MyCity » Ambulanta -> Arhiva Ambulante » Sta je u pitanju?

Sta je u pitanju?

Napisano na dan: 22.3.2011

Sta je u pitanju?
Sledeća strana Pagination

Idi na vrh

Poslao: 22 Mar 2011 22:01
Idi na vrh
offline
  • Pridružio: 26 Feb 2011
  • Poruke: 171

Prekjuce mi moj Kasperky Internet Security 2011 javi par porukica.

Sve probleme koje mi je izlistao sam pokusao da rijesim preko samoga KIS-a 2011, ali nakon restarta poruke se vracaju. Malo sam jos tamo zalazio po KIS-u i vidim da je nasao i neku gamad koju ne moze da pobrise. Inace nisam primjetio da je racunar sporiji i sl. Konekcija je broadband oko 3 Mbit/s mislim. I da KIS 2011 je redovno updateovan!

Evo i logova...

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Nedim at 20:39:42,20 on uto 22.03.2011
Internet Explorer: 9.0.8080.16413 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.387.1033.18.1536.727 [GMT 1:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Opera\opera.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Nedim\Desktop\dds.com
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky internet security 2011\ievkbd.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2011\avp.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky internet security 2011\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky internet security 2011\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-6-9 11352]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2010-4-22 22104]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19984]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-2-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-2-26 8320]
.
=============== Created Last 30 ================
.
2011-03-19 23:21:09 -------- d-----w- c:\windows\pss
2011-03-14 20:46:33 94208 ----a-w- c:\program files\internet explorer\en\iediag.resources.dll
2011-03-14 20:46:04 161280 ----a-w- c:\windows\system32\msls31.dll
2011-03-14 20:46:04 1125376 ----a-w- c:\windows\system32\wininet.dll
2011-03-14 20:46:02 107008 ----a-w- c:\program files\internet explorer\iecleanup.exe
2011-03-14 20:46:01 307200 ----a-w- c:\program files\internet explorer\iediagcmd.exe
2011-03-14 20:46:00 319488 ----a-w- c:\program files\internet explorer\iediagDLL.dll
2011-03-14 20:46:00 273208 ----a-w- c:\program files\internet explorer\iediag.exe
2011-03-14 20:36:49 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-14 20:36:49 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-03-14 20:36:48 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-03-14 20:36:45 1074176 ----a-w- c:\windows\system32\DWrite.dll
2011-03-14 20:36:44 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-03-14 20:36:41 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-03-14 20:36:40 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-03-14 20:36:37 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-03-14 20:36:36 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-03-14 20:36:34 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-03-14 20:36:33 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-03-14 20:36:32 107520 ----a-w- c:\windows\system32\cdd.dll
2011-03-14 20:36:28 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-14 20:30:42 -------- d-----w- c:\program files\Feedback Tool
2011-03-05 23:08:42 -------- d-----w- c:\program files\BitTorrent
2011-03-05 23:07:39 -------- d-----w- c:\users\nedim\appdata\roaming\BitTorrent
2011-03-04 18:29:00 -------- d-----w- c:\program files\Dev-Pas
2011-03-04 14:09:00 -------- d-----w- c:\program files\Winamp Detect
2011-03-03 22:31:55 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-03-03 22:31:54 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2011-03-03 22:29:55 -------- d-----w- c:\program files\common files\PX Storage Engine
2011-02-28 13:38:32 -------- d-----w- c:\users\nedim\appdata\local\Opera
2011-02-24 22:22:55 -------- d-----w- c:\program files\EWB512
2011-02-24 22:14:34 314368 ----a-w- c:\windows\IsUninst.exe
2011-02-21 21:29:10 -------- d-----w- c:\program files\coolpro2
.
==================== Find3M ====================
.
2011-03-14 20:45:44 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-03-14 20:45:42 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-03-14 20:45:37 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-03-14 20:45:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-03-14 20:45:35 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-03-14 20:45:30 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-03-14 20:45:18 367104 ----a-w- c:\windows\system32\html.iec
2011-03-14 20:45:03 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-03-14 20:44:57 1426432 ----a-w- c:\windows\system32\inetcpl.cpl
2011-03-14 20:44:54 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-03-14 20:44:51 152064 ----a-w- c:\windows\system32\wextract.exe
2011-03-14 20:44:50 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-03-14 20:44:42 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-14 20:44:37 2382336 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-14 20:44:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-03-14 20:44:36 11776 ----a-w- c:\windows\system32\mshta.exe
2011-03-14 20:44:35 101888 ----a-w- c:\windows\system32\admparse.dll
2011-03-14 20:44:32 1791488 ----a-w- c:\windows\system32\jscript9.dll
2011-03-14 20:44:31 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-02-24 22:22:46 216064 ----a-w- c:\windows\iun3405.exe
2011-02-15 19:09:52 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2011-02-05 13:11:05 720896 ----a-w- c:\windows\iun6002.exe
2011-02-02 20:40:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 20:46:17,33 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Poslao: 23 Mar 2011 15:41
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Pozdrav EkatarinaVelika!









