Elektroda.pl
Elektroda.pl
X
CControls
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

so-v.com jak usunąć z komputera

Metis100 13 Mar 2016 10:50 7017 7
  • #1 13 Mar 2016 10:50
    Metis100
    Poziom 2  

    Witam serdecznie

    Mam problem z usunięciem so-v.com z przeglądarki. Zauważyłam, że to w ostatnich tygodniach dość powszechny problem, którego rozwiązaniem jest wklejenie konkretnego wpisu do notatnika. Sama nie jestem w stanie wygenerować sobie takiego tekstu, a rozumiem, że zależy on od raportu programu skanującego. Dołączam raport FRST i Addition i jednocześnie proszę o instrukcję jak dalej postępować.

    Dziękuję
    Kamila

    PS W jaki sposób mogło dojść do zainfekowania tym programem? Pytam, żeby ewentualnie ustrzec się przed problemem w przyszłości. K.

    0 7
  • CControls
  • Pomocny post
    #2 13 Mar 2016 11:16
    Acorus 20
    Spec od komputerów

    Odinstaluj SaveByClick, Search Assistant WebSearch 1.74. Otwórz notatnik systemowy i wklej:

    Cytat:
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Pulpit\Nieużywane skróty pulpitu\e-Diagnoza.lnk -> C:\WINDOWS\system32\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://e-diagnoza.com/JWS/blue/online/launch.jnlp "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\35\74cbcda3-7e283303"
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Menu Start\Programy\e-diagnoza\e-Diagnoza.lnk -> C:\WINDOWS\system32\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://e-diagnoza.com/JWS/blue/online/launch.jnlp "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\35\74cbcda3-7e283303"
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=1906660c-fa52-469e-9ad6-2f509b00469f
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=1906660c-fa52-469e-9ad6-2f509b00469f
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Dane aplikacji\Microsoft\Internet Explorer\Quick Launch\Opera.lnk -> C:\Program Files\Opera\opera.exe (Opera Software) -> hxxp://www.so-v.com/?type=ll&uid=1906660c-fa52-469e-9ad6-2f509b00469f
    ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=1906660c-fa52-469e-9ad6-2f509b00469f
    ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Opera.lnk -> C:\Program Files\Opera\opera.exe (Opera Software) -> hxxp://www.so-v.com/?type=ll&uid=1906660c-fa52-469e-9ad6-2f509b00469f
    ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=1906660c-fa52-469e-9ad6-2f509b00469f




    ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Cyfrowy Polsat MF821\Odinstaluj.lnk -> C:\WINDOWS\system32\SupportAppZXH\EXETimer.exe () -> "C:\WINDOWS\system32\SupportAppZXH\Uninstall.bat"
    ShortcutWithArgument: C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=1906660c-fa52-469e-9ad6-2f509b00469f
    ShortcutWithArgument: C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=1906660c-fa52-469e-9ad6-2f509b00469f
    ShortcutWithArgument: C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=1906660c-fa52-469e-9ad6-2f509b00469f
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_me...=iSafe&uid=samsungxhd161hj_s0v3j90q165116
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_me...=iSafe&uid=samsungxhd161hj_s0v3j90q165116
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_me...=iSafe&uid=samsungxhd161hj_s0v3j90q165116
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_me...=iSafe&uid=samsungxhd161hj_s0v3j90q165116
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_me...=iSafe&uid=samsungxhd161hj_s0v3j90q165116
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_me...=iSafe&uid=samsungxhd161hj_s0v3j90q165116
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_me...=iSafe&uid=samsungxhd161hj_s0v3j90q165116
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_me...=iSafe&uid=samsungxhd161hj_s0v3j90q165116
    HKU\S-1-5-21-606747145-1500820517-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_me...=iSafe&uid=samsungxhd161hj_s0v3j90q165116
    HKU\S-1-5-21-606747145-1500820517-839522115-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_me...=iSafe&uid=samsungxhd161hj_s0v3j90q165116
    HKU\S-1-5-21-606747145-1500820517-839522115-500\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.yac.mx/?utm_source=b&utm_me...=iSafe&uid=samsungxhd161hj_s0v3j90q165116
    HKU\S-1-5-21-606747145-1500820517-839522115-500\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.yac.mx/?utm_source=b&utm_me...=iSafe&uid=samsungxhd161hj_s0v3j90q165116
    URLSearchHook: [S-1-5-21-606747145-1500820517-839522115-1003] UWAGA => Brak domyślnego URLSearchHook
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKU\S-1-5-21-606747145-1500820517-839522115-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll => Brak pliku
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.so-v.com/?type=ll&uid=1906660c-fa52-469e-9ad6-2f509b00469f
    FF DefaultSearchEngine: so-v
    FF SearchPlugin: C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\9q1mfv6h.default\searchplugins\so-v.xml [2016-03-12]
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\safeguard-secure-search.xml [2014-11-24]
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\wtu-secure-search.xml [2015-07-23]
    FF Extension: Browse2save - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\9q1mfv6h.default\Extensions\510f0693b1592@510f0693b15cc.com [2015-04-09] [Brak podpisu cyfrowego]
    FF Extension: Search-NewTab - C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\9q1mfv6h.default\Extensions\510f06cb90501@510f06cb9053a.com [2015-04-09] [Brak podpisu cyfrowego]
    CHR DefaultSearchURL: Default -> hxxp://search.so-v.com/web?type=ds&x=fqvz...d=1906660c-fa52-469e-9ad6-2f509b00469f&q={searchTerms}
    CHR DefaultSearchKeyword: Default -> so-v
    StartMenuInternet: chrome.exe - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.so-v.com/?type=ll&uid=1906660c-fa52-469e-9ad6-2f509b00469f
    StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe hxxp://www.so-v.com/?type=ll&uid=1906660c-fa52-469e-9ad6-2f509b00469f
    StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera\Opera.exe hxxp://www.so-v.com/?type=ll&uid=1906660c-fa52-469e-9ad6-2f509b00469f
    StartMenuInternet: (HKLM) Opera.exe - C:\Program Files\Opera\Opera.exe hxxp://www.so-v.com/?type=ll&uid=1906660c-fa52-469e-9ad6-2f509b00469f
    U3 DfSdkS; Brak ImagePath
    S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
    S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
    S3 ew_usbenumfilter; system32\DRIVERS\ew_usbenumfilter.sys [X]
    S3 gdrv; \??\C:\WINDOWS\gdrv.sys [X]
    S3 huawei_cdcacm; system32\DRIVERS\ew_jucdcacm.sys [X]
    S3 huawei_cdcecm; system32\DRIVERS\ew_jucdcecm.sys [X]
    S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
    S3 huawei_ext_ctrl; system32\DRIVERS\ew_juextctrl.sys [X]
    S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
    S4 IntelIde; Brak ImagePath
    U1 WS2IFSL; Brak ImagePath
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0
  • CControls
  • #4 13 Mar 2016 12:37
    Acorus 20
    Spec od komputerów

