Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Niepożądane oprogramowanie - QQPCTray i MPCProtectService

ramirez2000l9 24 Kwi 2016 20:07 666 5
  • #1 24 Kwi 2016 20:07
    ramirez2000l9
    Poziom 2  

    Witam, jestem nowy na forum i przy okazji totalnie nie w temacie komputerów także przepraszam jeśli odpowiedni dla mnie fixlist jest gdzieś na forum. Przypadkiem zainstalowałem QQPCTray i MPCProtectService proszę o pomoc w usunięciu ich :)
    Poniżej wysyłam logi z FRST :

    0 5
  • Pomocny post
    #2 24 Kwi 2016 20:59
    Kolobos
    Spec od komputerów

    Odinstaluj:
    MyBestOffersToday 008.014010061
    RapidReader 1.10.0.21
    Setup
    SnapDo
    SpyHunter 4

    Wejdz do C:\Program Files (x86)\MPC Cleaner\ i uruchom z prawami administratora plik uninstall.

    Uruchom system w trybie awaryjnym i wykonaj taki Fixlist.txt dla FRST:
    CloseProcesses:
    AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    Task: {07186C61-F724-4E9E-9EA6-F0A63B8B7D09} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
    Task: {17DB773A-FA48-47D5-80D8-09E88AEC99B4} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
    Task: {1945526D-A5F9-4E5B-A776-D1038BE3D03E} - System32\Tasks\{3594BC4E-DD8D-49E1-925F-935F6E5C5B53} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101.607/pl/go/help.faq.installer?LastError=1603
    Task: {204416EB-D66D-4417-9D5C-73F850059D0A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
    Task: {26021047-C6DD-40F3-9E7A-0C73A1666D8F} - System32\Tasks\{C9C27416-03F7-4D5A-B52C-0B331C4698E5} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101.607/pl/go/help.faq.installer?LastError=1603
    Task: {26977A83-817B-4040-A128-E75BBCC9A10F} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - AGAMAR) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: {3708C1F4-26F0-4709-8719-46B5769E2F3D} - System32\Tasks\{388C3044-0129-4158-A1FA-E46D02E5198A} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101.607/pl/go/help.faq.installer?LastError=1603
    Task: {3F2B2F88-2DC6-4195-AFAA-A0FF540E29EF} - System32\Tasks\SlimCleaner Run => C:\Program Files (x86)\SlimCleaner\SlimCleaner.exe [2013-07-10] (SlimWare Utilities, Inc.)
    Task: {4507AC7F-9C94-48FB-BB92-0C28A971009A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
    Task: {4D2BAB62-D995-454B-9071-A5D7C08A0935} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\D3985DF85789BAB1D7A0FF1406C9367B\Update\BrowserUpdate.exe [2016-04-08] (Tencent)
    Task: {50DB7315-521E-4F26-AD17-07248BCCC3EE} - System32\Tasks\{7C9AFCE2-2961-430D-9100-41F472C92A1F} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101.607/pl/go/help.faq.installer?LastError=1603




    Task: {68C6DDDE-4007-4B7B-AD01-5F8622460151} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
    Task: {69F1F92B-B8C1-45AA-8F1A-A831EC6F130F} - System32\Tasks\SlimDrivers Startup => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe [2015-08-19] (SlimWare Utilities, Inc.)
    Task: {88601B4E-72A8-4981-80C5-4C7640EE763E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
    Task: {A8AA4B57-AC9A-4B47-9372-A54455CE1147} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
    Task: {AA56CFBD-AB44-4E12-B8EE-CF09A50EC720} - System32\Tasks\WinTaske => C:\Program Files (x86)\WinTaske\WinTaske\WinTaske.exe [2016-04-06] ()
    Task: {BBFD1E5D-EB28-476B-B485-FBE3EC8DF60D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
    Task: {C4FE4561-C956-4D3F-9AED-588373921599} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
    Task: {CB2563FE-E863-4BB3-9EEC-C7E8D671B7C3} - System32\Tasks\SweetLabs App Platform => C:\Users\AGAMAR\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2015-11-24] (Pokki)
    Task: {E5B9E8F2-A14E-4C0F-95E1-680EA60EEBFF} - System32\Tasks\{8662A173-F3A3-4F76-80B9-7746BD7082DC} => Chrome.exe hxxp://ui.skype.com/ui/0/7.13.0.101.607/pl/abandoninstall?page=tsProgressBar
    Task: {E71F57BC-81E2-4900-ACB6-3CB3A4C74C2C} - System32\Tasks\Driver Robot => C:\Program Files (x86)\Driver Robot\Driver Robot.lnk
    Task: {E9ED92B3-6410-4060-A7DF-ECFD0FAD9BC2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
    Task: {EFF07C52-035F-4BC2-A2CC-7871DAD90883} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
    Task: C:\WINDOWS\Tasks\Driver Robot.job => C:\Program Files (x86)\Driver Robot\Driver Robot.lnk
    Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - AGAMAR).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: C:\WINDOWS\Tasks\SlimDrivers Startup.job => C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
    ShortcutWithArgument: C:\Users\AGAMAR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?uid=eb02f2d8-bd12-46e9-a6aa-c258048fe8a1
    ShortcutWithArgument: C:\Users\AGAMAR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?uid=eb02f2d8-bd12-46e9-a6aa-c258048fe8a1
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?uid=eb02f2d8-bd12-46e9-a6aa-c258048fe8a1
    ShortcutWithArgument: C:\Users\Public\Desktop\Booking.com.lnk -> C:\Program Files\Booking.COM\StartURL.exe () -> hxxp://www.booking.com/index.html?aid=379334
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.piesearch.com/?uid=eb02f2d8-bd12-46e9-a6aa-c258048fe8a1
    2016-04-06 18:34 - 2016-04-06 18:34 - 00110064 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMAntiInject.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\zlib.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00482800 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\sqlite.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\tinyxml.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00040944 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
    2016-04-06 18:42 - 2016-03-28 21:11 - 00070848 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
    2016-04-06 18:34 - 2016-02-28 00:55 - 00036128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\oDayProtect.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00122352 _____ () c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\qmrtpcontroller.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00110064 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TavPedc.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00163312 _____ () c:\program files (x86)\tencent\qqpcmgr\11.4.17339.217\qmhipslogpolicy.dll
    2016-04-06 18:33 - 2016-04-06 18:33 - 00342368 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\arkGraphic.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00194912 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\xImage.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 02156896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\GF.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00092512 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\xGraphic32.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\libpng.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\libjpegturbo.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\libexpatw.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00045408 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\jgImage.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\jgIOStub.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00077296 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\MemDefrag.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00261616 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMTrayPlugin\QMAutoTaskPlugin\SubPlugins\OperationFileCloudMgr.dll
    2016-04-06 18:33 - 2016-04-06 18:33 - 00379232 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\DlForQd.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00259056 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Win10ToastNotification.dll
    2016-04-06 18:34 - 2016-04-06 18:34 - 00245232 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMWlanMacDll.dll
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    Hosts:
    (DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe
    HKLM\...\Run: [SpaceSoundPro] => "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
    HKLM\...\Run: [IDSCCOM933] => "C:\Program Files\SpaceSoundPro\idsccom_933.exe"
    HKLM\...\Run: [WINCOMLJ8] => "C:\Program Files (x86)\sunnyday\wincom_LJ8.exe"
    HKLM-x32\...\Run: [pcmgr] => C:\Program Files (x86)\badu\Uninst.exe
    HKLM-x32\...\Run: [mpck_en_005030289] => [X]
    HKLM-x32\...\Run: [rec_pl_245] => [X]
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe [356464 2016-04-06] (Tencent)
    HKU\S-1-5-21-3853698517-3276713938-2004054653-1001\...\Run: [svchost0] => C:\Program Files (x86)\UCBrowser\Application\UUC0789.exe
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMGCShellExt64.dll [2016-04-06] (Tencent)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.l114la.com
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3853698517-3276713938-2004054653-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Q3DlaQivoOcCHLTKVP4X0rEdztjKaTz_Oxjw,,&q={searchTerms}
    HKU\S-1-5-21-3853698517-3276713938-2004054653-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61...Q3DlaQivoOcCHLTKVP4X0rEdztjKaTz_Oxjw,,&q={searchTerms}
    HKU\S-1-5-21-3853698517-3276713938-2004054653-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.l114la.com
    SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKU\S-1-5-21-3853698517-3276713938-2004054653-1001 -> {9292842A-381D-444E-A557-FBF5D98245F7} URL =
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSWebMon64.dat [2016-04-06] (Tencent)
    BHO-x32: Ó¦Óñ¦Ň»Ľü°˛×°˛ĺĽţ -> {50F4150A-48B2-417A-BE4C-C83F580FB904} -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.piesearch.com/?uid=eb02f2d8-bd12-46e9-a6aa-c258048fe8a1
    FF Plugin-x32: @qq.com/npAndroidAssistant -> C:\Program Files (x86)\Common Files\Tencent\QQPhoneManager\2.0.201.3192\npQQPhoneManagerExt.dll [2014-05-30] (腾讯公司)
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\npQMExtensionsMozilla.dll [2016-04-06] (Tencent Technology (Shenzhen) Company Limited)
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nie znaleziono
    FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.0.124\coFFAddon => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => nie znaleziono
    FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NSBU_22.5.0.124\coFFAddon => nie znaleziono
    CHR HomePage: Default -> search.mpc.am
    CHR StartupUrls: Default -> "search.mpc.am"
    CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
    CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
    -01-08]
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.piesearch.com/?uid=eb02f2d8-bd12-46e9-a6aa-c258048fe8a1
    R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-04-06] (DotC United Inc)
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe [301656 2016-04-06] (Tencent)
    U2 QQRepairf09; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepairf09 [136512 2016-04-19] ()
    S2 QQRepairFixSVC; C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepairFixSVC [136512 2016-04-19] ()
    S2 Winsere; C:\Program Files (x86)\Winsere\Winsere\Winsere.exe [316400 2016-04-06] ()
    S2 ggbugreport; "C:\Program Files (x86)\SearchesToYesbnd\bugreport.exe" {154DFF63-3402-4815-941A-AAD63AE8B428} [X]
    S2 rijufoze; C:\Program Files (x86)\8454D0FA-1459956315-E411-BAC3-F8A963DEE2F4\hnsvF71F.tmp [X]
    S2 rocufyky; C:\Program Files (x86)\8454D0FA-1459956315-E411-BAC3-F8A963DEE2F4\jnslC417.tmp [X]
    S2 ryrozutizbt; C:\Program Files (x86)\8454D0FA-1459956315-E411-BAC3-F8A963DEE2F4\knsf5D29.tmpfs [X]
    S2 SlimService; "C:\Program Files\SlimService\SlimServiceFactory.exe" [X]
    R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-04-06] (DotC United Inc)
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUdisk64.sys [184536 2016-03-02] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQSysMonX64.sys [138488 2016-04-06] (电脑管家)
    R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\softaal64.sys [35064 2016-04-06] (Tencent)
    R3 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [101472 2016-03-15] (Tencent)
    R2 TAOKernelDriver; C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys [132344 2016-04-06] (Tencent Technology(Shenzhen) Company Limited)
    R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87800 2016-04-06] (电脑管家)
    R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TS888x64.sys [38520 2016-04-19] (Tencent)
    S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSDefenseBT64.sys [28984 2016-04-06] (Tencent)
    R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TsNetHlpX64.sys [48376 2016-04-06] ()
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSSysKit64.sys [87288 2016-04-06] (电脑管家)
    R1 UCGuard; C:\Windows\System32\DRIVERS\ucguard.sys [80768 2016-03-23] (Huorong Borui (Beijing) Technology Co., Ltd.)
    2016-04-19 14:11 - 2016-04-19 14:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
    2016-04-15 15:31 - 2016-04-16 15:05 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2016-04-15 15:30 - 2016-04-15 15:30 - 00000000 ____D C:\Users\AGAMAR\AppData\Roaming\eCyber
    2016-04-15 15:26 - 2016-04-15 15:26 - 00015120 _____ C:\WINDOWS\System32\Tasks\Browser Updater Task(Core)
    2016-04-15 15:26 - 2016-04-15 15:26 - 00000000 ____D C:\ProgramData\5winp5
    2016-04-15 15:26 - 2016-04-15 15:26 - 00000000 ____D C:\Program Files (x86)\QQBrowser
    2016-04-07 16:57 - 2016-04-07 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2016-04-06 20:17 - 2016-04-19 04:22 - 00000000 ____D C:\Program Files (x86)\SearchesToYesbnd
    2016-04-06 20:13 - 2016-04-19 14:11 - 00001802 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
    2016-04-06 18:53 - 2016-04-06 18:53 - 00000000 ____D C:\Users\AGAMAR\AppData\Roaming\MCorp
    2016-04-06 18:48 - 2016-04-19 14:11 - 00038520 _____ (Tencent) C:\WINDOWS\SysWOW64\Drivers\TS888x64.sys
    2016-04-06 18:38 - 2016-04-06 18:38 - 00005120 _____ C:\Users\AGAMAR\AppData\Roaming\GiftBag.db
    2016-04-06 18:37 - 2016-04-06 18:37 - 00000000 ____D C:\Program Files\Common Files\Tencent
    2016-04-06 18:37 - 2016-04-06 18:34 - 00132344 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
    2016-04-06 18:37 - 2016-03-15 17:28 - 00101472 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys
    2016-04-06 18:36 - 2016-04-19 04:24 - 00000000 ____D C:\ProgramData\TXQMPC
    2016-04-06 18:35 - 2016-04-07 16:56 - 00000000 ____D C:\Users\AGAMAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2016-04-06 18:35 - 2016-04-06 18:34 - 00087800 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
    2016-04-06 18:32 - 2016-04-06 18:32 - 00000000 ____D C:\Program Files (x86)\Tencent
    2016-04-06 18:31 - 2016-04-14 15:33 - 00000000 ____D C:\Users\AGAMAR\AppData\Roaming\Tencent
    2016-04-06 18:31 - 2016-04-06 18:39 - 00000000 ____D C:\ProgramData\Tencent
    2016-04-06 18:13 - 2016-04-06 18:13 - 00000000 ____D C:\Users\AGAMAR\AppData\Roaming\SlimCleaner
    2016-04-06 18:08 - 2016-04-06 19:16 - 00000000 ____D C:\Users\AGAMAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2016-04-06 18:07 - 2016-04-06 18:07 - 00000000 ____D C:\Users\AGAMAR\AppData\Local\UCBrowser
    2016-04-06 18:07 - 2016-03-23 06:51 - 00080768 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\ucguard.sys
    2016-04-06 18:06 - 2016-04-06 19:16 - 00000000 ____D C:\Users\AGAMAR\AppData\Local\app
    2016-04-06 18:03 - 2016-04-06 18:54 - 00000000 ____D C:\Program Files\Windows Screen Manager
    2016-04-06 18:03 - 2016-04-06 18:03 - 00000000 ____D C:\Users\AGAMAR\AppData\Local\tuto_monetize_120160406
    2016-04-06 18:03 - 2016-04-06 18:03 - 00000000 ____D C:\Users\AGAMAR\AppData\Local\csdi_monetize_220160406
    2016-04-06 18:02 - 2016-04-06 18:48 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
    2016-04-06 18:02 - 2016-04-06 18:36 - 00000000 ____D C:\Users\AGAMAR\AppData\Local\mpck_en_005030289
    2016-04-06 18:02 - 2016-04-06 18:02 - 00000000 ____D C:\Users\AGAMAR\AppData\Local\csdi_monetize_120160406
    2016-04-06 18:02 - 2016-04-06 18:01 - 00060136 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
    2016-04-06 18:00 - 2016-04-15 17:37 - 00000000 ____D C:\Program Files (x86)\badu
    2016-04-06 17:59 - 2016-04-06 19:07 - 00000000 ____D C:\Program Files\SpaceSoundPro
    2016-04-06 17:31 - 2016-04-06 17:31 - 00000000 ____D C:\Users\AGAMAR\AppData\Local\8454D0FA-1459963862-E411-BAC3-F8A963DEE2F4
    2016-04-06 17:30 - 2016-04-06 17:30 - 00008898 _____ C:\StartLayout.xml
    2016-04-06 17:20 - 2016-04-06 17:36 - 00000000 ____D C:\Users\AGAMAR\AppData\Local\3810282D-6C19-47B0-8283-5C6C29A7E108
    2016-04-06 17:20 - 2016-04-06 17:20 - 00015194 _____ C:\WINDOWS\System32\Tasks\WinTaske
    2016-04-06 17:20 - 2016-04-06 17:20 - 00000000 ____D C:\Program Files (x86)\WinTaske
    2016-04-06 17:20 - 2016-04-06 17:20 - 00000000 ____D C:\Program Files (x86)\Winsere
    2016-04-06 17:19 - 2016-04-06 17:20 - 00000000 ____D C:\Users\Public\Documents\dmp
    2016-04-24 18:41 - 2015-12-30 19:41 - 00000368 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - AGAMAR).job
    2016-04-17 04:05 - 2015-12-28 14:29 - 00000352 _____ C:\WINDOWS\Tasks\Driver Robot.job
    2016-04-06 17:41 - 2015-12-28 14:58 - 00000000 ____D C:\Program Files (x86)\SlimCleaner
    EmptyTemp:

