Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja:09-12-2015 Uruchomiony przez Aras (administrator) AREK (10-12-2015 12:44:46) Uruchomiony z G:\Instalki\Malwarebytes Załadowane profile: Aras (Dostępne profile: Aras) Platform: Microsoft Windows XP Professional Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: IE) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Lavasoft) C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) C:\WINDOWS\mixer.exe (Cyberlink Corp.) C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe (BitLeader) C:\Program Files\lg_fwupdate\fwupdate.exe (Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\Program Files\Winamp\winampa.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Nokia) C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe () C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe (Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe (Nokia) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe (Nokia) C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [C-Media Mixer] => Mixer.exe /startup HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [32768 2003-12-08] (Cyberlink Corp.) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [nwiz] => nwiz.exe /install HKLM\...\Run: [LGODDFU] => C:\Program Files\lg_fwupdate\fwupdate.exe [557056 2009-11-20] (BitLeader) HKLM\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation) HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit HKLM\...\Run: [Logitech Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\WINDOWS\KHALMNPR.EXE [76304 2008-02-29] (Logitech, Inc.) HKLM\...\Run: [AdobeCS4ServiceManager] => C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated) HKLM\...\Run: [Cmaudio] => RunDll32 cmicnfg.cpl,CMICtrlWnd HKLM\...\Run: [WinampAgent] => C:\Program Files\Winamp\winampa.exe [36352 2008-08-04] () HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation) HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-04] () HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation) HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-07] (AVAST Software) Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2005-05-04] (ATI Technologies Inc.) Winlogon\Notify\LBTWlgn: c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2008-05-02] (Logitech, Inc.) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\Run: [PowerBar] => [X] HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\Run: [PC Suite Tray] => C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4811032 2014-09-26] (Piriform Ltd) HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\Policies\system: [HideLegacyLogonScripts] 0 HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\Policies\system: [HideLogoffScripts] 0 HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\Policies\system: [RunLogonScriptSync] 1 HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\Policies\system: [RunStartupScriptSync] 1 HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\Policies\system: [HideStartupScripts] 0 HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {2214d2f6-4a11-11df-b601-0019666a328e} - I:\LaunchU3.exe -a HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {271a88cc-89e0-11e4-bd46-0080ad068748} - I:\iLinker.exe HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {2f63e436-e921-11e1-b92f-0019666a328e} - I:\AutoRun.exe HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {3e753740-e39f-11e1-b929-0019666a328e} - J:\LaunchU3.exe -a HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {40f36e60-3b7a-11dd-b300-0080ad068748} - I:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {4322f870-a4be-11dc-b1e7-0080ad068748} - I:\32e2.com HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {485a7082-3c6e-11e1-b822-0019666a328e} - I:\LaunchU3.exe -a HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {6b7ae152-51b5-11de-b4ba-0019666a328e} - J:\WDSetup.exe HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {70c0c640-5900-11db-be3b-0080ad068748} - I:\22wcb21o.exe HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {7625356a-8bc8-11e2-ba61-0019666a328e} - I:\DTVaultPrivacy.exe HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {7f6bbb30-8a09-11db-be8f-0080ad068748} - n1deiect.com HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {8bb321a0-12b2-11dd-b2b4-0080ad068748} - I:\8ti.exe HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {97c4ac0c-ffeb-11dc-b291-0080ad068748} - I:\n1deiect.com HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {9942fbbe-e6e4-11dd-b425-0019666a328e} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\m.exe /s HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {b9382afe-1932-11de-b46f-0019666a328e} - J:\minm.cmd HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {c2186b00-32e2-11dd-b2f3-0080ad068748} - setup.exe HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {c55f3494-fafa-11de-b59f-0019666a328e} - J:\LaunchU3.exe -a HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {daea28a9-d21b-11e0-b7b3-0019666a328e} - I:\AutoRun.exe HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {dcedb1b0-1492-11df-b5b6-0019666a328e} - J:\ArcaVir2009USBMenu.exe HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {de984154-7c35-11de-b4f8-0019666a328e} - I:\ymxf2.exe HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {de984155-7c35-11de-b4f8-0019666a328e} - I:\u0riu2.exe HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {e7a81f22-7a57-11dd-b37e-0019666a328e} - I:\LaunchU3.exe -a HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {ecb300d0-70d6-11dc-b19e-0080ad068748} - EXPLORER.EXE HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\...\MountPoints2: {f5693972-7fac-11e0-b752-0019666a328e} - 2nuk.com HKU\S-1-5-18\...\RunOnce: [tscuninstall] => C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2014-10-07] (AVAST Software) Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\forteManager.lnk [2008-12-23] ShortcutTarget: forteManager.lnk -> C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe () Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\Logitech SetPoint.lnk [2009-01-06] ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) BootExecute: autocheck autochk * lsdelete GroupPolicy: Ograniczenia - Chrome <======= UWAGA CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{5E5C8D7D-B551-4B55-8B5C-B78C5ED99380}: [DhcpNameServer] 194.204.152.34 192.168.5.1 Tcpip\..\Interfaces\{CAA233E1-833D-4AB8-9226-7C56D024AB30}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Ograniczenia <======= UWAGA HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Strona wyszukiwania = hxxp://www.msn.com/access/allinone.asp HKU\S-1-5-21-1390067357-1677128483-1060284298-1003\Software\Microsoft\Internet Explorer\Main,Strona początkowa = hxxp://www.microsoft.com/msoffice/ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "www.google.com" <======= UWAGA SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1390067357-1677128483-1060284298-1003 -> DefaultScope {A5873ABA-D02B-4C00-8445-D6A71809E596} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1390067357-1677128483-1060284298-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1390067357-1677128483-1060284298-1003 -> {A5873ABA-D02B-4C00-8445-D6A71809E596} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1390067357-1677128483-1060284298-1003 -> {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2013-05-08] (Adobe Systems Incorporated) BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated) BHO: Brak nazwy -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> Brak pliku BHO: Brak nazwy -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> Brak pliku DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-12-09] () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [Brak pliku] FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-08] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-08] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-02] [Brak podpisu cyfrowego] FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10] Chrome: ======= CHR Profile: C:\Documents and Settings\Aras\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Documents and Settings\Aras\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31] CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-07] ==================== Usługi (filtrowane) ======================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R2 aawservice; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [607576 2008-03-31] (Lavasoft) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-07] (AVAST Software) S3 LBTServ; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [121360 2008-05-02] (Logitech, Inc.) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) S4 HWDeviceService.exe; C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe -/service [X] ===================== Sterowniki (filtrowane) ========================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R1 ASPI32; C:\WINDOWS\system32\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec) R2 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [24184 2014-10-07] () R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-10-07] (AVAST Software) R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [55112 2014-10-07] (AVAST Software) R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-10-07] () R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [779536 2014-11-25] (AVAST Software) R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [414520 2014-10-07] (AVAST Software) R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57800 