Proszę o pomoc przy sprawdzenie logów w FRST. Dziś w nocy ktoś przejął moje konto pocztowe na WP i konto na Allegro. Sprzedał w tym czasie produkt za prawie 4000 tys zł. Całe szczęście dziś rano zauważyłem co się stało i udało się odzyskać pieniądze przed pierwszą sesją. Boję się, żeby sytuacja się nie powtórzyła. Jak się ochronić przed kolejnym atakiem? Pozmieniałem wszystkie hasła. Skanowanie Avastem, którego miałem nic nie wykazało. Skanowanie Dr. Web Cureit - też nic nie pokazało. Skanowanie Malwarebytes Anti-Malware - wyrzuciło z 40 zagrożeń, większość pliki rejestru: HKLM/Software........i coś dalej. Wszystkie usunąłem. Przy powtórnym skanowaniu już ich nie pokazuje. Zrobiłem jeszcze skan FRST. Z góry dzięki za sprawdzenie. Co dalej robić, żeby zabezpieczyć się przed kolejnym przejęciem haseł?
Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja:10-01-2015 01
Uruchomiony przez tompil (administrator) TOMPIL-KOMPUTER (13-01-2016 20:22:39)
Uruchomiony z C:\Users\tompil\Downloads
Załadowane profile: tompil (Dostępne profile: tompil)
Platform: Windows 7 Professional Service Pack 1 (X64) Język: Polski (Polska)
Internet Explorer Wersja 11 (Domyślna przeglądarka: IE)
Tryb startu: Normal
Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Procesy (filtrowane) =================
(Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ABBYY (BIT Software)) C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
(Autodesk Inc.) C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(QUALCOMM, Inc.) C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
() C:\Program Files (x86)\Transoft Solutions\License Server\TransoftLS.exe
(Microsoft Corporation) C:\Windows\System32\FXSSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Smith Micro Software, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(© 2015 Microsoft Corporation) C:\Users\tompil\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(NEC Electronics Corporation) C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Rejestr (filtrowane) ===========================
(Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.)
HKLM\...\Run: [SysTrayApp] = & gt; C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-29] (IDT, Inc.)
HKLM\...\Run: [IAAnotif] = & gt; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation)
HKLM\...\Run: [nwiz] = & gt; nwiz.exe /installquiet
HKLM\...\Run: [NvCplDaemon] = & gt; RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SynTPEnh] = & gt; C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [Autodesk Sync] = & gt; C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-05] (Autodesk, Inc.)
HKLM\...\Run: [EvtMgr6] = & gt; C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [IMSS] = & gt; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2009-11-04] ()
HKLM-x32\...\Run: [NUSB3MON] = & gt; C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [QlbCtrl.exe] = & gt; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] = & gt; [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] = & gt; C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-10-01] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HP Connection Manager.exe] = & gt; 0
HKLM-x32\...\Run: [SunJavaUpdateSched] = & gt; C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254896 2012-09-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] = & gt; C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2016-01-13] (AVAST Software)
HKLM-x32\...\Run: [ADSKAppManager] = & gt; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe [488328 2014-09-04] (Autodesk Inc.)
