Złośliwe oprogramowanie Baidu, instalacja niechcianych programów + wysyp reklam.

[julian]

Witam,

wczoraj podczas próby instalacji gry zainstalował mi się złośliwy program.Chiński "antywirus" Baidu od razu zaczął instalację masy niechcianych programów, które próbuję na bieżąco odinstalowywać . Dodatkowo zaczął zasypywać mnie reklamami . Nim udało mi się odnaleźć to forum próbowałem wyleczyć komputer za pomocą Dr Web LTD. Wykrył on i usunął koło 12 trojanów i zarażonych plików . Niestety nie pomogło to . Kolejnym krokiem było użycie ADWCleaner, wynik i finalny efekt był taki sam jak poprzednio.

 

Dlatego zwracam się do was z ogromną prośbą o pomoc w mojej nieprzyjemnej sytuacji. Mam nadzieję, że dzięki waszej pomocnej dłoni uda się pozbyć tych problemów i przywrócić poprawne działanie systemu  .

 

Dodaję do załączników wymagane pliki. Starałem się robić wszystko zgodnie z instrukcjami zamieszczonymi na forum.Plik wynikowy z GMER ma ponad 4.8 MB więc nie wiem na razie jak go tutaj zamieścić.

Addition.txt

FRST.txt

Shortcut.txt

[jessica]

https://www.fixitpc.pl/topic/27096-nowy-moderator-w-dziale-malware/

Źle trafiłeś, bo, jak widzisz, nie wiadomo kiedy @Picasso lub @Naathim, zaczną pomagać.

 

zaraz przejrzę te logi ...

 

w międzyczasie log GMER rozbij na kilka części, i każdą część (tekst) oddzielnie wklejaj na http://wklejto.pl/, a w poście daj tylko linki.(czyli skopiuj adres z paska adresów).

 

1) Odinstaluj niepotrzebny do niczego Akamai NetSession Interface

 

2) Odinstaluj:
 

Advanced-System Protector (HKLM-x32\...\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~9338DF9D_is1) (Version: 2.1.1000.15680 - systweak.com) <==== ATTENTION

 

 

3) Daję do usuwania wszystko "chińskie"

Otwórz Notatnik i wklej w nim:

 

 

Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{12545889-6D32-4424-9967-1E1D7BD1F809}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{14679E3B-C952-4998-8E13-4B1286E6DD99}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1481B385-759A-4B00-9257-E96357563999}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{162EF0A1-5A33-46F2-ACCF-CA388B084A09}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1D625598-C876-4C51-8EF5-F9D8F96F62AA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{2709544A-5B24-4F9F-A5DA-CEC7297D3A4E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{2BCA857B-A18B-4AFA-B183-CC0E49C12058}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{2C74F89E-7421-46B4-BA54-F86F1BD9F237}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{2C7D1157-7D50-4A88-9777-5EBBA3189AB8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{3497C2EC-5684-4B21-AF74-F6760E0221DC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{38C8B14E-7879-4DA9-8C3F-8CAAC359293A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{3FCEB42C-9B98-486A-BED7-FD7F3ADB7291}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{40770568-0D5E-49D4-BE47-BC47A4F0B0A4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{44A52280-AE56-490D-890C-89FB7279ED6B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{46C56738-39C6-4240-8B9B-008CCD769A84}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{47179DDE-10AC-4737-97C9-8CE5379343EA}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{475C7B4A-6964-4F9E-9708-05A16EAC31D0}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{48270F9E-CCF6-4C79-B6FF-267C960E6425}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{48FEFCD7-5D7C-4E4A-9F11-60E69A31D4B1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{49998808-648A-4A9C-A7A5-B1672775D9AB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{4A756F5F-CBA4-428B-B17F-AF80C0C8502D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{4B40437B-8972-4444-BBE3-1588FF55F203}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{4BD03680-3C0F-4501-AFF7-3D008586917F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{5544903C-2CCC-487C-91BB-F310B72A8E9B}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{59A224A2-BEF8-4C89-96E0-83A5411ABB6C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{622F6193-E4DD-46E6-BC66-2ED88E9FD28D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{6451051B-AD22-4C6A-ACCE-013A0E1DDBC3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{64B99FDB-1D85-447F-98C7-569DBDA723DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{6BCE6F6E-C050-4F39-BD98-E2743949F724}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{6F56D7C9-18DD-4C15-9FA8-C54E3610EC40}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{70DBCAE8-8C2B-450C-9E1D-43E4686C6512}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{713C0E8A-5AE8-4695-B442-5ED6C4FE5C42}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{7293E009-3015-4AD3-96EC-D42C36B5FCE3}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{72EFC580-D085-4B81-8C55-26A79E445338}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{750AEC19-2E4C-4ED9-9B9F-F9CAFCD060F3}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{794199C5-827C-41C8-8CB2-3A1EA056AF5E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{798391FE-4AF2-4851-9DDA-1F0D70C02A9E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{7BA16B3F-1AB3-4BD7-B959-52C4B8504EE9}\InprocServer32 -> AcInetUI.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{7C239DAB-BC87-45F3-B7B1-FCC1541A235B}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{834CE679-2E47-49DE-9E41-FEC87E9192EB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{849AFB5B-D6C9-4924-A712-F7118FF9611F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{85452F88-5071-492E-B850-2E3C586DCBD8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{87F5CF8F-A06D-498F-A05F-E520E6B570DB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{89F0FC31-3B1D-494B-A75B-6BD4FA527B8A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{8AA16DFC-DFC6-4B51-8FA2-A5D812BE33BF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{8ED07FEF-E1B0-4CC3-B2BA-D354828AB952}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{988F4102-E6E3-4282-ACAC-55270827F2A8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{9906CDFC-DB2C-4126-9422-13139B148495}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{9A21C6C5-27FC-4442-8590-575E7AFD73BB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{9ECF83FB-23C5-43B6-83DE-93CFBDD74D4A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{A58F47CC-FF65-4152-B0B1-666C643A5BFC}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{A6A3D586-44CF-44C2-A92C-620BB713B4F2}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{ABBE3F83-D585-4A50-9B69-198B0F566F2E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{AC5CECFA-F03A-41D2-A89C-704C44935941}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{B1560245-190E-4BBD-81DF-9B642D0E5325}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{B2A579E0-A797-40B1-8AEE-A8F6404719F8}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{B47196BC-D4AB-41BB-A771-543D67CFC9F5}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{B53CEF4B-1A13-49DE-BBC5-A7100FB2F38C}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{B5EE2B68-9A23-4BCD-BB77-FEA6DFB24DD6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{B80687F9-FA4C-4735-9DC4-E5715F2BC698}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{BAE5802A-CF21-4F9C-AE04-D98F4036AC31}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{BBF6A206-CB04-479D-96AE-349E1E83319A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{BC71DEA1-D6FB-48B8-AB06-D151C81BBCDD}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{BF224DC3-B602-4EEE-BFE9-9E4E0AED6837}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{BF4CC07E-E9BB-40D6-873F-855B211033B9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{C061C82C-D041-4214-BB07-B608107CEFCB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{C2D4ACCC-A3D1-4A0A-AD59-0DD8BA3D5EE1}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{C8C18F89-794D-466B-8B97-95634D9890EF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{C8EC7647-1E79-4F13-81D7-2EED803D0D22}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{CC23CA32-9892-4FBA-A108-FE31CA0F35A6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{CD865713-70D6-4E15-BB7B-9B99AD9DEB85}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{D56F5AB3-9C4D-4F1A-A851-A671D9FE8C22}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{D66873EA-AAE5-41CC-8DD2-8CE3228E9F89}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{D86B6C47-11F2-4D95-B635-EA575F0892FC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{DB207560-8449-4FAF-BDC2-61676EB012D4}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{DE74F5AD-DA2F-429F-BAF9-850A2808D585}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{DF6525C2-6358-4B07-813D-708120C5FE1A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{E177A457-9EAA-43C3-A3CE-84874A28F6CA}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{E29F6C45-6927-4508-8F3F-34105FD3FC5F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{E4222C78-3670-4BB1-9AD4-7D8F3E581F2D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{E70DE962-842A-4488-9481-1D0FD72A020F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{E9C07CEC-7B82-49E4-BBA2-7533B88E9D64}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{EA34A0C0-5CE7-4701-A6FA-117D25CD5EBB}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{EF01D98A-747B-4522-AD70-991B90855DBF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{F196F03F-651A-43AF-BE34-D11942F24445}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{F2DB0EE3-7137-4CB0-8349-483C4FF2143A}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{F40E2FF0-4D77-40B2-9A44-A3AEECCE8EFF}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{F5522F0C-962A-48AC-9992-E81B07628F1F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{F78DCF7C-043D-45FC-9D21-676FC307BA3F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{F868EAEC-1B73-4F5E-BA73-90EBA94E75BE}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{FA97F7A7-FD19-4D55-ABF2-CFEFFF777426}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{FD51ED8A-D518-4554-B236-B6E9D234FD03}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{FE054BB2-AF94-40AC-88AA-2F59F7018B1D}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{FE317223-8EDE-4684-B424-E48B9EA90220}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{FE718E8F-C3AA-4F30-9103-432450CF1DA1}\InprocServer32 -> axdb.dll No File
Task: {B7965296-BC1C-43D3-8B3E-3B84F0C6B8BF} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {FB93E756-0264-4863-834F-FDB8E4B4E71E} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
C:\Program Files (x86)\Baidu
C:\Users\nand\AppData\Roaming\EB32014F-1434737585-E311-AD99-28D2442A78C1
C:\Program Files (x86)\Common Files\Baidu
C:\Users\nand\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Rising
C:\Program Files (x86)\Rs
HKLM\...\Run: [baidusdTray] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\baidusdTray.exe
HKLM-x32\...\Run: [Rs] => C:\Program Files (x86)\Rs\Rs.exe [172032 2015-06-19] (Windows APP)
HKLM-x32\...\Run: [RSDTRAY] => C:\Program Files (x86)\Rising\RSD\popwndexe.exe [126808 2015-06-19] (Beijing Rising Information Technology Co., Ltd.)
HKLM-x32\...\Run: [baidusdTray] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe [2474952 2015-06-19] (百度在线网络技术（北京）有限公司)
HKLM-x32\...\Run: [gmsd_pl_005010007] => [X]
HKU\S-1-5-21-740415962-4211020823-285711137-1000\...\Run: [Akamai NetSession Interface] => C:\Users\nand\AppData\Local\Akamai\netsession_win.exe [4673432 2015-01-20] (Akamai Technologies, Inc.)
HKU\S-1-5-21-740415962-4211020823-285711137-1000\...\Policies\Explorer: []
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-740415962-4211020823-285711137-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File
FF Plugin HKU\S-1-5-21-740415962-4211020823-285711137-1000: @rising.com.cn/nprising -> C:\Program Files (x86)\Rising\RAV\nprising.dll No File
CHR Extension: (GoHD) - C:\Users\nand\AppData\Local\Google\Chrome\User Data\Default\Extensions\fijhlnmmmgflacagjecncpmpnhjieggk [2015-06-19]
OPR Extension: (GoHD) - C:\Users\nand\AppData\Roaming\Opera Software\Opera Stable\Extensions\fijhlnmmmgflacagjecncpmpnhjieggk [2015-06-19]
R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
R2 BDKVRTP; C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
R2 RsMgrSvc; C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe [179992 2015-06-19] (Beijing Rising Information Technology Co., Ltd.)
R2 RsRavMon; C:\Program Files (x86)\Rising\RAV\ravmond.exe [277552 2015-06-19] (Beijing Rising Information Technology Co., Ltd.)
R2 helidelo; C:\Users\nand\AppData\Roaming\EB32014F-1434737585-E311-AD99-28D2442A78C1\nsa56A3.tmpfs [X]
R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [202576 2015-04-08] (Baidu)
R1 bd0002; C:\Windows\System32\DRIVERS\bd0002.sys [196936 2015-04-08] (Baidu)
R1 bd0003; C:\Windows\System32\DRIVERS\bd0003.sys [67400 2015-04-08] (Baidu)
R2 BDArKit; C:\Windows\System32\DRIVERS\BDArKit.sys [152392 2015-04-08] (Baidu Technology)
R2 BDDefense; C:\Windows\System32\drivers\BDDefense.sys [103240 2015-04-08] (Baidu)
R1 BDMWrench_x64; C:\Windows\System32\DRIVERS\BDMWrench_x64.sys [56136 2015-04-08] (Baidu)
R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [71056 2015-03-11] (Beijing Rising Information Technology Co., Ltd.)
R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [121072 2015-02-11] (Beijing Rising Information Technology Co., Ltd.)
S1 BdSandBox; system32\DRIVERS\BdSandBox.sys [X]
S3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
C:\Windows\System32\DRIVERS\sysmon.sys
C:\Windows\System32\DRIVERS\rsutils.sys
C:\Windows\System32\DRIVERS\BDMWrench_x64.sys
C:\Windows\System32\drivers\BDDefense.sys
C:\Windows\System32\DRIVERS\BDArKit.sys
C:\Windows\System32\DRIVERS\bd0003.sys
C:\Windows\System32\DRIVERS\bd0002.sys
C:\Windows\System32\DRIVERS\bd0001.sys
C:\Users\nand\Desktop\aspsetup.exe
C:\Program Files (x86)\3af22314-9322-49ec-970a-9aaaef1d3836
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\ProgramData\Baidu
C:\Users\nand\AppData\Roaming\Baidu
C:\rising.ini
C:\ProgramData\Rising
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Software Deployment System
C:\Users\nand\AppData\Local\EB32014F-1434744971-E311-AD99-28D2442A78C1
C:\Users\nand\AppData\Roaming\EB32014F-1434737647-E311-AD99-28D2442A78C1
C:\Program Files (x86)\mbot_pl_014010007
C:\Users\nand\AppData\Roaming\EB32014F-1434737585-E311-AD99-28D2442A78C1
EmptyTemp:

 

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

 

Zrób nowe logi FRST

 

jessi

[julian]

 Zauważyłem że na tamtej stronie pokazuje jedynie 350 linijek kodu więc wyszło by bardzo dużo linków.Udało mi się podzielić plik GMER na 4 pliki tekstowe mam nadzieję że tak też będzie dobrze  .

 

Zapoznałem się z sytuacją jaka aktualnie jest , ale miałem nadzieję że jednak ktoś postara mi się pomóc . Dlatego dziękuję za szybkie zainteresowanie.

GMER1.txt

GMER2.txt

GMER3.txt

GMER4.txt

[jessica]

wróć do mojego poprzedniego postu.
 

 

W logu GMER jest bardzo dużo hooków, ale nie jestem pewna, czy to z wirusa.

 

jessi

[julian]

Program dalej ma się świetnie i zatruwa mój komputer.

Fixlog.txt

FRST.txt

Shortcut.txt

[jessica]

Tak, z usunięciem tego będzie problem.

 

1) Spróbuj użyć AppRemover http://www.appremover.com/get/appremover.exe

(https://www.fixitpc.pl/topic/8716-skuteczne-usuwanie-programow-antywirusowych/)

Nie wiem, czy "chińczyka" też usuwa.

 

2) >>GMER>>
Rozwiń>>>zakładka CMD>>zaznacz CMD ---w górne czarne pole wklej to:

 

 

kzysz8nc -del service BaiduHips
kzysz8nc -del service BDKVRTP
kzysz8nc -del service RsMgrSvc
kzysz8nc -del service RsRavMon
kzysz8nc -del service helidelo
kzysz8nc -del service bd0001
kzysz8nc -del service bd0002
kzysz8nc -del service bd0003
kzysz8nc -del service BDArKit
kzysz8nc -del service BDDefense
kzysz8nc -del service BDMWrench_x64
kzysz8nc -del file C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
kzysz8nc -del file C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
kzysz8nc -del file C:\Program Files (x86)\Rising\RSD\RsMgrSvc.exe
kzysz8nc -del reg HKLM\SYSTEM\CurrentControlSet\Services\BaiduHips
kzysz8nc -del file C:\Program Files (x86)\Rising\RAV\ravmond.exe
kzysz8nc -del file C:\Users\nand\AppData\Roaming\EB32014F-1434737585-E311-AD99-28D2442A78C1\nsa56A3.tmpfs
kzysz8nc -del file C:\Windows\System32\DRIVERS\bd0001.sys
kzysz8nc -del file C:\Windows\System32\DRIVERS\bd0002.sys
kzysz8nc -del file C:\Windows\System32\DRIVERS\bd0003.sys
kzysz8nc -del file C:\Windows\System32\DRIVERS\BDArKit.sys
kzysz8nc -del file C:\Windows\System32\drivers\BDDefense.sys
kzysz8nc -del file C:\Windows\System32\DRIVERS\BDMWrench_x64.sys
kzysz8nc -reboot

 

 

Kliknij „Uruchom” z prawej strony. Komputer powinien się samoczynnie wyłączyć i włączyć.

 

Jeśli to zadziała, to zrobisz nowe logi FRST.

 

jessi

[julian]

AppRemover niestety nie wykrył tego programu.W GMER  wyskoczył komunikat ze zostało ukończone pomyślnie lecz nie zrestartował się system zrobiłem to sam. Niestety to również nie pomogło.

Zrobiłem nowe pliki FRST.

FRST.txt

Addition.txt

Shortcut.txt

[jessica]

1) Spróbuj usunąć przy pomocy Revo Uninstaller http://www.revouninstaller.com/revo_uninstaller_free_download.html

 

2) Użyj >Adw-cleaner
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner.txt

 

3) Ściągnij BlitzBlank http://www.mediafire.com/download/h9nsqk7fagfpcuq/BlitzBlank.exe

Uruchom BlitzBlank i w karcie Script wklej:

DisableDriver:
BaiduHips
BDKVRTP
RsRavMon
bd0001
bd0002
bd0003
BDArKit
BDDefense
BDMWrench_x64
sysmon
BdSandBox

DeleteFile:
"C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe"
"C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
C:\Windows\System32\DRIVERS\bd0001.sys
C:\Windows\System32\DRIVERS\bd0002.sys
C:\Windows\System32\DRIVERS\bd0003.sys
C:\Windows\System32\DRIVERS\BDArKit.sys
C:\Windows\System32\drivers\BDDefense.sys
C:\Windows\System32\DRIVERS\BDMWrench_x64.sys
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
"C:\Users\nand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk"
C:\Users\nand\AppData\Local\SmartWeb\uninst.lnk

DeleteFolder:
"C:\Program Files (x86)\Common Files\Baidu"

"C:\Program Files\Common Files\Baidu"
C:\Program Files (x86)\Baidu
C:\Users\nand\AppData\Roaming\Baidu
C:\Program Files (x86)\predm
C:\Program Files (x86)\Crossbrowse
C:\ProgramData\Baidu
C:\Users\nand\AppData\Local\SmartWeb
C:\ProgramData\Rising

DeleteRegKey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BaiduHips
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDKVRTP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RsRavMon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bd0001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bd0002
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bd0003
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDArKit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDMWrench_x64
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDDefense
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysmon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdSandBox

Klik w Execute Now. Zatwierdź restart komputera.

Daj wynikowy log z BlitzBlank
 

jessi

[julian]

Przepraszam, że tak długo nie odpisywałem, musiałem wyjść załatwić pewną sprawę .

 

Niestety Revo nie widzi tego programu. Użyłem Adw-cleanera wykryło kilka plików skasowało je . Próbowałem użyć BlitzBlanka niestety po wciśnięciu przycisku Execute Now wyskakuje komunikat "Syntax error in line 17, Invalid file path.

 

Przesyłam plik wynikowy z Adw-cleanera

AdwCleanerS1.txt

[jessica]

Zrób nowe logi FRST -zobaczymy, co się usunęło, a co nie.

 

jessi

[julian]

Oto nowe pliki.

Addition.txt

FRST.txt

Shortcut.txt

[jessica]

Uruchom BlitzBlank i w karcie Script wklej:

DisableDriver:
BaiduHips
BDKVRTP
RsRavMon
bd0001
bd0002
bd0003
BDArKit
BDDefense
BDMWrench_x64
sysmon
BdSandBox

DeleteFile:
"C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe"
"C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe"
"C:\Program Files\Baidu\BaiduSd\3.0.0.4605\BDKVWsc.exe"
C:\Windows\System32\DRIVERS\bd0001.sys
C:\Windows\System32\DRIVERS\bd0002.sys
C:\Windows\System32\DRIVERS\bd0003.sys
C:\Windows\System32\DRIVERS\BDArKit.sys
C:\Windows\System32\drivers\BDDefense.sys
C:\Windows\System32\DRIVERS\BDMWrench_x64.sys
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\Windows\system32\Drivers\rsndisp.sys

DeleteFolder:
"C:\Program Files\Common Files\Baidu"
"C:\Program Files\Baidu"
C:\Users\nand\AppData\Roaming\Baidu
C:\ProgramData\Baidu
C:\ProgramData\Rising
C:\ProgramData\boost_interprocess

DeleteRegKey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BaiduHips
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDKVRTP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RsRavMon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bd0001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bd0002
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bd0003
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDArKit
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDMWrench_x64
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BDDefense
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysmon
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BdSandBox

DeleteRegValue:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\baidusdTray
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\baidusdTray

Klik w Execute Now. Zatwierdź restart komputera.
Daj wynikowy log z BlitzBlank.

 

Otwórz Notatnik i wklej w nim:

 

 

