Da proverim sistem

Da proverim sistem

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 446
  • Gde živiš: Nemačka

Pozdrav!

Posto odavno nisam proveravao u ambulanti sistem,pa sam sada resio da to obavim uz Vasu pomoc!
U prilogu :


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.21352 BrowserJavaVersion: 10.45.2
Run by MILANA at 12:38:44 on 2013-11-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.413 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\Domino.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\milana\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Domino] c:\windows\Domino.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\milana\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1374046496671
DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{57426EE8-6ED9-499A-8908-DD89BBE727B3} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\milana\application data\mozilla\firefox\profiles\0zgdz61w.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - plugin: c:\documents and settings\milana\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\milana\local settings\application data\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-11-2 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-11-2 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-11-2 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-11-2 403440]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-5-23 119056]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-11-2 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-11-2 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-11-2 50344]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [2013-9-1 428160]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-9-16 1691480]
S3 cpuz134;cpuz134;\??\c:\docume~1\milana\locals~1\temp\cpuz134\cpuz134_x32.sys --> c:\docume~1\milana\locals~1\temp\cpuz134\cpuz134_x32.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
=============== Created Last 30 ================
.
2013-11-02 11:20:20 -------- d-----w- c:\documents and settings\milana\application data\AVAST Software
2013-11-02 10:58:02 178304 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-02 10:58:01 70384 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-02 10:58:01 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-02 10:35:23 -------- d-----w- c:\documents and settings\milana\application data\Panda Security
2013-11-02 10:35:02 -------- d-----w- c:\program files\Panda Security
2013-11-02 10:35:02 -------- d-----w- c:\documents and settings\all users\application data\Panda Security
2013-11-02 10:33:57 774392 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-02 10:33:33 43152 ----a-w- c:\windows\avastSS.scr
2013-11-02 10:33:15 -------- d-----w- c:\program files\AVAST Software
2013-11-02 10:08:28 -------- d-----w- c:\documents and settings\milana\application data\BlueSprig
2013-11-02 10:08:25 -------- d-----w- c:\program files\BlueSprig
2013-10-30 19:42:25 272496 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-10-20 18:02:31 145408 ----a-w- c:\windows\system32\javacpl.cpl
2013-10-20 18:02:25 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-07 16:12:59 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2013-10-07 16:12:59 496128 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2013-10-07 16:12:59 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2013-10-07 16:12:58 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2013-10-07 16:12:58 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2013-10-07 16:12:58 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2013-10-07 16:12:57 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2013-10-07 16:12:54 6108672 -c----w- c:\windows\system32\dllcache\ieframe.dll
.
==================== Find3M ====================
.
2013-11-02 05:52:56 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2013-10-09 04:02:18 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-09 04:02:18 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 12:39:05.34 ===============

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Pozdrav.



Preuzmite program GMER sa donjeg linka na Desktop:


GMER download
Kliknite dati link;
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberite Desktop i kliknite Save.



Dvoklikom pokrenite GMER.
Sačekajte da se završi uvodno skeniranje - ukoliko se pojavi bilo kakav upit, kliknite No;

kliknite Scan i sačekajte da skeniranje bude završeno;

kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer1);

kliknite desnim tasterom u prozor programa Gmer i odaberite Options > 3rd party - kliknite Scan;

po završetku skeniranja kliknite Save ... - izveštaj sačuvajte na Desktop (pod nazivom Gmer2);

kliknite taster >>> i odaberite Autostart karticu;

po završetku kratkotrajnog skeniranja, kliknite Copy;

otvorite Notepad i u njega postavite kopirani tekst - izveštaj sačuvajte na Desktop (pod nazivom Gmer3);


Slikoviti prikaz postupka

Priložite sva tri izveštaja uz poruku korišćenjem opcije Prikači fajl.



Ivance95 (AMF Tim)

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 446
  • Gde živiš: Nemačka

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow Tvoj kompjuter je čist što se malware-a tiče, nemaš razloga za brigu.



Ivance95 (AMF Tim)

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 446
  • Gde živiš: Nemačka

Puno hvala Ivance95 Ziveli

Ko je trenutno na forumu
 

Ukupno su 740 korisnika na forumu :: 3 registrovanih, 0 sakrivenih i 737 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: nemkea71, procesor, TheDictator