    Po wykonaniu zamiesc nowe logi z FRST, wykonane w trybie normalnym.

    0
  • #4 24 Kwi 2016 21:55
    krzychupar
    Poziom 40  

    Źle wykonany skrypt nic się nie usunęło, musisz jeszcze raz wykonać to samo.

    0
  • Pomocny post
    #5 24 Kwi 2016 21:56
    Kolobos
    Spec od komputerów

    Wykonaj nowy Fixlist.txt dla FRST, juz w trybie normalnym:
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.l114la.com
    HKU\S-1-5-21-3853698517-3276713938-2004054653-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.l114la.com
    CHR DefaultSearchURL: Default -> hxxp://search.mpc.am?q={searchTerms}&cx=partner-pub-3796753109442372:3837783968
    CHR DefaultSearchKeyword: Default -> mpc safe search
    CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
    CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
    S2 QQRepair1454; "C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\QQRepair1454" [X]
    S1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\Plugins\SRepairDrv [X]
    2016-04-24 21:13 - 2016-04-24 21:32 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2016-04-07 16:57 - 2016-04-07 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2016-04-06 18:35 - 2016-04-07 16:56 - 00000000 ____D C:\Users\AGAMAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2016-04-06 18:08 - 2016-04-06 19:16 - 00000000 ____D C:\Users\AGAMAR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器
    2016-04-24 21:33 - 2014-08-05 12:08 - 00001937 _____ C:\Users\Public\Desktop\Booking.com.lnk
    EmpyTemp:

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    @krzychupar usunelo, tylko addition.txt jest stary.

    1
  • #6 26 Kwi 2016 14:21
    ramirez2000l9
    Poziom 2  

    Dzięki, wszystko usunięte :)

    0