Task: {206BD9BA-3369-4EEA-9418-432E9ED4A72A} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {C9035508-4077-43DB-A39B-AB0CFB809E62} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
FirewallRules: [{B1BCB66C-278E-44E6-A07D-209D26E1ECED}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{C3BEAEB4-3CE7-4F6B-AF15-7AEE497EC21D}] => (Allow) C:\Program Files (x86)\Rising\RAV\ravmond.exe
FirewallRules: [{42DF2320-629A-4A08-A5B7-E4B3031593F8}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{973A57E7-90A8-467E-B35D-6C2F47D2A0A6}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{9A066294-D6DE-409E-85DA-182DD0F72442}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{7563CDFB-AA22-4D21-85FD-EBB0368250EC}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
FirewallRules: [{3E2E2DE9-5724-4685-9F92-28FB49391540}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{88D23969-2519-402C-822F-858A4E52294E}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{62BF8E92-9EC8-4ED8-862F-8CC53448B194}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{88CA7CFE-6E09-4595-A083-3083E0CE008D}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSd.exe
FirewallRules: [{1A809989-BABB-473B-B1EA-44FD40E6E402}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{B8C0A1A2-5E36-4F77-A197-F68F05913458}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{A1D40962-45FD-49DB-8D18-1678FCFBEA50}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{08EABCB1-57C5-4351-B7AF-036BB135BBB2}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
FirewallRules: [{B9627688-95E6-4643-BEC4-4F0A93FF2C48}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{C0A91A14-8C1C-4207-9EA3-45F81AA5F87B}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{28CB9762-79C8-431C-B862-D143E24ED35F}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{E5B83B5A-4C7E-4CBD-AC28-A2A88C3AAF0D}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdUpdate.exe
FirewallRules: [{4B7AC003-C58F-4251-A016-F9ACC3DDBF53}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{3A931812-53DB-4A83-8722-9C87D235F2F4}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{DFE5CEA3-CBA1-4630-ABAB-CA3756712FF0}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{9BC793D9-0D72-4BAD-AAED-5A307730864E}] => (Allow) C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdBugRpt.exe
FirewallRules: [{3F855DDB-3BC2-46E6-BA3D-BE769AAC8C7F}] => (Allow) C:\program files (x86)\common files\baidu\bddownload\108\bddownloader.exe
FirewallRules: [TCP Query User{04D29C40-2DCF-4C8E-889E-C2D92B3F1DA5}C:\program files (x86)\baidu\baidusd\3.0.0.4605\baidusdtray.exe] => (Block) C:\program files (x86)\baidu\baidusd\3.0.0.4605\baidusdtray.exe
FirewallRules: [uDP Query User{E525B7DB-9350-49AD-81E1-EE78329241C3}C:\program files (x86)\baidu\baidusd\3.0.0.4605\baidusdtray.exe] => (Block) C:\program files (x86)\baidu\baidusd\3.0.0.4605\baidusdtray.exe
HKLM\...\Run: [baidusdTray] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\baidusdTray.exe
C:\program files (x86)\common files\baidu
C:\Program Files (x86)\Baidu
C:\Program Files (x86)\Rising
HKLM-x32\...\Run: [baidusdTray] => C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
S2 RsRavMon; "C:\Program Files (x86)\Rising\RAV\ravmond.exe" [X]
R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
R2 BDKVRTP; C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
C:\Users\nand\AppData\Roaming\Baidu
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
C:\Program Files (x86)\2db321c8-69b7-4dd1-acf8-4d551cdaf0f7
C:\ProgramData\Rising
C:\Windows\system32\Drivers\rsndisp.sys
C:\ProgramData\boost_interprocess
InternetURL: C:\ProgramData\Rising\Rav\ShortCut\Repair.url -> hxxp://www.rising.com.cn/2008/repair_rs09/
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.

 

Zrób nowe logi FRST - już bez Shortcut.

 

jessi

[julian]

W BlitzBlank wyskakuje znowu ten sam komunikat tym razem linia 15. Znalazłem ten program w folderze "Program Files (x86)"

[jessica]

W BlitzBlank wyskakuje znowu ten sam komunikat tym razem linia 15.

Jeśli jest możliwość ominięcia tej linii w Blitz, to omiń.

 

Jeśli nie da się ominąć, to będziemy próbować robić po jednej linijce oddzielnie.

Najpierw:

Uruchom BlitzBlank i w karcie Script wklej:

 

DisableDriver:

BaiduHips

BDKVRTP

RsRavMon

bd0001

bd0002

bd0003

BDArKit

BDDefense

BDMWrench_x64

sysmon

BdSandBox

 

Klik w Execute Now. Zatwierdź restart komputera.

 

Jeśli to się powiedzie, to przejdziemy do następnej komendy:

Uruchom BlitzBlank i w karcie Script wklej:

 

DeleteFile:

C:\Windows\System32\DRIVERS\bd0001.sys

C:\Windows\System32\DRIVERS\bd0002.sys

C:\Windows\System32\DRIVERS\bd0003.sys

C:\Windows\System32\DRIVERS\BDArKit.sys

C:\Windows\System32\drivers\BDDefense.sys

C:\Windows\System32\DRIVERS\BDMWrench_x64.sys

C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7

C:\Windows\system32\Drivers\rsndisp.sys

 

Klik w Execute Now. Zatwierdź restart komputera.

