Witam jakiś czas temu zainstalowałem wtyczkę HOLA dla przeglądarki Chrome. Użyłem jej tylko raz i odinstalowałem zaraz po tym jak dowiedziałem się, że HOLA może być wykorzystywana do działań hackerskich. Niestety od tamtej pory dość często podczas wyszukiwania w google przekierowywuje mnie na stronę ipv4.google abym wpisał kod Captcha. Jest to strasznie irytujące, gdyż dość często korzystam z wyszukiwarki. Proszę o pomoc jak poradzić sobie z tym problemem.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Marcin (administrator) on SAMSUNG on 03-07-2015 15:54:14
Running from C:\Users\Marcin\Downloads
Loaded Profiles: Marcin & postgres (Available Profiles: Marcin & postgres)
Platform: Windows 8.1 (X64) OS Language: Polski (Polska)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-f...utorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.0\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.0\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.0\bin\postgres.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Plus Internet\Plus Internet.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(random) C:\Program Files (x86)\PacificPoker\bin\poker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Atheros Communications)
HKLM\...\Run: [Windows Mobile-based device management] => %windir%\WindowsMobile\wmdcBase.exe
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-24] (Avast Software s.r.o.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Plus Internet] => C:\Program Files (x86)\Plus Internet\PlusInternetChecker.exe [645040 2012-09-28] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1577275202-546194520-1271563289-1001\...\Run: [DAEMON Tools Lite] => "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-1577275202-546194520-1271563289-1001\...\Run: [Facebook Update] => C:\Users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-10] (Facebook Inc.)
HKU\S-1-5-21-1577275202-546194520-1271563289-1001\...\Run: [Steam] => "E:\Steam\steam.exe" -silent
HKU\S-1-5-21-1577275202-546194520-1271563289-1001\...\Run: [CPN Notifier] => C:\Program Files (x86)\UvsPoker\PokerNotifier.exe
HKU\S-1-5-21-1577275202-546194520-1271563289-1001\...\MountPoints2: {00a2b69f-dad3-11e3-bf03-50b7c3e164a9} - "G:\AutoRun.exe"
HKU\S-1-5-21-1577275202-546194520-1271563289-1001\...\MountPoints2: {18e6be27-d0cb-11e4-bf54-00a0c6000000} - "G:\AutoRun.exe"
HKU\S-1-5-21-1577275202-546194520-1271563289-1001\...\MountPoints2: {4f6e08cd-c2f4-11e2-be93-50b7c3e164aa} - "G:\AutoRun.exe"
HKU\S-1-5-21-1577275202-546194520-1271563289-1001\...\MountPoints2: {4f6e09c0-c2f4-11e2-be93-50b7c3e164aa} - "I:\AutoRun.exe"
HKU\S-1-5-21-1577275202-546194520-1271563289-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-24] (Avast Software s.r.o.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1577275202-546194520-1271563289-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com/
HKU\S-1-5-21-1577275202-546194520-1271563289-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
URLSearchHook: [S-1-5-21-1577275202-546194520-1271563289-1002] ATTENTION ==> Default URLSearchHook is missing
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1577275202-546194520-1271563289-1001 -> {255F6B65-DB46-4392-A798-6749D0F7F98F} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-10-31] (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-24] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-01] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-24] (Avast Software s.r.o.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-01] (Oracle Corporation)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Tcpip\..\Interfaces\{77B99754-0C1A-44A2-91CE-425112E04856}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{77B99754-0C1A-44A2-91CE-425112E04856}: [DhcpNameServer] 10.5.51.1 192.168.2.1 194.204.159.1
Tcpip\..\Interfaces\{957770F2-4A64-4D33-90F9-51BFC76BA464}: [NameServer] 212.2.96.51 212.2.96.52
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll [2015-02-04] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll [2015-02-04] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-07-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-07-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-1577275202-546194520-1271563289-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Marcin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1577275202-546194520-1271563289-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-09]
Chrome:
=======
CHR Profile: C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-25]
CHR Extension: (Google Docs) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-14]
CHR Extension: (Google Drive) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-14]
CHR Extension: (YouTube) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-14]
CHR Extension: (Google Search) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-14]
CHR Extension: (Google Sheets) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-25]
CHR Extension: (Avast Online Security) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-04]
CHR Extension: (Google Wallet) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-14]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-24]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-24] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-06-24] (Avast Software)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-03-26] (Fork Ltd.) [File not signed]
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [175136 2014-10-02] (EasyAntiCheat Ltd)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 postgresql-x64-9.0; C:\Program Files (x86)\PostgreSQL\9.0\bin\pg_ctl.exe [111104 2012-09-21] (PostgreSQL Global Development Group) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-24] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-24] (Avast Software s.r.o.)
