KIS vrstao - mozda lazna uzbuna - savet

1

KIS vrstao - mozda lazna uzbuna - savet

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4194
  • Gde živiš: U zlatnom kavezu

Jutros oko 8 kasper javio da je karantin stavio neka dva file.... kad otvorim lokaciju tog foldera nema - vide se skriveni folderi. Kasper kaze da su u karantinu i nisu opasne.







Da li vas taj detektovani exe podseca na neku infekciju?
Postijuci vas rad, trud i vreme necu davati logove, jer sam nedavno radio rutinsku kontroli i bio negativan na viruse. Cudno je da u temporaly internet files nema tog foldera......

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6061

Mnogo malware-a postavlja svoje fajlove privremeno u %temp% foldere dok se ne izvrsi ... ili zasta je vec napisan, te je svaki AV sada paranoican kada vidi tako neki izvrsni file u tempu. Po prici rekao bih da je tu AV nista drugo nego odradio svoj posao.

Mozes isprazni temp koristeci ovaj alat:

Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.

Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.


A ti ako zelis, budi slobodan pa postavi nam DDS log bez ustrucavanja ako zelis proveru. Wink
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4194
  • Gde živiš: U zlatnom kavezu

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448
Run by Brksi at 15:50:51 on 2013-05-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.16283.13843 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
F:\powerdvd11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
F:\powerdvd11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
F:\powerdvd11\PowerDVD11\Common\MediaServer\CLMSServer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
F:\The bat\thebat.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\BrksiAppData\Local\Temp\vcheck.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
F:\itunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
F:\powerdvd11\PowerDVD11\PDVD11Serv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
F:\AppData\Local\Google\Chrome\Application\chrome.exe
F:\AppData\Local\Google\Chrome\Application\chrome.exe
F:\AppData\Local\Google\Chrome\Application\chrome.exe
F:\AppData\Local\Google\Chrome\Application\chrome.exe
F:\AppData\Local\Google\Chrome\Application\chrome.exe
F:\AppData\Local\Google\Chrome\Application\chrome.exe
F:\AppData\Local\Google\Chrome\Application\chrome.exe
F:\AppData\Local\Google\Chrome\Application\chrome.exe
F:\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
C:\Windows\system32\wuauclt.exe
F:\uTorrent\uTorrent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
mSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Pomoćnik za prijavljivanje u Microsoft nalog: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [thebat_startup] F:\The bat\thebat.exe /minimize
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [vcheck] C:\Users\BRKSIA~1\Local\Temp\vcheck.exe
uRun: [VerControl] C:\Users\BRKSIA~1\Local\TempImg\VerControl.exe
uRun: [Google Update] "f:\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [PWRISOVM.EXE] F:\PowerISO\PWRISOVM.EXE -startup
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [TV Card Remote Control Device Monitor] C:\Windows\9205RMTMon.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "F:\iTunes\iTunesHelper.exe"
mRun: [Bonus.SSR.FR10] "F:\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
mRun: [RemoteControl11] F:\powerdvd11\PowerDVD11\PDVD11Serv.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
StartupFolder: C:\Users\Brksi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTG~1.LNK - F:\EventGhost\EventGhost.exe
StartupFolder: C:\Users\Brksi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Dodaj u Zaštitu od reklama - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{26B515FA-E152-4E0F-A67F-8FA8B2D2E203} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D9F2B677-9CAA-4931-99B6-5EE78008B477} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - f:\AppData\Roaming\Mozilla\Firefox\Profiles\vzl3fyk5.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: f:\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: F:\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2013/05/04 20:18:48];F:\powerdvd11\PowerDVD11\Common\NavFilter\000.fcl [2013-5-4 148976]
R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-19 814344]
R2 AVP;Kaspersky Anti-Virus usluga;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 206448]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;F:\powerdvd11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2013-5-4 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;F:\powerdvd11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2013-5-4 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;F:\powerdvd11\PowerDVD11\Common\MediaServer\CLMSServer.exe [2013-5-4 312616]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-21 171688]
R2 ntk_PowerDVD;ntk_PowerDVD;F:\powerdvd11\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2013-5-4 75248]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-21 317440]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-7-21 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-7-21 181248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Usluga tehnologije aktivacije operativnog sistema Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-21 1255736]
.
=============== Created Last 30 ================
.
2013-05-09 15:50:30 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-05-05 16:09:02 -------- d-----w- f:\AppData\Local\CyberLink
2013-05-04 18:18:50 -------- d-----w- C:\ProgramData\PDVD
2013-05-04 18:18:33 -------- d-----w- f:\AppData\Local\MediaServer
2013-05-04 18:17:33 -------- d-----w- C:\ProgramData\install_clap
2013-04-30 20:08:13 -------- d-----w- C:\Program Files (x86)\Advanced Port Scanner
2013-04-24 11:09:48 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-04-20 13:58:48 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-04-20 09:30:29 -------- d-----w- f:\AppData\Local\PunkBuster
2013-04-20 09:30:13 -------- d-----w- C:\ProgramData\Orbit
2013-04-20 09:28:21 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-04-20 09:28:21 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-04-20 09:28:21 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-04-20 09:09:20 -------- d-----w- f:\AppData\Local\Ubisoft Game Launcher
.
==================== Find3M ====================
.
2013-04-24 11:09:46 971680 ----a-w- C:\Windows\System32\deployJava1.dll
2013-04-24 11:09:46 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-04-23 14:31:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-03-14 20:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-03-13 11:19:48 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 11:19:48 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-23 20:44:12 472576 ----a-w- C:\Windows\AutoKMS.exe
.
============= FINISH: 15:51:05,63 ===============

https://www.mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6061

Preuzmi RogueKiller i sačuvaj ga na Desktop

32bit verzija: http://tigzy.geekstogo.com/Tools/RogueKiller.exe
64bit verzija: http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe

Dvoklikom pokreni RogueKiller i pričekaj da se inicijalno skeniranje završi.
Klikni na dugme Scan.
Po završenom skeniranju, biće kreiran izveštaj na desktopu pod nazivom RKreport.txt
Sadržaj tog loga iskopiraj u temi..
Zatvori RogueKiller

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4194
  • Gde živiš: U zlatnom kavezu

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Brksi [Admin rights]
Mode : Scan -- Date : 05/13/2013 17:34:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] vcheck.exe -- C:\Users\BrksiAppData\Local\Temp\vcheck.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : vcheck (C:\Users\BrksiAppData\Local\Temp\vcheck.exe) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1479331576-3048224127-1960789526-1000[...]\Run : vcheck (C:\Users\BrksiAppData\Local\Temp\vcheck.exe) [-] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : TV Card Remote Control Device Monitor (C:\Windows\9205RMTMon.exe) [x] -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD204UI ATA Device +++++
--- User ---
[MBR] 702e88cdaa959c2dd4f9b63e83e96a1a
[BSP] cdb6e58bb822d6dbeefe9f97021f7c2d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1586128 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 3417057630 | Size: 239241 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3248391195 | Size: 82356 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: KINGSTON SH103S3120G ATA Device +++++
--- User ---
[MBR] b258087d0c96f6d9507fdcac29dee48d
[BSP] 5be1689d0148e1388ac5481e9c8ea7f4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05132013_02d1734.txt >>
RKreport[1]_S_05132013_02d1734.txt

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6061

Hajde jos jednu malu proveru;



Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:


C:\Users\BrksiAppData\Local\Temp\vcheck.exe;virustotal;
vcheck.exe;z


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Arrow Kopiraj sadrzaj tog loga u poruku.



Napomena:

Zoek ce mozda startovati default browser sa virustotal sajtom. Ne zatvaraj browser dok zoek ne zavrsi rad.

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4194
  • Gde živiš: U zlatnom kavezu

Uradicu za par minuta, dok skinem neki rar. Mada mislim da je taj checker cist (nije mi namera da te ucim tvom poslu, nemoj to tako shvatiti)

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6061

Opusteno ( Very Happy ), ovo je vise radjeno za istrazivacke svrhe. Razz

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4194
  • Gde živiš: U zlatnom kavezu

Zoek.exe Version 4.0.0.2 Updated 12-May-2013
Tool run by Brksi on pon 13.05.2013 at 18:25:03,49.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== VirusTotal Scan ======================

C:\Users\BrksiAppData\Local\Temp\vcheck.exe https://www.virustotal.com/file/11216718918A1700C6...../analysis/

==== Folders Found ======================


==== Files Found ======================


--- C:\Documents and Settings\Brksi\Desktop\RK_Quarantine\vcheck.exe.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 389120
Created time: 2013-05-13 15:34:29
Modified time: 2013-05-13 15:34:29
MD5: 409FAC735BF589644DF333A17D2113EC
SHA1: 0D2EF94653DB4AECB288482256EE4E3ACE5BF0E9


--- C:\Documents and Settings\BrksiAppData\Local\Temp\vcheck.exe ---
Company:
File Description: Version Checker
File Version: 1, 0, 0, 1
Product Name:
Copyright:
Original Filename:
File type: ------w-
File size: 389120
Created time: 2012-11-17 20:04:09
Modified time: 2011-03-14 10:35:34
MD5: D16D52674EBCC8175B837C09FEF263CA
SHA1: 91DBCC2AEC7F5DB86CBAAD6F13355103BADC70D6

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6061

Brksi, to je to. Kao sto vidis i sam, RK je izlistao te fajlove koristeci svoju heuristic detekciju a fajlovi su legitimni. Isti slucaj je i sa Dr.Web-om.
Sistem je cist, nema tragova malware-a.


Mozes ukloniti koriscene alate.

Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings


Klikni na dugme "Run" i pričekaj da program završi rad.
Kada alat završi, otvoriće izvestaj u notepadu.

Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nemoras da kacis DelFix log.




Pozdrav Wink

Ko je trenutno na forumu
 

Ukupno su 1053 korisnika na forumu :: 41 registrovanih, 4 sakrivenih i 1008 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 1798 - dana 19 Sep 2019 18:42

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ALBION101, Aleksandar Konstantin, aljosa7, Apok, bounty hunters, darkangel2, Dimitrise93, dozorni, Drug pukovnik, Ehinacea, JOntra, kalens021, kaptain2, Kubovac, mačković, MB120mm, medvedekbobi123, Milan A. Nikolic, milos.cbr, Mixelotti, MORAVA1, nedeljkovici, nesic1, NoOneEver Dreams, nradukic, Oscar2, repac, Revolucion, RJ, robertino, sakota79, SD2, Skywhaler, slonic_tonic, sosko, SsssssNOVI, timke, vasa.93, vlad the impaler, Zvrk2