Rubo Opublikowano 3 Marca 2015 Zgłoś Udostępnij Opublikowano 3 Marca 2015 Witam, Mam taki problem od kilku dni fałszywy svchost wykorzystuje 100% cpu, po zakończeniu zadania w menadżerze zadań i usunięciu svchost z folderu tymczasowego wszystko wraca do normy dopóki nie zrestartuje komputer wtedy znów się pojawia. Proszę o pomoc. Dołączam wymagane logi. Addition.txt FRST.txt GMER.txt Shortcut.txt Odnośnik do komentarza
picasso Opublikowano 3 Marca 2015 Zgłoś Udostępnij Opublikowano 3 Marca 2015 Używałeś ComboFix i na ten temat: KLIK. Problem fałszywego svchost tworzy miner uruchamiany via Harmonogram zadań: Task: {ADE7191D-943D-4981-99E4-BE360D47964F} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-02-09] () Działania do przeprowadzenia: 1. Przez Panel sterowania odinstaluj stare wersje, zbędniki i adware: Adobe Shockwave Player 11.6, Akamai NetSession Interface, Contextual Tool Extrafind, DAEMON Tools Toolbar. 2. Otwórz Notatnik i wklej w nim: CloseProcesses: CreateRestorePoint: Task: {00F596DE-8858-4578-A666-53D3F058D0BA} - System32\Tasks\{4ECD2C92-4F63-4432-895A-DA110296F044} => I:\DETAL\STAT.EXE Task: {07F328CE-4896-4C2D-88C7-4C96372FD3A8} - System32\Tasks\{C8D36067-A8B8-4DC1-939A-7336144578F1} => pcalua.exe -a G:\km\SetupReg.exe -d G:\km Task: {3972AD2E-4084-43F7-AF01-ECD8937498F1} - System32\Tasks\{C37D8FE6-5417-4F12-B202-DE93C2D1599C} => I:\DETAL\STAT.EXE Task: {3A1FD880-F9DC-4E5F-92E7-5B4F8FF61B8B} - System32\Tasks\{B9B6D70E-6FEB-4E3A-9A7C-3A6A061F0F8E} => C:\Users\Rubo\Desktop\offlineserver-v0.3\server.exe Task: {46FBB31E-5E14-4227-BC7D-5F6BF5EF80F4} - System32\Tasks\{032EBD05-2F49-40A9-B2C7-C1EA96AF33A6} => F:\setup.EXE Task: {57BD623F-74CF-4A85-BCD9-5A74677149F3} - System32\Tasks\{20C2449F-D802-4E60-9840-E0C8D7BB20C5} => Firefox.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=4.1.0.136.217&LastError=404 Task: {5CF447CF-F92F-4CEE-938A-0919F464A362} - System32\Tasks\{BED9D773-D895-4627-AB3B-7F0F9B7634B1} => I:\DETAL\STAT.EXE Task: {66D84767-77D8-44E4-9E38-4DBCB570E4E0} - System32\Tasks\{084E488C-C294-48DC-BBE0-106B5BFE50A2} => F:\setup.EXE Task: {6B0A0B92-5B58-4391-AD81-ED8DD6FB2708} - System32\Tasks\IHSelfDeleteTASK => CMD Task: {70631BE2-3C11-4B61-AF6D-A7854B32275E} - System32\Tasks\IHUninstallTrackingTASK => CMD Task: {7875ABFA-F017-408B-8E2C-8E3FEF79E22F} - System32\Tasks\{1EB09537-0193-4E46-9DB9-D25647495CBC} => pcalua.exe -a "E:\Euro truck\Euro Truck Simulator\Uninstal_EuroTruckSimulator1_1.exe" -d "E:\Euro truck\Euro Truck Simulator" Task: {850BB267-242D-4FC7-BCB1-C6B0A6651FF4} - System32\Tasks\{E7943A98-9A0D-482B-BC01-16B23AC37F42} => pcalua.exe -a C:\Users\Rubo\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=exp Task: {94892494-FC2F-4AE1-B6DC-81BAAFE9650A} - System32\Tasks\{FA6A18D2-AECF-4C37-BE4E-C7503A19A32F} => I:\DETAL\STAT.EXE Task: {9B123C3B-59E0-4A70-B29B-1533D57993A1} - System32\Tasks\{9B72ECF9-8E3B-4650-9112-9356EE9B8A82} => pcalua.exe -a "C:\Program Files (x86)\SubEdit-Player\unins000.exe" -d "C:\Program Files (x86)\SubEdit-Player" Task: {ADE7191D-943D-4981-99E4-BE360D47964F} - System32\Tasks\Origin => C:\ProgramData\Origin\update.vbe [2015-02-09] () Task: {B4C38346-C8DD-486B-A04B-983DD529651B} - System32\Tasks\{762230D4-240B-4A33-BFE7-4A12539BEA2C} => I:\DETAL\STAT.EXE Task: {B984E326-C7DF-44AE-B241-1C2E2F8E9380} - System32\Tasks\{6FE8422C-C661-48A5-B60C-92E55500DDA2} => F:\setup.EXE Task: {BA10D6A3-5C79-4B6E-85FF-A9B7E7F3D857} - System32\Tasks\{E2545DF7-EBBA-42A9-8D46-C4B6E1024BE1} => E:\yug\yugi_pc.exe Task: {BF96CD39-2EDA-4197-A0DC-EDA3F5D13278} - System32\Tasks\{D4814C25-8A85-4809-9976-AAD6ADEF5715} => I:\DETAL\STAT.EXE Task: {D1A17F98-3C82-46B6-9738-D7B099623BB5} - System32\Tasks\{C4958F69-6939-4928-9EAA-BAB6AA802CC6} => E:\yug\yugi_pc.exe Task: {DC3C1F55-C721-4997-A699-DCE0CFC98F20} - System32\Tasks\{938CC7AD-E58C-48D8-A08F-043F6E641B99} => E:\APB Reloaded\Binaries\APB.exe Task: {E2C40FEB-D934-483B-921F-DB66FE9ADA11} - System32\Tasks\{1018981B-6DDA-4C5B-9B02-ED4598012FAD} => I:\DETAL\STAT.EXE Task: {E8D377C2-6AA4-4701-9BEE-F6306B4D00A1} - System32\Tasks\{7A2988C0-3258-408D-A736-82149EEAE59B} => pcalua.exe -a F:\setup.EXE -d F:\ Task: {FE469393-BD68-4736-A269-4A2BB7950BFB} - System32\Tasks\{2F4068B6-3681-4C73-BFF6-E05F5252C35A} => msiexec.exe /package "C:\Users\Rubo\Desktop\setup.msi" S2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz130; \??\C:\Users\Rubo\AppData\Local\Temp\cpuz130\cpuz_x64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] S3 esihdrv; \??\C:\Users\Rubo\AppData\Local\Temp\esihdrv.sys [X] S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X] S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X] S3 huawei_wwanecm; system32\DRIVERS\ew_juwwanecm.sys [X] S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X] S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X] S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X] S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [X] S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010c\WNt500x64\Sandra.sys [X] S3 xhunter1; \??\C:\Windows\xhunter1.sys [X] HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction HKU\S-1-5-21-1671621278-90422489-2177884435-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1671621278-90422489-2177884435-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&src=sp&cf=100eb9df-9c62-11e1-bd05-001fd08ea264&q={searchTerms} SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&src=sp&cf=100eb9df-9c62-11e1-bd05-001fd08ea264&q={searchTerms} SearchScopes: HKLM-x32 -> {42168F92-DA71-42E6-BC7F-132EAC1F1899} URL = http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q={searchTerms}&sa=Search&siteurl=qooqlle.com%2F SearchScopes: HKU\S-1-5-21-1671621278-90422489-2177884435-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&src=sp&cf=100eb9df-9c62-11e1-bd05-001fd08ea264&q={searchTerms} SearchScopes: HKU\S-1-5-21-1671621278-90422489-2177884435-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://startsear.ch/?aff=1&src=sp&cf=100eb9df-9c62-11e1-bd05-001fd08ea264&q={searchTerms} SearchScopes: HKU\S-1-5-21-1671621278-90422489-2177884435-1001 -> {42168F92-DA71-42E6-BC7F-132EAC1F1899} URL = http://www.google.com/cse?cx=partner-pub-5462406484424654%3A8q0sn8-w2ss&ie=ISO-8859-1&q={searchTerms}&sa=Search&siteurl=qooqlle.com%2F ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] ShellExecuteHooks-x32: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No