S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-08-04] (The OpenVPN Project)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-24] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-11-21] ()
S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-10-31] (Qualcomm Atheros)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-04-15] (DT Soft Ltd)
S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-11-21] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-06-24] (Avast Software)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-03 15:54 - 2015-07-03 15:54 - 00019228 _____ C:\Users\Marcin\Downloads\FRST.txt
2015-07-03 15:54 - 2015-07-03 15:54 - 00000000 ____D C:\FRST
2015-07-03 15:53 - 2015-07-03 15:53 - 02112512 _____ (Farbar) C:\Users\Marcin\Downloads\FRST64.exe
2015-07-03 15:41 - 2015-07-03 15:49 - 00000000 ____D C:\AdwCleaner
2015-07-03 15:39 - 2015-07-03 15:40 - 02244096 _____ C:\Users\Marcin\Downloads\adwcleaner_4.207.exe
2015-07-02 20:02 - 2015-07-02 20:02 - 00001704 _____ C:\Users\Marcin\Desktop\KQ vs Q2 kurestwo jebane.txt
2015-07-02 17:49 - 2015-07-02 17:49 - 00001526 _____ C:\Users\Marcin\Desktop\AK vs KJo dowod.txt
2015-07-01 17:38 - 2015-07-01 17:38 - 00001667 _____ C:\Users\Marcin\Desktop\jj vs j3o !! dowod.txt
2015-07-01 15:06 - 2015-07-01 15:06 - 00001340 _____ C:\Users\Marcin\Desktop\55 vs 34.txt
2015-07-01 15:05 - 2015-07-01 15:05 - 00562784 _____ (Oracle Corporation) C:\Users\Marcin\Downloads\jre-8u45-windows-i586-iftw.exe
2015-07-01 03:18 - 2015-07-01 03:20 - 67299240 _____ C:\Users\Marcin\Downloads\PT-Install-v4.13.5.exe
2015-06-30 20:56 - 2015-06-30 20:56 - 00034259 _____ C:\Users\Marcin\Downloads\the_crucible_n24_pl_57391.zip
2015-06-30 19:40 - 2015-06-30 19:40 - 00002651 _____ C:\Users\Marcin\Desktop\TT vs AJ nierealny dowod na bota!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.txt
2015-06-30 16:02 - 2015-06-30 16:02 - 00000000 _____ C:\Users\Marcin\Desktop\ak vs aj (2).txt
2015-06-28 19:22 - 2015-06-28 19:23 - 00001288 _____ C:\Users\Marcin\Desktop\a9 vs q6o!!!.txt
2015-06-28 00:42 - 2015-06-28 00:42 - 00001632 _____ C:\Users\Marcin\Desktop\KJ vs QT dowód!!!!!!!!!!!!!.txt
2015-06-27 22:47 - 2015-06-27 22:47 - 00001467 _____ C:\Users\Marcin\Desktop\ak vs aj.txt
2015-06-27 00:06 - 2015-06-27 00:07 - 00001216 _____ C:\Users\Marcin\Desktop\AJ vs TJo snap semi ft.txt
2015-06-25 02:13 - 2015-06-25 02:13 - 00002283 _____ C:\Users\Marcin\Desktop\Google Chrome.lnk
2015-06-25 00:29 - 2015-06-25 00:29 - 00000000 _____ C:\Users\Marcin\Desktop\blablacar ostroleka.txt
2015-06-24 22:09 - 2015-06-24 22:09 - 00000043 _____ C:\Users\Marcin\Desktop\przypowieść o gołębiach.txt
2015-06-24 02:20 - 2015-06-24 02:20 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe
2015-06-24 02:20 - 2015-06-24 02:20 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr
2015-06-24 01:39 - 2015-06-24 01:39 - 00001365 _____ C:\Users\Marcin\Desktop\109 highrollers buble.txt
2015-06-20 16:17 - 2015-06-20 16:17 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2015-06-20 16:17 - 2015-06-20 16:17 - 00000000 ____D C:\ProgramData\Battle.net
2015-06-20 13:24 - 2015-06-20 13:26 - 00002623 _____ C:\Users\Marcin\Desktop\QJ vs K7 kurestwo oszukanstwo jebane ogromny dowod na bota.txt
2015-06-18 14:43 - 2015-06-18 14:43 - 00001302 _____ C:\Users\Marcin\Desktop\qq vs AT ogromny dowod na bta.txt
2015-06-18 05:14 - 2015-06-18 05:15 - 67376720 _____ C:\Users\Marcin\Downloads\PT-Install-v4.13.4.exe
2015-06-17 05:35 - 2015-06-17 05:35 - 00001764 _____ C:\Users\Marcin\Desktop\qq vs aj.txt
2015-06-16 12:05 - 2015-06-16 12:10 - 00000000 ____D C:\Users\Marcin\Documents\Orcs Must Die
2015-06-16 06:37 - 2015-06-16 06:37 - 00000000 ____D C:\Users\Marcin\AppData\Local\2DBoy
2015-06-16 06:37 - 2015-06-16 06:37 - 00000000 ____D C:\ProgramData\2DBoy
2015-06-16 02:53 - 2015-06-16 02:53 - 00001844 _____ C:\Users\Marcin\Desktop\JJ vs a7.txt
2015-06-14 08:17 - 2015-06-14 08:17 - 00000000 _____ C:\Users\Marcin\Desktop\you cant kill yourself before you get publish.txt
2015-06-14 02:48 - 2015-06-14 02:50 - 00002692 _____ C:\Users\Marcin\Desktop\JT vs A9 semi ft!!! dowod na bota.txt
2015-06-13 23:38 - 2015-06-13 23:38 - 00001582 _____ C:\Users\Marcin\Desktop\KK vs A% dowod.txt
2015-06-13 07:26 - 2015-06-13 07:26 - 00039917 _____ C:\Users\Marcin\Downloads\redacted.(2007).eng.1cd.(3248040).zip
2015-06-13 07:14 - 2015-06-13 07:15 - 00001278 _____ C:\Users\Marcin\Desktop\AK vs QJ SNAP FT DOWOD!!!!.txt
2015-06-13 00:32 - 2015-06-13 00:32 - 00001755 _____ C:\Users\Marcin\Desktop\K9 vs Q6 wiedzial w snapie.txt
2015-06-12 23:13 - 2015-06-12 23:13 - 00000000 _____ C:\Users\Marcin\Desktop\pieniadz nie ma wartosci, gdy ludzie sie zorientuja bedzie koniec, ale wiekszosc jest tak glupia.txt
2015-06-11 04:13 - 2015-06-14 17:32 - 00000000 ____D C:\Users\Marcin\Desktop\soundtracks
2015-06-11 02:46 - 2015-06-11 02:46 - 00001193 _____ C:\Users\Marcin\Desktop\FT a2 Vs TT KURWA MAC.txt
2015-06-11 02:20 - 2015-06-11 02:21 - 00001712 _____ C:\Users\Marcin\Desktop\snap ft nierealny smiec.txt
2015-06-10 07:40 - 2015-06-10 07:40 - 00000000 _____ C:\Users\Marcin\Desktop\Batman™ Arkham Origins DLC.txt
2015-06-10 07:39 - 2015-06-10 07:39 - 00000017 _____ C:\Users\Marcin\Desktop\company of heroes key.txt
2015-06-10 07:28 - 2015-06-10 07:35 - 00000366 _____ C:\Users\Marcin\Desktop\meditation soundtrack bundle download!.txt
2015-06-10 00:21 - 2015-06-10 00:21 - 00000000 ____D C:\Users\Marcin\Desktop\gothic 3 ini
2015-06-09 21:38 - 2015-06-09 21:39 - 00001458 _____ C:\Users\Marcin\Desktop\aqs vs 97o Semi ft!.txt
2015-06-09 00:35 - 2015-06-09 00:36 - 00001491 _____ C:\Users\Marcin\Desktop\77 vs Q( snap.txt
2015-06-08 06:37 - 2015-06-08 06:37 - 00001781 _____ C:\Users\Marcin\Desktop\AJ vs 72o!!!! turek za 5RA prawdziwy dowod na bot.txt
2015-06-08 00:10 - 2015-06-08 00:10 - 00002275 _____ C:\Users\Public\Desktop\PokerStrategy.com Equilab.lnk
2015-06-08 00:10 - 2015-06-08 00:10 - 00000000 ____D C:\Users\Marcin\AppData\Local\Equilab
2015-06-08 00:10 - 2015-06-08 00:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com
2015-06-08 00:09 - 2015-06-08 00:09 - 00000000 ____D C:\Program Files (x86)\PokerStrategy.com
2015-06-08 00:04 - 2015-06-08 00:04 - 10592148 _____ (PokerStrategy.com ) C:\Users\Marcin\Downloads\equilab.exe
