Problem z Surfvox - jak usunąć?


(Netka144) #1

Witam, jak w temacie mam problem z Surfvoxem. Czy ktoś może mi pomóc?


(Acorus) #2

Odinstaluj Adobe Reader 9,SpyHunter 4,ClamWin Free Antivirus 0.98.7.Otwórz notatnik systemowy i wklej:

CloseProcesses:
Hosts:
Task: {55C6C367-92A6-4D11-9C58-D53A67564F60} - System32\Tasks\SpyHunter4Startup = C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-05-22] (Enigma Software Group USA, LLC.)
HKLM-x32\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM-x32\...\Run: [ISUSScheduler] = C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-06-10] (InstallShield Software Corporation)
HKU\S-1-5-21-4025277154-3190595932-2493481722-1000\...\Run: [nvxasync] = C:\Users\Mateusz\AppData\Roaming\nvxasync\nvxasync.exe [153822720 2015-05-21] ()
HKU\S-1-5-21-4025277154-3190595932-2493481722-1000\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [153822720 2015-05-21] () ==== ATTENTION
HKU\S-1-5-21-4025277154-3190595932-2493481722-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/
HKU\S-1-5-21-4025277154-3190595932-2493481722-1001\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKU\S-1-5-21-4025277154-3190595932-2493481722-1001 - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
CHR Extension: (Bookmark Manager) - C:\Users\Mateusz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1026432 2015-05-22] (Enigma Software Group USA, LLC.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-05-22] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-05-22] ()
U3 agpof7j4; C:\Windows\System32\Drivers\agpof7j4.sys [0] (Advanced Micro Devices) ==== ATTENTION (zero size file/folder)
S3 AsrCDDrv; \\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2015-05-22 00:52 - 2015-05-22 00:54 - 00000000 ____ D () C:\AdwCleaner
2015-05-22 00:48 - 2015-05-22 00:48 - 00000000 _____ () C:\autoexec.bat
2015-05-22 00:47 - 2015-05-22 00:47 - 00003338 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2015-05-22 00:47 - 2015-05-22 00:47 - 00001091 _____ () C:\Users\Mateusz\Desktop\SpyHunter.lnk
2015-05-22 00:47 - 2015-05-22 00:47 - 00000000 ____ D () C:\Users\Mateusz\AppData\Roaming\Enigma Software Group
2015-05-22 00:47 - 2015-05-22 00:47 - 00000000 ____ D () C:\sh4ldr
2015-05-22 00:45 - 2015-05-22 00:45 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Mateusz\Downloads\SpyHunter-installer.exe
2015-05-22 00:45 - 2015-05-22 00:45 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-05-22 00:45 - 2015-05-22 00:45 - 00000000 ____ D () C:\Program Files\Enigma Software Group
2015-05-22 00:26 - 2015-05-22 00:26 - 00000000 _RSHD () C:\ProgramData\nvxasync
2015-05-21 22:44 - 2015-05-21 22:45 - 00000000 _RSHD () C:\Users\Mateusz\AppData\Roaming\nvxasync
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Netka144) #3

Dziękuję serdecznie za odpowiedź. Wklejam nowy raport:


(Acorus) #4

Otwórz notatnik systemowy i wklej:

HKLM-x32\...\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpts=1432280335z=d29e0327c26cb6f50a181eegezac9o0o4b6ebcdo1wfrom=coruid=ST1000DM003-1ER162_Z4Y4K8DDXXXXZ4Y4K8DD
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpts=1432280335z=d29e0327c26cb6f50a181eegezac9o0o4b6ebcdo1wfrom=coruid=ST1000DM003-1ER162_Z4Y4K8DDXXXXZ4Y4K8DD
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1432280335z=d29e0327c26cb6f50a181eegezac9o0o4b6ebcdo1wfrom=coruid=ST1000DM003-1ER162_Z4Y4K8DDXXXXZ4Y4K8DDq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpts=1432280335z=d29e0327c26cb6f50a181eegezac9o0o4b6ebcdo1wfrom=coruid=ST1000DM003-1ER162_Z4Y4K8DDXXXXZ4Y4K8DD
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpts=1432280335z=d29e0327c26cb6f50a181eegezac9o0o4b6ebcdo1wfrom=coruid=ST1000DM003-1ER162_Z4Y4K8DDXXXXZ4Y4K8DD
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsts=1432280335z=d29e0327c26cb6f50a181eegezac9o0o4b6ebcdo1wfrom=coruid=ST1000DM003-1ER162_Z4Y4K8DDXXXXZ4Y4K8DDq={searchTerms}
HKU\S-1-5-21-4025277154-3190595932-2493481722-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=dsts=1432280335z=d29e0327c26cb6f50a181eegezac9o0o4b6ebcdo1wfrom=coruid=ST1000DM003-1ER162_Z4Y4K8DDXXXXZ4Y4K8DDq={searchTerms}
HKU\S-1-5-21-4025277154-3190595932-2493481722-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hpts=1432280335z=d29e0327c26cb6f50a181eegezac9o0o4b6ebcdo1wfrom=coruid=ST1000DM003-1ER162_Z4Y4K8DDXXXXZ4Y4K8DD
HKU\S-1-5-21-4025277154-3190595932-2493481722-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hpts=1432280335z=d29e0327c26cb6f50a181eegezac9o0o4b6ebcdo1wfrom=coruid=ST1000DM003-1ER162_Z4Y4K8DDXXXXZ4Y4K8DD
HKU\S-1-5-21-4025277154-3190595932-2493481722-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=dsts=1432280335z=d29e0327c26cb6f50a181eegezac9o0o4b6ebcdo1wfrom=coruid=ST1000DM003-1ER162_Z4Y4K8DDXXXXZ4Y4K8DDq={searchTerms}
HKU\S-1-5-21-4025277154-3190595932-2493481722-1001\Software\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
BHO-x32: Glass Bottle - {88803a01-4125-443b-b869-4062a160ceea} - C:\Program Files (x86)\Glass Bottle\Extensions\88803a01-4125-443b-b869-4062a160ceea.dll [2015-05-22] ()
Toolbar: HKU\S-1-5-21-4025277154-3190595932-2493481722-1001 - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
R2 Service Mgr GlassBottle; C:\ProgramData\51603d73-31f4-492f-a43e-5b71fef2ce15\plugincontainer.exe [556304 2015-05-22] ()
R2 Update Mgr GlassBottle; C:\Program Files (x86)\Common Files\51603d73-31f4-492f-a43e-5b71fef2ce15\updater.exe [478992 2015-05-22] ()
U3 a5g7gqtd; C:\Windows\System32\Drivers\a5g7gqtd.sys [0] (Microsoft Corporation) ==== ATTENTION (zero size file/folder)
2015-05-22 09:39 - 2015-05-22 09:39 - 00000000 ____ D () C:\Program Files (x86)\Glass Bottle
2015-05-22 09:39 - 2015-05-22 09:39 - 00000000 _____ () C:\Windows\system32\Drivers\etc\hosts.bak
2015-05-22 09:38 - 2015-05-22 09:38 - 00000000 ____ D () C:\Users\Mateusz\AppData\Roaming\do-search
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.


(Netka144) #5

Ok, zrobione. Czy to wszystko? Surfvox raczej zniknął.


(Acorus) #6

Skasuj folder C:\FRST


(Netka144) #7

Ok, bardzo serdecznie dziękuję za pomoc! :slight_smile: