Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get rid of the 'tencent qq' chinese virus or whatever it is!


  • This topic is locked This topic is locked
54 replies to this topic

#1 chrismyrs

chrismyrs

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 28 January 2017 - 01:09 AM

hello!

 

i ran the spyhunter, and malwarebytes. but i this didn't work. even booting in safe mode they were there.

 

i've appreciate your support before and Broni was great! i hope to learn more about getting rid of these malwares!

 

best regards,

chris

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:33 AM

Posted 30 January 2017 - 06:30 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Copy FRST / FSRT64.exe to your desktop!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\...\MountPoints2: {2c95ebfd-b4d1-11e1-a368-00266cd21428} - E:\SISetup.exe
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\...\MountPoints2: {55aeda69-e61f-11e0-a94f-e0ca942b68b6} - E:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\...\MountPoints2: {55aef98e-e61f-11e0-a94f-00266cd21428} - E:\AutoRun.exe
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\...\MountPoints2: {6f8c95b6-ea37-11e0-9941-e0ca942b68b6} - E:\AutoRun.exe
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\...\MountPoints2: {6f8c972e-ea37-11e0-9941-00266cd21428} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
URLSearchHook: HKU\S-1-5-21-2056216796-404079109-3211672030-1000 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> No File
Toolbar: HKU\S-1-5-21-2056216796-404079109-3211672030-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
FF Plugin HKU\.DEFAULT: @1.qq.com/npqqwebgame -> C:\windows\system32\config\systemprofile\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.9\npqqwebgame.dll [No File]
S4 LMIRfsClientNP; no ImagePath
S3 Tosrfcom; no ImagePath
U3 ACVEACSWETQB; no ImagePath
U3 browsersrvqb; no ImagePath
R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [X]
U3 tencentqbserv; no ImagePath
R4 TenCommProtect; \??\C:\windows\system32\drivers\TenCommProtect64.sys [X]
R4 TenCommProtect; C:\windows\system32\drivers\TenCommProtect64.sys [X]
Task: {18824C63-3EFE-4549-A81B-752D82481B14} - System32\Tasks\QQBrowser Updater Task(Core) => C:\Users\Misha\AppData\Roaming\QB\QQBrowser.exe [2017-01-27] (Tencent) <==== ATTENTION
Task: {59037816-C778-475F-9D67-2D30A112ED76} - System32\Tasks\QQBrowser Updater Task => C:\Users\Misha\AppData\Roaming\QB\QQBrowser.exe [2017-01-27] (Tencent) <==== ATTENTION
C:\windows\Tasks\0.job => Iexplore exe RunAsStdUser
Task: C:\windows\Tasks\QQBrowser Updater Task(Core).job => C:\Users\Misha\AppData\Roaming\QB\QQBrowser.exe <==== ATTENTION
Task: C:\windows\Tasks\QQBrowser Updater Task.job => C:\Users\Misha\AppData\Roaming\QB\QQBrowser.exe <==== ATTENTION
FirewallRules: [{BA24EB2C-2428-4838-B93D-4F7B5716F13D}] => C:\windows\TEMP\REPAIRHELPER.EXE
EmptyTemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

---

Download and run Chrome Software Cleaner

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 chrismyrs

chrismyrs
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 30 January 2017 - 11:39 AM

Jo,

 

thanks for the help. in a bit i'll do the first action.

 

Best,

Chris Myers



#4 chrismyrs

chrismyrs
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 30 January 2017 - 02:47 PM

Jo,

 

here is the fixlist...

