WIRUS TASKLIST

irawr110 · 14 Maja 2016

Witam mam problem ponieważ pobrałem jakiś wirus i nie mogę się go pozbyć adw cleaner proszę o szybką pomoc :/ załączam pliki z programu FRST

Addition.txt

FRST.txt

Shortcut.txt

picasso · 16 Maja 2016

Temat założony w złym dziale, przenoszę do diagnostyki malware. Co masz na myśli mówiąc "wirus tasklist"? W raportach widać całkiem co innego, czyli instalacje adware/PUP z chińskiej rodziny Tencent. Pod tym kątem:

1. W Menu Start uruchom poniższy skrót deinstalacyjny chińskiego antywirusa Kingsoft - nawet jeśli ten antywirus był instalowany celowo (a nie w paczce z adware), to i tak jest przestarzały.

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingsoft Antivirus\Uninstall Kingsoft Antivirus.lnk -> C:\Program Files (x86)\kingsoft\kingsoft antivirus\uninst.exe (Kingsoft Corporation)

2. Otwórz Notatnik i wklej w nim:

CloseProcesses:
S2 GoogleChromeUpService; C:\ProgramData\service.exe [1755136 2016-04-27] () [brak podpisu cyfrowego]
S2 GoogleChromeUpSvc; C:\ProgramData\Windows Update\svrupg.exe [2783744 2016-05-14] (TODO: ) [brak podpisu cyfrowego]
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe [301656 2016-05-14] (Tencent)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUdisk64.sys [184952 2016-04-18] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQSysMonX64.sys [138488 2016-05-14] (电脑管家)
R1 softaal; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\softaal64.sys [35064 2016-05-14] (Tencent)
R3 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [89880 2016-05-14] (Tencent)
R1 TAOKernelDriver; C:\Windows\system32\Drivers\TAOKernel64.sys [137976 2016-05-14] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87800 2016-05-14] (电脑管家)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSDefenseBT64.sys [28984 2016-05-14] (Tencent)
R2 tsnethlpx64; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TsNetHlpX64.sys [48376 2016-05-14] ()
R3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [45304 2016-05-14] (电脑管家)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSSysKit64.sys [87288 2016-05-14] (电脑管家)
S3 cpuz138; \??\C:\Users\x\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S2 noteupdateservice; "C:\Program Files (x86)\anote\anote.exe" -svc [X]
S2 twsHlpSrv; "C:\Program Files (x86)\Tawesh\twsHlpSrv.exe" {79740E79-A383-47A7-B513-3DF6563D007F} {A16B1AF7-982D-40C3-B5C1-633E1A6A6678} [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\30443803.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\41461616.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\30443803.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\41461616.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
Task: {0FD852EE-D3D3-44D2-B619-E3D12BD31386} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {155D2E0D-C386-48EC-8C81-96171E43326E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\BaiduPinyinUpdate.job => C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\bdupdate.exe
Task: C:\Windows\Tasks\Pritc.job => C:\Users\x\AppData\Local\Temp\00026056\casrss.exe 
Task: C:\Windows\Tasks\svchost.job => C:\Windows\Temp\7855.tmy 
HKLM-x32\...\Run: [ QQPCTray] => C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe [356464 2016-05-14] (Tencent)
HKU\S-1-5-19\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} =>  Brak pliku
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=92552456_hao_pg
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3571118831-541648067-3504218841-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hao123.com/?tn=92552456_hao_pg
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TSWebMon64.dat [2016-05-14] (Tencent)
FF Plugin-x32: @baidu.com/npxbdcntb -> C:\Program Files (x86)\Baidu\BaiduPinyin\3.3.2.1028\npxbdcntb.dll [brak pliku]
FF Plugin-x32: @qq.com/QQPCMgr -> C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\npQMExtensionsMozilla.dll [2016-05-14] (Tencent Technology (Shenzhen) Company Limited)
AV: 电脑管家系统防护 (Enabled - Up to date) {6F9C3F92-B625-0E47-F0B1-447602EC65F5}
AS: 电脑管家系统防护 (Enabled - Up to date) {D4FDDE76-901F-01C9-CA01-7F04796B2F48}
FirewallRules: [{FDEC9359-C73A-4ED9-9B11-45C684DD9A90}] => (Allow) C:\Windows\Temp\download\MiniThunderPlatform.exe
FirewallRules: [{A2F9975D-68EA-49FA-ACF7-43095E23779D}] => (Allow) C:\Windows\Temp\download\MiniThunderPlatform.exe
FirewallRules: [{048C35D3-E5B0-459F-B645-34FF70CCBB1E}] => (Allow) c:\users\x\appdata\roaming\download\MiniThunderPlatform.exe
FirewallRules: [{989BB1FA-13A5-4D53-8547-636A34E30413}] => (Allow) c:\users\x\appdata\roaming\download\MiniThunderPlatform.exe
FirewallRules: [{795D00F9-940E-466E-83DC-1DF2DE20F4A7}] => (Allow) C:\Users\x\AppData\Local\Temp\00562\download\MiniThunderPlatform.exe
FirewallRules: [{4B0A5CDC-F89E-4D0A-A1CC-EE30FBBCA667}] => (Allow) C:\Users\x\AppData\Local\Temp\00562\download\MiniThunderPlatform.exe
FirewallRules: [{68286F27-7935-4F3E-8A82-211AE0FA36EB}] => (Allow) C:\Users\x\AppData\Local\Temp\04850\download\MiniThunderPlatform.exe
FirewallRules: [{0BAE6064-9329-4AD4-B424-61561AB99B51}] => (Allow) C:\Users\x\AppData\Local\Temp\04850\download\MiniThunderPlatform.exe
FirewallRules: [{4DBE008C-B0C3-4F1A-B596-5A161FE382F9}] => (Allow) C:\Users\x\AppData\Local\Temp\09800\download\MiniThunderPlatform.exe
FirewallRules: [{364ED87D-62D3-4F14-A593-D0DA98DFAC1D}] => (Allow) C:\Users\x\AppData\Local\Temp\09800\download\MiniThunderPlatform.exe
FirewallRules: [{EE51B5CD-6FF8-4AC6-9AB2-FB08C188CC4A}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{1FE23FF9-1D4B-45F5-858A-605C95FA9BD4}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{9FA3C538-5FB3-4116-A606-02CA882AF545}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCmgrInstallGuide.exe
FirewallRules: [{AA3FBC6D-2E6D-4AB6-BFCA-0D523171EE2E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCTray.exe
FirewallRules: [{8A1E7B8A-719A-46A4-8DEA-D1783A572AF0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCMgr.exe
FirewallRules: [{23B883EC-A1E0-4C94-B623-609702BE57F4}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCRTP.exe
FirewallRules: [{1A592A96-58C2-43C6-8A2A-605EC5DD7542}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMDL.exe
FirewallRules: [{A7897D8B-C538-4DA9-99EA-596A2D88302A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\bugreport.exe
FirewallRules: [{3B0AC799-126A-422E-886B-631F3685CD73}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCFileOpen.exe
FirewallRules: [{B8D9D8E3-9D03-497F-BCD4-A1FFF93547C0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCLeakScan.exe
FirewallRules: [{29DF9963-4EBA-4F4F-B991-1006F8AD353F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPConfig.exe
FirewallRules: [{F5C9443C-23CB-44A5-8D72-4ED70656E3CC}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCSoftMgr.exe
FirewallRules: [{E252A5E3-1A94-4706-A9FC-25F33A753785}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{A4A87E0D-615A-4035-97EA-7D8828A843CF}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCBTU.exe
FirewallRules: [{DB0ACDDE-FBFF-47DB-8E95-0BB0BE0C5781}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCClinic.exe
FirewallRules: [{2F111240-AF1D-4A9A-9BFF-FEC249C75A6D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCLaunch.exe
FirewallRules: [{D6C69DA5-D2F5-48C3-8A96-FCEBDCD31236}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{A5AF382B-4C4B-4885-967C-E7C3E11630A4}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCSoftGame.exe
