Laptop zarazen preko sticka

Laptop zarazen preko sticka

offline
  • Pridružio: 18 Jul 2003
  • Poruke: 4204
  • Gde živiš: U zlatnom kavezu

Napisano: 15 Apr 2015 21:18

CPU zakucava na 100%

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-04-2015 04
Ran by ooo (administrator) on OOO-PC on 15-04-2015 21:04:55
Running from C:\Users\ooo\Desktop
Loaded Profiles: ooo (Available profiles: ooo)
Platform: Microsoft Windows 7 Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.115722.0\BavSvc.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.115722.0\BHipsSvc.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Baidu, Inc.) C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.115722.0\BavUpdater.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SoundMan] => C:\Windows\SOUNDMAN.EXE [604704 2009-04-14] (Realtek Semiconductor Corp.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [90112 2006-11-10] ()
HKLM\...\Run: [UIUCU] => C:\Users\ooo\AppData\Local\Temp\UIUCU.EXE [542424 2004-06-07] (Conexant Systems, Inc.) <===== ATTENTION
HKLM\...\Run: [Baidu Antivirus] => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.115722.0\BavTray.exe [1987992 2015-04-15] (Baidu, Inc.)
HKU\S-1-5-21-3705187879-1109910032-3614456354-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [31682656 2015-03-25] (Skype Technologies S.A.)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.115722.0\BavShx.dll (Baidu, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3705187879-1109910032-3614456354-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 89.216.1.40 89.216.1.50

FireFox:
========
FF ProfilePath: C:\Users\ooo\AppData\Roaming\Mozilla\Firefox\Profiles\phw1evnn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @real.com/nppl3260;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll [2008-09-10] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.69 -> C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll [2008-09-10] (RealNetworks, Inc.)

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 BavSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.115722.0\BavSvc.exe [2476528 2015-04-15] (Baidu, Inc.)
R2 BHipsSvc; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.115722.0\BHipsSvc.exe [434376 2015-04-15] (Baidu, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-13] (Microsoft Corporation)
S3 BdSandboxSrv; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.115722.0\BdSandboxSrv.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
U3 BdApiUtil; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.115722.0\BdApiUtil.sys [102392 2015-04-15] (Baidu, Inc.)
R3 bdark; C:\Windows\system32\drivers\bdark.sys [81912 2015-02-03] ()
U3 BdCameraProtect; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.115722.0\BdCameraProtect.sys [22328 2015-04-15] (Baidu, Inc.)
R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [52088 2015-04-15] (Baidu, Inc.)
R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [32120 2015-04-15] (Baidu, Inc.)
R0 Bhbase; C:\Windows\System32\drivers\Bhbase.sys [75832 2015-04-15] (Baidu, Inc.)
R3 BHipsEx; C:\Windows\System32\drivers\BHipsEx.sys [139128 2015-04-15] (Baidu, Inc.)
R1 Bnbase; C:\Windows\System32\drivers\bnbasex.sys [76344 2015-04-15] (Baidu, Inc.)
R1 Bndef; C:\Windows\System32\drivers\bndef.sys [462136 2015-04-15] (Baidu, Inc.)
R3 Bnmon; C:\Program Files\Baidu Security\Baidu Antivirus\5.4.3.115722.0\Bnmon.sys [85880 2015-04-15] (Baidu, Inc.)
R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [196472 2015-04-15] (Baidu, Inc.)
R3 CAMCAUD; C:\Windows\System32\drivers\camcaud.sys [34048 2004-06-25] (Conexant Systems Inc.)
R3 CAMCHALA; C:\Windows\System32\drivers\camchal.sys [276480 2004-06-25] (Conexant Systems Inc.)
R3 NETw2v32; C:\Windows\System32\DRIVERS\NETw2v32.sys [2595840 2007-03-06] (Intel® Corporation)
R3 VSTHWICH; C:\Windows\System32\DRIVERS\VSTICH3.SYS [242176 2009-07-13] (Conexant Systems, Inc.)
S3 BdSandbox; \??\C:\Windows\System32\drivers\BdSandbox.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 21:04 - 2015-04-15 21:06 - 00006066 _____ () C:\Users\ooo\Desktop\FRST.txt
2015-04-15 21:04 - 2015-04-15 21:04 - 00000000 ____D () C:\FRST
2015-04-15 21:02 - 2015-04-15 21:03 - 01137152 _____ (Farbar) C:\Users\ooo\Desktop\FRST.exe
2015-04-15 20:00 - 2015-04-15 20:00 - 00000000 ____D () C:\ProgramData\Baidu Security
2015-04-15 19:59 - 2015-04-15 19:56 - 00462136 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bndef.sys
2015-04-15 19:59 - 2015-04-15 19:56 - 00196472 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bprotect.sys
2015-04-15 19:59 - 2015-04-15 19:56 - 00076344 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\bnbasex.sys
2015-04-15 19:59 - 2015-04-15 19:56 - 00052088 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfilter.sys
2015-04-15 19:59 - 2015-04-15 19:56 - 00032120 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bfmon.sys
2015-04-15 19:58 - 2015-04-15 19:56 - 00139128 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\BHipsEx.sys
2015-04-15 19:58 - 2015-04-15 19:56 - 00075832 _____ (Baidu, Inc.) C:\Windows\system32\Drivers\Bhbase.sys
2015-04-15 19:57 - 2015-04-15 20:53 - 00000220 _____ () C:\Windows\system32\HWLook.log
2015-04-15 19:57 - 2015-04-15 19:57 - 00000976 _____ () C:\Users\Public\Desktop\Baidu Antivirus.lnk
2015-04-15 19:57 - 2015-04-15 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus
2015-04-15 19:57 - 2015-02-03 19:04 - 00081912 _____ () C:\Windows\system32\Drivers\bdark.sys
2015-04-15 19:55 - 2015-04-15 19:55 - 00000000 ____D () C:\Program Files\Baidu Security
2015-04-15 19:37 - 2015-04-15 19:37 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2015-04-15 19:37 - 2015-04-15 19:37 - 00000000 ____D () C:\ProgramData\Baidu
2015-04-15 19:36 - 2015-04-15 20:53 - 00000000 ____D () C:\Users\ooo\AppData\Roaming\BavMini
2015-04-15 15:07 - 2015-04-15 15:07 - 07971328 _____ (TeamViewer GmbH) C:\Users\ooo\Desktop\TeamViewer_Setup_sr.exe
2015-04-15 04:34 - 2015-04-15 04:34 - 00000000 ____D () C:\Users\ooo\Tracing
2015-04-15 04:03 - 2015-04-15 20:58 - 00000000 ____D () C:\Users\ooo\AppData\Roaming\Skype
2015-04-15 04:03 - 2015-04-15 04:03 - 00000000 ____D () C:\Users\ooo\AppData\Local\Skype
2015-04-15 04:02 - 2015-04-15 04:02 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-04-15 04:02 - 2015-04-15 04:02 - 00000000 ___RD () C:\Program Files\Skype
2015-04-15 04:02 - 2015-04-15 04:02 - 00000000 ____D () C:\ProgramData\Skype
2015-04-15 04:02 - 2015-04-15 04:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-04-15 04:02 - 2015-04-15 04:02 - 00000000 ____D () C:\Program Files\Common Files\Skype
2015-04-15 03:55 - 2011-04-08 23:13 - 03957632 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-04-15 03:55 - 2011-04-08 23:13 - 03901824 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 03:55 - 2011-04-08 22:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-04-15 03:55 - 2010-12-17 22:29 - 00541184 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 03:51 - 2012-06-02 15:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 03:51 - 2012-06-02 15:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 03:51 - 2012-06-02 15:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 03:51 - 2012-06-02 15:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 03:51 - 2012-06-02 15:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 03:51 - 2012-06-02 15:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 03:51 - 2012-06-02 15:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 03:50 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 03:50 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-03-20 14:35 - 2015-03-28 14:19 - 00000000 ____D () C:\Users\ooo\AppData\Local\Microsoft Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-15 21:00 - 2004-06-16 01:36 - 00713888 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-15 20:59 - 2004-06-16 01:27 - 00469319 _____ () C:\Windows\WindowsUpdate.log
2015-04-15 20:53 - 2009-07-13 21:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-15 20:53 - 2009-07-13 21:39 - 00020662 _____ () C:\Windows\setupact.log
2015-04-15 20:26 - 2009-07-13 21:34 - 00009584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-15 20:26 - 2009-07-13 21:34 - 00009584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-15 20:22 - 2009-07-13 19:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-04-15 19:42 - 2015-03-05 12:45 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-15 04:34 - 2004-06-16 01:31 - 00000000 ____D () C:\Users\ooo
2015-04-15 03:42 - 2015-03-05 12:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-04-15 03:42 - 2015-03-05 12:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-03-28 14:22 - 2009-07-13 19:37 - 00000000 ____D () C:\Windows\system32\NDF

Files to move or delete:
====================
C:\Users\ooo\AppData\Local\Temp\UIUCU.EXE


Some content of TEMP:
====================
C:\Users\ooo\AppData\Local\Temp\ALCRMV.EXE
C:\Users\ooo\AppData\Local\Temp\RTKAPO.DLL
C:\Users\ooo\AppData\Local\Temp\RTKCFG.DLL
C:\Users\ooo\AppData\Local\Temp\RTKPGEXT.DLL
C:\Users\ooo\AppData\Local\Temp\RTLCPAPI.DLL
C:\Users\ooo\AppData\Local\Temp\RTLCPL.EXE
C:\Users\ooo\AppData\Local\Temp\SOUNDMAN.EXE
C:\Users\ooo\AppData\Local\Temp\UIUCU.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2009-07-13 16:24] - [2009-07-13 18:16] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-04 17:07

==================== End Of Log ============================
https://www.mycity.rs/must-login.png

Dopuna: 15 Apr 2015 23:10

ljudi lazna uzbuna ne zapucava to je mozda bilo nwaro trenurno..........
hvala na odvojenom vremenu, trebalo je da dignem windows na ovom kompu koji je kako mi se ucinilo, poceo da za pucava nakon kontakta sa srickom, ali evo posle, par sati testa sve deluje ok..... komplikacija je nastala jer na laptopu ne radi rezac - nece da se otvori.... pa sam hteo da odradimo dezinfekciju.
Hvala vam na odvojenom vremenu

Ko je trenutno na forumu
 

Ukupno su 1076 korisnika na forumu :: 37 registrovanih, 7 sakrivenih i 1032 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Apok, bufanje, DonRumataEstorski, draganl, Duh sa sekirom, Fabius, FileFinder, Frunze, goxin, Istman, kinez88, Kubovac, kybonacci, mackenzie, mean_machine, menges, milos.cbr, mkukoleca, Papadubi, Parker, pavlo, raptorsi, ruma, S2M, sevenino, Sirius, slonic_tonic, sombrero, Srle993, stankolich, Steeeefan, uruk, vlada035, YU-UKI, zdrebac, zillbg