Surfvox.com- problem

Dla specjalistów Bezpieczeństwo
#1

Witam mam problem z wirusem surfvox.com. Wiem że FRST usuwa to ale nie umiem tego obsługiwać.

Proszę o pomoc przy usunięciu tego ustrojstwa.

Z góry Dzięki.

 

Raporty:

FRST- http://www.wklej.org/id/1662091/

Addition- http://wklej.org/id/1662093/

#2

Odinstaluj AIMP Packages,Realtek AC’97 Audio Driver Packages,Update for PriceFountain.Otwórz notatnik systemowy i wklej:

Task: {1100C9AC-35EC-4981-A347-5A75595CA1CC} - System32\Tasks\{8512BDE7-BCA2-434F-9E2D-622A88852FE2} = Chrome.exe http://ui.skype.com/ui/0/7.0.11.102/pl/abandoninstall?page=tsMain
Task: {67DA3CF9-E010-4246-A87D-22DE38447844} - \Apps Hat-firefoxinstaller No Task File ==== ATTENTION
Task: {7792C5FD-069B-402C-BD00-1E159A43DF53} - \a2zLyrics-15-updater No Task File ==== ATTENTION
Task: {8CDFE024-FDEB-4FB7-8B8E-0400247D5D02} - \a2zLyrics-15-codedownloader No Task File ==== ATTENTION
Task: {BDAB26B9-3FE2-4262-AB1E-9A964DCDBD0C} - \Apps Hat-codedownloader No Task File ==== ATTENTION
Task: {DE7E5FC0-D8DC-4FDA-9E40-2972F0CBA198} - \a2zLyrics-15-firefoxinstaller No Task File ==== ATTENTION
Task: {E52322E9-F68D-4DF5-BBA8-E873F2F118DF} - \AutoKMS No Task File ==== ATTENTION
Task: {ED51015D-6200-429E-B9C0-2DD6D3C74FC0} - \Apps Hat-updater No Task File ==== ATTENTION
HKU\S-1-5-21-3628294001-3305630472-3408263878-1001\...\Run: [nvxasync] = C:\Users\ewaczarna\AppData\Roaming\nvxasync\nvxasync.exe [142679040 2015-03-07] ()
HKU\S-1-5-21-3628294001-3305630472-3408263878-1001\...\MountPoints2: {49ece0f2-3721-11e3-bec5-806e6f6e6963} - "G:\autorun.exe"
HKU\S-1-5-21-3628294001-3305630472-3408263878-1001\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [142679040 2015-03-07] () ==== ATTENTION
ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-3628294001-3305630472-3408263878-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/
SearchScopes: HKU\.DEFAULT - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: No Name - {d4be399f-cfdf-462f-b234-2e3a62cff5a8} - No File
Toolbar: HKLM-x32 - No Name - {d4be399f-cfdf-462f-b234-2e3a62cff5a8} - No File
OPR StartupUrls: "hxxp://www.surfvox.com/"
U3 a4adimv3; C:\Windows\System32\Drivers\a4adimv3.sys [0] (Microsoft Corporation) ==== ATTENTION (zero size file/folder)
S1 MpKsl22c550e8; \\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC69D0A7-10A9-4460-A192-141C9F4EE681}\MpKsl22c550e8.sys [X]
S1 qzerpcqy; \\C:\Windows\system32\drivers\qzerpcqy.sys [X]
2015-03-07 15:36 - 2015-03-07 15:37 - 00000000 _RSHD () C:\ProgramData\nvxasync
2015-03-07 14:29 - 2015-03-07 14:29 - 40068694 _____ () C:\Users\ewaczarna\AppData\Roaming\fpacked.exe
2015-03-07 14:29 - 2014-09-22 04:39 - 00000000 ____ D () C:\Users\ewaczarna\AppData\Roaming\fportable
2015-03-07 14:28 - 2015-03-07 14:29 - 00000000 _RSHD () C:\Users\ewaczarna\AppData\Roaming\nvxasync
2015-03-14 14:01 - 2013-09-30 13:22 - 00000896 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
C:\ProgramData\EoJ38Mblp.dat
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.4.1028.exe

#3

dziękuje bardzo już wszystko działa normalnie

#4

Skasuj folder C:\FRST