FirewallRules: [{A773907D-8B7A-47C0-B4C1-56B8D5DD66EA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCSysOptimize.exe
FirewallRules: [{1A918C40-24D4-4C79-A334-25B976E15DE2}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCUpdateAVLib.exe
FirewallRules: [{05C31B49-BD74-4CEB-9B4F-8A6D684CA036}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQRepair.exe
FirewallRules: [{20F6CC43-C8ED-4086-8D63-BDA26DCD92A0}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\Uninst.exe
FirewallRules: [{5DE9974C-0943-496C-AD82-0172D162260B}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QQPCPatch.exe
FirewallRules: [{4C955EC6-72E2-4DC3-9939-2A2E9DFCE432}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\TpkUpdate.exe
FirewallRules: [{8019DB82-08E8-4426-8C61-BDCEA853A772}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMRouterMgr.exe
FirewallRules: [{85028920-EBB7-4D76-8E8B-5F8CC171A9D9}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMAccountProtection.exe
FirewallRules: [{9A70B93F-B5A5-4292-B47B-68178915D169}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.4.17339.217\QMAdBlock.exe
DeleteKey: HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\mountpoints2
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C:
DeleteKey: HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\GG
C:\Program Files\Common Files\Tencent
C:\Program Files (x86)\Tencent
C:\ProgramData\*.*
C:\ProgramData\Baidu
C:\ProgramData\KRSHistory
C:\ProgramData\Tencent
C:\ProgramData\Thunder Network
C:\ProgramData\TXQMPC
C:\ProgramData\Windows Update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced RAR Repair
C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
C:\Users\Public\Thunder Network
C:\Users\x\AppData\Local\Temp.dat
C:\Users\x\AppData\Local\{94EA4C77-4ED7-49B1-8F2C-26F710EB1C5E}
C:\Users\x\AppData\Local\Google
C:\Users\x\AppData\Local\Microsoft\Windows\GameExplorer\{44372086-486F-45B1-AB62-07948744A077}
C:\Users\x\AppData\Local\Microsoft\Windows\GameExplorer\{C1E07615-2A58-42DA-B113-2351FCD17199}
C:\Users\x\AppData\Local\Microsoft\Windows\GameExplorer\{F476B7E1-7B9E-4B00-86F1-9F5ED9CE2455}
C:\Users\x\AppData\LocalLow\Baidu
C:\Users\x\AppData\Roaming\*.*
C:\Users\x\AppData\Roaming\download
C:\Users\x\AppData\Roaming\Tencent
C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
C:\Users\x\Desktop\Kacper\Gry\NBA 2K14.lnk
C:\Users\x\Desktop\Programy\Adobe Reader XI.lnk
C:\Windows\AdBlock.exe
C:\Windows\systwin.exe
C:\Windows\system32\Drivers\TAOAccelerator64.sys
C:\Windows\system32\Drivers\TAOKernel64.sys
C:\Windows\system32\Drivers\TFsFltX64.sys
C:\Windows\system32\Drivers\TSSKX64.sys
C:\Windows\system32\baiducn.ime
C:\Windows\SysWOW64\baiducn.ime
Hosts:
EmptyTemp:

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

Z menu Notatnika > Plik > Zapisz jako > wprowadź nazwę fixlist.txt > Kodowanie zmień na UTF-8

Plik fixlist.txt umieść w folderze z którego uruchamiasz FRST. Przejdź w Tryb awaryjny Windows. Uruchom FRST i kliknij w Napraw (Fix). Czekaj cierpliwie, nie przerywaj działania. Gdy Fix ukończy pracę, nastąpi restart systemu. opuść Tryb awaryjny. W tym samym katalogu skąd uruchamiano FRST powstanie plik fixlog.txt.

3. Zrób nowy log FRST z opcji Skanuj (Scan), ponownie z Addition, już bez Shortcut. Dołącz też plik fixlog.txt.

Edytowane 16 Czerwca 2016 przez picasso
Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso

Zaloguj się

WIRUS TASKLIST

Rekomendowane odpowiedzi

irawr110

Odnośnik do komentarza

picasso

Odnośnik do komentarza

Ostatnio przeglądający 0 użytkowników

Przeglądaj

Cała aktywność