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-01-2017
Ran by Misha (30-01-2017 13:33:55) Run:1
Running from C:\Users\Misha\Desktop
Loaded Profiles: Misha & QBDataServiceUser21 & LogMeInRemoteUser (Available Profiles: Misha & QBDataServiceUser21 & LogMeInRemoteUser)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\...\MountPoints2: {2c95ebfd-b4d1-11e1-a368-00266cd21428} - E:\SISetup.exe
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\...\MountPoints2: {55aeda69-e61f-11e0-a94f-e0ca942b68b6} - E:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\...\MountPoints2: {55aef98e-e61f-11e0-a94f-00266cd21428} - E:\AutoRun.exe
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\...\MountPoints2: {6f8c95b6-ea37-11e0-9941-e0ca942b68b6} - E:\AutoRun.exe
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\...\MountPoints2: {6f8c972e-ea37-11e0-9941-00266cd21428} - E:\AutoRun.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
URLSearchHook: HKU\S-1-5-21-2056216796-404079109-3211672030-1000 - (No Name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File
BHO: No Name -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> No File
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> No File
BHO-x32: No Name -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> No File
Toolbar: HKU\S-1-5-21-2056216796-404079109-3211672030-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} -  No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} -  No File
FF Plugin HKU\.DEFAULT: @1.qq.com/npqqwebgame -> C:\windows\system32\config\systemprofile\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.9\npqqwebgame.dll [No File]
S4 LMIRfsClientNP; no ImagePath
S3 Tosrfcom; no ImagePath
U3 ACVEACSWETQB; no ImagePath
U3 browsersrvqb; no ImagePath
R1 SRepairDrv; \??\C:\Program Files (x86)\Tencent\QQPCMGR\SRepairDrv [X]
U3 tencentqbserv; no ImagePath
R4 TenCommProtect; \??\C:\windows\system32\drivers\TenCommProtect64.sys [X]
R4 TenCommProtect; C:\windows\system32\drivers\TenCommProtect64.sys [X]
Task: {18824C63-3EFE-4549-A81B-752D82481B14} - System32\Tasks\QQBrowser Updater Task(Core) => C:\Users\Misha\AppData\Roaming\QB\QQBrowser.exe [2017-01-27] (Tencent) <==== ATTENTION
Task: {59037816-C778-475F-9D67-2D30A112ED76} - System32\Tasks\QQBrowser Updater Task => C:\Users\Misha\AppData\Roaming\QB\QQBrowser.exe [2017-01-27] (Tencent) <==== ATTENTION
C:\windows\Tasks\0.job => Iexplore exe RunAsStdUser
Task: C:\windows\Tasks\QQBrowser Updater Task(Core).job => C:\Users\Misha\AppData\Roaming\QB\QQBrowser.exe <==== ATTENTION
Task: C:\windows\Tasks\QQBrowser Updater Task.job => C:\Users\Misha\AppData\Roaming\QB\QQBrowser.exe <==== ATTENTION
FirewallRules: [{BA24EB2C-2428-4838-B93D-4F7B5716F13D}] => C:\windows\TEMP\REPAIRHELPER.EXE
EmptyTemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E => key removed successfully
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c95ebfd-b4d1-11e1-a368-00266cd21428} => key removed successfully
HKCR\CLSID\{2c95ebfd-b4d1-11e1-a368-00266cd21428} => key not found. 
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55aeda69-e61f-11e0-a94f-e0ca942b68b6} => key removed successfully
HKCR\CLSID\{55aeda69-e61f-11e0-a94f-e0ca942b68b6} => key not found. 
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55aef98e-e61f-11e0-a94f-00266cd21428} => key removed successfully
HKCR\CLSID\{55aef98e-e61f-11e0-a94f-00266cd21428} => key not found. 
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f8c95b6-ea37-11e0-9941-e0ca942b68b6} => key removed successfully
HKCR\CLSID\{6f8c95b6-ea37-11e0-9941-e0ca942b68b6} => key not found. 
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f8c972e-ea37-11e0-9941-00266cd21428} => key removed successfully
HKCR\CLSID\{6f8c972e-ea37-11e0-9941-00266cd21428} => key not found. 
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} => value removed successfully
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key removed successfully
HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => key removed successfully
HKCR\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key removed successfully
HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => key removed successfully
HKCR\Wow6432Node\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} => key not found. 
HKU\S-1-5-21-2056216796-404079109-3211672030-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found. 
HKCR\PROTOCOLS\Handler\wlmailhtml => key not found. 
HKCR\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0} => key not found. 
HKCR\PROTOCOLS\Handler\wlpg => key not found. 
HKCR\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} => key not found. 
HKU\.DEFAULT\Software\MozillaPlugins\@1.qq.com/npqqwebgame => key removed successfully
C:\windows\system32\config\systemprofile\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.9\npqqwebgame.dll => not found.
HKLM\System\CurrentControlSet\Services\LMIRfsClientNP => key removed successfully
LMIRfsClientNP => service removed successfully
HKLM\System\CurrentControlSet\Services\Tosrfcom => key removed successfully
Tosrfcom => service removed successfully
HKLM\System\CurrentControlSet\Services\ACVEACSWETQB => key removed successfully
ACVEACSWETQB => service removed successfully
HKLM\System\CurrentControlSet\Services\browsersrvqb => key removed successfully
browsersrvqb => service removed successfully
SRepairDrv => Unable to stop service.
HKLM\System\CurrentControlSet\Services\SRepairDrv => key not found. 
SRepairDrv => service removed successfully
HKLM\System\CurrentControlSet\Services\tencentqbserv => key removed successfully
tencentqbserv => service removed successfully
TenCommProtect => Unable to stop service.
HKLM\System\CurrentControlSet\Services\TenCommProtect => key removed successfully
TenCommProtect => service removed successfully
TenCommProtect => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{18824C63-3EFE-4549-A81B-752D82481B14} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18824C63-3EFE-4549-A81B-752D82481B14} => key removed successfully
C:\windows\System32\Tasks\QQBrowser Updater Task(Core) => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QQBrowser Updater Task(Core) => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59037816-C778-475F-9D67-2D30A112ED76} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59037816-C778-475F-9D67-2D30A112ED76} => key removed successfully
C:\windows\System32\Tasks\QQBrowser Updater Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\QQBrowser Updater Task => key removed successfully
"C:\windows\Tasks\0.job => Iexplore exe RunAsStdUser" => not found.
C:\windows\Tasks\QQBrowser Updater Task(Core).job => moved successfully
C:\windows\Tasks\QQBrowser Updater Task.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA24EB2C-2428-4838-B93D-4F7B5716F13D} => value removed successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 16490169 B
Java, Flash, Steam htmlcache => 59293 B
Windows/system/drivers => 1366463593 B
Edge => 0 B
Chrome => 93283825 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 102447881 B
systemprofile32 => 428354 B
LocalService => 66356 B
NetworkService => 20409600 B
Misha => 174748295 B
QBDataServiceUser21 => 0 B
LogMeInRemoteUser => 0 B
 
