Jump to content

lysprnm

Members
  • Content Count

    2
  • Joined

  • Last visited

About lysprnm

  • Rank
    New Member
  1. Hello Nasdaq, Appreciate your fast respond. I have uninstall the programs and I have done the fix and this is the log: Fix result of Farbar Recovery Scan Tool (x64) Version: 12-10-2019 02 Ran by purnamaalisya (17-10-2019 08:13:52) Run:1 Running from C:\Users\Khaidir Barzah\Downloads Loaded Profiles: purnamaalisya (Available Profiles: purnamaalisya) Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: EmptyTemp: CloseProcesses: (Smadsoft) [File not signed] C:\Program Files (x86)\SMADAV\SM?RTP.exe (Smadsoft) [File not signed] C:\Program Files (x86)\SMADAV\SM?RTP.exe (Smadsoft) [File not signed] C:\Program Files (x86)\SMADAV\SM?RTP.exe (Zainuddin Nafarin -> Smadav Software) C:\Program Files (x86)\SMADAV\SmadavProtect64.exe HKLM-x32\...\Run: [SM?RT-Protection] => C:\Program Files (x86)\Smadav\SM?RTP.exe [1977424 2019-09-12] (Smadsoft) [File not signed] HKU\S-1-5-21-939521854-588916247-3879262771-1002\...\Run: [Chromium] => "c:\users\khaidir barzah\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION Task: {B3E52D6F-8F31-4E79-B72E-606DBCB2E37C} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SM?RTP.exe [1977424 2019-09-12] (Smadsoft) [File not signed] Task: {E4B2E84D-BF36-4B49-B4BD-AEF4DF511F94} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\HP\HP ProtectTools Security Manager\Bin\BrowserExt\dpchrome => not found ContextMenuHandlers3: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\SMADAV\SmadExtc64.dll [2017-06-08] (Zainuddin Nafarin -> Smadsoft) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers6: [SmadExt] -> {8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => C:\Program Files (x86)\SMADAV\SmadExtc64.dll [2017-06-08] (Zainuddin Nafarin -> Smadsoft) FirewallRules: [{70AFF219-B2DB-4BC2-8E30-E79FCBA2C595}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe No File FirewallRules: [{16D9CDB2-3675-4834-B374-0F99115E00C8}] => (Allow) C:\Users\Khaidir Barzah\AppData\Local\LINE\bin\5.8.0.1706\LineUpdater.exe No File FirewallRules: [{245C35C1-90C4-4EB2-8856-667EA7B0BA88}] => (Allow) C:\Users\Khaidir Barzah\AppData\Local\LINE\bin\5.8.0.1706\LineUpdater.exe No File FirewallRules: [{030F7F69-A619-45AB-8931-473F2F6B39AA}] => (Allow) C:\Users\Khaidir Barzah\AppData\Local\LINE\bin\5.8.0.1706\LINE.exe No File FirewallRules: [{493C7893-FE86-4489-998D-EBD1AA33533F}] => (Allow) C:\Users\Khaidir Barzah\AppData\Local\LINE\bin\5.8.0.1706\LINE.exe No File FirewallRules: [{80FDF41A-D174-45E8-A2B8-5DF7673B3C0F}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe No File FirewallRules: [{F2DA0D09-970D-4ED1-806B-8FC6739A2C6B}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe No File FirewallRules: [{FAD1E532-DCD7-4C88-9A8F-0B88C1BE7B4A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe No File FirewallRules: [{CBE507C4-26F0-4D78-BB11-CE51A6C45389}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe No File FirewallRules: [{2ACE0536-8620-43D6-A169-07BD487C72CD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File FirewallRules: [{8F178EEB-7D9A-4C5B-A920-CBFA1EC10015}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe No File FirewallRules: [{512BDF3E-6F09-4F20-9E2E-E66A9F7D29B9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File FirewallRules: [{81F3D841-47AB-44CB-983D-A26DBACE41F5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File C:\Program Files (x86)\SMADAV ***************** Restore point was successfully created. Processes closed successfully. C:\Program Files (x86)\SMADAV\SM?RTP.exe => No running process found C:\Program Files (x86)\SMADAV\SM?RTP.exe => No running process found C:\Program Files (x86)\SMADAV\SM?RTP.exe => No running process found C:\Program Files (x86)\SMADAV\SmadavProtect64.exe => No running process found "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SM?RT-Protection" => not found "HKU\S-1-5-21-939521854-588916247-3879262771-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium" => removed successfully HKLM\SOFTWARE\Policies\Google => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3E52D6F-8F31-4E79-B72E-606DBCB2E37C}" => not found "C:\WINDOWS\System32\Tasks\smadav" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\smadav" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4B2E84D-BF36-4B49-B4BD-AEF4DF511F94}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4B2E84D-BF36-4B49-B4BD-AEF4DF511F94}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found HKLM\Software\Classes\PROTOCOLS\Handler\sacore => removed successfully HKLM\Software\Classes\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => not found "HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\dpmaxz_ng@jetpack" => removed successfully HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\SmadExt => not found HKLM\Software\Classes\CLSID\{8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => not found HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\SmadExt => not found HKLM\Software\Classes\CLSID\{8AB81E72-CB2F-11D3-8D3B-AC2F34F1FA3C} => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{70AFF219-B2DB-4BC2-8E30-E79FCBA2C595}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{16D9CDB2-3675-4834-B374-0F99115E00C8}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{245C35C1-90C4-4EB2-8856-667EA7B0BA88}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{030F7F69-A619-45AB-8931-473F2F6B39AA}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{493C7893-FE86-4489-998D-EBD1AA33533F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{80FDF41A-D174-45E8-A2B8-5DF7673B3C0F}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F2DA0D09-970D-4ED1-806B-8FC6739A2C6B}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FAD1E532-DCD7-4C88-9A8F-0B88C1BE7B4A}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CBE507C4-26F0-4D78-BB11-CE51A6C45389}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2ACE0536-8620-43D6-A169-07BD487C72CD}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8F178EEB-7D9A-4C5B-A920-CBFA1EC10015}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{512BDF3E-6F09-4F20-9E2E-E66A9F7D29B9}" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{81F3D841-47AB-44CB-983D-A26DBACE41F5}" => removed successfully "C:\Program Files (x86)\SMADAV" => not found =========== EmptyTemp: ========== BITS transfer queue => 11034624 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 79777679 B Java, Flash, Steam htmlcache => 1124 B Windows/system/drivers => 7770049 B Edge => 12308735 B Chrome => 406717352 B Firefox => 56436284 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 6656 B Users => 6656 B ProgramData => 6656 B Public => 6656 B systemprofile => 207580 B systemprofile32 => 207580 B LocalService => 248756 B NetworkService => 248756 B Khaidir Barzah => 225129782 B RecycleBin => 3796584 B EmptyTemp: => 766.7 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 08:14:51 ==== Note that I still see the 'Chromium Executable Host' in my task manager and the suspicious file still in the same folder. Will it harm the computer? Thank you, Lys.
  2. Hello, I would really appreciate some helps as my laptop seems infected with Malware... I never wanted to download something illegal, so when I did not want to buy the software, I will always try to download the free version. I read the description and it was written that this is the lite version of the software, so it is completely free. Today I think I missed this one since when I tried to install, suddenly there is kind of web browser called 'Chromium' popped up like 2-3 times. I tried to close it and I did not know it is automatically pinned on the taskbar. When I see the task manager, there is 'Chromium Host Executable' as shown below: I tried to end task but it does not work. I also tried to find the program to be uninstalled but it does not shown in the uninstall program. Yet, it happen to be found in the AppData\Local. So I deleted the file and the computer demand to be restart. After restart, the document is gone but the 'Chromium Host Executable' still shown in task manager. Then when I checked the AppData\Local, there is strange file shown: There are IconChache, IconChace.db.backup, oobelibMkey, Resmon also files Temp, mbam and mbamtray. I never see there files before. I did not open this file because I am afraid this will cause harm to my computer. I already did full scan using my antivirus and Malwarebytes, yet nothing happened. So far I did not experience something strange on my computer but I am afraid this might affect the later on. I was hoping for a quick answer as I am out of things to do. I downloaded FRST and did a scan, files are attached. I would really appreciate for your kind help. Note: as I aware of these files, I immediately copy all the data into my harddisk, and delete all my work file from my computer. Will the malware also get inside the harddisk? Thanks, Lys. Addition.txt FRST.txt
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.