Niechciany instalator

Dla specjalistów Bezpieczeństwo
#1

Witam odpaliłem przez przypadek niechciany instalator, i naleciało mi syfu robiłem skan kasperskym , potem usuwałem adwcleaner i jeszcze coś siedzi poniżej skan z FRST:

 

FRST -  http://www.wklej.org/id/1795496/

 

Addition -  http://www.wklej.org/id/1795498/

 

Shortcut -  http://www.wklej.org/id/1795499/

 

 

 

 

#2

Odinstaluj SpyHunter 4.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKLM\...\Policies\Explorer: [NoRecentDocsNetHood] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] <===== UWAGA
Startup: C:\Users\Adrian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk [2015-09-09]
HKU\S-1-5-21-3580155369-3587908392-1460815024-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Zasada ograniczeń <======= UWAGA
OPR Extension: (iWebar) - C:\Users\Adrian\AppData\Roaming\Opera Software\Opera Stable\Extensions\hdhmofnopkgkpgnpggloijpbnaonhplc [2015-09-11]
OPR Extension: (Object Browser) - C:\Users\Adrian\AppData\Roaming\Opera Software\Opera Stable\Extensions\kfgaibfbmkjgmimhbbaikfnpkkjkpoan [2015-09-11]
OPR Extension: (CinemaP-1.9cV11.09) - C:\Users\Adrian\AppData\Roaming\Opera Software\Opera Stable\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-09-11]
S2 HDDlife HDD Access service; "C:\Program Files (x86)\Common Files\BinarySense\hldasvc.exe" [X]
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-09-11] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-09-11] ()
2015-09-13 00:03 - 2015-09-13 00:05 - 00000000 ____ D C:\AdwCleaner
2015-09-13 00:03 - 2015-09-13 00:03 - 01660416 _____ C:\Users\Adrian\Desktop\AdwCleaner.exe
2015-09-11 23:06 - 2015-09-11 23:06 - 00003410 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2015-09-11 23:06 - 2015-09-11 23:06 - 00000000 ____ D C:\Users\Adrian\AppData\Roaming\Enigma Software Group
2015-09-11 23:06 - 2015-09-11 23:06 - 00000000 _____ C:\autoexec.bat
2015-09-11 22:52 - 2015-09-11 22:52 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2015-09-11 22:49 - 2015-09-11 22:49 - 00000000 ____ D C:\Program Files\Enigma Software Group
2015-09-11 22:47 - 2015-09-11 22:49 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Adrian\Downloads\SpyHunter-Installer.exe
2015-09-11 13:19 - 2015-09-11 15:30 - 00000000 ____ D C:\Program Files (x86)\bbc0df1d-2469-4bf2-bec3-aa7d929b6f4b
2015-09-11 13:19 - 2015-09-11 15:30 - 00000000 ____ D C:\Program Files (x86)\67bd24b7-ccf6-48b3-9696-c032d5def717
2015-09-11 13:19 - 2015-09-11 15:30 - 00000000 ____ D C:\Program Files (x86)\4feca4f7-00cf-48e0-ba8c-26da7a9219fa
2015-09-11 13:17 - 2015-09-11 13:17 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-09-09 23:16 - 2015-09-13 00:05 - 00000000 ____ D C:\ProgramData\TEMP
2015-09-07 13:16 - 2015-09-07 13:16 - 00000037 ___SH C:\Users\Adrian\AppData\Local\70149b02515b3bb20dd492.47983420
2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Adrian\AppData\Roaming\lPzT8JicSKvhAtZFY
2015-09-07 13:14 - 2015-09-07 13:14 - 0000038 ___SH () C:\Users\Adrian\AppData\Local\69ff07055291669bb2b218.72821112
2015-09-07 13:16 - 2015-09-07 13:16 - 0000037 ___SH () C:\Users\Adrian\AppData\Local\70149b02515b3bb20dd492.47983420
Task: {20AF137D-5F4C-4D83-B81E-82367A72DE30} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
Task: {41E93B95-D320-43FD-8711-048AF959F440} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
Task: {58E41C4C-9CA5-466B-87FB-0700BE09F783} - System32\Tasks\lPzT8JicSKvhAtZFY => C:\Users\Adrian\AppData\Roaming\lPzT8JicSKvhAtZFY.exe <==== UWAGA
Task: {5A29DE83-A8F2-4A7F-9275-AC2FDAA66FA5} - \PhraseProfessor Auto Updater 1.10.0.24 Pending Update -> Brak pliku <==== UWAGA
Task: {834CCFA8-7B2E-45D7-AF7C-5993A351D5A3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
Task: {9816EE10-B3E2-480E-A6ED-FE13C197ECDF} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-09-11] (Enigma Software Group USA, LLC.)
Task: {9BF02BE5-BBD4-4D18-A5D6-1E892A41C974} - System32\Tasks\yLyvY8WlgCuXwMlICX9OM => C:\Users\Adrian\AppData\Roaming\yLyvY8WlgCuXwMlICX9OM.exe <==== UWAGA
Task: {A9E28171-3C89-4632-AD77-C38C2B40E401} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
Task: {C7334FC1-4EB6-438B-A577-722116D81B5B} - \PhraseProfessor Auto Updater 1.10.0.24 Core -> Brak pliku <==== UWAGA
Task: {D0F16AD7-BE76-4A26-9AA0-E860652BC870} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
Task: C:\WINDOWS\Tasks\lPzT8JicSKvhAtZFY.job => C:\Users\Adrian\AppData\Roaming\lPzT8JicSKvhAtZFY.exe <==== UWAGA
Task: C:\WINDOWS\Tasks\yLyvY8WlgCuXwMlICX9OM.job => C:\Users\Adrian\AppData\Roaming\yLyvY8WlgCuXwMlICX9OM.exe <==== UWAGA
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.

#3

Ok zrobiłem tak jak pisałeś system jakoś zaczął chodzić  poniżej skan z fixlog:

 

http://www.wklej.org/id/1795987/

 

A tutaj skan z FRST:

 

http://www.wklej.org/id/1795988/

#4

Skasuj folder C:\FRST