ADVERTISEMENT

FRST.txt

Jak usunąć Greenerweb z komputera bez antywirusa?

Niestety reklamy nadal atakują .


Download file - link to post

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-07-2014
Ran by Ire (administrator) on IRE-KOMPUTER on 24-07-2014 01:28:59
Running from C:\Users\Ire\Desktop\Logi
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polski (Polska)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Realtek Semiconductor Corp.) C:\Windows\SOUNDMAN.EXE
(AdTrustMedia) C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedadssvc.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\CisTray.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cavwp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(COMODO) C:\Program Files\Comodo\COMODO Internet Security\cis.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-19\...\RunOnce: [mctadmin] = & gt; C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [mctadmin] = & gt; C:\Windows\System32\mctadmin.exe [93696 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-974650018-1930121724-3920377337-1000\...\MountPoints2: {b3558b2e-fa1e-11e3-9297-00161774b542} - G:\iLinker.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=180 & d=20140615
URLSearchHook: HKLM - Default Value = {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM - DefaultScope value is missing.
BHO: PrivDog Extension - & gt; {FB16E5C3-A9E2-47A2-8EFC-319E775E62CC} - & gt; C:\Program Files\AdTrustMedia\PrivDog\2.2.0.14\trustedads.dll (AdTrustMedia)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 62.179.1.62 62.179.1.63

FireFox:
========
FF ProfilePath: C:\Users\Ire\AppData\Roaming\Mozilla\Firefox\Profiles\3u8guxqw.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: PrivDog - C:\Users\Ire\AppData\Roaming\Mozilla\Firefox\Profiles\3u8guxqw.default\Extensions\PrivDog@AdTrustMedia.com.xpi [2014-07-23]
FF HKCU\...\Firefox\Extensions: [PrivDog@AdTrustMedia.com] - C:\Users\Ire\AppData\Roaming\Mozilla\Firefox\Profiles\3u8guxqw.default\extensions

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5306504 2014-04-16] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-19] (Realtek Semiconductor Corp.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-04-16] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607168 2014-04-16] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43728 2014-04-16] (COMODO)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. )
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-04-16] (COMODO)
R3 VIAudio; C:\Windows\System32\drivers\ac97via.sys [68096 2008-01-19] (VIA Technologies, Inc.)
S1 {a3f28269-ad17-41a8-b032-3e0313ef8979}w; system32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 00:39 - 2014-07-24 00:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-24 00:39 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-24 00:39 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-24 00:38 - 2014-07-24 00:41 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-07-24 00:38 - 2014-07-24 00:39 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-24 00:38 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-24 00:23 - 2014-07-24 01:24 - 00000000 ____D () C:\AdwCleaner
2014-07-24 00:14 - 2014-07-24 00:14 - 00138384 _____ () C:\Windows\Minidump\072414-29453-01.dmp
2014-07-24 00:14 - 2014-07-24 00:14 - 00000000 ____D () C:\Windows\Minidump
2014-07-23 23:08 - 2014-07-24 00:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-23 23:07 - 2014-07-24 01:29 - 00000000 ____D () C:\FRST
2014-07-23 23:06 - 2014-07-24 00:39 - 00000000 ____D () C:\Users\Ire\AppData\Roaming\Malwarebytes
2014-07-23 23:06 - 2014-07-24 00:39 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-23 23:06 - 2014-07-23 23:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 22:48 - 2014-07-24 01:28 - 00000000 ____D () C:\Users\Ire\Desktop\Logi
2014-07-23 21:57 - 2014-07-23 21:57 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2014-07-23 21:57 - 2014-07-23 21:57 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2014-07-23 21:57 - 2014-07-23 21:57 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2014-07-23 21:57 - 2014-07-23 21:57 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-23 21:57 - 2014-07-23 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-23 21:57 - 2014-07-23 21:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-23 21:55 - 2014-07-23 21:56 - 04812672 _____ (Piriform Ltd) C:\Users\Ire\Downloads\ccsetup415(1).exe
2014-07-23 21:55 - 2014-07-23 21:55 - 04812672 _____ (Piriform Ltd) C:\Users\Ire\Downloads\ccsetup415.exe
2014-07-23 21:53 - 2014-07-24 00:59 - 00297344 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-07-23 21:53 - 2014-07-23 21:53 - 00001888 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2014-07-23 21:52 - 2014-07-23 21:52 - 00000000 ____D () C:\Users\Ire\AppData\Local\AdTrustMedia
2014-07-23 21:51 - 2014-07-23 21:53 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-07-23 21:49 - 2014-07-24 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-07-23 21:49 - 2014-07-23 21:49 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-07-23 21:49 - 2014-07-23 21:49 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-07-23 21:48 - 2014-07-23 21:58 - 00000000 ____D () C:\Program Files\Comodo
2014-07-23 21:48 - 2014-07-23 21:48 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-07-23 21:47 - 2014-07-23 21:53 - 00000000 ____D () C:\ProgramData\Comodo
2014-07-23 21:45 - 2014-07-23 21:47 - 230403216 _____ (COMODO) C:\Users\Ire\Downloads\cispremium_installer_6100_08.exe
2014-07-23 21:26 - 2014-07-23 21:27 - 00000000 ____D () C:\Users\Ire\.smplayer
2014-07-23 21:23 - 2014-07-23 21:23 - 00000363 _____ () C:\Users\Ire\Desktop\Komputer — skrót.lnk
2014-07-15 16:13 - 2014-07-15 16:13 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-15 16:13 - 2014-07-15 16:13 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-15 16:13 - 2014-07-15 16:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-15 16:06 - 2014-07-15 16:06 - 00000000 ____D () C:\Program Files\Realtek AC97
2014-07-15 16:05 - 2014-07-15 16:05 - 00000000 ____D () C:\Users\Ire\Downloads\6305_Vista_Win7_PG537
2014-07-15 16:04 - 2014-07-15 16:04 - 31126033 _____ () C:\Users\Ire\Downloads\6305_Vista_Win7_PG537.zip
2014-07-15 15:51 - 2014-07-15 15:51 - 00200704 _____ (Top Market Search Ltd.) C:\Windows\system32\tms.dll
2014-07-15 15:51 - 2014-07-15 15:51 - 00000034 _____ () C:\Windows\clientid.cfg
2014-07-12 14:39 - 2014-07-24 01:25 - 00000342 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job
2014-07-11 09:15 - 2014-07-11 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-11 09:15 - 2014-07-11 09:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-06 10:50 - 2014-07-06 10:52 - 00000000 ____D () C:\Users\Ire\Desktop\Zdzisław zdjęcia

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 01:29 - 2014-07-23 23:07 - 00000000 ____D () C:\FRST
2014-07-24 01:29 - 2014-06-14 13:39 - 00572672 _____ () C:\Windows\WindowsUpdate.log
2014-07-24 01:28 - 2014-07-23 22:48 - 00000000 ____D () C:\Users\Ire\Desktop\Logi
2014-07-24 01:25 - 2014-07-12 14:39 - 00000342 _____ () C:\Windows\Tasks\DriverToolkit Autorun.job
2014-07-24 01:25 - 2010-11-20 23:48 - 00011960 _____ () C:\Windows\PFRO.log
2014-07-24 01:25 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-24 01:25 - 2009-07-14 06:39 - 00036359 _____ () C:\Windows\setupact.log
2014-07-24 01:24 - 2014-07-24 00:23 - 00000000 ____D () C:\AdwCleaner
2014-07-24 01:24 - 2011-04-12 07:08 - 00687590 _____ () C:\Windows\system32\perfh015.dat
2014-07-24 01:24 - 2011-04-12 07:08 - 00131176 _____ () C:\Windows\system32\perfc015.dat
2014-07-24 01:24 - 2010-11-20 23:01 - 01523412 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-24 01:24 - 2009-07-14 06:34 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-24 01:24 - 2009-07-14 06:34 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-24 01:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-07-24 01:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-07-24 01:11 - 2014-06-20 11:09 - 00000000 ____D () C:\Users\Ire\AppData\Local\Adobe
2014-07-24 01:09 - 2014-06-15 12:40 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-24 00:59 - 2014-07-23 21:53 - 00297344 _____ () C:\Windows\system32\Drivers\sfi.dat
2014-07-24 00:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-07-24 00:54 - 2014-07-23 21:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2014-07-24 00:41 - 2014-07-24 00:38 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2014-07-24 00:39 - 2014-07-24 00:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-24 00:39 - 2014-07-24 00:38 - 00001060 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-24 00:39 - 2014-07-23 23:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-24 00:39 - 2014-07-23 23:06 - 00000000 ____D () C:\Users\Ire\AppData\Roaming\Malwarebytes
2014-07-24 00:39 - 2014-07-23 23:06 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-07-24 00:14 - 2014-07-24 00:14 - 00138384 _____ () C:\Windows\Minidump\072414-29453-01.dmp
2014-07-24 00:14 - 2014-07-24 00:14 - 00000000 ____D () C:\Windows\Minidump
2014-07-24 00:14 - 2014-06-14 13:43 - 00000000 ____D () C:\Users\Ire
2014-07-23 23:08 - 2014-07-23 23:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-23 22:29 - 2014-06-14 14:35 - 00000000 ____D () C:\Windows\Panther
2014-07-23 21:58 - 2014-07-23 21:48 - 00000000 ____D () C:\Program Files\Comodo
2014-07-23 21:57 - 2014-07-23 21:57 - 01700352 _____ (Microsoft Corporation) C:\Windows\system32\gdiplus.dll
2014-07-23 21:57 - 2014-07-23 21:57 - 01060864 _____ (Microsoft Corporation) C:\Windows\system32\mfc71.dll
2014-07-23 21:57 - 2014-07-23 21:57 - 00348160 _____ (Microsoft Corporation) C:\Windows\system32\msvcr71.dll
2014-07-23 21:57 - 2014-07-23 21:57 - 00000965 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-23 21:57 - 2014-07-23 21:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-23 21:57 - 2014-07-23 21:57 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-23 21:56 - 2014-07-23 21:55 - 04812672 _____ (Piriform Ltd) C:\Users\Ire\Downloads\ccsetup415(1).exe
2014-07-23 21:55 - 2014-07-23 21:55 - 04812672 _____ (Piriform Ltd) C:\Users\Ire\Downloads\ccsetup415.exe
2014-07-23 21:53 - 2014-07-23 21:53 - 00001888 _____ () C:\Users\Public\Desktop\COMODO Internet Security.lnk
2014-07-23 21:53 - 2014-07-23 21:51 - 00000000 ___SD () C:\ProgramData\Shared Space
2014-07-23 21:53 - 2014-07-23 21:47 - 00000000 ____D () C:\ProgramData\Comodo
2014-07-23 21:52 - 2014-07-23 21:52 - 00000000 ____D () C:\Users\Ire\AppData\Local\AdTrustMedia
2014-07-23 21:49 - 2014-07-23 21:49 - 00000000 ____D () C:\ProgramData\Adtrustmedia
2014-07-23 21:49 - 2014-07-23 21:49 - 00000000 ____D () C:\Program Files\AdTrustMedia
2014-07-23 21:48 - 2014-07-23 21:48 - 00000000 ____D () C:\ProgramData\Comodo Downloader
2014-07-23 21:47 - 2014-07-23 21:45 - 230403216 _____ (COMODO) C:\Users\Ire\Downloads\cispremium_installer_6100_08.exe
2014-07-23 21:34 - 2009-07-14 04:04 - 00000505 _____ () C:\Windows\win.ini
2014-07-23 21:27 - 2014-07-23 21:26 - 00000000 ____D () C:\Users\Ire\.smplayer
2014-07-23 21:23 - 2014-07-23 21:23 - 00000363 _____ () C:\Users\Ire\Desktop\Komputer — skrót.lnk
2014-07-15 16:13 - 2014-07-15 16:13 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-15 16:13 - 2014-07-15 16:13 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-15 16:13 - 2014-07-15 16:13 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-15 16:13 - 2014-06-14 13:50 - 00000000 ____D () C:\Users\Ire\AppData\Roaming\Mozilla
2014-07-15 16:13 - 2014-06-14 13:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-15 16:06 - 2014-07-15 16:06 - 00000000 ____D () C:\Program Files\Realtek AC97
2014-07-15 16:05 - 2014-07-15 16:05 - 00000000 ____D () C:\Users\Ire\Downloads\6305_Vista_Win7_PG537
2014-07-15 16:05 - 2014-06-20 15:52 - 00319488 _____ (Realtek Semiconductor Corp.) C:\Windows\HideWin.exe
2014-07-15 16:04 - 2014-07-15 16:04 - 31126033 _____ () C:\Users\Ire\Downloads\6305_Vista_Win7_PG537.zip
2014-07-15 15:55 - 2014-06-20 15:21 - 00000000 ____D () C:\Program Files\DriverToolkit
2014-07-15 15:51 - 2014-07-15 15:51 - 00200704 _____ (Top Market Search Ltd.) C:\Windows\system32\tms.dll
2014-07-15 15:51 - 2014-07-15 15:51 - 00000034 _____ () C:\Windows\clientid.cfg
2014-07-11 09:15 - 2014-07-11 09:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-11 09:15 - 2014-07-11 09:15 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-09 12:09 - 2014-06-15 12:40 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-09 12:09 - 2014-06-15 12:40 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-06 10:52 - 2014-07-06 10:50 - 00000000 ____D () C:\Users\Ire\Desktop\Zdzisław zdjęcia
2014-07-03 13:30 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache

Some content of TEMP:
====================
C:\Users\Ire\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Ire\AppData\Local\Temp\Quarantine.exe
C:\Users\Ire\AppData\Local\Temp\SimBundD.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe = & gt; File is digitally signed
C:\Windows\system32\winlogon.exe = & gt; File is digitally signed
C:\Windows\system32\wininit.exe = & gt; File is digitally signed
C:\Windows\system32\svchost.exe = & gt; File is digitally signed
C:\Windows\system32\services.exe = & gt; File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-20 23:29] - [2010-11-20 23:29] - 0811520 ____A (Microsoft Corporation) 8626F0C30D4E3564FFDD25C90F4426F1

C:\Windows\system32\userinit.exe = & gt; File is digitally signed
C:\Windows\system32\rpcss.dll = & gt; File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys = & gt; File is digitally signed


LastRegBack: 2014-07-09 08:55

==================== End Of Log ============================