Elektroda.pl
Elektroda.pl
X
Proszę, dodaj wyjątek www.elektroda.pl do Adblock.
Dzięki temu, że oglądasz reklamy, wspierasz portal i użytkowników.

Spybot scan - wynik scanu i szpiegowanie.

Mtk87 30 Kwi 2016 10:34 690 10
  • #1 30 Kwi 2016 10:34
    Mtk87
    Poziom 4  

    Witam,

    Z mojego komputera wyplywaja dane. Format najwyrazniej nie pomogl. Jak moge udowodnic danej osobie szpiegostwo?
    Zrobilam scan spybotem, ale nie wiem czy z tego wynika czy mialam zainstalowany program szpiegowski?

    Czy ktos moglby mi pomoc?

    Przesylam wynik scanu:

    Spoiler:
    earch results from Spybot - Search & Destroy

    2016-04-30 10:20:18
    Scan took 00:51:24.
    32 items found.

    Elex.V9: [SBI $08CEB09F] IE start page (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Start Page

    Elex.V9: [SBI $08CEB09F] IE start page (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\Microsoft\Internet Explorer\Main\Start Page

    Elex.V9: [SBI $08CEB09F] IE start page (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\Start Page

    Elex.V9: [SBI $08CEB09F] IE start page (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

    Elex.V9: [SBI $08CEB09F] IE start page (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

    Elex.V9: [SBI $08CEB09F] IE start page (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

    Elex.V9: [SBI $08CEB09F] IE start page (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

    Elex.V9: [SBI $08CEB09F] IE start page (Registry Change, nothing done)
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

    DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Thunderbird: PE_C_DEFAULT.MIGRATED (default)) (Browser: Cookie, nothing done)


    Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\TypedURLs

    Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\TypedURLs

    Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\Microsoft\Internet Explorer\TypedURLs

    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent





    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
    HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

    MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

    MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\Microsoft\Office\12.0\Excel\File MRU

    MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\Microsoft\Office\12.0\Word\File MRU

    MS Regedit: [SBI $C3B62FC1] Recent open key (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey

    Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

    Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

    Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

    WinRAR: [SBI $0B56E92B] Recent file list (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\WinRAR\ArcHistory

    WinRAR: [SBI $B84F9965] Last used directory (Registry Change, nothing done)
    HKEY_USERS\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\WinRAR\General\LastFolder

    WinRAR: [SBI $B510882E] Extraction directory history (Registry Key, nothing done)
    HKEY_USERS\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\WinRAR\DialogEditHistory\ExtrPath

    Cookie: [SBI $49804B54] Browser: Cookie (35) (Browser: Cookie, nothing done)


    Cache: [SBI $49804B54] Browser: Cache (237) (Browser: Cache, nothing done)


    History: [SBI $49804B54] Browser: History (127) (Browser: History, nothing done)


    Cookie: [SBI $49804B54] Browser: Cookie (13) (Browser: Cookie, nothing done)


    History: [SBI $49804B54] Browser: History (136) (Browser: History, nothing done)