HKLM-x32\...\Run: [IndexSearch] = & gt; C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] = & gt; C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] = & gt; C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] = & gt; C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] = & gt; C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-04-08] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] = & gt; C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2013-03-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrHelp] = & gt; C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-3990154743-2004215790-3669966637-1000\...\Run: [ISUSPM] = & gt; C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-3990154743-2004215790-3669966637-1000\...\Policies\Explorer: []
HKU\S-1-5-21-3990154743-2004215790-3669966637-1000\...\MountPoints2: {56667c76-b7ef-11e2-8e3c-806e6f6e6963} - F:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
HKU\S-1-5-21-3990154743-2004215790-3669966637-1000\...\MountPoints2: {6a67c95f-b85d-11e2-b995-cc52af001dd4} - G:\Setup.exe
HKU\S-1-5-21-3990154743-2004215790-3669966637-1000\...\MountPoints2: {a4e504a1-25eb-11e4-877f-cc52af001dd4} - G:\Setup.exe
ShellIconOverlayIdentifiers: [00avast] - & gt; {472083B0-C522-11CF-8763-00608CC02F24} = & gt; C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-01-13] (AVAST Software)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] - & gt; {36A21736-36C2-4C11-8ACB-D4136F2B57BD} = & gt; C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
ShellIconOverlayIdentifiers: [Uchwyt nakładania ikony podpisu cyfrowego] - & gt; {36A21736-36C2-4C11-8ACB-D4136F2B57BD} = & gt; C:\Windows\system32\AcSignIcon.dll [2014-02-07] (Autodesk, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Action Manager 32.lnk [2015-05-09]
ShortcutTarget: Action Manager 32.lnk - & gt; C:\Program Files (x86)\Plustek\OpticPro S28\AM32.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Action Manager 32.lnk [2015-05-09]
ShortcutTarget: Action Manager 32.lnk - & gt; C:\Program Files (x86)\Plustek\OpticPro S28\AM32.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia & lt; ======= UWAGA
CHR HKU\S-1-5-21-3990154743-2004215790-3669966637-1000\SOFTWARE\Policies\Google: Ograniczenia & lt; ======= UWAGA
==================== Internet (filtrowane) ====================
(Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0C0C3EC3-0C17-464F-B6FB-0E155115EAB2}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3F1718DD-EF87-4F86-935F-FBD0B1F66CB9}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C94357C8-3018-4AFA-BA5C-A01344EBB6F8}: [NameServer] 212.2.96.51 212.2.96.52
Internet Explorer:
==================
HKU\S-1-5-21-3990154743-2004215790-3669966637-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wp.pl/
URLSearchHook: HKLM-x32 - & gt; Domyślne = {FE69C007-C452-4d3e-86D2-1730DF8BC871}
URLSearchHook: HKLM-x32 - SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll Brak pliku
SearchScopes: HKU\S-1-5-21-3990154743-2004215790-3669966637-1000 - & gt; DefaultScope {3C4DFC16-4AD6-4407-8C94-8B798DE786B8} URL = hxxp://www.google.com/search?hl=pl & q={searchTerms}
SearchScopes: HKU\S-1-5-21-3990154743-2004215790-3669966637-1000 - & gt; {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3990154743-2004215790-3669966637-1000 - & gt; {3C4DFC16-4AD6-4407-8C94-8B798DE786B8} URL = hxxp://www.google.com/search?hl=pl & q={searchTerms}
BHO: avast! Online Security - & gt; {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - & gt; C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-01-13] (AVAST Software)
BHO: Safe Money Plugin - & gt; {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - & gt; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll = & gt; Brak pliku
BHO: Logitech SetPoint - & gt; {AF949550-9094-4807-95EC-D1C317803333} - & gt; C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object - & gt; {FFCB3198-32F3-4E8B-9539-4324694ED664} - & gt; C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2014-08-12] (Adblock Plus)
BHO-x32: PlusIEEventHelper Class - & gt; {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - & gt; C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - & gt; {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - & gt; C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2014-03-12] (Sun Microsystems, Inc.)
BHO-x32: Brak nazwy - & gt; {7825CFB6-490A-436B-9F26-4A7B5CFC01A9} - & gt; Brak pliku
BHO-x32: avast! Online Security - & gt; {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - & gt; C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-01-13] (AVAST Software)
BHO-x32: Safe Money Plugin - & gt; {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - & gt; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll = & gt; Brak pliku
BHO-x32: Logitech SetPoint - & gt; {AF949550-9094-4807-95EC-D1C317803333} - & gt; C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - & gt; {B4F3A835-0E21-4959-BA22-42B3008E02FF} - & gt; C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL = & gt; Brak pliku
BHO-x32: Microsoft SkyDrive Pro Browser Helper - & gt; {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - & gt; C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - & gt; {DBC80044-A445-435b-BC74-9C25C1C588A9} - & gt; C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2014-03-12] (Sun Microsystems, Inc.)
