Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Problem z usunięciem złośliwego programu qksee

filipek37 01 Maj 2016 14:13 870 2
  • #1 01 Maj 2016 14:13
    filipek37
    Poziom 2  

    Witam, tak jak w temacie - nie potrafię poradzić sobie z dezinstalacją programu qksee. Miałem też YAC, ale Revo Uninstaller sobie z nim poradził. Proszę o pomoc, wrzucam logi z FRST.

    1 2
  • #2 01 Maj 2016 15:55
    Kolobos
    Spec od komputerów

    Odinstaluj:
    McAfee Security Scan Plus
    qksee

    Fixlist.txt dla FRST:
    Task: {0EB82D99-1C20-4950-8288-1D4F45E584F6} - System32\Tasks\{7050758F-E392-4A0E-AA1E-DC4C94B7545A} => pcalua.exe -a "C:\Program Files\OrCAD_Demo\PSpice\PDesign.exe" -d "C:\Program Files\OrCAD_Demo\PSpice"
    Task: {12B74946-2484-4875-81D1-3F1F3FF416F4} - System32\Tasks\{E93118E9-6C76-4026-AB11-1427DB0457AE} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=plPL --uid=battle.net --displayname="Battle.net"
    Task: {2AFEB668-41B1-43C3-BC56-A7B6A242E5B3} - System32\Tasks\jIxmRfRBrowserUpdateUA => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== UWAGA
    Task: {373229EC-9A40-4ED3-8CFC-4C68CDA25226} - System32\Tasks\{A7D9D7C6-A498-4CA8-B1E2-29B74A53A4D9} => pcalua.exe -a "C:\Program Files\TrueKey\Mcafee.TrueKey.Uninstaller.Exe"
    Task: {6011227C-2184-4BEA-AF33-5FBE3DD691DB} - System32\Tasks\jIxmRfRBrowserUpdateCore => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== UWAGA
    Task: {916805DC-81B9-4891-A45A-5E620491907B} - \WinTaske -> Brak pliku <==== UWAGA
    Task: {A1B1DD4C-18C5-490D-8F7D-6DD5F86A8DB9} - System32\Tasks\{8250DB82-4446-4912-9AA9-CCDC31414ABB} => pcalua.exe -a "C:\Program Files (x86)\qksee\uninstall.exe"
    Task: {B87E8A40-CC4A-47DE-9062-914F73FF5A25} - System32\Tasks\jIxmRfRCheckTask => C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe <==== UWAGA
    Task: {CC30334C-8B41-4CC5-8797-6E5FC4C4B201} - System32\Tasks\Browser Updater Task(Core) => C:\Program Files (x86)\QQBrowser\Update\24075717158A0577AEF53D7D66096C30\Update\BrowserUpdate.exe [2016-04-08] (Tencent) <==== UWAGA
    Shortcut: C:\Users\filipek37\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\jIxmRfR\jIxmRfR\chrome.exe (The jIxmRfR Authors)
    2016-04-15 14:01 - 2016-02-15 04:21 - 00582144 _____ () C:\Program Files (x86)\qksee\curlpp.dll
    2016-04-15 14:01 - 2016-04-15 05:28 - 00063056 _____ () C:\Program Files (x86)\qksee\zlib1.dll
    2016-04-15 14:01 - 2016-04-20 04:29 - 00582144 _____ () C:\Program Files (x86)\WinZipper\curlpp.dll
    2016-04-15 14:01 - 2016-04-20 04:29 - 00066560 _____ () C:\Program Files (x86)\WinZipper\zlib1.dll
    (Qksee Pvt Ltd.) C:\Program Files (x86)\qksee\qkseeSvc.exe
    (Winzipper Pvt Ltd.) C:\Program Files (x86)\WinZipper\winzipersvc.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.11.266\SSScheduler.exe
    HKLM-x32\...\Run: [launcher] => C:\ProgramData\SquirrelMachineInstalls\launcher.exe [58791680 2016-01-31] (Counterplay Games Inc.)
    HKU\S-1-5-21-1095638633-362476747-2334324183-1001\...\Run: [{5DE67937-45D5-45E4-923C-0B7F7EC929A7}] => C:\Users\filipek37\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe [30993712 2016-03-02] (Riot Games)
    HKU\S-1-5-21-1095638633-362476747-2334324183-1001\...\MountPoints2: {d6bc7769-f2b6-11e5-827b-40b89a63dcb4} - "G:\setup.exe"




