Poslao: 15 Avg 2013 07:28
|
offline
- Ivan_81_BGD
- Novi MyCity građanin
- Pridružio: 15 Avg 2013
- Poruke: 4
|
Ovako pre nekih mesec dana mi je ortak ubacio svoj USB flash i preko windows explorera otvorio sadrzaj i u tom trenutku se explorer restartovao. Odmah sam posumnjao na virus ili neku drugu napast, odradio full scan sa Avastom, izvrsio skeniranje iz drugog OS-a, i odradio skeniranje sa Kaspersky Rescue diskom 10, ali nista nije nadjeno ni nam mom OS-u, niti na USB flesci, cak i pod Linuxom.
mycity.rs/must-login.png
Ali sam pre neki dan video ovo(slika u attachu) i resio da proverim sistem. Probao sam sa reinstalacijom AMD AHCI drajvera sumnjajuci da su mozda ovi zaarzeni, ali i cak sa MS drajverima mi se javlja ista poruka samo sto sada stoji msahci drajver a ne AMD. Imao sam dosta igara koje imaju razlicite zastite - starforce, tages, safedisc isl pa je mozda moguce da je ovo i do zastite, ali rekoh nije lose proveriti.
Inace vodim racuna o sistemu i pazim da ne instaliram toolbarove i razne sitne gluposti, ali eto drugareva ruka je bila brza ovaj put.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514
Run by Ivan at 7:15:51 on 2013-08-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8154.6997 [GMT 2:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
FW: COMODO Firewall *Enabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\alg.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
uPolicies-Explorer: NoDriveTypeAutoRun = dword:181
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1367667057383
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0AC6213B-75C0-4765-8491-F98B60D4D267} : DHCPNameServer = 192.168.1.1
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-7-1 82048]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-7-1 35456]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-4-13 283200]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 139616]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2013-4-19 139592]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2013-4-19 418632]
R3 cmudaxp;ASUS Xonar DS Audio Interface;C:\Windows\System32\drivers\cmudaxp.sys [2013-2-2 2733568]
R3 CorsairCAHS1;CA-HS1 Interface;C:\Windows\System32\drivers\CAHS164.sys [2013-1-1 1308160]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-7-18 366600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-2-12 805088]
S3 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-7-24 239616]
S3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-1-9 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-3-15 131912]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2013-4-18 137336]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2013-5-4 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-23 59392]
S4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
.
=============== File Associations ===============
.
FileExt: .txt: Applications\notepad++.exe="E:\Novi programi\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .ini: Applications\notepad++.exe="E:\Novi programi\Notepad++\notepad++.exe" "%1" [UserChoice]
FileExt: .js: Applications\notepad++.exe="E:\Novi programi\Notepad++\notepad++.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2013-08-14 16:49:04 -------- d-sh--w- C:\$RECYCLE.BIN
2013-08-14 16:41:58 941720 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D6485BA3-A554-490A-A46A-9376719BBFDC}\gapaengine.dll
2013-08-14 16:41:55 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7AD2994D-3C3A-4D12-8701-2174422154F1}\mpengine.dll
2013-08-14 16:38:17 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2013-08-14 16:38:16 -------- d-----w- C:\Program Files\Microsoft Security Client
2013-08-13 17:50:29 -------- d-----w- C:\Users\Ivan\AppData\Roaming\HandBrake
2013-08-04 12:17:58 -------- d-----w- C:\Users\Ivan\AppData\Local\Arma 3
2013-08-03 10:58:06 -------- d-----w- C:\Program Files (x86)\Rockstar Games
2013-08-02 04:32:18 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-07-24 00:39:22 157736 ----a-w- C:\Windows\System32\amdhcp64.dll
2013-07-24 00:39:22 142304 ----a-w- C:\Windows\SysWow64\amdhcp32.dll
2013-07-24 00:39:20 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-07-24 00:39:20 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-07-24 00:39:20 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-07-24 00:39:20 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-07-24 00:39:14 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-07-24 00:39:10 1251120 ----a-w- C:\Windows\System32\aticfx64.dll
2013-07-24 00:39:04 9066784 ----a-w- C:\Windows\System32\atidxx64.dll
2013-07-24 00:39:00 7918816 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-07-24 00:38:44 7093744 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-07-24 00:38:42 7607720 ----a-w- C:\Windows\System32\atiumd64.dll
2013-07-24 00:36:40 12721664 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-07-24 00:19:12 229376 ----a-w- C:\Windows\System32\clinfo.exe
2013-07-24 00:18:56 98816 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-07-24 00:18:50 83456 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2013-07-24 00:18:46 86528 ----a-w- C:\Windows\System32\OVDecode64.dll
2013-07-24 00:18:40 73216 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2013-07-24 00:18:24 28193280 ----a-w- C:\Windows\System32\amdocl64.dll
2013-07-24 00:16:54 129536 ----a-w- C:\Windows\System32\coinst_13.20.dll
2013-07-24 00:16:14 23761408 ----a-w- C:\Windows\SysWow64\amdocl.dll
2013-07-24 00:14:24 63488 ----a-w- C:\Windows\System32\OpenCL.dll
2013-07-24 00:14:20 57344 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-07-24 00:04:04 368640 ----a-w- C:\Windows\System32\atiapfxx.exe
2013-07-24 00:03:54 62464 ----a-w- C:\Windows\System32\aticalrt64.dll
2013-07-24 00:03:52 52224 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2013-07-24 00:03:46 55808 ----a-w- C:\Windows\System32\aticalcl64.dll
2013-07-24 00:03:44 49152 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2013-07-24 00:03:28 15716352 ----a-w- C:\Windows\System32\aticaldd64.dll
2013-07-24 00:00:42 25609728 ----a-w- C:\Windows\System32\atio6axx.dll
2013-07-24 00:00:08 14302208 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2013-07-23 23:42:04 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2013-07-23 23:41:54 26112 ----a-w- C:\Windows\System32\atimuixx.dll
2013-07-23 23:41:52 21624832 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2013-07-23 23:41:46 574976 ----a-w- C:\Windows\System32\atieclxx.exe
2013-07-23 23:40:52 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2013-07-23 23:39:20 190976 ----a-w- C:\Windows\System32\atitmm64.dll
2013-07-23 23:11:24 1091584 ----a-w- C:\Windows\System32\atiadlxx.dll
2013-07-23 23:11:12 824320 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2013-07-23 23:10:54 75264 ----a-w- C:\Windows\System32\atig6pxx.dll
2013-07-23 23:10:50 69632 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2013-07-23 23:10:50 69632 ----a-w- C:\Windows\System32\atiglpxx.dll
2013-07-23 23:10:44 100352 ----a-w- C:\Windows\System32\atig6txx.dll
2013-07-23 23:10:36 96768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2013-07-23 23:10:26 617472 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2013-07-23 23:08:14 95744 ----a-w- C:\Windows\System32\amdave64.dll
2013-07-23 23:08:10 90112 ----a-w- C:\Windows\SysWow64\amdave32.dll
2013-07-23 23:08:00 89088 ----a-w- C:\Windows\System32\atisamu64.dll
2013-07-23 23:07:56 80896 ----a-w- C:\Windows\SysWow64\atisamu32.dll
2013-07-23 23:06:48 43520 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2013-07-23 16:36:27 -------- d-----w- C:\Users\Ivan\AppData\Local\bitComposer
2013-07-22 18:51:54 -------- d-----w- C:\Users\Ivan\AppData\Roaming\Natural Selection 2
2013-07-20 17:43:48 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
.
==================== Find3M ====================
.
2013-07-24 00:39:14 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-07-24 00:39:12 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-07-24 00:39:12 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-07-24 00:39:08 1043000 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-07-24 00:38:56 6475232 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-07-24 00:38:50 6532912 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-07-20 08:50:07 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-07-20 08:50:07 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-07-20 08:49:25 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-07-20 08:49:19 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-07-18 15:43:36 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-07-18 15:43:36 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-05 08:40:38 96256 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
2013-07-05 08:40:26 110080 ----a-w- C:\Windows\System32\DelayAPO.dll
2013-06-18 19:50:08 247216 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2013-06-18 19:50:08 139616 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2013-06-04 23:12:02 139696 ----a-w- C:\Windows\System32\SETACDC.tmp
2013-06-04 23:12:00 113464 ----a-w- C:\Windows\System32\SETACBB.tmp
2013-06-04 22:00:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2013-06-04 22:00:22 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
.
============= FINISH: 7:15:57.81 ===============
|
|
|
|
|
|
|
Poslao: 15 Avg 2013 19:05
|
offline
- Ivan_81_BGD
- Novi MyCity građanin
- Pridružio: 15 Avg 2013
- Poruke: 4
|
Zoek.exe Version 4.0.0.4 Updated 10-August-2013
Tool run by Ivan on Thu 08/15/2013 at 18:59:34.77.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ivan\Desktop\zoek.exe [Script inserted]
==== System Restore Info ======================
8/15/2013 19:00:16 Zoek.exe System Restore Point Created Succesfully.
==== File Information Results ======================
==== Reset WMI ======================
The following services are dependent on the Windows Management Instrumentation service.
Stopping the Windows Management Instrumentation service will also stop these services.
Internet Connection Sharing (ICS)
IP Helper
.
The Internet Connection Sharing (ICS) service was stopped successfully.
The IP Helper service is stopping.
The IP Helper service was stopped successfully.
The Windows Management Instrumentation service is stopping.
The Windows Management Instrumentation service was stopped successfully.
C:\Windows\system32\wbem\repository renamed to repository.old
C:\Windows\syswow64\wbem\repository renamed to repository.old
==== After Reboot ======================
==== EOF on Thu 08/15/2013 at 19:01:13.74 ======================
mycity.rs/must-login.png
|
|
|
|
|
Poslao: 15 Avg 2013 19:18
|
offline
- Ivan_81_BGD
- Novi MyCity građanin
- Pridružio: 15 Avg 2013
- Poruke: 4
|
Hvala, odradio sam ovo sa delFixom, a kasnije cu baciti pogled i na MCShield.
Inace gotovo nikada ne koristim windows explorer, i za gledanje sadrzaja flesha koristim freecommander koji prikazuje skrivene fajlove i iskljucio sam automatski autorun, ali eto uvek se nadje neko da pokvari rutinu.
|
|
|
|