Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

so-v.com jak usunąć?

Manchick 17 Mar 2016 23:17 522 2
  • Pomocny post
    #2 17 Mar 2016 23:28
    Kolobos
    Spec od komputerów

    Fixlist.txt dla FRST:
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> D:\Programs\mozilla\firefox.exe (Mozilla Corporation) -> hxxp://www.so-v.com/?type=ll&uid=07c06e32-9e78-4433-85be-f3b9986cb2b9
    Hosts:
    HKU\S-1-5-21-400326286-3462658666-2980369873-1001\...\MountPoints2: {2bdcb98b-eac6-11e5-9bf2-d8cb8a970756} - "G:\SETUP.EXE"
    HKU\S-1-5-21-400326286-3462658666-2980369873-1001\...\MountPoints2: {af3889f0-db21-11e5-9be6-d8cb8a970756} - "G:\vs_enterprise.exe"
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
    FF NewTab: hxxp://www.omniboxes.com/newtab/?type=nt&...om=amt&uid=plextorxpx-128m6s_p02513103137
    FF DefaultSearchEngine: so-v
    FF Homepage: about:home
    FF user.js: detected! => C:\Users\Dawid-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wjiw3qrz.default\user.js [2016-01-21]
    FF SearchPlugin: C:\Users\Dawid-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wjiw3qrz.default\searchplugins\so-v.xml [2016-03-17]
    FF Extension: FirefixTab - C:\Users\Dawid-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wjiw3qrz.default\Extensions\deskCutv2@gmail.com [2016-01-21] [Brak podpisu cyfrowego]
    FF Extension: Wooden Seal 1.0.1 - C:\Users\Dawid-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wjiw3qrz.default\Extensions\{25bfebaa-8898-4bf4-8b6f-6b7db87f40f7}.xpi [2016-01-19] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Dawid-PC\AppData\Roaming\Mozilla\Firefox\Profiles\wjiw3qrz.default\extensions\deskCutv2@gmail.com
    S2 DeskTop_F; C:\ProgramData\desktopfind\desktop173.exe [236728 2016-03-16] (DeskTopService)
    S2 fuditykizbt; C:\Program Files (x86)\00000000-1453416868-0000-0000-D8CB8A970756\knsb1EB1.tmp [X]
    R1 {25bfebaa-8898-4bf4-8b6f-6b7db87f40f7}Gw64; C:\Windows\System32\drivers\{25bfebaa-8898-4bf4-8b6f-6b7db87f40f7}Gw64.sys [48752 2016-01-21] (StdLib)
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    2016-03-17 22:10 - 2016-03-17 22:10 - 00000000 ____D C:\ProgramData\desktopfind
    2016-03-17 22:09 - 2016-03-17 22:09 - 01006592 _____ C:\Windows\SysWOW64\pl6.exe
    EmptyTemp:

    Po wykonaniu usun katalog C:\FRST.

    Zrob tez pelny skan przy pomocy Mbam i usun to co wykryje:
    http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

    0
  • #3 17 Mar 2016 23:51
    Manchick
    Poziom 2  

    Bardzo dziękuję za pomoc.

    0