sam odradio ova 3 gmer scan-a i posalo

Poslao: 14 Nov 2011 12:54
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Si umrezen sa jos nekim racunarom?


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Poslao: 14 Nov 2011 23:58
Idi na vrh
offline
  • Pridružio: 13 Nov 2011
  • Poruke: 20

umrezen sam sa jos 200 ljudi u domu. :/
evo combofix log

ComboFix 11-11-14.01 - Shera 11/14/2011 15:04:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2481 [GMT 1:00]
Running from: c:\documents and settings\Shera\My Documents\Downloads\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\vsqv.pif
c:\windows\Alcmtr.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system\BisonCam.dll
c:\windows\system32\drivers\wdreg.exe
c:\windows\system32\msconfig.exe
D:\autorun.inf
.
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Service_amsint32
.
.
((((((((((((((((((((((((( Files Created from 2011-10-14 to 2011-11-14 )))))))))))))))))))))))))))))))
.
.
2011-11-04 18:25 . 2011-11-04 18:27 -------- d-----w- C:\ArmCAD 2005 Server
2011-11-03 18:19 . 2011-11-03 18:19 -------- d-----r- C:\MSOCache
2011-10-25 17:26 . 2011-10-25 17:26 -------- d-----w- C:\games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 06:59 . 2011-10-19 01:35 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 . 2011-10-19 01:35 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 . 2011-10-19 01:35 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 . 2011-10-19 01:35 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 . 2011-10-19 01:35 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[-] 2008-04-28 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-04-14 . 86D30211831DD918C9B71C4FF4B049E8 . 228352 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
.
.
.
.
c:\windows\System32\drivers\beep.sys ... is missing !!
c:\windows\System32\wscntfy.exe ... is missing !!
c:\windows\System32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{32b29df0-2237-4370-9a29-37cebb730e9b}"= "c:\program files\FreeSoundRecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{32b29df0-2237-4370-9a29-37cebb730e9b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32b29df0-2237-4370-9a29-37cebb730e9b}]
2011-01-17 14:54 175912 ----a-w- c:\program files\FreeSoundRecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32b29df0-2237-4370-9a29-37cebb730e9b}"= "c:\program files\FreeSoundRecorder\prxtbFree.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{32b29df0-2237-4370-9a29-37cebb730e9b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3813376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 99840]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 105392 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]
2007-03-15 14:37 32768 ----a-w- c:\windows\BisonCam\BisonHK.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]
2007-03-15 14:34 172032 ----a-w- c:\windows\BisonCam\BsMnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-19 12:52 205808 ----atw- c:\documents and settings\Shera\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2008-12-19 15:12 152968 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-05-16 12:39 16862720 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 144384 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\rrhp.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\WINDOWS\\BisonCam\\BisonCap.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\TOSHIBA\\Bluetooth Toshiba Stack\\ItSecMng.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\Autodesk Shared\\Service\\AdskScSrv.exe"=
"c:\\Program Files\\Common Files\\Autodesk Shared\\AcShellEx\\AcLauncher.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\Documents and Settings\\Shera\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Documents and Settings\\Shera\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3844:TCP"= 3844:TCP:rvkivild
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [10/19/2011 4:30 AM 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [10/19/2011 4:30 AM 5248]
R2 hl_mull;hl_mull;c:\windows\system32\drivers\hl_mull.sys [11/4/2011 7:22 PM 67712]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/19/2011 2:33 PM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/19/2011 2:33 PM 22216]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [10/19/2011 2:57 AM 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [10/19/2011 2:57 AM 43608]
S2 rovllx;Security Monitor;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 4:42 AM 14336]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AMSINT32
*NewlyCreated* - HELPSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rovllx
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-412668190-842925246-1001Core.job
- c:\documents and settings\Shera\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 12:52]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-412668190-842925246-1001UA.job
- c:\documents and settings\Shera\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 12:52]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = proxy.rcub.bg.ac.rs:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 147.91.1.5
FF - ProfilePath - c:\documents and settings\Shera\Application Data\Mozilla\Firefox\Profiles\xpb5q7ji.default\
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-11-14 15:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rovllx]
"ServiceDll"="c:\windows\system32\zknvebw.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
.
**************************************************************************
.
Completion time: 2011-11-14 15:10:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-14 14:10
.
Pre-Run: 33,899,937,792 bytes free
Post-Run: 34,382,483,456 bytes free
.
- - End Of File - - 15AE46B981539C8CD80594B76068B5F4

Poslao: 15 Nov 2011 00:18
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Jel si probao da instaliras neki antivirus? Ako nisi, probaj Avast(trebace nam kasnije).


Otvoriti Notepad i iskopirati sledeci tekst:

file::
c:\windows\system32\zknvebw.dll

registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3844:TCP"= -

Netsvc::
rovllx

Driver::
rovllx


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 15 Nov 2011 02:07
Idi na vrh
offline
  • Pridružio: 13 Nov 2011
  • Poruke: 20

Probao sam da instaliram avast, ali imam problema. Nakon sto pokrenem instalaciju, posle slike koje sam okacio na dnu ove poruke, samo se zatvori prozor za instalaciju. Mogu bilo koji drugi?

