Problem z Real Solution

Dla specjalistów Bezpieczeństwo
#1

Po otwarciu przeglądarki wyskakują reklamy, okna. Komputer bardzo wolno chodzi. Windows 7. Prośba o pomoc w usunięciu Real Solution. Załączam logi. 

#2

W panelu sterowania odinstaluj SpyHunter’

Pobierz i uruchom AdwCleaner Kliknij Scan i później Cleaning.

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

CloseProcesses:
Startup: C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=prs&from=prs&uid=HitachiXHTS543216L9A300_090420FB6232VCF0YJHAX&ts=1364137695
CHR Extension: (Solution Real) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gajmlbhaikobfinipefjoonopbfdkpcl [2015-01-28]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-02-19] (Enigma Software Group USA, LLC.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-02-19] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-02-19] ()
2015-02-19 19:06 - 2015-02-19 19:42 - 00000000 ____ D () C:\AdwCleaner
2015-02-19 14:22 - 2015-02-19 14:22 - 00000000 ____ D () C:\Users\Tomasz Tworek\AppData\Roaming\Enigma Software Group
2015-02-19 14:21 - 2015-02-19 14:21 - 00000000 ____ D () C:\sh4ldr
2015-02-19 14:17 - 2015-02-19 14:17 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2015-02-19 14:17 - 2015-02-19 14:17 - 00000000 ____ D () C:\Program Files\Enigma Software Group
2014-07-02 15:28 - 2014-07-02 15:28 - 0000000 _____ () C:\Users\Tomasz Tworek\AppData\Local\{B825CD92-B76B-4A8D-B5E4-05BAE022BEF3}
Task: {8CE4EE7A-38D5-486C-A588-DEB5B6E241BD} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-02-19] (Enigma Software Group USA, LLC.)
Task: {9DCD737E-ECCC-4E0F-A401-FFE81712CE80} - System32\Tasks\{23DAB2A7-A88F-486F-BB6B-8B661336E7A1} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.0.0.102&amp;LastError=12002
ShortcutWithArgument: C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo\CoolNovo.lnk -> C:\Users\Tomasz Tworek\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe (Maple Studio) -> hxxp://www.22find.com/?utm_source=b&utm_medium=prs&from=prs&uid=HitachiXHTS543216L9A300_090420FB6232VCF0YJHAX&ts=1364137695
ShortcutWithArgument: C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CoolNovo.lnk -> C:\Users\Tomasz Tworek\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe (Maple Studio) -> hxxp://www.22find.com/?utm_source=b&utm_medium=prs&from=prs&uid=HitachiXHTS543216L9A300_090420FB6232VCF0YJHAX&ts=1364137695
EmptyTemp:

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition i Shortcut.

#3

Zrobiłem co poradziłeś. Oto nowe raporty:Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-02-2015 01

Ran by Tomasz Tworek at 2015-02-20 11:54:05 Run:1

Running from D:\dokumenty\pobrane

Loaded Profiles: Tomasz Tworek (Available profiles: Tomasz Tworek)

Boot Mode: Normal

 

==============================================

 

Content of fixlist:

*****************

CloseProcesses:

Startup: C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.22find.com/?utm_source=b&utm_medium=prs&from=prs&uid=HitachiXHTS543216L9A300_090420FB6232VCF0YJHAX&ts=1364137695

CHR Extension: (Solution Real) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gajmlbhaikobfinipefjoonopbfdkpcl [2015-01-28]

R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770944 2015-02-19] (Enigma Software Group USA, LLC.)

S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [16432 2015-02-19] (Enigma Software Group USA, LLC.)

S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [19984 2015-02-19] ()

2015-02-19 19:06 - 2015-02-19 19:42 - 00000000 ____D () C:\AdwCleaner

2015-02-19 14:22 - 2015-02-19 14:22 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Roaming\Enigma Software Group

2015-02-19 14:21 - 2015-02-19 14:21 - 00000000 ____D () C:\sh4ldr

2015-02-19 14:17 - 2015-02-19 14:17 - 00019984 _____ () C:\Windows\system32\Drivers\EsgScanner.sys

2015-02-19 14:17 - 2015-02-19 14:17 - 00000000 ____D () C:\Program Files\Enigma Software Group

2014-07-02 15:28 - 2014-07-02 15:28 - 0000000 _____ () C:\Users\Tomasz Tworek\AppData\Local{B825CD92-B76B-4A8D-B5E4-05BAE022BEF3}

Task: {8CE4EE7A-38D5-486C-A588-DEB5B6E241BD} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2015-02-19] (Enigma Software Group USA, LLC.)

Task: {9DCD737E-ECCC-4E0F-A401-FFE81712CE80} - System32\Tasks{23DAB2A7-A88F-486F-BB6B-8B661336E7A1} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=7.0.0.102&LastError=12002

ShortcutWithArgument: C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo\CoolNovo.lnk -> C:\Users\Tomasz Tworek\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe (Maple Studio) -> hxxp://www.22find.com/?utm_source=b&utm_medium=prs&from=prs&uid=HitachiXHTS543216L9A300_090420FB6232VCF0YJHAX&ts=1364137695

ShortcutWithArgument: C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CoolNovo.lnk -> C:\Users\Tomasz Tworek\AppData\Local\MapleStudio\ChromePlus\Application\chrome.exe (Maple Studio) -> hxxp://www.22find.com/?utm_source=b&utm_medium=prs&from=prs&uid=HitachiXHTS543216L9A300_090420FB6232VCF0YJHAX&ts=1364137695

EmptyTemp:

*****************

 

Processes closed successfully.

C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Torpedo.lnk => Moved successfully.

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.

C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.

“HKLM\SOFTWARE\Policies\Google” => Key deleted successfully.

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value deleted successfully.

HKU.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value deleted successfully.

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value deleted successfully.

HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\Default => Value was restored successfully.

C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gajmlbhaikobfinipefjoonopbfdkpcl => Moved successfully.

SpyHunter 4 Service => Service not found.

esgiguard => Service not found.

EsgScanner => Service not found.

C:\AdwCleaner => Moved successfully.

“C:\Users\Tomasz Tworek\AppData\Roaming\Enigma Software Group” => File/Directory not found.

“C:\sh4ldr” => File/Directory not found.

“C:\Windows\system32\Drivers\EsgScanner.sys” => File/Directory not found.

“C:\Program Files\Enigma Software Group” => File/Directory not found.

C:\Users\Tomasz Tworek\AppData\Local{B825CD92-B76B-4A8D-B5E4-05BAE022BEF3} => Moved successfully.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8CE4EE7A-38D5-486C-A588-DEB5B6E241BD} => Key not found. 

C:\Windows\System32\Tasks\SpyHunter4Startup not found.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup => Key not found. 

“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{9DCD737E-ECCC-4E0F-A401-FFE81712CE80}” => Key deleted successfully.

“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9DCD737E-ECCC-4E0F-A401-FFE81712CE80}” => Key deleted successfully.

C:\Windows\System32\Tasks{23DAB2A7-A88F-486F-BB6B-8B661336E7A1} => Moved successfully.

“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{23DAB2A7-A88F-486F-BB6B-8B661336E7A1}” => Key deleted successfully.

C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo\CoolNovo.lnk => Shortcut argument was removed successfully.

C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CoolNovo.lnk => Shortcut argument was removed successfully.

EmptyTemp: => Removed 1.1 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog 11:55:30 ====

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2015 01

Ran by Tomasz Tworek (administrator) on LENOVO on 20-02-2015 12:07:54

Running from D:\dokumenty\pobrane

Loaded Profiles: Tomasz Tworek (Available profiles: Tomasz Tworek)

Platform: Microsoft Windows 7 Home Premium  Service Pack 1 (X86) OS Language: Polski (Polska)

Internet Explorer Version 11 (Default browser not detected!)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

(arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

(ArcSoft, Inc.) C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Sony) C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Dropbox, Inc.) C:\Users\Tomasz Tworek\AppData\Roaming\Dropbox\bin\Dropbox.exe

() C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe

(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe

(Avanquest Software) C:\Program Files\Sony\Sony PC Companion\PCCService.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM…\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software)

HKLM…\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)

HKLM…\Run: [ArcSoft MediaImpression Monitor] => C:\Program Files\Kodak\MediaImpression\ArcMonitor.exe [73728 2010-11-12] (ArcSoft, Inc.)

HKU\S-1-5-21-3875123565-1134424832-2652954131-1001…\Run: [sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)

HKU\S-1-5-21-3875123565-1134424832-2652954131-1001…\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)

HKU\S-1-5-21-3875123565-1134424832-2652954131-1001…\MountPoints2: {4b76ba4b-f151-11e2-8fa6-00242cfca12c} - F:\Startme.exe

HKU\S-1-5-21-3875123565-1134424832-2652954131-1001…\MountPoints2: {c7d0d466-9046-11e4-bf2f-00242cfca12c} - F:\MI.exe

HKU\S-1-5-18…\RunOnce: [sPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-29] (Microsoft Corporation)

Startup: C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Tomasz Tworek\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)

ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomasz Tworek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomasz Tworek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Tomasz Tworek\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com

HKU\S-1-5-21-3875123565-1134424832-2652954131-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

FireFox:

========

FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)

FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKU\S-1-5-21-3875123565-1134424832-2652954131-1001: @mozilla.zeniko.ch/SumatraPDF_Browser_Plugin -> C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)

FF HKLM…\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-03-24]

 

Chrome: 

=======

CHR HomePage: Default -> hxxp://www.google.com/

CHR StartupUrls: Default -> "https://www.google.pl/"

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.115\pdf.dll ()

CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (SumatraPDF Browser Plugin) - C:\Program Files\SumatraPDF\npPdfViewer.dll (Simon Bünzli)

CHR Profile: C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-03]

CHR Extension: (Google Drive) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-03]

CHR Extension: (YouTube) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-03]

CHR Extension: (Google Search) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-03]

CHR Extension: (Avast Online Security) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-10]

CHR Extension: (Google Wallet) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]

CHR Extension: (Gmail) - C:\Users\Tomasz Tworek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-03]

CHR HKLM…\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-14]

 

========================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-14] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-12-14] (AVAST Software)

S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-02-10] (Flexera Software, Inc.)

R2 PSI_SVC_2; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [277360 2014-04-30] (arvato digital services llc)

R3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)

R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)

S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-12-14] ()

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [26136 2014-12-14] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-12-14] (AVAST Software)

R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [271288 2014-12-14] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-12-14] (AVAST Software)

R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-12-14] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-12-14] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-12-14] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-12-14] (AVAST Software)

R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-12-14] ()

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-19 20:04 - 2015-02-20 12:07 - 00000000 ____D () C:\FRST

2015-02-19 13:56 - 2015-02-19 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2015-02-19 13:42 - 2015-02-19 13:42 - 00000000 __SHD () C:\Users\Tomasz Tworek\AppData\Local\EmieUserList

2015-02-19 13:42 - 2015-02-19 13:42 - 00000000 __SHD () C:\Users\Tomasz Tworek\AppData\Local\EmieSiteList

2015-02-19 13:42 - 2015-02-19 13:42 - 00000000 __SHD () C:\Users\Tomasz Tworek\AppData\Local\EmieBrowserModeList

2015-02-13 10:06 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2015-02-13 10:06 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-02-11 07:35 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2015-02-11 07:35 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2015-02-11 07:35 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2015-02-11 07:35 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2015-02-11 07:35 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2015-02-11 07:35 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2015-02-11 07:35 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-02-11 07:35 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2015-02-11 07:35 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2015-02-11 07:35 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2015-02-11 07:35 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2015-02-11 07:35 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2015-02-11 07:35 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2015-02-11 07:35 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2015-02-11 07:35 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2015-02-11 07:35 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2015-02-11 07:35 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-02-11 07:35 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2015-02-11 07:35 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2015-02-11 07:35 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-02-11 07:35 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-02-11 07:35 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2015-02-11 07:35 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-02-11 07:35 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-02-11 07:35 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-02-11 07:35 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-02-11 07:34 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-02-11 07:34 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-02-11 07:34 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2015-02-11 07:33 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2015-02-11 07:33 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2015-02-11 07:33 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2015-02-11 07:33 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2015-02-11 07:33 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2015-02-11 07:33 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2015-02-11 07:33 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2015-02-11 07:33 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2015-02-11 07:33 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2015-02-11 07:33 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2015-02-11 07:33 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2015-02-11 07:33 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2015-02-11 07:32 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2015-02-11 07:32 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-02-11 07:29 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2015-02-11 07:28 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2015-02-11 07:28 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2015-02-11 07:28 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2015-02-11 07:28 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2015-02-11 07:28 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2015-02-11 07:28 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2015-02-11 07:28 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2015-02-11 07:27 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll

2015-02-11 07:27 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2015-02-11 07:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll

2015-02-11 07:27 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll

2015-02-11 07:27 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll

2015-02-03 17:33 - 2015-02-18 08:55 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Local\CrashDumps

2015-02-01 13:00 - 2015-02-01 13:05 - 00000000 ____D () C:\ProgramData\Protexis

2015-02-01 13:00 - 2015-02-01 13:00 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Roaming\Corel

2015-02-01 12:59 - 2015-02-01 12:59 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Roaming\Ulead Systems

2015-02-01 12:59 - 2015-02-01 12:59 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Local\Corel PaintShop Pro

2015-02-01 12:57 - 2015-02-01 12:57 - 00000000 ____D () C:\Program Files\Common Files\Protexis

2015-02-01 12:55 - 2015-02-01 13:00 - 00000000 ____D () C:\ProgramData\Corel

2015-02-01 12:52 - 2015-02-01 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel PaintShop Pro X7

2015-01-31 05:35 - 2009-09-23 19:30 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe

2015-01-30 12:15 - 2015-01-30 12:15 - 00001008 _____ () C:\Users\Tomasz Tworek\AppData\Local\recently-used.xbel

2015-01-29 22:55 - 2015-01-29 22:55 - 00000000 ____D () C:\Intel

2015-01-29 09:51 - 2015-02-20 11:57 - 00000008 __RSH () C:\ProgramData\ntuser.pol

2015-01-28 18:41 - 2015-02-01 12:46 - 00000000 ____D () C:\ProgramData\Package Cache

2015-01-28 18:23 - 2015-01-28 18:38 - 00000000 ____D () C:\Program Files\Sony Media Go Install

2015-01-28 18:23 - 2015-01-28 18:23 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Roaming\Sony

2015-01-28 14:41 - 2015-01-30 12:15 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Local\gtk-2.0

2015-01-28 14:40 - 2015-01-28 15:00 - 00000000 ____D () C:\Users\Tomasz Tworek.thumbnails

2015-01-28 14:32 - 2015-02-11 10:30 - 00000000 ____D () C:\Users\Tomasz Tworek.gimp-2.8

2015-01-28 14:32 - 2015-01-28 14:32 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Local\gegl-0.2

2015-01-28 14:32 - 2015-01-28 14:32 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Local\fontconfig

2015-01-28 14:31 - 2015-01-28 14:31 - 00001011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk

2015-01-28 14:25 - 2015-01-28 14:30 - 00000000 ____D () C:\Program Files\GIMP 2

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2015-02-20 12:05 - 2009-07-14 05:34 - 00014560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2015-02-20 12:05 - 2009-07-14 05:34 - 00014560 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2015-02-20 12:04 - 2015-01-02 20:19 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Roaming\Skype

2015-02-20 12:03 - 2013-03-24 10:36 - 01112078 _____ () C:\Windows\WindowsUpdate.log

2015-02-20 11:59 - 2013-07-21 13:40 - 00000000 ___RD () C:\Users\Tomasz Tworek\Dropbox

2015-02-20 11:59 - 2013-07-21 13:30 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Roaming\Dropbox

2015-02-20 11:57 - 2013-06-03 12:50 - 00001032 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-02-20 11:57 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-02-20 11:57 - 2009-07-14 05:39 - 00046427 _____ () C:\Windows\setupact.log

2015-02-20 11:54 - 2013-03-24 15:32 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoolNovo

2015-02-20 11:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\GroupPolicy

2015-02-20 11:53 - 2013-03-24 10:43 - 00000000 ____D () C:\Users\Tomasz Tworek

2015-02-20 11:31 - 2013-06-03 12:50 - 00001036 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-02-20 10:27 - 2013-04-29 18:24 - 00000930 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2015-02-19 19:28 - 2013-03-24 11:34 - 00272910 _____ () C:\Windows\PFRO.log

2015-02-19 13:55 - 2013-03-24 11:09 - 00000000 ____D () C:\Program Files\Google

2015-02-17 21:18 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF

2015-02-14 09:50 - 2013-07-21 13:38 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2015-02-14 08:24 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache

2015-02-13 09:37 - 2009-07-14 05:33 - 00287856 _____ () C:\Windows\system32\FNTCACHE.DAT

2015-02-12 07:04 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\pl-PL

2015-02-12 06:46 - 2013-07-26 02:05 - 00000000 ____D () C:\Windows\system32\MRT

2015-02-12 06:18 - 2013-06-27 06:35 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-02-05 14:27 - 2013-03-24 11:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2015-02-05 14:27 - 2013-03-24 11:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2015-01-30 15:07 - 2009-07-14 03:04 - 00000505 _____ () C:\Windows\win.ini

2015-01-30 11:45 - 2013-03-24 10:48 - 01669190 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-01-30 11:45 - 2009-07-14 09:07 - 00740348 _____ () C:\Windows\system32\perfh015.dat

2015-01-30 11:45 - 2009-07-14 09:07 - 00155890 _____ () C:\Windows\system32\perfc015.dat

2015-01-30 11:20 - 2013-03-24 10:43 - 00000000 ____D () C:\Users\Tomasz Tworek\AppData\Local\VirtualStore

2015-01-22 08:45 - 2013-07-21 13:29 - 00359108 _____ () C:\Windows\DPINST.LOG

2015-01-22 08:45 - 2013-07-21 13:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony

2015-01-22 08:42 - 2013-07-21 13:26 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information

 

==================== Files in the root of some directories =======

 

2015-01-30 12:15 - 2015-01-30 12:15 - 0001008 _____ () C:\Users\Tomasz Tworek\AppData\Local\recently-used.xbel

 

Some content of TEMP:

====================

C:\Users\Tomasz Tworek\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9vf7oc.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2015-02-14 08:16

 

==================== End Of Log ============================

#4

Przestań cytować moje odpowiedzi.

Kto Ci pozwolił wkleić logi bezpośrednio do posta?

Przeczytaj instrukcję:

Nowy log obowiązkowy - Farbar Recovery Scan Tool