    W pasek adresu wpisz: about:support Kliknij Odśwież program Firefox.

    0
  • Pomocny post
    #5 13 Mar 2016 12:49
    Kolobos
    Spec od komputerów

    @Acorus 20 to bylo poprawne:
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Pulpit\Nieużywane skróty pulpitu\e-Diagnoza.lnk -> C:\WINDOWS\system32\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://e-diagnoza.com/JWS/blue/online/launch.jnlp "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\35\74cbcda3-7e283303"
    ShortcutWithArgument: C:\Documents and Settings\Administrator\Menu Start\Programy\e-diagnoza\e-Diagnoza.lnk -> C:\WINDOWS\system32\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://e-diagnoza.com/JWS/blue/online/launch.jnlp "C:\Documents and Settings\Administrator\Ustawienia lokalne\Dane aplikacji\Sun\Java\Deployment\cache\6.0\35\74cbcda3-7e283303"

    Do tego pominales:
    StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.so-v.com/?type=ll&uid=1906660c-fa52-469e-9ad6-2f509b00469f

    Dlatego w FF nada sie wyswietla.

    @Metis100 wykonaj jeszcze taki Fixlist.txt:
    StartMenuInternet: FIREFOX.EXE - C:\Program Files\Mozilla Firefox\firefox.exe hxxp://www.so-v.com/?type=ll&uid=1906660c-fa52-469e-9ad6-2f509b00469f

    Zamiesc tez nowe logi z FRST, ze skanowania.

    0
  • Pomocny post
    #7 13 Mar 2016 13:23
    Kolobos
    Spec od komputerów

    Wykonaj jeszcze taki Fixlist.txt:
    HKU\S-1-5-21-606747145-1500820517-839522115-500\...\MountPoints2: G - G:\AutoRun.exe /s
    HKU\S-1-5-21-606747145-1500820517-839522115-500\...\MountPoints2: {06db0f56-240a-11e4-b359-001e101fbcad} - G:\Startme.exe
    HKU\S-1-5-21-606747145-1500820517-839522115-500\...\MountPoints2: {0b27d0b4-6e76-11e4-b448-de2dfaf9f2e8} - G:\AutoRun.exe
    HKU\S-1-5-21-606747145-1500820517-839522115-500\...\MountPoints2: {3d20072c-cf93-11e2-be1a-001e101f34ad} - L:\urDrive.exe
    HKU\S-1-5-21-606747145-1500820517-839522115-500\...\MountPoints2: {5a7eb8eb-a4ff-11e2-bd97-b23483555c92} - G:\AutoRun.exe
    HKU\S-1-5-21-606747145-1500820517-839522115-500\...\MountPoints2: {730a6c19-9d18-11e2-bd7d-001e101f96a7} - J:\Startme.exe
    HKU\S-1-5-21-606747145-1500820517-839522115-500\...\MountPoints2: {a2d066d4-6256-11e2-bce3-eaa6590476e8} - G:\AutoRun.exe
    HKU\S-1-5-21-606747145-1500820517-839522115-500\...\MountPoints2: {bcbd0ee2-2b24-11e4-b36c-d54f418924ee} - G:\AutoRun.exe
    C:\Documents and Settings\Administrator\Menu Start\Programy\Autostart\AutorunsDisabled
    URLSearchHook: [S-1-5-21-606747145-1500820517-839522115-1003] UWAGA => Brak domyślnego URLSearchHook
    FF user.js: detected! => C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\9q1mfv6h.default\user.js [2016-03-13]
    2016-03-13 11:43 - 2016-03-13 11:54 - 00000000 ____D C:\Program Files\AdwCleaner

    Po wykonaniu usun katalog C:\FRST i to wszystko.

    1
  • #8 13 Mar 2016 13:41
    Metis100
    Poziom 2  

    Jeszcze raz dziękuję za pomoc. Problem został rozwiązany.

    0