ComboFix 11-11-14.03 - Shera 11/15/2011 1:54.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2486 [GMT 1:00]
Running from: c:\documents and settings\Shera\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Shera\Desktop\CFScript.txt
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\windows\system32\zknvebw.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\jnpqa.pif
c:\windows\system32\zknvebw.dll
D:\autorun.inf
D:\ukqp.pif
.
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSINT32
-------\Legacy_ROVLLX
-------\Service_amsint32
-------\Service_rovllx
.
.
((((((((((((((((((((((((( Files Created from 2011-10-15 to 2011-11-15 )))))))))))))))))))))))))))))))
.
.
2011-11-04 18:25 . 2011-11-04 18:27 -------- d-----w- C:\ArmCAD 2005 Server
2011-11-03 18:19 . 2011-11-03 18:19 -------- d-----r- C:\MSOCache
2011-10-25 17:26 . 2011-10-25 17:26 -------- d-----w- C:\games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-07 06:59 . 2011-10-19 01:35 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 . 2011-10-19 01:35 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 . 2011-10-19 01:35 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 . 2011-10-19 01:35 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 . 2011-10-19 01:35 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-28 . 68F06FE0021B01E670AF37B8C5964FDF . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
.
[-] 2008-04-14 . 86D30211831DD918C9B71C4FF4B049E8 . 228352 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-11-14_14.08.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2011-11-14 13:38 65508 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-11-15 00:46 65508 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-11-15 00:46 425650 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2011-11-14 13:38 425650 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{32b29df0-2237-4370-9a29-37cebb730e9b}"= "c:\program files\FreeSoundRecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{32b29df0-2237-4370-9a29-37cebb730e9b}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{32b29df0-2237-4370-9a29-37cebb730e9b}]
2011-01-17 14:54 175912 ----a-w- c:\program files\FreeSoundRecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32b29df0-2237-4370-9a29-37cebb730e9b}"= "c:\program files\FreeSoundRecorder\prxtbFree.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{32b29df0-2237-4370-9a29-37cebb730e9b}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3813376]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-04-14 99840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-21 23:57 105392 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BisonHK]
2007-03-15 14:37 32768 ----a-w- c:\windows\BisonCam\BisonHK.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BsMnt]
2007-03-15 14:34 172032 ----a-w- c:\windows\BisonCam\BsMnt.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-10-19 12:52 205808 ----atw- c:\documents and settings\Shera\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2008-12-19 15:12 152968 ----a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-05-16 12:39 16862720 ----a-w- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-07-11 21:47 144384 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\rrhp.exe"=
"c:\\WINDOWS\\RTHDCPL.EXE"=
"c:\\WINDOWS\\BisonCam\\BisonCap.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Winamp\\winampa.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\Program Files\\TOSHIBA\\Bluetooth Toshiba Stack\\ItSecMng.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbamgui.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\GRETECH\\GomPlayer\\GOM.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Common Files\\Autodesk Shared\\Service\\AdskScSrv.exe"=
"c:\\Program Files\\Common Files\\Autodesk Shared\\AcShellEx\\AcLauncher.exe"=
"c:\\Program Files\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe"=
"c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
"c:\\Documents and Settings\\Shera\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
"c:\\Documents and Settings\\Shera\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
.
R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [10/19/2011 4:30 AM 158720]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [10/19/2011 4:30 AM 5248]
R2 hl_mull;hl_mull;c:\windows\system32\drivers\hl_mull.sys [11/4/2011 7:22 PM 67712]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/19/2011 2:33 PM 366152]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/19/2011 2:33 PM 22216]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [10/19/2011 2:57 AM 51288]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [10/19/2011 2:57 AM 43608]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AMSINT32
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-412668190-842925246-1001Core.job
- c:\documents and settings\Shera\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 12:52]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-412668190-842925246-1001UA.job
- c:\documents and settings\Shera\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-10-19 12:52]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyServer = proxy.rcub.bg.ac.rs:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 147.91.1.5
FF - ProfilePath - c:\documents and settings\Shera\Application Data\Mozilla\Firefox\Profiles\xpb5q7ji.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2011-11-15 01:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808-)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
.
**************************************************************************
.
Completion time: 2011-11-15 02:00:24 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-15 01:00
ComboFix2.txt 2011-11-14 14:10
.
Pre-Run: 33,688,776,704 bytes free
Post-Run: 33,657,401,344 bytes free
.
- - End Of File - - DF7F5DFAD0885CA6786044A5F9FA43BA

Poslao: 15 Nov 2011 19:47
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Arrow Otvoriti Notepad i iskopirati sledeci tekst:

file::
d:\rrhp.exe

registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 0
"DisableRegistryTools"= 0


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Arrow Preuzmi Dr.Web CureIt (~50 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)

Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu

Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.


Arrow Instaliraj Antivirus po zelji.

Arrow Instaliraj Firewall po zelji.

MyCity » Ambulanta -> Arhiva Ambulante » registry virus

Ko je trenutno na forumu
 

Ukupno su 1082 korisnika na forumu :: 37 registrovanih, 2 sakrivenih i 1043 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Andrija357, bigfoot, Brana01, dankisha, draganca, dulleo, dushan, esx66, Fog of War, HrcAk47, hyla, Joja, Kubovac, mercedesamg, Milos ZA, Milos82, nemkea71, nenad81, nesa1962, nuke92, Oscar, procesor, Romibrat, ruger357, S2M, Srle993, StefanopuloZ, t84dar, vathra, Vlad000, Vlada1389, vlajkox, vukovi, Wrangler, zeo, 125