Virus na Laptopu Fujitsu

1

Virus na Laptopu Fujitsu

offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1643

Moj brat ima puno virusa na laptopu
windows 7 ultimate 32bit
i mnogo je usporen laptop
evo izvjestaja

GMER

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

DDS

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by User at 14:11:15 on 2012-08-10
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2933.1893 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Outdated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Outdated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Fujitsu\PSUtility\PSUService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Internet Bilo gdje\AssistantServices.exe
C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe
C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\conhost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=110396&babsrc=HP_ss&mntrId=14e520b2000000000000000000000000
mStart Page = hxxp://www.startsearcher.com
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Babylon toolbar helper: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.5.3.17\bh\BabylonToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: DataMngr: {9d717f81-9148-4f12-8568-69135f087db0} - c:\progra~1\wia6eb~1\datamngr\BROWSE~1.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Help the General-Search Project: {ca4520f3-ae13-4fb1-a513-58e23991c86d} - c:\users\user\appdata\roaming\mediaf~1\extens~1\GENCRA~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {e78a5c92-6a2b-4369-ab14-0ed3b2b18584} - No File
TB: {98889811-442D-49dd-99D7-DC866BE87DBC} - No File
TB: !{37483b40-c254-4a72-bda4-22ee90182c1e} - No File
TB: !{687578b9-7132-4a7a-80e4-30ee31099e03} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
TB: {37483B40-C254-4A72-BDA4-22EE90182C1E} - No File
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTo0.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [FDM7] c:\program files\fujitsu\fdm7\FdmDaemon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download with &Media Finder - c:\program files\media finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{2B8A3718-745D-4BB1-B808-9F861EFB4119} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{85C9C6F2-E98D-40E3-AF7E-24807421E79F} : NameServer = 79.143.101.225 79.143.101.229
TCP: Interfaces\{989E0A91-97EE-4273-A084-584E0D608B1D} : NameServer = 10.0.1.155
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~2\bprote~1\21419~1.7\protec~1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\common files\abbyy\finereader\9.00\licensing\pe\NetworkLicenseServer.exe [2007-12-6 660768]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2009-1-19 277544]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\fujitsu\psutility\PSUService.exe [2009-7-27 62824]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-6-19 3048136]
R2 UI Assistant Service;UI Assistant Service;c:\program files\internet bilo gdje\AssistantServices.exe [2011-7-2 253264]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\intel\intel(r) management engine components\uns\UNS.exe [2011-6-30 2314240]
R2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\csr\bluetooth feature pack 5.0\VFPRadioSupportService.exe [2009-12-24 111536]
R2 WirelessSelectorService;WirelessSelectorService;c:\program files\fujitsu\wirelessselector\WSUService.exe [2008-10-9 62760]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2006-11-1 5632]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2009-10-26 125696]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2009-11-27 209920]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-3-4 277536]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-6-12 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-12 250056]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-6-12 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-7-2 9216]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-08-10 11:02:45 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-10 11:02:36 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-10 11:01:42 -------- d-----w- c:\users\user\appdata\roaming\Canneverbe Limited
2012-08-10 11:01:42 -------- d-----w- c:\programdata\Canneverbe Limited
2012-08-10 11:00:29 -------- d-----w- C:\Intel
2012-08-10 10:36:21 -------- d-----w- c:\windows\pss
2012-08-08 09:38:15 -------- d-----w- c:\users\user\appdata\local\Macromedia
2012-07-27 07:32:47 -------- d--h--w- c:\windows\PIF
.
==================== Find3M ====================
.
2012-08-08 09:48:11 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-08 09:48:11 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-02 13:46:06 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-02 13:46:06 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
============= FINISH: 14:11:29.56 ===============


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png


OTL


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Pozdrav, TheSpringEagle.


Arrow Uploaduj mi ovaj fajl:
C:\Windows\System32\Drivers\auhsbazv.sys
Preko sledeće forme:
http://www.mycity.rs/ambulanta-upload.php



Ivance95 (AMF Tim)

offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1643

@ivance95 ovaj fajl sto si mi poslao nisam mogao da nadjem.

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.




Ivance95 (AMF Tim)

offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1643

Evo izvjestaja

ComboFix 12-08-09.01 - User 08/10/2012 20:51:20.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2933.1661 [GMT 2:00]
Running from: d:\administrator\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Windows Searchqu Toolbar
c:\program files\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll
c:\program files\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll
c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome.manifest
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\background.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\browser.xul
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossrider.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\crossriderapi.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\dialog.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\lib\faye-browser-min.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps-style.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\manage-apps.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\messaging.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\options.xul
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\push.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\search_dialog.xul
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\chrome\content\update.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\defaults\preferences\prefs.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\install.rdf
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\locale\en-US\translations.dtd
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\button1.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\button2.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\button3.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\button4.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\button5.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\crossrider_statusbar.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\icon128.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\icon16.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\icon24.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\icon48.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\panelarrow-up.png
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\popup.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\popup.html
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\popup_binding.xml
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\skin.css
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\rzrsbpjs.default\extensions\crossriderapp2258@crossrider.com\skin\update.css
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 18:55 . 2012-08-10 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-10 14:20 . 2012-08-10 14:20 -------- d-----w- c:\program files\MCShield
2012-08-10 13:27 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-08-10 13:27 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-08-10 13:27 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-08-10 13:27 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-08-10 13:27 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-08-10 13:27 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-08-10 13:27 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-08-10 13:27 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-08-10 13:27 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-08-10 13:03 . 2012-08-10 13:03 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4A63CCF2-DBEB-44DC-87F8-228B762FFE47}\gapaengine.dll
2012-08-10 13:03 . 2012-06-28 23:44 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EC00602-5EAD-461C-94B0-D7EB7A32DE25}\mpengine.dll
2012-08-10 11:02 . 2012-08-10 11:02 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-10 11:02 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-10 11:01 . 2012-08-10 11:01 -------- d-----w- c:\users\User\AppData\Roaming\Canneverbe Limited
2012-08-10 11:01 . 2012-08-10 11:01 -------- d-----w- c:\programdata\Canneverbe Limited
2012-08-10 11:01 . 2012-08-10 11:01 -------- d-----w- c:\program files\CDBurnerXP
2012-08-10 11:00 . 2012-08-10 11:00 -------- d-----w- C:\Intel
2012-08-08 09:38 . 2012-08-08 09:38 -------- d-----w- c:\users\User\AppData\Local\Macromedia
2012-07-27 07:32 . 2012-07-27 07:32 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 09:48 . 2012-06-12 13:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-08 09:48 . 2011-08-28 14:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-02 13:46 . 2011-12-28 13:33 499712 ----a-w- c:\windows\system32\msvcp71.dll
2012-07-02 13:46 . 2011-12-28 13:33 348160 ----a-w- c:\windows\system32\msvcr71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-06-22 603648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-12 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-12 166936]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-28 7862816]
"FDM7"="c:\program files\Fujitsu\FDM7\FdmDaemon.exe" [2009-11-26 128360]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Performer43489.exe]
/STP=0:1 [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 00:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConMgr]
2009-12-24 10:21 504208 ----a-w- c:\program files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CSRSkype]
2009-12-24 10:21 346512 ----a-w- c:\program files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndicatorUtility]
2009-10-09 19:06 47976 ----a-w- c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadBtnHnd]
2009-10-15 16:59 33640 ----a-w- c:\program files\Fujitsu\Application Panel\BtnHnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadFUJ02E3]
2009-10-14 07:47 36712 ----a-w- c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LoadFujitsuQuickTouch]
2009-10-15 16:59 138088 ----a-w- c:\program files\Fujitsu\Application Panel\QuickTouch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSUTility]
2009-07-27 16:50 144744 ----a-w- c:\program files\Fujitsu\PSUtility\TrayManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-10-09 17:15 1578280 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2012-07-02 13:46 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
2010-08-09 13:49 139088 ----a-w- c:\program files\Internet Bilo gdje\UIExec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-05-22 14:42 880496 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 MpKsl16a96829;MpKsl16a96829;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2EC00602-5EAD-461C-94B0-D7EB7A32DE25}\MpKsl16a96829.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Internet Bilo gdje\AssistantServices.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VFPRadioSupportService;Bluetooth Feature Support;c:\program files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe [x]
S2 WirelessSelectorService;WirelessSelectorService;c:\program files\Fujitsu\WirelessSelector\WSUService.exe [x]
S3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL16A96829
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-12 09:48]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-12 13:50]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-12 13:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?AF=110396&babsrc=HP_ss&mntrId=14e520b2000000000000000000000000
mStart Page = hxxp://www.startsearcher.com
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{85C9C6F2-E98D-40E3-AF7E-24807421E79F}: NameServer = 79.143.101.225 79.143.101.229
TCP: Interfaces\{989E0A91-97EE-4273-A084-584E0D608B1D}: NameServer = 10.0.1.155
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
URLSearchHooks-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTo0.dll
BHO-{687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\uTorrentControl2\prxtbuTo0.dll
Toolbar-10 - (no file)
Toolbar-!{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
Toolbar-!{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - c:\program files\uTorrentControl2\prxtbuTo0.dll
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-DATAMNGR - c:\progra~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
MSConfigStartUp-Facebook Update - c:\users\User\AppData\Local\Facebook\Update\FacebookUpdate.exe
MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
MSConfigStartUp-Media Finder - c:\program files\Media Finder\Media Finder.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
AddRemove-ProtectDisc Driver 11 - c:\program files\ProtectDisc Driver Installer\uninstall_v11.exe
AddRemove-Updater Service - c:\programdata\IBUpdaterService\ibsvc.exe
AddRemove-uTorrentControl2 Toolbar - c:\program files\uTorrentControl2\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-10 20:56:55
ComboFix-quarantined-files.txt 2012-08-10 18:56
.
Pre-Run: 77,471,121,408 bytes free
Post-Run: 79,470,116,864 bytes free
.
- - End Of File - - 64B77D9B06383034F2B0685761DF1A79


