Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

So-v.com - prośba o analizę logów.

Damianovsky 20 Mar 2016 17:22 300 3
  • Pomocny post
    #2 20 Mar 2016 17:38
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    ShortcutWithArgument: C:\Users\User\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    Hosts:
    HKLM-x32\...\Winlogon: [Shell] Explorer.exe C:\Windows\system32\WinSit.exe [ ] () <=== UWAGA
    HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\CurrentVersion\Windows: [Run] C:\Windows\system32\config\Win.exe <===== UWAGA




    HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\Policies\Explorer: []
    HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\MountPoints2: J - J:\setup.exe
    HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\MountPoints2: {09921789-9671-11e5-bebd-0001290034d7} - K:\autorun.exe
    HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\MountPoints2: {4a22a20c-a952-11e5-b28c-0001290034d7} - J:\autorun.exe
    HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\MountPoints2: {51db5db2-715f-11e4-9204-0001290034d7} - J:\setup.exe
    HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\MountPoints2: {51db5dc8-715f-11e4-9204-0001290034d7} - J:\setup.exe
    HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\MountPoints2: {93895834-aa13-11e5-86bf-0001290034d7} - J:\autorun.exe
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    FF Plugin: @microsoft.com/GENUINE -> disabled [Brak pliku]
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Brak pliku]
    StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    2016-03-20 17:13 - 2016-03-20 17:15 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
    2016-03-12 09:36 - 2016-03-12 09:36 - 01006080 _____ C:\Windows\SysWOW64\pl4.exe
    2016-03-12 09:36 - 2016-03-12 09:36 - 00001092 __RSH C:\ProgramData\ntuser.pol
    2016-03-12 09:36 - 2016-03-12 09:36 - 00000308 _____ C:\Windows\SysWOW64\pl.html

    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduję się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • Pomocny post
    #3 20 Mar 2016 17:39
    Acorus 20
    Spec od komputerów

    Otwórz notatnik systemowy i wklej:

    Cytat:
    ShortcutWithArgument: C:\Users\User\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    ShortcutWithArgument: C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    AlternateDataStreams: C:\Windows:42BE218B2C049110 [50]
    AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm [0]
    Hosts:
    HKLM-x32\...\Winlogon: [Shell] Explorer.exe C:\Windows\system32\WinSit.exe [ ] () <=== UWAGA
    HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\CurrentVersion\Windows: [Run] C:\Windows\system32\config\Win.exe <===== UWAGA
    HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\Policies\Explorer: []
    HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\MountPoints2: J - J:\setup.exe
    HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\MountPoints2: {09921789-9671-11e5-bebd-0001290034d7} - K:\autorun.exe
    HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\MountPoints2: {4a22a20c-a952-11e5-b28c-0001290034d7} - J:\autorun.exe
    HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\MountPoints2: {51db5db2-715f-11e4-9204-0001290034d7} - J:\setup.exe
    HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\MountPoints2: {51db5dc8-715f-11e4-9204-0001290034d7} - J:\setup.exe
    HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\MountPoints2: {93895834-aa13-11e5-86bf-0001290034d7} - J:\autorun.exe
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-07-10]
    FF HKU\S-1-5-21-1449972800-4139856478-3505600125-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
    FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] [Brak podpisu cyfrowego]
    StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.so-v.com/?type=ll&uid=a0ded909-2fc0-4866-b769-2a53a8987a45
    2016-03-12 09:36 - 2016-03-12 09:36 - 01006080 _____ C:\Windows\SysWOW64\pl4.exe
    2016-03-12 09:36 - 2016-03-12 09:36 - 00001092 __RSH C:\ProgramData\ntuser.pol
    2016-03-12 09:36 - 2016-03-12 09:36 - 00000308 _____ C:\Windows\SysWOW64\pl.html
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.

    0
  • #4 20 Mar 2016 17:49
    Damianovsky
    Poziom 12  

    Dzięki Panowie. Pomogło.
    So-v.com - prośba o analizę logów.

    0