BHO-x32: Adblock Plus for IE Browser Helper Object - & gt; {FFCB3198-32F3-4E8B-9539-4324694ED664} - & gt; C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2014-08-12] (Adblock Plus)
Toolbar: HKLM - Brak nazwy - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku
Toolbar: HKLM-x32 - SimilarSites - {FE69C007-C452-4d3e-86D2-1730DF8BC871} - C:\Program Files (x86)\SimilarSites\similarsites.dll Brak pliku
Toolbar: HKU\S-1-5-21-3990154743-2004215790-3669966637-1000 - & gt; Brak nazwy - {434D452D-5637-006A-76A7-7A786E7484D7} - Brak pliku
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - & gt; C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf - & gt; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2011-07-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - & gt; C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku]
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - & gt; C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [Brak pliku]
FF Plugin-x32: @Google.com/GoogleEarthPlugin - & gt; C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_45 - & gt; C:\Windows\SysWOW64\npdeployJava1.dll [2014-03-12] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - & gt; C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll [2014-03-12] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - & gt; C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - & gt; C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - & gt; C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - & gt; C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-01-13]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-12-02] [Brak podpisu cyfrowego]
FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-01-13]
Chrome:
=======
CHR HomePage: Default - & gt; msn.com/?pc=__PARAM__ & ocid=__PARAM__DHP & osmkt=pl-pl
CHR DefaultSearchURL: Default - & gt; hxxp://www.bing.com/search?FORM=__PARAM__DF & PC=__PARAM__ & q={searchTerms}
CHR DefaultSearchKeyword: Default - & gt; bing.com
CHR Profile: C:\Users\tompil\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Prezentacje Google) - C:\Users\tompil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-12]
CHR Extension: (Dokumenty Google) - C:\Users\tompil\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-12]
CHR Extension: (Dysk Google) - C:\Users\tompil\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\tompil\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\tompil\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Bing) - C:\Users\tompil\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd [2016-01-08]
CHR Extension: (Arkusze Google) - C:\Users\tompil\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-12]
CHR Extension: (Dokumenty Google offline) - C:\Users\tompil\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Avast Online Security) - C:\Users\tompil\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-30]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\tompil\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR Extension: (Gmail) - C:\Users\tompil\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
CHR HKU\S-1-5-21-3990154743-2004215790-3669966637-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-01-13]
==================== Usługi (filtrowane) ========================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R2 ABBYY.Licensing.FineReader.Professional.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [660768 2007-12-06] (ABBYY (BIT Software))
R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [597896 2014-09-04] (Autodesk Inc.)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2016-01-13] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [Brak podpisu cyfrowego]
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [243880 2015-01-16] (Foxit Software Inc.)
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [Brak podpisu cyfrowego]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [Brak podpisu cyfrowego]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [Brak podpisu cyfrowego]
R2 QDLService2kHP; C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kHP.exe [330488 2009-10-01] (QUALCOMM, Inc.)
R2 SMManager; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\SMManager.exe [82760 2009-11-13] (Smith Micro Software, Inc.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [244736 2010-01-29] (IDT, Inc.)
R2 Transoft Solutions License Server V1.7; C:\Program Files (x86)\Transoft Solutions\License Server\TransoftLS.exe [446464 2012-05-01] () [Brak podpisu cyfrowego]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
===================== Sterowniki (filtrowane) ==========================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2016-01-13] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2016-01-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2016-01-13] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2016-01-13] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2016-01-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2016-01-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2016-01-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2016-01-13] (AVAST Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2014-08-17] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S2 haspnt; C:\Windows\SysWOW64\DRIVERS\haspnt.sys [47616 2003-12-18] (Aladdin Knowledge Systems) [Brak podpisu cyfrowego]
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [164864 2013-05-25] (ITE )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 qcfilterhp2k; C:\Windows\System32\DRIVERS\qcfilterhp2k.sys [6400 2009-10-01] (QUALCOMM Incorporated)
S3 qcusbnethp2k; C:\Windows\System32\DRIVERS\qcusbnethp2k.sys [235008 2009-10-01] (QUALCOMM Incorporated)
S3 qcusbserhp2k; C:\Windows\System32\DRIVERS\qcusbserhp2k.sys [121216 2009-10-01] (QUALCOMM Incorporated)
R3 rismcx64; C:\Windows\System32\DRIVERS\rismcx64.sys [59008 2009-07-20] (RICOH Company, Ltd.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1798400 2009-12-18] ()
S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [8944 1999-05-05] (Microsoft Corporation) [Brak podpisu cyfrowego]
==================== NetSvcs (filtrowane) ===================
(Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.)
