Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Lenovo B50 Niebieskie okno dialogowe z chińskimi napisami

troojan90 10 Paź 2017 22:20 495 9
  • #1 10 Paź 2017 22:20
    troojan90
    Poziom 5  

    Witam, wziąłem dziś do ręki laptopa od taty i na samym starcie systemu wyskoczyło mi, niebieskie okno dialogowo z napisami po chińsku, tata nie ma pojęcia to ma pojęcia skąd i ile już ma ten program, dorzucam w załącznikach FRST i Addition.

    0 9
  • Pomocny post
    #2 11 Paź 2017 07:56
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    CloseProcess:
    AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMGCShellExt64.dll [2017-10-10] (Tencent)
    ContextMenuHandlers3: [QMContextScan] -> {63332668-8CE1-445D-A5EE-25929176714E} => C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMContextScan64.dll [2017-10-10] (Tencent)
    ContextMenuHandlers3: [QMContextUninstall] -> {CBDECEF7-7A29-4cbf-A009-2673D82C7BF9} => C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMContextUninstall64.dll [2017-10-10] (Tencent)
    ContextMenuHandlers5: [QMRealTimeSpeedupShellContextMenuExtension] -> {C5617F6A-39BB-436D-91CF-61C1B45DD688} => C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMGCShellExt64.dll [2017-10-10] (Tencent)
    ContextMenuHandlers6: [QMContextScan] -> {63332668-8CE1-445D-A5EE-25929176714E} => C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMContextScan64.dll [2017-10-10] (Tencent)
    ContextMenuHandlers6: [QMContextUninstall] -> {CBDECEF7-7A29-4cbf-A009-2673D82C7BF9} => C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMContextUninstall64.dll [2017-10-10] (Tencent)
    2017-10-10 20:34 - 2017-09-11 13:02 - 000129824 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\DnsSec64.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000111392 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMAntiInject.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\zlib.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000488224 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\sqlite.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\tinyxml.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000062240 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000066336 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
    2017-10-10 20:31 - 2016-02-28 00:55 - 000036128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\oDayProtect.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000131872 _____ () c:\program files (x86)\tencent\qqpcmgr\12.9.19147.216\qmrtpcontroller.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000119584 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TavPedc.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000194912 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\xImage.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 002156896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\GF.dll




