Provera sistema

Provera sistema

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 445
  • Gde živiš: Landau and der Pfalz

Postovani,vec par dana nemogu da udjem na pojedine sajtove pa me zanima da nije sistem pokupijo neki virus mada ja to neprimetim ,pa hocu ipak da proverim.

Evo kako to izgleda kada kliknem recimo na fejs



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.45.2
Run by Milana at 17:17:36 on 2013-06-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.545 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Milana\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uSearch Bar = hxxp://www.bing.com
uInternet Connection Wizard,ShellNext = hxxp://www.pandasecurity.com/redirector/?app=Welcome&prod=3753&lang=eng
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.130\McAfeeMSS_IE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
mRun: [Domino] c:\windows\Domino.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\milana\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{DCCDEBB0-9A55-49BA-BF7A-7DA0BDF3657B} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\milana\application data\mozilla\firefox\profiles\z4ann2xm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - plugin: c:\documents and settings\milana\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_152.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-6-14 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-6-14 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2013-6-14 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2013-6-14 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2013-6-14 40384]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2013-11-5 428160]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
=============== Created Last 30 ================
.
2013-11-30 16:56:01 5632 ----a-w- c:\windows\system32\ptpusb.dll
2013-11-30 16:56:00 159232 ----a-w- c:\windows\system32\ptpusd.dll
2013-11-30 16:55:59 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2013-11-30 16:55:59 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2013-11-29 14:28:17 -------- d-----w- c:\documents and settings\all users\application data\Sophos
2013-11-24 09:59:42 24064 ------w- c:\windows\system32\msxml3a.dll
2013-11-22 19:48:45 -------- d-----w- c:\documents and settings\milana\BTSync
2013-11-22 19:48:11 -------- d-----w- c:\documents and settings\milana\application data\BitTorrent Sync
2013-11-22 19:46:36 -------- d-----w- c:\documents and settings\milana\application data\uTorrent
2013-11-17 16:13:08 -------- d-----r- c:\program files\Skype
2013-11-16 18:58:04 -------- d-----w- c:\program files\AVAST Software
2013-11-16 15:25:02 -------- d-----w- c:\windows\pss
2013-11-16 15:22:55 -------- d-----w- c:\documents and settings\milana\local settings\application data\Identities
2013-11-16 15:20:58 -------- d-----w- c:\documents and settings\all users\application data\McAfee Security Scan
2013-11-16 15:20:53 -------- d-----w- c:\program files\McAfee Security Scan
2013-11-12 19:54:49 -------- d-----w- c:\documents and settings\milana\application data\FastStone
2013-11-12 19:54:43 -------- d-----w- c:\program files\FastStone Capture
2013-11-10 14:24:52 -------- d-----w- c:\documents and settings\milana\local settings\application data\Facebook
2013-11-09 12:32:29 -------- d-----w- c:\documents and settings\milana\application data\Malwarebytes
2013-11-09 12:32:23 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-11-09 12:12:40 -------- d-----w- c:\windows\ERUNT
2013-11-09 10:55:14 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-09 10:55:14 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-09 10:52:46 -------- d-----w- c:\documents and settings\milana\local settings\application data\Adobe
2013-11-09 10:47:20 -------- d-----w- c:\documents and settings\milana\local settings\application data\Opera Software
2013-11-09 10:47:18 -------- d-----w- c:\documents and settings\milana\application data\Opera Software
2013-11-09 10:38:39 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-11-09 10:38:35 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-11-09 10:19:15 -------- d-----w- c:\documents and settings\milana\application data\AVAST Software
2013-11-09 10:13:00 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-11-09 09:27:10 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2013-11-09 09:27:10 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2013-11-09 09:27:10 1060864 ----a-w- c:\windows\system32\MFC71.dll
2013-11-09 08:54:28 -------- d-----w- c:\windows\system32\appmgmt
2013-11-08 18:56:46 -------- d-sh--w- c:\documents and settings\milana\PrivacIE
2013-11-08 18:56:17 -------- d-----w- c:\documents and settings\all users\application data\firebird
2013-11-08 17:03:17 -------- d-----w- c:\documents and settings\milana\application data\TeamViewer
2013-11-07 19:58:08 -------- d-----w- c:\program files\Unlocker
2013-11-07 19:54:02 -------- d-sh--w- c:\documents and settings\milana\IETldCache
2013-11-07 19:49:09 -------- dc----w- c:\windows\ie8
2013-11-07 19:47:16 -------- d-----w- c:\documents and settings\all users\application data\MCShield
2013-11-07 19:47:15 -------- d-----w- c:\program files\MCShield
2013-11-07 19:32:34 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2013-11-07 19:32:21 -------- d-----w- c:\documents and settings\all users\application data\Hitman Pro
2013-11-06 18:12:01 221184 ----a-w- c:\windows\system32\wmpns.dll
2013-11-06 18:05:18 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2013-11-06 18:05:18 79872 ------w- c:\windows\system32\msxml6r.dll
2013-11-06 18:05:18 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2013-11-06 18:05:18 1306624 ------w- c:\windows\system32\msxml6.dll
2013-11-06 18:00:20 -------- d-----w- c:\windows\ServicePackFiles
2013-11-06 17:59:46 294912 ------w- c:\program files\windows media player\dlimport.exe
2013-11-06 17:59:39 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2013-11-06 17:44:38 -------- d-----w- c:\documents and settings\milana\local settings\application data\Yahoo
2013-11-06 17:44:31 -------- d-----w- c:\program files\Yahoo!
2013-11-06 17:43:23 -------- d-----w- c:\program files\Defraggler
2013-11-06 17:41:06 -------- d-----w- c:\program files\CCleaner
2013-11-06 04:07:11 -------- d-----w- c:\documents and settings\milana\local settings\application data\Sun
.
==================== Find3M ====================
.
2013-11-05 20:55:25 315392 ----a-w- c:\windows\HideWin.exe
.
============= FINISH: 17:17:59.40 ===============


https://www.mycity.rs/must-login.png

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Pozdrav Smile



Da li ti je vreme na racunaru podeseno kako treba, hoce to da pravi problem?



Preuzmi aswMBR i sacuvaj ga na Desktop.

Dvoklikom pokreni aswMBR.

Ukoliko dobijes sledecu poruku:
Would you like to download latest Avast! virus definitions?
Klikni na dugme Yes i pricekaj da se proces preuzimanja definicija zavrsi.


Proveri da je pod AV Scan: izabrana opcija QuickScan

Klikni na Scan.

Kada zavrsi skeniranje ( Scan finished successfully ) klikni Save log.
Sacuvaj aswMBR log na Desktop.
Sadrzaj tog loga iskopiraj u temi.




Arrow Uploaduj mi fajl preko sledećeg linka:

http://www.mycity.rs/ambulanta-upload.php

Klikneš na Choose File, pronađeš fajl i klikneš sa Upload.

c:\windows\HideWin.exe

Javi mi kad uploadujes fajl.

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 445
  • Gde živiš: Landau and der Pfalz

Arrow Da vreme mi se bilo pomerilo sat vremena napred pa sam to sinoc namestio. Smile

Arrow Uploadovao sam fajl .

Arrow Log

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-12-09 17:52:57
-----------------------------
17:52:57.843 OS Version: Windows 5.1.2600 Service Pack 3
17:52:57.843 Number of processors: 2 586 0xF0D
17:52:57.843 ComputerName: MILANA-6EF96913 UserName: Milana
17:52:58.015 Initialize success
17:53:00.906 AVAST engine defs: 13120900
17:53:03.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-10
17:53:03.640 Disk 0 Vendor: WDC_WD1600AAJS-08PSA0 05.06H05 Size: 152627MB BusType: 3
17:53:03.734 Disk 0 MBR read successfully
17:53:03.734 Disk 0 MBR scan
17:53:03.734 Disk 0 Windows XP default MBR code
17:53:03.734 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 20479 MB offset 19
17:53:03.734 Disk 0 Partition - 00 0F Extended LBA 122623 MB offset 61439616
17:53:03.750 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122615 MB offset 61439635
17:53:03.750 Disk 0 scanning sectors +312573408
17:53:03.843 Disk 0 scanning C:\WINDOWS\system32\drivers
17:53:14.921 Service scanning
17:53:17.390 Service GMSIPCI E:\INSTALL\GMSIPCI.SYS **LOCKED** 21
17:53:19.453 Service MSICPL E:\install4\MSICPL.sys **LOCKED** 21
17:53:20.250 Service NTACCESS E:\NTACCESS.sys **LOCKED** 21
17:53:21.828 Service SetupNTGLM7X E:\NTGLM7X.sys **LOCKED** 21
17:53:24.312 Modules scanning
17:53:32.593 Disk 0 trace - called modules:
17:53:32.609 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:53:32.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8675dab8]
17:53:32.609 3 CLASSPNP.SYS[f7a3afd7] -> nt!IofCallDriver -> \Device\00000063[0x867769e8]
17:53:32.609 5 ACPI.sys[f79b1620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-10[0x8676dd98]
17:53:32.765 AVAST engine scan C:\WINDOWS
17:53:36.375 AVAST engine scan C:\WINDOWS\system32
17:55:52.640 AVAST engine scan C:\WINDOWS\system32\drivers
17:56:07.812 AVAST engine scan C:\Documents and Settings\Milana
17:57:45.406 AVAST engine scan C:\Documents and Settings\All Users
17:58:05.265 Scan finished successfully
18:01:50.359 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Milana\My Documents\MBR.dat"
18:01:50.359 The log file has been saved successfully to "C:\Documents and Settings\Milana\My Documents\aswMBR.txt"

offline
  • Research Engineer @MalwareBytes
  • Pridružio: 09 Avg 2011
  • Poruke: 15877
  • Gde živiš: Beograd

Sistem je cist, nema malware-a...


Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Alat ce ukloniti sve koriscene alate u ovoj temi...
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nije potrebno dostavljati izvestaj.

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 445
  • Gde živiš: Landau and der Pfalz

Sve odradjeno,hvala i pozdrav! Ziveli

Ko je trenutno na forumu
 

Ukupno su 1040 korisnika na forumu :: 40 registrovanih, 9 sakrivenih i 991 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., AF-1, airsuba, amaterSRB, bojank, bojcistv, Boris BM, CikaKURE, DonRumataEstorski, draganl, FOX, Georgius, HogarStrashni, hooraay, HrcAk47, ILGromovnik, Ilija Cvorovic, JOntra, Karla, Krvava Devetka, Kvazar, kybonacci, Lieutenant, Luka Blažević, milenko crazy north, Milometer, nemkea71, nick79, nuke92, Parker, pein, procesor, Ripanjac, sasa87, Sirius, sovanova95, Srle993, stegonosa, vukovi, |_MeD_|