Arrow


Nadam se da koristis legalan KIS?
Mozes li mi nekako napraviti log tih "gamadi" koje si nasao u opcijama KIS-a da pogledam o cemu je reci? Ukoliko ne uspes napraviti izvestaj (log), uslikaj ekran (screenshot) tako da vidim detekcije i fajlove koji su u pitanju.





Arrow Uradicemo jos jedno skeniranje racunara ...


Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Quick Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).






Arrow

- S'obzirom da koristis KIS (to je security paket) predlazem ti da iskljucis Windows Defender LINK;

- Koristis Adobe Reader 8 koji je stara a ujedno i kriticna verzija ovog PDF reader-a zbog propusta u sigurnosti. Svakako ti predlazem da instaliras najnoviju verziju (Reader X) ili predjes na alternativu tipa Foxit Reader, Nitro PDF Reader, itd ...;

- Imas instaliran TeamViewer 5 i TeamViewer 6. Svakako stariju verziju mozes deinstalirati;

- Ne bi bilo lose da deinstaliras i HWiNFO32, pa ga ponovo instaliraj ukoliko ti je potreban tj. ukoliko ga koristis. Primecujem da je iskljucen u Device Manager-u, pa se njegov drajver ne ucitava;

- Preporucujem da za zastitu USB memorijskih uredjaja koristis MCShield. Nema nikakve veze sa AntiVirus-om tj. nece ometati njegov rad a pokazao se kao jedan od najboljih vida zastite od malware-a koji se prenosi putem USB mem. uredjaja.

Skines, instaliras, ubodes USB mem. uredjaj, izvrsi se skeniranje nakon cega dobijes obavestenje da je uredjaj cist (ukoliko je stvarno tako); ili dobijes log u kome vidis informacije o malware-u koji je nadjen i obrisan.


Home Page MCShield-a: http://amf.mycity.rs/programs/mc/mcshield/

Vise o MCShield-u mozes saznati u ovoj temi: http://www.mycity.rs/Antispyware-programi/MCShield.html





goran9888 (AMF Tim)

Poslao: 24 Mar 2011 11:09
Idi na vrh
offline
  • Pridružio: 26 Feb 2011
  • Poruke: 171

Napisano: 24 Mar 2011 0:30

Uradio sam vecinu tvojih uputa i imam utisak da mi komp. radi rasterecenije, mora da su se "klali" KIS i Win Defender.

A evo i log, koliko sam i ja uspio da vidim Malwarebytes kaze da je komp cist. Very Happy

mycity.rs/must-login.png


Dostavim ti sutra ujutro i onaj log od Kaspersog, umoran sam nemam sad snage ni zivaca za toga, gluha su doba.

Dopuna: 24 Mar 2011 11:09

Jutros upalim komp. i vidim da mi je od svih onih poruka u KIS ostala ona "Full scan is required"(To mi je pravo mrsko da radim). Mozda ima veze veze sa sinocnjim paljenjem Malwarebytesa, mozda je KIS skontao da je paranoican. Very Happy

Jesu li svi ostali logovi cisti?

Pozdrav! Very Happy

Poslao: 24 Mar 2011 12:03
Idi na vrh
offline
  • Pridružio: 02 Feb 2008
  • Poruke: 14018
  • Gde živiš: Nish

Moguce je da se to desilo ako koristis nelegalan KIS, tj. ukoliko koristis Trial Reseter ili neku slicnu aplikaciju kojom produzavas licencu KIS-a na nelegalan nacin.



Ukoliko je to u pitanju, svakako ti predlazem da predjes sa komercijalnog na besplatan security paket.



Tvoji log-ovi, koje si postavio, su cisti.



Ostaje jos samo da proveris pretrazivac i update-ujes ukoliko nesto bude ponudjeno: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html






Poslao: 30 Mar 2011 21:02
Idi na vrh
offline
  • Pridružio: 26 Feb 2011
  • Poruke: 171

Eto ga, updateovani i browser plugini...

Hvala jos jednom, Gorane! Wink

MyCity » Ambulanta -> Arhiva Ambulante » Sta je u pitanju?

Ko je trenutno na forumu
 

Ukupno su 838 korisnika na forumu :: 36 registrovanih, 6 sakrivenih i 796 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: anbeast, anta, Apok, BORUTUS, darios, deLacy, djo97, doktor1964, draganl, drimer, Griffon vulture, ILGromovnik, Insan, krkalon, Kubovac, ladro, mik7, Milometer, Milos ZA, milos.cbr, Ne doznajem se u oružje, nemkea71, panzerwaffe, Ripanjac, sasa87, Shinobi, Sir Budimir, t84dar, Viceroy, VJ, vukovi, wizzardone, wolf431, zillbg, zziko, |_MeD_|