File [ ] CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File CustomCLSID: HKU\S-1-5-21-1671621278-90422489-2177884435-1001_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File FF Plugin-x32: @gamersfirst.com/LiveLauncher -> C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll No File FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin HKU\S-1-5-21-1671621278-90422489-2177884435-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File AlternateDataStreams: C:\ProgramData\Microsoft:t3dmLT7Gh619NnB0loj AlternateDataStreams: C:\ProgramData\Microsoft:VZz26AaRPy2hfFtJkp0snnV AlternateDataStreams: C:\ProgramData\Microsoft:ZJOsokunQRXMuBnUlOiOQWqIY2 C:\Program Files (x86)\Mozilla Firefox\extensions C:\ProgramData\Microsoft\Windows\GameExplorer\{8FD9E9FF-B0B1-435E-A04E-87AD654CF3CF} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace C:\ProgramData\Microsoft\Windows\Start Menu\Programs\O22y Inc C:\ProgramData\Origin C:\Users\Rubo\AppData\Local\Microsoft\Windows\GameExplorer\{128CFC5D-D647-4EBE-8D27-FF7208214792} C:\Users\Rubo\AppData\Local\Microsoft\Windows\GameExplorer\{28A59C1F-AF0D-4925-87D5-730D8C0B00EB} C:\Users\Rubo\AppData\Local\Microsoft\Windows\GameExplorer\{93098CD0-106A-43C3-ACDC-07DCC2609B43} C:\Users\Rubo\AppData\Local\Microsoft\Windows\GameExplorer\{EBC15CD0-EE3C-4FC1-AD53-5991F131437B} C:\Users\Rubo\AppData\Roaming\Thinstall C:\Users\Rubo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\337 GAMES.lnk C:\Users\Rubo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk C:\Users\Rubo\Documents\Inventor\Default.lnk Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main" /f EmptyTemp: Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach. Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, system zostanie zresetowany. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt. 3. Wyczyść Firefox: menu Pomoc > Informacje dla pomocy technicznej > Zresetuj / Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone, ale Adblock Plus trzeba będzie przeinstalować. 4. Napraw uszkodzony specjalny skrót IE. W pasku eksploratora wklej poniższą ścieżkę i ENTER: C:\Users\Rubo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools Prawoklik na zlokalizowany tam skrót Internet explorer (bez dodatków) > Właściwości > w polu Element docelowy po ścieżce "C:\Program Files\Internet Explorer\iexplore.exe" dopisz dwie spacje i -extoff 5. Zrób nowy log FRST z opcji Scan, zaznacz ponownie pole Addition, by powstały dwa logi. Dołącz też plik fixlog.txt oraz plik C:\ComboFix.txt. Odnośnik do komentarza
Rubo Opublikowano 3 Marca 2015 Autor Zgłoś Udostępnij Opublikowano 3 Marca 2015 Svchost nie powrócił po restarcie. Oto nowe logi. Addition.txt Fixlog.txt FRST.txt ComboFix.txt Odnośnik do komentarza
picasso Opublikowano 3 Marca 2015 Zgłoś Udostępnij Opublikowano 3 Marca 2015 1. Ta część nie jest dobrze zrobiona: 3. Wyczyść Firefox: menu Pomoc > Informacje dla pomocy technicznej > Zresetuj / Odśwież program Firefox. Zakładki i hasła nie zostaną naruszone, ale Adblock Plus trzeba będzie przeinstalować. Wprawdzie widzę, że na dysku jest folder "Stare dane programu Firefox" poświadczający wdrożenie procedury, ale w samym Firefox brak zmian - nadal jest stary profil sprzed resetu. Wykonaj inną akcję: - Wyeksportuj zakładki z bieżącego profilu. Zamknij Firefox. - Klawisz z flagą Windows + R i w polu Uruchom wklej komendę: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -p - W menedżerze profilów załóż nowy profil, a poprzedni skasuj. 2. Otwórz Notatnik i wklej w nim: HKU\S-1-5-21-1671621278-90422489-2177884435-1001\...\Run: [Akamai NetSession Interface] => "C:\Users\Rubo\AppData\Local\Akamai\netsession_win.exe" Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File Toolbar: HKU\S-1-5-21-1671621278-90422489-2177884435-1001 -> DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll No File RemoveDirectory: C:\FRST\Quarantine RemoveDirectory: C:\Program Files (x86)\DAEMON Tools Toolbar RemoveDirectory: C:\Users\Rubo\Desktop\Stare dane programu Firefox CMD: netsh advfirewall reset Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Powstanie kolejny fixlog.txt. 3. Uruchom AdwCleaner. Na razie wybierz tylko opcję Szukaj (nie stosuj jeszcze Usuń), powstanie log w folderze C:\AdwCleaner. 4. Zrób nowy log FRST z opcji Scan (bez Addition i Shortcut) na następującym ustawieniu: odznacz Whitelist dla pola Internet. Dołącz też plik fixlog.txt i log z AdwCleaner. Odnośnik do komentarza
Rubo Opublikowano 3 Marca 2015 Autor Zgłoś Udostępnij Opublikowano 3 Marca 2015 Oto nowe logi. AdwCleanerR0.txt Fixlog.txt FRST.txt Odnośnik do komentarza
picasso Opublikowano 3 Marca 2015 Zgłoś Udostępnij Opublikowano 3 Marca 2015 Kolejne poprawki: 1. Uruchom AdwCleaner ponownie, lecz tym razem wybierz sekwencję Szukaj + Usuń. Gdy program ukończy czyszczenie: 2. Otwórz Notatnik i wklej w nim: RemoveDirectory: C:\AdwCleaner RemoveDirectory: C:\Users\Rubo\AppData\Roaming\Mozilla\Firefox\Profiles\u1tsku50.default Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /ve /t REG_SZ /d Bing /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v URL /t REG_SZ /d "http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC" /f Reg: reg add "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /v DisplayName /t REG_SZ /d "@ieframe.dll,-12512" /f Reg: reg delete "HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f CMD: C:\Users\Rubo\Desktop\ComboFix.exe /uninstall Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. Ostatnia komenda to deinstalacja ComboFix. Pokaż wynikowy fixlog.txt. Odnośnik do komentarza
Rubo Opublikowano 3 Marca 2015 Autor Zgłoś Udostępnij Opublikowano 3 Marca 2015 Oto log. Fixlog.txt Odnośnik do komentarza
picasso Opublikowano 3 Marca 2015 Zgłoś Udostępnij Opublikowano 3 Marca 2015 Kończymy: 1. Skasuj FRST z C:\Users\Rubo\Desktop\Nowy folder. 2. Zastosuj DelFix oraz wyczyść foldery Przywracania systemu: KLIK. 3. Cały system do aktualizacji, stan obecny to brak SP1, IE11 i reszty łat: Platform: Windows 7 Ultimate (X64) OS Language: Polski (Polska) Internet Explorer Version 8 (Default browser: FF) Odnośnik do komentarza
Rubo Opublikowano 3 Marca 2015 Autor Zgłoś Udostępnij Opublikowano 3 Marca 2015 Bardzo dziękuję za udzieloną pomoc i poświęcony czas. Odnośnik do komentarza
Rekomendowane odpowiedzi