2015-06-07 06:50 - 2015-06-07 06:50 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-05 03:18 - 2015-06-05 03:18 - 00001490 _____ C:\Users\Marcin\Desktop\KK vs 33 AJ.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-03 15:52 - 2012-11-26 06:06 - 00000000 ____D C:\ProgramData\WinClon
2015-07-03 15:51 - 2014-02-12 02:39 - 01352817 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-03 15:50 - 2014-02-12 02:50 - 00000000 __RDO C:\Users\Marcin\SkyDrive
2015-07-03 15:50 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-03 15:50 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-07-03 15:50 - 2013-04-14 08:47 - 00001068 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-03 15:50 - 2012-11-26 05:57 - 00000868 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-07-03 15:30 - 2015-02-04 19:24 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-03 15:12 - 2013-04-09 16:46 - 00000000 ____D C:\Users\Marcin\AppData\Local\PokerTracker 4
2015-07-03 15:12 - 2013-04-09 16:46 - 00000000 ____D C:\Program Files (x86)\PokerTracker 4
2015-07-03 15:10 - 2013-11-14 09:33 - 01855638 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-03 15:10 - 2013-11-14 09:13 - 00817424 _____ C:\WINDOWS\system32\perfh015.dat
2015-07-03 15:10 - 2013-11-14 09:13 - 00169170 _____ C:\WINDOWS\system32\perfc015.dat
2015-07-03 15:10 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-07-03 15:10 - 2013-04-09 16:43 - 00000000 ____D C:\Users\Marcin\Documents\888poker
2015-07-03 08:18 - 2013-06-10 23:13 - 00000948 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1577275202-546194520-1271563289-1001UA.job
2015-07-03 08:02 - 2013-04-14 08:47 - 00001072 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-02 23:18 - 2013-06-10 23:13 - 00000926 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1577275202-546194520-1271563289-1001Core.job
2015-07-02 20:14 - 2013-04-09 19:31 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\BitTorrent
2015-07-02 16:51 - 2014-02-12 02:33 - 00000000 ____D C:\Users\Marcin
2015-07-01 21:18 - 2013-11-21 02:09 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\Skype
2015-07-01 20:52 - 2013-04-09 16:36 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1577275202-546194520-1271563289-1001
2015-07-01 15:09 - 2015-03-25 03:05 - 00000000 ____D C:\ProgramData\Oracle
2015-07-01 15:09 - 2015-03-25 03:05 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-01 15:08 - 2015-03-25 03:06 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-07-01 14:58 - 2014-02-12 02:33 - 00000000 ____D C:\Users\postgres
2015-07-01 03:21 - 2014-02-02 14:30 - 00001096 _____ C:\Users\Marcin\Desktop\PokerTracker 4.lnk
2015-07-01 03:21 - 2013-06-06 01:27 - 00001096 _____ C:\Users\postgres\Desktop\PokerTracker 4.lnk
2015-06-28 13:19 - 2014-11-20 19:12 - 00000000 ____D C:\Users\Marcin\Documents\My Games
2015-06-28 13:19 - 2013-04-15 09:29 - 00667072 _____ C:\WINDOWS\DirectX.log
2015-06-27 17:44 - 2014-01-19 12:21 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-06-27 02:20 - 2013-06-09 14:32 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys
2015-06-25 02:12 - 2013-11-14 00:22 - 00066348 _____ C:\WINDOWS\PFRO.log
2015-06-24 16:46 - 2013-04-09 17:01 - 00000000 ____D C:\Users\Marcin\AppData\Local\Google
