Proszę o analizę logów. Baidu SDTRAY

Post09 gru 2014, 14:32

Witam.

Hijacthis :

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:30:00, on 2014-12-09
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!


Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.exe
C:\Users\Irena\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=profitraf3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [baidusdTray] "C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe"  -stmd=3
O4 - HKCU\..\Run: [Mobile Partner] D:\PLAY Web partner\PLAY Web partner
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Wyślij &do programu OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - D:\PokerStars.EU\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: BaiduHips - ????????(??)???? - C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
O23 - Service: BDKVRTP Service (BDKVRTP) - ????????(??)???? - C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
O23 - Service: BDSGRTP Service (BDSGRTP) - ????????(??)???? - C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\BaiduProtect.exe
O23 - Service: Usługa Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Usługa Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Usługa Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService.exe
O23 - Service: Usługa iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 4432 bytes

OTL :

Kod: Zaznacz cały

OTL logfile created on: 2014-12-09 14:13:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Irena\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1014,18 Mb Total Physical Memory | 427,29 Mb Available Physical Memory | 42,13% Memory free
1,99 Gb Paging File | 1,39 Gb Available in Paging File | 69,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 47,24 Gb Total Space | 23,93 Gb Free Space | 50,67% Space Free | Partition Type: NTFS
Drive D: | 185,55 Gb Total Space | 185,20 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
Drive E: | 3,74 Gb Total Space | 1,49 Gb Free Space | 39,73% Space Free | Partition Type: FAT32
 
Computer Name: IRENAPC | User Name: Irena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2014-12-09 13:19:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Irena\Desktop\OTL.exe
PRC - [2014-12-04 10:23:22 | 001,940,072 | ---- | M] (百度在线网络技术（北京）有限公司) -- C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\BaiduProtect.exe
PRC - [2014-12-02 17:53:10 | 002,505,224 | ---- | M] (百度在线网络技术（北京）有限公司) -- C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe
PRC - [2014-12-02 17:53:10 | 000,793,096 | ---- | M] (百度在线网络技术（北京）有限公司) -- C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe
PRC - [2014-12-02 17:53:10 | 000,064,008 | ---- | M] (百度在线网络技术（北京）有限公司) -- C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe
PRC - [2014-09-12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012-11-23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011-03-14 16:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2010-11-20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-07-14 02:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2014-12-02 17:53:10 | 000,403,848 | ---- | M] () -- C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BDMCommon.dll
MOD - [2014-12-02 17:53:10 | 000,117,128 | ---- | M] () -- C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BDKVDeskBand.dll
MOD - [2010-01-30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - [2014-12-04 10:23:22 | 001,940,072 | ---- | M] (百度在线网络技术（北京）有限公司) [Auto | Running] -- C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\BaiduProtect.exe -- (BDSGRTP)
SRV - [2014-12-02 17:53:10 | 000,793,096 | ---- | M] (百度在线网络技术（北京）有限公司) [Auto | Running] -- C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe -- (BDKVRTP)
SRV - [2014-12-02 17:53:10 | 000,064,008 | ---- | M] (百度在线网络技术（北京）有限公司) [Auto | Running] -- C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe -- (BaiduHips)
SRV - [2014-09-12 10:43:06 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014-04-03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013-05-27 05:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011-06-12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011-03-14 16:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010-11-20 22:29:12 | 000,310,815 | ---- | M] () [Auto | Running] -- C:\Windows\System32\ir16_32.dll -- (ir16_32)
SRV - [2009-07-14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Irena\AppData\Local\Temp\mbr.sys -- (mbr)
DRV - File not found [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Irena\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2014-12-05 17:06:40 | 000,229,712 | ---- | M] (Baidu) [Kernel | System | Running] -- C:\Windows\System32\drivers\BDMWrench.sys -- (BDMWrench)
DRV - [2014-12-03 14:03:42 | 000,185,672 | ---- | M] (Baidu) [Kernel | System | Running] -- C:\Windows\System32\drivers\bd0004.sys -- (bd0004)
DRV - [2014-12-03 14:03:42 | 000,137,544 | ---- | M] (Baidu Technology) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BDArKit.SYS -- (BDArKit)
DRV - [2014-12-02 18:08:35 | 000,071,496 | ---- | M] (Baidu) [Kernel | System | Running] -- C:\Windows\System32\drivers\bd0001.sys -- (bd0001)
DRV - [2014-12-02 17:53:11 | 000,198,472 | ---- | M] (Baidu) [Kernel | System | Running] -- C:\Windows\System32\drivers\bd0002.sys -- (bd0002)
DRV - [2014-12-02 17:53:11 | 000,139,784 | ---- | M] (Baidu) [Kernel | System | Running] -- C:\Windows\System32\drivers\BdSandBox.sys -- (BdSandBox)
DRV - [2014-12-02 17:53:11 | 000,123,720 | ---- | M] (Baidu) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\BDDefense.sys -- (BDDefense)
DRV - [2014-12-02 17:53:11 | 000,057,160 | ---- | M] (Baidu) [File_System | System | Running] -- C:\Windows\System32\drivers\bd0003.sys -- (bd0003)
DRV - [2014-12-02 17:53:11 | 000,026,824 | ---- | M] (Baidu) [Kernel | System | Running] -- C:\Windows\System32\drivers\BDFileDefend.sys -- (BDFileDefend)
DRV - [2014-12-02 08:59:48 | 000,067,656 | ---- | M] (Baidu) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\BDSafeBrowser.sys -- (BDSafeBrowser)
DRV - [2014-10-12 17:50:15 | 000,061,256 | ---- | M] (Baidu) [Kernel | System | Running] -- C:\Windows\System32\drivers\BDEnhanceBoost.sys -- (BDEnhanceBoost)
DRV - [2011-09-09 11:50:10 | 000,089,856 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV - [2011-09-09 11:50:10 | 000,073,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2011-09-09 11:50:10 | 000,066,688 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_jucdcecm.sys -- (huawei_cdcecm)
DRV - [2011-09-09 11:50:10 | 000,026,624 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_juextctrl.sys -- (huawei_ext_ctrl)
DRV - [2010-11-20 22:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-20 22:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010-11-20 22:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-07-27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009-07-14 01:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009-07-13 23:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.ru/cnt/10445?gp=profitraf3
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = http://go.mail.ru/search?q={SearchTerms}&fr=ntg&gp=profitraf3
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@baidu.com/BaidusdDetectNPPlugin: C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll (百度在线网络技术（北京）有限公司)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: D:\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: D:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: D:\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Irena\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.703\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.71\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.71\internal-nacl-plugin
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\39.0.2171.71\pdf.dll
CHR - plugin: APIHelper (Enabled) = C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdigkpjbmbdepgpkjeabfghlchdmphke\3.2_0\plg/npapihelper.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: ç™ľĺş¦ćť€ćŻ’ (Enabled) = C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: VLC Web Plugin (Enabled) = D:\VideoLAN\VLC\npvlc.dll
CHR - Extension: No name found = C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: Microsoft Office 2010 = C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdigkpjbmbdepgpkjeabfghlchdmphke\3.2_0\
CHR - Extension: No name found = C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: No name found = C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckcmdpmhiekiihmfjffdehhbhgllpapg\12.19_0\
CHR - Extension: No name found = C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: No name found = C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcncjpganfocbfoenaemagjjopkkindp\1.266_0\
CHR - Extension: No name found = C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggbjbmnfmipgcanidamjfpechdeekoi\1.0.2_0\
CHR - Extension: No name found = C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2\
CHR - Extension: No name found = C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pldbienodkpgkccocelidinmciedjdok\1.0.1_0\
 
