Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Upierdliwy chinski wirus (Windows Ekslorator Przestał działać)

Bodek133 03 Sie 2015 22:29 3549 4
  • #1 03 Sie 2015 22:29
    Bodek133
    Poziom 5  

    Siemka, mam pewien problem z wirusem (Chinśkim), mam folder Tencent gdzie jest tego bardzo dużo. Niektórych nie ma w Panel Sterowania > Odinstaluj Programy. ADWCleaner odinstalował mi trochę tego, ale nadal jest. Dodam, że pojawia mi się Windows Eksplorator Przestał działać, a jak zostawię komputer na 15 minut i włączę gry/przeglądarkę to normalnie działa, ale muli i ścina pomoże ktoś? Dodaje załącznik skanu z FRST.

    0 4
  • #3 03 Sie 2015 23:31
    Kolobos
    Spec od komputerów

    Pierwszy watek nie trafil do kosza bez powodu, MUSISZ sie nauczyc pisac jezeli chcesz korzystac z forum.

    Odinstaluj: globalupdate Helper

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    Task: {04BEEA1D-30A0-449C-9C75-AD6539E362FD} - System32\Tasks\WordJumble => c:\programdata\{e7e594d9-eef2-3af1-e7e5-594d9eef5367}\3158709424850487151b.exe <==== ATTENTION
    Task: {0FC16339-0632-4053-BC7B-4385D16652C3} - System32\Tasks\{3F27CF63-0D3B-438C-9AFA-7CD8BC3885AA} => pcalua.exe -a C:\Users\Bartek\Downloads\allinon1\wog358f.part01.exe -d C:\Users\Bartek\Downloads\allinon1
    Task: {1B58795A-8009-45BC-9EBF-E5E1181C28B5} - System32\Tasks\NoteParse => c:\programdata\{6cda66d4-a0a8-2cde-6cda-a66d4a0a9b52}\3451138875148199635b.exe <==== ATTENTION
    Task: {44139AA0-8AC5-4500-98E9-8635FBE72879} - System32\Tasks\{569E80BB-442A-4115-BB77-297D4AE49602} => pcalua.exe -a "C:\Program Files\FriendlyError\tmpC6AA.bat"
    Task: {6AC27C74-952F-4199-9141-40F3F90E2A33} - System32\Tasks\Opera scheduled Autoupdate 1436917521 => C:\Program Files\Opera\launcher.exe [2015-07-13] (Opera Software)
    Task: {74A74BEE-7B4B-4D41-A334-2DBC4A267B9B} - System32\Tasks\{7C7C91D1-C742-41D9-AF8A-F9DB17C0AEB2} => pcalua.exe -a "C:\Program Files\FriendlyError\tmp7762.bat"
    Task: {76678702-46A7-484A-8EA8-FCFA495CBEE3} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\PROGRAM FILES\RISING\RAV\rsdelaylauncher.exe [2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
    Task: {795F24D6-EA30-46B9-9384-C2C9426BDA58} - System32\Tasks\{28868520-F26D-4C57-8A72-F53898D9B77E} => pcalua.exe -a "C:\Users\Bartek\Downloads\seba86mu ModPack (0.9.8.1 v7) + XVM 6.1.2.exe" -d C:\Users\Bartek\Downloads
    Task: {9901FA74-13B0-46D1-ABEB-E94BCFB60EEC} - System32\Tasks\Chromium => C:\Users\Bartek\AppData\Local\Chromium\APPLIC~1\450242~1.0\INSTAL~1\UNINST~1.EXE
    Task: {EF97A3E1-533B-4543-8720-A9B766266984} - System32\Tasks\{F1509EC8-065D-42F8-955D-88B914DC3AD2} => pcalua.exe -a C:\Windows\UnGins.exe -c "C:\Program Files\HEROES3\Erathia\install.log"
    Task: C:\Windows\Tasks\Chromium.job =>
    Task: C:\Windows\Tasks\NoteParse.job => c:\programdata\{6cda66d4-a0a8-2cde-6cda-a66d4a0a9b52}\3451138875148199635b.exe <==== ATTENTION
    Task: C:\Windows\Tasks\WordJumble.job => c:\programdata\{e7e594d9-eef2-3af1-e7e5-594d9eef5367}\3158709424850487151b.exe <==== ATTENTION
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Koarkhwajl => ""="service"
    IE trusted site: HKU\S-1-5-21-370388405-3256409741-2475370511-1000\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-370388405-3256409741-2475370511-1000\...\webcompanion.com -> hxxp://webcompanion.com
    (Tencent) C:\Program Files\Tencent\QQPCMgr\10.9.16349.225\QQPCRTP.exe
    (Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RSD\RsMgrSvc.exe




    (Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RAV\ravmond.exe
    (Tencent) C:\Program Files\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe
    (Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RSD\popwndexe.exe
    (© 2015 Microsoft Corporation) C:\Users\Bartek\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    (Beijing Rising Information Technology Co., Ltd.) C:\Program Files\Rising\RAV\rstray.exe
    () C:\Program Files\Rising\RAV\CMPA.exe
    (Tencent) C:\Program Files\Common Files\Tencent\QQDownload\130\Tencentdl.exe
    HKLM\...\Run: [ QQPCTray] => C:\Program Files\Tencent\QQPCMgr\10.9.16349.225\QQPCTray.exe [355296 2015-07-31] (Tencent)
    HKLM\...\Run: [RSDTRAY] => C:\Program Files\Rising\RSD\popwndexe.exe [126808 2012-09-25] (Beijing Rising Information Technology Co., Ltd.)
    HKLM\...\Run: [RavTRAY] => C:\Program Files\Rising\RAV\RSTRAY.EXE [111000 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
    HKU\S-1-5-21-370388405-3256409741-2475370511-1000\...\Run: [BingSvc] => C:\Users\Bartek\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-370388405-3256409741-2475370511-1000\...\Run: [CCleaner Monitoring] => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    HKU\S-1-5-21-370388405-3256409741-2475370511-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
    BootExecute: autocheck autochk * bsmain
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=95751091_hao_pg
    HKU\S-1-5-21-370388405-3256409741-2475370511-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=95751091_hao_pg
    HKU\S-1-5-21-370388405-3256409741-2475370511-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
    BHO: Rising Web Helper -> {14A5E567-034B-471A-89D8-598A6A93B24B} -> C:\Program Files\Rising\RAV\rsscrbho.dll [2012-11-13] (Beijing Rising Information Technology Co., Ltd.)
    FF Plugin: @qq.com/npAndroidAssistant -> C:\Program Files\Common Files\Tencent\QQPhoneManager\2.0.201.3198\npQQPhoneManagerExt.dll No File
    FF Plugin: @qq.com/QQPCMgr -> C:\Program Files\Tencent\QQPCMgr\10.9.16349.225\npQMExtensionsMozilla.dll [2015-07-31] (Tencent Technology (Shenzhen) Company Limited)
    FF Plugin: @rising.com.cn/nprising -> C:\Program Files\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.)
    FF Plugin HKU\S-1-5-21-370388405-3256409741-2475370511-1000: @rising.com.cn/nprising -> C:\Program Files\Rising\RAV\nprising.dll [2013-06-27] (Beijing Rising Information Technology Co., Ltd.)
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [Not Found]
    CHR HKU\S-1-5-21-370388405-3256409741-2475370511-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - https://clients2.google.com/service/update2/crx
    R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\10.9.16349.225\QQPCRTP.exe [297608 2015-07-28] (Tencent)
    R2 RsMgrSvc; C:\Program Files\Rising\RSD\RsMgrSvc.exe [184088 2015-07-31] (Beijing Rising Information Technology Co., Ltd.)
    R2 RsRavMon; C:\Program Files\Rising\RAV\ravmond.exe [277552 2014-05-15] (Beijing Rising Information Technology Co., Ltd.)
    S2 Blushing Tour; "C:\Program Files\Blushing Tour\Blushing Tour.exe" [X]
    S2 Loving Bunch; C:\Users\Bartek\AppData\Roaming\Loving Bunch\Loving Bunch.exe [X]
    S2 Supportive Village; C:\Users\Bartek\AppData\Roaming\Supportive Village\Supportive Village.exe [X]
    R1 HyperVM; C:\Windows\system32\drivers\hvm.sys [32568 2015-08-01] (Beijing Rising Information Technology Co., Ltd.)
    R1 kguard; C:\Windows\System32\DRIVERS\kguard.sys [77080 2015-08-01] (Beijing Rising Information Technology Co., Ltd.)
    R1 QMIEProtect; C:\Program Files\Tencent\QQPCMgr\10.9.16349.225\QMIEProtect.sys [49464 2015-07-31] ()
    R1 QMUdisk; C:\Program Files\Tencent\QQPCMgr\10.9.16349.225\QMUdisk.sys [59872 2015-07-31] (Tencent)
    S1 QQPCHelper; C:\Program Files\Tencent\QQPCMgr\10.9.16349.225\QQPCHelper.sys [22360 2015-07-31] (Tencent)
    R2 QQSysMon; C:\Program Files\Tencent\QQPCMgr\10.9.16349.225\QQSysMon.sys [108472 2015-07-31] (电脑管家)
    R2 rsdsys; C:\Windows\system32\drivers\protreg.sys [24120 2014-05-28] (Beijing Rising Information Technology Co., Ltd.)
    R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [83384 2015-08-01] (Beijing Rising Information Technology Co., Ltd.)
    R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [157896 2015-08-01] (Beijing Rising Information Technology Co., Ltd.)
    R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator.sys [77016 2015-07-31] (Tencent)
    R2 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel.sys [138552 2015-07-31] (Tencent Technology(Shenzhen) Company Limited)
    R1 TFsFlt; C:\Windows\System32\Drivers\TFsFlt.sys [150072 2015-07-31] (电脑管家)
    R3 TS888; C:\Program Files\Tencent\QQPCMgr\10.9.16349.225\TS888.sys [30392 2015-08-01] (Tencent)
    R1 TSCPM; C:\Program Files\Tencent\QQPCMgr\10.9.16349.225\tscpm.sys [43448 2015-07-31] (电脑管家)
    R1 TSDefenseBt; C:\Windows\System32\DRIVERS\TSDefenseBt.sys [14008 2015-07-31] (Tencent)
    R0 TsFltMgr; C:\Windows\System32\drivers\TsFltMgr.sys [124792 2015-07-31] (电脑管家)
    R1 TSKSP; C:\Program Files\Tencent\QQPCMgr\10.9.16349.225\TSKsp.sys [204920 2015-07-31] (电脑管家)
    R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\10.9.16349.225\TSSysKit.sys [101560 2015-07-31] (电脑管家)
    2015-08-01 21:46 - 2015-08-01 21:46 - 00030392 _____ (Tencent) C:\Windows\system32\Drivers\TS888.sys
    2015-08-01 21:46 - 2015-07-31 11:08 - 00138552 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel.sys
    2015-08-01 21:46 - 2015-07-31 11:08 - 00077016 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator.sys
    2015-08-01 21:43 - 2015-08-01 22:08 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2015-08-01 21:41 - 2015-08-01 21:41 - 00000000 ____D C:\ProgramData\TXQMPC
    2015-08-01 01:47 - 2015-08-01 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rising Antivirus
    2015-08-01 01:46 - 2015-08-01 01:42 - 00032568 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\hvm.sys
    2015-08-01 00:22 - 2015-08-01 22:08 - 00000000 ____D C:\Users\Bartek\AppData\Roaming\Tencent
    2015-08-01 00:03 - 2015-08-01 00:03 - 00000000 ____D C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\爱奇艺
