Surfvox problem

Dla specjalistów Bezpieczeństwo
#1

Witam, 

Wklejam logi z FRST, proszę o pomoc.

 

 

Addition_20-04-2015_18-57-16.txt

FRST_20-04-2015_18-57-16.txt

#2

Otwórz notatnik systemowy i wklej:

Task: {1CD7A570-F8AA-4D9E-ABD2-014D3869C819} - System32\Tasks\Steam-S-1-8-22-9865GUI = C:\Users\Tomasz\AppData\Roaming\AVAST Software\Reversed\steam.exe [2015-02-08] () ==== ATTENTION
HKU\S-1-5-21-282911105-3059753547-309559207-1002\Software\Classes\.exe: exefile = ===== ATTENTION!
HKU\S-1-5-21-282911105-3059753547-309559207-1002\Software\Classes\exefile: ===== ATTENTION!
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-282911105-3059753547-309559207-1002\...\Run: [nvxasync] = C:\Users\Tomasz\AppData\Roaming\nvxasync\nvxasync.exe [153822720 2015-04-20] ()
HKU\S-1-5-21-282911105-3059753547-309559207-1002\...\Winlogon: [Shell] C:\ProgramData\nvxasync\cvxasync.exe [153822720 2015-04-20] () ==== ATTENTION
Startup: C:\Users\Tomasz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCRN_Autoupdater.exe.lnk [2014-12-13]
ShortcutTarget: RCRN_Autoupdater.exe.lnk - C:\Bethesda\The Elder Scrolls V Skyrim LE\RCRN\Autoupdater\RCRN_Autoupdater.exe (No File)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKU\S-1-5-21-282911105-3059753547-309559207-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction ======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hpppts=1423151383from=coruid=HGSTXHTS721010A9E630_JR10006P0UGK5E0UGK5EX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.key-find.com/?type=hpppts=1423151383from=coruid=HGSTXHTS721010A9E630_JR10006P0UGK5E0UGK5EX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=dsts=1423151375from=coruid=HGSTXHTS721010A9E630_JR10006P0UGK5E0UGK5EXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=dsts=1423151375from=coruid=HGSTXHTS721010A9E630_JR10006P0UGK5E0UGK5EXq={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hpppts=1423151383from=coruid=HGSTXHTS721010A9E630_JR10006P0UGK5E0UGK5EX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hpppts=1423151383from=coruid=HGSTXHTS721010A9E630_JR10006P0UGK5E0UGK5EX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=dsts=1423151375from=coruid=HGSTXHTS721010A9E630_JR10006P0UGK5E0UGK5EXq={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=dsts=1423151375from=coruid=HGSTXHTS721010A9E630_JR10006P0UGK5E0UGK5EXq={searchTerms}
HKU\S-1-5-21-282911105-3059753547-309559207-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.key-find.com/web/?type=dsppts=1423151383from=coruid=HGSTXHTS721010A9E630_JR10006P0UGK5E0UGK5EXq={searchTerms}
HKU\S-1-5-21-282911105-3059753547-309559207-1002\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.surfvox.com/
HKU\S-1-5-21-282911105-3059753547-309559207-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp
HKU\S-1-5-21-282911105-3059753547-309559207-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.key-find.com/?type=hpppts=1423151383from=coruid=HGSTXHTS721010A9E630_JR10006P0UGK5E0UGK5EX
HKU\S-1-5-21-282911105-3059753547-309559207-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.key-find.com/web/?type=dsppts=1423151383from=coruid=HGSTXHTS721010A9E630_JR10006P0UGK5E0UGK5EXq={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=dsppts=1423151383from=coruid=HGSTXHTS721010A9E630_JR10006P0UGK5E0UGK5EXq={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?type=dsppts=1423151383from=coruid=HGSTXHTS721010A9E630_JR10006P0UGK5E0UGK5EXq={searchTerms}
SearchScopes: HKU\S-1-5-21-282911105-3059753547-309559207-1002 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=HGSTXHTS721010A9E630_JR10006P0UGK5E0UGK5EXts=1423151398type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-282911105-3059753547-309559207-1002 - {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=HGSTXHTS721010A9E630_JR10006P0UGK5E0UGK5EXts=1423151398type=defaultq={searchTerms}
SearchScopes: HKU\S-1-5-21-282911105-3059753547-309559207-1002 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.key-find.com/web/?utm_source=butm_medium=corutm_campaign=install_ieutm_content=dsfrom=coruid=HGSTXHTS721010A9E630_JR10006P0UGK5E0UGK5EXts=1423151398type=defaultq={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-12-01] (AVAST Software)
FF Extension: No Name - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-01]
S2 sbapifs; system32\DRIVERS\sbapifs.sys [X]
S3 WINIO; \\C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [X]
2015-04-20 18:54 - 2015-04-20 18:54 - 00000000 ____ D () C:\AdwCleaner
2015-04-20 17:28 - 2015-04-20 17:29 - 00000000 _RSHD () C:\Users\Tomasz\AppData\Roaming\nvxasync
2015-04-20 17:28 - 2015-04-20 17:28 - 00000000 _RSHD () C:\ProgramData\nvxasync
2015-04-20 17:28 - 2015-04-20 17:28 - 00000000 ____ D () C:\Users\Tomasz\AppData\Roaming\chportu
2015-04-20 18:13 - 2015-02-05 17:49 - 00000000 ____ D () C:\Program Files (x86)\XTab
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze.

#3

Dzięki wielkie;> Objawy zniknęły. Usuwam folder c:/FRST i temat uważam do zamknięcia.