Witam,
Jest to prawdopodobnie wirus podszywąjacy sie pod steama. Pomimo wyłaczonego steama w autostarcie i w procesach windowsa , steamclient uruchamia się podczas użytkowania komputera po jakimś czasie (nie po starcie windowsa) . Proces ten zużywa 25% procesora (I5) czyli cały jeden rdzeń. Pomaga jedynie ręczne zamkniecie procesu.
Proszę o pomoc
LOGI FRST :
FRST : http://wklej.to/TYykj
Addition : http://wklej.to/2gTH0
Extras : http://wklej.to/0lkFJ
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
CloseProcesses:
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BulleT\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BulleT\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BulleT\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\BulleT\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
SearchScopes: HKLM-x32 -> DefaultScope value is missing
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S3 ArdDrv; \??\C:\Windows\SysWOW64\Drivers\ArdDrv.sys [X]
S3 AsrSetupDrv; \??\C:\Windows\SysWOW64\Drivers\AsrSetupDrv.sys [X]
S3 AxtuDrv; \??\C:\Windows\SysWOW64\Drivers\AxtuDrv.sys [X]
S3 cpuz137; \??\N:\TEMP\cpuz137\cpuz137_x64.sys [X]
CustomCLSID: HKU\S-1-5-21-3396581612-1331354409-1023958722-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BulleT\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-3396581612-1331354409-1023958722-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BulleT\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-3396581612-1331354409-1023958722-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BulleT\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
CustomCLSID: HKU\S-1-5-21-3396581612-1331354409-1023958722-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\BulleT\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
Task: {630FA6CC-C789-43E8-B493-644B1EA9ABDC} - System32\Tasks\{1CCFEB06-4535-4CE2-84C6-79A674AC9012} => pcalua.exe -a C:\Users\BulleT\Downloads\lgs510(1).exe -d C:\Users\BulleT\Downloads
Task: {8E086CCC-BE2B-4405-B347-560901B8DF76} - System32\Tasks\{AEE9F558-ADFF-4F15-B13F-BF24E4D24917} => pcalua.exe -a "C:\Users\BulleT\Downloads\Revo Uninstaller Pro 3.0.5 Final Multilanguage (32-64bit) - SceneDL\64 bit\revouninpro.exe" -d "C:\Users\BulleT\Downloads\Revo Uninstaller Pro 3.0.5 Final Multilanguage (32-64bit) - SceneDL\64 bit"
Task: {C48F6F5B-312F-4D91-ADEA-1610CB483458} - System32\Tasks\Steam_x64-S-2-106-91 => C:\Users\BulleT\AppData\Roaming\GHISLER\CODEXi\Steam Client [2015-05-10] () <==== ATTENTION
Task: {CADE0239-0F74-4D70-BF81-55C8BDD44D44} - System32\Tasks\{C5066C3A-4343-443A-B545-EEB90A25C070} => pcalua.exe -a C:\Users\BulleT\Downloads\lgs510.exe -d C:\Users\BulleT\Downloads
C:\Users\BulleT\AppData\Roaming\GHISLER\CODEXi
EmptyTemp:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.
Skasuj folder C:\FRST
Usuń stare punkty przywracania: Aby usunąć wszystkie punkty przywracania
Odinstaluj:
Adobe Flash Player 17 ActiveX
Adobe Reader 9
Zainstaluj: