jessica
-
Postów
4 099 -
Dołączył
-
Ostatnia wizyta
Odpowiedzi opublikowane przez jessica
-
-
Sądząc po logach, to w Chrome nie było tego "Razor".
Ale oczywiście można Chrome w każdej chwili przeinstalować.
jessi
-
Otwórz Notatnik i wklej w nim:
OPR Extension: (Razor Web) - C:\Users\Kinga\AppData\Roaming\Opera Software\Opera Stable\Extensions\ljgajomlfccacbljbhocggijdgpablpc
Task: {5216B262-7D0E-4A10-8FE5-036BA1029600} - System32\Tasks\Win Updater => C:\Users\Kinga\AppData\Roaming\Updater\winupd.exe <==== ATTENTION
C:\Users\Kinga\AppData\Roaming\Updater
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll No File
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
C:\Users\Kinga\AppData\Roaming\8F0B.tmp.exe
C:\Users\Kinga\AppData\Roaming\8F0B.tmp
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.Zrób nowe logi FRST.
jessi
-
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015
Ran by nand (administrator) on NAND-KOMPUTER on 20-06-2015 22:00:22
Dopiero teraz zauważyłam, że ostatnie logi FRST, jakie dałeś, wcale nie są z dzisiejszego dnia.
Daj najnowsze logi.
jessi
-
Rozumiem że czeka mnie przeinstalowanie systemu
.Może kiedyś zajrzy tu jeszcze @Picasso i coś wymyśli?
Użyj > MBAM
Podczas instalacji usuń zaznaczenie z okienka przy "Uruchom okres testowy Malwarebytes Anti-Malware Premium".
Zaznacz wszystko co wykryje, kliknij na Usuń zaznaczone.
Skąd to "diabelstwo" ściągnąłeś?
W necie jest dużo stron "jak usunąć baidu", ale żadnego z tych sposobów nie próbowałam, więc być może to tylko fikcyjne sposoby
jessi
-
. Drugi script pokazuje błąd "Syntax error in line 1, Unknown comand"
No tak, tam w ogóle nie dałam komendy - przeoczyłam to.
zaraz przejrzę logi
...
R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [64008 2015-06-19] (百度在线网络技术(北京)有限公司)R2 BDKVRTP; C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe [793096 2015-06-19] (百度在线网络技术(北京)有限公司)
Literka "R" oznacza, że deaktywacja się nie powiodła.
Tak więc nie ma żadnych szans na usunięcie tych "chińczyków".
Teoretycznie możesz jeszcze spróbować w Trybie Awaryjnym (F8 przed startem Systemu), ale nie wiem, czy to coś da.
Nic tu już nie wymyślę,
jessi
-
W BlitzBlank wyskakuje znowu ten sam komunikat tym razem linia 15.
Jeśli jest możliwość ominięcia tej linii w Blitz, to omiń.
Jeśli nie da się ominąć, to będziemy próbować robić po jednej linijce oddzielnie.
Najpierw:
Uruchom BlitzBlank i w karcie Script wklej:
DisableDriver:
BaiduHips
BDKVRTP
RsRavMon
bd0001
bd0002
bd0003
BDArKit
BDDefense
BDMWrench_x64
sysmon
BdSandBox
Klik w Execute Now. Zatwierdź restart komputera.
Jeśli to się powiedzie, to przejdziemy do następnej komendy:
Uruchom BlitzBlank i w karcie Script wklej:
DeleteFile:
C:\Windows\System32\DRIVERS\bd0001.sys
C:\Windows\System32\DRIVERS\bd0002.sys
C:\Windows\System32\DRIVERS\bd0003.sys
C:\Windows\System32\DRIVERS\BDArKit.sys
C:\Windows\System32\drivers\BDDefense.sys
C:\Windows\System32\DRIVERS\BDMWrench_x64.sys
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\Windows\system32\Drivers\rsndisp.sys
Klik w Execute Now. Zatwierdź restart komputera.
