Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Chrome - rosyjski, niepotrzebny soft.

piotrek10h 29 Sty 2016 18:43 819 5
  • Pomocny post
    #2 29 Sty 2016 18:53
    Kolobos
    Spec od komputerów

    Duzo gorszy jest ten falszywy chinski antywirus, ktory zainstalowales.

    Odinstaluj o ile mozesz: 电脑管家11.3

    W ustawieniach Chrome wylacz przywracanie zestawu stron po starcie.

    Obok frst.exe utworz plik fixlist.txt z zawartoscia:
    CloseProcesses:
    AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    Task: {A09FC72F-B0F2-405F-B6A6-EB1D3EE63E1A} - \KMSAutoNet -> Brak pliku <==== UWAGA
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    HKLM\...\StartupApproved\Run32: => " QQPCTray"
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTray.exe [355296 2016-01-29] (Tencent)
    HKU\S-1-5-21-1309905807-2764683794-3786681160-1001\...\Run: [C] => C:\Windows\system32\GroupPolicy\Machine\Registry.pol [8 2016-01-29] ()
    HKU\S-1-5-21-1309905807-2764683794-3786681160-1001\...\MountPoints2: {f5782cc6-b2ea-11e5-a5f4-00c2c65f57cf} - "E:\vs_enterprise.exe"
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMGCShellExt64.dll [2016-01-29] (Tencent)
    GroupPolicy-x32: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=97633303_hao_pg
    HKU\S-1-5-21-1309905807-2764683794-3786681160-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://smartsputnik.ru/?ri=1&uid=c28f173337d7f035a0945ab00c564d5d&q={searchTerms}
    HKU\S-1-5-21-1309905807-2764683794-3786681160-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=97633303_hao_pg
    HKU\S-1-5-21-1309905807-2764683794-3786681160-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://smartsputnik.ru/?ri=1&uid=c28f173337d7f035a0945ab00c564d5d&q={searchTerms}
    URLSearchHook: [S-1-5-21-1309905807-2764683794-3786681160-1001] UWAGA => Brak domyślnego URLSearchHook
    URLSearchHook: HKU\S-1-5-21-1309905807-2764683794-3786681160-1001 - (Brak nazwy) - {0633EE93-D776-472f-A0FF-E1416B8B2E3D} - Brak pliku




    SearchScopes: HKU\S-1-5-21-1309905807-2764683794-3786681160-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://smartsputnik.ru/?ri=1&uid=c28f173337d7f035a0945ab00c564d5d&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1309905807-2764683794-3786681160-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3C} URL = hxxp://smartsputnik.ru/?ri=1&uid=c28f173337d7f035a0945ab00c564d5d&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-1309905807-2764683794-3786681160-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3D} URL = hxxp://smartsputnik.ru/?ri=1&uid=c28f173337d7f035a0945ab00c564d5d&q=
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSWebMon64.dat [2016-01-29] (Tencent)
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\npQMExtensionsMozilla.dll [2016-01-29] (Tencent Technology (Shenzhen) Company Limited)
    CHR StartupUrls: Default -> "hxxp://www.google.pl/","hxxp://www.yoursearching.com/?type=hp&ts=1454085317&z=1976b2e833df3ce422689feg9zcw8z6edbbw3c4g8m&from=itr&uid=st1000lm014-sshd-8gb_w381d8jdxxxxw381d8jd"
    CHR Extension: (电脑管家上网防护) - C:\Users\Potr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2016-01-29]
    S2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCRTP.exe [301728 2016-01-29] (Tencent)
    S2 SPS; C:\Windows\SysWOW64\SearchProtectService.exe [828928 2016-01-29] () [Brak podpisu cyfrowego]
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QMUdisk64.sys [79160 2016-01-29] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQSysMonX64.sys [138552 2016-01-29] (电脑管家)
    R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\softaal64.sys [35128 2016-01-29] (Tencent)
    R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [89464 2016-01-29] (Tencent)
    R2 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernelEx64.sys [128312 2016-01-29] (Tencent Technology(Shenzhen) Company Limited)
    R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-01-29] (电脑管家)
    S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSDefenseBT64.sys [28984 2016-01-29] (Tencent)
    R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys [48440 2016-01-14] ()
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSSysKit64.sys [87352 2016-01-29] (电脑管家)
    S1 vilfvvgp; \??\C:\Windows\system32\drivers\vilfvvgp.sys [X]
    2016-01-29 17:38 - 2016-01-29 17:37 - 00128312 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernelEx64.sys
    2016-01-29 17:38 - 2016-01-29 17:37 - 00089464 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
    2016-01-29 17:38 - 2016-01-14 10:47 - 00128280 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys
    2016-01-29 17:37 - 2016-01-29 17:37 - 22908888 _____ (Malwarebytes ) C:\Users\Potr\Downloads\mbam-setup-2.2.0.1024 (1).exe
    2016-01-29 17:37 - 2016-01-29 17:37 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2016-01-29 17:37 - 2016-01-29 17:37 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-01-29 17:37 - 2016-01-29 17:37 - 00000000 _____ C:\Users\Potr\Desktop\$电脑管家-清理垃圾$.qmgc
    2016-01-29 17:36 - 2016-01-29 17:40 - 00000000 ____D C:\ProgramData\Tencent
    2016-01-29 17:36 - 2016-01-29 17:38 - 00000000 ____D C:\Users\Potr\AppData\Roaming\Tencent
    2016-01-29 17:36 - 2016-01-29 17:36 - 00000000 ____D C:\Program Files (x86)\Tencent
    2016-01-29 17:34 - 2016-01-29 18:01 - 00001008 __RSH C:\ProgramData\ntuser.pol
    2016-01-29 17:34 - 2016-01-29 17:34 - 00828928 _____ C:\Windows\SysWOW64\SearchProtectService.exe
    2016-01-29 17:34 - 2016-01-29 17:34 - 00000129 _____ C:\Users\Potr\Downloads\L
    2016-01-29 17:34 - 2016-01-29 17:34 - 00000000 ____D C:\Users\Potr\Downloads\Torrentex
    2016-01-29 17:33 - 2016-01-29 19:32 - 03770448 _____ () C:\Users\Potr\Downloads\Tom Clancys The Division Patch Fix.exe
    2016-01-29 17:32 - 2016-01-29 17:32 - 03770545 _____ C:\Users\Potr\Downloads\Tom Clancys The Division Patch Fix.rar
    RemoveDirectory: C:\Program Files\Common Files\Tencent
    RemoveDirectory: C:\ProgramData\Tencent
    RemoveDirectory: C:\Users\Potr\AppData\Roaming\Tencent
    RemoveDirectory: C:\Program Files (x86)\Tencent
    EmptyTemp:
    Reboot:

    W FRST wybierz Napraw.

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #4 29 Sty 2016 19:14
    Kolobos
    Spec od komputerów

    W Chrome nadal nie wylaczyles przywracania zestawu stron po starcie i masz szkodliwa yoursearching:
    CHR StartupUrls: Default -> "hxxp://www.google.pl/","hxxp://www.yoursearching.com/?type=hp&ts=1454085317&z=1976b2e833df3ce422689feg9zcw8z6edbbw3c4g8m&from=itr&uid=st1000lm014-sshd-8gb_w381d8jdxxxxw381d8jd"
    Wykonaj to co napisalem.

    Nowy Fixlist.txt dla FRST:
    HKLM-x32\...\Run: [ QQPCTray] => "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCTray.exe" /regrun
    URLSearchHook: [S-1-5-21-1309905807-2764683794-3786681160-1001] UWAGA => Brak domyślnego URLSearchHook
    S2 QQPCRTP; "C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQPCRTP.exe" -r [X]
    S2 QQSysMonX64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\QQSysMonX64.sys [X]
    S3 TFsFlt; system32\Drivers\TFsFltX64.sys [X]
    S1 TSDefenseBt; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TSDefenseBT64.sys [X]
    S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\11.3.17201.218\TsNetHlpX64.sys [X]
    2016-01-29 19:04 - 2016-01-29 19:04 - 00000008 __RSH C:\ProgramData\ntuser.pol
    2016-01-29 19:03 - 2016-01-29 19:03 - 00000000 ____D C:\Users\Potr\AppData\Roaming\Tencent
    2016-01-29 19:03 - 2016-01-29 19:03 - 00000000 ____D C:\ProgramData\Tencent
    2016-01-29 18:55 - 2016-01-29 19:04 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    RemoveDirectory: C:\ProgramData\Tencent
    RemoveDirectory: C:\Users\Potr\AppData\Roaming\Tencent

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 30 Sty 2016 13:49
    Kolobos
    Spec od komputerów

    Usun katalog C:\FRST i to wszystko.
    Chrome - rosyjski, niepotrzebny soft.

    0