    --- Spybot - Search & Destroy version: 2.5.42.131 DLL (build: 20140425) ---

    2015-06-17 SDBootCD.exe (2.5.42.109)
    2015-06-17 SDCleaner.exe (2.5.42.110)
    2015-06-17 SDDelFile.exe (2.5.42.94)
    2013-06-18 SDDisableProxy.exe
    2015-06-17 SDFSSvc.exe (2.5.42.217)
    2015-06-17 SDFileScanHelper.exe (2.5.42.1)
    2015-06-17 SDFiles.exe (2.5.42.135)
    2015-06-17 SDHelp.exe (2.5.42.1)
    2015-06-17 SDHookHelper.exe (2.5.42.2)
    2015-06-17 SDHookInst32.exe (2.5.42.2)
    2015-06-17 SDHookInst64.exe (2.5.42.2)
    2015-06-17 SDImmunize.exe (2.5.42.130)
    2015-07-24 SDLicense.exe (2.4.40.0)
    2015-06-17 SDLogReport.exe (2.5.42.107)
    2015-06-17 SDOnAccess.exe (2.5.42.11)
    2015-06-17 SDPESetup.exe (2.5.42.3)
    2015-06-17 SDPEStart.exe (2.5.42.86)
    2015-06-17 SDPRE.exe (2.5.42.22)
    2015-06-17 SDPhoneScan.exe (2.5.42.28)
    2015-06-17 SDPrepPos.exe (2.5.42.15)
    2015-06-17 SDQuarantine.exe (2.5.42.103)
    2015-06-17 SDRootAlyzer.exe (2.5.42.116)
    2015-06-17 SDSBIEdit.exe (2.5.42.39)
    2015-06-17 SDScan.exe (2.5.42.181)
    2015-06-17 SDScript.exe (2.5.42.54)
    2015-06-17 SDSettings.exe (2.5.42.139)
    2015-06-17 SDShell.exe (2.5.42.2)
    2015-06-17 SDShred.exe (2.5.42.108)
    2015-06-17 SDSysRepair.exe (2.5.42.102)
    2015-06-17 SDTools.exe (2.5.42.157)
    2015-06-17 SDTray.exe (2.5.42.129)
    2015-06-17 SDUpdSvc.exe (2.5.42.77)
    2015-06-17 SDUpdate.exe (2.5.42.94)
    2015-07-24 SDWSCSvc.exe (2.5.42.2)
    2015-06-17 SDWelcome.exe (2.5.42.130)
    2015-06-17 blindman.exe (2.5.42.151)
    2015-06-17 explorer.exe (2.5.42.181)
    2016-02-13 sd2-installer.exe (2.5.43.0)
    2015-03-25 spybotsd2-install-av-update.exe (2.4.40.0)
    2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0)
    2014-07-31 spybotsd2-translation-esx.exe
    2013-06-19 spybotsd2-translation-frx.exe
    2015-03-25 spybotsd2-translation-hrx.exe
    2014-08-25 spybotsd2-translation-hux2.exe
    2014-10-01 spybotsd2-translation-nlx2.exe
    2014-11-05 spybotsd2-translation-ukx.exe
    2015-07-28 spybotsd2-windows-upgrade-installer.exe (1.4.0.0)
    2012-09-05 DelZip190.dll (1.9.0.107)
    2015-06-17 NotificationSpreader.dll (2.5.42.4)
    2015-06-17 SDAV.dll (2.5.42.1)
    2015-06-17 SDAdvancedCheckLibrary.dll (2.5.42.98)
    2015-06-17 SDECon32.dll (2.5.42.114)
    2015-06-17 SDECon64.dll (2.5.42.113)
    2015-06-17 SDEvents.dll (2.5.42.2)
    2015-06-17 SDFileScanLibrary.dll (2.5.42.14)
    2015-06-15 SDHook32.dll (2.5.42.2)
    2015-06-15 SDHook64.dll (2.5.42.2)
    2015-06-17 SDImmunizeLibrary.dll (2.5.42.2)
    2015-06-17 SDLicense.dll (2.5.42.0)
    2015-06-17 SDLists.dll (2.5.42.4)
    2015-06-17 SDResources.dll (2.5.42.7)
    2015-06-17 SDScanLibrary.dll (2.5.42.131)
    2015-06-17 SDTasks.dll (2.5.42.15)
    2015-06-17 SDWinLogon.dll (2.5.42.0)
    2015-06-17 Tools.dll (2.5.42.36)
    2012-08-23 borlndmm.dll (10.0.2288.42451)
    2012-09-10 libeay32.dll (1.0.0.4)
    2012-09-10 libssl32.dll (1.0.0.4)
    2011-04-19 msvcm90.dll (9.0.30729.6161)
    2011-04-19 msvcp90.dll (9.0.30729.6161)
    2011-04-19 msvcr90.dll (9.0.30729.6161)
    2012-08-23 sqlite3.dll
    2012-09-10 ssleay32.dll (1.0.0.4)
    2015-04-22 Includes\Adware-000.sbi (*)
    2015-08-05 Includes\Adware-001.sbi (*)
    2016-02-10 Includes\Adware-C.sbi (*)
    2014-01-13 Includes\Adware.sbi (*)
    2014-01-13 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2014-11-14 Includes\Dialer-000.sbi (*)
    2014-11-14 Includes\Dialer-001.sbi (*)
    2015-07-29 Includes\Dialer-C.sbi (*)
    2014-01-13 Includes\Dialer.sbi (*)
    2014-01-13 Includes\DialerC.sbi (*)
    2014-01-09 Includes\Fraud-000.sbi (*)
    2014-01-09 Includes\Fraud-001.sbi (*)
    2014-03-31 Includes\Fraud-002.sbi (*)
    2014-01-09 Includes\Fraud-003.sbi (*)
    2012-11-14 Includes\HeavyDuty.sbi (*)
