W autostarcie pojawił mi się proces svchost , nie mogłem go wyłączyć ani usunąc. Proszę o pomoc.
Log z OTL
Extras
FRST
Additional
ps. dokucza mi także proces o nazwie “Llsvvjoeqtihtgye.exe *32”
Odinstaluj McAfee Security Scan Plus.Otwórz Notatnik i wklej:
Task: {F2249724-1770-41C7-9D46-B0E70459C22B} - System32\Tasks\{64B460C4-AEBF-45A1-B530-98EFA1131E31} = Chrome.exe http://ui.skype.com/ui/0/6.16.0.105/pl/abandoninstall?page=tsProgressBar
HKU\S-1-5-21-860879674-643181563-1625255494-1000\...\Run: [Llsvvjoeqtihtgye.exe] = C:\Users\hp\AppData\Roaming\Llsvvjoeqtihtgye.exe [200192 2014-09-14] ()
HKU\S-1-5-21-860879674-643181563-1625255494-1000\...\Run: [svchost.exe] = C:\Users\hp\AppData\Roaming\svchost.exe [189952 2014-09-14] ()
HKU\S-1-5-21-860879674-643181563-1625255494-1000\...\Run: [Qrrfioyuqaqcxjeb.exe] = "C:\Users\hp\AppData\Roaming\Qrrfioyuqaqcxjeb.exe"
ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = No File
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hpts=1410911028from=coruid=ST9500325AS_S2W5EAXG
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hpts=1410911028from=coruid=ST9500325AS_S2W5EAXG
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1410911028from=coruid=ST9500325AS_S2W5EAXGq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hpts=1410911028from=coruid=ST9500325AS_S2W5EAXG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hpts=1410911028from=coruid=ST9500325AS_S2W5EAXG
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1410911028from=coruid=ST9500325AS_S2W5EAXGq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1410911028from=coruid=ST9500325AS_S2W5EAXGq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sweet-page.com/?type=hpts=1410911028from=coruid=ST9500325AS_S2W5EAXG
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.sweet-page.com/?type=hpts=1410911028from=coruid=ST9500325AS_S2W5EAXG
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1410911028from=coruid=ST9500325AS_S2W5EAXGq={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.sweet-page.com/?type=scts=1410911028from=coruid=ST9500325AS_S2W5EAXG
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1410911028from=coruid=ST9500325AS_S2W5EAXGq={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1410911028from=coruid=ST9500325AS_S2W5EAXGq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1410911028from=coruid=ST9500325AS_S2W5EAXGq={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1410911028from=coruid=ST9500325AS_S2W5EAXGq={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1410911028from=coruid=ST9500325AS_S2W5EAXGq={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1410911028from=coruid=ST9500325AS_S2W5EAXGq={searchTerms}
BHO-x32: Deal Keeper - {1ec8187a-6435-44e3-bbe4-6ce6d3c69254} - C:\Program Files (x86)\Deal Keeper\DealKeeperbho.dll (Deal Keeper)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S2 Update Deal Keeper; C:\Program Files (x86)\Deal Keeper\updateDealKeeper.exe [323320 2014-08-05] ()
S2 Util Deal Keeper; C:\Program Files (x86)\Deal Keeper\bin\utilDealKeeper.exe [323320 2014-08-06] ()
R1 {5178f938-0bd5-47c1-8242-71f6e3e72925}Gw64; C:\Windows\System32\drivers\{5178f938-0bd5-47c1-8242-71f6e3e72925}Gw64.sys [61120 2014-07-09] (StdLib)
S3 AIDA64Driver; \\G:\Nowy folder\aida64extreme300\kerneld.x64 [X]
S3 EagleX64; \\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 esgiguard; \\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
2014-09-17 01:43 - 2014-09-17 01:43 - 00000000 ____ D () C:\Users\hp\AppData\Roaming\sweet-page
2014-09-14 17:00 - 2014-09-14 17:00 - 00189952 ___RH () C:\Users\hp\AppData\Roaming\svchost.exe
2014-09-14 16:45 - 2014-09-14 16:45 - 00200192 ___RH () C:\Users\hp\AppData\Roaming\Llsvvjoeqtihtgye.exe
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Pokaż nowy log z FRST bez Addition.
Wykonaj w trybie awaryjnym.Otwórz Notatnik i wklej:
HKU\S-1-5-21-860879674-643181563-1625255494-1000\...\Run: [Adobe Driver Update] = C:\Users\hp\AppData\Local\Temp\adbreader.exe ===== ATTENTION
HKU\S-1-5-21-860879674-643181563-1625255494-1000\...\Run: [svchost.exe] = "C:\Users\hp\AppData\Roaming\svchost.exe"
HKU\S-1-5-21-860879674-643181563-1625255494-1000\...\Run: [Llsvvjoeqtihtgye.exe] = "C:\Users\hp\AppData\Roaming\Llsvvjoeqtihtgye.exe"
ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = No File
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
fixlog:
FRST:
FRST także robiony w trybie awaryjnym
Skasuj folder C:\FRST
Przeskanuj programem Malwarebytes Anti-Malware http://data-cdn.mbamupdates.com/v2/mbam/consumer/data/mbam-setup-2.0.2.1012.exe
Daj wszystko do kwarantanny.
poszło, dziękuję ślicznie za pomoc, jeszcze się odezwę z laptopem dziewczyny, jak przestanie nią szatan miotać (2-3 dni i po okresie)