FRST_18-03-2016_06-58-41.txt

Jak usunąć so-v.com z Firefoxa oraz Chrome? Logi z FRST.

Witam Jak wielu użytkowników internetu dopadł i mnie problem z so-v.com przy przeglądarkach FF oraz Google Chrome. W załącznikach raport FRST i Addition. Proszę o pomoc w rozwiązaniu złośliwego problemu.


Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:05-03-2016 01
Uruchomiony przez lapek (administrator) LENOVO (18-03-2016 06:57:24)
Uruchomiony z C:\Users\lapek\Downloads
Załadowane profile: lapek (Dostępne profile: lapek & Gość)
Platform: Windows 7 Enterprise (X64) Język: Polski (Polska)
Internet Explorer Wersja 8 (Domyślna przeglądarka: Chrome)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Procesy (filtrowane) =================

(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(InterVideo Inc.) C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331_STI.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Disc Soft Ltd) D:\gry\DAEMON Tools Lite\DiscSoftBusService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Rejestr (filtrowane) ===========================

(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)

HKLM\...\Run: [SynTPEnh] = & gt; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-03-26] (Synaptics Incorporated)
HKLM\...\Run: [SynLenovoGestureMgr] = & gt; C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [410896 2012-03-26] (Synaptics)
HKLM\...\Run: [AtherosBtStack] = & gt; C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1022592 2012-04-28] (Atheros Communications)
HKLM\...\Run: [AthBtTray] = & gt; C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-04-28] (Atheros Commnucations)
HKLM\...\Run: [Energy Management] = & gt; C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [8071680 2013-09-09] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] = & gt; C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [6193152 2013-09-09] (Lenovo(beijing) Limited)
HKLM\...\Run: [egui] = & gt; C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2918656 2011-01-12] (ESET)
HKLM\...\Run: [NvBackend] = & gt; C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2655520 2015-10-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] = & gt; C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] = & gt; C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-21] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] = & gt; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] = & gt; C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [331BigDog] = & gt; C:\Program Files (x86)\USB Camera\VM331_STI.EXE [548864 2011-11-24] (Vimicro)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] = & gt; C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] = & gt; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3533225206-739337566-3680877920-1000\...\Run: [DAEMON Tools Lite] = & gt; D:\gry\DAEMON Tools Lite\DTLite.exe [5585136 2015-03-31] (Disc Soft Ltd)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll = & gt; C:\Windows\System32\nvinitx.dll [177416 2015-11-02] (NVIDIA Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll = & gt; C:\Windows\System32\nvinitx.dll [177416 2015-11-02] (NVIDIA Corporation)
AppInit_DLLs: ,C:\Windows\system32\nvinitx.dll = & gt; C:\Windows\system32\nvinitx.dll [177416 2015-11-02] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll = & gt; C:\Windows\SysWOW64\nvinit.dll [155792 2015-11-02] (NVIDIA Corporation)

==================== Internet (filtrowane) ====================

(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{2E46384D-37BB-4D04-8D23-24E6AE1D95BB}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia & lt; ======= UWAGA
HKU\S-1-5-21-3533225206-739337566-3680877920-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia & lt; ======= UWAGA
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & ar=msnhome
HKU\S-1-5-21-3533225206-739337566-3680877920-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie & ar=iesearch
SearchScopes: HKLM - & gt; DefaultScope - brak wartości
SearchScopes: HKU\S-1-5-21-3533225206-739337566-3680877920-1000 - & gt; {286C72C1-CADC-46E5-BE47-7D52EFFB92F1} URL =
BHO: Windows Live ID Sign-in Helper - & gt; {9030D464-4C02-4ABF-8ECC-5164760863C6} - & gt; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - & gt; {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - & gt; C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-30] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - & gt; {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - & gt; C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-04-28] (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - & gt; {9030D464-4C02-4ABF-8ECC-5164760863C6} - & gt; C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-30] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper - & gt; {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - & gt; C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\lapek\AppData\Roaming\Mozilla\Firefox\Profiles\7f5u4e5z.default-1458252271603
FF Plugin: @adobe.com/FlashPlayer - & gt; C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - & gt; C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 - & gt; D:\VLC\npvlc.dll [2013-09-25] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - & gt; C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - & gt; C:\Windows\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - & gt; C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 - & gt; C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 - & gt; C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-30] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - & gt; C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: Adobe Reader - & gt; C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3533225206-739337566-3680877920-1000: @unity3d.com/UnityPlayer,version=1.0 - & gt; C:\Users\lapek\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-10-03] (Unity Technologies ApS)
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2013-09-09] [Brak podpisu cyfrowego]

Chrome:
=======
CHR StartupUrls: Profile 1 - & gt; " hxxp://google.pl/ "
CHR Profile: C:\Users\lapek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentacje Google) - C:\Users\lapek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-27]
CHR Extension: (Dokumenty Google) - C:\Users\lapek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-27]
CHR Extension: (Dysk Google) - C:\Users\lapek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-27]
CHR Extension: (YouTube) - C:\Users\lapek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-27]
CHR Extension: (Adblock Plus) - C:\Users\lapek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-12]
CHR Extension: (Steam inventory helper) - C:\Users\lapek\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-03-12]
CHR Extension: (Google Search) - C:\Users\lapek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-27]
CHR Extension: (Arkusze Google) - C:\Users\lapek\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-27]
CHR Extension: (Dokumenty Google offline) - C:\Users\lapek\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-27]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\lapek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-27]
CHR Extension: (Gmail) - C:\Users\lapek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-27]
CHR Profile: C:\Users\lapek\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Adblock Plus) - C:\Users\lapek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-12]
CHR Extension: (Steam inventory helper) - C:\Users\lapek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2016-03-16]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\lapek\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-12]

==================== Usługi (filtrowane) ========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [119424 2012-04-28] (Atheros Commnucations) [Brak podpisu cyfrowego]
R2 Capture Device Service; C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe [198168 2007-03-06] (InterVideo Inc.)
S2 DeskTop_F; C:\ProgramData\desktopfind\desktop173.exe [236728 2016-03-16] (DeskTopService)
R3 Disc Soft Lite Bus Service; D:\gry\DAEMON Tools Lite\DiscSoftBusService.exe [1277680 2015-03-31] (Disc Soft Ltd)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1868432 2012-12-24] ()
S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [42360 2011-01-12] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [810144 2011-01-12] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156384 2015-10-12] (NVIDIA Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-29] (Intel Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1873696 2015-10-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5568288 2015-10-12] (NVIDIA Corporation)
S2 sfrem02; C:\Windows\system32\sfrem02.exe [607352 2006-05-11] (Protection Technology (StarForce))
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
R2 ZAtheros Bt & Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros) [Brak podpisu cyfrowego]

===================== Sterowniki (filtrowane) ==========================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)

R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-04-17] (Disc Soft Ltd)
R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [170640 2010-12-21] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [141264 2010-12-21] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [125296 2010-12-21] (ESET)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-17] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [104048 2012-03-02] (Qualcomm Atheros Co., Ltd.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20768 2015-10-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R0 sfdrv02; C:\Windows\System32\drivers\sfdrv02.sys [74616 2006-09-11] (Protection Technology (StarForce))
R0 sfsync05; C:\Windows\System32\drivers\sfsync05.sys [78208 2006-08-11] (Protection Technology (StarForce))
R3 SmbDrvIntel; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27408 2012-03-26] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [952832 2011-12-06] (Vimicro Corporation)
S3 X86BDA; C:\Windows\System32\DRIVERS\OEMDrv.sys [268416 2011-06-08] ( )
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [202144 2016-03-17] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [202144 2016-03-17] (Zemana Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (filtrowane) ===================

(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)