    2014-11-14 Includes\Hijackers-000.sbi (*)
    2014-11-14 Includes\Hijackers-001.sbi (*)
    2015-12-23 Includes\Hijackers-C.sbi (*)
    2014-01-13 Includes\Hijackers.sbi (*)
    2014-01-13 Includes\HijackersC.sbi (*)
    2014-11-14 Includes\Keyloggers-000.sbi (*)
    2014-09-24 Includes\Keyloggers-C.sbi (*)
    2014-01-13 Includes\Keyloggers.sbi (*)
    2014-01-13 Includes\KeyloggersC.sbi (*)
    2015-06-25 Includes\Malware-000.sbi (*)
    2014-11-14 Includes\Malware-001.sbi (*)
    2014-11-14 Includes\Malware-002.sbi (*)
    2015-11-19 Includes\Malware-003.sbi (*)
    2014-11-14 Includes\Malware-004.sbi (*)
    2014-11-14 Includes\Malware-005.sbi (*)
    2014-02-26 Includes\Malware-006.sbi (*)
    2014-01-09 Includes\Malware-007.sbi (*)
    2016-02-10 Includes\Malware-C.sbi (*)
    2014-01-13 Includes\Malware.sbi (*)
    2013-12-23 Includes\MalwareC.sbi (*)
    2014-11-14 Includes\PUPS-000.sbi (*)
    2014-01-15 Includes\PUPS-001.sbi (*)
    2014-01-15 Includes\PUPS-002.sbi (*)
    2016-01-20 Includes\PUPS-C.sbi (*)
    2012-11-14 Includes\PUPS.sbi (*)
    2014-01-07 Includes\PUPSC.sbi (*)
    2014-01-08 Includes\Security-000.sbi (*)
    2015-12-02 Includes\Security-C.sbi (*)
    2014-01-21 Includes\Security.sbi (*)
    2014-01-21 Includes\SecurityC.sbi (*)
    2015-11-11 Includes\Spyware-000.sbi (*)
    2015-05-06 Includes\Spyware-001.sbi (*)
    2015-08-12 Includes\Spyware-C.sbi (*)
    2014-01-21 Includes\Spyware.sbi (*)
    2014-01-21 Includes\SpywareC.sbi (*)
    2011-06-07 Includes\Tracks.sbi (*)
    2012-11-19 Includes\Tracks.uti (*)
    2014-01-15 Includes\Trojans-000.sbi (*)
    2014-01-15 Includes\Trojans-001.sbi (*)
    2014-11-14 Includes\Trojans-002.sbi (*)
    2016-01-20 Includes\Trojans-003.sbi (*)
    2014-01-15 Includes\Trojans-004.sbi (*)
    2014-03-19 Includes\Trojans-005.sbi (*)
    2015-03-31 Includes\Trojans-006.sbi (*)
    2014-01-15 Includes\Trojans-007.sbi (*)
    2014-07-09 Includes\Trojans-008.sbi (*)
    2014-07-09 Includes\Trojans-009.sbi (*)
    2016-02-10 Includes\Trojans-C.sbi (*)
    2014-01-15 Includes\Trojans-OG-000.sbi (*)
    2014-01-15 Includes\Trojans-TD-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-000.sbi (*)
    2014-01-15 Includes\Trojans-VM-001.sbi (*)
    2014-01-15 Includes\Trojans-VM-002.sbi (*)
    2014-01-15 Includes\Trojans-VM-003.sbi (*)
    2014-01-15 Includes\Trojans-VM-004.sbi (*)
    2014-01-15 Includes\Trojans-VM-005.sbi (*)
    2014-01-15 Includes\Trojans-VM-006.sbi (*)
    2014-01-15 Includes\Trojans-VM-007.sbi (*)
    2014-01-15 Includes\Trojans-VM-008.sbi (*)
    2014-01-15 Includes\Trojans-VM-009.sbi (*)
    2014-01-15 Includes\Trojans-VM-010.sbi (*)
    2014-01-15 Includes\Trojans-VM-011.sbi (*)
    2014-01-15 Includes\Trojans-VM-012.sbi (*)
    2014-01-15 Includes\Trojans-VM-013.sbi (*)
    2014-01-15 Includes\Trojans-VM-014.sbi (*)
    2014-01-15 Includes\Trojans-VM-015.sbi (*)
    2014-01-15 Includes\Trojans-VM-016.sbi (*)
    2014-01-15 Includes\Trojans-VM-017.sbi (*)
    2014-01-15 Includes\Trojans-VM-018.sbi (*)
    2014-01-15 Includes\Trojans-VM-019.sbi (*)
    2014-01-15 Includes\Trojans-VM-020.sbi (*)
    2014-01-15 Includes\Trojans-VM-021.sbi (*)
    2014-01-15 Includes\Trojans-VM-022.sbi (*)
    2014-01-15 Includes\Trojans-VM-023.sbi (*)
    2014-01-15 Includes\Trojans-VM-024.sbi (*)
    2014-01-15 Includes\Trojans-ZB-000.sbi (*)
    2016-02-03 Includes\Trojans-ZL-000.sbi (*)
    2014-01-09 Includes\Trojans.sbi (*)
    2014-01-16 Includes\TrojansC-01.sbi (*)
    2014-01-16 Includes\TrojansC-02.sbi (*)
    2014-01-16 Includes\TrojansC-03.sbi (*)
    2014-01-16 Includes\TrojansC-04.sbi (*)
    2014-01-16 Includes\TrojansC-05.sbi (*)
    2014-01-09 Includes\TrojansC.sbi (*)
    2014-01-08 Includes\iPhone-000.sbi (*)
    2014-01-08 Includes\iPhone.sbi (*)

