preusmeravanje sajta

2

preusmeravanje sajta

offline
  • Pridružio: 06 Jun 2005
  • Poruke: 43

OK poslao sam fajl. Evo ga log:


ComboFix 10-07-22.01 - Milan 24.07.2010 0:07.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.381.1033.18.1023.655 [GMT 2:00]
Running from: c:\documents and settings\Milan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Milan\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\BCBSMP35.BPL

.
((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.

2010-07-22 22:29 . 2004-06-24 09:00 6656 ----a-w- c:\windows\system32\drivers\AsProbe.sys
2010-07-20 21:55 . 2010-07-20 21:55 57344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-20 21:54 . 2010-07-20 21:47 1062184 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\Resource.dll
2010-07-20 21:54 . 2010-07-20 21:46 895256 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Setup\DivXSetup.exe
2010-07-20 21:54 . 2010-01-16 13:16 529200 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DivX7\DivX Plus DirectShow Filters\DivXDSFiltersUninstall.exe
2010-07-20 21:54 . 2010-07-20 21:54 56765 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-20 21:54 . 2010-07-20 21:54 56997 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-07-20 21:54 . 2010-07-20 21:54 53600 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Update\Uninstaller.exe
2010-07-09 21:57 . 2010-07-20 21:55 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX
2010-07-06 22:40 . 2010-07-06 22:40 -------- d-----w- c:\program files\Winamp Detect
2010-07-04 18:33 . 2010-07-04 18:54 -------- d-----w- c:\program files\EASEUS
2010-07-03 10:40 . 2010-07-03 10:50 -------- d-----w- c:\program files\Stereo Tool
2010-06-29 20:57 . 2010-07-18 11:27 -------- d-----w- c:\documents and settings\Milan\Application Data\vlc

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-22 22:28 . 2006-05-17 05:20 -------- d-----w- c:\program files\ASUS
2010-07-20 21:54 . 2006-06-20 17:46 -------- d-----w- c:\program files\DivX
2010-07-20 21:54 . 2010-01-16 13:15 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-20 21:54 . 2010-07-20 21:54 57054 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-20 21:54 . 2010-07-20 21:54 54166 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-20 21:54 . 2010-07-20 21:54 57532 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-07-20 21:54 . 2010-07-20 21:54 56458 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-20 21:54 . 2010-07-20 21:54 54174 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-07-20 21:54 . 2010-07-20 21:54 57409 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-07-20 21:54 . 2010-07-09 22:06 52963 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-20 21:50 . 2010-07-20 21:50 54073 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-07-20 21:50 . 2010-07-20 21:50 56969 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-07-18 22:23 . 2010-07-18 22:23 -------- d-----w- c:\program files\JLC's Software
2010-07-18 11:50 . 2006-06-24 19:16 -------- d-----w- c:\documents and settings\Milan\Application Data\Vso
2010-07-17 08:21 . 2007-04-25 20:28 -------- d---a-w- c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-07-13 19:54 . 2009-02-19 20:48 -------- d-----w- c:\program files\BitComet
2010-07-12 09:54 . 2009-06-16 21:57 -------- d-----w- c:\documents and settings\Milan\Application Data\foobar2000
2010-07-12 09:53 . 2009-06-16 21:57 -------- d-----w- c:\program files\foobar2000
2010-07-06 22:44 . 2009-04-25 11:34 -------- d-----w- c:\documents and settings\Milan\Application Data\Winamp
2010-07-06 22:40 . 2009-04-25 11:34 -------- d-----w- c:\program files\Winamp
2010-07-02 14:42 . 2010-03-08 19:45 439816 ----a-w- c:\documents and settings\Milan\Application Data\Real\Update\setup3.10\setup.exe
2010-06-14 14:31 . 2006-05-16 23:30 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 21:58 . 2007-05-19 12:18 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2010-06-05 10:37 . 2009-11-13 22:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-03 16:17 . 2010-06-03 16:17 -------- d-----w- c:\program files\7-Zip
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2008-10-08 07:20 . 2008-10-08 07:05 1004 --sha-w- c:\windows\system32\sys_drv.dat
.

