Potrebna pomoc

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Pozdrav..

Ovako problem mi je se poceo javljati danas.Nod mi svaki 10 sekundi izbaci upozorenje..




Skenirao sam sa Malwarebytes' Anti-Malware i sa Drweb ali nije nista nadjeno.Pa neznam dali je u pitanju zaraza neka ili nesto drugo.Pa ako moze da neko pogleda evo logova..


DDS (Ver_10-03-17.01) - NTFSx86
Run by aco at 18:19:59.45 on Fri 04/02/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.639.252 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\GetRadio\RGService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\aco\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Gmail Notifier] c:\program files\google\gmail notifier\gnotify.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - [Link mogu videti samo ulogovani korisnici]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [Link mogu videti samo ulogovani korisnici]
TCP: {081F6650-C1B0-4F76-8C17-AA3426E65A35} = 87.250.98.250 208.67.222.222
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
mASetup: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - c:\program files\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\aco\applic~1\mozilla\firefox\profiles\5cdrc3z5.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-7-1 35168]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2010-3-31 19320]
R2 ekrn;Eset Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-10-7 472280]
R2 Matrox Centering Service;Matrox Centering Service;c:\program files\matrox graphics inc\powerdesk\services\Matrox.PowerDesk.Services.exe [2009-2-6 1263872]
R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\program files\matrox graphics inc\powerdesk se\Matrox.Pdesk.ServicesHost.exe [2009-2-6 344832]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-2-25 1047880]
R3 RGService;RGService;c:\program files\getradio\RGService.exe [2010-4-2 335872]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]

