KIS vrstao - mozda lazna uzbuna - savet

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Jutros oko 8 kasper javio da je karantin stavio neka dva file.... kad otvorim lokaciju tog foldera nema - vide se skriveni folderi. Kasper kaze da su u karantinu i nisu opasne.







Da li vas taj detektovani exe podseca na neku infekciju?
Postijuci vas rad, trud i vreme necu davati logove, jer sam nedavno radio rutinsku kontroli i bio negativan na viruse. Cudno je da u temporaly internet files nema tog foldera......

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Mnogo malware-a postavlja svoje fajlove privremeno u %temp% foldere dok se ne izvrsi ... ili zasta je vec napisan, te je svaki AV sada paranoican kada vidi tako neki izvrsni file u tempu. Po prici rekao bih da je tu AV nista drugo nego odradio svoj posao.

Mozes isprazni temp koristeci ovaj alat:

Preuzmi TFC (Temp File Cleaner) i sacuvaj ga na Desktop.
Dvoklikom pokreni program i klikni na dugme Start da bi dozvolio programu da otpocne skeniranje.
Kada program zavrsi skeniranje,mozda ce zatraziti da restartujes racunar. Dozvoli mu.
Napomena: Kada zavrsis sa ciscenjem temp fajlova,program mozes obrisati ili ga sacuvati za kasniju upotrebu.


A ti ako zelis, budi slobodan pa postavi nam DDS log bez ustrucavanja ako zelis proveru.
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16448
Run by Brksi at 15:50:51 on 2013-05-13
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.16283.13843 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
F:\powerdvd11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
F:\powerdvd11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
F:\powerdvd11\PowerDVD11\Common\MediaServer\CLMSServer.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
F:\The bat\thebat.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\BrksiAppData\Local\Temp\vcheck.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exe
F:\itunes\iTunesHelper.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
F:\powerdvd11\PowerDVD11\PDVD11Serv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
F:\AppData\Local\Google\Chrome\Application\chrome.exe
F:\AppData\Local\Google\Chrome\Application\chrome.exe
F:\AppData\Local\Google\Chrome\Application\chrome.exe
F:\AppData\Local\Google\Chrome\Application\chrome.exe
F:\AppData\Local\Google\Chrome\Application\chrome.exe
F:\AppData\Local\Google\Chrome\Application\chrome.exe
F:\AppData\Local\Google\Chrome\Application\chrome.exe
F:\AppData\Local\Google\Chrome\Application\chrome.exe
F:\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe
C:\Windows\system32\wuauclt.exe
F:\uTorrent\uTorrent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearchURL,(Default) = hxxp://www.forumswatcher.com/search.htm
mSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Pomoćnik za prijavljivanje u Microsoft nalog: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [thebat_startup] F:\The bat\thebat.exe /minimize
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [vcheck] C:\Users\BRKSIA~1\Local\Temp\vcheck.exe
uRun: [VerControl] C:\Users\BRKSIA~1\Local\TempImg\VerControl.exe
uRun: [Google Update] "f:\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [PWRISOVM.EXE] F:\PowerISO\PWRISOVM.EXE -startup
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [TV Card Remote Control Device Monitor] C:\Windows\9205RMTMon.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "F:\iTunes\iTunesHelper.exe"
mRun: [Bonus.SSR.FR10] "F:\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
mRun: [RemoteControl11] F:\powerdvd11\PowerDVD11\PDVD11Serv.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
StartupFolder: C:\Users\Brksi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTG~1.LNK - F:\EventGhost\EventGhost.exe
StartupFolder: C:\Users\Brksi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Dodaj u Zaštitu od reklama - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{26B515FA-E152-4E0F-A67F-8FA8B2D2E203} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D9F2B677-9CAA-4931-99B6-5EE78008B477} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - f:\AppData\Roaming\Mozilla\Firefox\Profiles\vzl3fyk5.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npqtplugin.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npqtplugin2.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npqtplugin3.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npqtplugin4.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npqtplugin5.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npqtplugin6.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: f:\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: F:\iTunes\Mozilla Plugins\npitunes.dll
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2013/05/04 20:18:48];F:\powerdvd11\PowerDVD11\Common\NavFilter\000.fcl [2013-5-4 148976]
R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-19 814344]
R2 AVP;Kaspersky Anti-Virus usluga;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 206448]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;F:\powerdvd11\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [2013-5-4 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;F:\powerdvd11\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [2013-5-4 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;F:\powerdvd11\PowerDVD11\Common\MediaServer\CLMSServer.exe [2013-5-4 312616]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2012-7-21 171688]
R2 ntk_PowerDVD;ntk_PowerDVD;F:\powerdvd11\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys [2013-5-4 75248]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-21 317440]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
R3 LVUVC64;Logitech HD Webcam C525(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-7-21 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-7-21 181248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Usluga tehnologije aktivacije operativnog sistema Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-21 1255736]
.
=============== Created Last 30 ================
.
2013-05-09 15:50:30 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2013-05-05 16:09:02 -------- d-----w- f:\AppData\Local\CyberLink
2013-05-04 18:18:50 -------- d-----w- C:\ProgramData\PDVD
2013-05-04 18:18:33 -------- d-----w- f:\AppData\Local\MediaServer
2013-05-04 18:17:33 -------- d-----w- C:\ProgramData\install_clap
2013-04-30 20:08:13 -------- d-----w- C:\Program Files (x86)\Advanced Port Scanner
2013-04-24 11:09:48 108448 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-04-20 13:58:48 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-04-20 09:30:29 -------- d-----w- f:\AppData\Local\PunkBuster
2013-04-20 09:30:13 -------- d-----w- C:\ProgramData\Orbit
2013-04-20 09:28:21 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-04-20 09:28:21 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-04-20 09:28:21 281688 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-04-20 09:09:20 -------- d-----w- f:\AppData\Local\Ubisoft Game Launcher
.
==================== Find3M ====================
.
2013-04-24 11:09:46 971680 ----a-w- C:\Windows\System32\deployJava1.dll
2013-04-24 11:09:46 1092512 ----a-w- C:\Windows\System32\npDeployJava1.dll
2013-04-23 14:31:30 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10 2555680 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-03-14 20:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-03-13 11:19:48 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-13 11:19:48 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-02-23 20:44:12 472576 ----a-w- C:\Windows\AutoKMS.exe
.
============= FINISH: 15:51:05,63 ===============

https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi RogueKiller i sačuvaj ga na Desktop

32bit verzija: http://tigzy.geekstogo.com/Tools/RogueKiller.exe
64bit verzija: http://tigzy.geekstogo.com/Tools/RogueKillerX64.exe

Dvoklikom pokreni RogueKiller i pričekaj da se inicijalno skeniranje završi.
Klikni na dugme Scan.
Po završenom skeniranju, biće kreiran izveštaj na desktopu pod nazivom RKreport.txt
Sadržaj tog loga iskopiraj u temi..
Zatvori RogueKiller

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Brksi [Admin rights]
Mode : Scan -- Date : 05/13/2013 17:34:29
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] vcheck.exe -- C:\Users\BrksiAppData\Local\Temp\vcheck.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : vcheck (C:\Users\BrksiAppData\Local\Temp\vcheck.exe) [-] -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-21-1479331576-3048224127-1960789526-1000[...]\Run : vcheck (C:\Users\BrksiAppData\Local\Temp\vcheck.exe) [-] -> FOUND
[RUN][SUSP PATH] HKLM\[...]\Wow6432Node\Run : TV Card Remote Control Device Monitor (C:\Windows\9205RMTMon.exe) [x] -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD204UI ATA Device +++++
--- User ---
[MBR] 702e88cdaa959c2dd4f9b63e83e96a1a
[BSP] cdb6e58bb822d6dbeefe9f97021f7c2d : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1586128 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 3417057630 | Size: 239241 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3248391195 | Size: 82356 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: KINGSTON SH103S3120G ATA Device +++++
--- User ---
[MBR] b258087d0c96f6d9507fdcac29dee48d
[BSP] 5be1689d0148e1388ac5481e9c8ea7f4 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 114371 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_05132013_02d1734.txt >>
RKreport[1]_S_05132013_02d1734.txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hajde jos jednu malu proveru;



Preuzmi zoek.exe sa ovog ili ovog linka i sačuvaj ga na Desktop.


zatvori browser i ostale pokrenute programe;
deaktiviraj zaštitni softver ( po potrebi ) Uputstvo ;
dvoklikom pokreni zoek.exe;
pričekaj da se alat startuje ...


U beli okvir prozora iskopiraj sledeći tekst:


C:\Users\BrksiAppData\Local\Temp\vcheck.exe;virustotal;
vcheck.exe;z


Klikni na dugme i pričekaj da se skeniranje završi.


zoek ce po potrebi, restartovati Windows a na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Napomena:Izveštaj će biti sačuvan pod nazivom zoek-results.log na sistemskoj particiji (tipična lokacija: C:\zoek-results.log)


Kopiraj sadrzaj tog loga u poruku.



Napomena:

Zoek ce mozda startovati default browser sa virustotal sajtom. Ne zatvaraj browser dok zoek ne zavrsi rad.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradicu za par minuta, dok skinem neki rar. Mada mislim da je taj checker cist (nije mi namera da te ucim tvom poslu, nemoj to tako shvatiti)

• 1Ovo se svidja korisniku: Brksi
  
  Registruj se da bi pohvalio/la poruku!

Opusteno ( ), ovo je vise radjeno za istrazivacke svrhe.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zoek.exe Version 4.0.0.2 Updated 12-May-2013
Tool run by Brksi on pon 13.05.2013 at 18:25:03,49.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== VirusTotal Scan ======================

C:\Users\BrksiAppData\Local\Temp\vcheck.exe https://www.virustotal.com/file/11216718918A1700C6...../analysis/

==== Folders Found ======================


==== Files Found ======================


--- C:\Documents and Settings\Brksi\Desktop\RK_Quarantine\vcheck.exe.vir ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 389120
Created time: 2013-05-13 15:34:29
Modified time: 2013-05-13 15:34:29
MD5: 409FAC735BF589644DF333A17D2113EC
SHA1: 0D2EF94653DB4AECB288482256EE4E3ACE5BF0E9


--- C:\Documents and Settings\BrksiAppData\Local\Temp\vcheck.exe ---
Company:
File Description: Version Checker
File Version: 1, 0, 0, 1
Product Name:
Copyright:
Original Filename:
File type: ------w-
File size: 389120
Created time: 2012-11-17 20:04:09
Modified time: 2011-03-14 10:35:34
MD5: D16D52674EBCC8175B837C09FEF263CA
SHA1: 91DBCC2AEC7F5DB86CBAAD6F13355103BADC70D6

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Brksi, to je to. Kao sto vidis i sam, RK je izlistao te fajlove koristeci svoju heuristic detekciju a fajlovi su legitimni. Isti slucaj je i sa Dr.Web-om.
Sistem je cist, nema tragova malware-a.


Mozes ukloniti koriscene alate.

Preuzmi "Xplode"-ov DelFix i sačuvaj ga na Desktop

Dvoklikom pokreni program.

Štikliraj sledeće opcije:
Remove disinfection tools
Purge System Restore
Reset system settings

Klikni na dugme "Run" i pričekaj da program završi rad.
Kada alat završi, otvoriće izvestaj u notepadu.
Napomena: Izvestaj ce takodje biti sacuvan na C:\DelFix.txt

Nemoras da kacis DelFix log.




Pozdrav