malware detektovao oko 2000 unwanted....

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 30 Apr 2016 13:49

pozdrav,

nakon sto je malware detektovao oko 2000 nezeljenih ... cega god da je ... resih da otvoroim temu.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
Ran by Cowimpex (administrator) on COWIMPEX-PC (30-04-2016 13:46:14)
Running from C:\Users\Cowimpex\Desktop
Loaded Profiles: Cowimpex (Available Profiles: Cowimpex)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qksee Pvt Ltd.) C:\Program Files (x86)\qksee\qkseeSvc.exe
(Winzipper Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Summer Sports\summer_sports_helper_service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Lexmark 5000 Series\lxdmmon.exe
() C:\Program Files (x86)\Lexmark 5000 Series\lxdmamon.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(tsvr.com) C:\Users\Cowimpex\AppData\Roaming\TSv\TSvr.exe
( ) C:\Windows\System32\lxdmcoms.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
(TU-Funs LIMITED) C:\ProgramData\8WdM8\WdMan.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [lxdmmon.exe] => C:\Program Files (x86)\Lexmark 5000 Series\lxdmmon.exe [455344 2007-07-06] ()
HKLM\...\Run: [lxdmamon] => C:\Program Files (x86)\Lexmark 5000 Series\lxdmamon.exe [20480 2007-06-01] ()
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKU\S-1-5-21-3930313140-483073278-1502967792-1000\...\MountPoints2: {1f8e0d3a-3957-11e3-8cc5-806e6f6e6963} - D:\DVDSetup.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{DA5E5D6D-6E37-4833-88AA-06FADD662312}: [NameServer] 8.8.8.8,194.106.162.2
Tcpip\..\Interfaces\{DA5E5D6D-6E37-4833-88AA-06FADD662312}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = google.com
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3930313140-483073278-1502967792-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-30] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3930313140-483073278-1502967792-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-30] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3930313140-483073278-1502967792-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cowimpex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-23] (Unity Technologies ApS)
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha1079\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha4429\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8175\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1562\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home1918\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode729\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release798\ff [not found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.omniboxes.com/?type=hp&ts=1449057165&z=c44999ab0c3614d5c9ba814gfz8z0tde5w5m8g2q7m&from=ient07021&uid=HitachiXHDS721050CLA360_JP1532ER010NMK010NMKX
CHR StartupUrls: Default -> "hxxp://www.omniboxes.com/?type=hp&ts=1449057165&z=c44999ab0c3614d5c9ba814gfz8z0tde5w5m8g2q7m&from=ient07021&uid=HitachiXHDS721050CLA360_JP1532ER010NMK010NMKX"
CHR DefaultSearchURL: Default -> hxxp://www.omniboxes.com/web/?type=ds&ts=1449057165&z=c44999ab0c3614d5c9ba814gfz8z0tde5w5m8g2q7m&from=ient07021&uid=HitachiXHDS721050CLA360_JP1532ER010NMK010NMKX&q={searchTerms}
CHR DefaultSearchKeyword: Default -> omniboxes
CHR Profile: C:\Users\Cowimpex\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Cowimpex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-16]
CHR Extension: (Google Drive) - C:\Users\Cowimpex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (Google Docs Offline) - C:\Users\Cowimpex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-30]
CHR Extension: (AdBlock) - C:\Users\Cowimpex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-30]
CHR Extension: (PDF Mergy) - C:\Users\Cowimpex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-10-11]
CHR Extension: (Night Time In New York City) - C:\Users\Cowimpex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek [2015-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cowimpex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
S2 lxdmCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdmserv.exe [33712 2007-06-08] (Lexmark International, Inc.)
R2 lxdm_device; C:\Windows\system32\lxdmcoms.exe [1053104 2007-06-08] ( )
R2 lxdm_device; C:\Windows\SysWOW64\lxdmcoms.exe [598960 2007-06-08] ( )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
U0 qhcvhfv; C:\Windows\System32\drivers\mgiobl.sys [79064 2016-04-30] (Malwarebytes)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-30 13:46 - 2016-04-30 13:46 - 00013548 _____ C:\Users\Cowimpex\Desktop\FRST.txt
2016-04-30 13:46 - 2016-04-30 13:46 - 00000000 ____D C:\FRST
2016-04-30 13:45 - 2016-04-30 13:45 - 02376704 _____ (Farbar) C:\Users\Cowimpex\Desktop\FRST64.exe
2016-04-30 13:45 - 2016-04-30 13:45 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\mgiobl.sys
2016-04-30 13:35 - 2016-04-30 13:35 - 03581504 _____ C:\Users\Cowimpex\Downloads\AdwCleaner.exe
2016-04-30 13:32 - 2016-04-30 13:45 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-30 13:32 - 2016-04-30 13:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-30 13:32 - 2016-04-30 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-30 13:32 - 2016-04-30 13:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-30 13:32 - 2016-04-30 13:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-30 13:32 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-30 13:32 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-30 13:32 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-30 13:28 - 2016-04-30 13:28 - 00000000 ____D C:\Users\Cowimpex\AppData\Roaming\Sun
2016-04-30 13:28 - 2016-04-30 13:28 - 00000000 ____D C:\Users\Cowimpex\.oracle_jre_usage
2016-04-30 13:27 - 2016-04-30 13:27 - 00000000 ____D C:\Users\Cowimpex\AppData\LocalLow\Oracle
2016-04-30 13:25 - 2016-04-30 13:45 - 00000860 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-30 13:25 - 2016-04-30 13:25 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-04-30 13:25 - 2016-04-30 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-30 13:25 - 2016-04-30 13:25 - 00000000 ____D C:\Program Files\CCleaner
2016-04-30 13:24 - 2016-04-30 13:25 - 22851472 _____ (Malwarebytes ) C:\Users\Cowimpex\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-30 12:26 - 2016-04-30 13:45 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-30 12:26 - 2016-04-30 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-30 12:25 - 2016-04-30 12:26 - 00000000 ____D C:\Program Files\iTunes
2016-04-30 12:25 - 2016-04-30 12:25 - 00000000 ____D C:\Program Files\iPod
2016-04-30 12:25 - 2016-04-30 12:25 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-04-30 12:23 - 2016-04-30 12:23 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-04-30 12:23 - 2016-04-30 12:23 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-04-01 13:19 - 2016-04-01 13:19 - 10857601 _____ C:\Users\Cowimpex\Downloads\J1mB0_s_XVM_Config_v6.2.1.zip
2016-04-01 11:07 - 2016-04-01 11:07 - 00000000 ____D C:\Users\Cowimpex\AppData\Roaming\WinZiper
2016-04-01 11:07 - 2016-04-01 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-30 13:46 - 2014-03-24 11:44 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-30 13:46 - 2013-10-24 12:02 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-04-30 13:46 - 2013-10-20 14:42 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-30 13:46 - 2013-10-20 09:15 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-30 13:46 - 2013-10-20 09:15 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-30 13:46 - 2013-10-20 00:20 - 00001419 _____ C:\Users\Cowimpex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-30 13:46 - 2013-10-20 00:20 - 00001385 _____ C:\Users\Cowimpex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-04-30 13:46 - 2009-07-14 06:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-30 13:46 - 2009-07-14 06:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-04-30 13:46 - 2009-07-14 06:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-04-30 13:46 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-04-30 13:45 - 2016-02-20 14:58 - 00001765 _____ C:\Users\Public\Desktop\qksee.lnk
2016-04-30 13:45 - 2016-02-20 14:58 - 00000000 ____D C:\Program Files (x86)\qksee
2016-04-30 13:45 - 2016-01-08 12:59 - 00000000 ____D C:\ProgramData\8WdM8
2016-04-30 13:45 - 2015-12-02 13:53 - 00000000 ____D C:\Program Files (x86)\WinZipper
2016-04-30 13:45 - 2015-12-02 13:53 - 00000000 ____D C:\Program Files (x86)\SFK
2016-04-30 13:45 - 2015-09-26 15:45 - 00000789 _____ C:\Users\Public\Desktop\World of Warships.lnk
2016-04-30 13:45 - 2015-06-25 11:16 - 00001175 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2016-04-30 13:45 - 2015-05-30 13:38 - 00001853 _____ C:\Users\Public\Desktop\Apps.lnk