https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow Otvoriti Notepad i iskopirati sledeci tekst:

DEQUARANTINE::
C:\Qoobox\Quarantine\C\windows\pkunzip.pif.vir
C:\Qoobox\Quarantine\C\windows\pkzip.pif.vir
QUIT::


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Arrow Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Dvoklikom pokreni program i klikni na dugme [Search] .
Kada program zavrsi analizu otvorice notepad (AdwCleaner[R1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[R1].txt




Ivance95 (AMF Tim)

offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1643

evo uradio sam

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow
Ponovo pokreni AdwCleaner
Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok

Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"

Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt





Ivance95 (AMF Tim)

offline
  • Anunnaki
  • Pridružio: 20 Apr 2012
  • Poruke: 1643

uradio sam @ivance95


https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Arrow Tvoj računar je čist što se malware-a tiče. Ako još uvek imaš problema predlažem ti da otvoriš temu u Windows potforumu: http://www.mycity.rs/Windows/



Arrow Ponovo pokreni OTL i klikni na CleanUp.



Arrow

Ponovo pokreni AdwCleaner
Klikni na dugme [Uninstall] i pricekaj da se postupak uninstallacije zavrsi.




Arrow
Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



Arrow Obavezno poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj.
Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html



Ivance95 (AMF Tim)

Ko je trenutno na forumu
 

Ukupno su 473 korisnika na forumu :: 8 registrovanih, 1 sakriven i 464 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Boris90, crnogorac, Hektor, Japidson, Koridor, Pancevac, Van, zlaya011