Po otwarciu przeglądarki wyskakują reklamy, okna. Komputer bardzo wolno chodzi. Windows 7. Prośba o pomoc w usunięciu Real Solution. Załączam logi.
W panelu sterowania odinstaluj SpyHunter’
Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.
Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :
CloseProcesses:
Startup: C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=prs&from=prs&uid=HitachiXHTS543216L9A300_090420FB6232VCF0YJHAX&ts=1364137695
CHR Extension: (Solution Real) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gajmlbhaikobfinipefjoonopbfdkpcl [2015-01-28]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-02-19] (Enigma Software Group USA, LLC.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-02-19] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-02-19] ()
2015-02-19 19:06 - 2015-02-19 19:42 - 00000000 ____ D () C:\AdwCleaner
2015-02-19 14:22 - 2015-02-19 14:22 - 00000000 ____ D () C:\Users\Tomasz Tworek\AppData\Roaming\Enigma Software Group
2015-02-19 14:21 - 2015-02-19 14:21 - 00000000 ____ D () C:\sh4ldr
2015-02-19 14:17 - 2015-02-19 14:17 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-19 14:17 - 2015-02-19 14:17 - 00000000 ____ D () C:\Program Files\Enigma Software Group
2014-07-02 15:28 - 2014-07-02 15:28 - 0000000 _____ () C:\Users\Tomasz Tworek\AppData\Local\{B825CD92-B76B-4A8D-B5E4-05BAE022BEF3}
Task: {8CE4EE7A-38D5-486C-A588-DEB5B6E241BD} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-02-19] (Enigma Software Group USA, LLC.)
Task: {9DCD737E-ECCC-4E0F-A401-FFE81712CE80} - System32\Tasks\{23DAB2A7-A88F-486F-BB6B-8B661336E7A1} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=7.0.0.102&LastError=12002
ShortcutWithArgument: C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo\CoolNovo.lnk -> C:\Users\Tomasz Tworek\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe (Maple Studio) -> hxxp://www.22find.com/?utm_source=b&utm_medium=prs&from=prs&uid=HitachiXHTS543216L9A300_090420FB6232VCF0YJHAX&ts=1364137695
ShortcutWithArgument: C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CoolNovo.lnk -> C:\Users\Tomasz Tworek\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe (Maple Studio) -> hxxp://www.22find.com/?utm_source=b&utm_medium=prs&from=prs&uid=HitachiXHTS543216L9A300_090420FB6232VCF0YJHAX&ts=1364137695
EmptyTemp:
Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.
Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.
Zrobiłem co poradziłeś. Oto nowe raporty:Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-02-2015 01
Ran by Tomasz Tworek at 2015-02-20 11:54:05 Run:1
Running from D:\dokumenty\pobrane
Loaded Profiles: Tomasz Tworek (Available profiles: Tomasz Tworek)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CloseProcesses:
Startup: C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=prs&from=prs&uid=HitachiXHTS543216L9A300_090420FB6232VCF0YJHAX&ts=1364137695
CHR Extension: (Solution Real) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gajmlbhaikobfinipefjoonopbfdkpcl [2015-01-28]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-02-19] (Enigma Software Group USA, LLC.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-02-19] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-02-19] ()
2015-02-19 19:06 - 2015-02-19 19:42 - 00000000 ____D () C:\AdwCleaner
2015-02-19 14:22 - 2015-02-19 14:22 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Roaming\Enigma Software Group
2015-02-19 14:21 - 2015-02-19 14:21 - 00000000 ____D () C:\sh4ldr
2015-02-19 14:17 - 2015-02-19 14:17 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-19 14:17 - 2015-02-19 14:17 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-07-02 15:28 - 2014-07-02 15:28 - 0000000 _____ () C:\Users\Tomasz Tworek\AppData\Local{B825CD92-B76B-4A8D-B5E4-05BAE022BEF3}
Task: {8CE4EE7A-38D5-486C-A588-DEB5B6E241BD} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-02-19] (Enigma Software Group USA, LLC.)
Task: {9DCD737E-ECCC-4E0F-A401-FFE81712CE80} - System32\Tasks{23DAB2A7-A88F-486F-BB6B-8B661336E7A1} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=7.0.0.102&LastError=12002
ShortcutWithArgument: C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo\CoolNovo.lnk -> C:\Users\Tomasz Tworek\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe (Maple Studio) -> hxxp://www.22find.com/?utm_source=b&utm_medium=prs&from=prs&uid=HitachiXHTS543216L9A300_090420FB6232VCF0YJHAX&ts=1364137695
ShortcutWithArgument: C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CoolNovo.lnk -> C:\Users\Tomasz Tworek\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe (Maple Studio) -> hxxp://www.22find.com/?utm_source=b&utm_medium=prs&from=prs&uid=HitachiXHTS543216L9A300_090420FB6232VCF0YJHAX&ts=1364137695
EmptyTemp:
*****************
Processes closed successfully.
C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
“HKLM\SOFTWARE\Policies\Google” => Key deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value deleted successfully.
HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\Default => Value was restored successfully.
C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gajmlbhaikobfinipefjoonopbfdkpcl => Moved successfully.
