|
Poslao: 28 Mar 2013 19:24
|
offline
- jovstrel
- Novi MyCity građanin
- Pridružio: 27 Mar 2013
- Poruke: 18
|
imam problema sa virusom na eksternom i usb-u. Problem se prvi javio i pre nekih mesec dana ali je bio besmislen pa mu nisam davao paznje. Generalno ceo sadrzaj usb ili eksternog kad ga ucitam bude uvek pracen sa malware detected prozorcetom a ceo sadrzaj bude ubacen u bezimeni folder.
Screenshot sam prilozio (problematican eksterni gde se vidi njegovo zauzece ali se fajlovi ne ocitavaju)
Usb stalno formatiram, formatirao sam i system particiju i presao sa windowsa 7 na windows 8. Kad formatiram usb i ucitam sve bude ok, ali cim ga ucitam po drugi put iskoci malwere detected.
Mislim da je izvor problema eksterni. Njega kad ucitam, malware detected i dalje se javlja, ali sadrzaj se ne pokazuje uopste (show hidden files i system files chekirano). Jedini nacin da mu pristupim jeste preko search opcije ako trazim po imenu. I ono sto sam primetio jeste da je do skora na kraju svakog imena fajla bila nakacena slova ULC. Takodje datumi fajlova (created, modified) su potpuno bili poremeceni i varirali su od 1997 do 2001 uglavnom. Posto sam uradio deep scan sa avastom ovaj problem je nestao ali I dalje ostaje problem sa malvere detected.
Ne znam da li pomaze ova informacija, od kada je sve ovo pocelo fajlovi koje izbacujem iz autodesk Maye cesto budu korumpirani prilikom ponovnog otvaranja (u pitanju je format maya binary .mb). Ovaj problem se javio paralelno kako su usb-ovi prestali da se ocitavaju.
U trenutku kad su se najveci problemi startovali nisam imao antivirusni vec sam samo koristio SUPERA anti spywere i programe tog ranga. U medjuvremenu instalirao sam Avast i malwarebytes i odradio deep scan na cisto instaliranom windowsu 8 i obrisao je neke od rarovanih fajlova na eksternom ali mi se cini da problem nije resen jer se eksterni i dalje isto ponasa.
Hteo bih i sigurnosti radi da proverim I laptop. Internet konekcija je ADSL.
Hvala puno na bilo kakvoj pomoci.
dds analiza u attachu
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16482
Run by Bojan at 19:05:25 on 2013-03-28
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.4094.2136 [GMT 1:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\dwm.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Genius\ioTablet\TabletService.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Genius\ioTablet\gTabletTask.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Bojan\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\WinRoll\winroll.exe
C:\Genius\ioTablet\gTabTaskBar.exe
C:\Genius\ioTablet\gIoTabletFunMgm.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\dashost.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\mspaint.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [AdobeBridge] <no file>
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ioTablet] "C:\Genius\ioTablet\gTabTaskBar.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{873EB125-540D-4DDD-AF89-1BA6167031BC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D9B86B11-357B-4B2B-8CEB-3FD38F5420BB} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bojan\AppData\Roaming\Mozilla\Firefox\Profiles\h03ljv9n.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-03-27 12:20; wrc@avast.com; C:\Program Files\AVAST Software\Avast\WebRep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\Drivers\aswRvrt.sys [2013-3-27 65336]
R1 aswSnx;aswSnx;C:\Windows\System32\Drivers\aswSnx.sys [2013-3-27 1025808]
R1 aswSP;aswSP;C:\Windows\System32\Drivers\aswSP.sys [2013-3-27 377920]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-3-20 283200]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\Drivers\aswFsBlk.sys [2013-3-27 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\Drivers\aswMonFlt.sys [2013-3-27 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-3-27 45248]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 ioFakDrv;ioVirtual Device;C:\Windows\System32\Drivers\ioFakDrv.sys [2013-3-20 23936]
R3 ioFakMap;MiniHid Driver Service for ioFakeDrv Interface layer;C:\Windows\System32\Drivers\ioFakMap.sys [2013-3-20 12672]
R3 ioTablet;Tablet Minidriver for ioTablet;C:\Windows\System32\Drivers\ioTablet.sys [2013-3-20 41400]
R3 ioTblMap;Mini Mapper for ioCentre;C:\Windows\System32\Drivers\ioTblMap.sys [2013-3-20 13240]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 aswVmm;aswVmm;C:\Windows\System32\Drivers\aswVmm.sys [2013-3-27 178624]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-3-19 1436424]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\Drivers\UsbFltr.sys [2007-4-9 12288]
S3 vmbusr;Virtual Machine Bus Provider;C:\Windows\System32\Drivers\vmbusr.sys [2012-7-26 117248]
.
=============== Created Last 30 ================
.
2013-03-28 18:03:24 -------- d-----w- C:\Windows\System32\appmgmt
2013-03-27 11:21:31 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-03-27 11:21:25 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-03-27 11:21:25 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-03-27 11:21:25 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-03-27 11:21:24 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-03-27 11:20:33 41664 ----a-w- C:\Windows\avastSS.scr
2013-03-27 11:20:12 -------- d-----w- C:\Program Files\AVAST Software
2013-03-27 11:19:39 -------- d-----w- C:\ProgramData\AVAST Software
2013-03-27 08:14:39 -------- d-----w- C:\Users\Bojan\AppData\Roaming\Malwarebytes
2013-03-27 08:14:26 -------- d-----w- C:\ProgramData\Malwarebytes
2013-03-27 08:14:23 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-03-27 08:14:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-03-27 07:52:13 -------- d-----w- C:\Users\Bojan\AppData\Local\Programs
2013-03-27 02:00:05 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B4C3B35A-954B-43E5-AA07-B1F6AAA3EB16}\mpengine.dll
2013-03-26 09:29:29 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared
2013-03-26 09:28:51 -------- d-----w- C:\Users\Bojan\AppData\Local\Autodesk
2013-03-26 09:28:51 -------- d-----w- C:\Program Files\AutoCAD 2010
2013-03-26 09:22:49 -------- d-----w- C:\Autodesk
2013-03-26 08:17:17 -------- d-----w- C:\Program Files\CCleaner
2013-03-24 15:39:07 -------- d-----w- C:\Users\Bojan\dwhelper
2013-03-22 11:47:03 -------- d-----w- C:\Users\Bojan\AppData\Local\CrashDumps
2013-03-22 10:21:15 -------- d-----w- C:\Program Files (x86)\WinRoll
2013-03-21 16:51:09 -------- d-----w- C:\Users\Bojan\AppData\Roaming\TechSmith
2013-03-21 16:48:59 -------- d-----w- C:\Users\Bojan\AppData\Local\TechSmith
2013-03-21 16:44:12 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared
2013-03-21 16:19:12 545 ----a-w- C:\Windows\UC.PIF
2013-03-21 16:19:12 545 ----a-w- C:\Windows\RAR.PIF
2013-03-21 16:19:12 545 ----a-w- C:\Windows\PKZIP.PIF
2013-03-21 16:19:12 545 ----a-w- C:\Windows\PKUNZIP.PIF
2013-03-21 16:19:12 545 ----a-w- C:\Windows\LHA.PIF
2013-03-21 16:19:12 545 ----a-w- C:\Windows\ARJ.PIF
2013-03-21 16:19:11 -------- d-----w- C:\Users\Bojan\AppData\Roaming\GHISLER
2013-03-21 16:19:11 -------- d-----w- C:\totalcmd
2013-03-21 12:07:22 -------- d-----w- C:\Users\Bojan\AppData\Roaming\uTorrent
2013-03-20 22:06:56 917400 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2013-03-20 22:06:56 59288 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2013-03-20 22:06:56 478104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2013-03-20 22:06:56 2954136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2013-03-20 22:06:56 277400 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2013-03-20 22:06:56 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2013-03-20 22:06:56 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll
2013-03-20 22:06:56 116120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2013-03-20 22:06:56 115608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-03-20 22:06:55 74136 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-03-20 22:06:55 263064 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2013-03-20 22:06:55 19352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2013-03-20 20:39:56 -------- d-----w- C:\Users\Bojan\AppData\Roaming\NVIDIA
