Virus na Laptopu Fujitsu

1

Virus na Laptopu Fujitsu

offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1645

Moj brat ima puno virusa na laptopu
windows 7 ultimate 32bit
i mnogo je usporen laptop
evo izvjestaja

GMER

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by User at 14:11:15 on 2012-08-10
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2933.1893 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Bilo gdje\AssistantServices.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=110396&babsrc=HP_ss&mntrId=14e520b2000000000000000000000000
mStart Page = hxxp://www.startsearcher.com
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wia6eb~1\datamngr\BROWSE~1.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Help the General-Search Project: {ca4520f3-ae13-4fb1-a513-58e23991c86d} - c:\users\user\appdata\roaming\mediaf~1\extens~1\GENCRA~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e78a5c92-6a2b-4369-ab14-0ed3b2b18584} - No File
TB: {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
TB: !{37483b40-c254-4a72-bda4-22ee90182c1e} - No File
TB: !{687578b9-7132-4a7a-80e4-30ee31099e03} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [FDM7] c:\program files\fujitsu\fdm7\FdmDaemon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{2B8A3718-745D-4BB1-B808-9F861EFB4119} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{85C9C6F2-E98D-40E3-AF7E-24807421E79F} : NameServer = 79.143.101.225 79.143.101.229
TCP: Interfaces\{989E0A91-97EE-4273-A084-584E0D608B1D} : NameServer = 10.0.1.155
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~2\bprote~1\21419~1.7\protec~1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\common files\abbyy\finereader\9.00\licensing\pe\NetworkLicenseServer.exe [2007-12-6 660768]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-1-19 277544]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2009-7-27 62824]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-6-19 3048136]
R2 UI Assistant Service;UI Assistant Service;c:\program files\internet bilo gdje\AssistantServices.exe [2011-7-2 253264]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-6-30 2314240]
R2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\csr\bluetooth feature pack 5.0\VFPRadioSupportService.exe [2009-12-24 111536]
R2 WirelessSelectorService;WirelessSelectorService;c:\program files\fujitsu\wirelessselector\WSUService.exe [2008-10-9 62760]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2006-11-1 5632]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-26 125696]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2009-11-27 209920]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-6-12 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-12 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-6-12 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-7-2 9216]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-08-10 11:02:45 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-10 11:02:36 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-10 11:01:42 -------- d-----w- c:\users\user\appdata\roaming\Canneverbe Limited
2012-08-10 11:01:42 -------- d-----w- c:\programdata\Canneverbe Limited
2012-08-10 11:00:29 -------- d-----w- C:\Intel
2012-08-10 10:36:21 -------- d-----w- c:\windows\pss
2012-08-08 09:38:15 -------- d-----w- c:\users\user\appdata\local\Macromedia
2012-07-27 07:32:47 -------- d--h--w- c:\windows\PIF
.
==================== Find3M ====================
.
2012-08-08 09:48:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-08 09:48:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-02 13:46:06 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-02 13:46:06 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
============= FINISH: 14:11:29.56 ===============


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png


OTL


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Pozdrav, TheSpringEagle.


Arrow Uploaduj mi ovaj fajl:
C:\Windows\System32\Drivers\auhsbazv.sys
Preko sledeće forme:
http://www.mycity.rs/ambulanta-upload.php



Ivance95 (AMF Tim)

offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1645

@ivance95 ovaj fajl sto si mi poslao nisam mogao da nadjem.

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.




Ivance95 (AMF Tim)

offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1645

Evo izvjestaja

ComboFix 12-08-09.01 - User 08/10/2012 20:51:20.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2933.1661 [GMT 2:00]
Running from: d:\administrator\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\background.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\browser.xul
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossrider.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossriderapi.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\dialog.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps-style.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\messaging.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.xul
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\push.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\search_dialog.xul
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\update.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences\prefs.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\install.rdf
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\locale\en-US\translations.dtd
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\button1.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\button2.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\button3.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\button4.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\button5.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\crossrider_statusbar.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\icon128.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\icon16.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\icon24.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\icon48.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\panelarrow-up.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\popup.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\popup.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\popup_binding.xml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\skin.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\update.css
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 18:55 . 2012-08-10 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 14:20 . 2012-08-10 14:20 -------- d-----w- c:\program files\MCShield
2012-08-10 13:27 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-08-10 13:27 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-10 13:27 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-10 13:27 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-10 13:27 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-08-10 13:27 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-10 13:27 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-08-10 13:27 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-10 13:27 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-10 13:03 . 2012-08-10 13:03 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A63CCF2-DBEB-44DC-87F8-228B762FFE47}\gapaengine.dll
2012-08-10 13:03 . 2012-06-28 23:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EC00602-5EAD-461C-94B0-D7EB7A32DE25}\mpengine.dll
2012-08-10 11:02 . 2012-08-10 11:02 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-10 11:02 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-10 11:01 . 2012-08-10 11:01 -------- d-----w- c:\users\User\AppData\Roaming\Canneverbe Limited
2012-08-10 11:01 . 2012-08-10 11:01 -------- d-----w- c:\programdata\Canneverbe Limited
2012-08-10 11:01 . 2012-08-10 11:01 -------- d-----w- c:\program files\CDBurnerXP
2012-08-10 11:00 . 2012-08-10 11:00 -------- d-----w- C:\Intel
2012-08-08 09:38 . 2012-08-08 09:38 -------- d-----w- c:\users\User\AppData\Local\Macromedia
2012-07-27 07:32 . 2012-07-27 07:32 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 09:48 . 2012-06-12 13:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-08 09:48 . 2011-08-28 14:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-02 13:46 . 2011-12-28 13:33 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-02 13:46 . 2011-12-28 13:33 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-06-22 603648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-12 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-12 166936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 128360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Performer43489.exe]
/STP=0:1 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConMgr]
2009-12-24 10:21 504208 ----a-w- c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSRSkype]
2009-12-24 10:21 346512 ----a-w- c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndicatorUtility]
2009-10-09 19:06 47976 ----a-w- c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadBtnHnd]
2009-10-15 16:59 33640 ----a-w- c:\program files\Fujitsu\Application Panel\BtnHnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadFUJ02E3]
2009-10-14 07:47 36712 ----a-w- c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadFujitsuQuickTouch]
2009-10-15 16:59 138088 ----a-w- c:\program files\Fujitsu\Application Panel\QuickTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSUTility]
2009-07-27 16:50 144744 ----a-w- c:\program files\Fujitsu\PSUtility\TrayManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-10-09 17:15 1578280 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-07-02 13:46 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
2010-08-09 13:49 139088 ----a-w- c:\program files\Internet Bilo gdje\UIExec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-05-22 14:42 880496 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 MpKsl16a96829;MpKsl16a96829;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EC00602-5EAD-461C-94B0-D7EB7A32DE25}\MpKsl16a96829.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Internet Bilo gdje\AssistantServices.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [x]
S2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL16A96829
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 09:48]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-12 13:50]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-12 13:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?AF=110396&babsrc=HP_ss&mntrId=14e520b2000000000000000000000000
mStart Page = hxxp://www.startsearcher.com
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{85C9C6F2-E98D-40E3-AF7E-24807421E79F}: NameServer = 79.143.101.225 79.143.101.229
TCP: Interfaces\{989E0A91-97EE-4273-A084-584E0D608B1D}: NameServer = 10.0.1.155
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
URLSearchHooks-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTo0.dll
BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTo0.dll
Toolbar-10 - (no file)
Toolbar-!{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
Toolbar-!{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - c:\program files\uTorrentControl2\prxtbuTo0.dll
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-DATAMNGR - c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
MSConfigStartUp-Facebook Update - c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-Media Finder - c:\program files\Media Finder\Media Finder.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
AddRemove-ProtectDisc Driver 11 - c:\program files\ProtectDisc Driver Installer\uninstall_v11.exe
AddRemove-Updater Service - c:\programdata\IBUpdaterService\ibsvc.exe
AddRemove-uTorrentControl2 Toolbar - c:\program files\uTorrentControl2\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-10 20:56:55
ComboFix-quarantined-files.txt 2012-08-10 18:56
.
Pre-Run: 77,471,121,408 bytes free
Post-Run: 79,470,116,864 bytes free
.
- - End Of File - - 64B77D9B06383034F2B0685761DF1A79


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow Otvoriti Notepad i iskopirati sledeci tekst:

DEQUARANTINE::
C:\Qoobox\Quarantine\C\windows\pkunzip.pif.vir
C:\Qoobox\Quarantine\C\windows\pkzip.pif.vir
QUIT::


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Arrow Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Dvoklikom pokreni program i klikni na dugme [Search] .
Kada program zavrsi analizu otvorice notepad (AdwCleaner[R1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[R1].txt




Ivance95 (AMF Tim)

offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1645

evo uradio sam

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow
Ponovo pokreni AdwCleaner
Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt





Ivance95 (AMF Tim)

offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1645

uradio sam @ivance95


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow Tvoj računar je čist što se malware-a tiče. Ako još uvek imaš problema predlažem ti da otvoriš temu u Windows potforumu: http://www.mycity.rs/Windows/



Arrow Ponovo pokreni OTL i klikni na CleanUp.



Arrow

Ponovo pokreni AdwCleaner
Klikni na dugme [Uninstall] i pricekaj da se postupak uninstallacije zavrsi.




Arrow
Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



Arrow Obavezno poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html



Ivance95 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 986 korisnika na forumu :: 48 registrovanih, 12 sakrivenih i 926 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, _Rade, arsa, Ben Roj, bladesu, brundo65, Doca, doklevise, Dorcolac, dragoljub11987, Georgius, havoc995, ikan, ivan979, Još malo pa deda, kinez88, KOV, Krusarac, kunktator, kybonacci, Lieutenant, ljuba, lord sir giga, LUDI, Luka Blažević, M1los, marsovac 2, mercedesamg, milenko crazy north, MiroslavD, mnn2, Neretva, oldtimer, S2M, sap, slonic_tonic, Smiljke, Stoilkovic, theNedjeljko, tubular, VanHelsing, vathra, VJ, voja64, Volkhov-M, zixmix, zlaya011, Čivi