Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Niechciane chińskie programy

kowaliki1234 26 Mar 2016 02:05 843 8
  • Pomocny post
    #2 26 Mar 2016 07:01
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    CloseProcesses:
    AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    Task: {036501E9-AE77-4266-B619-3A9066069CC5} - System32\Tasks\{973A21CD-9FDC-4CB6-9938-C1022CDE0CA0} => pcalua.exe -a C:\Users\Adam\Downloads\_Minecraft-Forge-Installer-Win-1.7.2.exe -d C:\Users\Adam\Downloads
    Task: {59A111B8-7A94-4A63-B072-2FD854DF167A} - System32\Tasks\{1B92CBEF-40EF-470F-BEC6-FD30CEBE37D9} => pcalua.exe -a C:\Users\Adam\Downloads\forge-1.7.2-10.12.0.1024-installer-win.exe -d C:\Users\Adam\Downloads
    Task: {8B45C39E-7192-459B-A81E-AC112D475CF0} - System32\Tasks\{0B6D06CD-736D-4E59-9278-0A4DF6CDABB3} => pcalua.exe -a "C:\Users\Adam\Downloads\Setup (2).exe" -d C:\Users\Adam\Downloads
    Task: {A0F2AFBB-CA4F-4B31-8663-DB95EBFB8F68} - System32\Tasks\SatelliteMaps => c:\programdata\{c32e6cbc-fa78-c918-c32e-e6cbcfa7b2f3}\shaders mod for minecraft 1.8.zip.exe <==== UWAGA
    Task: C:\Windows\Tasks\SatelliteMaps.job => c:\programdata\{c32e6cbc-fa78-c918-c32e-e6cbcfa7b2f3}\shaders mod for minecraft 1.8.zip.exe <==== UWAGA
    2016-03-25 23:43 - 2016-03-25 23:43 - 00481632 ____N () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\sqlite.dll
    2016-03-25 23:43 - 2016-03-25 23:43 - 00088416 ____N () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\zlib.dll
    2016-03-25 23:43 - 2016-03-25 23:43 - 00100704 ____N () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\tinyxml.dll
    Hosts:
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCRTP.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCTray.exe
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCTray.exe [355296 2016-03-25] (Tencent)
    HKU\S-1-5-21-1569424069-1985595435-2252819016-1000\...\RunOnce: [ALLPlayer Remote Update] => C:\Users\Adam\AppData\Local\Temp\ALLRemote.exe [2152872 2016-03-26] (ALLPlayer ) <===== UWAGA
    HKU\S-1-5-21-1569424069-1985595435-2252819016-1000\...\MountPoints2: {05a0d163-3e82-11e5-8e72-d8cb8a379fd8} - F:\setup.exe
    HKU\S-1-5-21-1569424069-1985595435-2252819016-1000\...\MountPoints2: {1665e90c-f96e-11e4-916e-d8cb8a379fd8} - F:\Autorun.exe
    HKU\S-1-5-21-1569424069-1985595435-2252819016-1000\...\MountPoints2: {28820f7a-f8ca-11e4-8eb2-806e6f6e6963} - E:\autorun.exe
    HKU\S-1-5-21-1569424069-1985595435-2252819016-1000\...\MountPoints2: {2d04d2ca-3ea6-11e5-b649-d8cb8a379fd8} - G:\Autorun.exe
    HKU\S-1-5-21-1569424069-1985595435-2252819016-1000\...\MountPoints2: {2d04d2ce-3ea6-11e5-b649-d8cb8a379fd8} - H:\Autorun.exe
    HKU\S-1-5-21-1569424069-1985595435-2252819016-1000\...\MountPoints2: {bb88d572-a0c0-11e5-99ba-d8cb8a379fd8} - F:\DPFMate.exe