    HKU\S-1-5-21-1095638633-362476747-2334324183-1001\...\MountPoints2: {ffbb40ee-865b-11e5-8260-40b89a63dcb4} - "F:\Autorun.exe"
    HKU\S-1-5-21-1095638633-362476747-2334324183-1001\...\MountPoints2: {ffbb4291-865b-11e5-8260-40b89a63dcb4} - "G:\autorun.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-05-01]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.11.266\SSScheduler.exe (McAfee, Inc.)
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    BHO: Brak nazwy -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> Brak pliku
    FF NewTab: hxxp://www.nicesearches.com?type=hp&ts=14...;z=37a4994266786f667217389g8z3qagewfm7zfzcq2z
    FF DefaultSearchEngine: nice
    FF SelectedSearchEngine: nice
    FF Homepage: hxxp://www.nicesearches.com?type=hp&ts=14...;z=37a4994266786f667217389g8z3qagewfm7zfzcq2z
    FF SearchPlugin: C:\Users\filipek37\AppData\Roaming\Mozilla\Firefox\Profiles\ljtp0otg.default\searchplugins\nice-.xml [2016-05-01]
    FF SearchPlugin: C:\Users\filipek37\AppData\Roaming\Mozilla\Firefox\Profiles\ljtp0otg.default\searchplugins\so-v.xml [2016-01-03]
    CHR HomePage: Default -> hxxp://www.yessearches.com/?mode=nnnb&pti...096C30&v=20160323&ts=AHEpC3YmC3QpA0....
    CHR StartupUrls: Default -> "hxxp://www.yessearches.com/?mode=nnnb&ptid=dam&uid=24075717158A0577AEF53D7D66096C30&v=20160323&ts=AHEpC3YmC3QpA0.."
    CHR Session Restore: Default -> [funkcja włączona]
    S2 DeskTop_F; C:\ProgramData\desktopfind\desktop244.exe [236728 2016-03-16] (DeskTopService)
    S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.11.266\McCHSvc.exe [235696 2015-12-02] (McAfee, Inc.)
    R2 qkseeService; C:\Program Files (x86)\qksee\qkseeSvc.exe [658512 2016-04-15] (Qksee Pvt Ltd.)
    R2 winzipersvc; C:\Program Files (x86)\WinZipper\winzipersvc.exe [705656 2016-04-20] (Winzipper Pvt Ltd.) <==== UWAGA
    S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]
    S2 jIxmRfR_protect; "C:\ProgramData\jIxmRfR\protect\protect.exe" [X]
    S2 jIxmRfR_update; "C:\Program Files (x86)\jIxmRfR\jIxmRfR\bin\jIxmRfR_server.exe" [X]
    S3 mfeaack01; \Device\mfeaack01.sys [X]
    2016-05-01 04:01 - 2016-05-01 13:46 - 00002165 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
    2016-05-01 04:01 - 2016-05-01 04:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
    2016-05-01 04:01 - 2016-05-01 04:01 - 00000000 ____D C:\ProgramData\McAfee Security Scan
    2016-05-01 04:01 - 2016-05-01 04:01 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
    2016-04-24 17:25 - 2016-04-24 17:25 - 00000000 ____D C:\ProgramData\desktopfind
    2016-04-21 13:34 - 2016-04-21 13:34 - 00000000 ____D C:\ProgramData\jIxmRfR
    2016-04-21 13:33 - 2016-05-01 13:15 - 00014746 _____ C:\Windows\System32\Tasks\jIxmRfRCheckTask
    2016-04-21 13:33 - 2016-05-01 13:15 - 00014744 _____ C:\Windows\System32\Tasks\jIxmRfRBrowserUpdateUA
    2016-04-21 13:33 - 2016-05-01 13:15 - 00003804 _____ C:\Windows\System32\Tasks\jIxmRfRBrowserUpdateCore
    2016-04-21 13:33 - 2016-05-01 13:15 - 00000000 ____D C:\Program Files (x86)\jIxmRfR
    2016-04-21 13:33 - 2016-04-21 13:33 - 00000000 ____D C:\Users\Public\Documents\jIxmRfR
    2016-04-21 13:33 - 2016-04-21 13:33 - 00000000 ____D C:\Users\filipek37\AppData\Local\jIxmRfR
    2016-04-18 16:03 - 2016-05-01 13:44 - 00000000 ____D C:\Program Files (x86)\Elex-tech
    2016-04-18 16:03 - 2016-05-01 13:42 - 00000000 ____D C:\Users\filipek37\AppData\Roaming\Elex-tech
    2016-04-15 14:01 - 2016-05-01 13:53 - 00000000 ____D C:\Program Files (x86)\qksee
    2016-04-15 14:01 - 2016-05-01 02:33 - 00000000 ____D C:\Program Files (x86)\WinZipper
    2016-04-15 14:01 - 2016-04-18 16:01 - 00000000 ____D C:\Users\filipek37\AppData\Roaming\WinZiper
    2016-04-15 14:01 - 2016-04-15 14:01 - 00015040 _____ C:\Windows\System32\Tasks\Browser Updater Task(Core)
    2016-04-15 14:01 - 2016-04-15 14:01 - 00000000 ____D C:\Users\filipek37\AppData\Roaming\qksee
    2016-04-15 14:01 - 2016-04-15 14:01 - 00000000 ____D C:\Users\filipek37\AppData\Roaming\eCyber
    2016-04-15 14:01 - 2016-04-15 14:01 - 00000000 ____D C:\ProgramData\rwinpr
    2016-04-15 14:01 - 2016-04-15 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    2016-04-15 14:01 - 2016-04-15 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qksee
    2016-04-15 14:01 - 2016-04-15 14:01 - 00000000 ____D C:\Program Files (x86)\QQBrowser
    EmptyTemp:

    W FRST wybierz Napraw.

    Usun katalog C:\FRST.

    0
  • #3 01 Maj 2016 21:07
    filipek37
    Poziom 2  

    Wygląda na to, że nie ma śladu po tych śmieciach. Dzięki wielkie!
    Problem z usunięciem złośliwego programu qksee

    0