Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Usuniecie wirusa s-ov.com

olech17 15 Mar 2016 01:48 537 3
  • CControls
  • Pomocny post
    #2 15 Mar 2016 07:29
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    Task: {704C466F-0A6C-4599-B4C0-22D53BE005DF} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== UWAGA
    Task: {BE703F2B-77E9-4476-8CE5-9ECB8A25D341} - System32\Tasks\{558E0D06-D92E-4FC1-A30B-63A482B4D6D7} => pcalua.exe -a C:\Users\Dom\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== UWAGA
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=7452b717-d179-425a-949b-0087d1269369
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=7452b717-d179-425a-949b-0087d1269369
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=7452b717-d179-425a-949b-0087d1269369
    HKU\S-1-5-21-1998968665-2671012152-4095253742-1001\...\MountPoints2: {434eec32-9ac2-11e4-bf1f-001fd0b41c71} - I:\autorun.exe
    HKU\S-1-5-21-1998968665-2671012152-4095253742-1001\...\MountPoints2: {76801402-d526-11e4-a409-001fd0b41c71} - J:\LG_PC_Programs.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&...=ient06122&uid=395049983_1052451_D089658E
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&...=ient06122&uid=395049983_1052451_D089658E




    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.web/?type=dspp&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&am...122&uid=395049983_1052451_D089658E&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=14...=ient06122&uid=395049983_1052451_D089658E
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=14...=ient06122&uid=395049983_1052451_D089658E
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.web/?type=dspp&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&am...122&uid=395049983_1052451_D089658E&q={searchTerms}
    HKU\S-1-5-21-1998968665-2671012152-4095253742-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&...=ient06122&uid=395049983_1052451_D089658E
    HKU\S-1-5-21-1998968665-2671012152-4095253742-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=14...=ient06122&uid=395049983_1052451_D089658E
    SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
    SearchScopes: HKU\S-1-5-21-1998968665-2671012152-4095253742-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=14...=ient06122&uid=395049983_1052451_D089658E
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\so-v.xml [2016-03-12]
    FF Extension: QuickSearch - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\h84bwwc2.default\extensions\quick_searchff@gmail.com [2015-06-12] [Brak podpisu cyfrowego]
    FF Extension: Search Enginer - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\h84bwwc2.default\extensions\sweetsearch@gmail.com [2015-06-12] [Brak podpisu cyfrowego]
    FF Extension: FF Toolbar - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\h84bwwc2.default\extensions\fftoolbar2014@etech.com [2015-01-13] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\h84bwwc2.default\extensions\fftoolbar2014@etech.com
    FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\h84bwwc2.default\extensions\quick_searchff@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\h84bwwc2.default\extensions\sweetsearch@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\h84bwwc2.default\extensions\deskCutv2@gmail.com => nie znaleziono
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.so-v.com/?type=ll&uid=7452b717-d179-425a-949b-0087d1269369
    CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> search.ask.com
    CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
    S2 Update SourceApp; "C:\Program Files (x86)\SourceApp\updateSourceApp.exe" [X]
    S2 Util SourceApp; "C:\Program Files (x86)\SourceApp\bin\utilSourceApp.exe" [X]
    2016-03-13 23:07 - 2016-03-13 23:07 - 00000000 _____ C:\autoexec.bat
    2016-03-13 23:05 - 2016-03-13 23:06 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-03-12 12:58 - 2016-03-12 12:58 - 00001092 __RSH C:\ProgramData\ntuser.pol
    2016-03-12 12:58 - 2016-03-12 12:58 - 00000000 ____D C:\ProgramData\TempMoudleSet
    2016-02-21 15:15 - 2016-03-10 18:26 - 00000000 ____D C:\Users\Dom\AppData\Roaming\Xerazx
    2016-03-09 15:50 - 2015-01-13 01:20 - 00000000 ____D C:\ProgramData\AVAST Software
    Hosts:
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Users\Dom\Downloads\FRST64.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • CControls
  • #3 15 Mar 2016 08:11
    Kolobos
    Spec od komputerów

