Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Chiński Wirus? Shenzhen. Logi z FRST.

Ryjecki 05 Kwi 2016 17:17 1056 15
  • #2 05 Kwi 2016 17:33
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    CloseProcess:
    AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    Task: {691563FF-98D5-4BF8-A5F6-087C9549F491} - System32\Tasks\WinTaske => C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe [2016-03-29] ()
    2016-04-05 14:48 - 2016-04-05 14:48 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\zlib.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\libexpatw.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\tinyxml.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00481632 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\sqlite.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00039776 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00063840 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
    2016-04-05 14:48 - 2016-02-27 22:55 - 00036128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\oDayProtect.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00121184 _____ () c:\program files (x86)\tencent\qqpcmgr\11.1.16908.217\qmrtpcontroller.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00092184 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\xGraphic32.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00342040 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\arkGraphic.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00045920 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\jgImage.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\libpng.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\libjpegturbo.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\jgIOStub.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00194912 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\xImage.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00170336 _____ () c:\program files (x86)\tencent\qqpcmgr\11.1.16908.217\qmhipslogpolicy.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00076128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\MemDefrag.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00379232 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\DlForQd.dll
    FirewallRules: [{917C8AD5-25C7-4E16-82D1-AAEE00DE3A85}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCmgrInstallGuide.exe




    FirewallRules: [{789ADE32-86D7-43A6-B003-EEE5EA227FD0}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
    FirewallRules: [{9E352260-7BE1-4784-9B4C-E95E463C10CC}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
    FirewallRules: [{3D354455-4815-48CF-8818-44229F2C8512}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCTray.exe
    FirewallRules: [{0215FF19-2463-4C97-A58C-6D96F46DE1E7}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCMgr.exe
    FirewallRules: [{416478D1-1009-4FB0-B54E-9EACE35A0B28}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCRTP.exe
    FirewallRules: [{FF9ED2AF-1AC0-4113-BC96-E02D40A2E4B6}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMDL.exe
    FirewallRules: [{778EF8AF-E5E2-454D-941A-C6B14C4C438F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\bugreport.exe
    FirewallRules: [{43412941-58A3-4496-AF91-3FE45D1B9034}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCFileOpen.exe
    FirewallRules: [{9D4C01E7-4A72-4A7F-B616-B3B12896613A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCLeakScan.exe
    FirewallRules: [{4C1A566E-4E9A-4E5C-84B1-5F935A4FAB0F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPConfig.exe
    FirewallRules: [{06D8CC96-9323-4670-881B-CDBCF8F870F0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCSoftMgr.exe
    FirewallRules: [{200F31F3-59D9-4B44-8EE4-44DBE11E1389}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\plugins\QMNetMon\QQPCNetFlow.exe
    FirewallRules: [{E76EE986-4653-4CCE-971B-2B882AC8A1BA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCBTU.exe
    FirewallRules: [{3FA9CFCC-53A8-42F8-9FBF-2FE76AFA114B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCClinic.exe
    FirewallRules: [{A8F51CE8-94D1-425C-9059-1D19F9641328}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCLaunch.exe
    FirewallRules: [{6F2CEA3C-859F-4496-A0EB-AC245FD9282C}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMUpdate\QQPCMgrUpdate.exe
    FirewallRules: [{63D6F9B3-E490-4D01-9959-358A07C99676}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCSoftGame.exe
    FirewallRules: [{DE7CA331-427B-4CD9-B1C3-D1D760B1925F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCSysOptimize.exe
    FirewallRules: [{47B38F07-2B45-4241-8F0F-BBF6706D52F8}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCUpdateAVLib.exe
    FirewallRules: [{D2485F53-60FB-483C-A20E-CEC268A723B0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQRepair.exe
    FirewallRules: [{3BBFC41F-B847-420F-8C1C-FA7A6BCA1CB8}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\Uninst.exe
    FirewallRules: [{3D5B35F4-A880-4082-94FF-480EE880841D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCPatch.exe
    FirewallRules: [{A4DBEA75-C628-4346-9D72-64760742A3F9}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TpkUpdate.exe
    FirewallRules: [{93E986B7-E26A-40DE-AE5F-23F92BD89597}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMRouterMgr.exe
    FirewallRules: [{A610E9B1-E362-4107-9F77-2C282E53025B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMAccountProtection.exe
    FirewallRules: [{8A23252D-6917-4DAA-854E-566525D37F3F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMAdBlock.exe
    2016-04-05 14:54 - 2016-04-05 14:54 - 00187960 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\AndroidServer\1.0.0.507\NetworkMgr.dll
    2016-04-05 14:54 - 2016-04-05 14:54 - 00158264 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\AndroidServer\1.0.0.507\DownloadMgr.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00248160 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMWlanMacDll.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\plugins\QMNetMon\zlib.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\plugins\QMNetMon\libexpatw.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\plugins\QMNetMon\tinyxml.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00092184 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\plugins\QMNetMon\xGraphic32.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00342040 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\plugins\QMNetMon\arkGraphic.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00045920 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\plugins\QMNetMon\jgImage.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\plugins\QMNetMon\libpng.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\plugins\QMNetMon\libjpegturbo.dll
    2016-04-05 14:48 - 2016-04-05 14:48 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\plugins\QMNetMon\jgIOStub.dll
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TAOFrame.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCRTP.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCTray.exe
    (Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\plugins\QMNetMon\QQPCNetFlow.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCRealTimeSpeedup.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMUsbGuard.exe
    (Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCTray.exe
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCTray.exe [355296 2016-04-05] (Tencent)
    HKLM-x32\...\RunOnce: [GrpConv] => grpconv -o
    HKU\S-1-5-21-4156711296-2446704634-1242412385-1000\...\MountPoints2: {6482256d-e3d8-11e5-947d-00262d159673} - I:\Setup.exe
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMGCShellExt64.dll [2016-04-05] (Tencent)
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://top81.com.cn
    HKU\S-1-5-21-4156711296-2446704634-1242412385-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://top81.com.cn
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TSWebMon64.dat [2016-04-05] (Tencent)
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
    Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\npQMExtensionsMozilla.dll [2016-04-05] (Tencent Technology (Shenzhen) Company Limited)
    CHR HomePage: Default -> hxxp://websearch.pu-results.info/?pid=34&r=2013/02/25&hid=2736387188&lg=EN&cc=PL
    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-04-05] (DotC United Inc)
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCRTP.exe [301728 2016-04-05] (Tencent)
    R3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TAOFrame.exe [297952 2016-04-05] (Tencent)
    S2 Winsere; C:\Program Files (x86)\Winsere\Winsere\Winsere.exe [316472 2016-03-29] ()
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-04-05] (DotC United Inc)
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMUdisk64.sys [184536 2016-03-02] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQSysMonX64.sys [138040 2016-04-05] (电脑管家)
    R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\softaal64.sys [35128 2016-04-05] (Tencent)
    R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [88632 2016-04-05] (Tencent)
    R2 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [274232 2016-04-05] (Tencent Technology(Shenzhen) Company Limited)
    R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-04-05] (电脑管家)
    R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TSDefenseBT64.sys [28984 2016-04-05] (Tencent)
    R3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2016-04-05] (电脑管家)
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TSSysKit64.sys [87352 2016-04-05] (电脑管家)
    2016-04-05 14:50 - 2016-01-14 09:47 - 00128280 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys
    2016-04-05 14:49 - 2016-04-05 14:49 - 00005120 _____ C:\Users\Robert\AppData\Roaming\GiftBag.db
    2016-04-05 14:49 - 2016-04-05 14:49 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2016-04-05 14:49 - 2016-04-05 14:48 - 00274232 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
    2016-04-05 14:49 - 2016-04-05 14:48 - 00088632 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
    2016-04-05 14:48 - 2016-04-05 14:48 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2016-04-05 14:48 - 2016-04-05 14:48 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
    2016-04-05 14:48 - 2016-04-05 14:48 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-04-05 14:48 - 2016-04-05 14:48 - 00000000 ____D C:\Program Files (x86)\Tencent
    2016-04-05 14:47 - 2016-04-05 14:54 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Tencent
    2016-04-05 14:47 - 2016-04-05 14:51 - 00000000 ____D C:\ProgramData\Tencent
    2016-04-05 14:46 - 2016-04-05 14:50 - 00000000 ____D C:\Users\Robert\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
    2016-04-05 14:46 - 2016-04-05 14:46 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    2016-04-05 14:46 - 2016-04-05 14:46 - 00015168 _____ C:\Windows\System32\Tasks\WinTaske
    2016-04-05 14:46 - 2016-04-05 14:46 - 00000000 ____D C:\Users\Robert\AppData\Roaming\vnlgp
    2016-04-05 14:46 - 2016-04-05 14:46 - 00000000 ____D C:\Program Files (x86)\Winsere
    2016-04-05 14:46 - 2016-04-05 14:46 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-04-05 14:46 - 2016-04-05 14:46 - 00000000 ____D C:\extensions
    2016-04-05 14:45 - 2016-04-05 14:50 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd
    2016-04-05 14:45 - 2016-04-05 14:45 - 00000000 ____D C:\Program Files (x86)\WinTaske
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 05 Kwi 2016 17:47
    Ryjecki
    Poziom 4  

    Niestety nie pomogło :< Otworzyłem notatnik, wkleiłem i zapisałem pod tą nazwą. Plik FRWS64.exe mam w folderze "POBRANE" razem z innymi rzeczami z internetu, tam też wkleiłem ten teks. Po uruchomieniu FRSW - Fix zaczął pracować po czym zresetował się komputer ale niestety ten chiński badziew jest nadal.

    To jest chyba wynik Fixa

    0
  • #4 05 Kwi 2016 17:49
    Acorus 20
    Spec od komputerów

    Pokaż nowe logi z FRST.

    0
  • #6 05 Kwi 2016 18:01
    krzychupar
    Poziom 40  

    Jeszcze Addition.txt.

    0
  • #8 05 Kwi 2016 18:09
    krzychupar
    Poziom 40  

    Masz wstawić logi po wykonaniu skryptu. Musisz jeszcze raz przeskanować komputer i zaznaczyć Addition.

    0
  • #10 05 Kwi 2016 18:58
    Acorus 20
    Spec od komputerów

    Wykonaj w trybie awaryjnym. Odinstaluj MPC-HC 1.7.10. Otwórz notatnik systemowy i wklej:

    Cytat:
    CloseProcesses:
    Task: {691563FF-98D5-4BF8-A5F6-087C9549F491} - \WinTaske -> No File <==== ATTENTION
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCTray.exe [355296 2016-04-05] (Tencent)
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://top81.com.cn
    HKU\S-1-5-21-4156711296-2446704634-1242412385-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://top81.com.cn
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TSWebMon64.dat [2016-04-05] (Tencent)
    CHR HomePage: Default -> hxxp://websearch.pu-results.info/?pid=34&.../02/25&hid=2736387188&lg=EN&cc=PL
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCRTP.exe [301728 2016-04-05] (Tencent)
    U2 QQRepair15d3; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair15d3 [136512 2016-04-05] ()
    S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepairFixSVC [136512 2016-04-05] ()
    S2 ggbugreport; "C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe" {154DFF63-3402-4815-941A-AAD63AE8B428} [X]
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMUdisk64.sys [184536 2016-03-02] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQSysMonX64.sys [138040 2016-04-05] (电脑管家)
    R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\softaal64.sys [35128 2016-04-05] (Tencent)
    R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [168568 2016-04-05] ()
    R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [101472 2016-03-15] (Tencent)
    R2 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [274232 2016-04-05] (Tencent Technology(Shenzhen) Company Limited)
    R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-04-05] (电脑管家)
    R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TS888x64.sys [38520 2016-04-05] (Tencent)
    R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TSDefenseBT64.sys [28984 2016-04-05] (Tencent)
    R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TsNetHlpX64.sys [48440 2015-12-02] ()
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TSSysKit64.sys [87352 2016-04-05] (电脑管家)
    S3 TSSKX64; System32\drivers\tsskx64.sys [X]
    2016-04-05 15:44 - 2016-04-05 15:44 - 00005120 _____ C:\Users\Robert\AppData\Roaming\GiftBag.db
    2016-04-05 15:44 - 2016-01-14 09:47 - 00128280 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys
    2016-04-05 15:43 - 2016-04-05 16:11 - 00038520 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
    2016-04-05 15:43 - 2016-04-05 16:11 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Tencent
    2016-04-05 15:43 - 2016-04-05 14:48 - 00274232 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
    2016-04-05 15:43 - 2016-03-15 15:28 - 00101472 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
    2016-04-05 15:42 - 2016-04-05 16:11 - 00000000 ____D C:\ProgramData\Tencent
    2016-04-05 15:42 - 2016-04-05 15:42 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2016-04-05 15:41 - 2016-04-05 16:11 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-04-05 15:44 - 2016-04-05 15:44 - 0005120 _____ () C:\Users\Robert\AppData\Roaming\GiftBag.db
    C:\Users\Robert\AppData\Local\Temp\PCMgr_Setup_11_4_17347_218.exe


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pokaż nowy raport z FRST bez Addition i Shortcut.