2016-04-30 13:45 - 2015-05-30 13:38 - 00001801 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2016-04-30 13:45 - 2015-05-23 13:50 - 00001138 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-04-30 13:45 - 2015-03-24 12:05 - 00001332 _____ C:\Users\Cowimpex\Desktop\Nexus Root Toolkit.lnk
2016-04-30 13:45 - 2015-03-21 19:07 - 00001224 _____ C:\Users\Cowimpex\Desktop\Paint.lnk
2016-04-30 13:45 - 2015-02-18 12:46 - 00000000 ____D C:\Program Files (x86)\e36fc794-2bcd-4288-949a-bec848362293
2016-04-30 13:45 - 2015-02-09 19:17 - 00000000 ____D C:\Program Files (x86)\fbf4cf6e-89aa-489f-9aab-e09707569a4a
2016-04-30 13:45 - 2014-12-28 15:27 - 00001137 _____ C:\Users\Cowimpex\Desktop\5.lnk
2016-04-30 13:45 - 2014-11-28 21:33 - 00001963 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2016-04-30 13:45 - 2014-06-21 16:03 - 00001341 _____ C:\Users\Cowimpex\Desktop\Norton Installation Files.lnk
2016-04-30 13:45 - 2014-03-24 11:44 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-30 13:45 - 2014-02-16 15:01 - 00000556 _____ C:\Users\Public\Desktop\Fraps.lnk
2016-04-30 13:45 - 2014-02-01 15:39 - 00001057 _____ C:\Users\Cowimpex\Desktop\Lemmings.lnk
2016-04-30 13:45 - 2014-02-01 15:39 - 00000716 _____ C:\Users\Cowimpex\Desktop\Lemmings on the Gamefabrique.lnk
2016-04-30 13:45 - 2013-10-24 12:02 - 00002013 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-04-30 13:45 - 2013-10-20 20:10 - 00001059 _____ C:\Users\Public\Desktop\Lexmark Productivity Studio - 5000 Series.LNK
2016-04-30 13:45 - 2013-10-20 19:24 - 00001209 _____ C:\Users\Cowimpex\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-04-30 13:45 - 2013-10-20 19:24 - 00001179 _____ C:\Users\Public\Desktop\GOM Player.lnk
2016-04-30 13:45 - 2013-10-20 17:50 - 00002685 _____ C:\Users\Cowimpex\Desktop\Microsoft Office Excel 2007.lnk
2016-04-30 13:45 - 2013-10-20 17:50 - 00002679 _____ C:\Users\Cowimpex\Desktop\Microsoft Office Word 2007.lnk
2016-04-30 13:45 - 2013-10-20 17:06 - 00000859 _____ C:\Users\Cowimpex\Desktop\Downloads.lnk
2016-04-30 13:45 - 2013-10-20 14:36 - 00002511 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-30 13:45 - 2013-10-20 13:40 - 00000837 _____ C:\Users\Cowimpex\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-04-30 13:45 - 2013-10-20 10:13 - 00000000 ____D C:\Windows\Panther
2016-04-30 13:45 - 2013-10-19 19:00 - 00000000 ____D C:\Program Files (x86)\AMD APP
2016-04-30 13:45 - 2009-07-14 07:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-04-30 13:45 - 2009-07-14 06:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-04-30 13:38 - 2015-05-23 13:50 - 00000000 ____D C:\Users\Cowimpex\AppData\Roaming\Battle.net
2016-04-30 13:38 - 2015-05-23 13:42 - 00000000 ____D C:\ProgramData\Battle.net
2016-04-30 13:37 - 2015-05-23 13:50 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-30 13:29 - 2013-11-23 20:28 - 00000000 ____D C:\ProgramData\Oracle
2016-04-30 13:29 - 2013-11-23 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-30 13:29 - 2013-11-23 19:24 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-30 13:29 - 2009-07-14 06:45 - 00023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-30 13:29 - 2009-07-14 06:45 - 00023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-30 13:28 - 2013-11-23 19:24 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-30 13:28 - 2013-10-20 00:19 - 00000000 ____D C:\Users\Cowimpex
2016-04-30 13:27 - 2014-12-24 22:14 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-04-30 13:27 - 2013-10-20 13:39 - 00000000 ____D C:\Users\Cowimpex\AppData\Roaming\uTorrent
2016-04-30 13:26 - 2014-11-12 14:19 - 00000000 ____D C:\Users\Cowimpex\AppData\Local\CrashDumps
2016-04-30 13:26 - 2009-07-14 07:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-30 13:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-30 13:22 - 2016-02-13 14:28 - 00000001 _____ C:\Windows\SysWOW64\us.html
2016-04-30 13:21 - 2015-06-07 15:48 - 00000526 _____ C:\Windows\Tasks\summer_sports_helper_service.job
2016-04-30 13:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-30 13:17 - 2013-10-20 17:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-30 12:56 - 2014-03-24 11:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-30 12:25 - 2013-10-20 14:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-30 12:17 - 2013-10-20 17:06 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-30 12:17 - 2013-10-20 17:06 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-30 12:17 - 2013-10-20 17:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-01 13:19 - 2016-01-22 19:58 - 00000000 ____D C:\Users\Cowimpex\AppData\Roaming\eCyber

==================== Files in the root of some directories =======

2014-03-30 16:31 - 2014-09-07 13:33 - 0000136 _____ () C:\Users\Cowimpex\AppData\Roaming\WB.CFG
2015-09-11 22:31 - 2015-09-11 22:31 - 0000000 _____ () C:\Users\Cowimpex\AppData\Local\{2C19774C-CC58-473F-A557-B89BD72D2CC8}
2015-09-05 21:30 - 2015-09-05 21:30 - 0000000 _____ () C:\Users\Cowimpex\AppData\Local\{44FBADDF-2B7E-443A-9F7A-A94C6A90F799}
2015-01-19 14:36 - 2015-01-19 14:36 - 0000000 _____ () C:\Users\Cowimpex\AppData\Local\{5107158E-6E39-4A5F-BC85-2D07DB60B031}
2015-09-11 22:31 - 2015-09-11 22:31 - 0000000 _____ () C:\Users\Cowimpex\AppData\Local\{7C0D3E4F-ECA1-44F5-BB12-E2B3544BED9E}
2015-11-16 18:08 - 2015-11-16 18:08 - 1308520 _____ () C:\ProgramData\SPL1DFD.tmp
2015-07-04 14:47 - 2015-07-04 14:47 - 40724496 _____ () C:\ProgramData\SPL4604.tmp
2015-07-04 17:23 - 2015-07-04 17:23 - 40724496 _____ () C:\ProgramData\SPL4652.tmp
2014-08-31 00:05 - 2014-08-31 00:05 - 2592673 _____ () C:\ProgramData\SPL4A00.tmp
2015-07-05 21:21 - 2015-07-05 21:21 - 40724496 _____ () C:\ProgramData\SPL4B22.tmp
2014-09-01 10:49 - 2014-09-01 10:49 - 2592673 _____ () C:\ProgramData\SPL5050.tmp
2015-07-05 10:35 - 2015-07-05 10:35 - 40724496 _____ () C:\ProgramData\SPL515A.tmp
2015-11-16 18:05 - 2015-11-16 18:05 - 3797040 _____ () C:\ProgramData\SPL539D.tmp
2015-07-06 12:31 - 2015-07-06 12:31 - 40724496 _____ () C:\ProgramData\SPL566A.tmp
2014-12-26 12:33 - 2014-12-26 12:33 - 0793132 _____ () C:\ProgramData\SPL58DF.tmp
2015-07-06 12:41 - 2015-07-06 12:41 - 40724496 _____ () C:\ProgramData\SPL6382.tmp
2015-07-04 12:35 - 2015-07-04 12:35 - 40724496 _____ () C:\ProgramData\SPL738F.tmp
2015-07-06 09:35 - 2015-07-06 09:35 - 40724496 _____ () C:\ProgramData\SPL7A4D.tmp
2014-06-23 10:38 - 2014-06-23 10:38 - 0338920 _____ () C:\ProgramData\SPL7E5A.tmp
2014-09-01 11:00 - 2014-09-01 11:00 - 2592673 _____ () C:\ProgramData\SPL9363.tmp
2014-06-11 11:28 - 2014-06-11 11:28 - 32606054 _____ () C:\ProgramData\SPLA11.tmp
2015-12-02 13:53 - 2016-01-08 12:59 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:
====================
C:\Users\Cowimpex\AppData\Local\Temp\jre-8u91-windows-au.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-30 12:49

