MyCity » Ambulanta -> Arhiva Ambulante » Opasna infekcija

Opasna infekcija

Napisano na dan: 26.8.2010

Strana:
1
2

Opasna infekcija

Sledeća strana

Pagination

Odgovori

Strana:
1
2

paskale Poslao: 26 Avg 2010 21:09 Idi na vrh
offline paskale Građanin Pridružio: 25 Nov 2007 Poruke: 296	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Nevjerovatno da mi nije htjelo downloadovati msn update pa neke stranice poput malwarebytes.com i avast.com nije htjelo bas niakko otvorit nego je pisalo ono kao kad nema konekcije pa sam odma posumljao da su virusi u pitanju. Downloadowao sam malwarebytes s neke druge stranice i updateovao ga i pronasao 17 virusa, net mi bolje radi jer su neki uklonjeni a neki ne pa ne vidim drugo rjesenje kako ove uklonit. DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 20:31:41.14 on Tue 01/26/2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.606 [GMT -8:00] DDS AV: avast! antivirus 4.7.1098 [VPS 080214-0] On-access scanning enabled (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup D:\Documents and Settings\User\My Documents\Downloads\wlsetup-web.exe C:\Program Files\Mozilla Firefox\plugin-container.exe D:\Documents and Settings\User\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== mWinlogon: SfcDisable=-99 (0xffffff9d) uWinlogon: Shell=4578706c6f7265722e657865 uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\rocketdock\RocketDock.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\ha1ryb16.default\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-26 140664] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-26 247160] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-26 345464] S2 egrlkrha;Network Time;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336] =============== Created Last 30 ================ 2010-01-27 04:23:19 0 d-----w- c:\program files\common files\Windows Live 2010-01-27 04:04:33 0 d-----w- c:\docume~1\user\applic~1\Malwarebytes 2010-01-27 04:04:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-27 04:04:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-27 04:04:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-27 04:04:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-01-27 03:55:29 0 d-----w- c:\windows\pss 2010-01-27 03:48:35 268 ---ha-w- C:\sqmdata05.sqm 2010-01-27 03:48:35 244 ---ha-w- C:\sqmnoopt05.sqm 2010-01-27 03:16:17 268 ---ha-w- C:\sqmdata04.sqm 2010-01-27 03:16:17 244 ---ha-w- C:\sqmnoopt04.sqm 2010-01-26 22:17:43 268 ---ha-w- C:\sqmdata03.sqm 2010-01-26 22:17:43 244 ---ha-w- C:\sqmnoopt03.sqm 2010-01-26 22:09:38 268 ---ha-w- C:\sqmdata02.sqm 2010-01-26 22:09:38 244 ---ha-w- C:\sqmnoopt02.sqm 2010-01-26 22:06:28 268 ---ha-w- C:\sqmdata01.sqm 2010-01-26 22:06:28 244 ---ha-w- C:\sqmnoopt01.sqm 2010-01-26 22:06:10 0 d-----w- c:\program files\MSN Messenger 2010-01-26 21:59:09 0 d-----w- c:\windows\system32\appmgmt 2010-01-26 21:58:48 268 ---ha-w- C:\sqmdata00.sqm 2010-01-26 21:58:48 244 ---ha-w- C:\sqmnoopt00.sqm 2010-01-26 21:27:32 0 dcsh--w- c:\program files\common files\WindowsLiveInstaller 2010-01-26 21:04:42 0 d-----w- c:\documents and settings\user\Contacts 2010-01-26 20:50:59 499712 ----a-w- c:\windows\system32\MSVCP71.dll 2010-01-26 20:50:59 348160 ----a-w- c:\windows\system32\MSVCR71.dll 2010-01-26 20:50:59 1060864 ----a-w- c:\windows\system32\MFC71.dll 2010-01-26 20:37:45 235100 ----a-w- c:\windows\system32\drivers\MidiSyn.sys 2010-01-26 20:37:29 381056 ----a-w- c:\windows\system32\drivers\senfilt.sys 2010-01-26 20:37:26 30208 ----a-w- c:\windows\system32\wdmioctl.dll 2010-01-26 20:37:26 1285632 ----a-w- c:\windows\system32\SMMedia.dll 2010-01-26 20:37:23 765952 ----a-w- c:\windows\system\crlds3d.dll 2010-01-26 20:37:22 65536 ----a-w- c:\windows\system32\Audio3d.dll 2010-01-26 20:37:22 0 d-----w- c:\windows\VirtualEar 2010-01-26 20:37:21 991232 ----a-w- c:\windows\system32\virtear.dll 2010-01-26 20:37:20 49152 ----a-w- c:\windows\system32\DSndUp.exe 2010-01-26 20:37:20 45056 ----a-w- c:\windows\system32\CleanUp.exe 2010-01-26 20:37:20 0 d-----w- c:\program files\Analog Devices 2010-01-26 20:34:27 15360 ---ha-r- c:\windows\system32\drivers\NetMotCM.sys 2010-01-26 20:00:48 586 ----a-w- C:\msndisable.reg 2010-01-26 20:00:28 36864 ----a-w- c:\windows\system32\wbsys.dll 2010-01-26 20:00:28 20480 ----a-w- c:\windows\system32\wbload.dll 2010-01-26 20:00:28 0 ----a-w- c:\windows\WB.ini 2010-01-26 19:56:00 0 d---a-w- c:\program files\Stardock 2010-01-26 19:50:46 0 d-----w- c:\program files\Nero 2010-01-26 19:50:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero 2010-01-26 19:48:19 0 d-----w- c:\docume~1\user\applic~1\uTorrent 2010-01-26 19:45:51 0 d-----w- c:\program files\Alky for Applications 2010-01-26 19:44:35 0 d-sh--w- c:\documents and settings\all users\DRM 2010-01-26 19:44:17 0 d--h--w- c:\program files\WindowsUpdate 2010-01-26 19:43:20 0 d-----w- c:\program files\common files\MSSoap 2010-01-26 19:42:08 0 d-----w- c:\program files\Online Services 2010-01-26 19:42:03 0 d-----w- c:\program files\uTorrent 2010-01-26 19:41:39 0 d-----w- c:\program files\VistaExperience.org 2010-01-26 19:40:48 0 d-----w- c:\program files\Windows Media Connect 2 2010-01-26 19:40:45 0 d-----w- c:\program files\Messenger 2010-01-26 19:40:42 0 d-----w- c:\program files\MSN Gaming Zone 2010-01-26 19:40:00 0 d-----w- c:\program files\Windows NT 2010-01-26 11:35:33 0 d-----w- c:\program files\common files\ODBC 2010-01-26 11:35:30 0 d-----w- c:\program files\common files\SpeechEngines 2010-01-26 11:35:04 0 d-----r- c:\documents and settings\all users\Documents ==================== Find3M ==================== 2010-01-26 19:42:12 21640 ----a-w- c:\windows\system32\emptyregdb.dat ============= FINISH: 20:32:01.78 =============== https://www.mycity.rs/must-login.png

