Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

SO-V.COM chrome - prośba logi FRST

mechatronn 24 Mar 2016 01:11 603 7
  • CControls
  • Pomocny post
    #2 24 Mar 2016 04:54
    krzychupar
    Poziom 40  

    Odinstaluj:
    do-search uninstall (HKLM-x32\...\do-search uninstall) (Version: - do-search) <==== UWAGA
    mystartsearch uninstall (HKLM-x32\...\mystartsearch uninstall) (Version: - mystartsearch) <==== UWAGA
    WarThunder (HKU\S-1-5-21-742860050-3800102335-3235482216-1000\...\WarThunder) (Version: - WarThunder) <==== UWAGA
    Usuń jednego antywirusa i SpyHunter 4
    Otwórz notatnik systemowy i wklej:
    Task: {E6CB5759-EB7C-4F0F-B3C8-E90874416E5F} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-03-23] (Enigma Software Group USA, LLC.)
    Task: {F1778CD8-42E7-4E1D-9C79-440BF906B384} - System32\Tasks\WarThunder sat => Chrome.exe --app=hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/?subid=3&amp;click_id=28689fd4d788f933e50f303fb32acbcbf21db9d0 --app-window-size=1280,1024 <==== UWAGA
    ShortcutWithArgument: C:\Users\w7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/?subid=3&click_id=28689fd4d788f933e50f303fb32acbcbf21db9d0 --start-fullscreen
    ShortcutWithArgument: C:\Users\w7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=430755c7-7a0a-4b20-bef8-c8a253d7ab28
    ShortcutWithArgument: C:\Users\w7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --app=hxxp://mmotraffic.com/catalog/goplay/1000932/MTE3NjYvLy8xMDAwOTMy/?subid=3&click_id=28689fd4d788f933e50f303fb32acbcbf21db9d0 --start-fullscreen
    ShortcutWithArgument: C:\Users\w7\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=430755c7-7a0a-4b20-bef8-c8a253d7ab28
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=430755c7-7a0a-4b20-bef8-c8a253d7ab28
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=430755c7-7a0a-4b20-bef8-c8a253d7ab28