==================== End of FRST.txt ============================
mycity.rs/must-login.png

Dopuna: 30 Apr 2016 14:02

mogu ja i ovaj malware log da postavim ako treba

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
(Qksee Pvt Ltd.) C:\Program Files (x86)\qksee\qkseeSvc.exe
C:\Program Files (x86)\qksee
(Winzipper Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
C:\Program Files (x86)\WinZipper
() C:\Program Files (x86)\Summer Sports\summer_sports_helper_service.exe
C:\Program Files (x86)\Summer Sports
(tsvr.com) C:\Users\Cowimpex\AppData\Roaming\TSv\TSvr.exe
C:\Users\Cowimpex\AppData\Roaming\TSv
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
(TU-Funs LIMITED) C:\ProgramData\8WdM8\WdMan.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
C:\Program Files (x86)\SFK
C:\ProgramData\8WdM8
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha1079\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha4429\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8175\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1562\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home1918\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode729\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release798\ff [not found]
CHR HomePage: Default -> hxxp://www.omniboxes.com/?type=hp&ts=1449057165&z=c44999ab0c3614d5c9ba814gfz8z0tde5w5m8g2q7m&from=ient07021&uid=HitachiXHDS721050CLA360_JP1532ER010NMK010NMKX
CHR StartupUrls: Default -> "hxxp://www.omniboxes.com/?type=hp&ts=1449057165&z=c44999ab0c3614d5c9ba814gfz8z0tde5w5m8g2q7m&from=ient07021&uid=HitachiXHDS721050CLA360_JP1532ER010NMK010NMKX"
CHR DefaultSearchURL: Default -> hxxp://www.omniboxes.com/web/?type=ds&ts=1449057165&z=c44999ab0c3614d5c9ba814gfz8z0tde5w5m8g2q7m&from=ient07021&uid=HitachiXHDS721050CLA360_JP1532ER010NMK010NMKX&q={searchTerms}
CHR DefaultSearchKeyword: Default -> omniboxes
2016-04-30 13:45 - 2016-02-20 14:58 - 00001765 _____ C:\Users\Public\Desktop\qksee.lnk
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Task: {92EE26F1-8BAF-44E8-994B-9AAF3CC6C80F} - System32\Tasks\summer_sports_helper_service => C:\Program Files (x86)\Summer Sports\summer_sports_helper_service.exe [2015-06-07] () <==== ATTENTION
Task: {C9F47F39-B1ED-4D52-8EDA-5D9C7161224C} - System32\Tasks\{33E3054C-79AC-4581-B173-BCE74989E1B3} => pcalua.exe -a C:\Users\Cowimpex\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=obw <==== ATTENTION
C:\Users\Cowimpex\AppData\Roaming\omiga-plus
Task: C:\Windows\Tasks\summer_sports_helper_service.job => C:\Program Files (x86)\Summer Sports\summer_sports_helper_service.exe <==== ATTENTION
2015-06-07 15:48 - 2015-06-07 15:48 - 00191692 _____ () C:\Program Files (x86)\Summer Sports\summer_sports_helper_service.exe
2016-02-20 14:58 - 2016-02-15 04:21 - 00582144 _____ () C:\Program Files (x86)\qksee\curlpp.dll
2016-02-20 14:58 - 2016-04-08 04:24 - 00063128 _____ () C:\Program Files (x86)\qksee\zlib1.dll
2016-04-01 11:07 - 2015-12-30 07:34 - 00582144 _____ () C:\Program Files (x86)\WinZipper\curlpp.dll
2016-04-01 11:07 - 2016-01-26 10:27 - 00066560 _____ () C:\Program Files (x86)\WinZipper\zlib1.dll
EmptyTemp:

2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.



Nakon toga,

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK
Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"