    0
  • #12 05 Kwi 2016 19:35
    krzychupar
    Poziom 40  

    Zauważyłem jedną rzecz. Czas to ty masz w systemie dobrze ustawiony, bo zawsze jesteś o dwie godziny do tyłu.

    0
  • #13 05 Kwi 2016 19:46
    Ryjecki
    Poziom 4  

    Tak to fakt :p ale niestety wciąż mam ten uciążliwy program. Mógłbym sobie zrobić format bo mam na PC tylko jedna grę a dokumenty trzymam na pendrivach.

    0
  • #14 05 Kwi 2016 19:47
    Acorus 20
    Spec od komputerów

    Z poziomu systemu nie usuniesz tej infekcji.
    Uruchom WinRe http://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartuj%C4%85cych-windows/ i tam wykonaj taki skrypt:

    Cytat:
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCTray.exe [355296 2016-04-05] (Tencent)
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TSWebMon64.dat [2016-04-05] (Tencent)
    CHR HomePage: Default -> hxxp://websearch.pu-results.info/?pid=34&r=2013/02/25&hid=2736387188&lg=EN&cc=PL
    CHR Extension: (电脑管家上网防护) - C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm [2016-04-05]
    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-04-05] (DotC United Inc)
    R2 QQPCRtp; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQPCRTP.exe [301728 2016-04-05] (Tencent)
    U2 QQRepair1aab; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair1aab [136512 2016-04-05] ()
    S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepairFixSVC [136512 2016-04-05] ()
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-04-05] (DotC United Inc)
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QMUdisk64.sys [184536 2016-03-02] (Tencent)
    R2 qqsysmonx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\QQSysMonX64.sys [138040 2016-04-05] (电脑管家)
    R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [168568 2016-04-05] ()
    R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [101472 2016-03-15] (Tencent)
    R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [274232 2016-04-05] (Tencent Technology(Shenzhen) Company Limited)
    R1 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2016-04-05] (电脑管家)
    R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TS888x64.sys [38520 2016-04-05] (Tencent)
    R1 TsDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TSDefenseBT64.sys [28984 2016-04-05] (Tencent)
    R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TsNetHlpX64.sys [48440 2015-12-02] ()
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.1.16908.217\TSSysKit64.sys [87352 2016-04-05] (电脑管家)
    2016-04-05 17:20 - 2016-04-05 17:20 - 00005120 _____ C:\Users\Robert\AppData\Roaming\GiftBag.db
    2016-04-05 17:19 - 2016-04-05 17:19 - 00038520 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
    2016-04-05 17:19 - 2016-04-05 17:19 - 00000000 ____D C:\Users\Robert\AppData\Roaming\Tencent
    2016-04-05 17:19 - 2016-04-05 17:19 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-04-05 17:19 - 2016-04-05 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-04-05 17:19 - 2016-04-05 17:19 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2016-04-05 17:19 - 2016-04-05 14:48 - 00274232 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
    2016-04-05 17:19 - 2016-03-15 15:28 - 00101472 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
    2016-04-05 17:19 - 2016-01-14 09:47 - 00128280 _____ (电脑管家) C:\Windows\SysWOW64\Drivers\TsFltMgr.sys
    2016-04-05 15:43 - 2016-04-05 17:19 - 00001729 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
    2016-04-05 15:42 - 2016-04-05 17:06 - 00000000 ____D C:\ProgramData\Tencent
    2016-04-05 14:48 - 2016-04-05 14:48 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
    2016-04-05 14:48 - 2016-04-05 14:48 - 00000000 ____D C:\Program Files (x86)\Tencent
    2016-04-05 14:46 - 2016-04-05 15:43 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-04-05 14:46 - 2016-04-05 14:46 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
    2016-03-31 14:12 - 2016-03-31 14:13 - 13395440 _____ (MPC-HC Team ) C:\Users\Robert\Downloads\MPC-HC.1.7.10.x64.exe

    0
  • #15 05 Kwi 2016 22:57
    Ryjecki
    Poziom 4  

    Ale jak wykonać ten skrypt? już po recovery ?

    Dajmy na to wchodząc z poziomu płyty ?

    0