Witam
wczoraj na stacjonarce pojawił się jakiś YoutubeAccelerator, shopper-pro i coś jeszcze. Odłączyłem od razu internet, pousuwałem to, zrobiłem szybki skan Avastem, dziś jeszcze znalazłem parę śmieci i usunąłem. Proszę o przejrzenie logów i powiedzenie co jeszcze pominałem.
Extras: http://www.wklej.org/id/1579001/
OLT: http://www.wklej.org/id/1579003/
Z góry dziękuje
Odinstaluj McAfee Security Scan Plus.Pobierz Farbar Recovery Scan Tool http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ zgodny z wersją systemu 32-bit lub 64-bit.
Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.
Otwórz notatnik systemowy i wklej:
Task: {916E22FE-350E-4D86-8E1C-1205EBDDE9E9} - System32\Tasks\SMupdate1 = Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 ==== ATTENTION
Task: {936C4EF9-A61E-44B7-A1AE-913627745BE2} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 = Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 ==== ATTENTION
Task: {F6409775-C87B-45FD-936D-0CC6158D60E4} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 = Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 ==== ATTENTION
HKLM-x32\...\Run: [mobilegeni daemon] = C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [APSDaemon] = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SPDriver] = C:\Program Files (x86)\ShopperPro\JSDriver\1453.0.0.0\jsdrv.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1397772694from=coruid=GOODRAMXC50_FF7307391EEC00075455q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=dsts=1397772694from=coruid=GOODRAMXC50_FF7307391EEC00075455q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1397772694from=coruid=GOODRAMXC50_FF7307391EEC00075455q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=dsts=1397772694from=coruid=GOODRAMXC50_FF7307391EEC00075455q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1397772694from=coruid=GOODRAMXC50_FF7307391EEC00075455q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1397772694from=coruid=GOODRAMXC50_FF7307391EEC00075455q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1397772694from=coruid=GOODRAMXC50_FF7307391EEC00075455q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.sweet-page.com/web/?type=dsts=1397772694from=coruid=GOODRAMXC50_FF7307391EEC00075455q={searchTerms}
BHO: HQ-Video-Pro-2.1cV28.12 - {11111111-1111-1111-1111-110611571183} - C:\Program Files (x86)\HQ-Video-Pro-2.1cV28.12\HQ-Video-Pro-2.1cV28.12-bho64.dll No File
BHO: Sense - {11111111-1111-1111-1111-110611901159} - C:\Program Files (x86)\Sense\Sense-bho64.dll No File
BHO: Shopper Pro - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro64.dll No File
BHO-x32: HQ-Video-Pro-2.1cV28.12 - {11111111-1111-1111-1111-110611571183} - C:\Program Files (x86)\HQ-Video-Pro-2.1cV28.12\HQ-Video-Pro-2.1cV28.12-bho.dll No File
BHO-x32: Sense - {11111111-1111-1111-1111-110611901159} - C:\Program Files (x86)\Sense\Sense-bho.dll No File
BHO-x32: Shopper Pro - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro.dll No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
S2 sbmntr; \\C:\PROGRA~2\YTDOWN~1\sbmntr.sys [X]
S2 SPDRIVER_1453.0.0.0; \\C:\Program Files (x86)\ShopperPro\JSDriver\1453.0.0.0\jsdrv.sys [X]
EmptyTemp:
Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.
Dzięki za pomoc.
Fix log: http://www.wklej.org/id/1579064/
FRST: http://wklej.org/id/1579069/
Addition: http://wklej.org/id/1579071/
Nowe logi zbędne.Skasuj folder C:\FRST