Dziwne chińskie programy

Dla specjalistów Bezpieczeństwo
#1

Witam, wczoraj mój znajomy dorwał się do mojego komputera i naściągał mnóstwo programów, udało mi się większość usunąć ale zostały jeszcze jakieś chińskie programy których nie mogę się pozbyć.

 

FRST

http://www.wklej.org/id/1702060/

 

Addition

http://www.wklej.org/id/1702063/

#2

Odinstaluj Adobe Reader 9.5.1 - Polish.Otwórz notatnik systemowy i wklej:

Task: {236B7024-71FE-49B8-919C-B79C5541D7A6} - System32\Tasks\{3E743975-35A1-4622-A8D9-D0C59A634994} = pcalua.exe -a C:\Users\Pytka\AppData\Roaming\istartsurf\UninstallManager.exe -c -ptid=squadm
Task: {D43A55CA-C770-42E6-B3D0-CE649CB2559B} - System32\Tasks\{FB51A81C-9FFB-4FF8-8908-64E0E88F0707} = pcalua.exe -a C:\Users\Pytka\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=amt
Task: C:\Windows\Tasks\85dd63a7-c475-4528-a5cf-55f4e52df87b-1-6.job = C:\Program Files (x86)\GoHD\85dd63a7-c475-4528-a5cf-55f4e52df87b-1-6.exe ==== ATTENTION
Task: C:\Windows\Tasks\85dd63a7-c475-4528-a5cf-55f4e52df87b-1-7.job = C:\Program Files (x86)\GoHD\85dd63a7-c475-4528-a5cf-55f4e52df87b-1-7.exe ==== ATTENTION
Task: C:\Windows\Tasks\85dd63a7-c475-4528-a5cf-55f4e52df87b-10_user.job = C:\Program Files (x86)\GoHD\85dd63a7-c475-4528-a5cf-55f4e52df87b-10.exe ==== ATTENTION
Task: C:\Windows\Tasks\85dd63a7-c475-4528-a5cf-55f4e52df87b-11.job = C:\Program Files (x86)\GoHD\85dd63a7-c475-4528-a5cf-55f4e52df87b-11.exe ==== ATTENTION
Task: C:\Windows\Tasks\85dd63a7-c475-4528-a5cf-55f4e52df87b-3.job = C:\Program Files (x86)\GoHD\85dd63a7-c475-4528-a5cf-55f4e52df87b-3.exe ==== ATTENTION
Task: C:\Windows\Tasks\85dd63a7-c475-4528-a5cf-55f4e52df87b-4.job = C:\Program Files (x86)\GoHD\85dd63a7-c475-4528-a5cf-55f4e52df87b-4.exe ==== ATTENTION
Task: C:\Windows\Tasks\85dd63a7-c475-4528-a5cf-55f4e52df87b-5.job = C:\Program Files (x86)\GoHD\85dd63a7-c475-4528-a5cf-55f4e52df87b-5.exe ==== ATTENTION
Task: C:\Windows\Tasks\85dd63a7-c475-4528-a5cf-55f4e52df87b-5_user.job = C:\Program Files (x86)\GoHD\85dd63a7-c475-4528-a5cf-55f4e52df87b-5.exe ==== ATTENTION
Task: C:\Windows\Tasks\85dd63a7-c475-4528-a5cf-55f4e52df87b-6.job = C:\Program Files (x86)\GoHD\85dd63a7-c475-4528-a5cf-55f4e52df87b-6.exe ==== ATTENTION
Task: C:\Windows\Tasks\85dd63a7-c475-4528-a5cf-55f4e52df87b-7.job = C:\Program Files (x86)\GoHD\85dd63a7-c475-4528-a5cf-55f4e52df87b-7.exe ==== ATTENTION
Task: C:\Windows\Tasks\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-1-6.job = C:\Program Files (x86)\HD Cinema Pro 1.8cV29.04\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-1-6.exe ==== ATTENTION
Task: C:\Windows\Tasks\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-1-7.job = C:\Program Files (x86)\HD Cinema Pro 1.8cV29.04\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-1-7.exe ==== ATTENTION
Task: C:\Windows\Tasks\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-10_user.job = C:\Program Files (x86)\HD Cinema Pro 1.8cV29.04\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-10.exe ==== ATTENTION
Task: C:\Windows\Tasks\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-11.job = C:\Program Files (x86)\HD Cinema Pro 1.8cV29.04\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-11.exe ==== ATTENTION
Task: C:\Windows\Tasks\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-3.job = C:\Program Files (x86)\HD Cinema Pro 1.8cV29.04\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-3.exe ==== ATTENTION
Task: C:\Windows\Tasks\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-4.job = C:\Program Files (x86)\HD Cinema Pro 1.8cV29.04\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-4.exe ==== ATTENTION
Task: C:\Windows\Tasks\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-5.job = C:\Program Files (x86)\HD Cinema Pro 1.8cV29.04\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-5.exe ==== ATTENTION
Task: C:\Windows\Tasks\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-5_user.job = C:\Program Files (x86)\HD Cinema Pro 1.8cV29.04\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-5.exe ==== ATTENTION
Task: C:\Windows\Tasks\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-6.job = C:\Program Files (x86)\HD Cinema Pro 1.8cV29.04\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-6.exe ==== ATTENTION
Task: C:\Windows\Tasks\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-7.job = C:\Program Files (x86)\HD Cinema Pro 1.8cV29.04\a8b4c98f-b1a2-41c3-97b7-8d8d31dd4070-7.exe ==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe ==== ATTENTION
HKLM\...\Run: [baidusdTray] = "C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\baidusdTray.exe" -stmd=3
HKLM\...\Run: [baiduAnTray] = "C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\baiduAnTray.exe" -stmd=3
HKLM-x32\...\Run: [mbot_pl_194] = [X]
HKLM-x32\...\Run: [baidusdTray] = "C:\Program Files (x86)\Baidu\BaiduSd\3.0.0.4605\BaiduSdTray.exe" -stmd=3
HKLM-x32\...\Run: [BaiduAnTray] = "C:\Program Files (x86)\Baidu\BaiduAn\4.0.0.5166\BaiduAnTray.exe" -stmd=3
HKLM-x32\...\Run: [QQPCTray] = C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QQPCTray.exe [355296 2015-05-01] (Tencent)
HKU\S-1-5-21-2867177609-3683156041-2220101083-1001\...\Run: [apphide] = C:\Program Files (x86)\baidu\baidu.exe
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] - {B7667919-3765-4815-A66D-98A09BE662D6} = C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QMGCShellExt64.dll [2015-04-07] (Tencent)
ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = No File
HKU\S-1-5-21-2867177609-3683156041-2220101083-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=91932766_hao_pg
HKU\S-1-5-21-2867177609-3683156041-2220101083-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=91932766_hao_pg
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: 电脑管家网页防火墙 - {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} - C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\TSWebMon64.dat [2015-05-01] (Tencent)
BHO-x32: No Name - {7a0ab196-76b2-4ee2-858e-7efdc93c3a47} - No File
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
FF Extension: Lolifox by ChaosRing - C:\Users\Pytka\AppData\Roaming\Mozilla\Firefox\Profiles\5yta5m7o.default\Extensions\LF@ChaosRing [2011-03-12]
FF Extension: Mozilla Firefox Hotfixer - C:\Users\Pytka\AppData\Roaming\Mozilla\Firefox\Profiles\5yta5m7o.default\Extensions\veggy@veggyAddon.com [2015-05-02]
FF Extension: Zoom It - C:\Users\Pytka\AppData\Roaming\Mozilla\Firefox\Profiles\5yta5m7o.default\Extensions\{071b9a14-18c6-9c4e-941b-8c71e8778c0b} [2015-05-01]
FF Extension: SeoQuake - C:\Users\Pytka\AppData\Roaming\Mozilla\Firefox\Profiles\5yta5m7o.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} [2014-09-05]
FF Extension: Zoom It - C:\Users\Pytka\AppData\Roaming\Mozilla\Firefox\Profiles\5yta5m7o.default\Extensions\{392499a4-ec30-c6e4-0ef2-ceb40d74b8b6} [2015-05-01]
FF Extension: Zoom It - C:\Users\Pytka\AppData\Roaming\Mozilla\Firefox\Profiles\5yta5m7o.default\Extensions\{524febbb-c733-a7a7-f87c-c17f007dcad3} [2015-05-02]
CHR Extension: (GoHD) - C:\Users\Pytka\AppData\Local\Google\Chrome\User Data\Default\Extensions\fijhlnmmmgflacagjecncpmpnhjieggk [2015-05-01]
OPR Extension: (GoHD) - C:\Users\Pytka\AppData\Roaming\Opera Software\Opera Stable\Extensions\fijhlnmmmgflacagjecncpmpnhjieggk [2015-05-01]
R2 QQPCRTP; C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QQPCRTP.exe [297608 2015-05-01] (Tencent)
S3 TAOFrame; C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\TAOFrame.exe [293728 2015-05-01] (Tencent)
