Poslao: 19 Feb 2013 19:14
|
offline
- boki199777
- Elitni građanin
- Pridružio: 26 Sep 2012
- Poruke: 1869
- Gde živiš: Ček' da vidim...
|
e ovako,kada povezem kompjuter sa telefonom preko opcije masovna memorija otvori mi folder memoriske ali u njemu je kreirana kopija memorijske ,znaci :
mem. kartica --> kopija mem. kartice --> pa tek folderi na mem. kartici
umesto da cim udjem u mem. karticu da mi pokaze foldere,
problem se javio pre nekih 5 dana......koristim win. 7 ult. 32 bit-a
uradio sam i malwere scan i evo izvestaja:
>>> MCShield AllScans.txt <<<
>>> MCShield ::Anti-Malware Tool:: v 2.5.4.20 / DB: 2013.2.17.1 / NT6.1 <<<
19/02/2013 17:59:11 > Drive C: - scan started (no label ~73 GB, NTFS HDD )...
=> The drive is clean.
19/02/2013 17:59:12 > Drive D: - scan started (Local Disk ~76 GB, NTFS HDD )...
=> The drive is clean.
19/02/2013 17:59:24 > Drive F: - scan started (BOKI ~1910 MB, FAT flash drive )...
>>> F:\autorun.inf > Action failed.
>>> F:\desktop.ini - Malware > Deleted. (13.02.19. 18.25 desktop.ini.797619; MD5: d80c46bac5f9df7eb83f46d3f30bf426)
>>> F:\BOKI (2GB).lnk - Suspicious > Renamed. (MD5: cfae0fcf9dd7185b72813e428bac4ee6)
> Resetting attributes: F:\ < Successful.
> Resetting attributes: F:\@bgsr_1 < Successful.
> Resetting attributes: F:\@mms < Successful.
> Resetting attributes: F:\@Playlists < Successful.
> Resetting attributes: F:\@wcache < Successful.
> Resetting attributes: F:\Application < Successful.
> Resetting attributes: F:\Audio < Successful.
> Resetting attributes: F:\Ebook < Successful.
> Resetting attributes: F:\javastore < Successful.
> Resetting attributes: F:\lmw < Successful.
> Resetting attributes: F:\muzika < Successful.
=> Malicious files : 1/1 deleted.
=> Suspicious files : 1/2 renamed.
=> Hidden folders : 11/11 unhidden.
____________________________________________
::::: Scan duration: 26min 26sec :::::::::::
____________________________________________
19/02/2013 18:25:34 > Drive G: - scan started (no label ~unknown size, FAT flash drive )...
>>> G:\autorun.inf > Action failed.
>>> G:\desktop.ini - Malware > Deleted. (13.02.19. 18.25 desktop.ini.311485; MD5: d80c46bac5f9df7eb83f46d3f30bf426)
=> Malicious files : 1/1 deleted.
=> Suspicious files : 0/1 renamed.
____________________________________________
::::: Scan duration: 26min 32sec :::::::::::
____________________________________________
ime mem. kartice je BOKI.... (ukoliko zatreba jos neki test napisite)
hvala...
|
|
|
|
|
Poslao: 19 Feb 2013 19:53
|
offline
- boki199777
- Elitni građanin
- Pridružio: 26 Sep 2012
- Poruke: 1869
- Gde živiš: Ček' da vidim...
|
kad se zavrsi prvo skeniranje GMER-on ne mogu naci ovo Options > Only non MS files ,tj. nemam opciju only non MS files pod options.
imam:
IRP hooks
NTAPI registry scan
IRP files scan
-----------------
file version info
3rd party
|
|
|
|
Poslao: 19 Feb 2013 20:03
|
offline
- TwinHeadedEagle
- Anti Malware Fighter
Rank 2
- Pridružio: 09 Avg 2011
- Poruke: 15879
- Gde živiš: Beograd
|
Boki, umesto Only non MS files izaberi 3rd party...
Uputstvo je izmenjeno za taj deo, pa ga konsultuj...
|
|
|
|
Poslao: 19 Feb 2013 20:21
|
offline
- boki199777
- Elitni građanin
- Pridružio: 26 Sep 2012
- Poruke: 1869
- Gde živiš: Ček' da vidim...
|
evo dodatnih fajlova:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.13.2
Run by boki at 19:24:57 on 2013-02-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.381.1033.18.1013.284 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
D:\prolazni\systemcare\Advanced SystemCare 5\ASCService.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\USB Camera\VM331_STI.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Skype\Phone\Skype.exe
D:\New folder\MCShield\MCShieldRTM.exe
C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.soft-quick.info/
uSearch Bar = Preserve
mStart Page = hxxp://websearch.soft-quick.info/
uURLSearchHooks: SearchHook Class: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
uURLSearchHooks: {013a635f-e3aa-4371-b682-ece95ca974b0} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Google Update] "c:\users\boki\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [MCShield Monitor] d:\new folder\mcshield\mcshieldrtm.exe
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [VMonitorVMUVC] "c:\program files\vimicro corporation\vmuvc\VMonitor.exe" VMUVC
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [331BigDog] c:\program files\usb camera\VM331_STI.EXE
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mExplorerRun: [0] c:\progra~2\locals~1\temp\msoppo.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{0D8BC681-3B18-4B64-90A9-5D000E5D8B3C} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{0D8BC681-3B18-4B64-90A9-5D000E5D8B3C}\449637365737D2D2142464331393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{0D8BC681-3B18-4B64-90A9-5D000E5D8B3C}\6596C61602D456469647562716E60223 : DHCPNameServer = 192.168.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs=
SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\boki\appdata\roaming\mozilla\firefox\profiles\2lkjynw4.default-1346234435416\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.soft-quick.info/?l=1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://websearch.soft-quick.info/?l=1&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\common files\adobe\oobe\pdapp\ccm\utilities\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\boki\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\boki\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_168.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-01-22 18:11; 50fec7786fd6f@50fec7786fda9.com; c:\users\boki\appdata\roaming\mozilla\firefox\profiles\2lkjynw4.default-1346234435416\extensions\50fec7786fd6f@50fec7786fda9.com
FF - ExtSQL: 2013-02-12 18:33; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;d:\prolazni\systemcare\advanced systemcare 5\ASCService.exe [2013-2-12 913792]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-2-12 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-2-12 44808]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2012-5-3 219360]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2012-3-14 103112]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2012-5-3 68136]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 TeamViewer8;TeamViewer 8;c:\program files\teamviewer\version8\TeamViewer_Service.exe [2013-1-7 3467768]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\drivers\athur.sys [2012-9-2 1500160]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-5-3 242240]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\drivers\L1C62x86.sys [2012-5-3 51712]
R3 vm331avs;VC0334 USB2.0 Digital Camera;c:\windows\system32\drivers\vm331avs.sys [2012-12-3 977920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-7-26 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-7-26 52224]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\VMUVC.sys [2012-5-3 256512]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys [2012-5-3 398720]
.
=============== Created Last 30 ================
.
2013-02-19 16:58:47 -------- d-----w- c:\programdata\MCShield
2013-02-19 16:58:30 -------- d-----w- c:\users\boki\New folder
2013-02-12 17:13:32 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-02-12 17:12:20 41224 ----a-w- c:\windows\avastSS.scr
2013-02-12 17:11:33 -------- d-----w- c:\program files\AVAST Software
2013-02-12 07:06:08 6991832 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1974a341-cd70-4760-ab16-b7a91ef55269}\mpengine.dll
2013-02-10 07:17:25 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-09 07:45:12 -------- d-----w- c:\users\boki\appdata\roaming\driveridentifier
2013-01-31 17:06:08 -------- d-----r- c:\program files\Skype
2013-01-22 16:45:21 -------- d-----w- c:\programdata\CLSoft LTD
2013-01-22 16:45:19 -------- d-----w- c:\program files\SoftQuick
2013-01-22 16:44:23 -------- d-----w- c:\program files\ContinueToSave
2013-01-22 16:44:19 -------- d-----w- c:\programdata\continuetosave
.
==================== Find3M ====================
.
2013-02-19 18:22:40 17488 ----a-w- c:\windows\gdrv.sys
2013-02-16 16:18:37 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-16 16:18:37 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-10 07:17:02 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-10 07:17:02 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-19 11:58:25 1652 ----a-w- c:\windows\system32\ASOROSet.bin
2013-01-18 18:35:35 1536 ----a-w- c:\windows\system32\RtkMsgs.dll
2012-12-22 15:52:40 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-12-22 15:52:40 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
============= FINISH: 19:25:45.89 ===============
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
|
|
|
|
|
|
|
|
|