Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Usunięcie search so-v - logi z FRST.

19 Mar 2016 01:04 570 3
  • CControls
  • Pomocny post
    #2 19 Mar 2016 06:16
    krzychupar
    Poziom 40  

    Odinstauj:
    Gameo (HKU\S-1-5-21-682003330-507921405-854245398-209462\...\Gameo) (Version: 0.13.7 - IronSource Ltd.) <==== ATTENTION
    GoodGameEmpire (HKU\S-1-5-21-682003330-507921405-854245398-209462\...\GoodGameEmpire) (Version: - GoodGameEmpire) <==== ATTENTION
    HDVidCodec (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - hdvidcodec.com) <==== ATTENTION
    RegClean-Pro (HKLM-x32\...\RegClean-Pro_is1) (Version: 6.21 - Systweak Inc) <==== ATTENTION
    Softonic for Windows (HKU\S-1-5-21-682003330-507921405-854245398-209462\...\Softonic for Windows) (Version: 1.5.11 - Softonic International S.L.) <==== ATTENTION
    McAfee Security Scan Plus

    Otwórz notatnik systemowy i wklej:
    Task: {0F8A1EDF-C70D-4D0F-8B26-BE38BA95A5E7} - System32\Tasks\Opera scheduled Autoupdate 1404668789 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-14] (Opera Software)
    Task: {490319E8-BDCE-4AEB-8110-B5A4699F3531} - \RegClean Pro_DEFAULT -> No File <==== ATTENTION
    Task: {EC6E4C16-980B-45CD-BCE9-70915417EE20} - \RegClean Pro_UPDATES -> No File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\RegClean Pro_DEFAULT.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    ShortcutWithArgument: C:\Users\mburzyn1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoodGameEmpire\GoodGameEmpire.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=4d375d16-2291-4438-8ecd-15b6bffa2795
    ShortcutWithArgument: C:\Users\mburzyn1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=4d375d16-2291-4438-8ecd-15b6bffa2795
    ShortcutWithArgument: C:\Users\mburzyn1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=4d375d16-2291-4438-8ecd-15b6bffa2795
    ShortcutWithArgument: C:\Users\mburzyn1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=4d375d16-2291-4438-8ecd-15b6bffa2795