 

Jeśli i to przejdzie bez zgrzytów, to zrobisz log z FRST - zobaczymy, czy to się da w ogóle usuwać.

 

jessi

[julian]

Pierwszy script się wykonał - nie mogło zostać usunięte, dezaktywował je jedynie. Drugi script pokazuje błąd "Syntax error in line 1, Unknown comand"

 

Zrobiłem od razu scan FRST.

Addition.txt

FRST.txt

[jessica]

. Drugi script pokazuje błąd "Syntax error in line 1, Unknown comand"

No tak, tam w ogóle nie dałam komendy - przeoczyłam to.

 

zaraz przejrzę logi

...

R2 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [64008 2015-06-19] (百度在线网络技术（北京）有限公司)

R2 BDKVRTP; C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdSvc.exe [793096 2015-06-19] (百度在线网络技术（北京）有限公司)

Literka "R" oznacza, że deaktywacja się nie powiodła.

 

Tak więc nie ma żadnych szans na usunięcie tych "chińczyków".

 

Teoretycznie możesz jeszcze spróbować w Trybie Awaryjnym (F8 przed startem Systemu), ale nie wiem, czy to coś da.

 

Nic tu już nie wymyślę,

 

jessi

[julian]

Rozumiem że czeka mnie przeinstalowanie systemu  .

[jessica]

Rozumiem że czeka mnie przeinstalowanie systemu  .

Może kiedyś zajrzy tu jeszcze @Picasso i coś wymyśli?

 

Użyj  > MBAM

Podczas instalacji usuń zaznaczenie z okienka przy "Uruchom okres testowy Malwarebytes Anti-Malware Premium".

Zaznacz wszystko co wykryje, kliknij na Usuń zaznaczone.

 

Skąd to "diabelstwo" ściągnąłeś?

 

W necie jest dużo stron "jak usunąć baidu", ale żadnego z tych sposobów nie próbowałam, więc być może to tylko fikcyjne sposoby

 

jessi

[julian]

Pobrałem to razem z grą z dobrze znanej nam wszystkim strony. Niestety MBAM nie wykrył tego czegoś.

 

Twoja pomoc jednak przyniosła jakiś rezultat bo już mi się nie uruchamia ten program i nie ma tych złośliwych reklam w przeglądarce. A wiec jednak nie jest takie nie zniszczalne  

 

Dziękuję  za próbę pomocy, mam nadzieję, że jeszcze zostanie znalezione jakieś rozwiązanie jak się tego pozbyć.

[jessica]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015

Ran by nand (administrator) on NAND-KOMPUTER on 20-06-2015 22:00:22

 

Dopiero teraz zauważyłam, że ostatnie logi FRST, jakie dałeś, wcale nie są z dzisiejszego dnia.

 

Daj najnowsze logi.

 

jessi

[julian]

Faktycznie program FRST nie tworzy mi ani nie nadpisuje plików, zrobiłem to ręcznie. Przeglądałem trochę folder tego programu Baidu natrafiłem na aplikację uninstal. Stwierdziłem, że mogę zaryzykować i tak już nie nie tracę, metodą prób i błędów klikając w Chińskie szlaczki udało mi się coś z tego odinstalować. Pozostały jeszcze jakieś pliki i wpisy. 

 

Może teraz będzie łatwiej pozbyć się tego i wyczyścić komputer

 

Proszę o to nowe logi.

Addition.txt

FRST.txt

Shortcut.txt

[jessica]

1) Odinstaluj te programy:

bestadblocker (HKLM-x32\...\{4820778D-AB0D-6D18-C316-52A6A0E1D507}) (Version:  - ) <==== ATTENTION

PriceMinus (HKLM-x32\...\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}) (Version:  - ) <==== ATTENTION

 

2) Teraz sytuacja jest gorsza, bo Rejestr jest uszkodzony.