    0 10
  • #2 30 Kwi 2016 11:14
    leotdipl
    Poziom 18  

    cześć,

    z góry przyznaję że nie jestem biegły w tej tematyce - ot zwykły użytkownik.
    Tyle że na co dzień za "pan brat" z PC ;)

    Do rzeczy:
    Ze 2 razy mój systemowy Windows Defender (pod Win 8.1) "wyłapał" mi
    trojany ulokowane u mnie -jako użytkownika- (Zbigniew - patrz fotka) w tymczasowym katalogu Internet Explorera,
    choć z IE w zasadzie nie korzystam (raczej zdarzyło się incydentalnie, pojedynczo).

    Spybot scan - wynik scanu i szpiegowanie. Spybot scan - wynik scanu i szpiegowanie.

    U ciebie właśnie to widzę. Generalnie problem jest z aplikacjami MS (Microsoftu).

    0
  • #3 30 Kwi 2016 11:37
    Kolobos
    Spec od komputerów

    Nie, log z tego programu jest bezuzyteczny.

    Zamiesc w zalaczniku logi z FRST (addition.txt oraz frst.txt).

    0
  • #5 30 Kwi 2016 15:24
    Kolobos
    Spec od komputerów

    Starszej wersji FRST juz nie moglas znalezc?

    Odinstaluj:
    McAfee Security Scan Plus
    REACHit
    SpyBot

    Wykonaj Fixlist.txt dla FRST:
    Task: {10EE5E5F-41BF-4E85-A439-1D839FA0E6AA} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-08] (Lenovo)
    Task: {11955D66-1490-4414-A5F0-14431C1BAF73} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION
    Task: {1ECE8253-A1C9-4675-AE57-4359833E364A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d No Task File <==== ATTENTION
    Task: {3A1D151F-E075-4C88-8BFC-1ACCEBE4D059} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION
    Task: {3C72E1F7-D5D3-4D4C-8066-9DE17DE12DAD} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent No Task File <==== ATTENTION
    Task: {4408425E-8848-433D-9A65-3B80986ED21E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
    Task: {4A58BC6C-E69C-416E-84E8-768A76959A14} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime No Task File <==== ATTENTION
    Task: {562F48EB-E9A6-4901-994D-3A76A12885E3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION
    Task: {6D6EBDD0-8A53-4C0E-9E74-6E664B4BF0EC} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d No Task File <==== ATTENTION
    Task: {834C21C6-26C1-457F-B9E1-BC364CB430E0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d No Task File <==== ATTENTION
    Task: {92A5696B-2610-4EE5-8E0D-59EB409F5894} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent No Task File <==== ATTENTION
    Task: {A9D40742-47BD-40D9-B0E4-EB595066C5DF} - System32\Tasks\Lenovo\REACHit Agent Startup => C:\Program Files (x86)\Lenovo\REACHit\REACHitAgent.exe [2016-02-22] (Lenovo)
    Task: {B01DB9B2-F57C-4D3E-B27F-941F66447F45} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d No Task File <==== ATTENTION
    Task: {CAD1D4D7-1395-415B-A3E7-BE6F1B981EBB} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime No Task File <==== ATTENTION
    Task: {ED892E0B-249B-495F-892D-013F3FD0C7D3} - System32\Tasks\Price Fountain => C:\Users\Martynka\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {F4790C29-109B-49E5-A379-669F99BF6DAD} - System32\Tasks\VeiningComplectedV2 => Rundll32.exe InkerImbalmers.dll,main 7 1
    Task: C:\WINDOWS\Tasks\Price Fountain.job => C:\Users\Martynka\AppData\Roaming\PRICEF~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    AlternateDataStreams: C:\Program Files\ATI Technologies:Win32App_1
    AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