==================== Jeden miesiąc - utworzone pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-03-18 06:54 - 2016-03-18 06:54 - 00031820 _____ C:\Users\lapek\Desktop\FRST.txt
2016-03-18 06:53 - 2016-03-18 06:57 - 00000000 ____D C:\FRST
2016-03-18 06:52 - 2016-03-18 06:52 - 02374144 _____ (Farbar) C:\Users\lapek\Downloads\FRST64.exe
2016-03-18 06:48 - 2016-03-18 06:48 - 00000000 ____H C:\ProgramData\cm-lock
2016-03-18 06:39 - 2016-03-18 06:57 - 00019581 _____ C:\Users\lapek\Downloads\FRST.txt
2016-03-18 06:39 - 2016-03-18 06:46 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-18 06:39 - 2016-03-18 06:39 - 01527296 _____ C:\Users\lapek\Downloads\adwcleaner_5.102.exe
2016-03-17 22:58 - 2016-03-17 22:58 - 00000000 _____ C:\autoexec.bat
2016-03-17 22:56 - 2016-03-17 22:56 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-03-17 22:46 - 2016-03-17 22:46 - 00033098 _____ C:\Users\lapek\Downloads\Addition.txt
2016-03-17 22:46 - 2016-03-17 22:46 - 00011928 _____ C:\Users\lapek\Downloads\AdwCleaner[C1].txt
2016-03-17 22:25 - 2016-03-17 22:25 - 00018453 _____ C:\ComboFix.txt
2016-03-17 22:15 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2016-03-17 22:15 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2016-03-17 22:15 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2016-03-17 22:15 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2016-03-17 22:15 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2016-03-17 22:15 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2016-03-17 22:15 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2016-03-17 22:15 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2016-03-17 22:13 - 2016-03-17 22:14 - 05658423 ____R (Swearware) C:\Users\lapek\Downloads\ComboFix.exe
2016-03-17 22:01 - 2016-03-18 06:47 - 00000620 _____ C:\Windows\ZAM.krnl.trace
2016-03-17 22:01 - 2016-03-18 06:47 - 00000119 _____ C:\Windows\ZAM_Guard.krnl.trace
2016-03-17 22:01 - 2016-03-17 22:01 - 00202144 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys
2016-03-17 22:01 - 2016-03-17 22:01 - 00202144 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2016-03-17 21:59 - 2016-03-17 22:01 - 05084096 _____ (Zemana Ltd.) C:\Users\lapek\Downloads\Zemana.AntiMalware.Portable.exe
2016-03-17 21:58 - 2016-03-17 21:59 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\lapek\Downloads\SpyHunter-Installer.exe
2016-03-17 21:42 - 2016-03-17 21:42 - 00000000 ____D C:\ProgramData\desktopfind
2016-03-16 18:36 - 2016-03-16 18:36 - 00000000 ____D C:\Windows\SysWOW64\1033
2016-03-16 18:35 - 2016-03-16 18:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
2016-03-16 18:31 - 2016-03-16 18:49 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 10.0
2016-03-16 18:31 - 2016-03-16 18:31 - 00000000 ____D C:\Windows\system32\1033
2016-03-16 18:31 - 2016-03-16 18:31 - 00000000 ____D C:\Windows\symbols
2016-03-16 17:36 - 2016-03-16 17:37 - 04711248 _____ (Microsoft Corporation) C:\Users\lapek\Downloads\vs_ultimateweb .exe
2016-02-27 17:26 - 2016-02-27 17:27 - 00000000 ____D C:\ProgramData\Package Cache
2016-02-25 21:20 - 2016-02-25 21:20 - 00404948 _____ C:\Users\lapek\Downloads\Wprowadzenie do C# - Czesc 1.zip
2016-02-25 20:55 - 2016-02-25 20:55 - 00000000 ____D C:\ProgramData\Microsoft Visual Studio
2016-02-25 19:46 - 2016-02-25 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
2016-02-25 19:46 - 2016-02-25 19:46 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-02-25 19:46 - 2016-02-25 19:46 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-02-25 19:45 - 2016-02-25 19:45 - 00000000 ____D C:\Program Files\Microsoft Synchronization Services
2016-02-25 19:45 - 2016-02-25 19:45 - 00000000 ____D C:\Program Files\Microsoft Sync Framework
2016-02-25 19:45 - 2016-02-25 19:45 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-02-25 19:45 - 2016-02-25 19:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2016-02-25 19:45 - 2016-02-25 19:45 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-02-25 19:40 - 2016-03-12 15:32 - 00000000 ____D C:\Program Files (x86)\IIS
2016-02-25 19:40 - 2016-02-25 19:40 - 00000000 ____D C:\Program Files\IIS
2016-02-25 19:40 - 2016-02-25 19:40 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-02-25 19:39 - 2016-02-25 19:39 - 00000000 ____D C:\Users\lapek\Documents\Visual Studio 2008
2016-02-25 19:38 - 2016-03-17 17:32 - 00000000 ____D C:\Users\lapek\Documents\Visual Studio 2010
2016-02-25 19:26 - 2016-03-16 18:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 10.0
2016-02-25 19:26 - 2016-03-12 15:32 - 00000000 ____D C:\Program Files (x86)\Microsoft F#
2016-02-25 19:24 - 2016-03-16 18:31 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2016-02-25 19:24 - 2016-02-25 19:46 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-02-25 19:24 - 2016-02-25 19:24 - 00000000 ____D C:\Program Files\Microsoft Help Viewer

==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========

(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)