Jeśli i to przejdzie bez zgrzytów, to zrobisz log z FRST - zobaczymy, czy to się da w ogóle usuwać.
jessi
-
Uruchom BlitzBlank i w karcie Script wklej:
DisableDriver:
BaiduHips
BDKVRTP
RsRavMon
bd0001
bd0002
bd0003
BDArKit
BDDefense
BDMWrench_x64
sysmon
BdSandBox
DeleteFile:
"C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe"
"C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe"
"C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BDKVWsc.exe"
C:\Windows\System32\DRIVERS\bd0001.sys
C:\Windows\System32\DRIVERS\bd0002.sys
C:\Windows\System32\DRIVERS\bd0003.sys
C:\Windows\System32\DRIVERS\BDArKit.sys
C:\Windows\System32\drivers\BDDefense.sys
C:\Windows\System32\DRIVERS\BDMWrench_x64.sys
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\Windows\system32\Drivers\rsndisp.sys
DeleteFolder:
"C:\Program Files\Common Files\Baidu"
"C:\Program Files\Baidu"
C:\Users\nand\AppData\Roaming\Baidu
C:\ProgramData\Baidu
C:\ProgramData\Rising
C:\ProgramData\boost_interprocess
DeleteRegKey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BaiduHips
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDKVRTP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RsRavMon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bd0001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bd0002
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bd0003
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDArKit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDMWrench_x64
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDDefense
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysmon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdSandBox
DeleteRegValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\baidusdTray
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\baidusdTray
Klik w Execute Now. Zatwierdź restart komputera.
Daj wynikowy log z BlitzBlank.Otwórz Notatnik i wklej w nim:
Task: {206BD9BA-3369-4EEA-9418-432E9ED4A72A} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {C9035508-4077-43DB-A39B-AB0CFB809E62} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
FirewallRules: [{B1BCB66C-278E-44E6-A07D-209D26E1ECED}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{C3BEAEB4-3CE7-4F6B-AF15-7AEE497EC21D}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{42DF2320-629A-4A08-A5B7-E4B3031593F8}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{973A57E7-90A8-467E-B35D-6C2F47D2A0A6}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{9A066294-D6DE-409E-85DA-182DD0F72442}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{7563CDFB-AA22-4D21-85FD-EBB0368250EC}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{3E2E2DE9-5724-4685-9F92-28FB49391540}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{88D23969-2519-402C-822F-858A4E52294E}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{62BF8E92-9EC8-4ED8-862F-8CC53448B194}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{88CA7CFE-6E09-4595-A083-3083E0CE008D}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{1A809989-BABB-473B-B1EA-44FD40E6E402}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{B8C0A1A2-5E36-4F77-A197-F68F05913458}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{A1D40962-45FD-49DB-8D18-1678FCFBEA50}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{08EABCB1-57C5-4351-B7AF-036BB135BBB2}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{B9627688-95E6-4643-BEC4-4F0A93FF2C48}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{C0A91A14-8C1C-4207-9EA3-45F81AA5F87B}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{28CB9762-79C8-431C-B862-D143E24ED35F}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{E5B83B5A-4C7E-4CBD-AC28-A2A88C3AAF0D}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{4B7AC003-C58F-4251-A016-F9ACC3DDBF53}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{3A931812-53DB-4A83-8722-9C87D235F2F4}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{DFE5CEA3-CBA1-4630-ABAB-CA3756712FF0}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{9BC793D9-0D72-4BAD-AAED-5A307730864E}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{3F855DDB-3BC2-46E6-BA3D-BE769AAC8C7F}] => (Allow) C:\program files (x86)\common files\baidu\bddownload\108\bddownloader.exe
FirewallRules: [TCP Query User{04D29C40-2DCF-4C8E-889E-C2D92B3F1DA5}C:\program files (x86)\baidu\baidusd\3.0.0.4605\baidusdtray.exe] => (Block) C:\program files (x86)\baidu\baidusd\3.0.0.4605\baidusdtray.exe
FirewallRules: [uDP Query User{E525B7DB-9350-49AD-81E1-EE78329241C3}C:\program files (x86)\baidu\baidusd\3.0.0.4605\baidusdtray.exe] => (Block) C:\program files (x86)\baidu\baidusd\3.0.0.4605\baidusdtray.exe
HKLM\...\Run: [baidusdTray] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\baidusdTray.exe
C:\program files (x86)\common files\baidu
C:\Program Files (x86)\Baidu
C:\Program Files (x86)\Rising
HKLM-x32\...\Run: [baidusdTray] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
S2 RsRavMon; "C:\Program Files (x86)\Rising\RAV\ravmond.exe" [X]
R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
R2 BDKVRTP; C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
C:\Users\nand\AppData\Roaming\Baidu
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\Program Files (x86)\2db321c8-69b7-4dd1-acf8-4d551cdaf0f7
C:\ProgramData\Rising
C:\Windows\system32\Drivers\rsndisp.sys
C:\ProgramData\boost_interprocess
InternetURL: C:\ProgramData\Rising\Rav\ShortCut\Repair.url -> hxxp://www.rising.com.cn/2008/repair_rs09/
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.Zrób nowe logi FRST - już bez Shortcut.
jessi
-
Zrób nowe logi FRST -zobaczymy, co się usunęło, a co nie.
jessi
-
nie usuwac ani nic?
możesz spróbować usuwać
jessi
-
1) Spróbuj usunąć przy pomocy Revo Uninstaller http://www.revouninstaller.com/revo_uninstaller_free_download.html
2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt3) Ściągnij BlitzBlank http://www.mediafire.com/download/h9nsqk7fagfpcuq/BlitzBlank.exe
Uruchom BlitzBlank i w karcie Script wklej:
DisableDriver:
BaiduHips
BDKVRTP
RsRavMon
bd0001
bd0002
bd0003
BDArKit
BDDefense
BDMWrench_x64
sysmon
BdSandBox
DeleteFile:
"C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe"
"C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
C:\Windows\System32\DRIVERS\bd0001.sys
C:\Windows\System32\DRIVERS\bd0002.sys
C:\Windows\System32\DRIVERS\bd0003.sys
C:\Windows\System32\DRIVERS\BDArKit.sys
C:\Windows\System32\drivers\BDDefense.sys
C:\Windows\System32\DRIVERS\BDMWrench_x64.sys
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
"C:\Users\nand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk"
C:\Users\nand\AppData\Local\SmartWeb\uninst.lnk
DeleteFolder:
"C:\Program Files (x86)\Common Files\Baidu""C:\Program Files\Common Files\Baidu"
C:\Program Files (x86)\Baidu
C:\Users\nand\AppData\Roaming\Baidu
C:\Program Files (x86)\predm
C:\Program Files (x86)\Crossbrowse
C:\ProgramData\Baidu
C:\Users\nand\AppData\Local\SmartWeb
C:\ProgramData\Rising
DeleteRegKey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BaiduHips
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDKVRTP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RsRavMon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bd0001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bd0002
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bd0003
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDArKit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDMWrench_x64
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDDefense
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysmon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdSandBox
Klik w Execute Now. Zatwierdź restart komputera.
Daj wynikowy log z BlitzBlank
jessi
-
Tak, z usunięciem tego będzie problem.
1) Spróbuj użyć AppRemover http://www.appremover.com/get/appremover.exe
(https://www.fixitpc.pl/topic/8716-skuteczne-usuwanie-programow-antywirusowych/)
Nie wiem, czy "chińczyka" też usuwa.
2) >>GMER>>
Rozwiń>>>zakładka CMD>>zaznacz CMD ---w górne czarne pole wklej to:kzysz8nc -del service BaiduHips
kzysz8nc -del service BDKVRTP
kzysz8nc -del service RsMgrSvc
kzysz8nc -del service RsRavMon
kzysz8nc -del service helidelo
kzysz8nc -del service bd0001
kzysz8nc -del service bd0002
kzysz8nc -del service bd0003
kzysz8nc -del service BDArKit
kzysz8nc -del service BDDefense
kzysz8nc -del service BDMWrench_x64
kzysz8nc -del file C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
kzysz8nc -del file C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
kzysz8nc -del file C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
kzysz8nc -del reg HKLM\SYSTEM\CurrentControlSet\Services\BaiduHips
kzysz8nc -del file C:\Program Files (x86)\Rising\RAV\ravmond.exe
kzysz8nc -del file C:\Users\nand\AppData\Roaming\EB32014F-1434737585-E311-AD99-28D2442A78C1\nsa56A3.tmpfs
kzysz8nc -del file C:\Windows\System32\DRIVERS\bd0001.sys
kzysz8nc -del file C:\Windows\System32\DRIVERS\bd0002.sys
kzysz8nc -del file C:\Windows\System32\DRIVERS\bd0003.sys
kzysz8nc -del file C:\Windows\System32\DRIVERS\BDArKit.sys
kzysz8nc -del file C:\Windows\System32\drivers\BDDefense.sys
kzysz8nc -del file C:\Windows\System32\DRIVERS\BDMWrench_x64.sys
kzysz8nc -rebootKliknij „Uruchom” z prawej strony. Komputer powinien się samoczynnie wyłączyć i włączyć.
Jeśli to zadziała, to zrobisz nowe logi FRST.
jessi
-
wróć do mojego poprzedniego postu.
W logu GMER jest bardzo dużo hooków, ale nie jestem pewna, czy to z wirusa.
jessi
-
https://www.fixitpc.pl/topic/27096-nowy-moderator-w-dziale-malware/
Źle trafiłeś, bo, jak widzisz, nie wiadomo kiedy @Picasso lub @Naathim, zaczną pomagać.
zaraz przejrzę te logi ...
w międzyczasie log GMER rozbij na kilka części, i każdą część (tekst) oddzielnie wklejaj na http://wklejto.pl/, a w poście daj tylko linki.(czyli skopiuj adres z paska adresów).
1) Odinstaluj niepotrzebny do niczego Akamai NetSession Interface
2) Odinstaluj:
Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~9338DF9D_is1) (Version: 2.1.1000.15680 - systweak.com) <==== ATTENTION
3) Daję do usuwania wszystko "chińskie"
Otwórz Notatnik i wklej w nim:
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File
Task: {B7965296-BC1C-43D3-8B3E-3B84F0C6B8BF} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {FB93E756-0264-4863-834F-FDB8E4B4E71E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
C:\Program Files (x86)\Baidu
C:\Users\nand\AppData\Roaming\EB32014F-1434737585-E311-AD99-28D2442A78C1
C:\Program Files (x86)\Common Files\Baidu
C:\Users\nand\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Rising
C:\Program Files (x86)\Rs
HKLM\...\Run: [baidusdTray] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\baidusdTray.exe
HKLM-x32\...\Run: [Rs] => C:\Program Files (x86)\Rs\Rs.exe [172032 2015-06-19] (Windows APP)
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2015-06-19] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\Run: [baidusdTray] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe [2474952 2015-06-19] (百度在线网络技术(北京)有限公司)
HKLM-x32\...\Run: [gmsd_pl_005010007] => [X]
HKU\S-1-5-21-740415962-4211020823-285711137-1000\...\Run: [Akamai NetSession Interface] => C:\Users\nand\AppData\Local\Akamai\netsession_win.exe [4673432 2015-01-20] (Akamai Technologies, Inc.)
HKU\S-1-5-21-740415962-4211020823-285711137-1000\...\Policies\Explorer: []
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-740415962-4211020823-285711137-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File
FF Plugin HKU\S-1-5-21-740415962-4211020823-285711137-1000: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File
CHR Extension: (GoHD) - C:\Users\nand\AppData\Local\Google\Chrome\User Data\Default\Extensions\fijhlnmmmgflacagjecncpmpnhjieggk [2015-06-19]
OPR Extension: (GoHD) - C:\Users\nand\AppData\Roaming\Opera Software\Opera Stable\Extensions\fijhlnmmmgflacagjecncpmpnhjieggk [2015-06-19]
R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
R2 BDKVRTP; C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [179992 2015-06-19] (Beijing Rising Information Technology Co., Ltd.)
R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2015-06-19] (Beijing Rising Information Technology Co., Ltd.)
R2 helidelo; C:\Users\nand\AppData\Roaming\EB32014F-1434737585-E311-AD99-28D2442A78C1\nsa56A3.tmpfs [X]
R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [202576 2015-04-08] (Baidu)
R1 bd0002; C:\Windows\System32\DRIVERS\bd0002.sys [196936 2015-04-08] (Baidu)
R1 bd0003; C:\Windows\System32\DRIVERS\bd0003.sys [67400 2015-04-08] (Baidu)
R2 BDArKit; C:\Windows\System32\DRIVERS\BDArKit.sys [152392 2015-04-08] (Baidu Technology)
R2 BDDefense; C:\Windows\System32\drivers\BDDefense.sys [103240 2015-04-08] (Baidu)
R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [56136 2015-04-08] (Baidu)
R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71056 2015-03-11] (Beijing Rising Information Technology Co., Ltd.)
R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [121072 2015-02-11] (Beijing Rising Information Technology Co., Ltd.)
S1 BdSandBox; system32\DRIVERS\BdSandBox.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
C:\Windows\System32\DRIVERS\sysmon.sys
C:\Windows\System32\DRIVERS\rsutils.sys
C:\Windows\System32\DRIVERS\BDMWrench_x64.sys
C:\Windows\System32\drivers\BDDefense.sys
C:\Windows\System32\DRIVERS\BDArKit.sys
C:\Windows\System32\DRIVERS\bd0003.sys
C:\Windows\System32\DRIVERS\bd0002.sys
C:\Windows\System32\DRIVERS\bd0001.sys
C:\Users\nand\Desktop\aspsetup.exe
C:\Program Files (x86)\3af22314-9322-49ec-970a-9aaaef1d3836
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\ProgramData\Baidu
C:\Users\nand\AppData\Roaming\Baidu
C:\rising.ini
C:\ProgramData\Rising
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Software Deployment System
C:\Users\nand\AppData\Local\EB32014F-1434744971-E311-AD99-28D2442A78C1
C:\Users\nand\AppData\Roaming\EB32014F-1434737647-E311-AD99-28D2442A78C1
C:\Program Files (x86)\mbot_pl_014010007
C:\Users\nand\AppData\Roaming\EB32014F-1434737585-E311-AD99-28D2442A78C1
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.Zrób nowe logi FRST
jessi
-
Wg mnie - jest OK.