    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMGCShellExt64.dll [2016-03-25] (Tencent)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://xinjunshi.com
    HKU\S-1-5-21-1569424069-1985595435-2252819016-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://xinjunshi.com
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKU\S-1-5-21-1569424069-1985595435-2252819016-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TSWebMon64.dat [2016-03-25] (Tencent)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll [2012-01-25] (Microsoft Corporation.)
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\npQMExtensionsMozilla.dll [2016-03-25] (Tencent Technology (Shenzhen) Company Limited)
    CHR HKU\S-1-5-21-1569424069-1985595435-2252819016-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - C:\Program Files (x86)\ALLPlayer\AllPlayer.crx <nie znaleziono>
    CHR HKLM-x32\...\Chrome\Extension: [efhdjkbfpoohkmfaldijcpbnmbpefpkb] - C:\Program Files (x86)\ALLPlayer\AllPlayer.crx <nie znaleziono>
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCRtp.exe [301728 2016-03-25] (Tencent)
    S3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TAOFrame.exe [297952 2016-03-25] (Tencent)
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMUdisk64.sys [184536 2016-03-02] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQSysMonX64.sys [138040 2016-03-25] (电脑管家)
    R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\softaal64.sys [35128 2016-03-25] (Tencent)
    R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [88632 2016-03-25] (Tencent)
    R2 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [274232 2016-03-25] (Tencent Technology(Shenzhen) Company Limited)
    R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-03-25] (电脑管家)
    R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TsDefenseBT64.sys [28984 2016-03-25] (Tencent)
    S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2016-03-25] (电脑管家)
    R4 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TSSysKit64.sys [87352 2016-03-25] (电脑管家)
    S3 ALSysIO; \??\C:\Users\Adam\AppData\Local\Temp\ALSysIO64.sys [X]
    S3 MSICDSetup; \??\E:\CDriver64.sys [X]
    S3 NTIOLib_1_0_C; \??\C:\MSI\MSI SUITE\NTIOLib_X64.sys [X]
    S3 NTIOLib_1_1_S; \??\C:\MSI\MSI SUITE\Super-Charger\NTIOLib_X64.sys [X]
    S3 NTIOLib_SuiteComCen; \??\C:\MSI\MSI SUITE\ControlCenter\NTIOLib_X64.sys [X]
    S3 NTIOLib_SuiteFB; \??\C:\MSI\MSI SUITE\FastBoot\NTIOLib_X64.sys [X]
    S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
    2016-03-25 23:47 - 2016-01-14 10:47 - 00128280 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys
    2016-03-25 23:45 - 2016-03-25 23:45 - 00005120 _____ C:\Users\Adam\AppData\Roaming\GiftBag.db
    2016-03-25 23:44 - 2016-03-25 23:44 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-03-25 23:44 - 2016-03-25 23:44 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2016-03-25 23:44 - 2016-03-25 23:43 - 00274232 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
    2016-03-25 23:44 - 2016-03-25 23:43 - 00088632 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
    2016-03-25 23:44 - 2016-03-25 23:43 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
    2016-03-25 23:43 - 2016-03-25 23:55 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Tencent
    2016-03-25 23:43 - 2016-03-25 23:50 - 00000000 ____D C:\ProgramData\Tencent
    2016-03-25 23:43 - 2016-03-25 23:43 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2016-03-25 23:43 - 2016-03-25 23:43 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2016-03-25 23:43 - 2016-03-25 23:43 - 00000000 ____D C:\Users\Adam\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
    2016-03-25 23:43 - 2016-03-25 23:43 - 00000000 ____D C:\Program Files (x86)\Tencent
    2016-03-25 23:48 - 2015-05-17 23:10 - 00000000 ____D C:\AdwCleaner
    C:\Users\Adam\AppData\Local\Temp\ALLRemote.exe
    C:\Users\Adam\Rundll32.exe
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Users\Adam\Downloads\
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 26 Mar 2016 11:54
    Kolobos
    Spec od komputerów

    Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #5 26 Mar 2016 13:34
    Kolobos
    Spec od komputerów

    Czy mozesz przestac sciagac losowo wybrane szkodliwe programy?!

    YAC to szkodliwy program, to samo Advanced System Protector, SpyHunter to program o watpliwej reptutacji, do tego platny i niczego nie usunie w wersji darmowej.

    Nowy Fixlist.txt dla FRST:
    CloseProcesses:
    HKU\S-1-5-21-1569424069-1985595435-2252819016-1000\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
    HKU\S-1-5-21-1569424069-1985595435-2252819016-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Xvid] => C:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
    S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2015-04-16] (Elex do Brasil Participações Ltda)
    S2 HPSLPSVC; C:\Users\Adam\AppData\Local\Temp\7zS728F\hpslpsvc64.dll [X]
    R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [260856 2015-05-14] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2015-08-20] (Elex do Brasil Participações Ltda)
    R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2015-11-27] (Elex do Brasil Participações Ltda)
    R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [67976 2015-09-10] (Elex do Brasil Participações Ltda)
    S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
    2016-03-26 01:54 - 2016-03-26 01:54 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Adam\Downloads\SpyHunter-Installer (1).exe
    2016-03-26 01:51 - 2016-03-26 01:51 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Adam\Downloads\SpyHunter-Installer.exe
    2016-03-26 01:51 - 2016-03-26 01:51 - 00000000 ____D C:\Program Files\Enigma Software Group
    2016-03-26 01:42 - 2016-03-26 01:42 - 00000539 _____ C:\Users\Adam\Downloads\Search.txt
    2016-03-26 00:59 - 2016-03-26 13:19 - 00003076 _____ C:\Windows\System32\Tasks\Advanced System~Protector_startup
    2016-03-26 00:59 - 2016-03-26 00:59 - 00003680 _____ C:\Windows\System32\Tasks\Advanced System~Protector
    2016-03-26 00:59 - 2016-03-26 00:59 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Systweak
    2016-03-26 00:58 - 2016-03-26 01:25 - 00000000 ____D C:\Program Files (x86)\ASP
    2016-03-26 00:58 - 2016-03-26 00:59 - 00001045 _____ C:\Users\Public\Desktop\Advanced System~Protector.lnk
    2016-03-26 00:58 - 2016-03-26 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System~Protector
    2016-03-26 00:58 - 2016-03-26 00:58 - 05822720 _____ (Advanced System Protector ) C:\Users\Adam\Downloads\aspsetup.exe
    2016-03-26 00:58 - 2016-03-26 00:58 - 00000000 ____D C:\Users\Adam\AppData\Local\Systweak
    2016-03-26 00:58 - 2016-03-26 00:58 - 00000000 ____D C:\ProgramData\Systweak
    2016-03-26 00:58 - 2016-01-20 19:23 - 00023016 _____ C:\Windows\system32\sasnative64.exe
    2016-03-26 00:45 - 2016-03-26 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
    2016-03-26 00:45 - 2016-03-26 00:45 - 00000000 ____D C:\Windows\system32\log
    2016-03-26 00:45 - 2016-03-26 00:45 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Elex-tech
    2016-03-26 00:45 - 2016-03-26 00:45 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2016-03-26 00:45 - 2015-09-10 02:55 - 00067976 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
    2016-03-26 00:44 - 2016-03-26 00:45 - 27989848 _____ (Elex do Brasil Participações Ltda) C:\Users\Adam\Downloads\yet_another_cleaner_sk_109931.exe
    2016-03-25 23:43 - 2016-03-25 23:43 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2016-03-25 23:42 - 2016-03-25 23:42 - 00000000 ____D C:\extensions
    2016-03-25 23:41 - 2016-03-25 23:42 - 00000000 ____D C:\Users\Public\Documents\dmp
    EmptyTemp:


    Zrob tez pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    Po wykonaniu zamiesc nowe logi z FRST, razem z nowym addition.txt!

    0
  • #7 26 Mar 2016 14:22
    krzychupar
    Poziom 40  

    Odinstaluj YAC(Yet Another Cleaner!)

    0
  • Pomocny post
    #8 26 Mar 2016 14:31
    Kolobos
    Spec od komputerów

    Wykonaj jeszcze taki Fixlist.txt dla FRST:
    Task: {634A9AD5-4493-419E-B67E-3E289E222623} - \Advanced System~Protector -> Brak pliku <==== UWAGA

    Usun katalog C:\FRST i to wszystko.

    0
  • #9 26 Mar 2016 15:48
    kowaliki1234
    Poziom 8  

    Dziękuję za pomoc!
    Niechciane chińskie programy

    0