SpyHunter 4 Service => Service not found.
esgiguard => Service not found.
EsgScanner => Service not found.
C:\AdwCleaner => Moved successfully.
“C:\Users\Tomasz Tworek\AppData\Roaming\Enigma Software Group” => File/Directory not found.
“C:\sh4ldr” => File/Directory not found.
“C:\Windows\system32\Drivers\EsgScanner.sys” => File/Directory not found.
“C:\Program Files\Enigma Software Group” => File/Directory not found.
C:\Users\Tomasz Tworek\AppData\Local{B825CD92-B76B-4A8D-B5E4-05BAE022BEF3} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8CE4EE7A-38D5-486C-A588-DEB5B6E241BD} => Key not found.
C:\Windows\System32\Tasks\SpyHunter4Startup not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => Key not found.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{9DCD737E-ECCC-4E0F-A401-FFE81712CE80}” => Key deleted successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9DCD737E-ECCC-4E0F-A401-FFE81712CE80}” => Key deleted successfully.
C:\Windows\System32\Tasks{23DAB2A7-A88F-486F-BB6B-8B661336E7A1} => Moved successfully.
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{23DAB2A7-A88F-486F-BB6B-8B661336E7A1}” => Key deleted successfully.
C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo\CoolNovo.lnk => Shortcut argument was removed successfully.
C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CoolNovo.lnk => Shortcut argument was removed successfully.
EmptyTemp: => Removed 1.1 GB temporary data.
The system needed a reboot.
==== End of Fixlog 11:55:30 ====
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2015 01
Ran by Tomasz Tworek (administrator) on LENOVO on 20-02-2015 12:07:54
Running from D:\dokumenty\pobrane
Loaded Profiles: Tomasz Tworek (Available profiles: Tomasz Tworek)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(ArcSoft, Inc.) C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Dropbox, Inc.) C:\Users\Tomasz Tworek\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Avanquest Software) C:\Program Files\Sony\Sony PC Companion\PCCService.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM…\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)
HKLM…\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM…\Run: [ArcSoft MediaImpression Monitor] => C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe [73728 2010-11-12] (ArcSoft, Inc.)
HKU\S-1-5-21-3875123565-1134424832-2652954131-1001…\Run: [sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-3875123565-1134424832-2652954131-1001…\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-3875123565-1134424832-2652954131-1001…\MountPoints2: {4b76ba4b-f151-11e2-8fa6-00242cfca12c} - F:\Startme.exe
HKU\S-1-5-21-3875123565-1134424832-2652954131-1001…\MountPoints2: {c7d0d466-9046-11e4-bf2f-00242cfca12c} - F:\MI.exe
HKU\S-1-5-18…\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-29] (Microsoft Corporation)
Startup: C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Tomasz Tworek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomasz Tworek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomasz Tworek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomasz Tworek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKU\S-1-5-21-3875123565-1134424832-2652954131-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3875123565-1134424832-2652954131-1001: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
FF HKLM…\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-24]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "https://www.google.pl/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (SumatraPDF Browser Plugin) - C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)
CHR Profile: C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-03]
CHR Extension: (Google Drive) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-03]
CHR Extension: (YouTube) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-03]
CHR Extension: (Google Search) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-03]
CHR Extension: (Avast Online Security) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-10]
CHR Extension: (Google Wallet) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-03]
CHR HKLM…\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-14]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-14] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-14] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-02-10] (Flexera Software, Inc.)
R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)
R3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-14] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-12-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-14] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [271288 2014-12-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-14] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-14] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-14] ()
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-19 20:04 - 2015-02-20 12:07 - 00000000 ____D () C:\FRST
2015-02-19 13:56 - 2015-02-19 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-19 13:42 - 2015-02-19 13:42 - 00000000 __SHD () C:\Users\Tomasz Tworek\AppData\Local\EmieUserList
2015-02-19 13:42 - 2015-02-19 13:42 - 00000000 __SHD () C:\Users\Tomasz Tworek\AppData\Local\EmieSiteList
2015-02-19 13:42 - 2015-02-19 13:42 - 00000000 __SHD () C:\Users\Tomasz Tworek\AppData\Local\EmieBrowserModeList
2015-02-13 10:06 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-13 10:06 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-11 07:35 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 07:35 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 07:35 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 07:35 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 07:35 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 07:35 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 07:35 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 07:35 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 07:35 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 07:35 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 07:35 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 07:35 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 07:35 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 07:35 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 07:35 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 07:35 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 07:35 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 07:35 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 07:35 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 07:35 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 07:35 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 07:35 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 07:35 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 07:35 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 07:35 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 07:35 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 07:34 