O1 HOSTS File: ([2014-12-09 14:04:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [baidusdTray] C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe (百度在线网络技术（北京）有限公司)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files\Brownie\BrstsWnd.exe (brother)
O4 - HKCU..\Run: [Mobile Partner] D:\PLAY Web partner\PLAY Web partner File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Wyślij &do programu OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - D:\PokerStars.EU\PokerStarsUpdate.exe File not found
O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AF0E398-5312-41D6-AF9C-EF64B89D7A3A}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C554B7C-6AD8-44B5-AC98-61C11103C960}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EBF222DA-A05D-462E-B6EE-00F0C2B15139}: DhcpNameServer = 192.168.1.1 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2014-12-09 14:10:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014-12-09 14:04:24 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2014-12-09 13:59:49 | 000,000,000 | ---D | C] -- C:\Users\Irena\AppData\Local\temp
[2014-12-09 13:33:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014-12-09 13:33:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014-12-09 13:33:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014-12-09 13:32:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2014-12-09 13:31:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014-12-09 13:23:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-12-09 13:22:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Irena\Desktop\OTL.exe
[2014-12-09 13:22:38 | 005,601,243 | R--- | C] (Swearware) -- C:\Users\Irena\Desktop\ComboFix.exe
[2014-12-09 13:18:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Irena\Desktop\HijackThis.exe
[2014-12-09 12:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014-12-09 12:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014-12-09 12:32:51 | 000,000,000 | ---D | C] -- C:\Users\Irena\Desktop\malwarebytes.2.0.3.1025
[2014-12-09 12:32:47 | 000,000,000 | ---D | C] -- C:\Users\Irena\Desktop\CCleaner-Professional_Business_TechnicianEdition_4.17.4808_PL
[2014-12-03 22:18:38 | 000,000,000 | ---D | C] -- C:\Users\Irena\AppData\Roaming\Digiarty
[2014-12-03 22:06:59 | 000,000,000 | ---D | C] -- C:\Users\Irena\AppData\Local\Opera Software
[2014-12-03 22:04:31 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2014-12-03 22:01:22 | 000,000,000 | ---D | C] -- C:\Users\Irena\AppData\Roaming\DVDVideoSoft
[2014-12-03 18:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky SDK
[2014-12-02 17:53:27 | 000,026,824 | ---- | C] (Baidu) -- C:\Windows\System32\drivers\BDFileDefend.sys
[2014-12-02 17:53:26 | 000,139,784 | ---- | C] (Baidu) -- C:\Windows\System32\drivers\BdSandBox.sys
[2014-12-02 17:53:24 | 000,057,160 | ---- | C] (Baidu) -- C:\Windows\System32\drivers\bd0003.sys
[2014-12-02 17:53:22 | 000,123,720 | ---- | C] (Baidu) -- C:\Windows\System32\drivers\BDDefense.sys
[2014-12-02 17:53:16 | 000,198,472 | ---- | C] (Baidu) -- C:\Windows\System32\drivers\bd0002.sys
[2014-12-02 17:53:02 | 000,000,000 | ---D | C] -- C:\Program Files\BaiduSd3.0
[2014-11-30 14:23:28 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys
[2014-11-30 14:23:28 | 000,354,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbwwan.sys
[2014-11-30 14:23:28 | 000,195,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys
[2014-11-30 14:23:28 | 000,190,976 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juwwanecm.sys
[2014-11-30 14:23:28 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys
[2014-11-30 14:23:28 | 000,089,856 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys
[2014-11-30 14:23:28 | 000,073,984 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys
[2014-11-30 14:23:28 | 000,066,688 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys
[2014-11-30 14:23:28 | 000,026,624 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys
[2014-11-30 14:23:28 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys
[2014-11-30 14:23:28 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys
[2014-11-30 14:23:28 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2014-12-09 14:19:46 | 004,194,304 | -HS- | M] () -- C:\Users\Irena\ntuser.dat
[2014-12-09 14:16:40 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-12-09 14:15:53 | 001,523,412 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2014-12-09 14:15:53 | 000,687,828 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2014-12-09 14:15:53 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014-12-09 14:15:53 | 000,131,382 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2014-12-09 14:15:53 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014-12-09 14:15:23 | 000,630,040 | ---- | M] () -- C:\Windows\System32\ir16_32.dat
[2014-12-09 14:10:22 | 000,021,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-12-09 14:10:22 | 000,021,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-12-09 14:05:40 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2014-12-09 14:04:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2014-12-09 14:03:05 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-12-09 14:02:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2014-12-09 14:02:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-12-09 14:02:45 | 797,581,312 | -HS- | M] () -- C:\hiberfil.sys
[2014-12-09 13:29:53 | 000,000,303 | ---- | M] () -- C:\Windows\Brownie.ini
[2014-12-09 13:28:42 | 002,928,921 | -H-- | M] () -- C:\Users\Irena\AppData\Local\IconCache.db
[2014-12-09 13:23:14 | 005,601,243 | R--- | M] (Swearware) -- C:\Users\Irena\Desktop\ComboFix.exe
[2014-12-09 13:23:12 | 002,166,272 | ---- | M] () -- C:\Users\Irena\Desktop\AdwCleaner (2).exe
[2014-12-09 13:19:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Irena\Desktop\OTL.exe
[2014-12-09 13:17:28 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Irena\Desktop\HijackThis.exe
[2014-12-09 12:33:37 | 000,000,965 | ---- | M] () -- C:\Users\Irena\Desktop\CCleaner.lnk
[2014-12-09 12:33:04 | 020,321,681 | ---- | M] () -- C:\Users\Irena\Desktop\malwarebytes.2.0.3.1025.rar
[2014-12-09 12:32:16 | 007,394,252 | ---- | M] () -- C:\Users\Irena\Desktop\CCleaner-Professional_Business_TechnicianEdition_4.17.4808_PL.zip
