Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Nie można usunąć pewnego chińskiego programu - QQPCTray.

Bleidd3k 14 Lut 2016 14:31 1539 7
  • CControls
  • #2 14 Lut 2016 15:12
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    Task: {23DBB7A6-148F-4261-B079-FE7BC29DC275} - System32\Tasks\{7B6B515E-7593-4E30-8224-40528A30FAB3} => pcalua.exe -a "C:\Program Files (x86)\Mobo\Service\x64\install64.exe" -d C:\Users\Bleidd\AppData\Local\Temp\Setup\8582441 -c "C:\Users\Bleidd\AppData\Local\Temp\Driver\USB_COMPOSITE\android_winusb.inf"|"USB\Class_ff&SubClass_42&Prot_01"
    Task: {A4A29A7D-662C-4E33-8D86-5F398C11743B} - \SteamClient -> Brak pliku <==== UWAGA
    Task: {ADE11AB5-4E48-4AB2-A7E6-6E539D5184C7} - System32\Tasks\{31799B71-429A-44B1-B9D0-6B97595CF3EB} => pcalua.exe -a C:\Users\Bleidd\AppData\Local\Temp\Temp1_VGA_AMD_8.901.3.0000_W7x64_A.zip\VGA_AMD_8.901.3.0000_W7x64\Setup.exe
    Task: {D2F11B6E-0172-4AAC-BB22-5876FDFC6AB6} - System32\Tasks\{29930362-21E9-4512-B125-0E7DC0F31238} => pcalua.exe -a "C:\Program Files (x86)\Mobo\Service\x64\install64.exe" -d C:\Users\Bleidd\AppData\Local\Temp\Setup\8582441 -c "C:\Users\Bleidd\AppData\Local\Temp\Driver\USB_COMPOSITE\android_winusb.inf"|"USB\Class_ff&amp;SubClass_42&amp;Prot_01"
    Task: {F41D423F-7642-4917-ABE4-B1B433113A30} - \WinTaske -> Brak pliku <==== UWAGA
    Hosts:
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCRTP.exe
    HKLM-x32\...\Run: [pcmgr] => C:\Program Files (x86)\qq\Uninst.exe [1571296 2015-12-28] (Tencent)
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCTRAY.EXE [355296 2016-02-14] (Tencent)
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMGCShellExt64.dll [2016-02-14] (Tencent)
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=97951667_hao_pg
    HKU\S-1-5-21-857143840-4127465203-4104556841-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=97951667_hao_pg
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TSWebMon64.dat [2016-02-14] (Tencent)
    FF DefaultSearchEngine: yessearches
    FF SelectedSearchEngine: yessearches
    FF Homepage: hxxps://www.malwarebytes.org/restorebrowser//...D2AFAD3C4CF93A8C&ptid=wak&mode=ffseng
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\npQMExtensionsMozilla.dll [2016-02-14] (Tencent Technology (Shenzhen) Company Limited)




    CHR HomePage: Default -> hxxps://www.google.pl/_/chrome/newtab?espv=2&ie=UTF-8
    CHR StartupUrls: Default -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=743B5AB33F638DC2D2AFAD3C4CF93A8C&v=20160202&ts=AHEpBHEoA3ElA0.."
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCRtp.exe [301728 2016-02-14] (Tencent)
    S3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TAOFrame.exe [293856 2016-02-14] (Tencent)
    S2 wucotusy; Brak ImagePath
    S2 zutuzuni; Brak ImagePath
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMUdisk64.sys [62264 2016-02-14] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQSysMonX64.sys [138040 2016-02-14] (电脑管家)
    R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [74040 2016-02-14] (Tencent)
    R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [274232 2016-02-14] (Tencent Technology(Shenzhen) Company Limited)
    R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-02-14] (电脑管家)
    R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TS888x64.sys [28984 2016-02-14] (Tencent)
    R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TsDefenseBT64.sys [28472 2016-02-14] (Tencent)
    S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [45368 2015-12-28] (电脑管家)
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TSSysKit64.sys [87352 2016-02-14] (电脑管家)
    2016-02-14 10:14 - 2016-02-14 14:17 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
    2016-02-14 10:07 - 2016-02-14 10:07 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-02-14 10:07 - 2016-01-14 10:47 - 00128280 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys
    2016-02-14 10:06 - 2016-02-14 10:06 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2016-02-14 10:06 - 2016-02-14 10:04 - 00074040 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
    2016-02-14 10:05 - 2016-02-14 10:04 - 00274232 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
    2016-02-14 10:05 - 2015-12-28 16:34 - 00045368 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
    2016-02-14 10:04 - 2016-02-14 10:04 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2016-02-14 10:04 - 2016-02-14 10:04 - 00000000 ____D C:\Users\Bleidd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2016-02-14 10:03 - 2016-02-14 14:16 - 00000000 ____D C:\Program Files (x86)\0049AADA-1455440586-E111-B2DE-8EED98972A7A
    2016-02-14 10:03 - 2016-02-14 10:18 - 00000000 ____D C:\ProgramData\Tencent
    2016-02-14 10:03 - 2016-02-14 10:17 - 00000000 ____D C:\Users\Bleidd\AppData\Roaming\Tencent
    2016-02-14 10:03 - 2016-02-14 10:03 - 00000000 ____D C:\Program Files (x86)\Tencent
    2016-01-17 10:31 - 2016-01-17 10:31 - 00000000 ____D C:\Users\Public\Documents\Baidu
    2016-02-05 19:00 - 2016-02-05 19:00 - 00000000 ____D C:\ProgramData\KONAMI
    2016-02-05 18:59 - 2016-02-05 18:59 - 00000000 ____D C:\Users\Bleidd\Documents\KONAMI

