Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

problem z wirusem - nie mogę zainstalować adwcleaner, malwarebytes nie działa,

michalwt 24 Sty 2018 15:04 1398 2
  • #1 24 Sty 2018 15:04
    michalwt
    Poziom 2  

    Witam,
    jak w tytule - mam problem z zainstalowaniem adwcleanera - wkradł mi się jakiś wirus który blokuje instalację tego programu jak i większości antywirusów. Dodatkowo w chromie pojawiają się reklamy od VIDSquare.
    Skanowałem przy użyciu ESET - usunęło niby coś, ale dalej nie moge instalowac adwcleanera itp
    Norton również nie polepszył sytuacji.

    w załączniku FRST i addition - widziałem że trzeba coś takiego, więc zrobiłem, zupełnie nie mając pojęcia po co na co i jak, więc jeśli ktoś się skusi mi pomóc, to raczej proszę o odpowiedź w prostym języku :)

    z góry dziękuję

    Pozdrawiam,
    Michał

    0 2
  • Pomocny post
    #2 24 Sty 2018 15:13
    Kolobos
    Spec od komputerów

    Wykonaj Fixlist.txt dla FRST:
    CustomCLSID: HKU\S-1-5-21-360650341-3038511571-2719332306-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Michał\AppData\Local\Microsoft\OneDrive\17.3.7131.1115_1\amd64\FileSyncShell64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-360650341-3038511571-2719332306-1001_Classes\CLSID\{3E3AD4BD-346A-460A-80E8-90699B75C00B}\InprocServer32 -> C:\Users\Michał\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.194\GatewayActiveX-x64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-360650341-3038511571-2719332306-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Michał\AppData\Local\Microsoft\OneDrive\17.3.7131.1115_1\amd64\FileSyncShell64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-360650341-3038511571-2719332306-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Michał\AppData\Local\Microsoft\OneDrive\17.3.7131.1115_1\amd64\FileSyncShell64.dll => Brak pliku
    CustomCLSID: HKU\S-1-5-21-360650341-3038511571-2719332306-1001_Classes\CLSID\{cece6816-6107-4dc7-bdbc-20cd5ae1ffed}\localserver32 -> C:\ProgramData\Lenovo\ImController\Plugins\LenovoAppPromotionPlugin\x64\DesktopToastsHelper.exe => Brak pliku
    ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku
    ShellIconOverlayIdentifiers-x32-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL -> Brak pliku
    ShellIconOverlayIdentifiers-x32-x32-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL -> Brak pliku
    ShellIconOverlayIdentifiers-x32-x32-x32-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL -> Brak pliku
    ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL -> Brak pliku
    ShellIconOverlayIdentifiers-x32-x32-x32-x32-x32-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL -> Brak pliku
    Task: {1808913B-AA38-4E90-83CD-F366ED5ABECF} - \ZUO Chat Robot Editor -> Brak pliku <==== UWAGA
    Task: {1D347785-AA83-49AA-BD84-084482A20077} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe
    Task: {3D203520-D397-45E5-8C7F-5756665FF787} - \KMSAutoNet -> Brak pliku <==== UWAGA
    Task: {6BF683F2-79F5-4FFF-85F6-286CD0CAFF6D} - System32\Tasks\zcDXQs4vUFqt => zcdxqs4vufqt.exe
    Task: {7803FFF7-16AC-4D8C-9E29-EC80A3E160EA} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe




    HKLM\...\Run: [SERVICE] => [X]
    HKLM-x32\...\Run: [Tv-Plug-In] => "C:\Program Files (x86)\Tv-Plug-In\Tv-Plug-In.exe" nogui
    HKLM\ DisallowedCertificates: 03D22C9C66915D58C88912B64C1F984B8344EF09 (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 0F684EC1163281085C6AF20528878103ACEFCAAB (F-Secure Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 1667908C9E22EFBD0590E088715CC74BE4C60884 (FRISK Software International/F-Prot) <==== UWAGA
    HKLM\ DisallowedCertificates: 2026D13756EB0DB753DF26CB3B7EEBE3E70BB2CF (G DATA Software AG) <==== UWAGA
    HKLM\ DisallowedCertificates: 249BDA38A611CD746A132FA2AF995A2D3C941264 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: 331E2046A1CCA7BFEF766724394BE6112B4CA3F7 (Trend Micro) <==== UWAGA
    HKLM\ DisallowedCertificates: 3850EDD77CC74EC9F4829AE406BBF9C21E0DA87F (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: 3D496FA682E65FC122351EC29B55AB94F3BB03FC (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: 4243A03DB4C3C15149CEA8B38EEA1DA4F26BD159 (PC Tools) <==== UWAGA
    HKLM\ DisallowedCertificates: 42727E052C0C2E1B35AB53E1005FD9EDC9DE8F01 (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 4C0AF5719009B7C9D85C5EAEDFA3B7F090FE5FFF (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 5DD3D41810F28B2A13E9A004E6412061E28FA48D (Emsisoft Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 7457A3793086DBB58B3858D6476889E3311E550E (K7 Computing Pvt Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 76A9295EF4343E12DFC5FE05DC57227C1AB00D29 (BullGuard Ltd) <==== UWAGA
    HKLM\ DisallowedCertificates: 775B373B33B9D15B58BC02B184704332B97C3CAF (McAfee) <==== UWAGA
    HKLM\ DisallowedCertificates: 872CD334B7E7B3C3D1C6114CD6B221026D505EAB (Comodo Security Solutions) <==== UWAGA
    HKLM\ DisallowedCertificates: 982D98951CF3C0CA2A02814D474A976CBFF6BDB1 (Safer Networking Ltd.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9A08641F7C5F2CCA0888388BE3E5DBDDAAA3B361 (Webroot Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: 9C43F665E690AB4D486D4717B456C5554D4BCEB5 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: AB7E760DA2485EA9EF5A6EEE7647748D4BA6B947 (AVG Technologies CZ) <==== UWAGA
    HKLM\ DisallowedCertificates: AD4C5429E10F4FF6C01840C20ABA344D7401209F (Avast Antivirus/Software) <==== UWAGA
    HKLM\ DisallowedCertificates: B8EBF0E696AF77F51C96DB4D044586E2F4F8FD84 (Malwarebytes Corporation) <==== UWAGA
    HKLM\ DisallowedCertificates: D3F78D747E7C5D6D3AE8ABFDDA7522BFB4CBD598 (Kaspersky Lab) <==== UWAGA
    HKLM\ DisallowedCertificates: DB303C9B61282DE525DC754A535CA2D6A9BD3D87 (ThreatTrack Security) <==== UWAGA
    HKLM\ DisallowedCertificates: DB77E5CFEC34459146748B667C97B185619251BA (Avast Antivirus/Software) <==== UWAGA
    HKLM\ DisallowedCertificates: E22240E837B52E691C71DF248F12D27F96441C00 (Total Defense, Inc.) <==== UWAGA
    HKLM\ DisallowedCertificates: ED841A61C0F76025598421BC1B00E24189E68D54 (Bitdefender SRL) <==== UWAGA
    HKLM\ DisallowedCertificates: F83099622B4A9F72CB5081F742164AD1B8D048C9 (ESET) <==== UWAGA
    HKLM\ DisallowedCertificates: FBB42F089AF2D570F2BF6F493D107A3255A9BB1A (Panda Security S.L) <==== UWAGA
    HKLM\ DisallowedCertificates: FFFA650F2CB2ABC0D80527B524DD3F9FC172C138 (Doctor Web Ltd.) <==== UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Ograniczenia <==== UWAGA
    HKU\S-1-5-18\...\Run: [] => [X]
    ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\MICROS~1\Office14\GROOVEEX.DLL -> Brak pliku
    GroupPolicy: Ograniczenia <==== UWAGA
    HKU\S-1-5-21-360650341-3038511571-2719332306-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo15.msn.com/?pc=LCTE
    HKU\S-1-5-21-360650341-3038511571-2719332306-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo15.msn.com/?pc=LCTE
    HKU\S-1-5-21-360650341-3038511571-2719332306-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.lenovo.com
    SearchScopes: HKU\S-1-5-21-360650341-3038511571-2719332306-1001 -> DefaultScope {D8BE6D21-8FC3-4A8F-AC65-48C1B1618BCA} URL =
    SearchScopes: HKU\S-1-5-21-360650341-3038511571-2719332306-1001 -> {D8BE6D21-8FC3-4A8F-AC65-48C1B1618BCA} URL =
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    S4 KMS-R@1n; C:\Windows\KMS-R@1n.exe [X]
    S2 KMSEmulator; "C:\ProgramData\KMSAuto\bin\KMSSS.exe" -Port 1688 -PWin RandomKMSPID -PO14 RandomKMSPID -PO15 RandomKMSPID -PO16 RandomKMSPID -AI 43200 -RI 43200 -Log -IP [X]
    S4 MBAMService; "C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe" [X]
    S3 intaud_WaveExtensible; \SystemRoot\system32\drivers\intelaud.sys [X]
    S3 RtkA2dp; \SystemRoot\system32\drivers\RtkA2dp.sys [X]
    2018-01-19 13:03 - 2018-01-19 13:03 - 000021604 _____ C:\WINDOWS\System32\Tasks\zcDXQs4vUFqt
    2018-01-19 12:59 - 2018-01-19 16:45 - 000000000 ____D C:\Windat
    2018-01-19 12:59 - 2018-01-19 14:18 - 000000000 ____D C:\Disk
    2018-01-19 12:59 - 2018-01-19 14:15 - 000000000 ____D C:\Users\Michał\AppData\Roaming\u5hwdvef4bl
    2018-01-19 12:58 - 2018-01-19 14:16 - 000000000 ____D C:\Program Files (x86)\doc
    2018-01-19 12:55 - 2018-01-19 14:18 - 000000000 ____D C:\Applications
    2018-01-19 12:55 - 2018-01-19 14:15 - 000000000 ____D C:\WinSys
    2018-01-19 12:55 - 2018-01-19 12:55 - 000140800 _____ C:\Users\Michał\AppData\Local\installer.dat
    2018-01-19 12:55 - 2018-01-19 12:55 - 000000000 ____D C:\Users\Michał\AppData\Roaming\System Native
    2018-01-19 12:55 - 2018-01-19 12:55 - 000000000 ____D C:\Users\Michał\AppData\Local\AdvinstAnalytics
    2018-01-19 12:54 - 2018-01-19 14:00 - 000000266 __RSH C:\ProgramData\ntuser.pol
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    0
  • #3 24 Sty 2018 15:29
    michalwt
    Poziom 2  

    Dziękuję uprzejmie, pomogło, polecam tego Pana /\
    :)

    0