[2014-12-05 17:06:40 | 000,229,712 | ---- | M] (Baidu) -- C:\Windows\System32\drivers\BDMWrench.sys
[2014-12-03 22:06:43 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2014-12-03 14:03:42 | 000,185,672 | ---- | M] (Baidu) -- C:\Windows\System32\drivers\bd0004.sys
[2014-12-03 14:03:42 | 000,137,544 | ---- | M] (Baidu Technology) -- C:\Windows\System32\drivers\BDArKit.SYS
[2014-12-03 08:06:08 | 000,409,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014-12-02 18:08:35 | 000,071,496 | ---- | M] (Baidu) -- C:\Windows\System32\drivers\bd0001.sys
[2014-12-02 17:53:38 | 000,109,688 | ---- | M] () -- C:\Users\Irena\AppData\Local\GDIPFONTCACHEV1.DAT
[2014-12-02 17:53:11 | 000,198,472 | ---- | M] (Baidu) -- C:\Windows\System32\drivers\bd0002.sys
[2014-12-02 17:53:11 | 000,139,784 | ---- | M] (Baidu) -- C:\Windows\System32\drivers\BdSandBox.sys
[2014-12-02 17:53:11 | 000,123,720 | ---- | M] (Baidu) -- C:\Windows\System32\drivers\BDDefense.sys
[2014-12-02 17:53:11 | 000,057,160 | ---- | M] (Baidu) -- C:\Windows\System32\drivers\bd0003.sys
[2014-12-02 17:53:11 | 000,026,824 | ---- | M] (Baidu) -- C:\Windows\System32\drivers\BDFileDefend.sys
[2014-12-02 08:59:48 | 000,067,656 | ---- | M] (Baidu) -- C:\Windows\System32\drivers\BDSafeBrowser.sys
[2014-11-26 22:22:20 | 000,002,135 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-11-23 17:14:32 | 000,000,605 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2014-12-09 13:33:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014-12-09 13:33:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014-12-09 13:33:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014-12-09 13:33:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014-12-09 13:33:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014-12-09 13:22:35 | 002,166,272 | ---- | C] () -- C:\Users\Irena\Desktop\AdwCleaner (2).exe
[2014-12-09 12:33:37 | 000,000,965 | ---- | C] () -- C:\Users\Irena\Desktop\CCleaner.lnk
[2014-12-09 12:32:39 | 007,394,252 | ---- | C] () -- C:\Users\Irena\Desktop\CCleaner-Professional_Business_TechnicianEdition_4.17.4808_PL.zip
[2014-12-09 12:32:36 | 020,321,681 | ---- | C] () -- C:\Users\Irena\Desktop\malwarebytes.2.0.3.1025.rar
[2014-12-03 22:06:44 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2014-12-03 22:06:44 | 000,001,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2014-10-21 11:15:45 | 000,000,411 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2014-10-21 11:15:35 | 000,000,141 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2014-10-21 11:15:35 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2014-10-21 11:15:29 | 000,022,892 | ---- | C] () -- C:\Windows\HL-3070CW.INI
[2014-10-21 11:15:25 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2014-10-21 11:15:24 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2014-10-21 11:15:24 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRADC08A.DAT
[2014-10-21 11:14:37 | 000,000,303 | ---- | C] () -- C:\Windows\Brownie.ini
[2014-10-19 12:44:40 | 000,630,040 | ---- | C] () -- C:\Windows\System32\ir16_32.dat
[2014-09-02 21:36:47 | 002,928,921 | -H-- | C] () -- C:\Users\Irena\AppData\Local\IconCache.db
[2014-09-02 20:57:00 | 000,216,064 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[2014-09-02 20:56:59 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2014-09-02 20:56:59 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2014-09-02 20:56:57 | 000,218,200 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2014-09-02 20:56:53 | 000,112,640 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2014-03-13 21:24:11 | 000,310,815 | ---- | C] () -- C:\Windows\System32\ir16_32.dll
[2014-03-10 09:35:25 | 000,524,288 | -HS- | C] () -- C:\Users\Irena\ntuser.dat{6ae41fd5-a82e-11e3-a6f8-c180a34307bc}.TMContainer00000000000000000002.regtrans-ms
[2014-03-10 09:35:25 | 000,524,288 | -HS- | C] () -- C:\Users\Irena\ntuser.dat{6ae41fd5-a82e-11e3-a6f8-c180a34307bc}.TMContainer00000000000000000001.regtrans-ms
[2014-03-10 09:35:25 | 000,065,536 | -HS- | C] () -- C:\Users\Irena\ntuser.dat{6ae41fd5-a82e-11e3-a6f8-c180a34307bc}.TM.blf
[2014-03-10 09:14:18 | 000,524,288 | -HS- | C] () -- C:\Users\Irena\ntuser.dat{6962c6f7-a82b-11e3-b556-f18200cea2bc}.TMContainer00000000000000000002.regtrans-ms
[2014-03-10 09:14:18 | 000,524,288 | -HS- | C] () -- C:\Users\Irena\ntuser.dat{6962c6f7-a82b-11e3-b556-f18200cea2bc}.TMContainer00000000000000000001.regtrans-ms
[2014-03-10 09:14:18 | 000,065,536 | -HS- | C] () -- C:\Users\Irena\ntuser.dat{6962c6f7-a82b-11e3-b556-f18200cea2bc}.TM.blf
[2014-02-27 11:32:33 | 000,109,688 | ---- | C] () -- C:\Users\Irena\AppData\Local\GDIPFONTCACHEV1.DAT
[2014-02-27 10:50:04 | 000,687,828 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2014-02-27 10:50:04 | 000,337,158 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2014-02-27 10:50:04 | 000,131,382 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2014-02-27 10:50:04 | 000,038,710 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2014-02-27 10:19:00 | 000,524,288 | -HS- | C] () -- C:\Users\Irena\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2014-02-27 10:19:00 | 000,524,288 | -HS- | C] () -- C:\Users\Irena\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2014-02-27 10:19:00 | 000,065,536 | -HS- | C] () -- C:\Users\Irena\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2014-02-27 10:19:00 | 000,000,020 | -HS- | C] () -- C:\Users\Irena\ntuser.ini
[2014-02-27 10:18:59 | 004,194,304 | -HS- | C] () -- C:\Users\Irena\ntuser.dat
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013-07-26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 22:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2014-12-03 22:18:38 | 000,000,000 | ---D | M] -- C:\Users\Irena\AppData\Roaming\Digiarty
[2014-12-03 22:39:59 | 000,000,000 | ---D | M] -- C:\Users\Irena\AppData\Roaming\DVDVideoSoft
[2014-03-14 21:32:58 | 000,000,000 | ---D | M] -- C:\Users\Irena\AppData\Roaming\Foxit Software
[2014-09-02 21:02:36 | 000,000,000 | ---D | M] -- C:\Users\Irena\AppData\Roaming\MPC-HC
[2014-10-12 17:39:53 | 000,000,000 | ---D | M] -- C:\Users\Irena\AppData\Roaming\Opera Software
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2014-12-02 17:53:22 | 000,000,000 | ---D | C](C:\ProgramData\Microsoft\Windows\Start Menu\Programs\????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度杀毒

< End of report >

EXtras OTL

Kod: Zaznacz cały

OTL Extras logfile created on: 2014-12-09 14:13:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Irena\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
 
1014,18 Mb Total Physical Memory | 427,29 Mb Available Physical Memory | 42,13% Memory free
1,99 Gb Paging File | 1,39 Gb Available in Paging File | 69,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 47,24 Gb Total Space | 23,93 Gb Free Space | 50,67% Space Free | Partition Type: NTFS
Drive D: | 185,55 Gb Total Space | 185,20 Gb Free Space | 99,81% Space Free | Partition Type: NTFS
Drive E: | 3,74 Gb Total Space | 1,49 Gb Free Space | 39,73% Space Free | Partition Type: FAT32
 
Computer Name: IRENAPC | User Name: Irena | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = OperaStable] -- C:\Program Files\Opera\Launcher.exe (Opera Software)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate -- "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[color=#E56717]========== System Restore Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[color=#E56717]========== Firewall Settings ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A0A7D3C7-28A5-41FE-BA98-5A0859CDC560}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"{E0193778-38E3-48B6-B4B5-336DD0AD2DE0}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
 
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04065017-244A-4732-BB91-FE44C8188C8F}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdupdate.exe | 
"{04BA1C54-ED90-4C4D-A594-383DA9792D51}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdbugrpt.exe | 
"{10C30D2F-5120-4F35-9B51-0F9B14E9611A}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdsvc.exe | 
"{12FE63ED-E925-4C5C-86C7-3FA1D4C9B03A}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdtray.exe | 
"{243C1889-1267-4B6D-A623-E86F8FD88329}" = protocol=6 | dir=in | app=c:\program files\common files\baidu\bddownload\108\bddownloader.exe | 
"{2A4D11D8-44F7-43C6-958A-1FE462FCFF15}" = dir=in | app=c:\program files\common files\baidu\bddownload\108\bddownloader.exe | 
"{2E9BA3A4-4D18-4941-8F42-02B4BFBD69C2}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdtray.exe | 
"{33679121-7C25-452C-9993-9319B9063033}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\bdbro.exe | 
"{37FD4927-34B7-4D57-8DE0-01AC2415C340}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdsvc.exe | 
"{3D1D54A4-DC28-4FE4-B324-B8713B3DDF4D}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusduproxy64.exe | 
"{40CD4B7A-E23F-4CCD-B231-F4A38E801AA6}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusduproxy64.exe | 
"{47A6490C-C186-44B6-8DF7-13AEE042A694}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{485AE70A-08D4-4312-9827-697F6989827C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{4F679101-E290-48C1-9A0D-9D22FFA30D01}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusduproxy64.exe | 
"{5054ED16-1A21-4760-B82E-33392EB141E4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{56A693B8-02E9-43D1-8344-A8736C0ABE3A}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusduproxy64.exe | 
"{584695D3-54D3-4D78-A38A-6312B990219B}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdupdate.exe | 
"{5A92E7E7-F1F8-4E8D-AC5C-42D7FA5E5DD4}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusduproxy64.exe | 
"{5C022861-16F9-495F-B169-A3DF524FF7C9}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdupdate.exe | 
"{62DACB23-3DFB-458C-9B23-6D6015CA0BBB}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\bdbro.exe | 
"{64582092-491E-4C78-89EB-D842F5D8DD01}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\bdbro.exe | 
"{69F172E9-0D99-428B-AC32-63A7C2F6EF1D}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{6AEC8716-781C-418E-B289-0B47191FB712}" = protocol=6 | dir=in | app=c:\program files\common files\baidu\bddownload\108\bddownloader.exe | 
"{6E27BEE6-5E95-4061-B5E3-61CCBCC7F6E3}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdsvc.exe | 
"{724D8F28-1911-47CE-B25E-BD450211BB02}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdsvc.exe | 
"{731776A6-6394-4DDD-89F5-44F08523FAA1}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdupdate.exe | 
"{785966AA-5EB3-4D14-B03B-77F3A2AC6494}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusduproxy64.exe | 
"{7BAA8D4A-545F-4783-AAED-AAF403B4BC22}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\bdbro.exe | 
"{8D50EA5C-37F5-442F-9835-D6681BD2CEAA}" = protocol=6 | dir=in | app=c:\program files\common files\baidu\bddownload\108\bddownloader.exe | 
"{95BDADA9-74A4-4962-97EE-3B4547F713B9}" = protocol=17 | dir=in | app=c:\program files\common files\baidu\bddownload\108\bddownloader.exe | 
"{9E2B5CF4-4485-402C-9884-399E500B307C}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdbugrpt.exe | 
"{9E482A59-4692-405F-A682-F16BCA6928C0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{A14258AE-A629-41E7-B0FF-F2EA1ACB89BC}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{AEB354DC-5ACB-4C7C-8103-705F0751EA56}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{B1EB1DE6-DAEF-4037-84EF-DD89D173449D}" = protocol=17 | dir=in | app=c:\program files\common files\baidu\bddownload\108\bddownloader.exe | 
"{B8C89685-E06B-444F-800D-894E8F9B089E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B9521CA9-121E-4116-956B-1078235DD707}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdupdate.exe | 
"{BB7D089F-63B9-4502-BEC0-9E4F0B175476}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdbugrpt.exe | 
"{BD5092B0-2E31-4C5E-9B6D-E514AF99536D}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdtray.exe | 
"{BED0F61D-82E6-4C22-8547-6F6F30630282}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdbugrpt.exe | 
"{C2369C8B-226F-4AE3-962A-8E30CDC4C5C2}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdbugrpt.exe | 
