Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

problem z rising antivieus - jak go usunąc

kamil0240 13 Cze 2016 15:08 510 10
  • #1 13 Cze 2016 15:08
    kamil0240
    Poziom 6  

    witam mam problem z odinstalowaniem rising antivirus. Poniewaz nie mam w panelu sterowania tego programu , wgrał mi sie sam wiec co i jak mam zrobic podpowie ktos , bo sam tego nie umiem rozwiazac , skanowałem frst mam dwa pliki txt z niego , a dalej co robic nie wiem . adw nic nie wykrywa , oto te pliki

    0 10
  • #2 13 Cze 2016 15:15
    Kolobos
    Spec od komputerów

    Obok frst.exe utworz plik Fixlist.txt z zawartoscia:
    CloseProcesses:
    AV: ?????? (Enabled - Up to date) {ADB615F7-AE69-7E78-D0C7-B1F92C60FF03}
    AS: ?????? (Enabled - Up to date) {16D7F413-8853-71F6-EA77-8A8B57E7B5BE}
    Task: {419193AB-6353-484A-86C3-0A7B46D72820} - System32\Tasks\DriverToolkit Autorun => D:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
    Task: {AB1EF580-FBF8-4E69-BF59-6B62BB9EE6FE} - System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380} => C:\Program Files (x86)\Rising\Rav\rsdelaylauncher.exe [2015-03-04] (Beijing Rising Information Technology Co., Ltd.)
    Task: C:\Windows\Tasks\DriverToolkit Autorun.job => D:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
    2016-06-12 20:02 - 2014-10-17 05:21 - 00104728 ____N () C:\Program Files (x86)\Rising\Rav\CMPB.DLL
    2016-06-12 20:02 - 2014-10-17 05:21 - 00069400 ____N () C:\Program Files (x86)\Rising\Rav\CMPCUsb.dll
    2016-06-12 20:02 - 2014-10-17 05:21 - 00104728 ____N () C:\Program Files (x86)\Rising\Rav\CMPB.dll
    (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\Rav\ravmond.exe
    (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\Rav\rstray.exe
    (Beijing Rising Information Technology Co., Ltd.) C:\Program Files (x86)\Rising\Rav\rstray64.exe
    () C:\Program Files (x86)\Rising\Rav\CMPA.exe
    HKCU\...\Run: [Tok-Cirrhatus] - [x]
    MountPoints2: G - G:\AutoRun.exe
    MountPoints2: {4dcd7e3d-756a-11e5-a08c-00270e08f463} - G:\AutoRun.exe
    MountPoints2: {b4641fce-c4fb-11e5-92ed-00270e08f463} - G:\Startme.exe
    MountPoints2: {d8ccd3f3-b6c9-11e5-9140-00270e08f463} - G:\AutoRun.exe
    MountPoints2: {d8ccd3f7-b6c9-11e5-9140-00270e08f463} - G:\AutoRun.exe
    HKLM-x32\...\Run: [RavTRAY] - C:\Program Files (x86)\Rising\Rav\rstray.exe [111000 2014-10-17] (Beijing Rising Information Technology Co., Ltd.)
    HKLM-x32\...\Run: [RsTurboball] - "C:\Program Files (x86)\Rising\Rav
    sturboball.exe" -system
    BootExecute: autocheck autochk * bsmain
    SearchScopes: HKLM - DefaultScope value is missing.
    FF Plugin-x32: @rising.com.cn/nprising - C:\Program Files (x86)\Rising\Rav\nprising.dll (Beijing Rising Information Technology Co., Ltd.)
    FF Plugin HKCU: @rising.com.cn/nprising - C:\Program Files (x86)\Rising\Rav\nprising.dll (Beijing Rising Information Technology Co., Ltd.)
    R2 RsRavMon; C:\Program Files (x86)\Rising\Rav\ravmond.exe [280560 2016-04-13] (Beijing Rising Information Technology Co., Ltd.)
    R1 rsktdi; C:\Windows\system32\drivers\rsktdi.sys [23704 2015-12-10] (Beijing Rising Information Technology Co., Ltd.)
    R1 rsutils; C:\Windows\System32\DRIVERS\rsutils.sys [84672 2015-11-13] (Beijing Rising Information Technology Co., Ltd.)
    R0 sysmon; C:\Windows\System32\DRIVERS\sysmon.sys [131040 2016-05-31] (Beijing Rising Information Technology Co., Ltd.)
    U3 au3htxig; C:\Windows\System32\Drivers\au3htxig.sys [0 ] (Microsoft Corporation)




    S3 X6va035; \??\C:\Windows\SysWOW64\Drivers\X6va035 [x]
    S3 X6va062; \??\C:\Windows\SysWOW64\Drivers\X6va062 [x]
    2016-06-12 20:24 - 2016-06-13 14:29 - 00003312 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
    2016-06-12 20:20 - 2016-06-12 20:21 - 00001293 _____ C:\AdwCleaner[S1].txt
    2016-06-12 20:19 - 2016-06-12 20:20 - 00001239 _____ C:\AdwCleaner[R1].txt
    2016-06-12 20:18 - 2016-06-12 20:18 - 00636146 _____ C:\Users\marcin\Downloads\AdwCleaner 2.303 [32Bit & 64Bit] [PL].7z
    2016-06-12 20:02 - 2016-06-12 20:23 - 00000000 ___RD C:\RavBin
    2016-06-12 20:02 - 2016-06-12 20:02 - 00000150 __RSH C:\rising.ini
    2016-06-12 20:02 - 2016-06-12 20:02 - 00000134 _____ C:\Windows\SysWOW64\BsMain.ini
    2016-06-12 20:02 - 2016-06-12 20:02 - 00000000 ____D C:\Users\marcin\.android
    2016-06-12 20:02 - 2016-05-31 07:50 - 00131040 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\sysmon.sys
    2016-06-12 20:02 - 2015-12-10 11:05 - 00023704 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsktdi.sys
    2016-06-12 20:02 - 2015-11-13 10:59 - 00084672 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsutils.sys
    2016-06-12 20:02 - 2014-10-24 03:46 - 00332056 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\ravext64.dll
    2016-06-12 20:02 - 2014-10-24 03:46 - 00260376 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\ravext.dll
    2016-06-12 20:02 - 2014-10-17 05:21 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
    2016-06-12 20:02 - 2014-10-17 05:19 - 00240472 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\bsmain.exe
    2016-06-12 20:02 - 2014-10-17 05:18 - 00011888 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\system32\Drivers\rsndisp.sys
    2016-06-12 20:01 - 2016-06-12 20:02 - 00000000 ____D C:\ProgramData\Rising
    2016-06-12 20:01 - 2016-06-12 20:02 - 00000000 ____D C:\Program Files (x86)\Rising
    2016-06-12 20:23 - 2016-06-12 20:02 - 00000000 ___RD C:\RavBin
    EmptyTemp:

    W FRST wybierz Napraw.

    Zamiesc nowe logi z FRST, ze skanowania.

    0
  • #4 13 Cze 2016 16:30
    Kolobos
    Spec od komputerów

    Miales zamiescic nowe logi z FRST, ze skanowania, a nie Fixlog.

    0
  • Pomocny post
    #6 13 Cze 2016 16:49
    Kolobos
    Spec od komputerów

    Wykonaj w trybie awaryjny nowy Fixlist.txt:
    CloseProcesses:
    () C:\Program Files (x86)\Rising\Rav\ravmond.exe
    MountPoints2: {d8ccd3f7-b6c9-11e5-9140-00270e08f463} - G:\AutoRun.exe
    HKLM-x32\...\Run: [RavTRAY] - "C:\Program Files (x86)\Rising\Rav\RSTRAY.EXE" -system
    R2 RsRavMon; "C:\Program Files (x86)\Rising\Rav\ravmond.exe" [x]
    U3 a0x2awj6; C:\Windows\System32\Drivers\a0x2awj6.sys [0 ] (Microsoft Corporation)
    U4 au3htxig;
    U4 rsktdi;
    U4 rsutils;
    R0 sysmon; system32\DRIVERS\sysmon.sys [x]
    U4 X6va035;
    U4 X6va062;
    2016-06-12 20:01 - 2016-06-12 20:02 - 00000000 ____D C:\ProgramData\Rising
    2016-06-12 20:01 - 2016-06-12 20:02 - 00000000 ____D C:\Program Files (x86)\Rising

    Po wykonaniu zamiesc nowe logi razem z nowym addition.txt!

    0
  • Pomocny post
    #8 13 Cze 2016 17:25
    Kolobos
    Spec od komputerów

    Nowy Fixlist.txt dla FRST:
    AV: ?????? (Enabled - Up to date) {ADB615F7-AE69-7E78-D0C7-B1F92C60FF03}
    AS: ?????? (Enabled - Up to date) {16D7F413-8853-71F6-EA77-8A8B57E7B5BE}
    U4 a0x2awj6;
    U4 au3htxig;
    U4 rsktdi;
    S4 RsRavMon;
    U4 rsutils;
    S4 sysmon;
    U4 X6va035;
    U4 X6va062;
    Reboot:

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    0
  • #9 13 Cze 2016 17:26
    kamil0240
    Poziom 6  

    zrobic to w trybie awaryjnym tez czy normalnie?

    0
  • Pomocny post
    #10 13 Cze 2016 17:28
    Kolobos
    Spec od komputerów

    Obojetne. •

    0
  • #11 13 Cze 2016 17:32
    kamil0240
    Poziom 6  

    dzieki wielkie za pomoc :)

    0