malware detektovao oko 2000 unwanted....

malware detektovao oko 2000 unwanted....

offline
  • Pridružio: 14 Avg 2010
  • Poruke: 185

Napisano: 30 Apr 2016 13:49

pozdrav,

nakon sto je malware detektovao oko 2000 nezeljenih ... cega god da je ... resih da otvoroim temu.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
Ran by Cowimpex (administrator) on COWIMPEX-PC (30-04-2016 13:46:14)
Running from C:\Users\Cowimpex\Desktop
Loaded Profiles: Cowimpex (Available Profiles: Cowimpex)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: geekstogo.com/forum/topic/335081-frst-t.....scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Qksee Pvt Ltd.) C:\Program Files (x86)\qksee\qkseeSvc.exe
(Winzipper Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Summer Sports\summer_sports_helper_service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\Lexmark 5000 Series\lxdmmon.exe
() C:\Program Files (x86)\Lexmark 5000 Series\lxdmamon.exe
(PixArt Imaging Incorporation) C:\Windows\PixArt\Pac207\Monitor.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(tsvr.com) C:\Users\Cowimpex\AppData\Roaming\TSv\TSvr.exe
( ) C:\Windows\System32\lxdmcoms.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
(TU-Funs LIMITED) C:\ProgramData\8WdM8\WdMan.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [lxdmmon.exe] => C:\Program Files (x86)\Lexmark 5000 Series\lxdmmon.exe [455344 2007-07-06] ()
HKLM\...\Run: [lxdmamon] => C:\Program Files (x86)\Lexmark 5000 Series\lxdmamon.exe [20480 2007-06-01] ()
HKLM\...\Run: [Monitor] => C:\Windows\PixArt\PAC207\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [896632 2015-07-22] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
HKU\S-1-5-21-3930313140-483073278-1502967792-1000\...\MountPoints2: {1f8e0d3a-3957-11e3-8cc5-806e6f6e6963} - D:\DVDSetup.exe
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{DA5E5D6D-6E37-4833-88AA-06FADD662312}: [NameServer] 8.8.8.8,194.106.162.2
Tcpip\..\Interfaces\{DA5E5D6D-6E37-4833-88AA-06FADD662312}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = google.com
SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3930313140-483073278-1502967792-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-30] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-30] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-3930313140-483073278-1502967792-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll [2013-12-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-30] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3930313140-483073278-1502967792-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cowimpex\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-23] (Unity Technologies ApS)
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha1079\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha4429\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8175\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1562\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home1918\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode729\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release798\ff [not found]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.omniboxes.com/?type=hp&ts=1449057165&z=c44999ab0c3614d5c9ba814gfz8z0tde5w5m8g2q7m&from=ient07021&uid=HitachiXHDS721050CLA360_JP1532ER010NMK010NMKX
CHR StartupUrls: Default -> "hxxp://www.omniboxes.com/?type=hp&ts=1449057165&z=c44999ab0c3614d5c9ba814gfz8z0tde5w5m8g2q7m&from=ient07021&uid=HitachiXHDS721050CLA360_JP1532ER010NMK010NMKX"
CHR DefaultSearchURL: Default -> hxxp://www.omniboxes.com/web/?type=ds&ts=1449057165&z=c44999ab0c3614d5c9ba814gfz8z0tde5w5m8g2q7m&from=ient07021&uid=HitachiXHDS721050CLA360_JP1532ER010NMK010NMKX&q={searchTerms}
CHR DefaultSearchKeyword: Default -> omniboxes
CHR Profile: C:\Users\Cowimpex\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Cowimpex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-16]
CHR Extension: (Google Drive) - C:\Users\Cowimpex\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-30]
CHR Extension: (Google Docs Offline) - C:\Users\Cowimpex\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-30]
CHR Extension: (AdBlock) - C:\Users\Cowimpex\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-04-30]
CHR Extension: (PDF Mergy) - C:\Users\Cowimpex\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha [2014-10-11]
CHR Extension: (Night Time In New York City) - C:\Users\Cowimpex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek [2015-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cowimpex\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-12-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433784 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413304 2015-06-16] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [831096 2015-07-21] (BlueStack Systems, Inc.)
S2 lxdmCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxdmserv.exe [33712 2007-06-08] (Lexmark International, Inc.)
R2 lxdm_device; C:\Windows\system32\lxdmcoms.exe [1053104 2007-06-08] ( )
R2 lxdm_device; C:\Windows\SysWOW64\lxdmcoms.exe [598960 2007-06-08] ( )
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145528 2015-06-16] (BlueStack Systems)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
U0 qhcvhfv; C:\Windows\System32\drivers\mgiobl.sys [79064 2016-04-30] (Malwarebytes)
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-30 13:46 - 2016-04-30 13:46 - 00013548 _____ C:\Users\Cowimpex\Desktop\FRST.txt
2016-04-30 13:46 - 2016-04-30 13:46 - 00000000 ____D C:\FRST
2016-04-30 13:45 - 2016-04-30 13:45 - 02376704 _____ (Farbar) C:\Users\Cowimpex\Desktop\FRST64.exe
2016-04-30 13:45 - 2016-04-30 13:45 - 00079064 _____ (Malwarebytes) C:\Windows\system32\Drivers\mgiobl.sys
2016-04-30 13:35 - 2016-04-30 13:35 - 03581504 _____ C:\Users\Cowimpex\Downloads\AdwCleaner.exe
2016-04-30 13:32 - 2016-04-30 13:45 - 00001096 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-30 13:32 - 2016-04-30 13:33 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-30 13:32 - 2016-04-30 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-30 13:32 - 2016-04-30 13:32 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-30 13:32 - 2016-04-30 13:32 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-30 13:32 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-04-30 13:32 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-04-30 13:32 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-04-30 13:28 - 2016-04-30 13:28 - 00000000 ____D C:\Users\Cowimpex\AppData\Roaming\Sun
2016-04-30 13:28 - 2016-04-30 13:28 - 00000000 ____D C:\Users\Cowimpex\.oracle_jre_usage
2016-04-30 13:27 - 2016-04-30 13:27 - 00000000 ____D C:\Users\Cowimpex\AppData\LocalLow\Oracle
2016-04-30 13:25 - 2016-04-30 13:45 - 00000860 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-04-30 13:25 - 2016-04-30 13:25 - 00002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-04-30 13:25 - 2016-04-30 13:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-04-30 13:25 - 2016-04-30 13:25 - 00000000 ____D C:\Program Files\CCleaner
2016-04-30 13:24 - 2016-04-30 13:25 - 22851472 _____ (Malwarebytes ) C:\Users\Cowimpex\Downloads\mbam-setup-2.2.1.1043.exe
2016-04-30 12:26 - 2016-04-30 13:45 - 00001747 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-30 12:26 - 2016-04-30 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-30 12:25 - 2016-04-30 12:26 - 00000000 ____D C:\Program Files\iTunes
2016-04-30 12:25 - 2016-04-30 12:25 - 00000000 ____D C:\Program Files\iPod
2016-04-30 12:25 - 2016-04-30 12:25 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-04-30 12:23 - 2016-04-30 12:23 - 00000000 ____D C:\Windows\System32\Tasks\Apple
2016-04-30 12:23 - 2016-04-30 12:23 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-04-01 13:19 - 2016-04-01 13:19 - 10857601 _____ C:\Users\Cowimpex\Downloads\J1mB0_s_XVM_Config_v6.2.1.zip
2016-04-01 11:07 - 2016-04-01 11:07 - 00000000 ____D C:\Users\Cowimpex\AppData\Roaming\WinZiper
2016-04-01 11:07 - 2016-04-01 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-30 13:46 - 2014-03-24 11:44 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-30 13:46 - 2013-10-24 12:02 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-04-30 13:46 - 2013-10-20 14:42 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-04-30 13:46 - 2013-10-20 09:15 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-30 13:46 - 2013-10-20 09:15 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-30 13:46 - 2013-10-20 00:20 - 00001419 _____ C:\Users\Cowimpex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-30 13:46 - 2013-10-20 00:20 - 00001385 _____ C:\Users\Cowimpex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-04-30 13:46 - 2009-07-14 06:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-30 13:46 - 2009-07-14 06:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-04-30 13:46 - 2009-07-14 06:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-04-30 13:46 - 2009-07-14 06:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-04-30 13:45 - 2016-02-20 14:58 - 00001765 _____ C:\Users\Public\Desktop\qksee.lnk
2016-04-30 13:45 - 2016-02-20 14:58 - 00000000 ____D C:\Program Files (x86)\qksee
2016-04-30 13:45 - 2016-01-08 12:59 - 00000000 ____D C:\ProgramData\8WdM8
2016-04-30 13:45 - 2015-12-02 13:53 - 00000000 ____D C:\Program Files (x86)\WinZipper
2016-04-30 13:45 - 2015-12-02 13:53 - 00000000 ____D C:\Program Files (x86)\SFK
2016-04-30 13:45 - 2015-09-26 15:45 - 00000789 _____ C:\Users\Public\Desktop\World of Warships.lnk
2016-04-30 13:45 - 2015-06-25 11:16 - 00001175 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2016-04-30 13:45 - 2015-05-30 13:38 - 00001853 _____ C:\Users\Public\Desktop\Apps.lnk
2016-04-30 13:45 - 2015-05-30 13:38 - 00001801 _____ C:\Users\Public\Desktop\Start BlueStacks.lnk
2016-04-30 13:45 - 2015-05-23 13:50 - 00001138 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-04-30 13:45 - 2015-03-24 12:05 - 00001332 _____ C:\Users\Cowimpex\Desktop\Nexus Root Toolkit.lnk
2016-04-30 13:45 - 2015-03-21 19:07 - 00001224 _____ C:\Users\Cowimpex\Desktop\Paint.lnk
2016-04-30 13:45 - 2015-02-18 12:46 - 00000000 ____D C:\Program Files (x86)\e36fc794-2bcd-4288-949a-bec848362293
2016-04-30 13:45 - 2015-02-09 19:17 - 00000000 ____D C:\Program Files (x86)\fbf4cf6e-89aa-489f-9aab-e09707569a4a
2016-04-30 13:45 - 2014-12-28 15:27 - 00001137 _____ C:\Users\Cowimpex\Desktop\5.lnk
2016-04-30 13:45 - 2014-11-28 21:33 - 00001963 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk
2016-04-30 13:45 - 2014-06-21 16:03 - 00001341 _____ C:\Users\Cowimpex\Desktop\Norton Installation Files.lnk
2016-04-30 13:45 - 2014-03-24 11:44 - 00002177 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-30 13:45 - 2014-02-16 15:01 - 00000556 _____ C:\Users\Public\Desktop\Fraps.lnk
2016-04-30 13:45 - 2014-02-01 15:39 - 00001057 _____ C:\Users\Cowimpex\Desktop\Lemmings.lnk
2016-04-30 13:45 - 2014-02-01 15:39 - 00000716 _____ C:\Users\Cowimpex\Desktop\Lemmings on the Gamefabrique.lnk
2016-04-30 13:45 - 2013-10-24 12:02 - 00002013 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-04-30 13:45 - 2013-10-20 20:10 - 00001059 _____ C:\Users\Public\Desktop\Lexmark Productivity Studio - 5000 Series.LNK
2016-04-30 13:45 - 2013-10-20 19:24 - 00001209 _____ C:\Users\Cowimpex\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2016-04-30 13:45 - 2013-10-20 19:24 - 00001179 _____ C:\Users\Public\Desktop\GOM Player.lnk
2016-04-30 13:45 - 2013-10-20 17:50 - 00002685 _____ C:\Users\Cowimpex\Desktop\Microsoft Office Excel 2007.lnk
2016-04-30 13:45 - 2013-10-20 17:50 - 00002679 _____ C:\Users\Cowimpex\Desktop\Microsoft Office Word 2007.lnk
2016-04-30 13:45 - 2013-10-20 17:06 - 00000859 _____ C:\Users\Cowimpex\Desktop\Downloads.lnk
2016-04-30 13:45 - 2013-10-20 14:36 - 00002511 _____ C:\Users\Public\Desktop\Skype.lnk
2016-04-30 13:45 - 2013-10-20 13:40 - 00000837 _____ C:\Users\Cowimpex\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-04-30 13:45 - 2013-10-20 10:13 - 00000000 ____D C:\Windows\Panther
2016-04-30 13:45 - 2013-10-19 19:00 - 00000000 ____D C:\Program Files (x86)\AMD APP
2016-04-30 13:45 - 2009-07-14 07:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-04-30 13:45 - 2009-07-14 06:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-04-30 13:38 - 2015-05-23 13:50 - 00000000 ____D C:\Users\Cowimpex\AppData\Roaming\Battle.net
2016-04-30 13:38 - 2015-05-23 13:42 - 00000000 ____D C:\ProgramData\Battle.net
2016-04-30 13:37 - 2015-05-23 13:50 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-04-30 13:29 - 2013-11-23 20:28 - 00000000 ____D C:\ProgramData\Oracle
2016-04-30 13:29 - 2013-11-23 19:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-30 13:29 - 2013-11-23 19:24 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-30 13:29 - 2009-07-14 06:45 - 00023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-30 13:29 - 2009-07-14 06:45 - 00023872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-30 13:28 - 2013-11-23 19:24 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-04-30 13:28 - 2013-10-20 00:19 - 00000000 ____D C:\Users\Cowimpex
2016-04-30 13:27 - 2014-12-24 22:14 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-04-30 13:27 - 2013-10-20 13:39 - 00000000 ____D C:\Users\Cowimpex\AppData\Roaming\uTorrent
2016-04-30 13:26 - 2014-11-12 14:19 - 00000000 ____D C:\Users\Cowimpex\AppData\Local\CrashDumps
2016-04-30 13:26 - 2009-07-14 07:13 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-30 13:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-30 13:22 - 2016-02-13 14:28 - 00000001 _____ C:\Windows\SysWOW64\us.html
2016-04-30 13:21 - 2015-06-07 15:48 - 00000526 _____ C:\Windows\Tasks\summer_sports_helper_service.job
2016-04-30 13:21 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-30 13:17 - 2013-10-20 17:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-30 12:56 - 2014-03-24 11:28 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-30 12:25 - 2013-10-20 14:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-04-30 12:17 - 2013-10-20 17:06 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-30 12:17 - 2013-10-20 17:06 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-30 12:17 - 2013-10-20 17:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-01 13:19 - 2016-01-22 19:58 - 00000000 ____D C:\Users\Cowimpex\AppData\Roaming\eCyber