    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=430755c7-7a0a-4b20-bef8-c8a253d7ab28
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=430755c7-7a0a-4b20-bef8-c8a253d7ab28
    HKLM-x32\...\Run: [] => [X]
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-742860050-3800102335-3235482216-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-742860050-3800102335-3235482216-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\S-1-5-21-742860050-3800102335-3235482216-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://do-search.com/web/?type=ds&ts=1428...XWD10EZEX-08M2NA0_WD-WCC3F5ZR7DUAR7DUA&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
    SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
    SearchScopes: HKU\S-1-5-21-742860050-3800102335-3235482216-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-742860050-3800102335-3235482216-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.mystartsearch.com/web/?utm_source=...DUA&ts=1429107832&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-742860050-3800102335-3235482216-1000 -> {417AF3F4-3000-4B3F-AD5E-DBCE76DB6276} URL = hxxps://search.yahoo.com/search?fr=chr-greent...mp;ei=utf-8&ilc=12&type=435371&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-742860050-3800102335-3235482216-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.mystartsearch.com/web/?utm_source=...DUA&ts=1429107832&type=default&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-742860050-3800102335-3235482216-1000 -> {C05A9566-CF18-4529-9F44-628A25D5EAF6} URL = hxxp://www.mystartsearch.com/web/?utm_source=...DUA&ts=1429107832&type=default&q={searchTerms}
    BHO-x32: Brak nazwy -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> Brak pliku
    BHO-x32: Brak nazwy -> {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} -> Brak pliku
    BHO-x32: PriceFountain -> {b608cc98-54de-4775-96c9-097de398500c} -> C:\Users\w7\AppData\Local\PriceFountain\PriceFountainIE.dll => Brak pliku
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.so-v.com/?type=ll&uid=430755c7-7a0a-4b20-bef8-c8a253d7ab28
    FF DefaultSearchEngine: webssearches
    FF SelectedSearchEngine: webssearches
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\w7\AppData\Roaming\Mozilla\Firefox\Profiles\ql2cjrh4.default\extensions\deskCutv2@gmail.com => nie znaleziono
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.so-v.com/?type=ll&uid=430755c7-7a0a-4b20-bef8-c8a253d7ab28
    CHR HomePage: Default -> hxxp://us.yhs4.search.yahoo.com/yhs/web?hspar...2044239028%26a%3Dwncy_ir_15_25%26os%3DWindows 7 Professional
    CHR StartupUrls: Default -> "hxxp://us.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_ir_15_25&param1=1&param2=f%3D7%26b%3DChrome%26cc%3Dpl%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzutCyE0D0A0Ezy0E0Czyzz0DtCzz0CyE0AtN0D0Tzu0StCtByCyBtN1L2XzutAtFtCtDtFtCtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0C0DtA0EyCzy0CtGtCyD0AtBtGzztCyByDtGtC0A0A0BtGzy0DyDyDtC0DtB0AyC0A0A0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztC0FyBtCzzzy0BtGyC0C0C0FtGyE0AtA0AtG0ByE0F0EtGyEyDyCyDzz0AzytA0AyCyCtA2QtN0A0LzuyEtN1B2Z1V1T1S1NzuyBzyyD%26cr%3D2044239028%26a%3Dwncy_ir_15_25%26os%3DWindows 7 Professional","hxxp://www.istartpageing.com/?type=hp&ts=1451859703&z=1b8c8ca348f24cebbaa39e6g8zewegbb4w7tbm4e7c&from=cornl&uid=wdcxwd10ezex-08m2na0_wd-wcc3f5zr7duar7dua"
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.so-v.com/?type=ll&uid=430755c7-7a0a-4b20-bef8-c8a253d7ab28
    S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-03-23] (Enigma Software Group USA, LLC.)
    R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2016-03-23] (Enigma Software Group USA, LLC.)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-23] ()
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    2016-03-23 00:21 - 2016-03-23 00:21 - 00003320 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
    2016-03-23 00:21 - 2016-03-23 00:21 - 00000000 ____D C:\Users\w7\AppData\Roaming\Enigma Software Group
    2016-03-23 00:21 - 2016-03-23 00:21 - 00000000 _____ C:\autoexec.bat
    2016-03-23 00:20 - 2016-03-23 00:20 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-03-23 00:20 - 2016-03-23 00:20 - 00001087 _____ C:\Users\w7\Desktop\SpyHunter.lnk
    2016-03-23 00:20 - 2016-03-23 00:20 - 00000000 ____D C:\sh4ldr
    2016-03-23 00:20 - 2016-03-23 00:20 - 00000000 ____D C:\Program Files\Enigma Software Group
    2016-03-23 00:19 - 2016-03-23 00:19 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\w7\Downloads\SpyHunter-Installer.exe
    2016-03-23 00:19 - 2016-03-23 00:19 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\w7\Downloads\SpyHunter-Installer (1).exe
    2016-03-17 20:22 - 2016-03-17 20:22 - 00001504 __RSH C:\ProgramData\ntuser.pol
    2016-03-17 20:22 - 2016-03-17 20:22 - 00000000 ____D C:\ProgramData\desktopfind
    2016-01-06 23:49 - 2016-01-07 00:05 - 00000000 ____D C:\ComboFix
    2016-01-06 23:49 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-01-06 23:49 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-01-06 23:49 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-01-06 23:49 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-01-06 23:49 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-01-06 23:49 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
    2016-01-06 23:49 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
    2016-01-06 23:49 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
    2016-01-06 23:42 - 2016-01-07 00:05 - 00000000 ____D C:\Qoobox
    2016-01-06 23:41 - 2016-01-06 23:59 - 00000000 ____D C:\Windows\erdnt
    2016-01-06 23:39 - 2016-01-06 23:39 - 05646860 ____R (Swearware) C:\Users\w7\Downloads\ComboFix.exe
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Users\w7\Downloads\
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 24 Mar 2016 11:22
    mechatronn
    Poziom 7  

    Dziękuję! pomogło. Czy to już wszystko żeby wyczyścić mój komputer z tego wirusa? czy jeszcze czymś zeskanować lub coś sprawdzić żeby mieć pewność że na pewno się go pozbyłem? pozdrawiam

    0
  • CControls
  • #5 24 Mar 2016 11:53
    mechatronn
    Poziom 7  

    niestety nie udało się usunąć wszystkich folderów. Został folder kwarantanna i żeby to zrobić potrzebuje posiadać uprawnienia administratora. Wie ktoś jak to zmienić żebym posiadał

    0
  • #6 24 Mar 2016 11:56
    Kolobos
    Spec od komputerów

    Wykonaj taki fixlist.txt:
    DeleteQuarantine:

    0
  • #7 24 Mar 2016 13:20
    mechatronn
    Poziom 7  

    Dzięki! udało się usunąć quarantine, zeskanowałem mbam swój komputer i znalazło ponad 800 obiektów :o. Zeskanowałem ponownie i już było 0. Pytanie czy te ponad 800 które są teraz w kwarantannie mbam warto/trzeba usunąć czy jednak zostawić tam?

    0
  • #8 24 Mar 2016 13:37
    Kolobos
    Spec od komputerów

    Mozna usunac, to zapewne same wpisy w rejestrze i inne zbedne rzeczy.

    SO-V.COM chrome - prośba logi FRST

    0