Wmi provider host Problem LOGI 28% procesora


(Sebastiangustak) #1

Witam


(Atis) #2

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
AppInit_DLLs: C:\ProgramData\Itstock\Solfax.dll => C:\ProgramData\Itstock\Solfax.dll [883200 2015-09-10] ()
AppInit_DLLs-x32: C:\ProgramData\Itstock\TempBam.dll => C:\ProgramData\Itstock\TempBam.dll [738816 2015-09-10] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hppp&ts=1438004775&z=b3f8af2a5115879907a2d74gczbcabfede1zam4ceg&from=cornl&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX91AB3H9632H9632
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=dspp&ts=1438004775&z=b3f8af2a5115879907a2d74gczbcabfede1zam4ceg&from=cornl&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX91AB3H9632H9632&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hppp&ts=1438004775&z=b3f8af2a5115879907a2d74gczbcabfede1zam4ceg&from=cornl&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX91AB3H9632H9632
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1438004775&z=b3f8af2a5115879907a2d74gczbcabfede1zam4ceg&from=cornl&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX91AB3H9632H9632&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-1332206925-156916522-3306716757-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpVLywo_Fzv2JQIjaiopXN0mhEjh3XmV9huud9Ocg075zUp3FV1pDTNb4ZPFJY6h8N0DOLa6vd3zbK3wgxCnMCMQPiZWI-z0DgTaoL8aJG-Fr68zBnJc4nf4FRzKqAa0eDWOcyF38sTqEA,,&q={searchTerms}
HKU\S-1-5-21-1332206925-156916522-3306716757-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpVLywo_Fzv2JQIjaiopXN0mhEjh3XmV9huud9Ocg075zUp3FV1pDTNb4ZPFJY6h8NFao3Yo-7uuVZ8Vq3BprqygXekRLxR3USlW5PiQu4hI83dxvmJQujt0Eslv7GlZfAFOQPbCuf7QtA,,
HKU\S-1-5-21-1332206925-156916522-3306716757-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-1332206925-156916522-3306716757-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpVLywo_Fzv2JQIjaiopXN0mhEjh3XmV9huud9Ocg075zUp3FV1pDTNb4ZPFJY6h8N0DOLa6vd3zbK3wgxCnMCMQPiZWI-z0DgTaoL8aJG-Fr68zBnJc4nf4FRzKqAa0eDWOcyF38sTqEA,,&q={searchTerms}
HKU\S-1-5-21-1332206925-156916522-3306716757-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpVLywo_Fzv2JQIjaiopXN0mhEjh3XmV9huud9Ocg075zUp3FV1pDTNb4ZPFJY6h8N0DOLa6vd3zbK3wgxCnMCMQPiZWI-z0DgTaoL8aJG-Fr68zBnJc4nf4FRzKqAa0eDWOcyF38sTqEA,,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1438004775&z=b3f8af2a5115879907a2d74gczbcabfede1zam4ceg&from=cornl&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX91AB3H9632H9632&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_17&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtD0DtCtCyD0CtAzz0F0DtN0D0Tzu0StCtBtAzztN1L2XzutAtFtCtDtFtCtDtFtDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2SyEyBtBtByEtCtCtBtGyD0B0AtCtGyBtBtD0CtGtAtC0AyCtGtAtDzztCyB0B0BtDtAyB0A0D2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0C0ByB0A0C0C0CtG0DyCtByBtGyE0FyD0BtG0AzyyD0FtG0FyDyCtC0ByByDzzzz0FtAtA2QtN0A0LzuyE%26cr%3D1345629060%26a%3Dwncy_ir_15_17%26os%3DWindows 8.1 Pro&p={searchTerms}
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://us.yhs4.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_31&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dpl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyByCtC0CtD0DtCtCyD0CtAzz0F0DtN0D0Tzu0StCtAtDtAtN1L2XzutAtFtCtBtFyDtFtAtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyEtByByBtDzyzyzztGtDtBtA0BtG0EyBtDtBtGtD0FzztBtGyD0C0EtDyBtDyBtAzytByCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0CyBzzyE0D0FyE0CtGzyyEzzzytGyEyBzy0BtG0B0DtC0AtGzz0DtC0EyEtBtCtDyEtD0CyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzytDtD%26cr%3D1486100363%26a%3Dwncy_ir_15_31%26os%3DWindows%2B8.1%2BPro&p={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1438004775&z=b3f8af2a5115879907a2d74gczbcabfede1zam4ceg&from=cornl&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX91AB3H9632H9632&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpVLywo_Fzv2JQIjaiopXN0mhEjh3XmV9huud9Ocg075zUp3FV1pDTNb4ZPFJY6h8N0DOLa6vd3zbK3wgxCnMCMQPiZWI-z0DgTaoL8aJG-Fr68zBnJc4nf4FRzKqAa0eDWOcyF38sTqEA,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?type=dspp&ts=1438004775&z=b3f8af2a5115879907a2d74gczbcabfede1zam4ceg&from=cornl&