    AlternateDataStreams: C:\Program Files\WinRAR:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\AMD APP:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\ATI Technologies:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\Audacity:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\Microsoft Office:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\Microsoft Visual Studio 8:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\Mozilla Thunderbird:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\MSBuild:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\Nero:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\Realtek WLAN Driver:Win32App_1
    AlternateDataStreams: C:\Program Files (x86)\Toshiba TEMPRO:Win32App_1
    AlternateDataStreams: C:\Program Files\Common Files\microsoft shared:Win32App_1
    AlternateDataStreams: C:\ProgramData\Avg:Win32App_1
    AlternateDataStreams: C:\ProgramData\Nero:Win32App_1
    (© 2015 Microsoft Corporation) C:\Users\Martynka\AppData\Local\Microsoft\BingSvc\BingSvc.exe
    (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
    HKU\S-1-5-21-3403441679-3833835648-3655487191-1001\...\Run: [BingSvc] => C:\Users\Martynka\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
    HKU\S-1-5-21-3403441679-3833835648-3655487191-1001\...\MountPoints2: {047ed6bf-0467-11e6-bed0-4c72b9f718da} - "D:\autorun.exe"
    HKU\S-1-5-21-3403441679-3833835648-3655487191-1001\...\MountPoints2: {047ed7f3-0467-11e6-bed0-4c72b9f718da} - "D:\autorun.exe"
    HKU\S-1-5-21-3403441679-3833835648-3655487191-1001\...\MountPoints2: {f3fc0ec4-c724-11e5-be9a-20689dd5e5c8} - "D:\autorun.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2015-11-07]
    ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe (McAfee, Inc.)
    HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.mystartsearch.com/web/?type=ds&...xhts547564a9e384_120829j2330053fp66kax&q={searchTerms}
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.mystartsearch.com/web/?type=ds&...xhts547564a9e384_120829j2330053fp66kax&q={searchTerms}
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    HKU\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yoursites123.com/web/?type=ds&...XHTS547564A9E384_120829J2330053FP66KAX&q={searchTerms}
    HKU\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKU\S-1-5-21-3403441679-3833835648-3655487191-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.yoursites123.com/web/?type=ds&...XHTS547564A9E384_120829J2330053FP66KAX&q={searchTerms}
    SearchScopes: HKLM -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL =
    SearchScopes: HKLM-x32 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://v9.com/web?type=ds&ts=1450688120&a...c5f9454b2972a9a34d1gbz5w0e7q6b9bdg8ofb&q={searchTerms}
    SearchScopes: HKLM-x32 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://v9.com/web?type=ds&ts=1450688120&a...c5f9454b2972a9a34d1gbz5w0e7q6b9bdg8ofb&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3403441679-3833835648-3655487191-1001 -> DefaultScope {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://v9.com/web?type=ds&ts=1450688120&a...c5f9454b2972a9a34d1gbz5w0e7q6b9bdg8ofb&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3403441679-3833835648-3655487191-1001 -> {425ED333-6083-428a-92C9-0CFC28B9D1BF} URL = http://v9.com/web?type=ds&ts=1450688120&a...c5f9454b2972a9a34d1gbz5w0e7q6b9bdg8ofb&q={searchTerms}
    SearchScopes: HKU\S-1-5-21-3403441679-3833835648-3655487191-1001 -> {89383EEC-04D6-4FDB-BA14-DA1A1A3968BA} URL = http://www.bing.com/search?FORM=SL5MDF&PC=SL5M&q={searchTerms}&src=IE-SearchBox
    Hosts: 0.0.0.1 mssplus.mcafee.com
    FF NewTab: hxxp://v9.com?type=hp&ts=1450688120&f...;z=b41ec5f9454b2972a9a34d1gbz5w0e7q6b9bdg8ofb
    FF SelectedSearchEngine: yoursites123
    FF SearchPlugin: C:\Users\Martynka\AppData\Roaming\Mozilla\Firefox\Profiles\s2vkjm05.default\searchplugins\webssearches.xml [2015-12-09]
    FF SearchPlugin: C:\Users\Martynka\AppData\Roaming\Mozilla\Firefox\Profiles\s2vkjm05.default\searchplugins\yoursites123.xml [2015-12-15]
    FF HKLM-x32\...\Firefox\Extensions: [smartffsearch@gmail.com] - C:\Users\Martynka\AppData\Roaming\Mozilla\Firefox\Profiles\s2vkjm05.default\extensions\smartffsearch@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [ffsmartsearchbar@gmail.com] - C:\Users\Martynka\AppData\Roaming\Mozilla\Firefox\Profiles\s2vkjm05.default\extensions\ffsmartsearchbar@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [sidebarff@gmail.com] - C:\Users\Martynka\AppData\Roaming\Mozilla\Firefox\Profiles\s2vkjm05.default\extensions\sidebarff@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [deskCutv2@gmail.com] - C:\Users\Martynka\AppData\Roaming\Mozilla\Firefox\Profiles\s2vkjm05.default\extensions\deskCutv2@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [yahooprotected@gmail.com] - C:\Users\Martynka\AppData\Roaming\Mozilla\Firefox\Profiles\s2vkjm05.default\extensions\yahooprotected@gmail.com
    FF HKLM-x32\...\Firefox\Extensions: [default_newtabff@gmail.com] - C:\Users\Martynka\AppData\Roaming\Mozilla\Firefox\Profiles\s2vkjm05.default\extensions\default_newtabff@gmail.com
    S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [293128 2016-03-11] (McAfee, Inc.)
    R2 MustangService_2015_10_10; C:\ProgramData\TempMoudleSet\MustangSer1843.exe [236816 2015-10-09] (MustangService)
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-02-23] ()
    S3 MessagingService; No ImagePath
    U3 MessagingService_10a00a3; No ImagePath
    U3 MessagingService_126ad30; No ImagePath
    U3 MessagingService_1d2aeca; No ImagePath
    U3 MessagingService_25f4322; No ImagePath
    U3 MessagingService_495b9; No ImagePath
    S3 MessagingService_4b5cd; No ImagePath
    U3 MessagingService_51a5a; No ImagePath
    S2 OneSyncSvc; No ImagePath
    U2 OneSyncSvc_10a00a3; No ImagePath
    U2 OneSyncSvc_126ad30; No ImagePath
    U2 OneSyncSvc_1d2aeca; No ImagePath
    U2 OneSyncSvc_25f4322; No ImagePath
    U2 OneSyncSvc_495b9; No ImagePath
    R2 OneSyncSvc_4b5cd; No ImagePath
    U2 OneSyncSvc_51a5a; No ImagePath
    S3 PimIndexMaintenanceSvc; No ImagePath
    U3 PimIndexMaintenanceSvc_10a00a3; No ImagePath
    U3 PimIndexMaintenanceSvc_126ad30; No ImagePath
    U3 PimIndexMaintenanceSvc_1d2aeca; No ImagePath
    U3 PimIndexMaintenanceSvc_25f4322; No ImagePath
    U3 PimIndexMaintenanceSvc_495b9; No ImagePath
    S3 PimIndexMaintenanceSvc_4b5cd; No ImagePath
    U3 PimIndexMaintenanceSvc_51a5a; No ImagePath
    S3 UnistoreSvc; No ImagePath
    U3 UnistoreSvc_10a00a3; No ImagePath
    U3 UnistoreSvc_126ad30; No ImagePath
    U3 UnistoreSvc_1d2aeca; No ImagePath
    U3 UnistoreSvc_25f4322; No ImagePath
    U3 UnistoreSvc_495b9; No ImagePath
    S3 UnistoreSvc_4b5cd; No ImagePath
    U3 UnistoreSvc_51a5a; No ImagePath
    S3 UserDataSvc; No ImagePath
    U3 UserDataSvc_10a00a3; No ImagePath
    U3 UserDataSvc_126ad30; No ImagePath
    U3 UserDataSvc_1d2aeca; No ImagePath
    U3 UserDataSvc_25f4322; No ImagePath
    U3 UserDataSvc_495b9; No ImagePath
    S3 UserDataSvc_4b5cd; No ImagePath
    U3 UserDataSvc_51a5a; No ImagePath
    2016-04-30 09:00 - 2016-04-30 09:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2016-04-10 09:46 - 2015-11-21 19:09 - 00000000 ____D () C:\Program Files\McAfee Security Scan
    2015-11-26 10:45 - 2015-12-09 09:54 - 0000074 _____ () C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
    EmptyTemp:

    W FRST wybierz Napraw.

    Uzyj AdwCleaner, opcja Scan i Clean/Szukaj i Usun: http://www.bleepingcomputer.com/download/adwcleaner/

    Zamiesc w zalaczniku logi najnowszej wersji FRST (Frst.txt oraz Addition.txt):
    http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

    W logach nie widac keyloggerow itp. tylko infekcje, ktore sama zainstalowalas.

    0
  • #6 30 Kwi 2016 15:26
    Mtk87
    Poziom 4  

    Dziękuję za odpowiedź i pomoc.
    Ale bardzo zależy mi na odpowiedzi czy mozna wykryc szpiega na moim komputerze... ?

    0
  • #7 30 Kwi 2016 15:28
    Kolobos
    Spec od komputerów

    Tak jak napisalem wczesniej, nic takiego nie widac w logach.

    Mozesz jeszcze zamiesic log z TDSSKiller jak chcesz.

    0
  • #8 30 Kwi 2016 15:30
    Mtk87
    Poziom 4  

    moze nie widac ale jesli ktos udostepnia wiadomosci z mojej poczty to w jaki sposob to sie dzieje w sytuacji gdy zrobilam format i zalozylam nowego maila?

    0
  • #9 30 Kwi 2016 15:32
    Kolobos
    Spec od komputerów

    Masz slabe haslo, latwe pytanie umozliwijace odzyskanie hasla itp. Nie ma sensu zgadywac.

    0
  • #10 30 Kwi 2016 15:35
    Mtk87
    Poziom 4  

    liczylam na pomoc ludzi majacych wieksza wiedze od mojej a nie na ocene...
    nie rozumiesz mojego problemu ale dziekuje za chec pomocy
    pozdrawiam

    0
  • #11 30 Kwi 2016 15:37
    Kolobos
    Spec od komputerów

    Nie zajmuje sie wrozeniem, a chyba wlasnie tego oczekujesz. W logach nie widac programow szpiegujacych, tym bardziej, ze byl robiony format.
    Albo ktos ma dostep do konta albo osoba do ktorej wysylasz maile udostepnila je dalej lub to ona ma program szpiegujacy.

    0