    Hosts:
    () C:\Users\mburzyn1\AppData\Roaming\Gameo\gameo.exe
    HKLM-x32\...\Run: [fst_pl_127] => [X]
    HKU\S-1-5-21-682003330-507921405-854245398-209462 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION
    HKU\S-1-5-21-682003330-507921405-854245398-209462 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION
    HKU\S-1-5-21-682003330-507921405-854245398-209462 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION
    HKU\S-1-5-21-682003330-507921405-854245398-209462 Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    HKU\S-1-5-21-682003330-507921405-854245398-209462\...\MountPoints2: {31c633dc-adf3-11e3-be79-1c3e84365ca0} - "F:\Setup.exe"
    HKU\S-1-5-21-682003330-507921405-854245398-209462\...\MountPoints2: {731b9d16-af44-11e3-be86-1c3e84365ca0} - "F:\Startme.exe"
    HKU\S-1-5-21-682003330-507921405-854245398-209462\...\MountPoints2: {ab5d876b-ea44-11e3-bea6-1c3e84365ca0} - "E:\setup_homm5.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2014-06-16]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (No File)
    ShortcutTarget: Torpedo.lnk -> C:\Users\mburzyn1\AppData\Local\Torpedo\Torpedo.exe (No File)
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKU\S-1-5-21-682003330-507921405-854245398-209462\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts...cor&uid=3219913727_198313_F66638C0&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts...cor&uid=3219913727_198313_F66638C0&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts...cor&uid=3219913727_198313_F66638C0&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts...cor&uid=3219913727_198313_F66638C0&q={searchTerms}
    HKU\S-1-5-21-682003330-507921405-854245398-209462\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.amazon.com/gp/bit/amazonserp/ref=...abb-channel-17_0_1201_1403_20160211_PL_ie_sp_
    SearchScopes: HKLM -> {1190605A-6314-428B-9CE6-D3546889DA0B} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 -> {1190605A-6314-428B-9CE6-D3546889DA0B} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?i...k%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKU\S-1-5-21-682003330-507921405-854245398-209462 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.sweet-page.com/web/?utm_source=b&a...8C0&ts=1426854950&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-682003330-507921405-854245398-209462 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.sweet-page.com/web/?utm_source=b&a...8C0&ts=1426854950&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-682003330-507921405-854245398-209462 -> {1190605A-6314-428B-9CE6-D3546889DA0B} URL = hxxp://www.sweet-page.com/web/?utm_source=b&a...8C0&ts=1426854950&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-682003330-507921405-854245398-209462 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.sweet-page.com/web/?utm_source=b&a...8C0&ts=1426854950&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-682003330-507921405-854245398-209462 -> {B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF} URL = hxxps://www.amazon.com/gp/bit/amazonserp/ref=..._ds_&tag=bds-p17-serp-us-ie-20&query={searchTerms}
    SearchScopes: HKU\S-1-5-21-682003330-507921405-854245398-209462 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.sweet-page.com/web/?utm_source=b&a...8C0&ts=1426854950&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-682003330-507921405-854245398-209462 -> {szukaj.gazeta.pl} URL = hxxp://www.sweet-page.com/web/?utm_source=b&a...8C0&ts=1426854950&type=default&q={searchTerms}
    DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} hxxps://vpn.intercars.eu/CACHE/stc/1/binaries/vpnweb.cab
    DPF: HKLM-x32 {5554DCB0-700B-498D-9B58-4E40E5814405} hxxps://crm.intercars.eu/Reserved.ReportViewe...0449c82b8560&OpType=PrintCab&Arch=X86
    FF NewTab: hxxps://www.amazon.com/gp/bit/amazonserp/ref=...abb-channel-17_0_1201_1403_20160211_PL_ff_nt_
    FF DefaultSearchEngine: so-v
    FF SearchEngineOrder.1: Amazon
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\mburzyn1\AppData\Roaming\Mozilla\Firefox\Profiles\0iytsgas.default\extensions\deskCutv2@gmail.com => not found
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.so-v.com/?type=ll&uid=4d375d16-2291-4438-8ecd-15b6bffa2795
    S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
    S2 Util NetCrawl; "C:\Program Files (x86)\NetCrawl\bin\utilNetCrawl.exe" [X]
    S1 pfnfd_1_10_0_9; system32\drivers\pfnfd_1_10_0_9.sys [X]
    2016-03-14 19:05 - 2016-03-14 19:05 - 00000000 _____ C:\autoexec.bat
    2016-03-14 19:02 - 2016-03-14 19:02 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
    2016-03-14 19:01 - 2016-03-14 19:01 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\mburzyn1\Downloads\SpyHunter-Installer.exe
    2016-03-12 12:57 - 2016-03-12 12:57 - 00000000 ____D C:\ProgramData\TempMoudleSet
    2016-03-19 00:34 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-03-17 15:05 - 2014-06-18 10:17 - 00031468 __RSH C:\ProgramData\ntuser.pol
    2016-03-16 11:57 - 2014-06-18 10:17 - 00015918 __RSH C:\Users\mburzyn1\ntuser.pol
    2016-03-14 18:54 - 2014-07-16 10:32 - 00000296 _____ C:\WINDOWS\Tasks\RegClean Pro_UPDATES.job
    C:\Users\mburzyn1\CrmClientSetup.exe
    C:\Users\mburzyn1\msvcp100.dll
    C:\Users\mburzyn1\msvcr100.dll
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze, gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    1
  • CControls
  • #3 19 Mar 2016 09:17
    2749355
    Użytkownik usunął konto