Elektroda.pl
Elektroda.pl
X
Prosz, dodaj wyj徠ek www.elektroda.pl do Adblock.
Dzi瘯i temu, 瞠 ogl康asz reklamy, wspierasz portal i u篡tkownik闚.

Search.so-v.com jak usun望?

Marcin124421 19 Mar 2016 15:52 588 2
  • #1 19 Mar 2016 15:52
    Marcin124421
    Poziom 4  

    Witam, po poszukiwaniach namierzy貫m kilka temat闚 na tym forum zwi您anych z moim problemem, odno郾ie z這郵iwego malware "Search.so-v.com" Standardowo program grzebie mi w przegl康arce, itp. Poni瞠j zamieszczam raporty, post瘼owa貫m zgodnie z instrukcj forum. Poprosz o pomoc w postaci skryptu.

    Z g鏎y bardzo dzi瘯uj za pomoc.

    0 2
  • Pomocny post
    #2 19 Mar 2016 16:16
    Kolobos
    Spec od komputer闚

    Fixlist.txt dla FRST:
    Task: {429CD042-5D66-4526-90F5-871E621E77CA} - System32\Tasks\{AD78B537-EB41-4D83-A9D7-6E1AA3719E22} => Chrome.exe hxxp://www.skype.com/go/downloading?source=li...mp;amp;ver=7.18.0.111&LastError=12002
    Task: {4F24BA0D-56C2-45E3-89DA-ECEDB826F12D} - System32\Tasks\{97F3324A-C8D0-45C1-A3D7-C9FC12F5D292} => Chrome.exe hxxp://www.skype.com/go/downloading?source=li...mp;amp;ver=7.18.0.111&LastError=12002
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=231f0fc7-5a1b-4711-974a-8913806834ea
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=231f0fc7-5a1b-4711-974a-8913806834ea
    HKLM-x32\...\Run: [LManager] => [X]
    HKU\S-1-5-21-3786947014-1227497240-1759301504-1001\...\Run: [home] => wscript.exe //B "C:\Users\madzik1\AppData\Local\Temp\home.vbe" <===== UWAGA
    HKU\S-1-5-21-3786947014-1227497240-1759301504-1001\...\MountPoints2: {0e0204ed-eafe-11e3-be94-208984830a34} - "E:\LGAutoRun.exe"
    HKU\S-1-5-21-3786947014-1227497240-1759301504-1001\...\MountPoints2: {c438ffa8-8a2d-11e5-beca-208984830a34} - "G:\AutoRun.exe"
    HKU\S-1-5-21-3786947014-1227497240-1759301504-1001\...\MountPoints2: {c4390845-8a2d-11e5-beca-208984830a34} - "G:\AutoRun.exe"
    HKU\S-1-5-21-3786947014-1227497240-1759301504-1001\...\MountPoints2: {cecbaebb-d5b6-11e5-bf2b-b8763f107d4e} - "G:\AutoRun.exe"
    ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku
    ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku
    ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku
    ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.so-v.com/?type=ll&uid=231f0fc7-5a1b-4711-974a-8913806834ea
    CHR HKU\S-1-5-21-3786947014-1227497240-1759301504-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
    2016-03-19 11:51 - 2016-03-19 14:29 - 00003112 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458384699
    2016-03-17 17:26 - 2016-03-17 17:26 - 00000266 __RSH C:\ProgramData\ntuser.pol
    2016-03-17 17:26 - 2016-03-17 17:26 - 00000000 ____D C:\ProgramData\desktopfind
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    1
  • #3 19 Mar 2016 19:37
    Marcin124421
    Poziom 4  

    Bardzo dzi瘯uj za b造skawiczn odpowied, i za nieocenion pomoc. Jeszcze raz bardzo dzi瘯uj! :D Malware znik這 z przegl康arki.

    0