"{C63C52D2-FC34-4A8B-B2C5-A85AEDDD090C}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdtray.exe | 
"{CA05A56F-299B-4B11-88A9-B112F10934E8}" = protocol=17 | dir=in | app=c:\program files\common files\baidu\bddownload\108\bddownloader.exe | 
"{CBC1D0F4-9B09-48EA-95C8-77A13B860F9C}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdtray.exe | 
"{CE876AB4-2B91-467E-9CA4-2D615B6A99B2}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdbugrpt.exe | 
"{D8371D89-4BEB-45D1-BF7F-48E8AFB9AA8E}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdsvc.exe | 
"{E0E7592F-685F-40BC-8184-E399B4F91E17}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdtray.exe | 
"{EB5459E4-1AC9-4044-B116-8A507C308182}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\bdbro.exe | 
"{EC2918C2-0143-4FC8-A5FB-7D9C35507DCB}" = protocol=17 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdsvc.exe | 
"{EF0A892D-1738-4224-82D9-10F5DC39F35E}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\bdbro.exe | 
"{F65EB3DC-7421-4726-B7EE-B86DC222BCDF}" = protocol=6 | dir=in | app=c:\program files\baidusd3.0\baidusd\3.0.0.4605\baidusdupdate.exe | 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{235EBB33-3DA1-46DF-AADE-9955123409CB}" = Apple Mobile Device Support
"{5D928931-D1D2-4A93-A82D-BF60D0E7CFA5}" = iTunes
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.16
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}" = Obsługa programów Apple
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0415-0000-0000000FF1CE}" = Microsoft Office Access MUI (Polish) 2010
"{90140000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2010
"{90140000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2010
"{90140000-0019-0415-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Polish) 2010
"{90140000-001A-0415-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Polish) 2010
"{90140000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2010
"{90140000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2010
"{90140000-0044-0415-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Polish) 2010
"{90140000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2010
"{90140000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2010
"{90140000-00BA-0415-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Polish) 2010
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.09) - Polish
"{D57652E0-96B9-49CB-9EDE-A87B0A11F5DA}" = Brother HL-3070CW
"CCleaner_is1" = CCleaner wersja 4.17.4808
"Google Chrome" = Google Chrome
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 10.6.5
"Ocena Opisowa N" = Librus Ocena Opisowa
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Opera 26.0.1656.32" = Opera Stable 26.0.1656.32
"PLAY Web partner" = PLAY Web partner
"VLC media player" = VLC media player
"WinRAR archiver" = WinRAR 5.01 (32-bit)
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 2014-12-08 04:53:10 | Computer Name = IrenaPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2014-12-08 07:44:55 | Computer Name = IrenaPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2014-12-08 12:46:46 | Computer Name = IrenaPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2014-12-08 16:36:03 | Computer Name = IrenaPC | Source = Application Hang | ID = 1002
Description = Program Explorer.EXE w wersji 6.1.7601.17514 zatrzymał interakcję 
z systemem Windows i został zamknięty. Aby zobaczyć, czy jest dostępnych więcej 
informacji dotyczących tego problemu, sprawdź historię problemu w panelu sterowania
 Centrum akcji.    Identyfikator procesu: 738    Godzina rozpoczęcia: 01d01306565dfe78    Godzina
 zakończenia: 327    Ścieżka aplikacji: C:\Windows\Explorer.EXE    Identyfikator raportu:
   
 
Error - 2014-12-09 07:06:15 | Computer Name = IrenaPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2014-12-09 07:45:43 | Computer Name = IrenaPC | Source = Application Error | ID = 1000
Description = Nazwa aplikacji powodującej błąd: mbam.exe, wersja: 1.0.1.711, sygnatura
 czasowa: 0x542b53ec  Nazwa modułu powodującego błąd: QtCore4.dll, wersja: 4.8.4.0,
 sygnatura czasowa: 0x51352df8  Kod wyjątku: 0xc0000005  Przesunięcie błędu: 0x00042016
Identyfikator
 procesu powodującego błąd: 0x10fc  Godzina uruchomienia aplikacji powodującej błąd:
 0x01d013a5986fb231  Ścieżka aplikacji powodującej błąd: C:\Program Files\Malwarebytes
 Anti-Malware\mbam.exe  Ścieżka modułu powodującego błąd: C:\Program Files\Malwarebytes
 Anti-Malware\QtCore4.dll  Identyfikator raportu: e7930a86-7f98-11e4-8c5e-e8ba806f12a6
 
Error - 2014-12-09 08:12:48 | Computer Name = IrenaPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2014-12-09 08:31:16 | Computer Name = IrenaPC | Source = WinMgmt | ID = 10
Description = 
 
Error - 2014-12-09 08:34:51 | Computer Name = IrenaPC | Source = System Restore | ID = 8193
Description = 
 
Error - 2014-12-09 09:04:37 | Computer Name = IrenaPC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 2014-10-12 12:47:47 | Computer Name = IrenaPC | Source = Service Control Manager | ID = 7030
Description = Usługa BDMRTP Service jest oznaczona jako usługa interakcyjna. System
 jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego
 ta usługa może nie działać właściwie.
 
Error - 2014-10-12 12:53:25 | Computer Name = IrenaPC | Source = Service Control Manager | ID = 7030
Description = Usługa BDSGRTP Service jest oznaczona jako usługa interakcyjna. System
 jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego
 ta usługa może nie działać właściwie.
 
Error - 2014-10-12 12:53:28 | Computer Name = IrenaPC | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi BDSafeBrowser z powodu następującego błędu:
   %%31
 
Error - 2014-10-12 13:05:37 | Computer Name = IrenaPC | Source = Service Control Manager | ID = 7034
Description = Usługa BDMRTP Service niespodziewanie zakończyła pracę. Wystąpiło 
to razy: 1.
 
Error - 2014-10-12 13:07:03 | Computer Name = IrenaPC | Source = Service Control Manager | ID = 7034
Description = Usługa BDKVRTP Service niespodziewanie zakończyła pracę. Wystąpiło
 to razy: 1.
 
Error - 2014-10-13 06:52:24 | Computer Name = IrenaPC | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego 
lub systemowego:   cdrom
 
Error - 2014-10-13 06:52:31 | Computer Name = IrenaPC | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi BAIDU Ark Kit Service z powodu następującego
 błędu:   %%2
 
Error - 2014-10-13 13:42:51 | Computer Name = IrenaPC | Source = Service Control Manager | ID = 7030
Description = Usługa HWDeviceService.exe jest oznaczona jako usługa interakcyjna.
 System jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne,
 dlatego ta usługa może nie działać właściwie.
 
Error - 2014-10-13 13:47:19 | Computer Name = IrenaPC | Source = Service Control Manager | ID = 7030
Description = Usługa BDSGRTP Service jest oznaczona jako usługa interakcyjna. System
 jest jednak skonfigurowany tak, aby nie zezwalać na usługi interakcyjne, dlatego
 ta usługa może nie działać właściwie.
 
Error - 2014-10-14 13:16:26 | Computer Name = IrenaPC | Source = Service Control Manager | ID = 7026
Description = Nie można załadować następujących sterowników startu rozruchowego 
lub systemowego:   cdrom
 
 
< End of report >

Combofix:

Kod: Zaznacz cały

ComboFix 14-12-08.01 - Irena 2014-12-09  13:38:36.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1250.48.1045.18.1014.482 [GMT 1:00]
Uruchomiony z: c:\users\Irena\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Usunięto   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\System32\d3dadapter.dll
c:\windows\System32\KBDMAI.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Sterowniki/Usługi   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BD0001
-------\Legacy_BD0002
-------\Service_bd0001
-------\Service_bd0002
-------\Service_d3dadapter
-------\Service_kbdmai
.
.
(((((((((((((((((((((((((   Pliki utworzone od 2014-11-09 do 2014-12-09  )))))))))))))))))))))))))))))))
.
.
2014-12-09 12:59 . 2014-12-09 13:04   --------   d-----w-   c:\users\Irena\AppData\Local\temp
2014-12-09 12:59 . 2014-12-09 12:59   --------   d-----w-   c:\users\Default\AppData\Local\temp
2014-12-09 12:23 . 2014-12-09 12:28   --------   d-----w-   C:\AdwCleaner
2014-12-09 11:44 . 2014-12-09 11:44   --------   d-----w-   c:\programdata\Malwarebytes
2014-12-09 11:33 . 2014-12-09 11:33   --------   d-----w-   c:\program files\CCleaner
2014-12-03 21:18 . 2014-12-03 21:18   --------   d-----w-   c:\users\Irena\AppData\Roaming\Digiarty
2014-12-03 21:06 . 2014-12-03 21:06   --------   d-----w-   c:\users\Irena\AppData\Local\Opera Software
2014-12-03 21:04 . 2014-12-04 17:48   --------   d-----w-   c:\program files\Opera
2014-12-03 21:01 . 2014-12-03 21:39   --------   d-----w-   c:\users\Irena\AppData\Roaming\DVDVideoSoft
2014-12-03 17:58 . 2014-12-03 17:58   --------   d-----w-   c:\programdata\Kaspersky SDK
2014-12-02 16:53 . 2014-12-02 16:53   26824   ----a-w-   c:\windows\system32\drivers\BDFileDefend.sys
2014-12-02 16:53 . 2014-12-02 16:53   139784   ----a-w-   c:\windows\system32\drivers\BdSandBox.sys
2014-12-02 16:53 . 2014-12-02 16:53   57160   ----a-w-   c:\windows\system32\drivers\bd0003.sys
2014-12-02 16:53 . 2014-12-02 16:53   123720   ----a-w-   c:\windows\system32\drivers\BDDefense.sys
2014-12-02 16:53 . 2014-12-02 16:53   198472   ----a-w-   c:\windows\system32\drivers\bd0002.sys
2014-12-02 16:53 . 2014-12-02 16:53   --------   d-----w-   c:\program files\BaiduSd3.0
2014-11-30 13:23 . 2011-12-16 08:36   354816   ----a-w-   c:\windows\system32\drivers\ewusbwwan.sys
2014-11-30 13:23 . 2011-12-02 13:23   190976   ----a-w-   c:\windows\system32\drivers\ew_juwwanecm.sys
2014-11-30 13:23 . 2011-09-09 10:50   89856   ----a-w-   c:\windows\system32\drivers\ew_jucdcacm.sys
2014-11-30 13:23 . 2011-09-09 10:50   73984   ----a-w-   c:\windows\system32\drivers\ew_jubusenum.sys
2014-11-30 13:23 . 2011-09-09 10:50   66688   ----a-w-   c:\windows\system32\drivers\ew_jucdcecm.sys
2014-11-30 13:23 . 2011-09-09 10:50   26624   ----a-w-   c:\windows\system32\drivers\ew_juextctrl.sys
2014-11-30 13:23 . 2011-08-16 16:17   195200   ----a-w-   c:\windows\system32\drivers\ewusbmdm.sys
2014-11-30 13:23 . 2010-10-08 15:55   25856   ----a-w-   c:\windows\system32\drivers\ewdcsc.sys
2014-11-30 13:23 . 2010-09-26 17:09   19200   ----a-w-   c:\windows\system32\drivers\ew_hwupgrade.sys
2014-11-30 13:23 . 2010-08-06 06:42   861696   ----a-w-   c:\windows\system32\drivers\mod7700.sys
2014-11-30 13:23 . 2010-07-27 08:52   102784   ----a-w-   c:\windows\system32\drivers\ew_hwusbdev.sys
2014-11-30 13:23 . 2010-03-20 11:06   11136   ----a-w-   c:\windows\system32\drivers\ew_usbenumfilter.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Sekcja Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-05 16:06 . 2014-10-12 17:08   229712   ----a-w-   c:\windows\system32\drivers\BDMWrench.sys
2014-12-03 13:03 . 2014-10-13 10:52   137544   ----a-w-   c:\windows\system32\drivers\BDArKit.SYS
2014-12-03 13:03 . 2014-10-12 16:53   185672   ----a-w-   c:\windows\system32\drivers\bd0004.sys
2014-12-02 17:08 . 2014-10-13 10:52   71496   ----a-w-   c:\windows\system32\drivers\bd0001.sys
2014-12-02 07:59 . 2014-10-12 16:53   67656   ----a-w-   c:\windows\system32\drivers\BDSafeBrowser.sys
2014-10-12 17:11 . 2014-10-12 17:11   62576   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AB97C2D-B5E2-4F50-A804-E36D15F5142F}\offreg.dll
2014-10-12 16:50 . 2014-10-12 16:47   61256   ----a-w-   c:\windows\system32\drivers\BDEnhanceBoost.sys
2014-09-15 00:08 . 2014-10-12 17:08   8806800   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AB97C2D-B5E2-4F50-A804-E36D15F5142F}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((   Wpisy startowe rejestru   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="d:\play web partner\PLAY Web partner" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2011-03-25 3618160]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
"baidusdTray"="c:\program files\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe" [2014-12-02 2505224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 BDSafeBrowser;BDSafeBrowser;c:\windows\system32\drivers\BDSafeBrowser.sys [2014-12-02 67656]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-04-03 315008]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 102784]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-09-09 89856]
R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys [2011-09-09 66688]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2011-09-09 26624]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S1 bd0001;bd0001;c:\windows\system32\DRIVERS\bd0001.sys [2014-12-02 71496]
S1 bd0002;bd0002;c:\windows\system32\DRIVERS\bd0002.sys [2014-12-02 198472]
S1 bd0003;bd0003;c:\windows\system32\DRIVERS\bd0003.sys [2014-12-02 57160]
S1 bd0004;bd0004;c:\windows\system32\DRIVERS\bd0004.sys [2014-12-03 185672]
S1 BDEnhanceBoost;BDEnhanceBoost;c:\windows\system32\drivers\BDEnhanceBoost.sys [2014-10-12 61256]
S1 BDFileDefend;BDFileDefend;c:\windows\system32\DRIVERS\BDFileDefend.sys [2014-12-02 26824]
S1 BDMWrench;BDMWrench;c:\windows\system32\DRIVERS\BDMWrench.sys [2014-12-05 229712]
S1 BdSandBox;BdSandBox;c:\windows\system32\DRIVERS\BdSandBox.sys [2014-12-02 139784]
S2 BaiduHips;BaiduHips;c:\program files\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [2014-12-02 64008]
S2 BDArKit;BDArKit;c:\windows\system32\DRIVERS\BDArKit.sys [2014-12-03 137544]
S2 BDDefense;BDDefense;c:\windows\system32\drivers\BDDefense.sys [2014-12-02 123720]
S2 BDKVRTP;BDKVRTP Service;c:\program files\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe [2014-12-02 793096]
S2 BDSGRTP;BDSGRTP Service;c:\program files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\BaiduProtect.exe [2014-12-04 1940072]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-03-14 271712]
S2 ir16_32;Intel Indeo(N) service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-09-09 73984]
.
.
--- Inne Usługi/Sterowniki w Pamięci ---
.
*NewlyCreated* - BD0001
*NewlyCreated* - BD0002
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation   REG_MULTI_SZ      SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ir16_32
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-26 21:17   1087304   ----a-w-   c:\program files\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe
.
Zawartość folderu 'Zaplanowane zadania'
.
2014-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-27 18:37]
.
2014-12-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-27 18:37]
.
.
------- Skan uzupełniający -------
.
uStart Page = hxxp://mail.ru/cnt/10445?gp=profitraf3
uInternet Settings,ProxyOverride = *.local
IE: E&ksportuj do programu Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Wyślij &do programu OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - d:\pokerstars.eu\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
.
.
--------------------- ZABLOKOWANE KLUCZE REJESTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Pliki DLL ładowane pod uruchomionymi procesami ---------------------
.
- - - - - - - > 'Explorer.exe'(7760)
c:\program files\BaiduSd3.0\BaiduSd\3.0.0.4605\websafe\DllInject.dll
c:\program files\BaiduSd3.0\BaiduSd\3.0.0.4605\BDKVDeskBand.dll
.
------------------------ Pozostałe uruchomione procesy ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\conhost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Czas ukończenia: 2014-12-09  14:10:42 - komputer został uruchomiony ponownie
ComboFix-quarantined-files.txt  2014-12-09 13:10
.
Przed: 25 852 297 216 bajtów wolnych
Po: 25 614 561 280 bajtów wolnych
.
- - End Of File - - 30CB50316F6D5B71482805FC8AF50EDD
A36C5E4F47E84449FF07ED3517B43A31

