Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Search.so-v w Opera - logi z FRST.

kamyk-67 25 Mar 2016 21:19 408 5
  • Pomocny post
    #2 25 Mar 2016 22:02
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    Task: {065522EE-3F8F-48F6-9283-3FE6C9C616D2} - System32\Tasks\Opera scheduled Autoupdate 1451768468 => C:\opera nowa\launcher.exe [2016-03-14] (Opera Software)
    Task: {09D58A64-D356-4784-9A4C-910D94B30359} - System32\Tasks\{28BC1453-253A-4E93-A95B-6E98345D0CAA} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {105C1526-CAAC-45C1-9822-183F51FBCE3C} - System32\Tasks\{1555DE89-BB57-4591-A74B-C8FFD571C9AD} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {2BEF8E2F-962C-435B-8178-4D878F56377C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {390375C8-0F81-44E8-81FF-690F5D0FEE00} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {3C02CC79-3039-44EF-B11D-D747F314EDB6} - System32\Tasks\{E79B3734-7A41-413E-82E9-0C9B9D1D2EBF} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {5CBB00D5-8CCC-40C4-8ECA-B62B7D5D9D79} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {5CBB00D5-8CCC-40C4-8ECA-B62B7D5D9D79} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {64E74807-1665-4698-BED4-52BB74361FB6} - System32\Tasks\{4AF4B844-8FF1-4C4D-A302-32A2BC5EAA54} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {65F38EC4-4158-4FC3-AA45-5E0E3A100E87} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {77015684-DE63-4048-9204-5CA196C72B4F} - System32\Tasks\{CF3C6E91-12CF-484A-A2A3-E5389A6E32C2} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {890B517B-F7F1-4C61-A8E0-3A76FF7EBEFD} - System32\Tasks\{7B1FC80A-0DF7-4D8E-9166-042960AB6F60} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {9414E36D-A7CC-44FE-A939-F305DE70A6C2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {977A55A8-CA5B-4187-80C8-C01A10E63BB0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {9F16075D-61F1-4D51-B534-A7846D9989E2} - System32\Tasks\{38458105-ECAF-406A-922D-18BFD15D5693} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {B808A979-3242-4F4A-A2C4-D96A197D8291} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {B8CF1D7F-83E0-480E-99D0-F070A4E93D19} - System32\Tasks\{68182F83-B4D2-43D6-B289-DA8C9DD5BB3A} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {ED3D0712-F7BF-4E8E-BEB7-5CAA2A04FA1B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {EE2A2934-1387-4C22-8D26-87D539DF82CF} - System32\Tasks\{A59CB14E-CFEC-40B2-96BE-FC12BE168880} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION




    Task: {EE7EE24F-71BB-4EA2-898F-5E9FEB1EA991} - System32\Tasks\{8F06BA03-BB92-4969-B67B-DFCA90EE36D4} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {F332364C-0D1A-4AB0-A7BE-52A45D018635} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {FB03387F-3055-4263-B38C-9D6E5547B753} - System32\Tasks\{FF86077A-86B0-4642-9C0A-1F64B57B8B7A} => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
    Task: {FE1B3D77-1A90-45C9-B88C-9FF73991B5E1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    ShortcutWithArgument: C:\Users\toshiba\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera12.16 1860.lnk -> C:\Program Files (x86)\Opera\opera.exe (Opera Software) -> hxxp://www.so-v.com/?type=ll&uid=7b6d7a61-cdf3-4395-bfad-d8675f78c02f
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\opera.exe (Opera Software) -> hxxp://www.so-v.com/?type=ll&uid=7b6d7a61-cdf3-4395-bfad-d8675f78c02f
    ShortcutWithArgument: C:\Users\Public\Desktop\Opera 34.lnk -> C:\opera nowa\launcher.exe (Opera Software) -> hxxp://www.so-v.com/?type=ll&uid=7b6d7a61-cdf3-4395-bfad-d8675f78c02f
    ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\opera.exe (Opera Software) -> hxxp://www.so-v.com/?type=ll&uid=7b6d7a61-cdf3-4395-bfad-d8675f78c02f
    HKU\S-1-5-21-2334197040-230155956-724663800-1004\...\RunOnce: [Uninstall C:\Users\toshiba\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\toshiba\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
    HKU\S-1-5-21-2334197040-230155956-724663800-1004\...\MountPoints2: {1fb64f1d-d307-11e5-bf2a-4c72b99fe655} - "E:\startme.exe"
    HKU\S-1-5-21-2334197040-230155956-724663800-1004\...\MountPoints2: {48b65a1d-9542-11e5-bf11-4c72b99fe655} - "E:\startme.exe"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
    HKU\S-1-5-21-2334197040-230155956-724663800-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM -> DefaultScope value is missing
    SearchScopes: HKLM-x32 -> DefaultScope value is missing
    OPR Session Restore: -> is enabled.
    StartMenuInternet: (HKLM) OperaStable - c:\opera nowa\launcher.exe
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    2016-03-25 21:00 - 2016-03-25 21:01 - 00000000 ____D C:\AdwCleaner
    2016-03-25 16:41 - 2016-03-25 16:41 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
    2016-03-25 16:40 - 2016-03-25 16:40 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\toshiba\Downloads\SpyHunter-Installer (1).exe
    2016-03-25 14:26 - 2016-03-25 14:26 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\toshiba\Downloads\SpyHunter-Installer.exe
    C:\Users\toshiba\fs1setup.exe
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Users\toshiba\Downloads\
    Uruchom FRST i kliknij w Fix/Napraw.

    0
  • #3 25 Mar 2016 22:17
    kamyk-67
    Poziom 2  

    bardzo, bardzo dziękuje.
    Zrobiłeś mi piękny prezent na urodziny.

    0
  • #4 25 Mar 2016 22:23
    krzychupar
    Poziom 40  

    Usuń C:\FRST i możesz zamknąć. Wszystkiego dobrego z okazji urodzin.

    0
  • #5 25 Mar 2016 22:52
    kamyk-67
    Poziom 2  

    jeszcze raz dzięki.

    0