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 07:34 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 07:34 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 07:33 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 07:33 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 07:33 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 07:33 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 07:33 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 07:33 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 07:33 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 07:33 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 07:33 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 07:33 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 07:33 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 07:33 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 07:32 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-11 07:32 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 07:29 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 07:28 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 07:28 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 07:28 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 07:28 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 07:28 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 07:28 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 07:28 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 07:27 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 07:27 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 07:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 07:27 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 07:27 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-03 17:33 - 2015-02-18 08:55 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Local\CrashDumps
2015-02-01 13:00 - 2015-02-01 13:05 - 00000000 ____D () C:\ProgramData\Protexis
2015-02-01 13:00 - 2015-02-01 13:00 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Roaming\Corel
2015-02-01 12:59 - 2015-02-01 12:59 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Roaming\Ulead Systems
2015-02-01 12:59 - 2015-02-01 12:59 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Local\Corel PaintShop Pro
2015-02-01 12:57 - 2015-02-01 12:57 - 00000000 ____D () C:\Program Files\Common Files\Protexis
2015-02-01 12:55 - 2015-02-01 13:00 - 00000000 ____D () C:\ProgramData\Corel
2015-02-01 12:52 - 2015-02-01 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X7
2015-01-31 05:35 - 2009-09-23 19:30 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe
2015-01-30 12:15 - 2015-01-30 12:15 - 00001008 _____ () C:\Users\Tomasz Tworek\AppData\Local\recently-used.xbel
2015-01-29 22:55 - 2015-01-29 22:55 - 00000000 ____D () C:\Intel
2015-01-29 09:51 - 2015-02-20 11:57 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2015-01-28 18:41 - 2015-02-01 12:46 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-28 18:23 - 2015-01-28 18:38 - 00000000 ____D () C:\Program Files\Sony Media Go Install
2015-01-28 18:23 - 2015-01-28 18:23 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Roaming\Sony
2015-01-28 14:41 - 2015-01-30 12:15 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Local\gtk-2.0
2015-01-28 14:40 - 2015-01-28 15:00 - 00000000 ____D () C:\Users\Tomasz Tworek.thumbnails
2015-01-28 14:32 - 2015-02-11 10:30 - 00000000 ____D () C:\Users\Tomasz Tworek.gimp-2.8
2015-01-28 14:32 - 2015-01-28 14:32 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Local\gegl-0.2
2015-01-28 14:32 - 2015-01-28 14:32 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Local\fontconfig
2015-01-28 14:31 - 2015-01-28 14:31 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2015-01-28 14:25 - 2015-01-28 14:30 - 00000000 ____D () C:\Program Files\GIMP 2
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-20 12:05 - 2009-07-14 05:34 - 00014560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-20 12:05 - 2009-07-14 05:34 - 00014560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-20 12:04 - 2015-01-02 20:19 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Roaming\Skype
2015-02-20 12:03 - 2013-03-24 10:36 - 01112078 _____ () C:\Windows\WindowsUpdate.log
2015-02-20 11:59 - 2013-07-21 13:40 - 00000000 ___RD () C:\Users\Tomasz Tworek\Dropbox
2015-02-20 11:59 - 2013-07-21 13:30 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Roaming\Dropbox
2015-02-20 11:57 - 2013-06-03 12:50 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-20 11:57 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-20 11:57 - 2009-07-14 05:39 - 00046427 _____ () C:\Windows\setupact.log
2015-02-20 11:54 - 2013-03-24 15:32 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo
2015-02-20 11:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2015-02-20 11:53 - 2013-03-24 10:43 - 00000000 ____D () C:\Users\Tomasz Tworek
2015-02-20 11:31 - 2013-06-03 12:50 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-20 10:27 - 2013-04-29 18:24 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-19 19:28 - 2013-03-24 11:34 - 00272910 _____ () C:\Windows\PFRO.log
2015-02-19 13:55 - 2013-03-24 11:09 - 00000000 ____D () C:\Program Files\Google
2015-02-17 21:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-14 09:50 - 2013-07-21 13:38 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-14 08:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-13 09:37 - 2009-07-14 05:33 - 00287856 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 07:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pl-PL
2015-02-12 06:46 - 2013-07-26 02:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 06:18 - 2013-06-27 06:35 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-05 14:27 - 2013-03-24 11:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-05 14:27 - 2013-03-24 11:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-30 15:07 - 2009-07-14 03:04 - 00000505 _____ () C:\Windows\win.ini
2015-01-30 11:45 - 2013-03-24 10:48 - 01669190 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-30 11:45 - 2009-07-14 09:07 - 00740348 _____ () C:\Windows\system32\perfh015.dat
2015-01-30 11:45 - 2009-07-14 09:07 - 00155890 _____ () C:\Windows\system32\perfc015.dat
2015-01-30 11:20 - 2013-03-24 10:43 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Local\VirtualStore
2015-01-22 08:45 - 2013-07-21 13:29 - 00359108 _____ () C:\Windows\DPINST.LOG
2015-01-22 08:45 - 2013-07-21 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-01-22 08:42 - 2013-07-21 13:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
==================== Files in the root of some directories =======
2015-01-30 12:15 - 2015-01-30 12:15 - 0001008 _____ () C:\Users\Tomasz Tworek\AppData\Local\recently-used.xbel
Some content of TEMP:
====================
C:\Users\Tomasz Tworek\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9vf7oc.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-14 08:16
==================== End Of Log ============================
Przestań cytować moje odpowiedzi.
Kto Ci pozwolił wkleić logi bezpośrednio do posta?
Przeczytaj instrukcję: