Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Jak usunąć - niechciany chiński program?

kamil_23 10 Gru 2015 12:32 3051 10
  • #2 10 Gru 2015 12:38
    Kolobos
    Spec od komputerów

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CloseProcesses:
    AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QQPCRTP.exe
    (Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QQPCTray.exe
    (Shanghai Damo Network Sci. & Tech. Co. Ltd.) C:\Program Files (x86)\ADSafe\ADSvc.exe
    (Shanghai Damo Network Sci. & Tech. Co. Ltd.) C:\Program Files (x86)\ADSafe\ADSafe.exe
    (Tencent) C:\Program Files (x86)\Tencent\Tencent.exe
    (Shanghai Damo Network Sci. & Tech. Co. Ltd.) C:\Program Files (x86)\ADSafe\ADSafe64.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\plugins\QMNetMon\QQPCNetFlow.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QQPCRealTimeSpeedup.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QQPCTray.exe
    (Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
    HKLM-x32\...\Run: [Tencent] => C:\Program Files (x86)\Tencent\Tencent.exe [188416 2015-12-06] (Tencent)
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QQPCTray.exe [355296 2015-12-10] (Tencent)
    HKU\S-1-5-21-689998936-4057611008-123607939-1000\...\MountPoints2: F - F:\_AUTORUN\AUTORUN.EXE
    HKU\S-1-5-21-689998936-4057611008-123607939-1000\...\MountPoints2: G - G:\setup.exe
    HKU\S-1-5-21-689998936-4057611008-123607939-1000\...\MountPoints2: {1ec478a3-845f-11e5-9856-d07e35d6bddd} - F:\_AUTORUN\AUTORUN.EXE
    HKU\S-1-5-21-689998936-4057611008-123607939-1000\...\MountPoints2: {24a7d402-84ce-11e5-b2ff-d07e35d6bddd} - H:\_AUTORUN\AUTORUN.EXE
    HKU\S-1-5-21-689998936-4057611008-123607939-1000\...\MountPoints2: {72470bcf-703b-11e5-9bc9-d07e35d6bddd} - G:\setup.exe
    ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Kamil\AppData\Local\MEGAsync\ShellExtX64.dll Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Kamil\AppData\Local\MEGAsync\ShellExtX64.dll Brak pliku
    ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Kamil\AppData\Local\MEGAsync\ShellExtX64.dll Brak pliku
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QMGCShellExt64.dll [2015-12-10] (Tencent)




    ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Kamil\AppData\Local\MEGAsync\ShellExtX32.dll Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Kamil\AppData\Local\MEGAsync\ShellExtX32.dll Brak pliku
    ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Kamil\AppData\Local\MEGAsync\ShellExtX32.dll Brak pliku
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=95611903_hao_pg
    HKU\S-1-5-21-689998936-4057611008-123607939-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=95611903_hao_pg
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\TSWebMon64.dat [2015-12-10] (Tencent)
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\npQMExtensionsMozilla.dll [2015-10-21] (Tencent Technology (Shenzhen) Company Limited)
    FF user.js: detected! => C:\Users\Kamil\AppData\Roaming\Mozilla\Firefox\Profiles\e0fvkhlb.default\user.js [2015-12-10]
    R2 ADSafeSvc; C:\Program Files (x86)\ADSafe\ADSvc.exe [162808 2015-05-20] (Shanghai Damo Network Sci. & Tech. Co. Ltd.)
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QQPCRTP.exe [301728 2015-12-10] (Tencent)
    S3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\TAOFrame.exe [297952 2015-12-10] (Tencent)
    S2 Update Wooden Seal; "C:\Program Files (x86)\Wooden Seal\updateWoodenSeal.exe" [X]
    S2 Util Wooden Seal; Brak ImagePath
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QMUdisk64.sys [79160 2015-11-16] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QQSysMonX64.sys [138040 2015-12-10] (电脑管家)
    R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [89816 2015-11-26] (Tencent)
    R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [274232 2015-12-10] (Tencent Technology(Shenzhen) Company Limited)
    R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-12-10] (电脑管家)
    R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\TS888x64.sys [28984 2015-12-10] (Tencent)
    R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\TSDefenseBT64.sys [28984 2015-12-10] (Tencent)
    S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-12-10] (电脑管家)
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\TSSysKit64.sys [87352 2015-12-10] (电脑管家)
    R1 {03fe1e82-27a8-4c9c-9858-83f6dd0428dc}Gw64; C:\Windows\System32\drivers\{03fe1e82-27a8-4c9c-9858-83f6dd0428dc}Gw64.sys [48784 2015-12-09] (StdLib)
    2015-12-10 11:17 - 2015-12-10 11:17 - 00000000 ____D C:\Windows\SysWOW64\tab
    2015-12-10 11:17 - 2015-12-10 11:17 - 00000000 ____D C:\Windows\SysWOW64\hover
    2015-12-10 11:16 - 2015-12-10 12:01 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
    2015-12-10 11:06 - 2015-12-04 12:06 - 00127832 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys
    2015-12-10 11:00 - 2015-12-10 11:45 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Tencent
    2015-12-10 11:00 - 2015-12-10 11:16 - 00000000 ____D C:\ProgramData\Tencent
    2015-12-10 11:00 - 2015-12-10 11:00 - 00274232 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
    2015-12-10 11:00 - 2015-12-10 11:00 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2015-12-10 11:00 - 2015-12-10 11:00 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
    2015-12-10 11:00 - 2015-12-10 11:00 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2015-12-10 11:00 - 2015-12-10 11:00 - 00000000 ____D C:\ProgramData\TXQMPC
    2015-12-10 11:00 - 2015-12-10 11:00 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2015-12-10 11:00 - 2015-12-09 20:30 - 00048784 _____ (StdLib) C:\Windows\system32\Drivers\{03fe1e82-27a8-4c9c-9858-83f6dd0428dc}Gw64.sys
    2015-12-10 11:00 - 2015-11-26 16:27 - 00089816 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
    2015-12-10 10:59 - 2015-12-10 12:02 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\ADSafe3
    2015-12-10 10:59 - 2015-12-10 11:09 - 00000000 ____D C:\Program Files (x86)\Tencent
    2015-12-10 10:59 - 2015-12-10 10:59 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\dissect
    2015-12-10 10:59 - 2015-12-10 10:59 - 00000000 ____D C:\Users\Kamil\.android
    2015-12-10 10:59 - 2015-12-10 10:59 - 00000000 ____D C:\Program Files (x86)\ADSafe
    2015-12-10 10:59 - 2015-07-10 06:31 - 00028416 _____ C:\Windows\system32\Drivers\DMProtect64.sys
    2015-12-10 10:58 - 2015-12-10 11:50 - 00000000 ____D C:\Program Files (x86)\Wooden Seal
    EmptyTemp:
    Reboot:

    W FRST wybierz Napraw.

    Po wykonaniu zamiesc nowe logi ze skanowania, z FRST.

    0
  • #4 10 Gru 2015 13:39
    Kolobos
    Spec od komputerów

    Nie widze, zebys wykonal fixlist. Wykonaj jeszcze raz, tym razem poprawnie. Zamiesc fixlog.txt, ktory sie utworzy i dopiero zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 10 Gru 2015 14:04
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt dla FRST:
    CloseProcesses:
    AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QQPCRTP.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QQPCTray.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\plugins\QMNetMon\QQPCNetFlow.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QQPCRealTimeSpeedup.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QQPCSoftCmd.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\qmspeedupplugin\phonerocket\dock_5.8.0.3\QQPCPhoneDock.exe
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QQPCTray.exe [355296 2015-12-10] (Tencent)
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\TSWebMon64.dat [2015-12-10] (Tencent)
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QQPCRTP.exe [301728 2015-12-10] (Tencent)
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QMUdisk64.sys [79160 2015-11-16] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\QQSysMonX64.sys [138040 2015-12-10] (电脑管家)
    R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [89816 2015-11-26] (Tencent)
    R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [274232 2015-12-10] (Tencent Technology(Shenzhen) Company Limited)
    R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-12-10] (电脑管家)
    R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\TS888x64.sys [28984 2015-12-10] (Tencent)
    R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\TSDefenseBT64.sys [28984 2015-12-10] (Tencent)
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.0.16794.227\TSSysKit64.sys [87352 2015-12-10] (电脑管家)
    S1 DMProtect; system32\DRIVERS\DMProtect64.sys [X]
    S3 TSSKX64; System32\drivers\tsskx64.sys [X]
    2015-12-10 13:50 - 2015-12-10 13:50 - 00000000 ____D C:\Windows\SysWOW64\tab
    2015-12-10 13:50 - 2015-12-10 13:50 - 00000000 ____D C:\Windows\SysWOW64\hover
    2015-12-10 13:49 - 2015-12-04 12:06 - 00127832 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys
    2015-12-10 13:48 - 2015-12-10 13:48 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
    2015-12-10 13:48 - 2015-12-10 13:48 - 00000000 ____D C:\Users\Kamil\AppData\Roaming\Tencent
    2015-12-10 13:48 - 2015-12-10 13:48 - 00000000 ____D C:\ProgramData\TXQMPC
    2015-12-10 13:48 - 2015-12-10 11:00 - 00274232 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
    2015-12-10 13:48 - 2015-11-26 16:27 - 00089816 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
    2015-12-10 12:52 - 2015-12-10 13:07 - 00000000 ____D C:\ProgramData\Tencent
    2015-12-10 12:52 - 2015-12-10 12:52 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2015-12-10 12:51 - 2015-12-10 12:51 - 00002252 _____ C:\Windows\system32\Drivers\{03fe1e82-27a8-4c9c-9858-83f6dd0428dc}gw64.sys.lnk
    2015-12-10 11:00 - 2015-12-10 11:00 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    C:\Program Files (x86)\Tencent
    Reboot:


    Po wykonaniu zamiesc nowe logi ze skanowania.

    0
  • Pomocny post
    #8 10 Gru 2015 14:23
    Kolobos
    Spec od komputerów

    Sprobuj wykonac podany wczesniej fixlist.txt w trybie awaryjnym.

    0
  • Pomocny post
    #10 10 Gru 2015 15:11
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.

    0
  • #11 10 Gru 2015 15:33
    kamil_23
    Poziom 5  

    Dziękuje bardzo, wszystko jest jak należy, pozdrawiam

    0