=============== Created Last 30 ================

2010-04-02 11:42:33 0 d-----w- c:\documents and settings\aco\DoctorWeb
2010-04-02 11:32:07 0 d-----w- c:\program files\GetRadio
2010-04-02 09:24:04 768 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-02 09:05:48 0 d-----w- c:\docume~1\aco\applic~1\FrostWire
2010-04-02 08:42:53 0 d-----w- c:\docume~1\aco\applic~1\Malwarebytes
2010-04-02 08:42:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-02 08:42:40 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-02 08:42:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-02 08:42:39 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 07:40:55 45056 ----a-w- c:\windows\system32\vusetup.dll
2010-04-02 07:40:54 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2010-04-02 07:40:54 11264 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2010-04-02 07:40:46 306688 ----a-w- c:\windows\IsUninst.exe
2010-04-02 06:52:05 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2010-04-02 06:52:05 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2010-04-02 06:52:05 245760 ----a-w- c:\windows\system32\mp4sds32.ax
2010-04-02 06:50:51 0 d-----w- c:\docume~1\aco\applic~1\MAGIX
2010-04-02 06:50:40 111 ----a-w- c:\windows\installation.ini
2010-04-02 06:49:16 0 d-----w- c:\docume~1\alluse~1\applic~1\MAGIX
2010-04-02 06:49:10 0 d-----w- c:\program files\MAGIX
2010-04-02 06:48:37 0 d-----w- c:\program files\common files\MAGIX Services
2010-04-01 23:21:23 0 d-----w- c:\docume~1\aco\applic~1\Bassic Technologies
2010-04-01 23:17:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Bassic Technologies
2010-04-01 23:01:54 118 ----a-w- c:\windows\Podcasts.INI
2010-04-01 22:23:47 0 d-----w- c:\program files\PixiePack Codec Pack
2010-04-01 22:19:48 0 d-----w- c:\program files\RapidSolution
2010-04-01 21:41:46 0 d-----w- c:\documents and settings\aco\amsn
2010-04-01 17:34:06 0 d-----w- c:\program files\JDownloader
2010-04-01 17:32:59 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-03-31 21:38:13 95936 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2010-03-31 21:37:58 0 d-----w- c:\program files\Analog Devices
2010-03-31 21:37:57 45056 ----a-w- c:\windows\system32\DSndUp.exe
2010-03-31 21:37:57 45056 ----a-w- c:\windows\system32\CleanUp.exe
2010-03-31 21:37:55 44 ----a-w- c:\windows\system32\msssc.dll
2010-03-31 21:37:14 0 d-----w- C:\Ibmtools
2010-03-31 21:35:17 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-03-31 21:18:01 0 d-----w- c:\program files\Lavalys
2010-03-31 20:53:46 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-03-31 20:53:14 0 d-----w- c:\docume~1\aco\applic~1\TuneUp Software
2010-03-31 20:52:30 0 d-----w- c:\program files\TuneUp Utilities 2010
2010-03-31 20:52:18 0 d-----w- c:\docume~1\alluse~1\applic~1\TuneUp Software
2010-03-31 20:52:11 0 d-sh--w- c:\docume~1\alluse~1\applic~1\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-03-31 20:34:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Ashampoo
2010-03-31 20:15:08 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-03-31 20:15:08 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-31 20:03:26 0 d-----w- c:\docume~1\aco\applic~1\ACD Systems
2010-03-31 20:02:54 0 d-----w- c:\docume~1\alluse~1\applic~1\ACD Systems
2010-03-31 20:02:43 0 d-----w- c:\program files\common files\ACD Systems
2010-03-31 20:02:43 0 d-----w- c:\program files\ACD Systems
2010-03-31 19:57:23 0 d-----w- c:\program files\aMSN
2010-03-31 19:55:45 165376 ----a-w- c:\windows\system32\unrar.dll
2010-03-31 19:55:42 38 ----a-w- c:\windows\avisplitter.ini
2010-03-31 19:55:23 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-03-31 19:55:23 414 ----a-w- c:\windows\system32\lame_acm.xml
2010-03-31 19:55:23 151552 ----a-w- c:\windows\system32\ac3acm.acm
2010-03-31 19:55:22 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-03-31 19:55:21 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-31 19:55:21 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-31 19:55:04 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-03-31 19:54:57 0 d-----w- c:\program files\K-Lite Codec Pack
2010-03-31 19:52:20 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-31 19:52:02 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-03-31 19:51:01 0 d-----w- c:\windows\Logs
2010-03-31 19:49:36 0 d-----w- c:\program files\Winamp Detect
2010-03-31 19:42:32 0 d-----w- c:\program files\VS Revo Group
2010-03-31 19:29:05 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-03-31 19:17:45 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-31 19:16:08 0 d-----w- c:\windows\SHELLNEW
2010-03-31 18:55:18 0 d-----w- c:\program files\MSXML 4.0
2010-03-31 18:51:29 0 d-----w- c:\windows\ie8updates
2010-03-31 18:50:10 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-31 18:50:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-31 18:50:06 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-31 18:50:04 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-31 18:49:59 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-31 18:47:57 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-31 18:30:55 44875 ----a-w- c:\windows\system32\IPrtCnst.dll
2010-03-31 18:30:55 13891 ----a-w- c:\windows\system32\drivers\IdeBusDr.sys
2010-03-31 18:30:55 101431 ----a-w- c:\windows\system32\drivers\IdeChnDr.sys
2010-03-31 18:22:49 1089593 ------w- c:\windows\ntprint.cat
2010-03-31 18:11:39 0 d-----w- c:\program files\HWiNFO32
2010-03-31 17:55:19 0 d-----w- c:\program files\ESET
2010-03-31 17:37:29 0 d-----w- C:\Intel
2010-03-31 17:31:37 0 d-sh--w- c:\documents and settings\aco\PrivacIE
2010-03-31 17:28:27 0 d-sh--w- c:\documents and settings\aco\IETldCache
2010-03-31 04:20:56 0 dc-h--w- c:\windows\ie8
2010-03-31 04:19:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Matrox
2010-03-31 04:18:57 0 d-----w- c:\program files\Matrox Graphics Inc
2010-03-31 04:18:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Matrox Graphics Inc
2010-03-31 04:16:59 962560 ----a-w- c:\windows\system32\g400icd.dll
2010-03-31 04:16:59 87560 ----a-w- c:\windows\system32\mgabg.exe
2010-03-31 04:16:59 350592 ----a-w- c:\windows\system32\drivers\g400dhm.sys
2010-03-31 04:16:59 273920 ----a-w- c:\windows\system32\MtxCIP2.dll
2010-03-31 04:16:59 2399872 ----a-w- c:\windows\system32\g400dhd.dll
2010-03-31 04:16:59 0 d-----w- c:\windows\system32\PDesk
2010-03-31 04:11:19 0 d-----w- c:\windows\system32\XPSViewer
2010-03-31 04:10:34 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-03-31 04:10:34 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-03-31 04:10:34 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-03-31 04:10:34 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-03-31 04:10:34 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-03-31 04:10:34 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-03-31 04:10:34 117760 ------w- c:\windows\system32\prntvpt.dll
2010-03-30 23:54:02 0 d-----w- c:\program files\Windows Media Connect 2
2010-03-30 23:19:35 0 d-----w- c:\program files\common files\ODBC
2010-03-30 23:19:31 0 d-----w- c:\program files\common files\SpeechEngines
2010-03-30 23:18:56 0 d-----r- c:\documents and settings\all users\Documents
2010-03-30 22:05:41 0 d-sh--w- c:\documents and settings\all users\DRM
2010-03-30 22:05:04 0 d--h--w- c:\program files\WindowsUpdate
2010-03-30 22:04:09 0 d-----w- c:\program files\common files\MSSoap
2010-03-30 22:01:49 0 d-----w- c:\program files\Online Services
2010-03-30 22:01:39 0 d-----w- c:\program files\Messenger
2010-03-30 22:01:35 0 d-----w- c:\program files\MSN Gaming Zone
2010-03-30 22:00:49 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2010-03-30 22:02:20 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-30 15:21:01 31848 ----a-w- c:\windows\system32\drivers\rrnetcap.sys
2010-02-26 05:43:54 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-04 08:01:14 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 08:01:14 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 08:01:14 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 08:01:14 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll

============= FINISH: 18:20:26.20 ===============



[Link mogu videti samo ulogovani korisnici]


[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

[Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...




Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo ga ..

ComboFix 10-04-01.02 - aco 04/02/2010 22:36:59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.639.269 [GMT 2:00]
Running from: c:\documents and settings\aco\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\aco\Application Data\020000007a4423e5869C.manifest
c:\documents and settings\aco\Application Data\020000007a4423e5869O.manifest
c:\documents and settings\aco\Application Data\020000007a4423e5869P.manifest
c:\documents and settings\aco\Application Data\020000007a4423e5869S.manifest
c:\documents and settings\aco\Application Data\Mozilla\Firefox\Profiles\5cdrc3z5.default\extensions\{5ff00e51-d5b9-4f90-9393-a3b4f029cba6}
c:\documents and settings\aco\Application Data\Mozilla\Firefox\Profiles\5cdrc3z5.default\extensions\{5ff00e51-d5b9-4f90-9393-a3b4f029cba6}\chrome.manifest
c:\documents and settings\aco\Application Data\Mozilla\Firefox\Profiles\5cdrc3z5.default\extensions\{5ff00e51-d5b9-4f90-9393-a3b4f029cba6}\chrome\xulcache.jar
c:\documents and settings\aco\Application Data\Mozilla\Firefox\Profiles\5cdrc3z5.default\extensions\{5ff00e51-d5b9-4f90-9393-a3b4f029cba6}\defaults\preferences\xulcache.js
c:\documents and settings\aco\Application Data\Mozilla\Firefox\Profiles\5cdrc3z5.default\extensions\{5ff00e51-d5b9-4f90-9393-a3b4f029cba6}\install.rdf
c:\documents and settings\All Users\Application Data\hpe97B.dll
c:\windows\AppPatch\AcAdProc.dll
c:\windows\system32\msssc.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
.

2010-04-02 20:06 . 2010-04-02 20:06 -------- d-----w- c:\program files\Speaking Clock
2010-04-02 19:39 . 2010-04-02 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-04-02 19:39 . 2010-04-02 19:39 -------- d-----w- c:\documents and settings\aco\Local Settings\Application Data\Sony Ericsson
2010-04-02 19:35 . 2010-04-02 19:35 -------- d-----w- c:\program files\Sony Ericsson
2010-04-02 19:35 . 2010-04-02 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2010-04-02 19:24 . 2008-04-13 22:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-04-02 19:24 . 2008-04-13 22:15 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-04-02 19:24 . 2008-04-13 22:15 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-04-02 15:30 . 2010-04-02 15:30 -------- d-----w- c:\windows\Sun
2010-04-02 11:42 . 2010-04-02 11:42 -------- d-----w- c:\documents and settings\aco\DoctorWeb
2010-04-02 11:32 . 2010-04-02 11:32 -------- d-----w- c:\program files\GetRadio
2010-04-02 09:24 . 2008-04-14 12:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-04-02 09:24 . 2010-04-02 09:26 768 ----a-w- c:\windows\system32\d3d8caps.dat
2010-04-02 09:10 . 2010-04-02 09:10 -------- d-----w- c:\documents and settings\aco\Local Settings\Application Data\ESET
2010-04-02 09:05 . 2010-04-02 11:13 -------- d-----w- c:\documents and settings\aco\Application Data\FrostWire
2010-04-02 08:42 . 2010-04-02 08:42 -------- d-----w- c:\documents and settings\aco\Application Data\Malwarebytes
2010-04-02 08:42 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-02 08:42 . 2010-04-02 08:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-02 08:42 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-02 08:42 . 2010-04-02 08:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 07:40 . 2003-10-03 14:28 45056 ----a-w- c:\windows\system32\vusetup.dll
2010-04-02 07:40 . 2005-06-06 15:51 11264 ----a-w- c:\windows\system32\drivers\vulfntr.sys
2010-04-02 07:40 . 2005-01-05 16:02 6912 ----a-w- c:\windows\system32\drivers\vulfnth.sys
2010-04-02 07:40 . 1998-10-29 14:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-04-02 06:52 . 2001-05-16 15:54 309616 ----a-w- c:\windows\system32\wmv8dmod.dll
2010-04-02 06:52 . 2001-05-11 11:18 420240 ----a-w- c:\windows\system32\mpg4c32.dll
2010-04-02 06:50 . 2010-04-02 06:50 -------- d-----w- c:\documents and settings\aco\Application Data\MAGIX
2010-04-02 06:48 . 2010-04-02 06:48 -------- d-----w- c:\program files\Common Files\MAGIX Services
2010-04-01 23:21 . 2010-04-01 23:21 -------- d-----w- c:\documents and settings\aco\Local Settings\Application Data\Bassic_Technologies
2010-04-01 23:21 . 2010-04-01 23:21 -------- d-----w- c:\documents and settings\aco\Application Data\Bassic Technologies
2010-04-01 23:17 . 2010-04-02 11:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Bassic Technologies
2010-04-01 22:23 . 2010-04-01 22:23 -------- d-----w- c:\program files\PixiePack Codec Pack
2010-04-01 22:19 . 2010-04-01 23:08 -------- d-----w- c:\program files\RapidSolution
2010-04-01 22:17 . 2010-04-01 22:17 -------- d-----w- c:\documents and settings\aco\Local Settings\Application Data\RapidSolution
2010-04-01 21:49 . 2010-04-01 22:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-01 21:41 . 2010-04-01 21:42 -------- d-----w- c:\documents and settings\aco\amsn
2010-04-01 19:23 . 2010-04-01 19:24 -------- d-----w- c:\documents and settings\aco\Application Data\Media Player Classic
2010-04-01 17:34 . 2010-04-01 17:42 -------- d-----w- c:\program files\JDownloader
2010-04-01 17:32 . 2008-03-05 14:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-03-31 21:38 . 2002-03-22 14:14 95936 ----a-w- c:\windows\system32\drivers\aeaudio.sys
2010-03-31 21:37 . 2010-03-31 21:37 -------- d-----w- c:\program files\Analog Devices
2010-03-31 21:37 . 2002-04-17 15:43 45056 ----a-w- c:\windows\system32\DSndUp.exe
2010-03-31 21:37 . 2002-04-17 13:05 45056 ----a-w- c:\windows\system32\CleanUp.exe
2010-03-31 21:37 . 2010-03-31 21:37 -------- d-----w- C:\Ibmtools
2010-03-31 21:35 . 2010-02-25 09:56 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-03-31 21:18 . 2010-03-31 21:18 -------- d-----w- c:\program files\Lavalys
2010-03-31 20:53 . 2010-02-25 10:03 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-03-31 20:53 . 2010-03-31 20:53 -------- d-----w- c:\documents and settings\aco\Application Data\TuneUp Software
2010-03-31 20:52 . 2010-03-31 21:35 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-03-31 20:52 . 2010-03-31 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-03-31 20:52 . 2010-03-31 20:52 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-03-31 20:51 . 2010-04-02 20:01 -------- d-----w- c:\documents and settings\aco\Local Settings\Application Data\Adobe
2010-03-31 20:34 . 2010-03-31 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Ashampoo
2010-03-31 20:15 . 2010-03-31 20:15 503808 ----a-w- c:\documents and settings\aco\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-615efe1d-n\msvcp71.dll
2010-03-31 20:15 . 2010-03-31 20:15 499712 ----a-w- c:\documents and settings\aco\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-615efe1d-n\jmc.dll