RecycleBin => 0 B
EmptyTemp: => 1.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:36:35 ====


#5 chrismyrs

chrismyrs
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 30 January 2017 - 02:51 PM

ran the chrome cleanup tool, "no programs found" it said.



#6 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:33 AM

Posted 30 January 2017 - 03:07 PM

Is the "Tencent" problem still there or is it gone now?

Edited by Jo*, 30 January 2017 - 03:07 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 chrismyrs

chrismyrs
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 30 January 2017 - 03:38 PM

it all seems to totally be there!

 

Chris



#8 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:33 AM

Posted 30 January 2017 - 04:05 PM

Please give details:

- do you get popups?
- is your browser redirected?
- what else is related to the 'tencent qq' problem?

---

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(it takes a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
 

createsrpoint;
filesrcm; 
uninstall-list;
iedefaults;
ffdefaults;
chrdefaults;
emptyclsid;
emptyalltemp;
autoclean;
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Copy and paste the log to your next reply please.

---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 chrismyrs

chrismyrs
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 30 January 2017 - 04:29 PM

Jo,

 

loads of popups - also chrome has tabonopening of https://www.duba.com/?f=chedh&ft=gjlock&--type=0&br3rd=1&wn=3&hid=99_39_&pru=1

 

in x86 program files there is tencent, and some qq such as qqmail

 

i can't use cmd window to take dir and show you the dir as 'access is denied' trying to save the dir.text i piped it to.

 

tencent-etc.png



#10 chrismyrs

chrismyrs
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 30 January 2017 - 04:35 PM

processes from the task manager:

 

tencent-etc-processes.png



#11 chrismyrs

chrismyrs
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 30 January 2017 - 05:19 PM

i can't run zoek - it comes back saying zoek.hta has no program associated but can't find it

 

cant-run-zoek.png



#12 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:33 AM

Posted 30 January 2017 - 05:35 PM

Can you try to uninstall some tencent related Software?
They all seem to have "QQ" inside their names.

You can do this via Start > Control Panel > Add Remove Programs (XP) or Start > Control Panel > Programs and Features (Vista / 7 / 8).

QQÊղء¤ÍøÒ³ÖúÊÖ (HKLM-x32\...\QQÊղء¤ÍøÒ³ÖúÊÖ) (Version: 2.1 - ÌÚѶ¿Æ¼¼£¨ÉîÛÚ£©ÓÐÏÞ¹«Ë¾)
QQ浏览器 (HKLM-x32\...\QQBrowser) (Version: 9.5.10219.400 - 腾讯科技(深圳)有限公司) <==== ATTENTION
QQ游戏 (HKLM-x32\...\QQ游戏) (Version: 3.12.2.3 - 腾讯公司)
QQ音乐2016 (HKLM-x32\...\QQMusic) (Version: 12.57.3803.411 - 腾讯科技(深圳)有限公司)
电脑管家11.7 (HKLM-x32\...\QQPCMgr) (Version: 11.7.17754.215 - 腾讯科技(深圳)有限公司) <==== ATTENTION
腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 8.3.18038.0 - 腾讯科技(深圳)有限公司)


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 chrismyrs

chrismyrs
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 30 January 2017 - 05:54 PM

No, don't have permission etc and i can't stop the processes 'access denied'.


Edited by chrismyrs, 30 January 2017 - 05:56 PM.


#14 chrismyrs

chrismyrs
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 30 January 2017 - 05:56 PM

it runs in safe mode and its all there. also un able to uninstall, or stop processes.

 

re zoek - i did turn off the firewall and the malwarebytes won't do real time protection, nor will msie. so it is probably only being interfered with by the tencent/qq etc.


Edited by chrismyrs, 30 January 2017 - 06:07 PM.


#15 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:33 AM

Posted 30 January 2017 - 07:13 PM

Please run the pc in normal mode, thanks.

FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt and press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users