    Wykonaj taki Fixlist.txt:
    Task: {32D173F3-02C6-4416-9EA7-433E3B2F4AD4} - System32\Tasks\{807EBC23-6C0C-4EFC-81D8-41FA64B6302C} => D:\CS 1.6\Counter-Strike 1.6.exe
    Task: {34B1B6AC-5668-497F-B3C4-8DEC6B26749D} - System32\Tasks\{4504E372-673F-449E-B87A-323D843B1C1D} => C:\Users\Dom\Desktop\ECC 5.2\ECC.exe
    Task: {3814388E-1129-4AB0-9513-C1DE01F6635C} - System32\Tasks\{CF975CFC-EC81-4FCA-8B55-A4882A4A58FE} => C:\Users\Dom\Desktop\ECC 5.2\ECC.exe
    Task: {45109E7C-71D5-44C2-A60B-3C86D63ECDE1} - System32\Tasks\{E2F74ED3-01D8-490F-B6A2-A7CCB0C33ABE} => D:\CS 1.6\Counter-Strike 1.6.exe
    Task: {704C466F-0A6C-4599-B4C0-22D53BE005DF} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== UWAGA
    Task: {8D54F2F6-0E7B-40B8-87AC-3803E9246126} - System32\Tasks\{003C3F15-068B-4CFD-A7AE-5D7E11A64BE1} => D:\Program Files\CS 1.6\cstrike.exe
    Task: {BE703F2B-77E9-4476-8CE5-9ECB8A25D341} - System32\Tasks\{558E0D06-D92E-4FC1-A30B-63A482B4D6D7} => pcalua.exe -a C:\Users\Dom\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor <==== UWAGA
    Task: {D26716FC-E17C-430A-A7F5-B62BE4544DB1} - System32\Tasks\{D057899B-7EF3-49C1-8E04-09C5E68EB2A3} => C:\Users\Dom\Desktop\ECC 5.2\ECC.exe
    Task: {D935BF3D-C70C-4BE9-864A-D0B574BDAE69} - System32\Tasks\{9208E9BC-7C00-4FF7-8D87-452376E064BE} => D:\Gry\Counter-Strike 1.6\hl.exe
    Task: {EAEA4B1A-02DB-44B8-981C-E790833AA7D2} - System32\Tasks\{DBAC847E-C021-4663-BCF4-F89B3BB7AB49} => D:\CS 1.6\Counter-Strike 1.6.exe
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=7452b717-d179-425a-949b-0087d1269369
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=7452b717-d179-425a-949b-0087d1269369
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=7452b717-d179-425a-949b-0087d1269369
    HKU\S-1-5-21-1998968665-2671012152-4095253742-1001\...\MountPoints2: {434eec32-9ac2-11e4-bf1f-001fd0b41c71} - I:\autorun.exe
    HKU\S-1-5-21-1998968665-2671012152-4095253742-1001\...\MountPoints2: {76801402-d526-11e4-a409-001fd0b41c71} - J:\LG_PC_Programs.exe
    HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-01-14] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&...=ient06122&uid=395049983_1052451_D089658E
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&...=ient06122&uid=395049983_1052451_D089658E
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.web/?type=dspp&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.delta-homes.com/web/?type=ds&am...122&uid=395049983_1052451_D089658E&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=14...=ient06122&uid=395049983_1052451_D089658E
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=14...=ient06122&uid=395049983_1052451_D089658E
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.web/?type=dspp&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.delta-homes.com/web/?type=ds&am...122&uid=395049983_1052451_D089658E&q={searchTerms}
    HKU\S-1-5-21-1998968665-2671012152-4095253742-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=56626&...=ient06122&uid=395049983_1052451_D089658E
    HKU\S-1-5-21-1998968665-2671012152-4095253742-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?type=hp&ts=14...=ient06122&uid=395049983_1052451_D089658E
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.delta-homes.com/?type=sc&ts=14...=ient06122&uid=395049983_1052451_D089658E
    FF NewTab: chrome://quick_start/content/index.html
    FF user.js: detected! => C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\h84bwwc2.default\user.js [2015-08-20]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\.xml [2015-05-23]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartpageing.xml [2015-12-30]
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\so-v.xml [2016-03-12]
    FF Extension: QuickSearch - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\h84bwwc2.default\extensions\quick_searchff@gmail.com [2015-06-12] [Brak podpisu cyfrowego]
    FF Extension: Search Enginer - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\h84bwwc2.default\extensions\sweetsearch@gmail.com [2015-06-12] [Brak podpisu cyfrowego]
    FF Extension: FF Toolbar - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\h84bwwc2.default\extensions\fftoolbar2014@etech.com [2015-01-13] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\h84bwwc2.default\extensions\fftoolbar2014@etech.com
    FF HKLM-x32\...\Firefox\Extensions: [quick_searchff@gmail.com] - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\h84bwwc2.default\extensions\quick_searchff@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\h84bwwc2.default\extensions\sweetsearch@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Dom\AppData\Roaming\Mozilla\Firefox\Profiles\h84bwwc2.default\extensions\deskCutv2@gmail.com => nie znaleziono
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.so-v.com/?type=ll&uid=7452b717-d179-425a-949b-0087d1269369
    CHR HomePage: Default -> search.ask.com/?gct=hp
    CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
    CHR DefaultSearchKeyword: Default -> search.ask.com
    CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-28] (NVIDIA Corporation)
    S2 Update SourceApp; "C:\Program Files (x86)\SourceApp\updateSourceApp.exe" [X]
    S2 Util SourceApp; "C:\Program Files (x86)\SourceApp\bin\utilSourceApp.exe" [X]
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-13] ()
    R1 {549b1cd8-769f-468a-ad93-f57bfc8402c2}Gw64; C:\Windows\System32\drivers\{549b1cd8-769f-468a-ad93-f57bfc8402c2}Gw64.sys [48784 2015-01-12] (StdLib)
    R1 {f81878fa-25e9-442d-8ada-79658b6520f2}Gw64; C:\Windows\System32\drivers\{f81878fa-25e9-442d-8ada-79658b6520f2}Gw64.sys [48792 2015-01-12] (StdLib)
    2016-03-13 23:07 - 2016-03-13 23:07 - 00000000 _____ C:\autoexec.bat
    2016-03-13 23:05 - 2016-03-13 23:06 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-03-12 12:58 - 2016-03-12 12:58 - 00000000 ____D C:\ProgramData\TempMoudleSet
    2016-03-11 16:20 - 2016-03-14 12:56 - 00000026 _____ C:\Windows\propresser.bat
    2016-02-21 15:15 - 2016-03-10 18:26 - 00000000 ____D C:\Users\Dom\AppData\Roaming\Xerazx
    2016-03-09 15:50 - 2015-01-13 01:20 - 00000000 ____D C:\ProgramData\AVAST Software
    EmptyTemp:

    0
  • #4 15 Mar 2016 10:30
    olech17
    Poziom 7  

    Pomoglo dzieki wielkie !

    0