==================== Files in the root of some directories =======

2014-03-30 16:31 - 2014-09-07 13:33 - 0000136 _____ () C:\Users\Cowimpex\AppData\Roaming\WB.CFG
2015-09-11 22:31 - 2015-09-11 22:31 - 0000000 _____ () C:\Users\Cowimpex\AppData\Local\{2C19774C-CC58-473F-A557-B89BD72D2CC8}
2015-09-05 21:30 - 2015-09-05 21:30 - 0000000 _____ () C:\Users\Cowimpex\AppData\Local\{44FBADDF-2B7E-443A-9F7A-A94C6A90F799}
2015-01-19 14:36 - 2015-01-19 14:36 - 0000000 _____ () C:\Users\Cowimpex\AppData\Local\{5107158E-6E39-4A5F-BC85-2D07DB60B031}
2015-09-11 22:31 - 2015-09-11 22:31 - 0000000 _____ () C:\Users\Cowimpex\AppData\Local\{7C0D3E4F-ECA1-44F5-BB12-E2B3544BED9E}
2015-11-16 18:08 - 2015-11-16 18:08 - 1308520 _____ () C:\ProgramData\SPL1DFD.tmp
2015-07-04 14:47 - 2015-07-04 14:47 - 40724496 _____ () C:\ProgramData\SPL4604.tmp
2015-07-04 17:23 - 2015-07-04 17:23 - 40724496 _____ () C:\ProgramData\SPL4652.tmp
2014-08-31 00:05 - 2014-08-31 00:05 - 2592673 _____ () C:\ProgramData\SPL4A00.tmp
2015-07-05 21:21 - 2015-07-05 21:21 - 40724496 _____ () C:\ProgramData\SPL4B22.tmp
2014-09-01 10:49 - 2014-09-01 10:49 - 2592673 _____ () C:\ProgramData\SPL5050.tmp
2015-07-05 10:35 - 2015-07-05 10:35 - 40724496 _____ () C:\ProgramData\SPL515A.tmp
2015-11-16 18:05 - 2015-11-16 18:05 - 3797040 _____ () C:\ProgramData\SPL539D.tmp
2015-07-06 12:31 - 2015-07-06 12:31 - 40724496 _____ () C:\ProgramData\SPL566A.tmp
2014-12-26 12:33 - 2014-12-26 12:33 - 0793132 _____ () C:\ProgramData\SPL58DF.tmp
2015-07-06 12:41 - 2015-07-06 12:41 - 40724496 _____ () C:\ProgramData\SPL6382.tmp
2015-07-04 12:35 - 2015-07-04 12:35 - 40724496 _____ () C:\ProgramData\SPL738F.tmp
2015-07-06 09:35 - 2015-07-06 09:35 - 40724496 _____ () C:\ProgramData\SPL7A4D.tmp
2014-06-23 10:38 - 2014-06-23 10:38 - 0338920 _____ () C:\ProgramData\SPL7E5A.tmp
2014-09-01 11:00 - 2014-09-01 11:00 - 2592673 _____ () C:\ProgramData\SPL9363.tmp
2014-06-11 11:28 - 2014-06-11 11:28 - 32606054 _____ () C:\ProgramData\SPLA11.tmp
2015-12-02 13:53 - 2016-01-08 12:59 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat

Files to move or delete:
====================
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat


Some files in TEMP:
====================
C:\Users\Cowimpex\AppData\Local\Temp\jre-8u91-windows-au.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-30 12:49

==================== End of FRST.txt ============================
mycity.rs/must-login.png

Dopuna: 30 Apr 2016 14:02

mogu ja i ovaj malware log da postavim ako treba

offline
  • Pridružio: 02 Jan 2008
  • Poruke: 2167

1. Otvori Notepad (Text Document) i iskopiraj sledeći tekst unutar kod polja ispod:

CreateRestorePoint:
(Qksee Pvt Ltd.) C:\Program Files (x86)\qksee\qkseeSvc.exe
C:\Program Files (x86)\qksee
(Winzipper Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
C:\Program Files (x86)\WinZipper
() C:\Program Files (x86)\Summer Sports\summer_sports_helper_service.exe
C:\Program Files (x86)\Summer Sports
(tsvr.com) C:\Users\Cowimpex\AppData\Roaming\TSv\TSvr.exe
C:\Users\Cowimpex\AppData\Roaming\TSv
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
(TU-Funs LIMITED) C:\ProgramData\8WdM8\WdMan.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
C:\Program Files (x86)\SFK
C:\ProgramData\8WdM8
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Extension: No Name - C:\Program Files (x86)\MediaPlayerV1\MediaPlayerV1alpha1079\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha4429\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha8175\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha1562\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaWatchV1\MediaWatchV1home1918\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\MediaBuzzV1\MediaBuzzV1mode729\ff [not found]
FF Extension: No Name - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release798\ff [not found]
CHR HomePage: Default -> hxxp://www.omniboxes.com/?type=hp&ts=1449057165&z=c44999ab0c3614d5c9ba814gfz8z0tde5w5m8g2q7m&from=ient07021&uid=HitachiXHDS721050CLA360_JP1532ER010NMK010NMKX
CHR StartupUrls: Default -> "hxxp://www.omniboxes.com/?type=hp&ts=1449057165&z=c44999ab0c3614d5c9ba814gfz8z0tde5w5m8g2q7m&from=ient07021&uid=HitachiXHDS721050CLA360_JP1532ER010NMK010NMKX"
CHR DefaultSearchURL: Default -> hxxp://www.omniboxes.com/web/?type=ds&ts=1449057165&z=c44999ab0c3614d5c9ba814gfz8z0tde5w5m8g2q7m&from=ient07021&uid=HitachiXHDS721050CLA360_JP1532ER010NMK010NMKX&q={searchTerms}
CHR DefaultSearchKeyword: Default -> omniboxes
2016-04-30 13:45 - 2016-02-20 14:58 - 00001765 _____ C:\Users\Public\Desktop\qksee.lnk
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
Task: {92EE26F1-8BAF-44E8-994B-9AAF3CC6C80F} - System32\Tasks\summer_sports_helper_service => C:\Program Files (x86)\Summer Sports\summer_sports_helper_service.exe [2015-06-07] () <==== ATTENTION
Task: {C9F47F39-B1ED-4D52-8EDA-5D9C7161224C} - System32\Tasks\{33E3054C-79AC-4581-B173-BCE74989E1B3} => pcalua.exe -a C:\Users\Cowimpex\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=obw <==== ATTENTION
C:\Users\Cowimpex\AppData\Roaming\omiga-plus
Task: C:\Windows\Tasks\summer_sports_helper_service.job => C:\Program Files (x86)\Summer Sports\summer_sports_helper_service.exe <==== ATTENTION
2015-06-07 15:48 - 2015-06-07 15:48 - 00191692 _____ () C:\Program Files (x86)\Summer Sports\summer_sports_helper_service.exe
2016-02-20 14:58 - 2016-02-15 04:21 - 00582144 _____ () C:\Program Files (x86)\qksee\curlpp.dll
2016-02-20 14:58 - 2016-04-08 04:24 - 00063128 _____ () C:\Program Files (x86)\qksee\zlib1.dll
2016-04-01 11:07 - 2015-12-30 07:34 - 00582144 _____ () C:\Program Files (x86)\WinZipper\curlpp.dll
2016-04-01 11:07 - 2016-01-26 10:27 - 00066560 _____ () C:\Program Files (x86)\WinZipper\zlib1.dll
EmptyTemp:


2. Sačuvaj notepad na Desktop pod nazivom fixlist.txt
To možes uraditi i iz notepad-a => klik na File potom na Save As i u novom prozoru, dole pod File Name: staviš za naziv fixlist.txt
Napomena: Važno je da se oba fajla, FRST i fixlist nalaze na istoj lokaciji jer u suprotnom fix nece raditi.

3. Ponovo pokreni FRST/FRST64, klikni jednom na dugme Fix i sačekaj.
Ukoliko alat zatraži restart sistema, dozvoli mu i postaraj se da alat kompletira fix nakon restarta sistema.



Alat će formirati log (Fixlog.txt) na Desktop-u. Potrebno je sadržaj tog loga iskopirati u poruku.
Napomena: Ukoliko te alat upozori da postoji novija verzija, postaraj se da preuzmes i koristiš ažuriranu kopiju FRST-a.



Nakon toga,

Preuzmi "Xplode"-ov AdwCleaner i sačuvaj ga na Desktop
Dvoklikom pokreni program.
U EULA prozoru klikni na I agree.
U Options isključi Reset Winsock settings ako je uključen.
Klikni na dugme Scan i sačekaj da se završi skeniranje.
Klikni na dugme Cleaning i pričekaj da program završi.
Program će zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni OK kao potvrdu.
Na sljedeća dva prozora koja se otvore (Informations i Restart required ) klikni OK

Računar će se restartovati, a potom otvoriti Notepad (C:\Adwcleaner\AdwCleaner[C1].txt) sa izvještajem.
Sačuvaj taj izvještaj na Desktop i okači ga uz poruku koristeći opciju "Prikači fajl"

Ko je trenutno na forumu
 

Ukupno su 814 korisnika na forumu :: 55 registrovanih, 7 sakrivenih i 752 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3028 - dana 22 Nov 2019 07:47

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, _Sale, A.R.Chafee.Jr., aljosa7, amaterSRB, Arhiv, babaroga2, cicus91, darkangel, DENIRO2, dr. Christian Troy, dragan638, Drug pukovnik, Georgius2, gile58, goxin, h8propaganda, Hektor, ivance95, ivica976, jovan.simovic97, kybonacci, lacko, Leonardo, Lucije Kvint, marsovac 2, matorigile, Megapurpletv, Mercury, micoboj, Milan A. Nikolic, moonshine, Pyc38, randja26, renoje2, repac2, riva2, RJ, sabros, Sass Drake, shone34, sizif, srecko81, Toni, Van, vathra, VJ, VP3987, VP6919, Warhawk, Warrior, wizzardone, wolverined4, zljubomir, Zori