2015-06-24 02:20 - 2014-08-04 16:46 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-06-24 02:20 - 2014-01-19 12:21 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-06-24 02:20 - 2013-06-09 14:32 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-06-24 02:20 - 2013-06-09 14:32 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-06-24 02:20 - 2013-06-09 14:32 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-06-24 02:20 - 2013-06-09 14:32 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-06-24 02:20 - 2013-06-09 14:32 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-06-23 08:48 - 2015-03-31 03:39 - 00000000 ____D C:\Users\Marcin\AppData\Local\Soul Gambler
2015-06-21 11:11 - 2012-11-26 05:57 - 00000870 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-06-20 16:18 - 2013-12-10 20:48 - 00000000 ____D C:\Users\Marcin\AppData\Local\Battle.net
2015-06-17 05:43 - 2013-04-17 23:03 - 00000000 ____D C:\Users\Marcin\AppData\Local\PokerStars.EU
2015-06-16 01:54 - 2014-07-08 20:22 - 00000000 ____D C:\Users\Marcin\Desktop\dokumenta
2015-06-11 01:05 - 2013-04-17 23:03 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU
2015-06-09 07:43 - 2013-04-14 14:22 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\EurekaLog
2015-06-08 11:15 - 2014-12-07 14:41 - 00000000 ____D C:\Users\Marcin\Documents\gothic3
2015-06-08 06:08 - 2015-01-11 17:01 - 00000000 ____D C:\Users\Marcin\Desktop\boty dowody
2015-06-08 00:04 - 2013-12-12 01:41 - 00000000 ____D C:\Users\Marcin\AppData\Local\Downloaded Installations
2015-06-07 06:50 - 2014-04-27 22:51 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-06-07 06:50 - 2014-04-27 22:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-07 05:24 - 2013-06-09 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
==================== Files in the root of some directories =======
2014-07-10 03:41 - 2014-09-19 01:42 - 0051984 _____ () C:\Users\Marcin\AppData\Roaming\crashdump.dmp
2013-12-12 12:28 - 2013-12-12 12:28 - 0000094 _____ () C:\Users\Marcin\AppData\Local\fusioncache.dat
2014-04-01 21:52 - 2014-04-01 21:52 - 0000000 ___SH () C:\Users\Marcin\AppData\Local\LumaEmu
2013-04-12 03:37 - 2013-04-12 03:37 - 0000017 _____ () C:\Users\Marcin\AppData\Local\resmon.resmoncfg
2013-04-09 16:46 - 2013-04-09 16:46 - 0005100 _____ () C:\ProgramData\flwjycbm.bab
2015-05-20 20:34 - 2015-05-20 20:34 - 0005071 _____ () C:\ProgramData\kmytnfun.aqy
2012-11-26 06:14 - 2012-08-08 06:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2012-11-26 06:14 - 2012-08-07 12:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml
2015-05-20 20:34 - 2015-05-20 20:34 - 0000016 _____ () C:\ProgramData\mntemp
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
Some files in TEMP:
====================
C:\Users\Marcin\AppData\Local\Temp\drm_dyndata_7400009.dll
C:\Users\Marcin\AppData\Local\Temp\jre-8u45-windows-au.exe
C:\Users\Marcin\AppData\Local\Temp\Quarantine.exe
C:\Users\Marcin\AppData\Local\Temp\setup.exe
C:\Users\Marcin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Marcin\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-02 17:12
==================== End of log ============================