2010-03-31 20:15 . 2010-03-31 20:15 348160 ----a-w- c:\documents and settings\aco\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-615efe1d-n\msvcr71.dll
2010-03-31 20:15 . 2010-03-31 20:15 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 20:15 . 2010-03-31 20:15 61440 ----a-w- c:\documents and settings\aco\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a82fc37-n\decora-sse.dll
2010-03-31 20:15 . 2010-03-31 20:15 12800 ----a-w- c:\documents and settings\aco\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-2a82fc37-n\decora-d3d.dll
2010-03-31 20:15 . 2010-03-31 20:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-31 20:14 . 2010-03-31 20:14 -------- d-----w- c:\program files\Java
2010-03-31 20:10 . 2010-03-31 20:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-31 20:09 . 2010-04-02 20:22 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-31 20:04 . 2010-03-31 20:04 -------- d-----w- c:\program files\Google
2010-03-31 20:03 . 2010-03-31 20:03 -------- d-----w- c:\documents and settings\aco\Local Settings\Application Data\ACD Systems
2010-03-31 20:03 . 2010-03-31 20:03 -------- d-----w- c:\documents and settings\aco\Application Data\ACD Systems
2010-03-31 20:02 . 2010-03-31 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\ACD Systems
2010-03-31 20:02 . 2010-03-31 20:03 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-03-31 20:02 . 2010-03-31 20:02 -------- d-----w- c:\program files\ACD Systems
2010-03-31 20:01 . 2010-03-31 20:01 -------- d-----w- c:\documents and settings\aco\Local Settings\Application Data\Downloaded Installations
2010-03-31 19:57 . 2010-03-31 19:58 -------- d-----w- c:\program files\aMSN
2010-03-31 19:57 . 2010-03-31 19:57 -------- d-----w- c:\program files\7-Zip
2010-03-31 19:55 . 2010-02-10 17:13 165376 ----a-w- c:\windows\system32\unrar.dll
2010-03-31 19:55 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-03-31 19:55 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-03-31 19:55 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-03-31 19:54 . 2010-03-31 19:56 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-03-31 19:52 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-03-31 19:52 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-03-31 19:51 . 2010-03-31 19:51 -------- d-----w- c:\windows\Logs
2010-03-31 19:42 . 2010-03-31 19:42 -------- d-----w- c:\program files\VS Revo Group
2010-03-31 19:29 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-03-31 19:29 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-03-31 19:25 . 2010-03-31 19:25 -------- d-----w- c:\program files\Microsoft Works
2010-03-31 19:22 . 2010-03-31 19:22 -------- d-----w- c:\program files\Microsoft.NET
2010-03-31 19:17 . 2010-03-31 19:17 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-03-31 19:16 . 2010-03-31 19:24 -------- d-----w- c:\windows\SHELLNEW
2010-03-31 19:15 . 2010-03-31 19:15 -------- d-----w- c:\documents and settings\aco\Local Settings\Application Data\Microsoft Help
2010-03-31 19:15 . 2010-03-31 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-31 19:14 . 2010-03-31 19:14 -------- d-----r- C:\MSOCache
2010-03-31 18:55 . 2010-03-31 18:55 -------- d-----w- c:\program files\MSXML 4.0
2010-03-31 18:51 . 2010-03-31 18:56 -------- d-----w- c:\windows\ie8updates
2010-03-31 18:50 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-03-31 18:50 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-03-31 18:50 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-03-31 18:50 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-03-31 18:49 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-03-31 18:47 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-03-31 18:30 . 2002-10-14 22:00 44875 ----a-w- c:\windows\system32\IPrtCnst.dll
2010-03-31 18:30 . 2002-10-14 22:00 13891 ----a-w- c:\windows\system32\drivers\IdeBusDr.sys
2010-03-31 18:30 . 2002-10-14 22:00 101431 ----a-w- c:\windows\system32\drivers\IdeChnDr.sys
2010-03-31 18:30 . 2010-04-02 19:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 18:30 . 2010-03-31 18:31 -------- d-----w- c:\program files\Intel
2010-03-31 18:30 . 2010-03-31 18:30 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-31 18:14 . 2010-03-31 18:14 0 ----a-w- c:\windows\nsreg.dat
2010-03-31 18:14 . 2010-03-31 18:14 -------- d-----w- c:\documents and settings\aco\Local Settings\Application Data\Mozilla
2010-03-31 18:11 . 2010-03-31 18:12 -------- d-----w- c:\program files\HWiNFO32
2010-03-31 17:55 . 2010-04-02 08:34 -------- d-----w- c:\program files\ESET
2010-03-31 17:55 . 2010-04-02 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2010-03-31 17:37 . 2010-03-31 17:37 -------- d-----w- C:\Intel
2010-03-31 17:31 . 2010-03-31 17:31 -------- d-sh--w- c:\documents and settings\aco\PrivacIE
2010-03-31 17:28 . 2010-03-31 17:28 -------- d-sh--w- c:\documents and settings\aco\IETldCache
2010-03-31 04:20 . 2010-03-31 04:22 -------- dc-h--w- c:\windows\ie8
2010-03-31 04:19 . 2010-03-31 04:19 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Matrox