((((((((((((((((((((((((((((( SnapShot@2010-07-22_22.07.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-23 22:05 . 2010-07-23 22:05 16384 c:\windows\Temp\Perflib_Perfdata_13c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Milan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-24 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ASUS Probe"="c:\program files\ASUS\Asus Probe\AsusProb.exe" [2002-12-06 617984]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-05-27 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-08 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-5-30 25214]
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UVS11 Preload"=c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
"WinFast Schedule"=c:\program files\WinFast\W\WFTVFM\WFWIZ.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"36730:TCP"= 36730:TCP:LimeWire
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"27465:TCP"= 27465:TCP:BitComet 27465 TCP
"27465:UDP"= 27465:UDP:BitComet 27465 UDP

R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [18.10.2009 19:04 10368]
R1 cdrport;cdrport;c:\windows\system32\drivers\cdrport.sys [18.10.2009 19:04 4608]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [19.3.2009 11:44 107256]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 15:00 15872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [19.3.2009 11:44 731840]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [18.5.2006 0:44 208851]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [18.5.2006 0:45 10324]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [18.5.2006 0:45 34789]
S3 ES-620;Edisonsoft ES-620 USB Infrared Adapter;c:\windows\system32\drivers\ES-620.sys [19.11.2006 13:32 29076]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [17.2.2007 16:02 4134]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.8.2007 18:37 716272]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-706699826-725345543-1004Core.job
- c:\documents and settings\Milan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-24 10:57]

2010-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-706699826-725345543-1004UA.job
- c:\documents and settings\Milan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-24 10:57]

2010-07-23 c:\windows\Tasks\User_Feed_Synchronization-{0F74B6A0-C147-484F-AC65-154D50D2AD0F}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download Link Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_file.htm
IE: Download List Of Files Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_list.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Load WebShots 1999x1333 - c:\documents and settings\Milan\Desktop\Webshots Premium Wallpaper Downloader\WebShotsLoader.htm
IE: Subscribe To RSS/Podcast Using DownloadStudio... - c:\program files\Conceiva\DownloadStudio\ds_rss.htm
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\Funnsystems YuMp3Com-User-Authorization\YuMp3ComLogin.exe
Trusted Zone: bancaintesabeograd.com\online
DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://93.87.16.18/activex/AMC.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-07-24 00:17
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwQuerySystemInformation

scanning hidden processes ...

c:\program files\iolo\Common\Lib\ioloDMVSvc.exe [304] 0x86F40B28

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-706699826-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="CA848B12AA95CCB986D6B1A
922E7C3B762BC11C738DA38AA691A7F72CD73260BEC45036D19042943
754721C8FB3372C8FB210301A30E15C2FAABE12C82A89A3EC5FBCB3712
50EFF33660AF3765D118A3AC6D41C612C53A76D5952972607AF7F551D40
23B536013149268AE217B0F6C40271FF3C41B59C50F3C2E70131BE8DE6E
FE9FD687507C5B7048C781760D9FFB1C98D7536D8C02A85A65F066A19D
58C5E5B3508D70ADD161D6070DA4EA1F1726B79D5E2F74665F2629FA7B
CF73838E771E45FEFE8DC76F959CF366227767EE1E17C81C69D45CF2595
39D1283A12038905E836797382DCA3A18292B9D58FEBC9E127BECC74CF
EBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127
BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667A6171C11EC38DE3DA
9C6AECB7A5D1407A6171C11EC38DE3D7672614DFD6E311B3834D078BC
6276469E3E1725B5EFEA8B0DBE9CB770034159AAE853BF6D65AF60E8606
2099AF1C2A0D6C19C2B09627A8BC334C433FE2A3F2F39872ED7CFDC1F7
7396C9EC209AF5EF6D5B30A65737C5ACE96A11BDD596237142B508773A
8EA6353EE24BF14D949E29EC047E073B0A3F7AAA646822A49E90CFCBDA
CC8F46F4473AC85B7D4715110FDAFEF97747AF4DFD637C6C5358E8E243
5A4E1E6B0C41248DCFDA9BBBFD228F7EF84EB9FEC24E4E18BD301A53E0
35B183D883FAFCFCB6E74C08541A838B28B1A0E4077C3459C1CF9429F1
1CE0186D670446B2D180DF8DAEDD0C65FDA49909D34C3C405C64D142
79EB701E892AF1A1CFBFD533B19A1BF1DFBD78A501351F172268B3B3A54
29BF88E83F212B21D542BAADB00B298D1B96728AB15992F4025D1475F60
F75785057B5973EEB31904D0B359C381FEC365B770BA94D05D78AE4DD7
DCBAD7144258F19990C2F14085DC78082050364303418E08A0DAF9E873
ED18421746655EB2F85C412CC218DEFE44B358EC216EDD08FDBD7080D
71FDBBE17963E4E06FF36250A51FF103B5125C692FBD37DA8697DFB583D
E9225BEBEC2A8DD939F272A48D3263A6F7D7C249E7611A133CF7401002
374C10526F5D7BFA02CD5B020FE8C931FB1DB846F2D35741CE7223620D
94487947E1B56B94210A30AE88BD827441F5AD858FBAEF528C798DBD90
66662F82456DF6C6BE43472D0D269BCFEB1687AFD6348E35E4133294E54
FBBAF468C56687D569B9DDC9719397F65F6F02E08EC4DC3CE7821A163D
0DCE35F2406EE7EDD769B34445F51E4253F080BB283C93B5EBFE33E8C31
B0A1DD6640C6F864011F029D961BB5189806A8705210872A8786FDDBE5
E2E9EA27BD2AABBED518911175A57FB964C87401421A70A51FBBF1544C
02B08944E6BC252CED41933ABADD8ADA808074D28721B7F92CD4C4C8
7E3A32D22885E721668E2F47741D07AC8B76510CF8045433402E9EC"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(952)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-07-24 00:20:17
ComboFix-quarantined-files.txt 2010-07-23 22:20
ComboFix2.txt 2010-07-22 22:13

Pre-Run: 12.469.055.488 bytes free
Post-Run: 12.443.684.864 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=,1,2,3
- - End Of File - - EADD82B0EBDC442795AE9262A53E0449

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Hajde da lagano zavrsimo slucaj Wink

Otvoriti Notepad i iskopirati sledeci tekst:

DeQuarantine::
C:\Qoobox\Quarantine\C\WINDOWS\system\BCBSMP35.BPL.vir
C:\Qoobox\Quarantine\C\WINDOWS\daemon.dll.vir
Quit::


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 06 Jun 2005
  • Poruke: 43

Evo sta je prikazao:


C:\Qoobox\Quarantine\C\WINDOWS\daemon.dll.vir -> C:\WINDOWS\daemon.dll ( 69120 bytes )
C:\Qoobox\Quarantine\C\WINDOWS\daemon.dll.vir -> C:\WINDOWS\daemon.dll ( 69120 bytes )
C:\Qoobox\Quarantine\C\WINDOWS\system\BCBSMP35.BPL.vir -> C:\WINDOWS\system\BCBSMP35.BPL ( 187392 bytes )
C:\Qoobox\Quarantine\C\WINDOWS\system\BCBSMP35.BPL.vir -> C:\WINDOWS\system\BCBSMP35.BPL ( 187392 bytes )

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Ok. Reci mi kakvo je sad stanje?

offline
  • Pridružio: 06 Jun 2005
  • Poruke: 43

I dalje me preusmeravana neki drugi sajt, a provereno znam da ovaj za pretragu titlova radi.

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Napisano: 26 Jul 2010 22:37

Hajde postavi svez DDS log

Dopuna: 26 Jul 2010 23:04

Jos nesto...poslaji mi adresu tog sajta na koji te preusmerava.
Link mi posalji na Privatnu Poruku

offline
  • Pridružio: 06 Jun 2005
  • Poruke: 43

dds:



DDS (Ver_10-03-17.01) - NTFSx86
Run by Milan at 15:05:05,76 on uto 27.07.2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1250.381.1033.18.1023.598 [GMT 2:00]

AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\DllHost.exe
C:\Documents and Settings\Milan\Desktop\dds.pif
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {CB789373-04D5-4EF4-9C16-871463FD0830} - No File
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
uRun: [Google Update] "c:\documents and settings\milan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [QuickTime Task] "c:\program files\quicktime alternative\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Convert link target to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download Link Using DownloadStudio... - c:\program files\conceiva\downloadstudio\ds_file.htm
IE: Download List Of Files Using DownloadStudio... - c:\program files\conceiva\downloadstudio\ds_list.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Load WebShots 1999x1333 - c:\documents and settings\milan\desktop\webshots premium wallpaper downloader\WebShotsLoader.htm
IE: Subscribe To RSS/Podcast Using DownloadStudio... - c:\program files\conceiva\downloadstudio\ds_rss.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\funnsystems yump3com-user-authorization\YuMp3ComLogin.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: bancaintesabeograd.com\online
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://93.87.16.18/activex/AMC.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [2009-10-18 10368]
R1 cdrport;cdrport;c:\windows\system32\drivers\cdrport.sys [2009-10-18 4608]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-3-19 107256]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [2006-1-13 15872]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-3-19 731840]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [2006-5-18 208851]
S2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [2006-5-18 10324]
S2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [2006-5-18 34789]
S3 ES-620;Edisonsoft ES-620 USB Infrared Adapter;c:\windows\system32\drivers\ES-620.sys [2006-11-19 29076]
S3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [2007-2-17 4134]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
.scr=AutoCADScriptFile

=============== Created Last 30 ================

2010-07-26 18:22:27 187392 ----a-w- c:\windows\system\BCBSMP35.BPL
2010-07-26 18:22:26 69120 ----a-w- c:\windows\daemon.dll
2010-07-26 18:18:48 0 d-s---w- C:\ComboFix
2010-07-22 22:29:10 6656 ----a-w- c:\windows\system32\drivers\AsProbe.sys
2010-07-22 21:52:53 0 d-sha-r- C:\cmdcons
2010-07-22 21:36:02 77312 ----a-w- c:\windows\MBR.exe
2010-07-22 21:36:02 256512 ----a-w- c:\windows\PEV.exe
2010-07-22 21:36:02 161792 ----a-w- c:\windows\SWREG.exe
2010-07-22 21:36:01 98816 ----a-w- c:\windows\sed.exe
2010-07-19 22:21:52 0 d-----w- C:\_OTM
2010-07-18 22:23:24 0 d-----w- c:\program files\JLC's Software
2010-07-13 18:23:25 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 21:57:45 0 d-----w- c:\docume~1\alluse~1.win\applic~1\DivX
2010-07-06 22:40:33 0 d-----w- c:\program files\Winamp Detect
2010-07-04 18:33:06 0 d-----w- c:\program files\EASEUS
2010-07-03 10:40:53 0 d-----w- c:\program files\Stereo Tool

==================== Find3M ====================

2010-06-15 07:23:50 4653 ----a-w- c:\windows\fonts\#aaifnt.ttf
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2008-10-08 07:20:46 1004 --sha-w- c:\windows\system32\sys_drv.dat
2009-11-04 12:55:24 16384 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2009-08-04 19:30:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009080420090805\index.dat

============= FINISH: 15:05:56,28 ===============

mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6103

Ok ...'vako ...

Logovi su sad cisti i nema tragova malware-a.
Problem koji ti imas nije prozurokovan malware-om.

Odradi jos sledece:

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

offline
  • Pridružio: 06 Jun 2005
  • Poruke: 43

Hvala na trudu.

Ko je trenutno na forumu
 

Ukupno su 1106 korisnika na forumu :: 37 registrovanih, 6 sakrivenih i 1063 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ajo baba, Asparagus, Atomski čoban, babaroga, Brana01, CikaKURE, Dimitrise93, DonRumataEstorski, Dorcolac, DPera, FOX, hooraay, HrcAk47, ivan1973, jackreacher011011, Još malo pa deda, Karla, ladro, Lazarus, LUDI, milenko crazy north, milos.cbr, moldway, naki011, nebidrag, nemkea71, nenad81, NoOneEver Dreams, Romibrat, sasa87, Sirius, stegonosa, vathra, W123, zlaya011, |_MeD_|