    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #3 14 Lut 2016 15:22
    Bleidd3k
    Poziom 4  

    Wykonalem to co kazałeś... Lecz problem nie zniknął :(

    0
  • Pomocny post
    #5 14 Lut 2016 15:43
    Kolobos
    Spec od komputerów

    Odinstaluj
    Java(TM) 6 Update 41

    Uruchom system w trybie awaryjnym i tam wykonaj Fixlist.txt:
    CloseProcesses:
    AV: 电脑管家系统防护 (Disabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: 电脑管家系统防护 (Disabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    Task: {0DCDAB48-AAC6-4AAF-93AC-0AC34A520B2B} - System32\Tasks\{9B184EC7-A7A9-4BE0-B1D6-E72875794554} => Chrome.exe hxxp://ui.skype.com/ui/0/7.15.0.102/pl/go/hel...?source=lightinstaller&amp;LastError=1618
    Task: {23DBB7A6-148F-4261-B079-FE7BC29DC275} - System32\Tasks\{7B6B515E-7593-4E30-8224-40528A30FAB3} => pcalua.exe -a "C:\Program Files (x86)\Mobo\Service\x64\install64.exe" -d C:\Users\Bleidd\AppData\Local\Temp\Setup\8582441 -c "C:\Users\Bleidd\AppData\Local\Temp\Driver\USB_COMPOSITE\android_winusb.inf"|"USB\Class_ff&amp;SubClass_42&amp;Prot_01"
    Task: {A4A29A7D-662C-4E33-8D86-5F398C11743B} - \SteamClient -> Brak pliku <==== UWAGA
    Task: {ADE11AB5-4E48-4AB2-A7E6-6E539D5184C7} - System32\Tasks\{31799B71-429A-44B1-B9D0-6B97595CF3EB} => pcalua.exe -a C:\Users\Bleidd\AppData\Local\Temp\Temp1_VGA_AMD_8.901.3.0000_W7x64_A.zip\VGA_AMD_8.901.3.0000_W7x64\Setup.exe
    Task: {D2F11B6E-0172-4AAC-BB22-5876FDFC6AB6} - System32\Tasks\{29930362-21E9-4512-B125-0E7DC0F31238} => pcalua.exe -a "C:\Program Files (x86)\Mobo\Service\x64\install64.exe" -d C:\Users\Bleidd\AppData\Local\Temp\Setup\8582441 -c "C:\Users\Bleidd\AppData\Local\Temp\Driver\USB_COMPOSITE\android_winusb.inf"|"USB\Class_ff&amp;SubClass_42&amp;Prot_01"
    Task: {F41D423F-7642-4917-ABE4-B1B433113A30} - \WinTaske -> Brak pliku <==== UWAGA
    2016-02-14 10:04 - 2016-02-14 10:04 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\zlib.dll
    2016-02-14 10:04 - 2016-02-14 10:04 - 00481632 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\sqlite.dll
    2016-02-14 10:04 - 2016-02-14 10:04 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\tinyxml.dll
    2016-02-14 10:04 - 2016-02-14 10:04 - 00039776 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
    2016-02-14 10:04 - 2016-02-14 10:04 - 00063840 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
    2016-02-14 10:04 - 2016-02-14 10:04 - 00018784 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\oDayProtect.dll
    2016-02-14 10:04 - 2016-02-14 10:04 - 00125280 _____ () c:\program files (x86)\tencent\qqpcmgr\10.11.16588.235\qmrtpcontroller.dll
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    Hosts:
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCRTP.exe
    HKLM-x32\...\Run: [pcmgr] => C:\Program Files (x86)\qq\Uninst.exe [1571296 2015-12-28] (Tencent)
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCTRAY.EXE [355296 2016-02-14] (Tencent)
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMGCShellExt64.dll [2016-02-14] (Tencent)
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=97951667_hao_pg
    HKU\S-1-5-21-857143840-4127465203-4104556841-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=97951667_hao_pg
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TSWebMon64.dat [2016-02-14] (Tencent)
    FF DefaultSearchEngine: yessearches
    FF SelectedSearchEngine: yessearches
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\npQMExtensionsMozilla.dll [2016-02-14] (Tencent Technology (Shenzhen) Company Limited)
    FF Extension: thirteen degrees 1.0.1 - C:\Users\Bleidd\AppData\Roaming\Mozilla\Firefox\Profiles\216nq6z9.default\Extensions\{8ef122e7-f308-4a3c-af92-3d722ab30c6d}.xpi [2016-02-13] [Brak podpisu cyfrowego]
    CHR StartupUrls: Default -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=743B5AB33F638DC2D2AFAD3C4CF93A8C&v=20160202&ts=AHEpBHEoA3ElA0.."
    DisableService: QQPCRTP
    DisableService: TAOFrame
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCRtp.exe [301728 2016-02-14] (Tencent)
    S3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TAOFrame.exe [293856 2016-02-14] (Tencent)
    S2 wucotusy; Brak ImagePath
    S2 zutuzuni; Brak ImagePath
    DisableService: QMUdisk
    DisableService: QQSysMonX64
    DisableService: TAOAccelerator
    DisableService: TAOKernelDriver
    DisableService: TFsFlt
    DisableService: TS888x64
    DisableService: TSDefenseBt
    DisableService: TSSKX64
    DisableService: TSSysKit
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMUdisk64.sys [62264 2016-02-14] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQSysMonX64.sys [138040 2016-02-14] (电脑管家)
    R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [74040 2016-02-14] (Tencent)
    R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [274232 2016-02-14] (Tencent Technology(Shenzhen) Company Limited)
    R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-02-14] (电脑管家)
    R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TS888x64.sys [28984 2016-02-14] (Tencent)
    R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TsDefenseBT64.sys [28472 2016-02-14] (Tencent)
    S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [45368 2015-12-28] (电脑管家)
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TSSysKit64.sys [87352 2016-02-14] (电脑管家)
    2016-02-14 10:37 - 2016-02-14 11:39 - 00000000 ____D C:\Users\Bleidd\AppData\Roaming\Elex-tech
    2016-02-14 10:14 - 2016-02-14 14:17 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
    RemoveDirectory: C:\ProgramData\TXQMPC
    2016-02-14 10:07 - 2016-01-14 10:47 - 00128280 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys
    RemoveDirectory: C:\Program Files\Common Files\Tencent
    2016-02-14 10:06 - 2016-02-14 10:04 - 00074040 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
    2016-02-14 10:05 - 2016-02-14 10:04 - 00274232 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
    2016-02-14 10:05 - 2015-12-28 16:34 - 00045368 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
    2016-02-14 10:04 - 2016-02-14 10:04 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2016-02-14 10:04 - 2016-02-14 10:04 - 00000000 ____D C:\Users\Bleidd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2016-02-14 10:03 - 2016-02-14 14:16 - 00000000 ____D C:\Program Files (x86)\0049AADA-1455440586-E111-B2DE-8EED98972A7A
    RemoveDirectory: C:\ProgramData\Tencent
    RemoveDirectory: C:\Users\Bleidd\AppData\Roaming\Tencent
    RemoveDirectory: C:\Program Files (x86)\Tencent
    2016-02-14 10:03 - 2016-02-14 10:01 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
    RemoveDirectory: C:\Program Files (x86)\qq
    2016-02-14 10:00 - 2016-02-14 10:00 - 00000000 ____D C:\Users\Public\Documents\dmp
    2016-02-14 10:00 - 2016-02-14 10:00 - 00000000 ____D C:\Program Files (x86)\Winsere
    EmptyTemp:
    Reboot:

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #6 14 Lut 2016 16:17
    Bleidd3k
    Poziom 4  

    Kolobos napisał:
    Odinstaluj
    Java(TM) 6 Update 41

    Uruchom system w trybie awaryjnym i tam wykonaj Fixlist.txt:
    Spoiler:
    CloseProcesses:
    AV: 电脑管家系统防护 (Disabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: 电脑管家系统防护 (Disabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    Task: {0DCDAB48-AAC6-4AAF-93AC-0AC34A520B2B} - System32\Tasks\{9B184EC7-A7A9-4BE0-B1D6-E72875794554} => Chrome.exe hxxp://ui.skype.com/ui/0/7.15.0.102/pl/go/hel...?source=lightinstaller&amp;LastError=1618
    Task: {23DBB7A6-148F-4261-B079-FE7BC29DC275} - System32\Tasks\{7B6B515E-7593-4E30-8224-40528A30FAB3} => pcalua.exe -a "C:\Program Files (x86)\Mobo\Service\x64\install64.exe" -d C:\Users\Bleidd\AppData\Local\Temp\Setup\8582441 -c "C:\Users\Bleidd\AppData\Local\Temp\Driver\USB_COMPOSITE\android_winusb.inf"|"USB\Class_ff&amp;SubClass_42&amp;Prot_01"
    Task: {A4A29A7D-662C-4E33-8D86-5F398C11743B} - \SteamClient -> Brak pliku <==== UWAGA
    Task: {ADE11AB5-4E48-4AB2-A7E6-6E539D5184C7} - System32\Tasks\{31799B71-429A-44B1-B9D0-6B97595CF3EB} => pcalua.exe -a C:\Users\Bleidd\AppData\Local\Temp\Temp1_VGA_AMD_8.901.3.0000_W7x64_A.zip\VGA_AMD_8.901.3.0000_W7x64\Setup.exe
    Task: {D2F11B6E-0172-4AAC-BB22-5876FDFC6AB6} - System32\Tasks\{29930362-21E9-4512-B125-0E7DC0F31238} => pcalua.exe -a "C:\Program Files (x86)\Mobo\Service\x64\install64.exe" -d C:\Users\Bleidd\AppData\Local\Temp\Setup\8582441 -c "C:\Users\Bleidd\AppData\Local\Temp\Driver\USB_COMPOSITE\android_winusb.inf"|"USB\Class_ff&amp;SubClass_42&amp;Prot_01"
    Task: {F41D423F-7642-4917-ABE4-B1B433113A30} - \WinTaske -> Brak pliku <==== UWAGA
    2016-02-14 10:04 - 2016-02-14 10:04 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\zlib.dll
    2016-02-14 10:04 - 2016-02-14 10:04 - 00481632 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\sqlite.dll
    2016-02-14 10:04 - 2016-02-14 10:04 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\tinyxml.dll
    2016-02-14 10:04 - 2016-02-14 10:04 - 00039776 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
    2016-02-14 10:04 - 2016-02-14 10:04 - 00063840 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
    2016-02-14 10:04 - 2016-02-14 10:04 - 00018784 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\oDayProtect.dll
    2016-02-14 10:04 - 2016-02-14 10:04 - 00125280 _____ () c:\program files (x86)\tencent\qqpcmgr\10.11.16588.235\qmrtpcontroller.dll
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    Hosts:
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCRTP.exe
    HKLM-x32\...\Run: [pcmgr] => C:\Program Files (x86)\qq\Uninst.exe [1571296 2015-12-28] (Tencent)
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCTRAY.EXE [355296 2016-02-14] (Tencent)
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMGCShellExt64.dll [2016-02-14] (Tencent)
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=97951667_hao_pg
    HKU\S-1-5-21-857143840-4127465203-4104556841-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=97951667_hao_pg
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TSWebMon64.dat [2016-02-14] (Tencent)
    FF DefaultSearchEngine: yessearches
    FF SelectedSearchEngine: yessearches
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\npQMExtensionsMozilla.dll [2016-02-14] (Tencent Technology (Shenzhen) Company Limited)
    FF Extension: thirteen degrees 1.0.1 - C:\Users\Bleidd\AppData\Roaming\Mozilla\Firefox\Profiles\216nq6z9.default\Extensions\{8ef122e7-f308-4a3c-af92-3d722ab30c6d}.xpi [2016-02-13] [Brak podpisu cyfrowego]
    CHR StartupUrls: Default -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=wak&uid=743B5AB33F638DC2D2AFAD3C4CF93A8C&v=20160202&ts=AHEpBHEoA3ElA0.."
