Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Klasyczny przykład so-v - prośba o sprawdzenie log'ów.

mapes 03 Kwi 2016 23:08 432 1
  • Pomocny post
    #2 03 Kwi 2016 23:27
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    TasTask: {414AC7EE-EDEF-4C1D-BA5D-CDDEF36B238B} - System32\Tasks\{017BE16A-1A9A-42FA-A1FE-0D6B552E2F41} => pcalua.exe -a "C:\Program Files (x86)\BonanzaDeals\uninst.exe" -c /uninstall
    Task: {F093827D-8009-44DA-9D8A-B1BE73CE461A} - System32\Tasks\Opera scheduled Autoupdate 1459714804 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-24] (Opera Software)
    ShortcutWithArgument: C:\Users\mapes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=mbtkplv3&uid=S2U5J9ACC02120_ST1000LM024HN-M101MBB&tm=1448009024
    ShortcutWithArgument: C:\Users\mapes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=83774b88-715d-4f35-9430-f86fd7aad497
    ShortcutWithArgument: C:\Users\mapes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=mbtkplv3&uid=S2U5J9ACC02120_ST1000LM024HN-M101MBB&tm=1448009024
    ShortcutWithArgument: C:\Users\mapes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=83774b88-715d-4f35-9430-f86fd7aad497
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=83774b88-715d-4f35-9430-f86fd7aad497
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=83774b88-715d-4f35-9430-f86fd7aad497
    ShortcutWithArgument: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk -> C:\Program Files\avast software\SZBrowser\launcher.exe (Avast Software) -> hxxp://www.so-v.com/?type=ll&uid=83774b88-715d-4f35-9430-f86fd7aad497




    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=83774b88-715d-4f35-9430-f86fd7aad497
    ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=83774b88-715d-4f35-9430-f86fd7aad497
    ShortcutWithArgument: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.so-v.com/?type=ll&uid=83774b88-715d-4f35-9430-f86fd7aad497
    HKLM-x32\...\Run: [mbot_pl_014010151] => [X]
    HKU\S-1-5-21-3173852799-4177800010-2963229037-1002\...\MountPoints2: {03bd9c09-3e68-11e5-bf2b-e006e6c0728b} - "K:\CyfrowyPolsat_AutoRun.exe" /NoSD
    HKU\S-1-5-21-3173852799-4177800010-2963229037-1002\...\MountPoints2: {28bfefb5-3deb-11e5-bf2a-e006e6c0728b} - "K:\CyfrowyPolsat_AutoRun.exe" /NoSD
    HKU\S-1-5-21-3173852799-4177800010-2963229037-1002\...\MountPoints2: {28bff001-3deb-11e5-bf2a-e006e6c0728b} - "K:\CyfrowyPolsat_AutoRun.exe" /NoSD
    HKU\S-1-5-21-3173852799-4177800010-2963229037-1002\...\MountPoints2: {6b4e0734-e2ca-11e5-bf4e-20898439fd1d} - "J:\CyfrowyPolsat_AutoRun.exe" /NoSD
    HKU\S-1-5-21-3173852799-4177800010-2963229037-1002\...\MountPoints2: {9aa55fb7-2e9f-11e4-beab-e006e6c0728b} - "J:\Startme.exe"
    HKU\S-1-5-21-3173852799-4177800010-2963229037-1002\...\MountPoints2: {d0890f79-f378-11e5-bf50-9c4e369dfc54} - "J:\CyfrowyPolsat_AutoRun.exe" /NoSD
    ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => Brak pliku
    ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => Brak pliku
    ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => Brak pliku
    ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => Brak pliku
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3173852799-4177800010-2963229037-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=mbtkplv3&uid=S2U5J9ACC02120_ST1000LM024HN-M101MBB&tm=1448009024
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=mbtkplv3&uid=S2U5J9ACC02120_ST1000LM024HN-M101MBB&tm=1448009024
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=mbtkplv3&uid=S2U5J9ACC02120_ST1000LM024HN-M101MBB&tm=1448009024
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=mbtkplv3&uid=S2U5J9ACC02120_ST1000LM024HN-M101MBB&tm=1448009024
    HKU\S-1-5-21-3173852799-4177800010-2963229037-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=mbtkplv3&uid=S2U5J9ACC02120_ST1000LM024HN-M101MBB&tm=1448009024
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3173852799-4177800010-2963229037-1002 -> {52CC5707-8B36-40DF-A6AA-BFA11086A0A9} URL =
    BHO: Brak nazwy -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Brak pliku
    BHO: Brak nazwy -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> Brak pliku
    FF Homepage: about:home
    FF NetworkProxy: "type", 0
    FF Plugin: @java.com/DTPlugin,version=11.25.2 -> G:\Program Files (x86)\bin\dtplugin\npDeployJava1.dll [Brak pliku]
    FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> G:\Program Files (x86)\bin\plugin2\npjp2.dll [Brak pliku]
    FF SearchPlugin: C:\Users\mapes\AppData\Roaming\Mozilla\Firefox\Profiles\c3xenwrl.default-1421253468781\searchplugins\so-v.xml [2016-04-03]
    StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.so-v.com/?type=ll&uid=83774b88-715d-4f35-9430-f86fd7aad497
    StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.so-v.com/?type=ll&uid=83774b88-715d-4f35-9430-f86fd7aad497
    StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Opera\Launcher.exe hxxp://www.so-v.com/?type=ll&uid=83774b88-715d-4f35-9430-f86fd7aad497
    S3 AvastVBoxSvc; G:\Program Files (x86)\Avast\ng\vbox\AvastVBoxSVC.exe [X]
    S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
    S2 VBoxAswDrv; \??\G:\Program Files (x86)\Avast\ng\vbox\VBoxAswDrv.sys [X]
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze gdzie znajduje się FRST.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0