Główny cel to usunięcie tego chińskiego gówna Baidu Sdtray, to nie wirus, ale nie wiem jak to usunąć, bo ma tylko chińskie znaczki.
Z góry dzięki za pomoc.
Pozdrawiam

Post09 gru 2014, 15:24

Nie używaj ComboFix, jedynie na polecenie fachowca/specjalisty.

Wrzuć obowiązkowe logi:

OTL.txt i Extras.txt --> http://www.hotfix.pl/obsluga-programu-otl-a143.htm
FRST --> bezpieczenstwo/korzystanie-z-frst-t28530.html

Logi/raporty wklejasz na:
Dostępne tylko dla zarejestrowanych użytkowników
lub: Dostępne tylko dla zarejestrowanych użytkowników
a na forum podajesz tylko linki do nich.

Przenoszę temat z działu Problemy Bezpieczeństwo
XMan.

Post09 gru 2014, 15:56

OTL

Dostępne tylko dla zarejestrowanych użytkowników

OTL Extras

Dostępne tylko dla zarejestrowanych użytkowników

Shortcut

Dostępne tylko dla zarejestrowanych użytkowników

Addition

Dostępne tylko dla zarejestrowanych użytkowników

FRST

Dostępne tylko dla zarejestrowanych użytkowników

Z góry dzięki za pomoc !

