Elektroda.com
Elektroda.com
X
Elektroda.com
Advanced Search
Elektroda.com

[Solved] FRST - request for returns. chromium host executable

destroy_m 8148 14
This content has been translated flag-pl » flag-en View the original version here.
| New topic
  • #1
    destroy_m
    Level 4  
    Hello!

    For several days, he was losing my laptop. In the task manager I had the "chromium host executable" process. As I learned, this is malware. I was unable to remove it (unable to close the process + no possibility to delete files without closing processes). I found information that the Autocada desktop answers it. I did not have the possibility to uninstall it, but I uninstalled all Autodesk products, and then deleted as many files as possible. After resetting the computer (hung up), messages (attachment) popped out in turn, and now I am displaying the hourglass at the cursor every now and then. I am asking for help, I have uploaded files from the FRST scan.

    pzdr
    destroy_m
    FRST - request for returns. chromium host executable
    Attachments:
  • Helpful post
    #2
    dt1
    Admin of Computers group
    Fixlist.txt:

    Code: text Expand Select all Copy to clipboard
    (Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Autodesk, Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
(Autodesk Inc.) C:\Users\Fifa-Rafa\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1627032 2014-02-05] (Autodesk, Inc.)
HKLM-x32\...\Run: [ADSKAppManager] => C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [529480 2016-02-24] (Autodesk Inc.)
HKU\S-1-5-21-336851867-1116109463-2107188286-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Fifa-Rafa\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-336851867-1116109463-2107188286-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1235336 2014-08-28] (Autodesk, Inc.)
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [1145928 2016-02-24] (Autodesk Inc.)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
HKLM\...\Winlogon: [Userinit] wscript C:\Windows\run.vbs,
HKLM-x32\...\Winlogon: [Userinit] , [X]
HKU\S-1-5-21-336851867-1116109463-2107188286-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Fifa-Rafa\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
HKU\S-1-5-21-336851867-1116109463-2107188286-1000\...\Policies\Explorer: [] 
HKU\S-1-5-21-336851867-1116109463-2107188286-1000\...\MountPoints2: {b4d17029-cbf5-11e4-8df9-dc85de3f4c8b} - F:\autorun.exe
AppInit_DLLs-x32: C:\ProgramData\Quotenamron\Santamdex.dll => C:\ProgramData\Quotenamron\Santamdex.dll [257536 2016-04-08] ()
GroupPolicy: Ograniczenia - Chrome  {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-04] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-04] (AVAST Software)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
FF NewTab: C:\\ProgramData\\Quotenamrons\\ff.NT
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
FF SearchPlugin: C:\Users\Fifa-Rafa\AppData\Roaming\Mozilla\Firefox\Profiles\eggpda5k.default\searchplugins\google-avast.xml [2015-03-18]
FF Extension: Fast Start - C:\Users\Fifa-Rafa\AppData\Roaming\Mozilla\Firefox\Profiles\eggpda5k.default\Extensions\1426714937_xpi [2015-03-18] [Brak podpisu cyfrowego]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-04]
FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-02-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-04]
CHR HKLM-x32\...\Chrome\Extension: [jidkebcigjgheaahopdnlfaohgnocfai] - hxxps://clients2.google.com/service/update2/crx
S2 Update Special Box; "C:\Program Files (x86)\Special Box\updateSpecialBox.exe" [X]
S2 Util Special Box; "C:\Program Files (x86)\Special Box\bin\utilSpecialBox.exe" [X]
S1 {2fbd7dfe-a573-4ffa-a5f6-c8e79be0e000}Gw64; system32\drivers\{2fbd7dfe-a573-4ffa-a5f6-c8e79be0e000}Gw64.sys [X]
S1 {71841b04-1cf8-4575-bb09-affe4c54c593}Gw64; system32\drivers\{71841b04-1cf8-4575-bb09-affe4c54c593}Gw64.sys [X]
Task: {771E341C-119D-4CC2-AB94-7695364B291D} - System32\Tasks\{E8FFA997-D13A-43DB-9BC7-6627113C9D50} => pcalua.exe -a "D:\Dropbox\przydatne książki itp\EES PROGRAM\EES_2014_Update\Setup_ees.exe" -d "D:\Dropbox\przydatne książki itp\EES PROGRAM\EES_2014_Update"
Task: {892A4209-80A7-44B3-BBB7-B55302748F59} - System32\Tasks\{910F47DB-5B69-46D2-9CA3-CACED581EFE2} => pcalua.exe -a F:\AutorunPro.EXE -d F:\
Task: {B5046F30-8633-43B9-A838-AC526DD4D5E5} - System32\Tasks\{B63C717B-C5E2-443E-B97D-197E16CDD55D} => Firefox.exe hxxp://ui.skype.com/ui/0/7.16.85.102/pl/go/help.faq.installer?LastError=1603

RemoveDirectory: C:\Program Files (x86)\Autodesk
RemoveDirectory: C:\Program Files (x86)\Common Files\Autodesk Shared
RemoveDirectory: C:\Program Files\Autodesk
RemoveDirectory: C:\Users\Fifa-Rafa\AppData\Local\Autodesk

EmptyTemp:


    The above script will also knock out all the Autodesk folders given in the last lines (so use it only if you really want to get rid of the residue).

    You can try to kick off unnecessary things from the start, because there are a lot of them.

    The stability of this system is difficult to guarantee due to the relatively invasive crack to Windows / Office (KMS). He can cause a lot of problems.

    I suggest that you do an adwcleaner scan and remove the problems it finds (considering that it may also take KMS as a harmful element).
  • #3
    destroy_m
    Level 4  
    After using the script and automatically restarting the system, there are no pop-up windows, no hourglass at the cursor, and there are no "chromium host executable" processes in the task manager.

    I really need Office now and I do not have time to take a deeper look at the computer, so I will not use ADW Cleaner and leave Office as it is, but I will keep an eye on advice.
    Please tell me what you mean about unnecessary things in the Startup, and do you have any suggestions?
    Attached generated fixlog.

    Thanks!
    pzdr
    Attachments:
  • Helpful post
    #4
    dt1
    Admin of Computers group
    Automatic start and Dropbox synchronization
    Automatic update of nVidia and Shadowplay
    Background Download Solidworks
    Automatic update of Adobe Acrobat
    Automatic Safezone update (and the Safezone browser itself, which you do not use anyway)
    Realtek HD manager startup

    I would get rid of these things from the start. Fixlist would look like this:
    Code: text Expand Select all Copy to clipboard
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.)
HKU\S-1-5-21-336851867-1116109463-2107188286-1000\...\Run: [DAEMON Tools Pro Agent] => D:\programy\daemon\DAEMON Tools Pro 7.1.0.0595\DAEMON Tools Pro 7.1.0.0595\DAEMON Tools Pro\DTAgent.exe [4229824 2016-03-29] (Disc Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Pobieracz w tle.lnk [2015-03-16]
ShortcutTarget: SolidWorks Pobieracz w tle.lnk -> C:\Program Files (x86)\Common Files\Menedżer instalacji SolidWorks\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
Task: {14574F27-B62D-4477-8520-50D1600F781D} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2016-03-05] (AVAST Software)
Task: {2EC42FA0-7E52-415B-B6A4-8F85905FA4F9} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-20] (Dropbox, Inc.)
Task: {77B98FCD-06BF-474E-A2C3-59BE2F5A5602} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {B63EA023-AC95-42F3-B0E9-92B4F5F6E3A2} - System32\Tasks\SafeZone scheduled Autoupdate 1454564070 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {C6465B01-F227-46B8-B194-CA1DEB7FD928} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-20] (Dropbox, Inc.)
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe


    You can run it in its entirety, if you want to remove it from the fixlist (if it does not get moved then).
  • #5
    destroy_m
    Level 4  
    I used this fixlist yesterday.

    Today, unfortunately, the computer is lagging again, especially Firefox. He can not even follow my writing and scrolling. In the attachment I gave the results from the scan.
    I also attach screenshots from the Task Manager - Memory and Processes. As you can see there are a huge number of processes, here I probably copied some or omitted, because when doing these 9 screenshots, something changed constantly.

    greetings


    FRST - request for returns. chromium host executable FRST - request for returns. chromium host executable FRST - request for returns. chromium host executable FRST - request for returns. chromium host executable
    Attachments:
  • Helpful post
    #6
    Kolobos
    IT specialist
    On the screens you can not see anything interesting.

    Fixlist:
    HKLM Group Policy restriction on software:% HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ SystemRoot%
  • Helpful post
    #7
    krzychupar
    Level 43  
    Open the system notebook and paste:

    CustomCLSID: HKU \ S-1-5-21-487903229-2902273839-1728269137-1001_Classes \ CLSID \ {9AAF0EB6-42D8-46C1-A2EF-679511B37A0D} \ localserver32 -> C: \ Program Files \ Autodesk \ AutoCAD 2018 \ acad. exe / Automation => No file
    CustomCLSID: HKU \ S-1-5-21-487903229-2902273839-1728269137-1001_Classes \ CLSID \ {B6EB585B-B467-4E46-A9C7-48D7D6FD26CB} \ localserver32 -> C: \ Program Files \ Autodesk \ AutoCAD 2018 \ acad. exe => No file
    CustomCLSID: HKU \ S-1-5-21-487903229-2902273839-1728269137-1001_Classes \ CLSID \ {E2C40589-DE61-11ce-BAE0-0020AF6D7005} \ InprocServer32 -> C: \ Program Files \ Autodesk \ AutoCAD 2018 \ pl- PL \ acadficn.dll => No file
    Task: {9D724792-554B-43F8-9231-31F46EECDB50} - \ Adobe Acrobat Update Task -> No file
  • #8
    destroy_m
    Level 4  
    I did what he recommended @Kolobos
    @krzychupar What's going on with "After the script has completed, put SMART disk in CrystalDiskInfo." - I do not use this program
  • Helpful post
    #12
    dt1
    Admin of Computers group
    But why reset this disk, if they are not unstable sectors? They were like that, the record was made on them, they were not changed, they are now working. The disk had problems in the past, according to the current state of SMART, there are no more - that's how I read it.

    Instead of resetting the entire disk, you can prevent it from being scanned. According to the current state, all sectors should be legible. If this is the case, zeroing is not necessary.
  • #13
    destroy_m
    Level 4  
    OK, how do you scan the surface?
| New topic