 

3) Otwórz Notatnik i wklej w nim:

 

CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{0215A4C0-5431-4FD0-9B06-46589B5C4939}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{048ED0E0-12CF-4C0F-9FFA-947C2FBE8C8E}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{071339A1-1946-44B2-B63E-50459B15DB86}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{08A60FF7-BB37-44F4-9759-0ADA6C7B9CC9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{0B38CACA-3D3C-48EA-BEB5-7D95F4F6EE15}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{0C3393F8-94F5-4B79-8C01-49A2D0CC0FE9}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{0D555CE0-304A-47A6-858B-B145209A3982}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1D6DFD6A-9E16-435A-9327-6FFEC6BA372F}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1E5724EA-3423-4BD3-ABD6-46E650D2DC66}\InprocServer32 -> AcETransmit.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1E8A29BA-827D-4031-A4A3-AE7999B402F6}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1EA072EE-57FD-495E-889C-8243C3BDBDBC}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{1FD7F53F-7ED5-439C-9A77-A3821CD09E98}\InprocServer32 -> axdb.dll No File
CustomCLSID: HKU\S-1-5-21-740415962-4211020823-285711137-1000_Classes\CLSID\{20E47D5B-529A-45BD-8E77-BF1A3064A008}\InprocServer32 -> axdb.dll No File
Task: {206BD9BA-3369-4EEA-9418-432E9ED4A72A} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {C9035508-4077-43DB-A39B-AB0CFB809E62} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task[973b].job => c:\programdata\{a57a407d-0a1c-410c-a57a-a407d0a101f4}\f1_2014_pc__game (1).exe <==== ATTENTION
c:\programdata\{a57a407d-0a1c-410c-a57a-a407d0a101f4}
C:\Program Files (x86)\Rising
C:\program files (x86)\common files\baidu
HKLM\...\Run: [baidusdTray] => "C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\baidusdTray.exe"  -stmd=3
C:\Program Files (x86)\Baidu
HKU\S-1-5-21-740415962-4211020823-285711137-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\nand\AppData\Local\Akamai\netsession_win.exe"
C:\Users\nand\AppData\Local\Akamai\netsession_win.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-740415962-4211020823-285711137-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO: PriceMinus -> {5AB30FD9-2AD4-49A7-AE9A-E5F4441922E5} -> C:\Program Files (x86)\PriceMinus\IiNVnZnl4GaN8a.x64.dll No File
BHO: bestadblocker -> {741C982F-4669-4217-86C1-686B4BCED847} -> C:\Program Files (x86)\bestadblocker\VuxJtDGlvspgrC.x64.dll [2015-06-19] ()
C:\Program Files (x86)\PriceMinus
C:\Program Files (x86)\bestadblocker
Locked "BFE" service could not be unlocked. <===== ATTENTION
U4 BaiduHips; C:\Program Files (x86)\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [X]
U4 RsRavMon; "C:\Program Files (x86)\Rising\RAV\ravmond.exe" [X]
U1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [202576 2015-04-08] (Baidu)
U4 BDDefense; C:\Windows\System32\drivers\BDDefense.sys [103240 2015-04-08] (Baidu)
U1 bd0002; system32\DRIVERS\bd0002.sys [X]
U3 blzblk; \??\C:\Windows\system32\drivers\blzblk.sys [X]
U4 sysmon; system32\DRIVERS\sysmon.sys [X]
C:\Program Files (x86)\2db321c8-69b7-4dd1-acf8-4d551cdaf0f7
C:\Windows\system32\Drivers\bd0001.sys
C:\Windows\system32\Drivers\BDDefense.sys
C:\ProgramData\Baidu
C:\ProgramData\Rising
:\Windows\system32\Drivers\rsndisp.sys
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
Powstanie plik fixlog.txt.
Daj ten log.
 

 

4) Zrób nowe logi FRST.

 

jessi

[julian]

Nie instalowałem ich nawet , i nie widać ich w systemie jako zainstalowanych. 

[jessica]

Nie instalowałem ich nawet , i nie widać ich w systemie jako zainstalowanych. 

są na liście Twoich programów - log Additional.txt.

 

możesz też ponownie użyć Adw-Cleaner.

 

dodatkowo:

Do Notatnika wklej:

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt]
"DisplayName"="@%Systemroot%\\system32\\wbem\\wmisvc.dll,-205"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="@%Systemroot%\\system32\\wbem\\wmisvc.dll,-204"
"ObjectName"="localSystem"
"ErrorControl"=dword:00000000
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00
"ServiceSidType"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,\
00,6c,00,6c,00,00,00
"ServiceMain"="ServiceMain"

Z Menu Notatnika >> Plik >> Zapisz jako >> Ustaw rozszerzenie na Wszystkie pliki >> Zapisz jako> FIX.REG >>

plik uruchom (dwuklik i OK).

Zrestartuj komputer.

 

dopiero potem zrób nowe logi FRST.

 

jessi

[julian]

Zrobione , proszę o to nowe logi.

Addition.txt

Fixlog.txt

FRST.txt

Shortcut.txt