==================== Jeden miesiąc - utworzone pliki i foldery ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2016-01-13 20:22 - 2016-01-13 20:22 - 00024006 _____ C:\Users\tompil\Downloads\FRST.txt
2016-01-13 20:20 - 2016-01-13 20:22 - 00000000 ____D C:\FRST
2016-01-13 20:19 - 2016-01-13 20:19 - 02370560 _____ (Farbar) C:\Users\tompil\Downloads\FRST64 (2).exe
2016-01-13 20:19 - 2016-01-13 20:19 - 02370560 _____ (Farbar) C:\Users\tompil\Downloads\FRST64 (1).exe
2016-01-13 20:18 - 2016-01-13 20:18 - 02370560 _____ (Farbar) C:\Users\tompil\Downloads\FRST64.exe
2016-01-13 19:24 - 2016-01-13 19:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-13 19:23 - 2016-01-13 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-13 19:23 - 2016-01-13 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-13 19:23 - 2016-01-13 19:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-13 19:23 - 2016-01-13 19:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-13 19:23 - 2016-01-13 19:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-13 19:23 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-13 19:23 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-13 19:23 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-13 19:00 - 2016-01-13 19:12 - 00000000 ____D C:\Users\tompil\Doctor Web
2016-01-13 18:57 - 2016-01-13 20:09 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-13 18:57 - 2016-01-13 18:57 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-13 18:37 - 2016-01-13 18:37 - 00386096 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2016-01-13 18:37 - 2016-01-13 18:37 - 00043112 _____ (AVAST Software) C:\Windows\avastSS.scr
2016-01-13 18:35 - 2016-01-13 18:35 - 22908888 _____ (Malwarebytes ) C:\Users\tompil\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-13 18:34 - 2016-01-13 18:45 - 181109528 _____ C:\Users\tompil\Downloads\cureit.exe
2016-01-13 08:22 - 2016-01-13 08:22 - 00049504 _____ C:\Users\tompil\Downloads\TERMOMIX.pdf
2015-12-17 14:35 - 2015-12-19 17:05 - 00000000 ____D C:\Users\tompil\AppData\Local\Microsoft Games
2015-12-17 14:34 - 2015-12-17 14:34 - 00000000 ____D C:\Program Files\Microsoft Games
2015-12-15 15:05 - 2015-12-15 19:28 - 00000000 ____D C:\Users\tompil\Documents\Freelab
2015-12-15 15:04 - 2015-12-15 19:33 - 00000000 ____D C:\Program Files (x86)\Freelab
2015-12-15 15:04 - 2015-12-15 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freelab
2015-12-15 15:04 - 2015-12-15 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freelab
==================== Jeden miesiąc - zmodyfikowane pliki i foldery ========
(Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.)
2016-01-13 20:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows
2016-01-13 20:01 - 2013-05-13 07:00 - 00005122 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for tompil-Komputer-tompil tompil-Komputer
2016-01-13 19:50 - 2009-07-14 05:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-13 19:50 - 2009-07-14 05:45 - 00021648 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-13 19:46 - 2015-03-12 08:10 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-13 19:42 - 2015-09-09 19:44 - 00000286 _____ C:\servicetest.txt
2016-01-13 19:42 - 2015-03-12 08:10 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-13 19:41 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-13 19:40 - 2013-10-08 14:02 - 00000000 ____D C:\ProgramData\APN
2016-01-13 19:40 - 2013-10-08 14:02 - 00000000 ____D C:\ProgramData\APN
2016-01-13 19:40 - 2013-05-08 16:08 - 00000000 ____D C:\Users\tompil
