Elektroda.com
Elektroda.com
X
Elektroda.com
Advanced Search
Elektroda.com

[Solved] Virus Blocks AdwCleaner, Malwarebytes, Chrome & Affects Task Manager - FRST Scans Attached

snaku94 1878 3
This content has been translated flag-pl » flag-en View the original version here.
| New topic
  • #1
    snaku94
    Level 2  
    Hello. Today I got a pc virus that prevents some programs from opening / searching in my browser. Every now and then, it opens a new tab in Chrome or shows a message that the browser is not responding.
    There are two unnamed processes in the task manager, after which the problem disappears somewhat, but after a reboot, they restart.

    Windows defender found nothing. Malwarebytes worked in Safe Mode, but didn't detect anything either. I am attaching scans from FRST and I am asking for help.
    Attachments:
  • Helpful post
    #2
    krzychupar
    Level 43  
    Odinstaluj:

    Your Software Deals 1.0.0
    YTD Video Downloader 5.9.7

    Otwórz notatnik systemowy i wklej:

    ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Brak pliku
    ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => -> Brak pliku
    Task: {0005E27F-B450-4CF0-A6ED-F35BCF628510} - System32\Tasks\{1F079584-BCC9-1C6D-CB01-16665E8D2311} => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://hqfok.com/cl/?guid=el8ao9l056pdy8h0s63xj3w2u7twvlr0&prid=1&pid=4_1400_49
    Task: {407F04D4-3969-49BF-B2B8-B9609B43EACA} - \Microsoft\Windows\UNP\RunCampaignManager -> Brak pliku "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hxxp://hqfok.com/cl/?guid=o4hfsowgbrvx4tl6lrngvirp7za5a7go&prid=1&pid=4_1400_49
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk -> C:\ProgramData\Ashampoo\YourDeals.exe () -> hxxp://linktarget.ashampoo.com/linktarget/?target=marketplace&edition=eid=16869&utm_medium=desktop&x-pos=Metro
    SearchScopes: HKU\S-1-5-21-2871272696-3194081696-4260661624-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={6C8148D9-6F99-4812-8B08-6B184C24EC24}&mid=659b406f3f4b47ccb95f015e8436b16d-a7d8748e265914797a6e3cd1c82cec3c7150c463&lang=en&ds=AVG&coid=avgtbavg&cmpid=0216pit&pr=fr&d=2016-04-23 12:03:16&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
    BHO: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku
    FF Extension: (Flash and Video Download) - C:\Users\sram do zlewu\AppData\Roaming\Mozilla\Firefox\Profiles\7ao8zq4q.default-1514747908134\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-07-15]
    FF Extension: (WebCompat Reporter) - C:\Program Files (x86)\Mozilla Firefox\browser\features\webcompat-reporter@mozilla.org.xpi [2018-07-09] [Przestarzałe] [Brak podpisu cyfrowego]
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [Brak pliku]
    CHR HKLM-x32\...\Chrome\Extension: [ofoeigeaodhbjogdigckajfhjbonaofg] - hxxps://clients2.google.com/service/update2/crx
    S2 amdacpksd; \??\C:\WINDOWS\system32\drivers\amdacpksd.sys [X]
    2018-07-20 11:07 - 2018-07-20 11:07 - 000003932 _____ C:\WINDOWS\System32\Tasks\{1F079584-BCC9-1C6D-CB01-16665E8D2311}
    2018-07-20 11:03 - 2018-07-20 11:03 - 000003932 _____ C:\WINDOWS\System32\Tasks\{7E202DC5-7625-8B1F-5C9E-BE1595BFF7F0}
    2018-07-20 11:03 - 2018-07-20 11:03 - 000003826 _____ C:\WINDOWS\System32\Tasks\{B106735E-9008-494F-69B0-A9AC9317AC0D}
    2018-07-20 11:03 - 2018-07-20 11:03 - 000003608 _____ C:\WINDOWS\System32\Tasks\{7E7A4F2B-99A0-C356-6F46-CF97FECDA12A}
    2018-04-12 01:34 - 2018-04-12 01:34 - 000178688 ____N (Microsoft Corporation) C:\Users\sram do zlewu\IDyeUOpqIiO.exe
    2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Users\sram do zlewu\ofwPYjwe.exe
    2018-04-12 01:34 - 2018-04-12 01:34 - 000059904 ____N (Microsoft Corporation) C:\Program Files (x86)\Common Files\iGhR.exe
    2016-04-23 11:23 - 2018-06-18 15:50 - 001307648 _____ () C:\Users\sram do zlewu\AppData\Local\file__0.localstorage
    2018-07-20 11:03 - 2018-07-20 11:03 - 000000002 _____ () C:\Users\sram do zlewu\AppData\Local\imw.ini
    2017-07-13 01:26 - 2017-07-13 01:26 - 000000218 _____ () C: \ Users \ sram to the sink \ AppData \ Local \ recently-used.xbel
    2016-05-11 14:23 - 2017-02-16 09:01 - 000007606 _____ () C: \ Users \ sram to the sink \ AppData \ Local \ Resmon.ResmonCfg
    EmptyTemp:

    Save the file as fixlist.txt and put it in the folder where you have FRST.exe.
    Run FRST and click Fix.
  • #3
    snaku94
    Level 2  
    @krzychupar looks like it helped. Thanks alot :)
  • #4
    snaku94
    Level 2  
    @krzychupar looks like it helped. Thanks alot :)
| New topic