2014-10-07] (AVAST Software) R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [192352 2014-10-07] () S3 cmpci; C:\WINDOWS\System32\drivers\cmaudio.sys [370382 2002-01-29] (C-Media Inc) [Brak podpisu cyfrowego] S3 cmuda; C:\WINDOWS\System32\drivers\cmuda.sys [1332544 2005-05-12] (C-Media Inc) R3 ctljystk; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.) R3 DM9102; C:\WINDOWS\System32\DRIVERS\DM9PCI5.SYS [29696 2001-08-17] (CNet Technology, Inc. ) S3 eyeonedp; C:\WINDOWS\System32\DRIVERS\eyeonedp.sys [44344 2003-11-27] () [Brak podpisu cyfrowego] R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2008-04-13] (Microsoft Corporation) R0 giveio; C:\WINDOWS\System32\giveio.sys [5248 1996-04-03] () [Brak podpisu cyfrowego] R3 ha10kx2k; C:\WINDOWS\System32\drivers\ha10kx2k.sys [823456 2003-08-28] (Creative Technology Ltd) R2 HPFECP06; C:\WINDOWS\System32\drivers\HPFECP06.SYS [38176 2006-05-01] () [Brak podpisu cyfrowego] R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation) R3 LGDDCDevice; C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2007-12-24] () [Brak podpisu cyfrowego] S3 LUsbFilt; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [28944 2008-02-29] (Logitech, Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes) R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation) S3 RTL8023xp; C:\WINDOWS\System32\DRIVERS\Rtlnicxp.sys [74496 2005-03-04] (Realtek Semiconductor Corporation ) S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation) R0 speedfan; C:\WINDOWS\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider) [Brak podpisu cyfrowego] R0 ViaIde; C:\WINDOWS\System32\DRIVERS\viaidexp.sys [6144 2001-10-18] (VIA Technologies, Inc.) R1 VIAPFD; C:\WINDOWS\System32\Drivers\VIAPFD.SYS [3279 2001-12-18] (VIA Technologies. Inc.) [Brak podpisu cyfrowego] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S4 LGII2CDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S2 WIBUKEY; Brak ImagePath U3 Winsock - Google Desktop Search Backup Before First Install; Brak ImagePath U3 Winsock - Google Desktop Search Backup Before Last Install; Brak ImagePath U1 WS2IFSL; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-09 13:30 - 2015-12-10 12:44 - 00000000 ____D C:\FRST 2015-12-09 12:12 - 2015-12-10 12:36 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-12-08 22:33 - 2015-12-09 01:34 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-12-08 22:32 - 2015-12-08 22:32 - 00000783 _____ C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk 2015-12-08 22:32 - 2015-12-08 22:32 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware 2015-12-08 22:32 - 2015-12-08 22:32 - 00000000 ____D C:\Documents and Settings\All Users\Dane aplikacji\Malwarebytes 2015-12-08 22:32 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-12-08 22:32 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2015-12-07 14:41 - 2015-12-08 18:37 - 00000000 ____D C:\Documents and Settings\2015\2015-08-21 2015-12-01 09:26 - 2015-12-10 00:10 - 00003888 _____ C:\WINDOWS\system32\BMXCtrlState-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx 2015-12-01 09:26 - 2015-12-10 00:10 - 00003888 _____ C:\WINDOWS\system32\BMXBkpCtrlState-{00000002-00000000-00000001-00001102-00000002-100A1102}.rfx ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2015-12-10 12:46 - 2006-05-29 16:44 - 00000000 ____D C:\Documents and Settings\Aras\Ustawienia lokalne\Temp 2015-12-10 12:31 - 2015-09-18 15:17 - 00001036 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-12-10 12:08 - 2006-05-30 09:22 - 00000439 _____ C:\WINDOWS\TextSpy.ini 2015-12-10 12:01 - 2015-09-08 13:30 - 00000420 _____ C:\WINDOWS\Tasks\Pool Browser.job 2015-12-10 11:42 - 2012-07-05 13:07 - 00000364 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job 2015-12-10 11:35 - 2006-05-29 18:12 - 00000000 ____D C:\WINDOWS 2015-12-10 11:34 - 2015-10-02 11:29 - 00032326 _____ C:\WINDOWS\SchedLgU.Txt 2015-12-10 11:34 - 2012-07-12 13:47 - 00000460 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{FAB2E629-0A6F-4DA8-8D6A-1395BA039174}.job 2015-12-10 11:31 - 2007-04-21 10:49 - 00000391 _____ C:\WINDOWS\lgfwup.ini 2015-12-10 11:31 - 2007-04-21 10:49 - 00000000 ____D C:\Program Files\lg_fwupdate 2015-12-10 11:30 - 2006-07-20 09:31 - 00063804 _____ C:\WINDOWS\system32\nvapps.xml 2015-12-10 11:29 - 2015-09-18 15:17 - 00001032 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-12-10 11:29 - 2006-05-29 16:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2015-12-10 11:29 - 2004-08-04 13:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2015-12-10 00:09 - 2006-05-29 16:44 - 00000188 ___SH C:\Documents and Settings\Aras\ntuser.ini 2015-12-09 22:31 - 2006-05-29 16:44 - 00000000 ___HD C:\Documents and Settings\Aras\Ustawienia lokalne\Dane aplikacji 2015-12-09 13:14 - 2006-05-29 16:44 - 00000000 ____D C:\Documents and Settings\Aras 2015-12-09 12:18 - 2006-05-29 17:25 - 00000000 __SHD C:\Documents and Settings\Aras\UserData 2015-12-09 12:14 - 2013-08-23 15:46 - 00780488 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2015-12-09 12:14 - 2013-08-23 15:46 - 00142536 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2015-12-09 11:33 - 2015-11-03 18:53 - 00001825 _____ C:\Documents and Settings\All Users\Pulpit\Google Chrome.lnk 2015-12-09 01:36 - 2006-05-29 18:23 - 00000000 ____D C:\Documents and Settings\All Users\Pulpit 2015-12-09 01:34 - 2006-05-29 16:44 - 00000000 ____D C:\Documents and Settings\Aras\Pulpit 2015-12-08 23:57 - 2013-08-16 12:26 - 00000000 ____D C:\WINDOWS\system32\MRT 2015-12-08 23:57 - 2006-05-30 08:21 - 137798368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-12-08 23:31 - 2015-03-24 18:13 - 00000000 ____D C:\AdwCleaner 2015-12-08 23:26 - 2015-09-18 15:18 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Google Chrome 2015-12-08 23:26 - 2012-09-25 18:51 - 00000000 ____D C:\Program Files\Mozilla Firefox 2015-12-08 23:26 - 2008-07-07 19:40 - 00000749 _____ C:\Documents and Settings\Aras\Menu Start\Programy\Internet Explorer.lnk 2015-12-08 23:26 - 2006-05-29 18:22 - 00000000 __RHD C:\Documents and Settings\All Users\Dane aplikacji 2015-12-08 23:26 - 2006-05-29 16:44 - 00000000 ___RD C:\Documents and Settings\Aras\Menu Start\Programy 2015-12-08 23:03 - 2010-02-24 11:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB979306$ 2015-12-08 23:02 - 2006-05-29 16:44 - 00000000 __RHD C:\Documents and Settings\Aras\Dane aplikacji 2015-12-08 22:50 - 2006-05-29 18:23 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Start\Programy 2015-12-08 15:00 - 2014-03-27 18:14 - 00000214 _____ C:\WINDOWS\Tasks\Powiadomienie o zakończeniu obsługi systemu Microsoft Windows XP — co miesiąc.job 2015-12-07 19:27 - 2015-06-22 18:00 - 00000000 ____D C:\Documents and Settings\Aras\Dane aplikacji\foobar2000 2015-12-07 14:41 - 2015-10-26 16:35 - 00000000 ____D C:\Documents and Settings\2015 2015-12-07 13:26 - 2006-05-29 18:22 - 00000000 ____D C:\Documents and Settings\All Users 2015-12-02 17:28 - 2008-08-18 16:52 - 00000000 __HDC C:\WINDOWS\$MSI31Uninstall_KB893803$ 2015-12-02 17:27 - 2006-05-29 17:36 - 00000000 __HDC C:\WINDOWS\$MSI31Uninstall_KB893803v2$ 2015-12-02 16:41 - 2006-05-07 16:43 - 00035840 _____ C:\Documents and Settings\Aras\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-12-02 13:08 - 2006-05-29 18:12 - 00000000 RSHDC C:\WINDOWS\system32\dllcache 2015-12-01 20:04 - 2007-09-19 11:02 - 00000000 ____D C:\Program Files\Bonjour 2015-12-01 19:35 - 2006-05-29 18:12 - 00000000 ____D C:\WINDOWS\Help 2015-11-30 15:45 - 2006-05-29 18:23 - 01091174 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2015-11-30 15:45 - 2004-08-04 13:00 - 00491756 _____ C:\WINDOWS\system32\perfh015.dat 2015-11-30 15:45 - 2004-08-04 13:00 - 00084666 _____ C:\WINDOWS\system32\perfc015.dat 2015-11-22 19:51 - 2006-05-29 16:44 - 00000000 ___RD C:\Documents and Settings\Aras\Moje dokumenty\Moje obrazy 2015-11-17 13:06 - 2015-10-02 13:17 - 00000000 ____D C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Acrobat - Reader - Distiller 2015-11-13 16:50 - 2006-05-29 18:22 - 00606912 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2015-11-13 15:20 - 2006-05-29 16:52 - 00159800 _____ C:\Documents and Settings\Aras\Ustawienia lokalne\Dane aplikacji\GDIPFONTCACHEV1.DAT ==================== Pliki w katalogu głównym wybranych folderów ======= 2006-05-30 09:27 - 2004-03-11 12:27 - 0040960 _____ () C:\Program Files\Uninstall_CDS.exe 2006-05-07 16:43 - 2015-12-02 16:41 - 0035840 _____ () C:\Documents and Settings\Aras\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2007-06-06 20:30 - 2009-03-16 17:15 - 0000600 ____N () C:\Documents and Settings\Aras\Ustawienia lokalne\Dane aplikacji\PUTTY.RND Niektóre pliki w TEMP: ==================== C:\Documents and Settings\Aras\Ustawienia lokalne\Temp\bediihdcia.exe C:\Documents and Settings\Aras\Ustawienia lokalne\Temp\cdo1367786851.dll C:\Documents and Settings\Aras\Ustawienia lokalne\Temp\cdo2283603883.dll C:\Documents and Settings\Aras\Ustawienia lokalne\Temp\cdo2294396738.dll C:\Documents and Settings\Aras\Ustawienia lokalne\Temp\cdo25490428.dll C:\Documents and Settings\Aras\Ustawienia lokalne\Temp\cdo3171294033.dll C:\Documents and Settings\Aras\Ustawienia lokalne\Temp\cdo3814576549.dll C:\Documents and Settings\Aras\Ustawienia lokalne\Temp\cdo4290562583.dll C:\Documents and Settings\Aras\Ustawienia lokalne\Temp\Quarantine.exe C:\Documents and Settings\Aras\Ustawienia lokalne\Temp\serial.exe ==================== Bamital & volsnap ================= (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo ==================== Koniec FRST.txt ============================