2010-03-31 04:19 . 2010-03-31 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Matrox
2010-03-31 04:18 . 2010-03-31 04:18 -------- d-----w- c:\program files\Matrox Graphics Inc
2010-03-31 04:18 . 2010-03-31 04:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Matrox Graphics Inc
2010-03-31 04:17 . 2010-03-31 17:28 -------- d-----w- c:\documents and settings\aco\Local Settings\Application Data\Matrox
2010-03-31 04:16 . 2010-03-31 04:16 -------- d-----w- c:\windows\system32\PDesk
2010-03-31 04:16 . 2009-02-06 12:00 273920 ----a-w- c:\windows\system32\MtxCIP2.dll
2010-03-31 04:16 . 2009-02-06 11:19 350592 ----a-w- c:\windows\system32\drivers\g400dhm.sys
2010-03-31 04:16 . 2009-02-06 11:19 2399872 ----a-w- c:\windows\system32\g400dhd.dll
2010-03-31 04:16 . 2007-04-04 06:48 87560 ----a-w- c:\windows\system32\mgabg.exe
2010-03-31 04:16 . 2004-08-31 10:59 962560 ----a-w- c:\windows\system32\g400icd.dll
2010-03-31 04:11 . 2010-03-31 04:11 -------- d-----w- c:\windows\system32\XPSViewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 08:12 . 2010-04-02 06:49 -------- d-----w- c:\program files\MAGIX
2010-04-02 08:11 . 2010-04-02 06:49 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2010-04-02 07:55 . 2008-11-10 10:09 12886003 ----a-w- c:\documents and settings\All Users\Application Data\MAGIX\PC_Check_Tuning_2010\download\VIAUSB2V270-L-M.exe
2010-04-02 07:53 . 2009-01-29 11:28 1564436 ----a-w- c:\documents and settings\All Users\Application Data\MAGIX\PC_Check_Tuning_2010\download\infinst_enu.exe
2010-03-31 22:17 . 2010-03-30 22:06 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-31 21:15 . 2010-03-30 22:53 68456 ----a-w- c:\documents and settings\aco\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-31 19:54 . 2010-03-31 19:49 -------- d-----w- c:\documents and settings\aco\Application Data\Winamp
2010-03-31 19:52 . 2010-03-31 19:49 -------- d-----w- c:\program files\Winamp
2010-03-31 19:49 . 2010-03-31 19:49 -------- d-----w- c:\program files\Winamp Detect
2010-03-30 23:54 . 2010-03-30 23:54 -------- d-----w- c:\program files\Windows Media Connect 2
2010-03-30 22:08 . 2010-03-30 22:08 -------- d-----w- c:\program files\microsoft frontpage
2010-03-30 22:02 . 2010-03-30 22:02 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-30 15:21 . 2010-03-30 15:21 31848 ----a-w- c:\windows\system32\drivers\rrnetcap.sys
2010-02-26 05:43 . 2010-02-26 05:43 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-25 06:24 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-04 08:01 . 2010-04-01 17:33 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-02-04 08:01 . 2010-04-01 17:33 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-02-04 08:01 . 2010-04-01 17:33 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-02-04 08:01 . 2010-04-01 17:33 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gmail Notifier"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Matrox PowerDesk SE"="c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\aMSN\\bin\\wish.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [7/1/2008 9:04 35168]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [3/31/2010 20:12 19320]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [10/7/2009 9:16 472280]
R2 Matrox Centering Service;Matrox Centering Service;c:\program files\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe [2/6/2009 14:09 1263872]
R2 Matrox.Pdesk.ServicesHost;Matrox.Pdesk.ServicesHost;c:\program files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe [2/6/2009 14:08 344832]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [4/2/2010 21:36 90112]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2/25/2010 11:59 1047880]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10/14/2009 7:24 10064]
S3 RGService;RGService;c:\program files\GetRadio\RGService.exe [4/2/2010 13:32 335872]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [4/2/2010 21:37 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [4/2/2010 21:37 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [4/2/2010 21:37 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [4/2/2010 21:37 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [4/2/2010 21:37 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [4/2/2010 21:37 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [4/2/2010 21:37 115752]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\aco\Application Data\Mozilla\Firefox\Profiles\5cdrc3z5.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2010-04-02 22:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,c8,d3,76,d0,dd,73,40,a5,db,10,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ff,c8,d3,76,d0,dd,73,40,a5,db,10,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3848-)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\mgabg.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
.
**************************************************************************
.
Completion time: 2010-04-02 22:47:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-02 20:47