    2017-10-10 20:31 - 2017-10-10 20:31 - 000092512 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\xGraphic32.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\libpng.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\libjpegturbo.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\libexpatw.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000342368 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\arkGraphic.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000045408 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\jgImage.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\jgIOStub.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 001188640 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\LuaProxy.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000078624 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\MemDefrag.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000291616 _____ () c:\program files (x86)\tencent\qqpcmgr\12.9.19147.216\qmtrayplugin\qmautotaskplugin\subplugins\operationfilecloudmgr.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000379232 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\DlForQd.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000250656 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMWlanMacDll.dll
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQPCRTP.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQPCTray.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMDeskTopGC.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMDL.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMUsbGuard.exe
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQPCTRAY.EXE [361888 2017-10-10] (Tencent)
    Tcpip\Parameters: [DhcpNameServer] 37.8.214.2 31.11.202.254
    Tcpip\..\Interfaces\{530BC76C-D12F-4101-92FA-AB39999252C4}: [DhcpNameServer] 37.8.214.2 31.11.202.254
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2126078786-845085007-3559539725-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-2126078786-845085007-3559539725-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TSWebMon64.dat [2017-10-10] (Tencent)
    FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\npQMExtensionsMozilla.dll [2017-10-10] (Tencent Technology (Shenzhen) Company Limited)
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQPCRTP.exe [315512 2017-10-10] (Tencent)
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMUdisk64.sys [205408 2017-10-10] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQSysMonX64.sys [177248 2017-10-10] (电脑管家)
    R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\softaal64.sys [42080 2017-10-10] (Tencent)
    R2 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [119136 2017-10-10] (Tencent)
    R2 TAOKernelDriver; C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys [141408 2017-10-10] (Tencent Technology(Shenzhen) Company Limited)
    R3 TcHardWare; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQPCHW-x64.sys [16552 2017-10-10] (Tencent)
    R3 TFsFlt; C:\WINDOWS\System32\Drivers\TFsFltX64.sys [95840 2017-10-10] (电脑管家)
    S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TSDefenseBT64.sys [28984 2017-10-10] (Tencent)
    R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TsNetHlpX64.sys [58464 2017-10-10] ()
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TSSysKit64.sys [105568 2017-10-10] (电脑管家)
    2017-10-10 20:55 - 2017-10-10 20:55 - 000000000 ____D C:\Users\Czesław\Doctor Web
    2017-10-10 20:55 - 2017-10-10 20:55 - 000000000 ____D C:\ProgramData\Doctor Web
    2017-10-10 20:53 - 2017-10-10 20:53 - 000000000 _____ C:\Users\Czesław\Desktop\$电脑管家-清理垃圾$.qmgc
    2017-10-10 20:43 - 2017-10-10 20:43 - 000388608 _____ (Trend Micro Inc.) C:\Users\Czesław\Downloads\HijackThis_2.0.4.exe
    2017-10-10 20:33 - 2017-10-10 20:33 - 000000000 ____D C:\Users\Czes砤w\AppData\Roaming\Tencent
    2017-10-10 20:33 - 2017-10-10 20:33 - 000000000 ____D C:\Users\Czes砤w
    2017-10-10 20:33 - 2017-10-10 20:31 - 000141408 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
    2017-10-10 20:33 - 2017-10-10 20:31 - 000119136 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys
    2017-10-10 20:32 - 2017-10-10 20:32 - 000000000 ____D C:\ProgramData\TXQMPC
    2017-10-10 20:32 - 2017-10-10 20:32 - 000000000 ____D C:\Program Files\Common Files\Tencent
    2017-10-10 20:31 - 2017-10-10 20:41 - 000000000 ____D C:\ProgramData\Tencent
    2017-10-10 20:31 - 2017-10-10 20:32 - 000000000 ____D C:\Users\Czesław\Desktop\Delphi Trucks 2015.R3
    2017-10-10 20:31 - 2017-10-10 20:31 - 000095840 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
    2017-10-10 20:31 - 2017-10-10 20:31 - 000002268 _____ C:\Users\Public\Desktop\电脑管家.lnk
    2017-10-10 20:31 - 2017-10-10 20:31 - 000000000 ____D C:\Users\Czesław\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
    2017-10-10 20:31 - 2017-10-10 20:31 - 000000000 ____D C:\Program Files (x86)\Tencent
    2017-10-10 20:30 - 2017-10-10 20:52 - 000000000 ____D C:\Users\Czesław\AppData\Roaming\Tencent
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze obok FRST.exe.
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #4 11 Paź 2017 12:27
    krzychupar
    Poziom 40  

    Czy po wykonaniu skryptu restartowałeś komputer ?. Jeżeli nie to zrób restart i po tym uruchom FRST ponownie i zamieść nowe logi z FRST.

    0
  • #5 11 Paź 2017 12:42
    troojan90
    Poziom 5  

    Komputer sam sie zrestartował w trakcie naprawy post wyżej wrzuciłem logi po restarcie i naprawi, okno już nie wyskakuje ale na pasku zadań została jakaś ikona z napisami w języku mi bliżej nie znanym nazwijmy go chiński. Są też zegary cpu itd.

    Edit:
    Dodaje logi po restarcie ponownym

    0
  • Pomocny post
    #6 11 Paź 2017 13:27
    dt1
    Moderator - Komputery Serwis

    Nowy Fixlist.txt dla Kolegi:

    Code:
    CloseProcesses:
    