2016-03-18 06:54 - 2013-09-11 18:24 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-03-18 06:48 - 2014-08-15 15:23 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-18 06:47 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-18 06:46 - 2009-07-14 05:45 - 00009792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-18 06:46 - 2009-07-14 05:45 - 00009792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-17 23:19 - 2014-08-15 15:23 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-17 23:06 - 2013-09-23 16:52 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-17 22:58 - 2013-09-09 08:14 - 00001233 _____ C:\Users\lapek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-03-17 22:57 - 2013-09-09 08:13 - 00000000 ____D C:\Users\lapek
2016-03-17 22:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-03-17 22:25 - 2014-06-10 20:16 - 00000000 ____D C:\Qoobox
2016-03-17 22:23 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2016-03-17 22:08 - 2014-06-27 16:24 - 00000266 __RSH C:\Users\lapek\ntuser.pol
2016-03-17 21:50 - 2015-12-27 21:59 - 00000000 ____D C:\Users\lapek\AppData\Roaming\uTorrent
2016-03-17 21:50 - 2013-09-23 16:54 - 00000000 ____D C:\Users\lapek\AppData\Roaming\DAEMON Tools Lite
2016-03-17 21:42 - 2014-05-24 14:58 - 00002347 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-17 21:42 - 2014-05-24 14:58 - 00002335 _____ C:\Users\lapek\Desktop\Google Chrome.lnk
2016-03-17 21:42 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-03-16 18:53 - 2009-07-14 13:43 - 00737480 _____ C:\Windows\system32\perfh015.dat
2016-03-16 18:53 - 2009-07-14 13:43 - 00154136 _____ C:\Windows\system32\perfc015.dat
2016-03-16 18:53 - 2009-07-14 06:13 - 01661232 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-16 18:31 - 2009-07-14 04:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-16 18:23 - 2016-01-07 22:46 - 00000000 ____D C:\Users\lapek\Desktop\Nowy folder
2016-03-12 15:54 - 2013-09-11 18:24 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-03-12 15:54 - 2013-09-11 18:24 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-12 15:54 - 2013-09-11 18:24 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-03-12 15:43 - 2015-08-05 17:06 - 00003350 _____ C:\Windows\System32\Tasks\ESET Windows 10 upgrade - Refresh settings
2016-03-12 15:32 - 2015-12-20 20:47 - 00000000 ____D C:\Users\lapek\AppData\Roaming\Winamp
2016-03-12 15:32 - 2014-08-18 21:28 - 00000000 ____D C:\ProgramData\Origin
2016-03-12 15:32 - 2014-07-31 18:23 - 00000000 ____D C:\Users\Gość
2016-03-12 15:32 - 2013-10-30 19:40 - 00000000 ____D C:\Users\lapek\AppData\Roaming\vlc
2016-03-12 15:32 - 2013-09-26 21:01 - 00000000 ____D C:\Users\lapek\AppData\LocalLow\COMODO
2016-03-12 15:32 - 2013-09-11 18:24 - 00000000 ____D C:\Windows\system32\Macromed
2016-03-12 15:32 - 2013-09-09 10:02 - 00000000 ____D C:\Users\lapek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-03-12 15:32 - 2013-09-09 09:46 - 00000000 ____D C:\ProgramData\Atheros
2016-03-12 15:32 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-03-12 15:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat
2016-03-12 15:31 - 2009-07-14 13:59 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-12 15:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2016-03-12 15:30 - 2014-03-27 15:31 - 00000000 ____D C:\Users\lapek\AppData\Roaming\Skype
2016-03-12 15:30 - 2013-09-09 10:15 - 00000000 ___RD C:\MSOCache
2016-03-12 15:30 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-02-27 17:28 - 2014-08-18 21:30 - 00000000 ____D C:\Users\lapek\AppData\Roaming\Origin
2016-02-22 18:20 - 2016-02-11 18:23 - 00000000 ____D C:\Users\lapek\Desktop\ZiIP
2016-02-17 18:54 - 2014-03-27 15:31 - 00000000 ____D C:\ProgramData\Skype

==================== Pliki w katalogu głównym wybranych folderów =======

2013-09-23 09:23 - 2013-10-22 14:46 - 0000145 _____ () C:\Users\lapek\AppData\Roaming\default.rss
2015-08-16 18:28 - 2015-08-16 18:28 - 0000872 _____ () C:\Users\lapek\AppData\Local\recently-used.xbel
2016-03-18 06:48 - 2016-03-18 06:48 - 0000000 ____H () C:\ProgramData\cm-lock

==================== Bamital & volsnap =================

(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)

C:\Windows\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\User32.dll
[2009-07-14 00:38] - [2009-07-14 02:41] - 1008640 ____A (Microsoft Corporation) E573BD9AB55C8E333C202B9E255F972E

C:\Windows\SysWOW64\User32.dll
[2013-09-09 08:17] - [2013-09-09 08:17] - 0833024 ____A (Microsoft Corporation) 2C9CC9F492CA596B1B9FC1AE5E916356

C:\Windows\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo


LastRegBack: 2016-03-11 16:05

==================== Koniec FRST.txt ============================


Pobierz plik - link do postu