Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

So-v.com i Easydialsearch - Kłopoty. Prośba o usunięcie infekcji.

wojtekzchelmzy 03 Kwi 2016 16:37 774 5
  • #1 03 Kwi 2016 16:37
    wojtekzchelmzy
    Poziom 6  

    Witam, dostało mi się na komputer złośliwe orogramowanie so-v.com i easydialsearch. Proszę o pomoc dla niezaawansowanego.

    0 5
  • CControls
  • CControls
  • Pomocny post
    #4 03 Kwi 2016 22:02
    krzychupar
    Poziom 40  

    Odinstaluj:
    Performance Optimizer (HKLM-x32\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{892cc6a3}) (Version: - Linker Ltd) <==== ATTENTION
    Price Metér (remove only) (HKU\S-1-5-21-1369010465-2344745219-1145409665-1001\...\Price Metér) (Version: 1.1.2.7 - Price Meter) <==== ATTENTION
    WebSpades (HKLM\...\WebSpades) (Version: 2014.06.21.141113 - WebSpades) <==== ATTENTION
    Zostaw jednego antywirusa resztę odinstaluj.
    Otwórz notatnik systemowy i wklej:
    Task: {1938EA5E-CB85-4D6C-9A52-5C7389BEEC4E} - System32\Tasks\{5ABAA099-53DD-49D9-887A-CFFF9D93E149} => pcalua.exe -a "C:\Program Files (x86)\Torntv V9.0\Uninstall.exe" -c /fcp=1
    Task: {3B134D14-D031-4F2E-992A-15FF8D5A9431} - System32\Tasks\{A9A4F8AC-CAEC-47E9-98FF-52E844C09658} => pcalua.exe -a F:\Programy\LEXMARK_Pro700_wcr_32_po.exe -d F:\Programy
    Task: {6614D18F-72C7-40D2-825A-14A8B687CA4D} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
    Task: {8BA84F18-ED66-410A-A3DF-6429A416EA2A} - System32\Tasks\{52C57E45-A80E-4E57-9D12-4BCFD34BECDD} => pcalua.exe -a D:\setup.exe -d D:\
    Task: {8DA15CDF-35FB-4452-9741-00553A89F6F2} - \pricemeterdownloader -> No File <==== ATTENTION
    Task: {9FED0391-55C6-49F8-B2B2-6A37D5F80A06} - System32\Tasks\{65181A42-5677-4BA0-B208-F436BEC90DCC} => pcalua.exe -a D:\autorun.exe -d D:\
    Task: {AC09B31C-EE80-4017-B4D9-057AECBFA3D7} - System32\Tasks\{0D34A35D-9080-416B-BE9C-63F1B1100FF6} => pcalua.exe -a C:\Users\Wojciech\Downloads\LEXMARK_Pro700_wcr_32_po.exe -d C:\Users\Wojciech\Downloads
    Task: {CB55FE53-2394-463E-B8D4-775B46AFD683} - \pricemeterwatcher -> No File <==== ATTENTION
    Task: {CC82A81D-91B9-4E12-A3DE-D16653271B17} - \AppCloudUpdater -> No File <==== ATTENTION
    Task: {D3AB2358-F472-47A3-8209-C18D5F8FBB61} - \pricemetertask -> No File <==== ATTENTION
    Task: {E23FF8D4-3012-4E0C-877F-8DF362F4B379} - System32\Tasks\{D189B2C1-83D0-468B-9373-02AF2FDBA731} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{15292416-A464-4FBA-BB96-7298EAACFC07}\setup.exe" -c -runfromtemp -l0x0415
    ShortcutWithArgument: C:\Users\Wojciech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=82c7027a-d3e6-417b-bd1a-216f0ed758ef
    ShortcutWithArgument: C:\Users\Wojciech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=82c7027a-d3e6-417b-bd1a-216f0ed758ef




    ShortcutWithArgument: C:\Users\Wojciech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=82c7027a-d3e6-417b-bd1a-216f0ed758ef
    ShortcutWithArgument: C:\Users\Wojciech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=82c7027a-d3e6-417b-bd1a-216f0ed758ef
    ShortcutWithArgument: C:\Users\Wojciech\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=82c7027a-d3e6-417b-bd1a-216f0ed758ef
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=82c7027a-d3e6-417b-bd1a-216f0ed758ef
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=82c7027a-d3e6-417b-bd1a-216f0ed758ef
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=82c7027a-d3e6-417b-bd1a-216f0ed758ef
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=82c7027a-d3e6-417b-bd1a-216f0ed758ef
    HKLM-x32\...\Run: [] => [X]
    AppInit_DLLs-x32: c:\progra~3\perfor~1\perfor~1.dll => No File
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    GroupPolicyScripts: Restriction <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts...XWD10JPCX-24UE4T0_WD-WXD1EB3KLS26KLS26&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts...XWD10JPCX-24UE4T0_WD-WXD1EB3KLS26KLS26&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts...XWD10JPCX-24UE4T0_WD-WXD1EB3KLS26KLS26&q={searchTerms}
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts...XWD10JPCX-24UE4T0_WD-WXD1EB3KLS26KLS26&q={searchTerms}
    BHO-x32: WebSpades -> {5fb66911-2787-49cf-8f96-265e34893e40} -> C:\Program Files (x86)\WebSpades\WebSpadesbho.dll => No File
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.so-v.com/?type=ll&uid=82c7027a-d3e6-417b-bd1a-216f0ed758ef
    FF DefaultSearchEngine: so-v
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Wojciech\AppData\Roaming\Mozilla\Firefox\Profiles\vwr3n2v0.default\extensions\deskCutv2@gmail.com => not found
    S3 athur; \SystemRoot\system32\DRIVERS\athuw8x.sys [X]
    S3 cpuz136; \??\C:\WINDOWS\TEMP\cpuz136\cpuz136_x64.sys [X]
    S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [X]
    2016-03-29 17:44 - 2015-01-12 00:05 - 00001304 __RSH C:\ProgramData\ntuser.pol
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    1
  • #5 08 Kwi 2016 07:39
    wojtekzchelmzy
    Poziom 6  

    Podziałało, dzięki :)

    0
  • #6 08 Kwi 2016 08:28
    RADU23
    Moderator - Komputery Serwis

    Usuń folder C:\FRST. To wszystko.

    0