    DisableService: QQPCRTP
    DisableService: TAOFrame
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQPCRtp.exe [301728 2016-02-14] (Tencent)
    S3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TAOFrame.exe [293856 2016-02-14] (Tencent)
    S2 wucotusy; Brak ImagePath
    S2 zutuzuni; Brak ImagePath
    DisableService: QMUdisk
    DisableService: QQSysMonX64
    DisableService: TAOAccelerator
    DisableService: TAOKernelDriver
    DisableService: TFsFlt
    DisableService: TS888x64
    DisableService: TSDefenseBt
    DisableService: TSSKX64
    DisableService: TSSysKit
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QMUdisk64.sys [62264 2016-02-14] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\QQSysMonX64.sys [138040 2016-02-14] (电脑管家)
    R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [74040 2016-02-14] (Tencent)
    R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [274232 2016-02-14] (Tencent Technology(Shenzhen) Company Limited)
    R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-02-14] (电脑管家)
    R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TS888x64.sys [28984 2016-02-14] (Tencent)
    R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TsDefenseBT64.sys [28472 2016-02-14] (Tencent)
    S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [45368 2015-12-28] (电脑管家)
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.11.16588.235\TSSysKit64.sys [87352 2016-02-14] (电脑管家)
    2016-02-14 10:37 - 2016-02-14 11:39 - 00000000 ____D C:\Users\Bleidd\AppData\Roaming\Elex-tech
    2016-02-14 10:14 - 2016-02-14 14:17 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
    RemoveDirectory: C:\ProgramData\TXQMPC
    2016-02-14 10:07 - 2016-01-14 10:47 - 00128280 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys
    RemoveDirectory: C:\Program Files\Common Files\Tencent
    2016-02-14 10:06 - 2016-02-14 10:04 - 00074040 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
    2016-02-14 10:05 - 2016-02-14 10:04 - 00274232 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
    2016-02-14 10:05 - 2015-12-28 16:34 - 00045368 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
    2016-02-14 10:04 - 2016-02-14 10:04 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2016-02-14 10:04 - 2016-02-14 10:04 - 00000000 ____D C:\Users\Bleidd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2016-02-14 10:03 - 2016-02-14 14:16 - 00000000 ____D C:\Program Files (x86)\0049AADA-1455440586-E111-B2DE-8EED98972A7A
    RemoveDirectory: C:\ProgramData\Tencent
    RemoveDirectory: C:\Users\Bleidd\AppData\Roaming\Tencent
    RemoveDirectory: C:\Program Files (x86)\Tencent
    2016-02-14 10:03 - 2016-02-14 10:01 - 00000967 _____ C:\Windows\system32\Drivers\etc\hp.bak
    RemoveDirectory: C:\Program Files (x86)\qq
    2016-02-14 10:00 - 2016-02-14 10:00 - 00000000 ____D C:\Users\Public\Documents\dmp
    2016-02-14 10:00 - 2016-02-14 10:00 - 00000000 ____D C:\Program Files (x86)\Winsere
    EmptyTemp:
    Reboot:

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    Wygląda na to, że niechciany program znikł :)

    0
  • #7 14 Lut 2016 16:56
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11788392 2015-11-25] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2207848 2015-11-25] (Realtek Semiconductor)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
    2016-02-14 14:35 - 2016-02-14 14:35 - 00003042 _____ C:\Windows\System32\Tasks\{2FF34990-8A50-4971-88F1-9BB9989A859A}
    2016-02-14 10:04 - 2016-02-14 10:04 - 00000000 ____D C:\Users\Bleidd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Skasuj folder C:\FRST.

    1
  • #8 15 Lut 2016 18:58
    Bleidd3k
    Poziom 4  

    Problem rozwiązany :) Dziękuję wszystkim za pomoc :)[/align]

    0