Post09 gru 2014, 16:03

1. Otwórz notatnik i wklej:

CloseProcesses:
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Irena\AppData\Local\Temp\catchme.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
U3 mbr; \??\C:\Users\Irena\AppData\Local\Temp\mbr.sys [X]
R1 bd0001; C:\Windows\System32\DRIVERS\bd0001.sys [71496 2014-12-02] (Baidu)
R1 bd0002; C:\Windows\System32\DRIVERS\bd0002.sys [198472 2014-12-02] (Baidu)
R1 bd0003; C:\Windows\System32\DRIVERS\bd0003.sys [57160 2014-12-02] (Baidu)
R1 bd0004; C:\Windows\System32\DRIVERS\bd0004.sys [185672 2014-12-03] (Baidu)
R2 BDArKit; C:\Windows\System32\DRIVERS\BDArKit.sys [137544 2014-12-03] (Baidu Technology)
R2 BDDefense; C:\Windows\System32\drivers\BDDefense.sys [123720 2014-12-02] (Baidu)
R1 BDEnhanceBoost; C:\Windows\system32\drivers\BDEnhanceBoost.sys [61256 2014-10-12] (Baidu)
R1 BDFileDefend; C:\Windows\System32\DRIVERS\BDFileDefend.sys [26824 2014-12-02] (Baidu)
R1 BDMWrench; C:\Windows\System32\DRIVERS\BDMWrench.sys [229712 2014-12-05] (Baidu)
S1 BDSafeBrowser; C:\Windows\System32\drivers\BDSafeBrowser.sys [67656 2014-12-02] (Baidu)
R1 BdSandBox; C:\Windows\System32\DRIVERS\BdSandBox.sys [139784 2014-12-02] (Baidu)
C:\Windows\System32\DRIVERS\BdSandBox.sys
C:\Windows\System32\drivers\BDSafeBrowser.sys
C:\Windows\System32\DRIVERS\BDMWrench.sys
C:\Windows\System32\DRIVERS\BDFileDefend.sys
C:\Windows\system32\drivers\BDEnhanceBoost.sys
C:\Windows\System32\drivers\BDDefense.sys
C:\Windows\System32\DRIVERS\bd0001.sys
C:\Windows\System32\DRIVERS\bd0002.sys
C:\Windows\System32\DRIVERS\bd0003.sys
C:\Windows\System32\DRIVERS\bd0004.sys
C:\Windows\System32\DRIVERS\BDArKit.sys
C:\Windows\System32\ir16_32.dll
R2 BaiduHips; C:\Program Files\Common Files\Baidu\BaiduHips\1.2.0.751\BaiduHips.exe [64008 2014-12-02] (百度在线网络技术（北京）有限公司)
R2 BDKVRTP; C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdSvc.exe [793096 2014-12-02] (百度在线网络技术（北京）有限公司)
R2 BDSGRTP; C:\Program Files\Common Files\Baidu\BaiduProtect1.3\1.3.0.645\BaiduProtect.exe [1940072 2014-12-04] (百度在线网络技术（北京）有限公司)
C:\Program Files\Common Files\Baidu
C:\Program Files\BaiduSd3.0
CHR Extension: (Домашняя страница – Mail.Ru) - C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pldbienodkpgkccocelidinmciedjdok [2014-10-12]
CHR HKLM\...\Chrome\Extension: [hcncjpganfocbfoenaemagjjopkkindp] - No Path
CHR HKLM\...\Chrome\Extension: [jggbjbmnfmipgcanidamjfpechdeekoi] - No Path
CHR HKLM\...\Chrome\Extension: [pldbienodkpgkccocelidinmciedjdok] - No Path
C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\pldbienodkpgkccocelidinmciedjdok
CHR Extension: («Визуальные Закладки» от Mail.Ru) - C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcncjpganfocbfoenaemagjjopkkindp [2014-10-12]
CHR Extension: (Mail.Ru) - C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggbjbmnfmipgcanidamjfpechdeekoi [2014-10-13]
C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\jggbjbmnfmipgcanidamjfpechdeekoi
C:\Users\Irena\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcncjpganfocbfoenaemagjjopkkindp
CHR Plugin: (百度杀毒) - C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll (百度在线网络技术（北京）有限公司)
CHR HomePage: Default -> hxxp://mail.ru/cnt/10445?gp=profitraf3
CHR StartupUrls: Default -> "hxxp://mail.ru/cnt/10445?gp=profitraf3", "https://www.google.pl/"
FF Plugin: @baidu.com/BaidusdDetectNPPlugin -> C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\explugin\npBaiduSDDetectPlug.dll (百度在线网络技术（北京）有限公司)
HKU\S-1-5-21-270774167-3065140468-499448817-1000\Software\Microsoft\Internet Explorer\Main,Start Page = Dostępne tylko dla zarejestrowanych użytkowników
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-270774167-3065140468-499448817-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\...\Run: [baidusdTray] => C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSdTray.exe [2505224 2014-12-02] (百度在线网络技术（北京）有限公司)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度杀毒
C:\ProgramData\Baidu
Task: {2C59ECAF-3A27-4640-9F4B-519B05BDD70F} - \Microsoft\Windows\MUI\LPRemove No Task File <==== ATTENTION
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度杀毒\卸载百度杀毒.lnk -> C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\uninst.exe (百度在线网络技术（北京）有限公司)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\百度杀毒\百度杀毒.lnk -> C:\Program Files\BaiduSd3.0\BaiduSd\3.0.0.4605\BaiduSd.exe (百度在线网络技术（北京）有限公司)
InternetURL: C:\Users\Irena\Favorites\Mail.Ru Агент - используй для общения!.url -> hxxp://agent.mail.ru
InternetURL: C:\Users\Irena\Favorites\Mail.Ru.url -> hxxp://www.mail.ru
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok narzędzia FRST. Uruchom FRST i kliknij w Fix. System zostanie zresetowany.
Dołącz fixlog.txt który będzie po restarcie.

2. Użyj >Dostępne tylko dla zarejestrowanych użytkowników
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner[S].txt

3. Wykonaj i wklej nowe logi z FRST.

Post09 gru 2014, 17:02

ADW cleanerem używałem na samym początku zanim założyłem ten temat,ale teraz zrobiłem jeszcze raz, logi niżej.

ADW:

Dostępne tylko dla zarejestrowanych użytkowników

Fixlog :

Dostępne tylko dla zarejestrowanych użytkowników

FRST

Dostępne tylko dla zarejestrowanych użytkowników

Addition

Dostępne tylko dla zarejestrowanych użytkowników

Shortcut

Dostępne tylko dla zarejestrowanych użytkowników

Wielkie dzięki za poświęcony czas !

Post09 gru 2014, 17:23

Wkleiłeś te same logi, popraw.

Post09 gru 2014, 17:43

Fixlog po restarcie :

Dostępne tylko dla zarejestrowanych użytkowników

ADW

Dostępne tylko dla zarejestrowanych użytkowników

Post09 gru 2014, 18:02

Oki, wykonaj teraz nowe logi z FRST i wstaw je.