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX91AB3H9632H9632&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1332206925-156916522-3306716757-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpVLywo_Fzv2JQIjaiopXN0mhEjh3XmV9huud9Ocg075zUp3FV1pDTNb4ZPFJY6h8N0DOLa6vd3zbK3wgxCnMCMQPiZWI-z0DgTaoL8aJG-Fr68zBnJc4nf4FRzKqAa0eDWOcyF38sTqEA,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1332206925-156916522-3306716757-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX91AB3H9632H9632&ts=1438004788&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1332206925-156916522-3306716757-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX91AB3H9632H9632&ts=1438004788&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1332206925-156916522-3306716757-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX91AB3H9632H9632&ts=1438004788&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1332206925-156916522-3306716757-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX91AB3H9632H9632&ts=1438004788&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1332206925-156916522-3306716757-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.istartsurf.com/web/?utm_source=b&utm_medium=cornl&utm_campaign=install_ie&utm_content=ds&from=cornl&uid=WDCXWD10S21X-24R1BT0-SSHD-8GB_WD-WX91AB3H9632H9632&ts=1438004788&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1332206925-156916522-3306716757-1001 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1332206925-156916522-3306716757-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBPxn49PYmQ6e1krQXBFZY3cpVLywo_Fzv2JQIjaiopXN0mhEjh3XmV9huud9Ocg075zUp3FV1pDTNb4ZPFJY6h8N0DOLa6vd3zbK3wgxCnMCMQPiZWI-z0DgTaoL8aJG-Fr68zBnJc4nf4FRzKqAa0eDWOcyF38sTqEA,,&q={searchTerms}
BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll No File
FF NewTab: C:\\ProgramData\\Itstocks\\ff.NT
FF DefaultSearchEngine: findit
FF SelectedSearchEngine: istartsurf
FF Homepage: C:\\ProgramData\\Itstocks\\ff.HP
FF NetworkProxy: "ftp", "156.20.30.141"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "gopher", "156.20.30.141"
FF NetworkProxy: "gopher_port", 8080
FF NetworkProxy: "http", "156.20.30.141"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "socks", "156.20.30.141"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "156.20.30.141"
FF NetworkProxy: "ssl_port", 8080
FF NetworkProxy: "type", 0
FF SearchPlugin: C:\Users\Baxter\AppData\Roaming\Mozilla\Firefox\Profiles\5unkjelc.default\searchplugins\findit.xml [2015-09-17]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Baxter\AppData\Roaming\Mozilla\Firefox\Profiles\5unkjelc.default\extensions\defsearchp@gmail.com
CHR Extension: (Chrome Web Store Payments) - C:\Users\Baxter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
R2 Itstock; C:\ProgramData\Itstock\Itstock.exe [38400 2015-09-10] () [File not signed]
2015-09-17 18:45 - 2015-09-17 18:45 - 00000000 ____ D C:\_OTL
2015-09-05 19:12 - 2015-09-16 19:11 - 00000000 ____ D C:\Temp
2015-09-15 15:35 - 2015-09-15 15:35 - 00000000 ____ D C:\ProgramData\Itstocks
2015-09-10 19:24 - 2015-09-17 19:11 - 00000000 ____ D C:\ProgramData\Itstock
2015-09-10 19:24 - 2015-09-17 17:11 - 00002377 _____ C:\Windows\SysWOW64\findit.xml
2015-09-15 20:21 - 2015-09-15 20:22 - 00866744 _____ (Web Installer generic ) C:\Users\Baxter\Downloads\EasyClicker-Pro-61870-dp.exe
Task: {2F59AA93-DF19-4B96-BCC4-0E5BB944F2D3} - System32\Tasks\DolbySelectorTask => C:\Program Files\Dolby Digital Plus\ddp.exe
Task: {CFD977C7-2CB3-468A-8017-A8B3BCBD9B21} - System32\Tasks\Chromium => C:\Users\Baxter\AppData\Local\Chromium\APPLIC~1\450240~1.0\INSTAL~1\UNINST~1.EXE
EmptyTemp:

Uruchom FRST i kliknij Napraw (Fix). Pokaż raport z usuwania Fixlog.

Kliknij Skanuj (Scan) i pokaż nowy raport z FRST bez Addition i Shortcut.


(Sebastiangustak) #3

Zrobiłem tak jak kazałeś zamieszczam FRST: http://wklej.org/id/1799078/


(Atis) #4

Skasuj folder C:\FRST i C:\AdwCleaner

Usuń stare punkty przywracania: Przywracanie systemu i kopie w tle

Dysk przeskanuj Malwarebytes Anti-Malware

Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware Premium.

http://wstaw.org/m/2014/03/25/2014-03-25_123039.png

Język PL > Settings > General Settings > Language > Polish