Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x86) Wersja: 29-06-2016 Uruchomiony przez Admin (administrator) MAINSERVER1 (01-07-2016 12:56:44) Uruchomiony z C:\diagnostyka\frst Załadowane profile: Admin (Dostępne profile: Admin) Platform: Microsoft Windows XP Dodatek Service Pack 3 (X86) Język: Polski Internet Explorer Wersja 8 (Domyślna przeglądarka: FF) Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (PACE Anti-Piracy, Inc.) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe (StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (GEMTEKS) C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe (Linksys) C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (Pinnacle Systems GmbH) C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\winlogon.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Megaify Software Co., Ltd.) D:\Program Files\DriverToolkit\DriverToolkit.exe (Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\services.exe () C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\lsass.exe ==================== Rejestr (filtrowane) =========================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [NvMediaCenter] => RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login HKLM\...\Run: [nwiz] => C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2593056 2014-03-09] () HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-06-24] (NVIDIA Corporation) HKLM\...\Run: [USBToolTip] => C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157456 2015-09-12] (Apple Inc.) HKLM\...\Run: [Bron-Spizaetus] => C:\WINDOWS\ShellNew\RakyatKelaparan.exe [44433 2011-04-25] () HKLM\...\Winlogon: [Shell] Explorer.exe "C:\WINDOWS\KesenjanganSosial.exe" [x ] () HKU\S-1-5-21-1220945662-842925246-682003330-1006\...\Run: [AlcoholAutomount] => C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team) HKU\S-1-5-21-1220945662-842925246-682003330-1006\...\Run: [DAEMON Tools Lite] => D:\Program Files\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd) HKU\S-1-5-21-1220945662-842925246-682003330-1006\...\Run: [DriverToolkit] => D:\Program Files\DriverToolkit\DriverToolkit.exe [1304040 2015-07-01] (Megaify Software Co., Ltd.) HKU\S-1-5-21-1220945662-842925246-682003330-1006\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [457088 2015-09-23] (Sony) HKU\S-1-5-21-1220945662-842925246-682003330-1006\...\Run: [Tok-Cirrhatus] => 0 HKU\S-1-5-21-1220945662-842925246-682003330-1006\...\Run: [Tok-Cirrhatus-1464] => C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\br3951on.exe [44433 2011-04-25] () HKU\S-1-5-21-1220945662-842925246-682003330-1006\...\Policies\system: [DisableRegistryTools] 1 HKU\S-1-5-21-1220945662-842925246-682003330-1006\...\Policies\system: [DisableCMD] 0 HKU\S-1-5-21-1220945662-842925246-682003330-1006\...\Policies\Explorer: [NoFolderOptions] 1 HKU\S-1-5-21-1220945662-842925246-682003330-1006\...\MountPoints2: {1da31f60-d46d-11e3-b0ce-0018f82c2e2b} - J:\LGAutoRun.exe HKU\S-1-5-21-1220945662-842925246-682003330-1006\...\MountPoints2: {7e2611ca-b516-11e5-82f4-0018f82c2e2b} - J:\Startme.exe HKU\S-1-5-21-1220945662-842925246-682003330-1006\...\MountPoints2: {ea8bd6c0-374d-11e4-890a-806d6172696f} - K:\sources\sperr32.exe x64 HKU\S-1-5-18\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\sfShellTools.dll [2015-04-15] (SmartSoft Ltd.) Startup: C:\Documents and Settings\Admin\Menu Start\Programy\Autostart\Empty.pif [2011-04-25] () Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\McAfee Security Scan Plus.lnk [2016-04-04] ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.) AlternateShell: cmd-brontok.exe ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Hosts: Kod HTML wykryty w pliku Hosts. Sprawdź sekcję Hosts w Addition.txt <==== UWAGA Tcpip\..\Interfaces\{3F081EEF-C5BE-428D-ABA4-C7C41224391D}: [DhcpNameServer] 192.168.1.100 Tcpip\..\Interfaces\{4EB57B35-A298-48D5-9400-4D6612777412}: [NameServer] 10.0.0.254 Tcpip\..\Interfaces\{80048AF8-A3FB-4024-8DB8-D113D75CBBEA}: [DhcpNameServer] 192.168.1.100 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation) DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A40} hxxps://www.r-bank.pl/cib/static/components/raiffeisen-signplugin-win-x86-ie-1.3.0.36.cab DPF: {92ECE6FA-AC2E-4042-BFAE-0C8608E52A41} hxxps://www.pekaobiznes24.pl/components/SignActivXPEKAO.cab FireFox: ======== FF ProfilePath: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\9e8zv878.default-1435219986097 FF Homepage: hxxp://www.surveycompare.pl/?mckv=c4U7vptkv pcrid 39867592534 pkw p%C5%82atne%20ankiety pmt &mckvcid=63rv316uw0&cid=5256849d95975&source=google&medium=cpc&campaign=164888494&adgroup=9262031614&targetid=kwd-948351076&keyword=p%C5%82atne%20ankiety&matchtype=&ad=39867592534&network=d&device=c&devicemodel=&target=&placement=olx.pl&position=none&aceid=&ismobile=0&issearch=0&geo=1011419&geointerest=&gclid=CI-Fm6q9p80CFQoTGwodsnwD6g FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-08] () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-09-04] () FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF SearchPlugin: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\9e8zv878.default-1435219986097\searchplugins\googlemaps.xml [2015-11-16] FF SearchPlugin: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\9e8zv878.default-1435219986097\searchplugins\googletranslate.xml [2015-11-16] FF SearchPlugin: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\9e8zv878.default-1435219986097\searchplugins\olxpl.xml [2015-06-26] FF SearchPlugin: C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\9e8zv878.default-1435219986097\searchplugins\youtube.xml [2015-07-14] FF Extension: Multirow Bookmarks Toolbar Plus - C:\Documents and Settings\Admin\Dane aplikacji\Mozilla\Firefox\Profiles\9e8zv878.default-1435219986097\extensions\{4c7097f7-08f2-4ef2-9b9f-f95fa4cbb064}.xpi [2016-06-24] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-07-07] [Brak podpisu cyfrowego] FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2015-09-09] Chrome: ======= CHR Profile: C:\Documents and Settings\Admin\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default CHR Extension: (DivX Plus Web Player HTML5