Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

so-v.com - jak usunąć?

pawel636 18 Mar 2016 07:08 423 1
  • #2 18 Mar 2016 07:54
    krzychupar
    Poziom 40  

    Otwórz notatnik systemowy i wklej:
    Task: {D9C2E5C9-8DD6-456B-97E5-83DA87A00BD0} - System32\Tasks\lapekUnprotestinglyHankeringsV2 => Rundll32.exe ProtactiniumOptimists.dll,main 7 1 <==== UWAGA
    Task: {F6F18F71-AFD9-49D1-B6D6-47B2F19998E0} - \BitGuard -> Brak pliku <==== UWAGA
    ShortcutWithArgument: C:\Users\lapek\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=bd2bef70-c6a9-422f-8905-619a45894fd6
    ShortcutWithArgument: C:\Users\lapek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=bd2bef70-c6a9-422f-8905-619a45894fd6
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.so-v.com/?type=ll&uid=bd2bef70-c6a9-422f-8905-619a45894fd6
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\S-1-5-21-3533225206-739337566-3680877920-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-3533225206-739337566-3680877920-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKLM -> DefaultScope - brak wartości
    SearchScopes: HKU\S-1-5-21-3533225206-739337566-3680877920-1000 -> {286C72C1-CADC-46E5-BE47-7D52EFFB92F1} URL =
    S3 catchme; \??\C:\ComboFix\catchme.sys [X]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    2016-03-17 22:58 - 2016-03-17 22:58 - 00000000 _____ C:\autoexec.bat
    2016-03-17 22:56 - 2016-03-17 22:56 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
    2016-03-17 22:15 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
    2016-03-17 22:15 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
    2016-03-17 22:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2016-03-17 22:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2016-03-17 22:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2016-03-17 22:15 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
    2016-03-17 22:15 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
    2016-03-17 22:15 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
    2016-03-17 21:58 - 2016-03-17 21:59 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\lapek\Downloads\SpyHunter-Installer.exe
    2016-03-16 18:36 - 2016-03-16 18:36 - 00000000 ____D C:\Windows\SysWOW64\1033
    2016-03-17 22:25 - 2014-06-10 20:16 - 00000000 ____D C:\Qoobox
    EmptyTemp:

    Plik zapisz pod nazwą fixlist.txt i umieść w folderze C:\Users\lapek\Downloads\FRST64.exe
    Uruchom FRST i kliknij w Fix/Napraw.

    0