S2 Update Wooden Seal; "C:\Program Files (x86)\Wooden Seal\updateWoodenSeal.exe" [X]
S2 Util Wooden Seal; "C:\Program Files (x86)\Wooden Seal\bin\utilWoodenSeal.exe" [X]
R2 BDMNetMon; C:\Windows\System32\DRIVERS\BDMNetMon.sys [241992 2015-04-03] (Baidu)
R1 QMUdisk; C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QMUdisk64.sys [62264 2015-05-01] (Tencent)
R2 QQSysMonX64; C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\QQSysMonX64.sys [127800 2015-05-01] (电脑管家)
R2 TAOAccelerator; C:\Windows\system32\Drivers\TAOAccelerator64.sys [99640 2015-05-01] (Tencent)
R1 TAOKernelDriver; C:\Windows\System32\Drivers\TAOKernel64.sys [174392 2015-05-01] (Tencent Technology(Shenzhen) Company Limited)
R3 TFsFlt; C:\Windows\System32\Drivers\TFsFltX64.sys [87864 2015-05-01] (电脑管家)
R3 TS888x64; C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\TS888x64.sys [28984 2015-05-02] (Tencent)
R1 TSCPM; C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\tscpm64.sys [42296 2015-05-01] (电脑管家)
R1 TSDefenseBt; C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\TSDefenseBT64.sys [28472 2015-05-01] (Tencent)
S3 TSSKX64; C:\Windows\System32\drivers\tsskx64.sys [38200 2015-05-01] (电脑管家)
R1 TSSysKit; C:\Program Files (x86)\Tencent\QQPCMgr\10.8.16208.227\TSSysKit64.sys [87352 2015-05-01] (电脑管家)
S2 BDDefense; \\C:\Windows\system32\drivers\BDDefense.sys [X]
S1 BdSandBox; system32\DRIVERS\BdSandBox.sys [X]
S3 catchme; \\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 MBAMSwissArmy; \\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
2015-05-01 15:13 - 2015-05-02 21:23 - 00000000 ____ D () C:\AdwCleaner
2015-05-01 14:01 - 2015-05-01 14:01 - 00003142 _____ () C:\Windows\System32\Tasks\{3E743975-35A1-4622-A8D9-D0C59A634994}
2015-05-01 13:16 - 2015-05-02 21:25 - 00028984 _____ (Tencent) C:\Windows\SysWOW64\Drivers\TS888x64.sys
2015-05-01 12:44 - 2015-05-01 12:44 - 00000000 ____ D () C:\ProgramData\TXQMPC
2015-05-01 12:36 - 2015-05-01 14:37 - 00000000 ____ D () C:\Program Files (x86)\a76f65d9-73cf-4a6d-8fb1-858eae77f4ff
2015-05-01 12:30 - 2015-05-01 12:30 - 00000000 ____ D () C:\Program Files\Common Files\Tencent
2015-05-01 12:30 - 2015-05-01 12:27 - 00099640 _____ (Tencent) C:\Windows\system32\Drivers\TAOAccelerator64.sys
2015-05-01 12:29 - 2015-05-01 12:29 - 00000000 ____ D () C:\Users\Pytka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-05-01 12:29 - 2015-05-01 12:27 - 00174392 _____ (Tencent Technology(Shenzhen) Company Limited) C:\Windows\system32\Drivers\TAOKernel64.sys
2015-05-01 12:29 - 2015-05-01 12:27 - 00087864 _____ (电脑管家) C:\Windows\system32\Drivers\TFsFltX64.sys
2015-05-01 12:29 - 2015-05-01 12:27 - 00038200 _____ (电脑管家) C:\Windows\system32\Drivers\TSSKX64.sys
2015-05-01 12:28 - 2015-05-01 14:37 - 00000000 ____ D () C:\Program Files (x86)\4c3a4aa7-1165-401e-8150-331fd2643d97
2015-05-01 12:28 - 2015-05-01 12:28 - 00003136 _____ () C:\Windows\System32\Tasks\{FB51A81C-9FFB-4FF8-8908-64E0E88F0707}
2015-05-01 12:25 - 2015-05-02 13:06 - 00000000 ____ D () C:\Users\Pytka\AppData\Roaming\Tencent
2015-05-01 12:25 - 2015-05-01 16:29 - 00000000 ____ D () C:\ProgramData\Tencent
2015-05-01 12:25 - 2015-05-01 12:25 - 00000000 ____ D () C:\Program Files (x86)\Tencent
2015-05-01 12:21 - 2015-04-03 07:02 - 00241992 _____ (Baidu) C:\Windows\system32\Drivers\BDMNetMon.sys
2015-05-01 12:19 - 2015-04-03 07:02 - 00152392 _____ (Baidu Technology) C:\Windows\system32\Drivers\BDArKit.sys
2015-05-01 12:19 - 2015-04-03 07:02 - 00062280 _____ (Baidu) C:\Windows\system32\Drivers\BDMWrench_x64.sys
2015-05-01 12:18 - 2015-05-01 14:50 - 00000000 ____ D () C:\Program Files (x86)\Wooden Seal
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

Zadziałało, dzięki wielkie.

#4

Skasuj folder C:\FRST

Zainstaluj Foxit Reader http://ninite.com/foxit/