Wirus shopperpro, fast start otwierajacy się jako nowe karta w przeglądarce mozilla firefox, spowolniony komputer

Dla specjalistów Bezpieczeństwo
#1

witam, mój problem dotyczy głównie przeglądarki mozilla. Najpierw pojawił się pasek ff toolbar, potem jako nowa karta zaczął się otwierać fast start i nie można tego zmienić a ostatnio pojawił się dodatkowo shopperpro.

 

Moje raporty:

FRST: http://www.wklej.org/id/1792436/

addition:  http://www.wklej.org/id/1792433/

shortcut: http://www.wklej.org/id/1792432/

 

Z góry dziękuje za pomoc.

#2

Odinstaluj Shopper-Pro.Otwórz notatnik systemowy i wklej:

CustomCLSID: HKU\S-1-5-21-1465946743-85629477-4087647475-1001_Classes\CLSID\{E68D0A55-3C40-4712-B90D-DCFA93FF2534}\InprocServer32 - C:\Users\ppp\AppData\Roaming\GG\ggdrive\ggdrive-menu.dll Brak pliku
Task: {1C87711A-83D5-4CD1-BC8B-4B3D2F50F71C} - System32\Tasks\ShopperProJSUpd = C:\Program Files (x86)\ShopperPro\updater.exe [2015-08-11] (Goobzo) ==== UWAGA
Task: {2F5C589D-1521-4FD6-A74C-787CEBE7AFF3} - System32\Tasks\ShopperPro = C:\Program Files (x86)\ShopperPro\ShopperPro.exe [2015-08-11] (Goobzo LTD) ==== UWAGA
Task: {A19E95EB-5EED-4F81-B334-E93171B37F30} - System32\Tasks\SPBIW_UpdateTask_Time_333530303730313636302d7850235757324a6c412a5045 = Wscript.exe //B "C:\ProgramData\ShopperPro\spbihe.js" spbiu.exe /invoke /f:check_services /l:0 ==== UWAGA
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [SmartWeb] = C:\Users\ppp\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
ShellIconOverlayIdentifiers: [00avast] - {472083B0-C522-11CF-8763-00608CC02F24} = Brak pliku
Startup: C:\Users\ppp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-06-14]
ShortcutTarget: SmartWeb.lnk - C:\Users\ppp\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hpppts=1434307367z=35f68b69ece9032a7ab7b48gcz5ccz2c5edm9c8q7ofrom=coruid=TOSHIBAXMQ01ABD050_4356P39ZTXX4356P39ZT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hpppts=1434307367z=35f68b69ece9032a7ab7b48gcz5ccz2c5edm9c8q7ofrom=coruid=TOSHIBAXMQ01ABD050_4356P39ZTXX4356P39ZT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hpppts=1434307367z=35f68b69ece9032a7ab7b48gcz5ccz2c5edm9c8q7ofrom=coruid=TOSHIBAXMQ01ABD050_4356P39ZTXX4356P39ZT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hpppts=1434307367z=35f68b69ece9032a7ab7b48gcz5ccz2c5edm9c8q7ofrom=coruid=TOSHIBAXMQ01ABD050_4356P39ZTXX4356P39ZT
HKU\S-1-5-21-1465946743-85629477-4087647475-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=dsppts=1434307367z=35f68b69ece9032a7ab7b48gcz5ccz2c5edm9c8q7ofrom=coruid=TOSHIBAXMQ01ABD050_4356P39ZTXX4356P39ZTq={searchTerms}
HKU\S-1-5-21-1465946743-85629477-4087647475-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.istartsurf.com/?type=hpppts=1434307367z=35f68b69ece9032a7ab7b48gcz5ccz2c5edm9c8q7ofrom=coruid=TOSHIBAXMQ01ABD050_4356P39ZTXX4356P39ZT
HKU\S-1-5-21-1465946743-85629477-4087647475-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.istartsurf.com/?type=hpppts=1434307367z=35f68b69ece9032a7ab7b48gcz5ccz2c5edm9c8q7ofrom=coruid=TOSHIBAXMQ01ABD050_4356P39ZTXX4356P39ZT
HKU\S-1-5-21-1465946743-85629477-4087647475-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.istartsurf.com/web/?type=dsppts=1434307367z=35f68b69ece9032a7ab7b48gcz5ccz2c5edm9c8q7ofrom=coruid=TOSHIBAXMQ01ABD050_4356P39ZTXX4356P39ZTq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope - brak wartości
SearchScopes: HKU\S-1-5-21-1465946743-85629477-4087647475-1001 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://do-search.com/web/?utm_source=butm_medium=utm_campaign=install_ieutm_content=dsfrom=uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6Ats=1420373293type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1465946743-85629477-4087647475-1001 - {0B5F14D9-7C2A-4ED2-BF4B-59FD1716D4CD} URL = hxxp://do-search.com/web/?utm_source=butm_medium=utm_campaign=install_ieutm_content=dsfrom=uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6Ats=1420373293type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1465946743-85629477-4087647475-1001 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://do-search.com/web/?utm_source=butm_medium=utm_campaign=install_ieutm_content=dsfrom=uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6Ats=1420373293type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1465946743-85629477-4087647475-1001 - {616D11C5-78EB-4DD3-8712-F6AD6CE6B3BA} URL = hxxp://do-search.com/web/?utm_source=butm_medium=utm_campaign=install_ieutm_content=dsfrom=uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6Ats=1420373293type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-1465946743-85629477-4087647475-1001 - {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://do-search.com/web/?utm_source=butm_medium=utm_campaign=install_ieutm_content=dsfrom=uid=ST500DM002-1BC142_W2A27G6AXXXXW2A27G6Ats=1420373293type=defaultq={searchTerms}
BHO: Shopper Pro - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro64.dll [2015-08-11] (Goobzo Ltd.)
BHO-x32: GoodTab Class - {1F91A9A1-01BA-4c81-863D-3BA0751E1419} - C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-07-21] (Thinkgood Co. Limited)
BHO-x32: LuckyTab Class - {51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F} - C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-07-21] (Thinkgood Co. Limited)
BHO-x32: Shopper Pro - {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - C:\ProgramData\ShopperPro\ShopperPro.dll [2015-08-11] (Goobzo Ltd.)
BHO-x32: Filter Results - {dd4c66b8-f943-4b10-8053-7e9ee39bba4a} - C:\Program Files (x86)\Filter Results\Extensions\dd4c66b8-f943-4b10-8053-7e9ee39bba4a.dll Brak pliku
Toolbar: HKU\S-1-5-21-1465946743-85629477-4087647475-1001 - Brak nazwy - {42435041-332D-5350-00A7-7A786E7484D7} - Brak pliku
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF SearchPlugin: C:\Users\ppp\AppData\Roaming\Mozilla\Firefox\Profiles\9ojbzt32.default\searchplugins\webssearches.xml [2015-09-08]
FF Extension: Default NewTab - C:\Users\ppp\AppData\Roaming\Mozilla\Firefox\Profiles\9ojbzt32.default\Extensions\default_newtabff@gmail.com [2015-07-21]
FF Extension: Default SearchProtected - C:\Users\ppp\AppData\Roaming\Mozilla\Firefox\Profiles\9ojbzt32.default\Extensions\defsearchp@gmail.com [2015-07-21]
FF Extension: SensePlus.V2 - C:\Users\ppp\AppData\Roaming\Mozilla\Firefox\Profiles\9ojbzt32.default\Extensions\e9d197d59f2f45f382b1aa5c14d82@8706aaed9b904554b5cb7984e9.com [2015-09-08]
FF Extension: Search Enginer - C:\Users\ppp\AppData\Roaming\Mozilla\Firefox\Profiles\9ojbzt32.default\Extensions\sweetsearch@gmail.com [2015-06-14]
FF Extension: Shopper-Pro - C:\Users\ppp\AppData\Roaming\Mozilla\Firefox\Profiles\9ojbzt32.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [2015-08-18]
FF HKLM-x32\...\Firefox\Extensions: [sweetsearch@gmail.com] - C:\Users\ppp\AppData\Roaming\Mozilla\Firefox\Profiles\9ojbzt32.default\extensions\sweetsearch@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\ppp\AppData\Roaming\Mozilla\Firefox\Profiles\9ojbzt32.default\extensions\default_newtabff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\ppp\AppData\Roaming\Mozilla\Firefox\Profiles\9ojbzt32.default\extensions\defsearchp@gmail.com
R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-07-21] (XTab system)
R2 SPBIUpd; C:\Program Files\Common Files\ShopperPro\spbiu.exe [2346416 2015-08-11] (ShopperPro)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [429568 2015-07-21] (DTools LIMITED) [Brak podpisu cyfrowego] ==== UWAGA
S3 cqvuhzxl; Brak ImagePath
R3 SPBIUpdd; C:\Program Files\Common Files\ShopperPro\spbiw.sys [41632 2015-08-11] ()
R2 SPDRIVER_1.42.1.1965; C:\Program Files (x86)\ShopperPro\JSDriver\1.42.1.1965\jsdrv.sys [52384 2015-08-11] ()
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
2015-08-31 20:48 - 2015-08-31 20:48 - 00003026 _____ C:\WINDOWS\System32\Tasks\{A551FF4B-F89D-4851-B64B-117E6EA4575D}
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

pomogło :slight_smile: dziękuje :slight_smile:

#4

Skasuj folder C:\FRST.