2013-03-20 19:41:39 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-03-20 14:11:19 -------- d-----w- C:\Program Files (x86)\Bulk Rename Utility
2013-03-20 10:57:06 -------- d-----w- C:\Users\Bojan\AppData\Local\Mozilla
2013-03-20 10:56:52 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2013-03-20 09:04:53 -------- d-----w- C:\Users\Bojan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-03-20 06:34:06 -------- d-----w- C:\Users\Bojan\AppData\Local\CutePDF Writer
2013-03-20 06:33:37 -------- d-----w- C:\Program Files (x86)\GPLGS
2013-03-20 06:33:06 87152 ----a-w- C:\Windows\System32\cpwmon64.dll
2013-03-20 06:33:06 -------- d-----w- C:\Program Files (x86)\Acro Software
2013-03-20 00:07:10 -------- d-----w- C:\Users\Bojan\AppData\Local\Diagnostics
2013-03-20 00:01:54 -------- d-----w- C:\Users\Bojan\AppData\Roaming\CometNetwork
2013-03-20 00:01:54 -------- d-----w- C:\Users\Bojan\AppData\Local\CometNetwork
2013-03-19 23:59:32 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2013-03-19 23:59:13 -------- d-----w- C:\Windows\PCHEALTH
2013-03-19 23:59:13 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-03-19 23:58:26 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-03-19 23:57:42 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-03-19 23:57:35 -------- d-----w- C:\Users\Bojan\AppData\Local\Microsoft Help
2013-03-19 23:54:37 9728 ----a-w- C:\Windows\System32\gTabletTaskDll.dll
2013-03-19 23:54:37 46080 ----a-w- C:\Windows\System32\WinTab32.dll
2013-03-19 23:54:37 43520 ----a-w- C:\Windows\SysWow64\WinTab32.dll
2013-03-19 23:54:37 41400 ----a-w- C:\Windows\System32\drivers\ioTablet.sys
2013-03-19 23:54:37 23936 ----a-w- C:\Windows\System32\drivers\ioFakDrv.sys
2013-03-19 23:54:37 1721272 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2013-03-19 23:54:37 13240 ----a-w- C:\Windows\System32\drivers\ioTblMap.sys
2013-03-19 23:54:37 12672 ----a-w- C:\Windows\System32\drivers\ioFakMap.sys
2013-03-19 23:54:30 -------- d-----w- C:\Genius
2013-03-19 23:54:07 -------- d-----w- C:\Program Files (x86)\CometBird
2013-03-19 23:53:13 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-03-19 23:51:39 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-03-19 23:51:34 -------- d-----w- C:\Users\Bojan\AppData\Roaming\DAEMON Tools Lite
2013-03-19 23:51:30 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2013-03-19 23:51:19 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2013-03-19 23:51:04 -------- d-----w- C:\NVIDIA
2013-03-19 23:49:41 -------- d-----w- C:\ProgramData\regid.1986-12.com.adobe
2013-03-19 23:43:23 -------- d-----w- C:\Users\Bojan\AppData\Local\Adobe
2013-03-19 23:40:01 -------- d-sh--w- C:\Boot
2013-03-19 23:35:32 -------- d-----r- C:\Users\Bojan\Searches
2013-03-19 23:35:32 -------- d-----r- C:\Users\Bojan\Contacts
2013-03-19 23:35:00 -------- d-----w- C:\Users\Bojan\AppData\Local\VirtualStore
2013-03-19 17:59:32 -------- d-----r- C:\Program Files (x86)\Skype
2013-03-19 17:53:33 -------- d-----w- C:\Users\Bojan\AppData\Local\Macromedia
2013-03-19 17:09:14 -------- d-----w- C:\Program Files (x86)\Common Files\Alias Shared
2013-03-19 17:09:02 -------- d-----w- C:\Program Files (x86)\Autodesk
2013-03-19 17:05:01 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2013-03-19 17:04:58 -------- d-----w- C:\en-US
2013-03-19 17:04:57 -------- d-----w- C:\ja-JP
2013-03-19 17:04:55 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared
2013-03-19 17:02:29 -------- d-----w- C:\Program Files\Autodesk