Pre-Run: 33,650,585,600 bytes free
Post-Run: 33,661,288,448 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 9F075BD0BA286FEC98227A2BA80D60BC

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Stanje bolje?



Uploaduj sledeće file-ove:

c:\qoobox\quarantine\C\documents and settings\All Users\Application Data\hpe97B.dll.vir
c:\qoobox\quarantine\C\windows\AppPatch\AcAdProc.dll.vir


Upload link: [Link mogu videti samo ulogovani korisnici]

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Stanje je odlicno ,uploadovani su fajlovi..

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:


DeQuarantine::
c:\qoobox\quarantine\C\documents and settings\All Users\Application Data\hpe97B.dll.vir
c:\qoobox\quarantine\C\windows\AppPatch\AcAdProc.dll.vir
Quit::



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo sta je uradio,s obzirom da mi je pri pocetku skeniranja ponudio da nadogradim novu verziju combofix-a. Pa neznam da li je logo ok..

c:\qoobox\quarantine\C\documents and settings\All Users\Application Data\hpe97B.dll.vir -> C:\documents and settings\All Users\Application Data\hpe97B.dll ( 148736 bytes )
c:\qoobox\quarantine\C\windows\AppPatch\AcAdProc.dll.vir -> C:\windows\AppPatch\AcAdProc.dll ( 39424 bytes )

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok. Ako je i dalje sve u redu...


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.



To bi bilo sve...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sve radi super ..Hvala ti