Fixlist.txt dla FRST:
Task: {F0CEBEC8-5205-4BF1-960C-AF29AD0E82D8} - System32\Tasks\{ADF5DC68-CC4A-4547-85F3-8E50793B9FE4} => pcalua.exe -a C:\Users\Brzostek\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cor
ShortcutWithArgument: C:\Users\Brzostek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449736911&z=3644a6d1f4087a6f0bdd06fg2zcz8t5m2c6q0t0e6b&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523 <==== UWAGA
ShortcutWithArgument: C:\Users\Brzostek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449736911&z=3644a6d1f4087a6f0bdd06fg2zcz8t5m2c6q0t0e6b&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523 <==== UWAGA
ShortcutWithArgument: C:\Users\Brzostek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449736911&z=3644a6d1f4087a6f0bdd06fg2zcz8t5m2c6q0t0e6b&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523 <==== UWAGA
ShortcutWithArgument: C:\Users\Brzostek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449736911&z=3644a6d1f4087a6f0bdd06fg2zcz8t5m2c6q0t0e6b&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523 <==== UWAGA
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449736911&z=3644a6d1f4087a6f0bdd06fg2zcz8t5m2c6q0t0e6b&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523 <==== UWAGA
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www.yoursites123.com/?type=sc&ts=1449736911&z=3644a6d1f4087a6f0bdd06fg2zcz8t5m2c6q0t0e6b&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523 <==== UWAGA
IE trusted site: HKU\S-1-5-21-547465849-2547765342-3519932662-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-547465849-2547765342-3519932662-1002\...\webcompanion.com -> hxxp://webcompanion.com
(tsvr.com) C:\Users\Brzostek\AppData\Roaming\TSv\TSvr.exe
() C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
(TFuns LIMITED) C:\ProgramData\OWdMO\WdMan.exe
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Brak pliku
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll Brak pliku
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll Brak pliku
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll Brak pliku
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll Brak pliku
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-03] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-03] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-03] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-03] (Lavasoft Limited)
Winsock: Catalog9-x64 16 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2015-10-03] (Lavasoft Limited)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449736911&z=3644a6d1f4087a6f0bdd06fg2zcz8t5m2c6q0t0e6b&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449736911&z=3644a6d1f4087a6f0bdd06fg2zcz8t5m2c6q0t0e6b&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1447250340&z=6b8cda033e2edc01e579ec0g0z4z8mbo2w2e3caobw&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.omniboxes.com/web/?type=ds&ts=1447250340&z=6b8cda033e2edc01e579ec0g0z4z8mbo2w2e3caobw&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449736911&z=3644a6d1f4087a6f0bdd06fg2zcz8t5m2c6q0t0e6b&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449736911&z=3644a6d1f4087a6f0bdd06fg2zcz8t5m2c6q0t0e6b&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447250340&z=6b8cda033e2edc01e579ec0g0z4z8mbo2w2e3caobw&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.omniboxes.com/web/?type=ds&ts=1447250340&z=6b8cda033e2edc01e579ec0g0z4z8mbo2w2e3caobw&from=wpm07173&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523&q={searchTerms}
HKU\S-1-5-21-547465849-2547765342-3519932662-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.yoursites123.com/web/?type=ds&ts=1449736911&z=3644a6d1f4087a6f0bdd06fg2zcz8t5m2c6q0t0e6b&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523&q={searchTerms}
HKU\S-1-5-21-547465849-2547765342-3519932662-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yoursites123.com/?type=hp&ts=1449736911&z=3644a6d1f4087a6f0bdd06fg2zcz8t5m2c6q0t0e6b&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523
HKU\S-1-5-21-547465849-2547765342-3519932662-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yoursites123.com/?type=hp&ts=1449736911&z=3644a6d1f4087a6f0bdd06fg2zcz8t5m2c6q0t0e6b&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523
HKU\S-1-5-21-547465849-2547765342-3519932662-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com
HKU\S-1-5-21-547465849-2547765342-3519932662-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.yoursites123.com/web/?type=ds&ts=1449736911&z=3644a6d1f4087a6f0bdd06fg2zcz8t5m2c6q0t0e6b&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523&q={searchTerms}
URLSearchHook: [S-1-5-21-547465849-2547765342-3519932662-1001] UWAGA => Brak domyślnego URLSearchHook
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-547465849-2547765342-3519932662-1002 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-547465849-2547765342-3519932662-1002 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://pl.search.yahoo.com/search?fr=vmn&type=vmn__webcompa__1_0__ya__ch_WCYID10099_swoc_campaign_151003__yaie&p={searchTerms}
Toolbar: HKLM - Brak nazwy - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Brak pliku
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.mystartsearch.com/?type=sc&ts=1443902153&z=e97af0527024ff5dbd39fd3gaz1zacetfe9g4t7z1c&from=cor&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523
FF Plugin-x32: @McAfee.com/MSC,version=10 -> C:\Program Files (x86)\McAfee\MSC\npMcSnFFPl.dll [Brak pliku]
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Brzostek\AppData\Roaming\Mozilla\Firefox\Profiles\a4iw3645.default\extensions\defsearchp@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Brzostek\AppData\Roaming\Mozilla\Firefox\Profiles\a4iw3645.default\extensions\deskCutv2@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Brzostek\AppData\Roaming\Mozilla\Firefox\Profiles\a4iw3645.default\extensions\default_newtabff@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [sidebarff@gmail.com] - C:\Users\Brzostek\AppData\Roaming\Mozilla\Firefox\Profiles\a4iw3645.default\extensions\sidebarff@gmail.com => nie znaleziono
FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Brzostek\AppData\Roaming\Mozilla\Firefox\Profiles\a4iw3645.default\extensions\yahooprotected@gmail.com => nie znaleziono
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => nie znaleziono
StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.yoursites123.com/?type=sc&ts=1449736911&z=3644a6d1f4087a6f0bdd06fg2zcz8t5m2c6q0t0e6b&from=ient07021&uid=ST1000LM024XHN-M101MBB_S2U5J9AD137523
R2 IhPul; C:\Users\Brzostek\AppData\Roaming\TSv\TSvr.exe [580752 2015-12-08] (tsvr.com)
R2 MaintainerSvc6.37.565328; C:\ProgramData\7bb6df21-8ca8-4eec-965d-8cd2261544c7\maintainer.exe [128240 2015-10-22] ()
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [170144 2015-11-27] (TODO: <公司名>)
R2 WdMan; C:\ProgramData\OWdMO\WdMan.exe [333312 2015-12-04] (TFuns LIMITED) [Brak podpisu cyfrowego]
S2 PicexaService; C:\Program Files (x86)\Picexa\PicexaSvc.exe [X]
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106112 2012-06-22] (McAfee, Inc.)
R1 {60fb1691-e7e8-4d48-b26c-c3f85822f710}Gw64; C:\Windows\System32\drivers\{60fb1691-e7e8-4d48-b26c-c3f85822f710}Gw64.sys [48784 2014-11-03] (StdLib)
S1 tcfd_vw_1_10_0_24; system32\drivers\tcfd_vw_1_10_0_24.sys [X]
2015-12-10 12:11 - 2015-12-10 12:11 - 00000000 ____D C:\Users\Brzostek\AppData\Roaming\eCyber
2015-12-10 09:43 - 2015-12-10 20:44 - 00000000 ____D C:\Program Files (x86)\SFK
2015-12-10 09:42 - 2015-12-10 09:43 - 00000000 ____D C:\ProgramData\OWdMO
2015-12-10 09:41 - 2015-12-10 09:41 - 00000000 ____D C:\ProgramData\iWdMi
2015-12-09 20:47 - 2015-12-10 20:43 - 00000001 _____ C:\WINDOWS\SysWOW64\pl.html
2015-11-11 15:01 - 2015-12-10 09:41 - 00000000 ____D C:\ProgramData\3WMiniPro3
2015-11-11 14:58 - 2015-11-11 14:59 - 00000000 ____D C:\ProgramData\HWMiniProH
2015-12-10 09:42 - 2015-10-14 11:38 - 00000000 ____D C:\Users\Brzostek\AppData\Roaming\TSv
2015-12-10 09:42 - 2015-10-03 20:57 - 00000074 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
EmptyTemp:
Po wykonaniu zamiesc nowe logi z FRST, ze skanowania.