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQPCRTP.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQPCTray.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\plugins\QMNetMon\QQPCNetFlow.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMUsbGuard.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQPCRealTimeSpeedup.exe
    (Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMDL.exe
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQPCTray.exe [361888 2017-10-10] (Tencent)
    HKU\S-1-5-21-2126078786-845085007-3559539725-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9105112 2016-11-15] (Piriform Ltd)
    Tcpip\Parameters: [DhcpNameServer] 37.8.214.2 31.11.202.254
    Tcpip\..\Interfaces\{530BC76C-D12F-4101-92FA-AB39999252C4}: [DhcpNameServer] 37.8.214.2 31.11.202.254
    Tcpip\..\Interfaces\{7F42EA7B-1A8B-4215-A048-B5CB6C8C3FF7}: [DhcpNameServer] 169.254.131.49
    HKU\S-1-5-21-2126078786-845085007-3559539725-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
    HKU\S-1-5-21-2126078786-845085007-3559539725-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
    HKU\S-1-5-21-2126078786-845085007-3559539725-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TSWebMon64.dat [2017-10-10] (Tencent)
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQPCRTP.exe [315512 2017-10-10] (Tencent)
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMUdisk64.sys [205408 2017-10-10] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQSysMonX64.sys [177248 2017-10-10] (电脑管家)
    R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\softaal64.sys [42080 2017-10-10] (Tencent)
    R2 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [119136 2017-10-10] (Tencent)
    R2 TAOKernelDriver; C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys [141408 2017-10-10] (Tencent Technology(Shenzhen) Company Limited)
    R3 TFsFlt; C:\WINDOWS\System32\Drivers\TFsFltX64.sys [95840 2017-10-10] (电脑管家)
    R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TS888x64.sys [36344 2017-10-11] (Tencent)
    S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TSDefenseBT64.sys [28984 2017-10-10] (Tencent)
    R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TsNetHlpX64.sys [58464 2017-10-10] ()
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TSSysKit64.sys [105568 2017-10-10] (电脑管家)
    2017-10-11 11:52 - 2017-10-10 20:31 - 000141408 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
    2017-10-11 11:52 - 2017-10-10 20:31 - 000119136 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys
    2017-10-11 11:51 - 2017-10-11 12:20 - 000000000 ____D C:\Users\Czesław\AppData\Roaming\Tencent
    2017-10-11 11:51 - 2017-10-11 11:57 - 000000000 ____D C:\ProgramData\Tencent
    2017-10-11 11:51 - 2017-10-11 11:51 - 000000000 ____D C:\Program Files\Common Files\Tencent
    2017-10-11 11:49 - 2017-10-11 11:49 - 000000000 ____D C:\ProgramData\TXQMPC
    2017-10-11 11:42 - 2017-10-11 11:42 - 000000000 ____D C:\Users\Czes砤w\AppData\Roaming\Tencent
    2017-10-11 11:42 - 2017-10-11 11:42 - 000000000 ____D C:\Users\Czes砤w
    2017-10-11 11:37 - 2017-10-11 12:59 - 000036344 _____ (Tencent) C:\WINDOWS\SysWOW64\Drivers\TS888x64.sys
    2017-10-10 20:31 - 2017-10-10 20:31 - 000095840 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
    2017-10-10 20:31 - 2017-10-10 20:31 - 000000000 ____D C:\Program Files (x86)\Tencent
    AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    CCleaner (HKLM\...\CCleaner) (Version: 5.24 - Piriform)
    gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
    电脑管家12.9 (HKLM-x32\...\QQPCMgr) (Version: 12.9.19147.216 - 腾讯科技(深圳)有限公司) <==== UWAGA
    Task: {0EFE54F7-23C5-43B7-A3EA-E765C7E49D93} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
    Task: {8ED0DF3C-7D64-4926-9627-D02F25BC15FD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-15] (Piriform Ltd)
    2017-10-10 20:34 - 2017-09-11 13:02 - 000129824 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\DnsSec64.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\zlib.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000111392 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMAntiInject.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000488224 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\sqlite.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\tinyxml.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000062240 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\plugins\sysspeeduprtpplugin\SysSpeedupRtpPlugin.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000066336 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\plugins\qmiemalrtpplugin\qmiemalrtpplugin.dll
