Sumnjivo ...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Popunjena je skoro cela particija od 8GB.
Sumnjam na uljeza.
Evo log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:08:48, on 7.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Program Files\AirLive\Bluetooth Software\BTTray.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\WINDOWS\system32\OSK.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\AirLive\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\!!peerweb dc++ konfigurisan za status hub\PeerWeb DC++.exe
C:\Program Files\Orbitdownloader\Grab.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\RunOnce: [DeleteGrabPro] rundll32.exe advpack.dll,DelNodeRunDLL32 "C:\Program Files\Orbitdownloader\GrabPro.dll"
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Startup: FMZilla.lnk = C:\Program Files\Free Music Zilla\FMZilla.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O8 - Extra context menu item: &Download by Orbit - [Link mogu videti samo ulogovani korisnici]\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - [Link mogu videti samo ulogovani korisnici]\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - [Link mogu videti samo ulogovani korisnici]\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - [Link mogu videti samo ulogovani korisnici]\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\AirLive\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\AirLive\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\AirLive\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [Link mogu videti samo ulogovani korisnici]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\AirLive\Bluetooth Software\bin\btwdins.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9081 bytes

Molim pomoc.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poz...



Potrebno je privremeno isključiti TeaTimer i NOD.

Pokrenite Spybot S&D
Kliknite Mode stavku u meniju
Odaberite Advance Mode
Na traci levo kliknite na Tools
Kliknite na Resident
Destiklirajte Resident Tea-Timer
Zatvorite Spybot S&D
Restartujte kompjuter.
- Zatim skinuti program sa ovog linka na Desktop.
- Pokrenuti ga dvoklikom i ispratiti uputstva.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.


----------


* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


-------------------------------------------------------------------------------------



Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo ga log:

ComboFix 08-10-07.03 - Zoki 2008-10-07 23:58:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1251.1.1033.18.146 [GMT 2:00]
Running from: F:\Programi\HijackThis\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\grouppolicy\machine\scripts\scripts.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


((((((((((((((((((((((((( Files Created from 2008-09-07 to 2008-10-07 )))))))))))))))))))))))))))))))
.

2008-10-05 10:22 . 2008-10-05 10:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-03 21:33 . 2008-10-03 21:33 <DIR> d-------- C:\Program Files\Google
2008-10-03 19:08 . 2008-10-03 20:15 0 --a------ C:\WINDOWS\system32\pqtmp.fil
2008-10-03 19:07 . 2008-10-03 19:07 1,407 --a------ C:\WINDOWS\system32\PQ_BATCH.PQB
2008-10-03 18:54 . 2008-10-03 18:54 <DIR> d-------- C:\Program Files\PowerQuest
2008-10-03 18:54 . 2001-08-10 07:00 1,262,956 --------- C:\WINDOWS\system32\XMNT2001.EXE
2008-10-03 18:54 . 2001-08-10 07:00 3,252 --------- C:\WINDOWS\system32\drivers\PQNTDRV.SYS
2008-10-01 21:55 . 2008-10-01 21:56 <DIR> d-------- C:\Program Files\FreePack
2008-10-01 21:55 . 2008-10-01 21:55 628 --a------ C:\WINDOWS\Vplugfolders.ini
2008-09-27 12:24 . 2008-09-27 12:24 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\GrabPro
2008-09-27 11:41 . 2008-10-03 18:50 <DIR> d-------- C:\Program Files\VDOWNLOADER
2008-09-27 11:17 . 2008-10-07 23:51 <DIR> d-------- C:\Program Files\Orbitdownloader
2008-09-27 11:17 . 2008-10-07 23:52 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\Orbit
2008-09-27 10:24 . 2008-09-27 10:24 <DIR> d-------- C:\downloads
2008-09-27 10:24 . 2008-09-27 10:31 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\FMZilla
2008-09-27 10:22 . 2008-10-07 23:51 <DIR> d-------- C:\Program Files\Free Music Zilla
2008-09-21 10:14 . 2001-08-23 14:00 399,645 --a------ C:\WINDOWS\system32\DllCache\MAPIMIG.CAT
2008-09-20 21:57 . 2008-09-20 21:57 <DIR> d-------- C:\Program Files\K-Lite Codec Pack
2008-09-20 21:57 . 2008-07-23 18:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-09-20 21:57 . 2008-07-04 08:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm
2008-09-20 21:57 . 2008-07-25 10:34 683,520 --a------ C:\WINDOWS\system32\divx.dll
2008-09-20 21:57 . 2004-01-25 18:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-09-20 21:57 . 2007-09-21 02:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-09-20 21:57 . 2008-07-25 10:34 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-09-20 21:57 . 2008-06-12 20:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-09-20 21:57 . 2007-07-10 18:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-09-20 21:57 . 2007-10-03 17:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-09-20 21:57 . 2008-07-30 21:09 38 --a------ C:\WINDOWS\avisplitter.ini
2008-09-20 21:38 . 2008-09-20 21:38 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\Media Player Classic
2008-09-20 21:35 . 2008-09-20 21:36 <DIR> d-------- C:\Program Files\Real Alternative
2008-09-17 18:57 . 2008-09-17 18:57 <DIR> d-------- C:\Program Files\PeerWeb DC++
2008-09-17 18:55 . 2008-10-07 23:44 <DIR> d-------- C:\Program Files\!!peerweb dc++ konfigurisan za status hub
2008-09-17 17:42 . 2008-09-17 17:50 <DIR> d-------- C:\Program Files\ApexDC++
2008-09-13 21:48 . 2004-05-12 14:01 97,408 --a------ C:\WINDOWS\system32\drivers\SI3112r.sys
2008-09-13 21:48 . 2003-10-15 11:28 10,240 --a------ C:\WINDOWS\system32\drivers\SiWinAcc.sys
2008-09-07 17:59 . 2008-09-21 20:06 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\Hamachi
2008-09-07 17:58 . 2008-09-07 17:59 <DIR> d-------- C:\Program Files\Hamachi
2008-09-07 17:58 . 2008-09-07 17:58 16,224 --a------ C:\WINDOWS\system32\drivers\hamachi.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-07 21:52 --------- d-----w C:\Documents and Settings\Zoki\Application Data\skypePM
2008-10-07 21:52 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Skype
2008-10-03 19:27 --------- d-----w C:\Program Files\WinVDRPRO
2008-10-03 19:22 --------- d-----w C:\Program Files\DScaler
2008-10-03 19:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-03 16:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-01 18:19 --------- d-----w C:\Program Files\Mpeg2Schnitt087
2008-09-09 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-07 08:27 --------- d-----w C:\Program Files\Sony Ericsson
2008-09-01 19:50 --------- d-----w C:\Program Files\Bluetooth Remote Control
2008-08-28 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-22 19:08 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-19 14:47 --------- d-----w C:\Program Files\DU Meter
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-23 22058792]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"RegClean Expert Scheduler"="C:\Program Files\Registry Clean Expert\RCHelper.exe" [2007-03-05 389120]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-06-18 1122816]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DU Meter"="C:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 1469952]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"WinDVR SchSvr"="C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-04-14 106496]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-04-25 949376]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-11-11 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-11-11 86016]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]
"nwiz"="nwiz.exe" [2005-11-11 C:\WINDOWS\system32\nwiz.exe]
"nForce Tray Options"="sstray.exe" [2003-08-13 C:\WINDOWS\system32\sstray.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="C:\WINDOWS\system32\msnsc.exe" [2006-01-13 62054]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2006-01-13 44544]

C:\Documents and Settings\Zoki\Start Menu\Programs\Startup\
FMZilla.lnk - C:\Program Files\Free Music Zilla\FMZilla.exe [2008-09-27 626688]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\AirLive\Bluetooth Software\BTTray.exe [2005-12-02 618557]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-03-29 204800]
Orbit.lnk - C:\Program Files\Orbitdownloader\orbitdm.exe [2008-09-27 1707208]
Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [2008-05-25 338448]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\Machine\Scripts\Shutdown\0\0]
"Script"=C:\ntosboot.bat

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\InterVideo\\WinDVR3\\WinDvr.exe"=
"C:\\Program Files\\ApexDC++\\ApexDC.exe"=
"C:\\Program Files\\!!peerweb dc++ konfigurisan za status hub\\PeerWeb DC++.exe"=
"C:\\Program Files\\Hamachi\\hamachi.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:5.0.0.1/255.255.255.255:Enabled:Hamachi in

R0 nvcchflt;NVIDIA Disk Cache Filter Driver;C:\WINDOWS\system32\DRIVERS\nvcchflt.sys [2005-02-11 16640]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2004-05-12 97408]
R2 CX88XBAR;MSI 8606 Crossbar;C:\WINDOWS\system32\drivers\CX88XBar.SYS [2003-03-19 9159]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2007-10-01 419344]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{172b24df-f6c3-11dc-9fa5-00d0d701f58d}]
\Shell\AutoRun\command - D:\autorun.exe
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Nokia.PCSync - C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Zoki\Application Data\Mozilla\Firefox\Profiles\nh0uifxb.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-10-08 00:04:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> ?:\WINDOWS\System32\CSCDLL.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\AirLive\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\osk.exe
C:\WINDOWS\system32\msswchx.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
.
**************************************************************************
.
Completion time: 2008-10-08 0:08:53 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-07 22:08:47

Pre-Run: 118.140.928 bytes free
Post-Run: 224,436,224 bytes free

183 --- E O F --- 2008-09-09 21:50:42

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ništa maliciozno ovde nema - čist kompjuter.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala, to me sad preusmerava na drugo ...