    2015-08-01 00:00 - 2015-08-01 21:38 - 00000000 ____D C:\AdwCleaner
    2015-07-31 23:45 - 2015-07-31 23:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2015-07-31 17:44 - 2015-08-01 00:03 - 00001038 _____ C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\爱奇艺万能播放器.lnk
    2015-07-31 16:48 - 2015-07-31 16:48 - 00000000 ____D C:\ProgramData\LocalStorage
    2015-07-31 11:18 - 2015-08-01 12:54 - 00000000 ___RD C:\RavBin
    2015-07-31 11:18 - 2015-07-31 11:18 - 00000132 __RSH C:\rising.ini
    2015-07-31 11:18 - 2015-07-31 11:18 - 00000122 _____ C:\Windows\system32\BsMain.ini
    2015-07-31 11:18 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\vpatch.dll
    2015-07-31 11:18 - 2013-12-30 09:33 - 00256280 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext.dll
    2015-07-31 11:18 - 2012-09-06 02:30 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\bsmain.exe
    2015-07-31 11:17 - 2015-08-01 01:40 - 00157896 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys
    2015-07-31 11:17 - 2015-08-01 01:40 - 00083384 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys
    2015-07-31 11:17 - 2015-08-01 01:40 - 00077080 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\kguard.sys
    2015-07-31 11:17 - 2012-02-29 09:49 - 00010808 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys
    2015-07-31 11:12 - 2015-07-31 11:18 - 00000000 ____D C:\ProgramData\Rising
    2015-07-31 11:12 - 2015-07-31 11:15 - 00000000 ____D C:\Program Files\Rising
    2015-07-31 11:12 - 2014-05-28 09:37 - 00024120 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\protreg.sys
    2015-07-31 11:10 - 2015-07-31 11:08 - 00014008 ____N (Tencent) C:\Windows\system32\Drivers\TSDefenseBt.sys
    2015-07-31 11:09 - 2015-07-31 11:08 - 00150072 ____N (电脑管家) C:\Windows\system32\Drivers\TFsFlt.sys
    2015-07-31 11:09 - 2015-07-31 11:08 - 00067896 ____N (电脑管家) C:\Windows\system32\TSSK.sys
    2015-07-31 11:08 - 2015-07-31 23:45 - 00000000 ____D C:\Users\Bartek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2015-07-31 11:08 - 2015-07-31 11:08 - 00124792 ____N (电脑管家) C:\Windows\system32\Drivers\TsFltMgr.sys
    2015-07-31 11:07 - 2015-07-31 11:07 - 00000000 ____D C:\Program Files\Tencent
    2015-07-31 11:06 - 2015-08-01 21:57 - 00000000 ____D C:\ProgramData\Tencent
    2015-07-30 20:04 - 2015-08-01 20:52 - 00000356 _____ C:\Windows\Tasks\NoteParse.job
    2015-07-28 02:04 - 2015-08-01 20:52 - 00000356 _____ C:\Windows\Tasks\WordJumble.job
    2015-06-20 02:35 - 2015-06-20 02:35 - 0000000 _____ () C:\Users\Bartek\AppData\Local\Temp.dat
    C:\Users\Bartek\AppData\Roaming\Supportive Village\
    EmptyTemp:

    W FRST wybierz Fix.

    Po wykonaniu daj nowe logi z FRST, ze skanowania.

    1
  • #4 04 Sie 2015 21:17
    Bodek133
    Poziom 5  

    Gdzie jest global upadate? W Panel Sterowania -> Odinstaluj Programy nie ma.

    0
  • #5 04 Sie 2015 21:22
    Kolobos
    Spec od komputerów

    Pomin to i wykonaj reszte.

    Ps. "Nie ma" nie pisze sie razem!

    -1