Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

aqovd- Wirus aqovd program FRST

SoQ. 28 Gru 2015 18:52 786 1
  • #2 28 Gru 2015 19:59
    Acorus 20
    Spec od komputerów

    Odinstaluj DAEMON Tools Toolbar, Setup. Otwórz notatnik systemowy i wklej:

    Cytat:
    Task: {8EC1E6FC-DDA5-4A6C-A6FC-5F6952AC8340} - System32\Tasks\Doyox => C:\Program
    ShortcutWithArgument: C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=sunadplv3&uid=3182F4QNS_TOSHIBAMK7559GSXP&tm=1449236982
    ShortcutWithArgument: C:\Users\acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=sunadplv3&uid=3182F4QNS_TOSHIBAMK7559GSXP&tm=1449236982
    ShortcutWithArgument: C:\Users\acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> www.aqovd.com?oem=sunadplv3&uid=3182F4QNS_TOSHIBAMK7559GSXP&tm=1449236982
    ShortcutWithArgument: C:\Users\acer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> www.aqovd.com?oem=sunadplv3&uid=3182F4QNS_TOSHIBAMK7559GSXP&tm=1449236982
    ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> www.aqovd.com?oem=sunadplv3&uid=3182F4QNS_TOSHIBAMK7559GSXP&tm=1449236982
    ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> www.aqovd.com?oem=sunadplv3&uid=3182F4QNS_TOSHIBAMK7559GSXP&tm=1449236982
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [mbot_pl_014010075] => [X]




    HKLM-x32\...\Run: [gmsd_pl_005010165] => [X]
    HKLM-x32\...\Run: [gmsd_pl_005010169] => [X]
    HKLM-x32\...\Run: [rec_en_77] => [X]
    GroupPolicy: Ograniczenia - Chrome <======= UWAGA
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadplv3&uid=3182F4QNS_TOSHIBAMK7559GSXP&tm=1449236982
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadplv3&uid=3182F4QNS_TOSHIBAMK7559GSXP&tm=1449236982
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3&uid=3182F4QNS_TOSHIBAMK7559GSXP&tm=1449236982
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.aqovd.com?oem=sunadplv3&uid=3182F4QNS_TOSHIBAMK7559GSXP&tm=1449236982
    HKU\S-1-5-21-1071986604-2830947059-1975430950-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.aqovd.com?oem=sunadplv3&uid=3182F4QNS_TOSHIBAMK7559GSXP&tm=1449236982
    SearchScopes: HKU\S-1-5-21-1071986604-2830947059-1975430950-1000 -> {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8} URL = hxxp://www.daemon-search.com/search?q={searchTerms}
    BHO: shopperz031220151419 -> {BA93A7C4-9693-49EE-9194-1BEF28473521} -> C:\Program Files\shopperz031220151419\Eaecag64.dll [2015-12-04] ()
    BHO-x32: shopperz031220151419 -> {BA93A7C4-9693-49EE-9194-1BEF28473521} -> C:\Program Files\shopperz031220151419\Eaecag.dll [2015-12-04] ()
    Toolbar: HKLM - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2011-01-20] ()
    Toolbar: HKLM-x32 - DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20] ()
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.yoursearching.com/?type=sc&ts=...p;uid=TOSHIBAXMK7559GSXP_3182F4QNSXX3182F4QNS
    FF Homepage: hxxp://www.interia.pl/#utm_source=instalki1&a...n=instalki1&iwa_source=installer_instalki
    FF Extension: DAEMON Tools Toolbar - C:\Users\acer\AppData\Roaming\Mozilla\Firefox\Profiles\qut33dhi.default\Extensions\DTToolbar@toolbarnet.com [2015-08-22] [Brak podpisu cyfrowego]
    FF HKLM\...\Firefox\Extensions: [{BA93A7C4-9693-49EE-9194-1BEF28473521}] - C:\Program Files\shopperz031220151419\Firefox\{BA93A7C4-9693-49EE-9194-1BEF28473521}.xpi
    FF Extension: shopperz031220151419 - C:\Program Files\shopperz031220151419\Firefox\{BA93A7C4-9693-49EE-9194-1BEF28473521}.xpi [2015-12-04] [Brak podpisu cyfrowego]
    FF HKLM-x32\...\Firefox\Extensions: [{BA93A7C4-9693-49EE-9194-1BEF28473521}] - C:\Program Files\shopperz031220151419\Firefox\{BA93A7C4-9693-49EE-9194-1BEF28473521}.xpi
    CHR HomePage: Default -> www.aqovd.com?oem=sunadplv3&uid=3182F4QNS_TOSHIBAMK7559GSXP&tm=1449236982
    CHR HKU\S-1-5-21-1071986604-2830947059-1975430950-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
    S3 C3ECA7D0-3DA9-4C81-9EA9-AE2EFF4462D6; C:\Program Files\shopperz031220151419\Kegytuj.exe [252240 2015-12-04] ()
    S3 csrcc; C:\Program Files\shopperz031220151419\csrcc.exe [1515856 2015-12-04] ()
    R2 shopperz031220151419 Updater; C:\Program Files\shopperz031220151419\Etupiqu.exe [150864 2015-12-04] ()
    R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [344232 2015-12-07] (Sysinternals process Explorer) <==== UWAGA
    S3 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
    R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-12-04] (Cherimoya Ltd)
    S2 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    2015-12-23 11:57 - 2015-12-23 11:57 - 00000000 ____D C:\Users\acer\AppData\Roaming\OpenCandy
    2015-12-07 17:20 - 2015-12-07 17:20 - 00000000 ____D C:\ProgramData\Tmp0x0x
    2015-12-07 17:19 - 2015-12-19 18:12 - 00000000 ____D C:\Users\acer\AppData\Roaming\yoursearching
    2015-12-07 17:19 - 2015-12-19 10:16 - 00000000 _____ C:\END
    2015-12-04 14:56 - 2015-12-07 17:34 - 00000000 ____D C:\Users\acer\AppData\Roaming\systweak
    2015-12-04 14:56 - 2015-11-20 19:27 - 00019888 _____ () C:\Windows\system32\roboot64.exe
    2015-12-04 14:53 - 2015-12-04 15:28 - 00000000 ____D C:\Program Files\shopperz031220151419
    2015-12-04 14:53 - 2015-12-04 14:53 - 00034712 _____ () C:\Windows\system32\Drivers\bsdriver.sys
    2015-12-04 14:53 - 2015-12-04 14:53 - 00003406 _____ C:\Windows\System32\Tasks\Doyox
    2015-12-04 14:53 - 2015-12-04 14:53 - 00000000 ____D C:\Users\acer\AppData\LocalLow\Company
    2015-12-04 14:53 - 2015-12-04 14:53 - 00000000 ____D C:\Users\acer\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
    2015-12-04 14:53 - 2015-12-04 14:53 - 00000000 ____D C:\uninst
    2015-12-03 13:22 - 2015-12-04 14:53 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
    EmptyTemp:


    Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
    Uruchom jako administrator FRST i kliknij w Fix/Napraw.
    Pobierz i uruchom jako administrator AdwCleaner https://toolslib.net/downloads/finish/1/ Kliknij Scan i później Cleaning.

    0