Ooov.net - strona sama uruchamia firefoxa

harel · 22 Grudzień 2014 17:33

podczas startu systemu, przeglądarka sama się uruchamia i startuje ooov.net ,

logi z FRST http://wklej.org/id/1565193/

proszę o pomoc

Acorus · 22 Grudzień 2014 18:31

Otwórz notatnik systemowy i wklej:

HKLM-x32\...\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-4214832004-1696843900-972673696-1000\...\Run: [ALLUpdate] = C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2765256 2014-11-03] (ALLPlayer Group Ltd.)
HKU\S-1-5-21-4214832004-1696843900-972673696-1000\...\Run: [CMD] = cmd.exe /c start http://ooov.net exit ===== ATTENTION
HKU\S-1-5-21-4214832004-1696843900-972673696-1000\...\RunOnce: [Adobe Speed Launcher] = 1419266502
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-4214832004-1696843900-972673696-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
S3 esgiguard; \\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-12-22 17:06 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-22 17:06 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-22 17:06 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-22 17:06 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-22 17:06 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-22 17:06 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-22 17:06 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-22 17:06 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-22 16:26 - 2014-12-22 17:14 - 00000000 ____ D () C:\Qoobox
2014-12-22 15:23 - 2014-12-22 15:23 - 00000000 ____ D () C:\Program Files\Enigma Software Group
2014-12-22 15:21 - 2014-12-22 16:06 - 00000000 ____ D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-12-07 13:00 - 2014-12-07 13:00 - 00003180 _____ () C:\Windows\System32\Tasks\{731CB2C5-9F6D-47A0-A0E6-4B3772AE2317}
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

harel · 22 Grudzień 2014 18:50

Acorus:

Otwórz notatnik systemowy i wklej: HKLM-x32…\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation) HKLM-x32…\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated) HKU\S-1-5-21-4214832004-1696843900-972673696-1000…\Run: [ALLUpdate] => C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe [2765256 2014-11-03] (ALLPlayer Group Ltd.) HKU\S-1-5-21-4214832004-1696843900-972673696-1000…\Run: [CMD] => cmd.exe /c start http://ooov.net && exit <===== ATTENTION HKU\S-1-5-21-4214832004-1696843900-972673696-1000…\RunOnce: [Adobe Speed Launcher] => 1419266502 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-4214832004-1696843900-972673696-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION S3 esgiguard; \C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] 2014-12-22 17:06 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-12-22 17:06 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-12-22 17:06 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-12-22 17:06 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-12-22 17:06 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-12-22 17:06 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-12-22 17:06 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-12-22 17:06 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-12-22 16:26 - 2014-12-22 17:14 - 00000000 ____D () C:\Qoobox 2014-12-22 15:23 - 2014-12-22 15:23 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-12-22 15:21 - 2014-12-22 16:06 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP 2014-12-07 13:00 - 2014-12-07 13:00 - 00003180 _____ () C:\Windows\System32\Tasks{731CB2C5-9F6D-47A0-A0E6-4B3772AE2317} EmptyTemp: Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom FRST i kliknij w Fix.

Dzięki, pomogło

browarek dla Ciebie

Acorus · 22 Grudzień 2014 18:59

Wirtualny.Skasuj folder C:\FRST