Do Notatnika wklej:
Windows Registry Editor Version 5.00 [-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes] [-HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes] [-HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>
plik uruchom (dwuklik i OK).W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).
Otwórz Notatnik i wklej w nim:
DeleteQuarantine:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRSTjessi
-
Proszę bardzo, o to logi, chciałbym w tym wszystkim być taki biegły jak wy, wtedy nie musiałbym nikogo prosić o pomoc. To trudne do ogarnięcia? i jak wiele czasu zajeło by ogarnięcie tego wszystkiego. To tak na marginesie
Adw-Cleaner: najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Potem zrób nowe logi FRST.
jessi
-
Ok, już działa! Coś jeszcze?
Otwórz Notatnik i wklej w nim:
DeleteQuarantine:Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRST.
jessi
-
USBFix: na "E" nie masz nic, więc nie masz też infekcji GAMARUE.
Adw-Cleaner: najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Process C:\Users\Cezary\AppData\Roaming\Microsoft\Protect\conhost.exe (*** suspicious ***)Sprawdź ten plik na --> JOTTI/ albo na VIRUSTOTAL
(Plik o takiej nazwie chyba powinien być w innej lokalizacji, a nie w tej).
Zrób nowe logi FRST - już bez Shortcut.
jessi
-
1) Otwórz Notatnik i wklej w nim:
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.2) Odinstaluj:
Google Update Helper (x32 Version: 1.3.23.0 - DealPly Technologies Ltd) Hidden
oursurfing uninstall (HKLM-x32\...\oursurfing uninstall) (Version: - oursurfing) <==== ATTENTION
PriceMinus (HKLM-x32\...\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}) (Version: - ) <==== ATTENTION
Quebles Emoticons (HKLM-x32\...\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}) (Version: - ) <==== ATTENTION3) Adw-Cleaner: najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
4) Zrób nowe logi FRST
(dziś już nie będzie mnie na forum)
jessi
-
a co z folderami które w nazwach maja numerki same? nie ja je stworzyłem...
wiem, że nie Ty - widać to w "fixlog.txt".
Zostaw je w spokoju.
jessi
-
https://www.fixitpc.pl/topic/27096-nowy-moderator-w-dziale-malware/
Nie wiem, kiedy @Picasso lub @Naathim zacznie pomagać.
Ja już dziś nie mam czasu, ale możesz zrobić jeszcze dwie rzeczy:
1) zrob log z USBFix z opcji LISTING https://www.fixitpc.pl/topic/8-dezynfekcja-zbior-narzedzi-usuwajacych/?do=findComment&comment=74
2) zrób log z Adw-Cleaner https://www.fixitpc.pl/topic/8-dezynfekcja-zbior-narzedzi-usuwajacych/?do=findComment&comment=118323
jessi
-
Wg mnie - jest już OK.
W USBFix kliknij na przycisk UNINSTALL.
Otwórz Notatnik i wklej w nim:
DeleteQuarantine:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST. Uruchom FRST i kliknij w Fix.
przez SHIFT+DEL usuń pozostały folder C:\FRSTjessi
-
Zobaczymy, czy komunikat dalej się będzie pojawiał?
Jeśli tak, to zrobisz nowe logi .
jessi
-
W mozilli ok, ale w chrome nadal jest.
Logi nie pokazały w chrome niczego podejrzanego, więc Chrome przeinstaluj.
Napisz, jaki rezultat?
jessi
-
OK. Rozumiem sytuację.
Dziękuję chociaż za to.
Ale moje zalecenia możesz wykonać.
jessi
.
Razor Web Ads
w Dział pomocy doraźnej
Opublikowano
Oprócz Chrome masz też Google Drive, więc być może synchronizacja przeszkadza w usunięciu.
Uruchom FRST.
W polu SEARCH wklej:
kliknij na przycisk "Search Files".
Raport z tego będzie tam, gdzie jest FRST.
Uruchom FRST.
W polu SEARCH wklej:
kliknij na przycisk "Search Registry".
Raport z tego będzie tam, gdzie jest FRST.
jessi