Profil

helen1 Poslao: 26 Avg 2010 21:19 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

paskale Poslao: 27 Avg 2010 08:23 Idi na vrh
offline paskale Građanin Pridružio: 25 Nov 2007 Poruke: 296	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Zaboravio sam i otkaciti gener file evo njega: https://www.mycity.rs/must-login.png a evo od combofixa logo: https://www.mycity.rs/must-login.png ComboFix 10-08-26.02 - User 27.08.2010 8:16.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.714 [GMT 2:00] Running from: d:\documents and settings\User\My Documents\Downloads\ComboFix.exe AV: avast! antivirus 4.7.1098 [VPS 100826-1] On-access scanning disabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2010-07-27 to 2010-08-27 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ------- Sigcheck ------- [-] 2007-10-27 . A11391BE25035570AE4B8970920F2C74 . 360704 . . [5.1.2600.3002] . . c:\windows\system32\drivers\tcpip.sys [-] 2007-10-27 . 24FCD8FB0C6BD0E5F3B1203769948336 . 2346752 . . [5.1.2600.3181] . . c:\windows\system32\ntoskrnl.exe [-] 2007-10-27 . 95E8B55443BD91DAB5632924D2616A1E . 2223616 . . [5.1.2600.3181] . . c:\windows\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-09-26 1232384] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-13 8466432] "nwiz"="nwiz.exe" [2007-07-13 1626112] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-13 81920] "NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-09-26 1232384] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-10-27 124928] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2005-12-21 06:57 176128 ----a-w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3920:TCP"= 3920:TCP::Disabled:espuyc S2 egrlkrha;Network Time;c:\windows\system32\svchost.exe -k netsvcs [3.8.2004 23:00 14336] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs egrlkrha [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] 2007-10-27 07:26 124928 ----a-w- c:\windows\system32\advpack.dll . . ------- Supplementary Scan ------- . FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\ha1ryb16.default\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-27 08:19 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\egrlkrha] "ServiceDll"="c:\windows\system32\cfgnm.dll" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(656) c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - - - - - - - > 'explorer.exe'(1792) c:\windows\system32\SHDOCVW.dll c:\windows\system32\wpdshserviceobj.dll c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . Completion time: 2010-08-27 08:20:43 ComboFix-quarantined-files.txt 2010-08-27 06:20 Pre-Run: 149.122.543.616 bytes free Post-Run: 149.107.781.632 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - D24032EDDAD5702DB76AB9BCB5537C68

Profil

helen1 Poslao: 27 Avg 2010 11:58 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Gde su ostali Gmer logovi?

