Da proverim sistem

1

Da proverim sistem

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 445
  • Gde živiš: Nemačka

Pozdrav AMF timu Exclamation

Od cerke racunar vec odavno nisam proveravao dali je zarazen,pa hocu da proverim i u kakvom je stanju Wink



DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.2.0
Run by Dalibor at 20:06:50 on 2013-01-12
Microsoft Windows XP Professional 5.1.2600.3.1251.381.1033.18.254.42 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=15187
uInternet Connection Wizard,ShellNext = hxxp://www.spacialnet.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\imon.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6E0F2453-FC75-4D33-A0FB-D0DBDEBC236B} : DHCPNameServer = 192.168.1.1
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-12-31 36552]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2011-6-25 15424]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-12-31 85280]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-12-31 109344]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-12-31 83944]
S2 NOD32krn;NOD32 Kernel Service;"c:\program files\eset\nod32krn.exe" --> c:\program files\eset\nod32krn.exe [?]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;"c:\program files\firebird\firebird_2_5\bin\fbserver.exe" -s defaultinstance --> c:\program files\firebird\firebird_2_5\bin\fbserver.exe [?]
.
=============== Created Last 30 ================
.
2013-01-12 12:54:42 -------- d-----w- c:\documents and settings\dalibor\application data\Maxthon3
2013-01-12 12:54:04 -------- d-----w- c:\program files\Maxthon3
2013-01-12 09:57:28 34816 ----a-w- c:\windows\system32\drivers\.sys
2013-01-09 15:39:29 -------- d-----w- c:\program files\VideoLAN
2012-12-31 18:55:51 -------- d-----w- c:\documents and settings\dalibor\application data\Avira
2012-12-31 18:39:14 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-12-31 18:39:13 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-31 18:39:00 -------- d-----w- c:\program files\Avira
2012-12-31 18:39:00 -------- d-----w- c:\documents and settings\all users\application data\Avira
.
==================== Find3M ====================
.
2013-01-12 13:13:37 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2012-12-31 22:42:31 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-31 22:42:30 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:07:53.25 ===============

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pozdrav.


Arrow

Aktivan je Eset pored Avire, znaci dva Antivirusa.

Potrebno je preuzeti ESET Uninstaller i odraditi po uputstvu sa linka.





Arrow

Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Dvoklikom pokreni program i klikni na dugme [Search] .
Kada program zavrsi analizu otvorice notepad sa izvestajem. Zatvori taj notepad.

Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt




Arrow

Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.

Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 445
  • Gde živiš: Nemačka

Neznam dali sam uspeo da uklonim Nod Eset posto slabo baratam sa engleskim jezikom ali ostalo sam odradio isto

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Ne valja, probaj sa ovim NOD32 removal tool .

Znaci restartujes racunar, klikces F8 i kad stane na novi prozor izaberes Safe Mode. Onda pokrenes Uninstaller.

Kako ući u SAFE MODE

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 445
  • Gde živiš: Nemačka

Napisano: 13 Jan 2013 11:59

Da usao sam u sef mod to znam kako ide od ranije.
Skinoo sam ovaj zadnji alat i pokrenuo ga iz safe moda.
Isao sam dvoklik na alat i dobio ovo:
[url=http://www.mycity.rs/slika.php?slika=238318_84879666_IMG_4823.jpg]
[/url]

Na tom prvom sam kliknuo na Jes i dobio ovo:



Tada mi se alat zatvorio.

Dopuna: 13 Jan 2013 12:01

Prva slika ponovo postavljena

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pita te da li hoces da ga uklonis, sta se desi kad kliknes Yes?

Ovo je Holandski, pa preko translate koliko mogu da vidim sa slike.

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 445
  • Gde živiš: Nemačka

Kada kliknem JES otvori mi se prozor na kome ima samo opcija OK to je ta slika u sredini i kada kliknem OK program mi se zatvori

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Pokreni ponovo DDS i postavi mi samo DDS.txt log fajl.

offline
  • Dalibor
  • Pridružio: 03 Feb 2011
  • Poruke: 445
  • Gde živiš: Nemačka

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.2.0
Run by Dalibor at 15:13:55 on 2013-01-13
Microsoft Windows XP Professional 5.1.2600.3.1251.381.1033.18.254.27 [GMT 1:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\mcshieldrtm.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\Program Files\Maxthon3\Bin\Maxthon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.spacialnet.com/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6E0F2453-FC75-4D33-A0FB-D0DBDEBC236B} : DHCPNameServer = 192.168.1.1
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-12-31 36552]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-12-31 85280]
R2 AntiVirService;Avira Real-Time Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-12-31 109344]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-12-31 83944]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;"c:\program files\firebird\firebird_2_5\bin\fbserver.exe" -s defaultinstance --> c:\program files\firebird\firebird_2_5\bin\fbserver.exe [?]
.
=============== Created Last 30 ================
.
2013-01-13 09:23:37 -------- d-----w- c:\program files\Defraggler
2013-01-13 09:16:39 -------- d-sh--w- c:\documents and settings\all users\application data\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2013-01-12 12:54:42 -------- d-----w- c:\documents and settings\dalibor\application data\Maxthon3
2013-01-12 12:54:04 -------- d-----w- c:\program files\Maxthon3
2013-01-12 09:57:28 34816 ----a-w- c:\windows\system32\drivers\.sys
2013-01-09 15:39:29 -------- d-----w- c:\program files\VideoLAN
2012-12-31 18:55:51 -------- d-----w- c:\documents and settings\dalibor\application data\Avira
2012-12-31 18:39:14 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-12-31 18:39:13 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-31 18:39:00 -------- d-----w- c:\program files\Avira
2012-12-31 18:39:00 -------- d-----w- c:\documents and settings\all users\application data\Avira
.
==================== Find3M ====================
.
2013-01-12 21:40:50 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-12 21:40:48 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-12 13:13:37 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
.
============= FINISH: 15:15:20.76 ===============


https://www.mycity.rs/must-login.png

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Dobro je obrisali smo ga.

Alate koje smo koristili mozes da obrises sa delete, TFC Cleaner mozes da zadrzis za kasniju upotrebu.
AdwCleaner pokreni pa klikni na Uninstall


To je sve, pozdrav Ziveli

Ko je trenutno na forumu
 

Ukupno su 963 korisnika na forumu :: 31 registrovanih, 4 sakrivenih i 928 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, Apok, Bobrock1, ccoogg123, cenejac111, cuculo, Denaya, doktor1964, HrcAk47, Kibice, Kubovac, kunktator, ladro, Magistar78, MiG-29M2, Milos ZA, milutin134, mnn2, nebidrag, Nikolaa11, Nikolajevic, Parker, procesor, Romibrat, Sirius, Stanlio, theNedjeljko, Tvrtko I, voja64, zastavnik, Žrnov