2013-03-19 17:02:07 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2013-03-19 17:02:07 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2013-03-19 17:02:07 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2013-03-19 17:02:07 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2013-03-19 17:02:06 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2013-03-19 17:02:06 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2013-03-19 16:59:13 -------- d-----w- C:\Users\Bojan\AppData\Roaming\Autodesk
2013-03-19 16:32:42 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-03-19 16:32:42 63336 ----a-w- C:\Windows\System32\nvshext.dll
2013-03-19 16:32:42 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2013-03-19 16:32:42 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-03-19 16:32:42 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-03-19 16:32:42 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2013-03-19 16:32:41 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2013-03-19 16:32:17 60776 ----a-w- C:\Windows\System32\OpenCL.dll
2013-03-19 16:32:17 52584 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2013-03-19 16:32:02 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2013-03-19 16:31:55 -------- d-----w- C:\Windows\LastGood.Tmp
2013-03-19 16:31:55 -------- d-----w- C:\Program Files\NVIDIA Corporation
2013-03-19 16:31:55 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
.
==================== Find3M ====================
.
2013-02-06 23:06:14 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-06 23:06:14 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-31 03:29:52 2226408 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-30 10:53:22 273840 ----a-w- C:\Windows\System32\MpSigStub.exe
2013-01-17 04:04:06 4055552 ----a-w- C:\Windows\System32\win32k.sys
2013-01-16 00:35:49 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
2013-01-16 00:31:26 53760 ----a-w- C:\Windows\System32\UXInit.dll
2013-01-16 00:25:17 1437696 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2013-01-16 00:23:19 1690624 ----a-w- C:\Windows\System32\GdiPlus.dll
2013-01-14 03:56:14 6967016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-10 01:53:32 28904 ----a-w- C:\Windows\System32\drivers\msgpiowin32.sys
2013-01-10 01:40:39 1448168 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-01-10 01:40:38 303848 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-01-10 01:39:29 194280 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2013-01-10 01:39:22 124648 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2013-01-10 01:29:56 91880 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2013-01-10 01:29:54 1934056 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-01-10 01:29:21 785504 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-01-09 23:26:53 83968 ----a-w- C:\Windows\SysWow64\wiaacmgr.exe
2013-01-09 23:26:46 1611776 ----a-w- C:\Windows\SysWow64\mmc.exe
2013-01-09 23:26:35 410624 ----a-w- C:\Windows\SysWow64\Windows.Networking.dll
2013-01-09 23:26:35 261120 ----a-w- C:\Windows\SysWow64\Windows.Media.dll
2013-01-09 23:26:25 278528 ----a-w- C:\Windows\SysWow64\srm.dll
2013-01-09 23:26:25 202752 ----a-w- C:\Windows\SysWow64\srmstormod.dll
2013-01-09 23:26:23 1752064 ----a-w- C:\Windows\SysWow64\setupapi.dll
2013-01-09 23:26:20 67584 ----a-w- C:\Windows\SysWow64\samlib.dll
2013-01-09 23:26:08 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll
2013-01-09 23:26:04 890880 ----a-w- C:\Windows\SysWow64\msctf.dll
2013-01-09 23:26:03 436736 ----a-w- C:\Windows\SysWow64\MP4SDECD.DLL
2013-01-09 23:25:55 582144 ----a-w- C:\Windows\SysWow64\gpprefcl.dll
2013-01-09 23:23:32 95232 ----a-w- C:\Windows\System32\wiaacmgr.exe
2013-01-09 23:23:25 2094592 ----a-w- C:\Windows\System32\mmc.exe
2013-01-09 23:23:18 256000 ----a-w- C:\Windows\System32\WSDMon.dll
2013-01-09 23:23:16 1964544 ----a-w- C:\Windows\System32\wlidsvc.dll
2013-01-09 23:23:14 594944 ----a-w- C:\Windows\System32\Windows.Networking.dll
2013-01-09 23:23:14 406016 ----a-w- C:\Windows\System32\Windows.Media.dll
2013-01-09 23:23:09 274432 ----a-w- C:\Windows\System32\srmstormod.dll
2013-01-09 23:23:08 279040 ----a-w- C:\Windows\System32\srm.dll
2013-01-09 23:23:07 1886208 ----a-w- C:\Windows\System32\setupapi.dll
2013-01-09 23:23:05 728064 ----a-w- C:\Windows\System32\samsrv.dll
2013-01-09 23:22:53 464384 ----a-w- C:\Windows\System32\netprofmsvc.dll
2013-01-09 23:22:53 151040 ----a-w- C:\Windows\System32\netprofm.dll
2013-01-09 23:22:43 1120768 ----a-w- C:\Windows\System32\msctf.dll
2013-01-09 23:22:41 666112 ----a-w- C:\Windows\System32\MP4SDECD.DLL
2013-01-09 23:22:35 438272 ----a-w- C:\Windows\System32\lsm.dll
2013-01-09 23:22:29 894464 ----a-w- C:\Windows\System32\iphlpsvc.dll
2013-01-09 23:22:29 159232 ----a-w- C:\Windows\System32\inetpp.dll
2013-01-09 23:22:26 49152 ----a-w- C:\Windows\System32\drivers\UMDF\HidBthLE.dll
2013-01-09 23:22:25 820736 ----a-w- C:\Windows\System32\gpprefcl.dll
2013-01-09 23:22:05 1918464 ----a-w- C:\Windows\System32\wbem\cimwin32.dll
2013-01-09 03:59:47 341504 ----a-w- C:\Windows\System32\drivers\HdAudio.sys
2013-01-04 05:32:36 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:19:53 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
.
============= FINISH: 19:06:17.22 ===============
mycity.rs/must-login.png
|
|
|
|
|
|
|
|
|
Poslao: 28 Mar 2013 19:37
|
offline
- jovstrel
- Novi MyCity građanin
- Pridružio: 27 Mar 2013
- Poruke: 18
|
nadam se da pomaze, usb u trenutku kad se ocitava
(prazan folder ili samo removable usb ikonica i reakcija avasta)
|
|
|
|
|
|
|
Poslao: 28 Mar 2013 19:51
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Samo ti odradi po uputstvu i nemoj da kacis nista na USB dok ti ne kazem.
|
|
|
|
|
|
|
|
|
Poslao: 28 Mar 2013 20:19
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Preuzmi MCShield sa sljedeće adrese:
http://amf.mycity.rs/mcshield/MCShield-Setup.exe
Instaliraj MCShield i sačekaj da se završi uvodno skeniranje.
Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani.
Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd.
Idi na Start -> All Programs -> MCShield -> Logs -> AllScans
Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku
|
|
|
|
|
|
|
|
|
Poslao: 28 Mar 2013 20:50
|
rip
- argus
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Apr 2008
- Poruke: 9160
- Gde živiš: Prokuplje
|
Kakva je sada situacija sa drajvovima?
|
|
|
|
|
|
|
Poslao: 28 Mar 2013 21:03
|
offline
- jovstrel
- Novi MyCity građanin
- Pridružio: 27 Mar 2013
- Poruke: 18
|
Napisano: 28 Mar 2013 21:03
usb-ovi koji su se javili u analizu kao zarazeni sada imaju fajl autorun.inf.vir kad ih otvorim
ali ovi problemi drugi i dalje ostaju, eksterni mi ne ocitava fajlove osim ako idem preko search a usb i dalje pokazuju putanju removable drive> removable drive> pa fajlovi
Dopuna: 28 Mar 2013 21:03
|
|
|
|
|
|
|
|
Preuzmite program 