    2017-10-10 20:31 - 2016-02-28 00:55 - 000036128 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\oDayProtect.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000131872 _____ () c:\program files (x86)\tencent\qqpcmgr\12.9.19147.216\qmrtpcontroller.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000194912 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\xImage.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 002156896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\GF.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000092512 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\xGraphic32.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\libpng.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\libjpegturbo.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\libexpatw.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000342368 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\arkGraphic.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000045408 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\jgImage.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\jgIOStub.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000078624 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\MemDefrag.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000283424 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\OptimizeExDll.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 001188640 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\LuaProxy.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000168736 _____ () c:\program files (x86)\tencent\qqpcmgr\12.9.19147.216\qmhipslogpolicy.dll
    2017-10-10 20:36 - 2017-04-25 17:29 - 000189216 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMLockUtils.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000291616 _____ () c:\program files (x86)\tencent\qqpcmgr\12.9.19147.216\qmtrayplugin\qmautotaskplugin\subplugins\operationfilecloudmgr.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000379232 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\DlForQd.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 002156896 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\plugins\QMNetMon\GF.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000092512 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\plugins\QMNetMon\xGraphic32.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000088416 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\plugins\QMNetMon\zlib.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000137568 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\plugins\QMNetMon\libexpatw.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000100704 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\plugins\QMNetMon\tinyxml.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000342368 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\plugins\QMNetMon\arkGraphic.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000045408 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\plugins\QMNetMon\jgImage.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000014176 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\plugins\QMNetMon\jgIOStub.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000158048 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\plugins\QMNetMon\libpng.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000285024 _____ () C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\plugins\QMNetMon\libjpegturbo.dll
    2017-10-10 20:31 - 2017-10-10 20:31 - 000000000 ____D C:\Program Files (x86)\Tencent
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
    DNS Servers: 37.8.214.2 - 31.11.202.254
    FirewallRules: [{6B3F1A3D-F60B-4608-85B2-847C709A5987}] => (Allow) C:\Users\Czesław\AppData\Local\Temp\nsm180B.tmp\QQPCDownload90005.exe
    FirewallRules: [{FCB2351E-F7D4-4EC8-8DD9-DEF51508BE85}] => (Allow) C:\Users\Czesław\AppData\Local\Temp\nsm180B.tmp\QQPCDownload90005.exe
    FirewallRules: [{C50F0A57-B453-4CA0-B7C7-42E8169D193F}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
    FirewallRules: [{3EDE413F-7965-4745-BC2E-18918DB88695}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
    FirewallRules: [TCP Query User{99F710D8-5C30-4E58-AA22-7E11409EFD10}C:\program files (x86)\tencent\qqpcmgr\12.9.19147.216\qmdl.exe] => (Block) C:\program files (x86)\tencent\qqpcmgr\12.9.19147.216\qmdl.exe
    FirewallRules: [UDP Query User{BC6DC6B6-5A7A-489C-9869-6D498CF67EF4}C:\program files (x86)\tencent\qqpcmgr\12.9.19147.216\qmdl.exe] => (Block) C:\program files (x86)\tencent\qqpcmgr\12.9.19147.216\qmdl.exe
    FirewallRules: [{685E5A72-1BEA-475C-966D-7E284C62051F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMGameCenter.exe
    FirewallRules: [{0A317C7C-6574-4974-9C38-E34E9BEF6981}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMGameCenter.exe
    EmptyTemp:


    Po wykonaniu niech Kolega zamieści fixlog, zrobi kolejny skan i zamieści kolejne logi.

    0
  • #8 11 Paź 2017 14:08
    dt1
    Moderator - Komputery Serwis

    Ciekawa infekcja, FRST nie było w stanie ruszyć tego paskudztwa. Nie jest w stanie zamknąć procesów, usunąć usług ani plików, nawet po wyłączeniu Windowsa podczas restartu. Komputer jest nadal zainfekowany.

    Zainteresowałbym się jakąś mikro dystrybucją linuxa uruchamianą wprost z USB czy płyty (Live) i usunął ręcznie pliki sterownika i programu.

    0
  • Pomocny post
    #9 11 Paź 2017 14:18
    Kolobos
    Spec od komputerów

    Nie pobieraj programow przy pomocy menadzerow pobierania (z dobrychprogramow itp), pobieraj tylko z bezposrednich linkow.

    Uruchom uninstall z katalogu C:\Program Files (x86)\Tencent\ o ile plik nie zostal usuniety.

    Jezeli zostal to uzyj FRST uruchomionego z poziomu WinRe:
    https://www.fixitpc.pl/topic/4414-diagnostyka-infekcji-na-niestartujących-windows/#entry32551

    I tam wykonaj taki Fixlist.txt:
    AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
    AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQPCRTP.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQPCTray.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMDL.exe
    (Tencent) C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMUsbGuard.exe
    (Tencent) C:\Program Files (x86)\Common Files\Tencent\QQDownload\130\Tencentdl.exe
    HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQPCTray.exe [361888 2017-10-10] (Tencent)
    BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TSWebMon64.dat [2017-10-10] (Tencent)
    R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQPCRTP.exe [315512 2017-10-10] (Tencent)
    R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QMUdisk64.sys [205408 2017-10-10] (Tencent)
    R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\QQSysMonX64.sys [177248 2017-10-10] (电脑管家)
    R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\softaal64.sys [42080 2017-10-10] (Tencent)
    R2 TAOAccelerator; C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys [119136 2017-10-10] (Tencent)
    R2 TAOKernelDriver; C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys [141408 2017-10-10] (Tencent Technology(Shenzhen) Company Limited)
    R3 TFsFlt; C:\WINDOWS\System32\Drivers\TFsFltX64.sys [95840 2017-10-10] (电脑管家)
    R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TS888x64.sys [36344 2017-10-11] (Tencent)
    S1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TSDefenseBT64.sys [28984 2017-10-10] (Tencent)
    R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TsNetHlpX64.sys [58464 2017-10-10] ()
    R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\12.9.19147.216\TSSysKit64.sys [105568 2017-10-10] (电脑管家)
    2017-10-11 13:45 - 2017-10-11 13:45 - 000000000 ____D C:\Users\Czes砤w\AppData\Roaming\Tencent
    2017-10-11 13:44 - 2017-10-11 13:45 - 000000000 ____D C:\Users\Czesław\AppData\Roaming\Tencent
    2017-10-11 13:44 - 2017-10-11 13:44 - 000036344 _____ (Tencent) C:\WINDOWS\SysWOW64\Drivers\TS888x64.sys
    2017-10-11 13:44 - 2017-10-10 20:31 - 000141408 _____ (Tencent Technology(Shenzhen) Company Limited) C:\WINDOWS\system32\Drivers\TAOKernelEx64.sys
    2017-10-11 13:44 - 2017-10-10 20:31 - 000119136 _____ (Tencent) C:\WINDOWS\system32\Drivers\TAOAccelerator64.sys
    2017-10-11 13:42 - 2017-10-11 13:42 - 000000000 ____D C:\ProgramData\TXQMPC
    2017-10-11 13:29 - 2017-10-11 13:29 - 001525712 _____ (Tahug ) C:\Users\Czesław\Downloads\DAEMON-Tools-Lite-12708-AsystentPobierania (1).exe
    2017-10-11 13:25 - 2017-10-11 13:25 - 001525712 _____ (Tahug ) C:\Users\Czesław\Downloads\DAEMON-Tools-Lite-12708-AsystentPobierania.exe
    2017-10-11 11:51 - 2017-10-11 11:57 - 000000000 ____D C:\ProgramData\Tencent
    2017-10-11 11:51 - 2017-10-11 11:51 - 000000000 ____D C:\Program Files\Common Files\Tencent
    2017-10-10 20:31 - 2017-10-10 20:31 - 000095840 _____ (电脑管家) C:\WINDOWS\system32\Drivers\TFsFltX64.sys
    2017-10-10 20:31 - 2017-10-10 20:31 - 000000000 ____D C:\Program Files (x86)\Tencent


    Nastepnie wykonaj to samo juz pod Windows, po wykonaniu zamiesc nowe logi z FRST, ze skanowania.

    0
  • #10 11 Paź 2017 21:50
    troojan90
    Poziom 5  

    Panowie wszystkim dziękuje za pomoc ale już nie potrzeba tata uznał, że stać go na nowego laptopa i tak oto dziś pojechał i sobie go kupił, ja tego oddaje znajomemu on mówi że sobie go zrobi dla dzieciaka. Dzięki jeszcze raz :)

    0