Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Chiński wirus - nie da się odinstalować. Windows XP.

frasu23 03 Gru 2015 22:46 1647 5
  • #2 03 Gru 2015 22:55
    Kolobos
    Spec od komputerów

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    (Tencent) C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\QQPCRTP.exe
    (STA) C:\Program Files\MTV20151125\MTview.exe
    HKLM\...\Run: [ QQPCTray] => C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\QQPCTray.exe [355296 2015-11-23] (Tencent)
    HKLM\...\Run: [MTview] => C:\Program Files\MTV20151125\MTView.exe [1875464 2015-11-25] (STA)
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=90820167_hao_pg
    HKU\S-1-5-21-1957994488-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=90820167_hao_pg
    URLSearchHook: [S-1-5-21-1957994488-764733703-839522115-1006] UWAGA => Brak domyślnego URLSearchHook
    FF Extension: Brak nazwy - C:\Documents and Settings\Konrad\Dane aplikacji\Mozilla\Firefox\Profiles\qyocz6es.default\extensions\deskCutv2@gmail.com [nie znaleziono]
    R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\QQPCRTP.exe [301728 2015-11-23] (Tencent)
    S3 AntiRk; C:\WINDOWS\System32\Drivers\AntiRk.sys [35768 2014-09-17] (Tencent)
    R1 QMIEProtect; C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\QMIEProtect.sys [50360 2015-11-20] ()
    R1 QMUdisk; C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\QMUdisk.sys [78776 2015-11-16] (Tencent)
    R2 QQSysMon; C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\QQSysMon.sys [108984 2015-11-23] (电脑管家)
    R3 softaal; C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\softaal.sys [36280 2015-11-23] (Tencent)
    R2 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator.sys [115944 2015-11-23] (Tencent)
    R2 TAOKernelDriver; C:\WINDOWS\system32\Drivers\TAOKernelXP.sys [138552 2015-11-23] (Tencent Technology(Shenzhen) Company Limited)
    R1 TFsFlt; C:\WINDOWS\System32\Drivers\TFsFlt.sys [150072 2015-11-23] (电脑管家)
    R3 TS888; C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\TS888.sys [30392 2015-12-03] (Tencent)
    R1 TSDefenseBt; C:\WINDOWS\System32\DRIVERS\TSDefenseBt.sys [14008 2015-11-23] (Tencent)
    R0 TsFltMgr; C:\WINDOWS\System32\drivers\TsFltMgr.sys [126776 2015-10-30] (电脑管家)
    R1 TSKSP; C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\TSKsp.sys [210072 2015-11-23] (电脑管家)
    R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\TSSysKit.sys [101560 2015-11-23] (电脑管家)
    S3 dump_wmimmc; \??\D:\Program Files\GameforgeLive\Games\POL_pol\Metin2\GameGuard\dump_wmimmc.sys [X]
    U1 WS2IFSL; Brak ImagePath
    2099-01-13 20:47 - 9092-01-13 20:47 - 00000000 __SHD C:\Documents and Settings\Tata\IECompatCache
    2099-01-13 20:46 - 9092-01-13 20:46 - 00000460 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{921021F1-B2FF-4C5C-8BEF-0C7ACF0B9272}.job




    2015-12-03 20:34 - 2015-12-03 00:02 - 00030392 _____ (Tencent) C:\WINDOWS\system32\Drivers\TS888.sys
    2015-12-03 20:34 - 2015-11-23 14:46 - 00115944 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator.sys
    2015-12-03 20:34 - 2015-11-23 07:13 - 00138552 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelXP.sys
    2015-12-03 20:33 - 2015-12-03 20:33 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2015-12-03 20:33 - 2015-12-03 00:01 - 00000000 ____D C:\Documents and Settings\Konrad\Dane aplikacji\Tencent
    2015-11-24 06:36 - 2015-12-03 20:36 - 00000000 ____D C:\AdwCleaner
    2015-11-24 06:34 - 2015-11-24 06:34 - 00000992 _____ C:\Program Files\Skrót do iExplore.lnk
    2015-11-24 06:28 - 2014-09-17 15:44 - 00035768 _____ (Tencent) C:\WINDOWS\system32\Drivers\AntiRk.sys
    2015-11-24 02:07 - 2015-11-24 02:07 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\ĂŔÍĽäŻŔŔ
    2015-11-24 02:06 - 2015-11-24 02:07 - 00000000 ____D C:\Program Files\MTV20151125
    2015-11-24 01:20 - 2015-11-24 01:20 - 00000000 ____D C:\Documents and Settings\Tata\Dane aplikacji\dissect
    2015-11-23 14:56 - 2015-11-23 14:56 - 00000000 ____D C:\Documents and Settings\All Users\tencent
    2015-11-23 13:32 - 2015-11-23 13:32 - 00000000 ____D C:\Documents and Settings\Konrad\Dane aplikacji\ADSafe3
    2015-11-23 09:31 - 2015-11-23 09:31 - 00000000 ____D C:\Documents and Settings\Konrad\Dane aplikacji\dissect
    2015-11-23 09:31 - 2015-11-23 09:31 - 00000000 ____D C:\Documents and Settings\Konrad\.android
    2015-11-23 09:30 - 2015-11-24 06:43 - 00000000 ____D C:\Program Files\ADSafe
    2015-11-23 09:30 - 2015-11-23 13:32 - 00001504 _____ C:\Documents and Settings\Konrad\Menu Start\Programy\.lnk
    2015-11-23 07:14 - 2015-11-23 07:13 - 00014008 ____N (Tencent) C:\WINDOWS\system32\Drivers\TSDefenseBt.sys
    2015-11-23 07:13 - 2015-11-23 07:13 - 00150072 ____N (电脑管家) C:\WINDOWS\system32\Drivers\TFsFlt.sys
    2015-11-23 07:13 - 2015-11-23 07:13 - 00000839 _____ C:\Documents and Settings\All Users\Menu Start\强力卸载电脑上的软件 .lnk
    2015-11-23 07:13 - 2015-10-30 18:18 - 00126776 ____N (电脑管家) C:\WINDOWS\system32\Drivers\TsFltMgr.sys
    2015-11-22 09:02 - 2015-11-22 09:02 - 00005120 _____ C:\Documents and Settings\Angelika\Dane aplikacji\GiftBag.db
    2015-11-22 07:18 - 2015-11-22 07:18 - 00005120 _____ C:\Documents and Settings\Tata\Dane aplikacji\GiftBag.db
    2015-11-22 07:11 - 2015-11-22 07:11 - 00000000 ____D C:\WINDOWS\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
    2015-11-22 05:45 - 2015-11-22 05:45 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
    2015-11-22 05:44 - 2015-11-23 07:13 - 00067896 ____N (电脑管家) C:\WINDOWS\system32\TSSK.sys
    2015-11-22 05:44 - 2015-11-22 05:44 - 00005120 _____ C:\Documents and Settings\Konrad\Dane aplikacji\GiftBag.db
    2015-11-22 05:43 - 2015-12-03 00:01 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Tencent
    2015-11-22 05:43 - 2015-11-22 05:43 - 00000000 ____D C:\Documents and Settings\LocalService\Dane aplikacji\Tencent
    2015-11-22 05:43 - 2015-11-22 05:43 - 00000000 ____D C:\Documents and Settings\All Users\TXQMPC
    2015-11-22 05:41 - 2015-11-24 06:38 - 00000000 ____D C:\Program Files\Tencent
    2015-11-24 06:34 - 2015-11-24 06:34 - 0000992 _____ () C:\Program Files\Skrót do iExplore.lnk
    EmptyTemp:

    W FRST wybierz Napraw.

    0
  • #4 03 Gru 2015 23:31
    Kolobos
    Spec od komputerów

    Zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 04 Gru 2015 09:10
    Acorus 20
    Spec od komputerów

    Wykonaj w trybie awaryjnym. Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    AV: 电脑管家系统防护 (Enabled - Up to date) {9AAC524A-BF34-49b0-91D2-71838CBB8110}
    Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job => C:\WINDOWS\system32\xp_eos.exe
    Task: C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — logowanie.job => C:\WINDOWS\system32\xp_eos.exe
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5} => ""=""
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-06-06] (Adobe Systems Incorporated)
    HKLM\...\Run: [ QQPCTray] => C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\QQPCTray.exe [355296 2015-11-23] (Tencent)
    HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16062464 2006-12-19] (Realtek Semiconductor Corp.)
    HKLM\...\Run: [AlcWzrd] => C:\WINDOWS\ALCWZRD.EXE [2808832 2006-05-04] (RealTek Semicoductor Corp.)
    HKU\S-1-5-21-1957994488-764733703-839522115-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
    HKU\S-1-5-21-1957994488-764733703-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=90820167_hao_pg
    URLSearchHook: [S-1-5-21-1957994488-764733703-839522115-1006] UWAGA => Brak domyślnego URLSearchHook
    R2 QQPCRTP; C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\QQPCRTP.exe [301728 2015-11-23] (Tencent)
    R1 QMIEProtect; C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\QMIEProtect.sys [50360 2015-11-20] ()
    R1 QMUdisk; C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\QMUdisk.sys [78776 2015-11-16] (Tencent)
    R2 QQSysMon; C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\QQSysMon.sys [108984 2015-11-23] (电脑管家)
    R2 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator.sys [115944 2015-11-23] (Tencent)
    R1 TAOKernelDriver; C:\WINDOWS\System32\Drivers\TAOKernelXP.sys [138552 2015-11-23] (Tencent Technology(Shenzhen) Company Limited)
    R1 TFsFlt; C:\WINDOWS\System32\Drivers\TFsFlt.sys [150072 2015-11-23] (电脑管家)
    R3 TS888; C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\TS888.sys [30392 2015-12-03] (Tencent)
    R1 TSDefenseBt; C:\WINDOWS\System32\DRIVERS\TSDefenseBt.sys [14008 2015-11-23] (Tencent)
    R0 TsFltMgr; C:\WINDOWS\System32\drivers\TsFltMgr.sys [126776 2015-10-30] (电脑管家)
    R1 TSKSP; C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\TSKsp.sys [210072 2015-11-23] (电脑管家)
    R1 TSSysKit; C:\Program Files\Tencent\QQPCMgr\11.1.16924.223\TSSysKit.sys [101560 2015-11-23] (电脑管家)
    S3 AntiRk; System32\Drivers\AntiRk.sys [X]
    S4 IntelIde; Brak ImagePath
    2015-12-03 20:33 - 2015-12-03 20:33 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2015-12-03 02:44 - 2015-12-03 02:44 - 00030392 _____ (Tencent) C:\WINDOWS\system32\Drivers\TS888.sys
    2015-12-03 02:44 - 2015-12-03 02:44 - 00000000 ____D C:\Documents and Settings\All Users\tencent
    2015-12-03 02:44 - 2015-11-23 14:46 - 00115944 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator.sys
    2015-12-03 02:44 - 2015-11-23 07:13 - 00138552 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelXP.sys
    2015-12-03 02:43 - 2015-12-03 02:44 - 00000000 ____D C:\Documents and Settings\Konrad\Dane aplikacji\Tencent
    2015-12-03 02:41 - 2015-12-03 02:41 - 00000000 ____D C:\Documents and Settings\All Users\TXQMPC
    2015-11-23 07:14 - 2015-11-23 07:13 - 00014008 ____N (Tencent) C:\WINDOWS\system32\Drivers\TSDefenseBt.sys
    2015-11-23 07:13 - 2015-11-23 07:13 - 00150072 ____N (电脑管家) C:\WINDOWS\system32\Drivers\TFsFlt.sys
    2015-11-23 07:13 - 2015-10-30 18:18 - 00126776 ____N (电脑管家) C:\WINDOWS\system32\Drivers\TsFltMgr.sys
    2015-11-22 05:44 - 2015-11-23 07:13 - 00067896 ____N (电脑管家) C:\WINDOWS\system32\TSSK.sys
    2015-11-22 05:43 - 2015-12-03 00:01 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Tencent
    2015-11-22 05:41 - 2015-11-24 06:38 - 00000000 ____D C:\Program Files\Tencent

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0