Vaudix - jak usunąć?

m101st · 27 Luty 2015 16:33

Potrzebuję pomocy, przyplątało mi się coś takiego jak Vaudix. Jak to cholerstwo zlikwidować?

Acorus · 27 Luty 2015 16:44

Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.

m101st · 27 Luty 2015 17:30

http://wklej.org/id/1649689/

http://wklej.org/id/1649692/

Acorus · 27 Luty 2015 18:17

Odinstaluj YTD Video Downloader 4.0.Otwórz notatnik systemowy i wklej:

Task: {0A73A092-A9EC-487F-8ED1-0BCDD046CE7F} - System32\Tasks\{F540748A-0F3F-436F-8042-69A10778BFB6} = pcalua.exe -a C:\Users\mike\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=cor ==== ATTENTION
Task: {DEAF2A15-313D-4BB1-B402-ABFD3BD66D70} - System32\Tasks\EPUpdater = C:\Users\mike\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe ==== ATTENTION
HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\...\Policies\Explorer: []
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hpts=1419063762from=coruid=WDCXWD5000BEVT-35A0RT0_WD-WXF1A40L9890L9890
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://websearch.swellsearch.info/?pid=21236r=2015/02/26hid=13261103827334991719lg=ENcc=PLunqvl=84
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1419063762from=coruid=WDCXWD5000BEVT-35A0RT0_WD-WXF1A40L9890L9890q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=dsts=1419063762from=coruid=WDCXWD5000BEVT-35A0RT0_WD-WXF1A40L9890L9890q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hpts=1419063762from=coruid=WDCXWD5000BEVT-35A0RT0_WD-WXF1A40L9890L9890
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1419063762from=coruid=WDCXWD5000BEVT-35A0RT0_WD-WXF1A40L9890L9890q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=dsts=1419063762from=coruid=WDCXWD5000BEVT-35A0RT0_WD-WXF1A40L9890L9890q={searchTerms}
HKU\S-1-5-21-2195184045-3265951034-2981680463-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://websearch.swellsearch.info/?pid=21236r=2015/02/26hid=13261103827334991719lg=ENcc=PLunqvl=84
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1419063762from=coruid=WDCXWD5000BEVT-35A0RT0_WD-WXF1A40L9890L9890q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=dsts=1419063762from=coruid=WDCXWD5000BEVT-35A0RT0_WD-WXF1A40L9890L9890q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1q={searchTerms}pid=21236r=2015/02/26hid=13261103827334991719lg=ENcc=PLunqvl=84
SearchScopes: HKLM-x32 - {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1q={searchTerms}pid=21236r=2015/02/26hid=13261103827334991719lg=ENcc=PLunqvl=84
SearchScopes: HKU\S-1-5-21-2195184045-3265951034-2981680463-1000 - DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1q={searchTerms}pid=21236r=2015/02/26hid=13261103827334991719lg=ENcc=PLunqvl=84
SearchScopes: HKU\S-1-5-21-2195184045-3265951034-2981680463-1000 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2195184045-3265951034-2981680463-1000 - {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1q={searchTerms}pid=21236r=2015/02/26hid=13261103827334991719lg=ENcc=PLunqvl=84
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.swellsearch.info/?pid=21236r=2015/02/26hid=13261103827334991719lg=ENcc=PLunqvl=84l=1q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://websearch.swellsearch.info/?pid=21236r=2015/02/26hid=13261103827334991719lg=ENcc=PLunqvl=84
FF Keyword.URL: hxxp://websearch.swellsearch.info/?pid=21236r=2015/02/26hid=13261103827334991719lg=ENcc=PLunqvl=84l=1q=
FF SearchPlugin: C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\rzklgh44.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
CHR dev: Chrome dev build detected! ======= ATTENTION
CHR StartupUrls: Default - "hxxp://isearch.omiga-plus.com/?type=hpts=1419063762from=coruid=WDCXWD5000BEVT-35A0RT0_WD-WXF1A40L9890L9890"
CHR Extension: (Favorite Doodle) - C:\Users\mike\AppData\Local\Google\Chrome\User Data\Default\Extensions\nedjejdfkkjgebciefdfofjhmeogiaga [2015-02-26]
CHR HKLM-x32\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - No Path Or update_url value
S2 4aad814a; c:\Program Files (x86)\SegmentAssister\SegmentAssister.dll [1636352 2015-02-26] () [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-12-20] (Cherished Technololgy LIMITED)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-20] (Fuyu LIMITED) [File not signed]
U3 acexoba2; C:\Windows\System32\Drivers\acexoba2.sys [0] (Microsoft Corporation) ==== ATTENTION (zero size file/folder)
S3 BT; system32\DRIVERS\btnetdrv.sys [X]
S3 BTCOM; system32\DRIVERS\btcomport.sys [X]
S3 BTCOMBUS; System32\Drivers\btcombus.sys [X]
S3 Btcsrusb; System32\Drivers\btcusb.sys [X]
S1 VIAPFD; \SystemRoot\System32\Drivers\VIAPFD.SYS [X]
2015-02-26 02:23 - 2015-02-26 02:23 - 00000000 ____ D () C:\Program Files (x86)\SegmentAssister
2015-02-26 02:22 - 2015-02-26 02:22 - 00000000 ____ D () C:\ProgramData\7696464283835259695
2015-02-26 02:22 - 2015-02-26 02:22 - 00000000 ____ D () C:\Program Files (x86)\Vaaudix
2015-02-26 02:21 - 2015-02-26 02:21 - 00000000 ____ D () C:\ProgramData\lccaedhpaplhmpgmmioldchjpmndfook
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

m101st · 27 Luty 2015 18:59

Zrobione, to będzie wszystko?

Acorus · 27 Luty 2015 19:06

Skasuj folder C:\FRST