Дмитрий Валентинович 0 Posted April 28, 2016 Report Share Posted April 28, 2016 Здравствуйте . После сканирования Malwarebytes Anti-Malware и удаления угрозы вирус устанавливается после перезагрузки или во время работы компьютера . AdwCleaner тоже его находит в автозагрузке . Но после перезагрузки все повторяется. Сильно тормозит систему и постоянно ругается Malwarebytes Anti-Malware на какие-то заблокированные процессы . Помогите пожалуйста . a2scan_160427-214324.txt Addition.txt AdwCleanerC1.txt FRST.txt Malwarebytes Anti-Malware.txt Link to post Share on other sites
Elise 276 Posted April 28, 2016 Report Share Posted April 28, 2016 Hello, While I tried to use a translator, unfortunately I can make little of your message, except that you have an issue that involves MBAM and AdwCleaner. Would it be possible for you to communicate in English? In order to address the malware and adware present in the FRST log, please download the attached fixlist.txt and save it in the same location as FRST (important!). Rerun FRST and click the Fix button. Once the fix is done you may be asked to reboot your computer. Please post the resulting fixlog.txt in your next reply. Also, please let me know how your computer is running now. fixlist.txt Link to post Share on other sites
Дмитрий Валентинович 0 Posted April 29, 2016 Author Report Share Posted April 29, 2016 Здравствуйте. К сожалению не знаю английского языка. Пробовал действовать по Вашим инструкциям но не смог скачать ( загрузить ) файл fixlist.txt . Пишет что не имею доступа и запрещено. Предоставляю Вам последние отчеты по проверке . Спасибо за помощь . Addition.txt FRST.txt AdwCleanerS12.txt Link to post Share on other sites
Elise 276 Posted April 29, 2016 Report Share Posted April 29, 2016 Please press Windows key + R, type notepad and press Enter. Copy/paste the following text into Notepad and save it in the same location as FRST: HKLM\...\Policies\Explorer\Run: [AD249AD9-4AF5-44D9-921C-F7502DBD8EBB] => C:\ProgramData\Microsoft\Macromed\Flash Player\AD249AD9-4AF5-44D9-921C-F7502DBD8EBB\3A1E938A-C048-4C0F-9DAD-F0084A87B8D6.exe [855313 2016-01-27] () HKLM\...\Policies\Explorer\Run: [AppDownloads] => C:\Program Files (x86)\Common Files\DB9C23FB-EC11-4F22-B098-3184C9706CED\39032307-0EB6-49D6-8995-DE49DF41F281.exe [7933 2016-04-17] () HKLM\...\Policies\Explorer\Run: [SafeBrowser] => C:\Users\Admin\AppData\Local\Microsoft\Extensions\extsetup.exe HKU\S-1-5-21-699780997-3671189420-1956129635-1000\...\RunOnce: [extsetup] => "C:\Users\Admin\AppData\Local\Microsoft\Extensions\extsetup.exe" /S GroupPolicyUsers\S-1-5-21-699780997-3671189420-1956129635-1006\User: Restriction <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION CHR HKU\S-1-5-21-699780997-3671189420-1956129635-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-699780997-3671189420-1956129635-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION FF Extension: No Name - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ff [not found] FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D} [not found] FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected] [not found] FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected] [not found] FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected] [not found] FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected] [not found] FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected] [not found] FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected] [not found] FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected] [not found] FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected] [not found] FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\[email protected] [not found] FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [not found] FF Extension: No Name - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\extensions\{95778f0c-827d-4aba-b416-f07dd840fd6a} [not found] Task: C:\Windows\Tasks\JQHRLMLT.job => C:\Users\Admin\AppData\Roaming\JQHRLMLT.exe <==== ATTENTION Task: C:\Windows\Tasks\T0uaX3zY.job => C:\Users\Admin\AppData\Roaming\T0uaX3zY.exe <==== ATTENTION Now please run FRST and click the Fix button. Let me know if it ran this way. Link to post Share on other sites
Дмитрий Валентинович 0 Posted April 30, 2016 Author Report Share Posted April 30, 2016 Hello . I do not understand where to save the text of the notepad. in what kind of folder. Link to post Share on other sites
Elise 276 Posted April 30, 2016 Report Share Posted April 30, 2016 In the same folder where FRST also is saved. You need to end up with frst and fixlist.txt in the same folder. It doesn't matter which folder that is (for example your Downloads folder or the Desktop). Link to post Share on other sites
Дмитрий Валентинович 0 Posted April 30, 2016 Author Report Share Posted April 30, 2016 Nothing happens. Save the text of a notebook in a folder with the program click Fix writes no file. Prompt saving path. Link to post Share on other sites
Elise 276 Posted April 30, 2016 Report Share Posted April 30, 2016 You are trying to save the fixlist.txt in the FRST folder. You need to save it in the same location as the FRST executable (frst64.exe), this folder is C:\Users\Admin\Downloads So, you need to create C:\Users\Admin\Downloads\fixlist.txt (which should contain the script I gave you), then run FRST64.exe from that same location and click Fix. The FRST folder is used to save logs and quarantined objects. Link to post Share on other sites
Дмитрий Валентинович 0 Posted May 1, 2016 Author Report Share Posted May 1, 2016 Здравствуйте. Сделал. Я придаю файлы. Fixlog.txt Link to post Share on other sites
Дмитрий Валентинович 0 Posted May 1, 2016 Author Report Share Posted May 1, 2016 I forgot to say. After rebooting AdwCleaner constantly finds it. AdwCleanerC15.txt Link to post Share on other sites
Elise 276 Posted May 1, 2016 Report Share Posted May 1, 2016 That is no problem, you can safely ignore that entry. Can you please tell me what problems you currently still have? Link to post Share on other sites
Дмитрий Валентинович 0 Posted May 1, 2016 Author Report Share Posted May 1, 2016 Спасибо за помощь. Проблема только одна. Emsisoft Anti-Malware удаляет Reg Organizer. И я использую эту лицензионную программу. Карантин и блоки. Link to post Share on other sites
Elise 276 Posted May 1, 2016 Report Share Posted May 1, 2016 Could you please copy the line from the scan log to show me what component is detected? It might be a false-positive in which case we can disable the detection. Link to post Share on other sites
Дмитрий Валентинович 0 Posted May 3, 2016 Author Report Share Posted May 3, 2016 Thank you. I ended license for this program. If I have a problem and renew I will contact you. Bye . Link to post Share on other sites
Elise 276 Posted May 3, 2016 Report Share Posted May 3, 2016 Since this issue appears resolved, I will lock this topic. If you need it reopened, please send me a personal message. Link to post Share on other sites
Recommended Posts