2016-01-13 18:57 - 2013-05-12 11:23 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-13 18:57 - 2013-05-12 11:23 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-13 18:38 - 2013-05-08 17:25 - 00451040 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2016-01-13 18:38 - 2013-05-08 17:25 - 00097648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2016-01-13 18:38 - 2013-05-08 17:25 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2016-01-13 18:37 - 2014-10-03 11:50 - 00155304 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2016-01-13 18:37 - 2014-10-03 11:50 - 00028656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2016-01-13 18:37 - 2013-05-08 17:25 - 01055560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2016-01-13 18:37 - 2013-05-08 17:25 - 00273784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2016-01-13 18:37 - 2013-05-08 17:25 - 00093528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2016-01-13 18:37 - 2013-05-08 17:25 - 00065224 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2016-01-13 17:44 - 2013-10-25 20:51 - 00000000 ____D C:\Users\tompil\AppData\LocalLow\Adblock Plus for IE
2016-01-13 14:37 - 2013-05-13 11:47 - 00000000 ____D C:\Users\tompil\Documents\Pliki programu Outlook
2016-01-12 12:38 - 2010-05-16 00:28 - 00743216 _____ C:\Windows\system32\perfh015.dat
2016-01-12 12:38 - 2010-05-16 00:28 - 00156784 _____ C:\Windows\system32\perfc015.dat
2016-01-12 12:38 - 2009-07-14 06:13 - 01676900 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-12 12:38 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-01-10 20:34 - 2015-10-07 11:44 - 00013245 _____ C:\Windows\BRRBCOM.INI
2016-01-03 09:20 - 2009-07-14 06:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-01-02 23:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-12-17 14:34 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-17 14:34 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
==================== Pliki w katalogu głównym wybranych folderów =======
2014-05-13 20:47 - 2014-05-13 20:47 - 0000054 _____ () C:\Users\tompil\AppData\Roaming\Camdata.ini
2014-05-13 20:47 - 2014-05-13 20:47 - 0000408 _____ () C:\Users\tompil\AppData\Roaming\CamLayout.ini
2014-05-13 20:47 - 2014-05-13 20:47 - 0000408 _____ () C:\Users\tompil\AppData\Roaming\CamShapes.ini
2014-05-13 20:47 - 2014-05-13 20:47 - 0004536 _____ () C:\Users\tompil\AppData\Roaming\CamStudio.cfg
2014-05-13 19:58 - 2014-05-13 19:58 - 0000096 _____ () C:\Users\tompil\AppData\Roaming\version2.xml
2013-05-08 16:38 - 2013-05-08 16:38 - 0000000 _____ () C:\Users\tompil\AppData\Local\AtStart.txt
2013-11-08 20:36 - 2014-03-12 13:54 - 0004608 _____ () C:\Users\tompil\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-05-08 16:38 - 2013-05-08 16:38 - 0000000 _____ () C:\Users\tompil\AppData\Local\DSwitch.txt
2014-02-11 10:51 - 2015-01-25 22:30 - 0004096 ____H () C:\Users\tompil\AppData\Local\keyfile3.drm
2013-05-08 16:38 - 2013-05-08 16:38 - 0000000 _____ () C:\Users\tompil\AppData\Local\QSwitch.txt
2013-10-08 19:10 - 2014-07-14 11:02 - 0007630 _____ () C:\Users\tompil\AppData\Local\resmon.resmoncfg
2015-03-29 10:39 - 2015-03-29 10:39 - 0003187 _____ () C:\Users\tompil\AppData\Local\unins000.dat
2015-03-29 10:39 - 2015-03-29 10:39 - 0707744 _____ () C:\Users\tompil\AppData\Local\unins000.exe
2015-03-29 10:39 - 2015-03-29 10:39 - 0011761 _____ () C:\Users\tompil\AppData\Local\unins000.msg
2013-05-25 18:42 - 2015-11-17 21:09 - 0206768 _____ () C:\ProgramData\LmeUSB.log
2013-05-25 18:42 - 2015-11-17 21:09 - 0202647 _____ () C:\ProgramData\LmeZJSW.log
2013-05-25 18:42 - 2015-11-17 21:09 - 0206758 _____ () C:\ProgramData\LSDmbTH.log
==================== Bamital & volsnap =================
(Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.)
C:\Windows\system32\winlogon.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\wininit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\explorer.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\svchost.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\services.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\User32.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\userinit.exe = & gt; Plik podpisany cyfrowo
C:\Windows\system32\rpcss.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\SysWOW64\dnsapi.dll = & gt; Plik podpisany cyfrowo
C:\Windows\system32\Drivers\volsnap.sys = & gt; Plik podpisany cyfrowo
LastRegBack: 2016-01-12 08:57
==================== Koniec FRST.txt ============================