Profil

paskale Poslao: 27 Avg 2010 14:46 Idi na vrh
offline paskale Građanin Pridružio: 25 Nov 2007 Poruke: 296	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: https://www.mycity.rs/must-login.png https://www.mycity.rs/must-login.png Eto i ostala 2 gamer loga, bila mi je frka nisam mogao.

Profil

helen1 Poslao: 27 Avg 2010 15:49 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li znas da radis Export kljuca iz registra? Ako znas bice nam lakse, ako ne, onda cemo probati. Znaci: Klikni Start->Run pa otkucaj regedit i klikni OK. Otvorice ti se prozor sa dva dela. Sa leve strane imas neke plusice. Kliknuces na HKEY_CURRENT_USER pa kad se razgrana onda na software, pa na microsoft, windows nt, currentversion, sve dok ne dodjes do fascikle gde pise winlogon. Uradices desni klik na fasciklu i onda Export i to sacuvaj na Desktop i posalji mi ovde. Evo slike kako kod mene izgleda:

Profil

paskale Poslao: 27 Avg 2010 15:56 Idi na vrh
offline paskale Građanin Pridružio: 25 Nov 2007 Poruke: 296	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: https://www.mycity.rs/must-login.png znam znam, evo uređeno.

Profil

helen1 Poslao: 27 Avg 2010 16:58 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Postavi mi svez DDS log.

Profil

paskale Poslao: 27 Avg 2010 17:37 Idi na vrh
offline paskale Građanin Pridružio: 25 Nov 2007 Poruke: 296	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! DDS (Ver_10-03-17.01) - NTFSx86 Run by User at 17:35:53,32 on pet 27.08.2010 Internet Explorer: 7.0.5730.11 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.459 [GMT 2:00] AV: avast! antivirus 4.8.1368 [VPS 100827-0] On-access scanning enabled (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe D:\Documents and Settings\User\My Documents\Downloads\dds.scr ============== Pseudo HJT Report =============== BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMBgMonitor.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\rocketdock\RocketDock.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe Notify: WBSrv - c:\progra~1\stardock\object~1\window~1\wbsrv.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\ha1ryb16.default\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24); c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-8-27 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-27 20560] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-26 138680] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-26 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-26 352920] S2 egrlkrha;Network Time;c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336] =============== Created Last 30 ================ 2010-08-27 08:35:29 0 d-----w- c:\windows\system32\wbem\snmp 2010-08-27 08:35:28 0 d-----w- c:\windows\system32\xircom 2010-08-27 08:24:06 0 d-----w- c:\program files\CCleaner 2010-08-27 06:42:27 204 ----a-w- c:\documents and settings\user\default.pls 2010-08-27 06:15:50 0 d-sha-r- C:\cmdcons 2010-08-27 06:14:32 98816 ----a-w- c:\windows\sed.exe 2010-08-27 06:14:32 77312 ----a-w- c:\windows\MBR.exe 2010-08-27 06:14:32 256512 ----a-w- c:\windows\PEV.exe 2010-08-27 06:14:32 161792 ----a-w- c:\windows\SWREG.exe ==================== Find3M ==================== 2010-01-26 19:48:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat 2010-01-26 19:48:03 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012010012620100127\index.dat 2010-01-26 19:47:59 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat ============= FINISH: 17:36:17,17 ===============

Profil

helen1 Poslao: 27 Avg 2010 17:47 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\windows\system32\cfgnm.dll NetSvc:: egrlkrha Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3920:TCP"=- Driver:: egrlkrha` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Opasna infekcija

Ko je trenutno na forumu

Ukupno su 966 korisnika na forumu :: 32 registrovanih, 4 sakrivenih i 930 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: aramis s, babaroga, bikif46225, bladesu, Bobrock1, Boris90, darkojbn, djuradj, gomago, goxin, ivkovicmarjan, Kubovac, kybonacci, Lieutenant, mercedesamg, Mercury, milenko crazy north, milos.cbr, milutin134, Mirage 2000N, mocnijogurt, moldway, Povratak1912, procesor, Ripanjac, SlaKoj, stegonosa, Trpe Grozni, Vatreni Zmaj, virked, voja64, W123

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by