Chrome - Wtyczka HOLA VPN i google captcha

Question

Witam jakiś czas temu zainstalowałem wtyczkę HOLA dla przeglądarki Chrome. Użyłem jej tylko raz i odinstalowałem zaraz po tym jak dowiedziałem się, że...

Domino_2 · Accepted Answer

Dołącz jeszcze Addition.txt.

Acorus 20 · Accepted Answer

Otwórz notatnik systemowy i wklej:Plik zapisz pod nazwą fixlist.txt i umieść obok FRST w tym samym folderze. Uruchom jako administrator FRST i kliknij w Fix. Reset Chrome&#058; https://support.google.com/chrome/answer/3296214?hl=pl

Domino_2 · Answer

Załącz logi z FRST:
http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

ale najpierw przeskanuj komputer ADWCleanerem i MBAM:
http://www.bleepingcomputer.com/download/adwcleaner/

http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

marinhos · Answer

Tak znam te programy, ale dla pewności przeskanowałem ponownie i MalwareBytes jak i ADWcleaner nic nie znalazły.Wklejam logi:Spoiler: Show Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01Ran by Marcin (administrator) on SAMSUNG on 03-07-2015 15:54:14Running from C:\Users\Marcin\DownloadsLoaded Profiles: Marcin & postgres (Available Profiles: Marcin & postgres)Platform: Windows 8.1 (X64) OS Language: Polski (Polska)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-f...utorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.0\bin\pg_ctl.exe(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.0\bin\postgres.exe(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.0\bin\postgres.exe(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.0\bin\postgres.exe(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.0\bin\postgres.exe(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.0\bin\postgres.exe(PostgreSQL Global Development Group) C:\Program Files (x86)\PostgreSQL\9.0\bin\postgres.exe(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.4.9600.16384_x64__8wekyb3d8bbwe\livecomm.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe() C:\Program Files (x86)\Plus Internet\Plus Internet.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe(random) C:\Program Files (x86)\PacificPoker\bin\poker.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Atheros Communications)HKLM\...\Run: [Windows Mobile-based device management] => %windir%\WindowsMobile\wmdcBase.exeHKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-11-21] (Intel Corporation)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-24] (Avast Software s.r.o.)HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [Plus Internet] => C:\Program Files (x86)\Plus Internet\PlusInternetChecker.exe [645040 2012-09-28] ()HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1577275202-546194520-1271563289-1001\...\Run: [DAEMON Tools Lite] => "E:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorunHKU\S-1-5-21-1577275202-546194520-1271563289-1001\...\Run: [Facebook Update] => C:\Users\Marcin\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-06-10] (Facebook Inc.)HKU\S-1-5-21-1577275202-546194520-1271563289-1001\...\Run: [Steam] => "E:\Steam\steam.exe" -silentHKU\S-1-5-21-1577275202-546194520-1271563289-1001\...\Run: [CPN Notifier] => C:\Program Files (x86)\UvsPoker\PokerNotifier.exeHKU\S-1-5-21-1577275202-546194520-1271563289-1001\...\MountPoints2: {00a2b69f-dad3-11e3-bf03-50b7c3e164a9} - "G:\AutoRun.exe" HKU\S-1-5-21-1577275202-546194520-1271563289-1001\...\MountPoints2: {18e6be27-d0cb-11e4-bf54-00a0c6000000} - "G:\AutoRun.exe" HKU\S-1-5-21-1577275202-546194520-1271563289-1001\...\MountPoints2: {4f6e08cd-c2f4-11e2-be93-50b7c3e164aa} - "G:\AutoRun.exe" HKU\S-1-5-21-1577275202-546194520-1271563289-1001\...\MountPoints2: {4f6e09c0-c2f4-11e2-be93-50b7c3e164aa} - "I:\AutoRun.exe" HKU\S-1-5-21-1577275202-546194520-1271563289-1002\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-24] (Avast Software s.r.o.)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKU\S-1-5-21-1577275202-546194520-1271563289-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com/HKU\S-1-5-21-1577275202-546194520-1271563289-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.comURLSearchHook: [S-1-5-21-1577275202-546194520-1271563289-1002] ATTENTION ==> Default URLSearchHook is missingSearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1577275202-546194520-1271563289-1001 -> {255F6B65-DB46-4392-A798-6749D0F7F98F} URL = BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-10-31] (Qualcomm Atheros Commnucations)BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-24] (Avast Software s.r.o.)BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-07-01] (Oracle Corporation)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-24] (Avast Software s.r.o.)BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-07-01] (Oracle Corporation)Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No FileToolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No FileTcpip\..\Interfaces\{77B99754-0C1A-44A2-91CE-425112E04856}: [NameServer] 8.8.8.8,8.8.4.4Tcpip\..\Interfaces\{77B99754-0C1A-44A2-91CE-425112E04856}: [DhcpNameServer] 10.5.51.1 192.168.2.1 194.204.159.1Tcpip\..\Interfaces\{957770F2-4A64-4D33-90F9-51BFC76BA464}: [NameServer] 212.2.96.51 212.2.96.52FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll [2015-02-04] ()FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll [2015-02-04] ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
pIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT
pIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin
pDeployJava1.dll [2015-07-01] (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2
pjp2.dll [2015-07-01] (Oracle Corporation)FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0
pctrl.dll [2015-04-15] ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster
pPandoWebPlugin.dll No FileFF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5
pGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5
pGoogleUpdate3.dll [2015-05-17] (Google Inc.)FF Plugin HKU\S-1-5-21-1577275202-546194520-1271563289-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Marcin\AppData\Local\Facebook\Video\Skype
pFacebookVideoCalling.dll [2014-07-24] (Skype Limited)FF Plugin HKU\S-1-5-21-1577275202-546194520-1271563289-1001: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher
puplaypc.dll No FileFF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-06-09]Chrome&#058; =======CHR Profile: C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Slides) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-25]CHR Extension: (Google Docs) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-04-14]CHR Extension: (Google Drive) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-04-14]CHR Extension: (YouTube) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-14]CHR Extension: (Google Search) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-14]CHR Extension: (Google Sheets) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-25]CHR Extension: (Avast Online Security) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-08-04]CHR Extension: (Google Wallet) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions
mmhkkegccagdldgiimedpiccmgmieda [2013-08-22]CHR Extension: (Gmail) - C:\Users\Marcin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-14]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-06-24]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations) [File not signed]R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-24] (Avast Software s.r.o.)S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast
g\vbox\AvastVBoxSVC.exe [4034896 2015-06-24] (Avast Software)R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-03-26] (Fork Ltd.) [File not signed]R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-09-05] (Samsung Electronics CO., LTD.)S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [175136 2014-10-02] (EasyAntiCheat Ltd)R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-21] (Intel Corporation)S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)R2 postgresql-x64-9.0; C:\Program Files (x86)\PostgreSQL\9.0\bin\pg_ctl.exe [111104 2012-09-21] (PostgreSQL Global Development Group) [File not signed]S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)S3 Origin Client Service; E:\Origin\OriginClientService.exe [X]==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-24] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-24] (Avast Software s.r.o.)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-24] (Avast Software s.r.o.)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-24] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-24] (Avast Software s.r.o.)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-27] (Avast Software s.r.o.)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-24] (Avast Software s.r.o.)S3 aswTap; C:\Windows\system32\DRIVERS\aswTap.sys [44640 2014-08-04] (The OpenVPN Project)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-24] ()R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-11-21] ()S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-10-31] (Qualcomm Atheros)S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2013-04-15] (DT Soft Ltd)S3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [45112 2014-12-13] (LogMeIn Inc.)R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-11-21] ()R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast
g\vbox\VBoxAswDrv.sys [273824 2015-06-24] (Avast Software)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]==================== NetSvcs (Whitelisted) ===================(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)==================== One Month Created files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-07-03 15:54 - 2015-07-03 15:54 - 00019228 _____ C:\Users\Marcin\Downloads\FRST.txt2015-07-03 15:54 - 2015-07-03 15:54 - 00000000 ____D C:\FRST2015-07-03 15:53 - 2015-07-03 15:53 - 02112512 _____ (Farbar) C:\Users\Marcin\Downloads\FRST64.exe2015-07-03 15:41 - 2015-07-03 15:49 - 00000000 ____D C:\AdwCleaner2015-07-03 15:39 - 2015-07-03 15:40 - 02244096 _____ C:\Users\Marcin\Downloads\adwcleaner_4.207.exe2015-07-02 20:02 - 2015-07-02 20:02 - 00001704 _____ C:\Users\Marcin\Desktop\KQ vs Q2 kurestwo jebane.txt2015-07-02 17:49 - 2015-07-02 17:49 - 00001526 _____ C:\Users\Marcin\Desktop\AK vs KJo dowod.txt2015-07-01 17:38 - 2015-07-01 17:38 - 00001667 _____ C:\Users\Marcin\Desktop\jj vs j3o !! dowod.txt2015-07-01 15:06 - 2015-07-01 15:06 - 00001340 _____ C:\Users\Marcin\Desktop\55 vs 34.txt2015-07-01 15:05 - 2015-07-01 15:05 - 00562784 _____ (Oracle Corporation) C:\Users\Marcin\Downloads\jre-8u45-windows-i586-iftw.exe2015-07-01 03:18 - 2015-07-01 03:20 - 67299240 _____ C:\Users\Marcin\Downloads\PT-Install-v4.13.5.exe2015-06-30 20:56 - 2015-06-30 20:56 - 00034259 _____ C:\Users\Marcin\Downloads	he_crucible_n24_pl_57391.zip2015-06-30 19:40 - 2015-06-30 19:40 - 00002651 _____ C:\Users\Marcin\Desktop\TT vs AJ nierealny dowod na bota!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.txt2015-06-30 16:02 - 2015-06-30 16:02 - 00000000 _____ C:\Users\Marcin\Desktop\ak vs aj (2).txt2015-06-28 19:22 - 2015-06-28 19:23 - 00001288 _____ C:\Users\Marcin\Desktop\a9 vs q6o!!!.txt2015-06-28 00:42 - 2015-06-28 00:42 - 00001632 _____ C:\Users\Marcin\Desktop\KJ vs QT dowód!!!!!!!!!!!!!.txt2015-06-27 22:47 - 2015-06-27 22:47 - 00001467 _____ C:\Users\Marcin\Desktop\ak vs aj.txt2015-06-27 00:06 - 2015-06-27 00:07 - 00001216 _____ C:\Users\Marcin\Desktop\AJ vs TJo snap semi ft.txt2015-06-25 02:13 - 2015-06-25 02:13 - 00002283 _____ C:\Users\Marcin\Desktop\Google Chrome.lnk2015-06-25 00:29 - 2015-06-25 00:29 - 00000000 _____ C:\Users\Marcin\Desktop\blablacar ostroleka.txt2015-06-24 22:09 - 2015-06-24 22:09 - 00000043 _____ C:\Users\Marcin\Desktop\przypowieść o gołębiach.txt2015-06-24 02:20 - 2015-06-24 02:20 - 00364472 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\aswBoot.exe2015-06-24 02:20 - 2015-06-24 02:20 - 00043112 _____ (Avast Software s.r.o.) C:\WINDOWS\avastSS.scr2015-06-24 01:39 - 2015-06-24 01:39 - 00001365 _____ C:\Users\Marcin\Desktop\109 highrollers buble.txt2015-06-20 16:17 - 2015-06-20 16:17 - 00000000 ____D C:\ProgramData\Blizzard Entertainment2015-06-20 16:17 - 2015-06-20 16:17 - 00000000 ____D C:\ProgramData\Battle.net2015-06-20 13:24 - 2015-06-20 13:26 - 00002623 _____ C:\Users\Marcin\Desktop\QJ vs K7 kurestwo oszukanstwo jebane ogromny dowod na bota.txt2015-06-18 14:43 - 2015-06-18 14:43 - 00001302 _____ C:\Users\Marcin\Desktop\qq vs AT ogromny dowod na bta.txt2015-06-18 05:14 - 2015-06-18 05:15 - 67376720 _____ C:\Users\Marcin\Downloads\PT-Install-v4.13.4.exe2015-06-17 05:35 - 2015-06-17 05:35 - 00001764 _____ C:\Users\Marcin\Desktop\qq vs aj.txt2015-06-16 12:05 - 2015-06-16 12:10 - 00000000 ____D C:\Users\Marcin\Documents\Orcs Must Die2015-06-16 06:37 - 2015-06-16 06:37 - 00000000 ____D C:\Users\Marcin\AppData\Local\2DBoy2015-06-16 06:37 - 2015-06-16 06:37 - 00000000 ____D C:\ProgramData\2DBoy2015-06-16 02:53 - 2015-06-16 02:53 - 00001844 _____ C:\Users\Marcin\Desktop\JJ vs a7.txt2015-06-14 08:17 - 2015-06-14 08:17 - 00000000 _____ C:\Users\Marcin\Desktop\you cant kill yourself before you get publish.txt2015-06-14 02:48 - 2015-06-14 02:50 - 00002692 _____ C:\Users\Marcin\Desktop\JT vs A9 semi ft!!! dowod na bota.txt2015-06-13 23:38 - 2015-06-13 23:38 - 00001582 _____ C:\Users\Marcin\Desktop\KK vs A% dowod.txt2015-06-13 07:26 - 2015-06-13 07:26 - 00039917 _____ C:\Users\Marcin\Downloadsedacted.(2007).eng.1cd.(3248040).zip2015-06-13 07:14 - 2015-06-13 07:15 - 00001278 _____ C:\Users\Marcin\Desktop\AK vs QJ SNAP FT DOWOD!!!!.txt2015-06-13 00:32 - 2015-06-13 00:32 - 00001755 _____ C:\Users\Marcin\Desktop\K9 vs Q6 wiedzial w snapie.txt2015-06-12 23:13 - 2015-06-12 23:13 - 00000000 _____ C:\Users\Marcin\Desktop\pieniadz nie ma wartosci, gdy ludzie sie zorientuja bedzie koniec, ale wiekszosc jest tak glupia.txt2015-06-11 04:13 - 2015-06-14 17:32 - 00000000 ____D C:\Users\Marcin\Desktop\soundtracks2015-06-11 02:46 - 2015-06-11 02:46 - 00001193 _____ C:\Users\Marcin\Desktop\FT a2 Vs TT KURWA MAC.txt2015-06-11 02:20 - 2015-06-11 02:21 - 00001712 _____ C:\Users\Marcin\Desktop\snap ft nierealny smiec.txt2015-06-10 07:40 - 2015-06-10 07:40 - 00000000 _____ C:\Users\Marcin\Desktop\Batman&#8482; Arkham Origins DLC.txt2015-06-10 07:39 - 2015-06-10 07:39 - 00000017 _____ C:\Users\Marcin\Desktop\company of heroes key.txt2015-06-10 07:28 - 2015-06-10 07:35 - 00000366 _____ C:\Users\Marcin\Desktop\meditation soundtrack bundle download!.txt2015-06-10 00:21 - 2015-06-10 00:21 - 00000000 ____D C:\Users\Marcin\Desktop\gothic 3 ini2015-06-09 21:38 - 2015-06-09 21:39 - 00001458 _____ C:\Users\Marcin\Desktop\aqs vs 97o Semi ft!.txt2015-06-09 00:35 - 2015-06-09 00:36 - 00001491 _____ C:\Users\Marcin\Desktop\77 vs Q( snap.txt2015-06-08 06:37 - 2015-06-08 06:37 - 00001781 _____ C:\Users\Marcin\Desktop\AJ vs 72o!!!! turek za 5RA prawdziwy dowod na bot.txt2015-06-08 00:10 - 2015-06-08 00:10 - 00002275 _____ C:\Users\Public\Desktop\PokerStrategy.com Equilab.lnk2015-06-08 00:10 - 2015-06-08 00:10 - 00000000 ____D C:\Users\Marcin\AppData\Local\Equilab2015-06-08 00:10 - 2015-06-08 00:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com2015-06-08 00:09 - 2015-06-08 00:09 - 00000000 ____D C:\Program Files (x86)\PokerStrategy.com2015-06-08 00:04 - 2015-06-08 00:04 - 10592148 _____ (PokerStrategy.com ) C:\Users\Marcin\Downloads\equilab.exe2015-06-07 06:50 - 2015-06-07 06:50 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-06-05 03:18 - 2015-06-05 03:18 - 00001490 _____ C:\Users\Marcin\Desktop\KK vs 33 AJ.txt==================== One Month Modified files and folders ========(If an entry is included in the fixlist, the file/folder will be moved.)2015-07-03 15:52 - 2012-11-26 06:06 - 00000000 ____D C:\ProgramData\WinClon2015-07-03 15:51 - 2014-02-12 02:39 - 01352817 _____ C:\WINDOWS\WindowsUpdate.log2015-07-03 15:50 - 2014-02-12 02:50 - 00000000 __RDO C:\Users\Marcin\SkyDrive2015-07-03 15:50 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT2015-07-03 15:50 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI2015-07-03 15:50 - 2013-04-14 08:47 - 00001068 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2015-07-03 15:50 - 2012-11-26 05:57 - 00000868 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job2015-07-03 15:30 - 2015-02-04 19:24 - 00000930 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job2015-07-03 15:12 - 2013-04-09 16:46 - 00000000 ____D C:\Users\Marcin\AppData\Local\PokerTracker 42015-07-03 15:12 - 2013-04-09 16:46 - 00000000 ____D C:\Program Files (x86)\PokerTracker 42015-07-03 15:10 - 2013-11-14 09:33 - 01855638 _____ C:\WINDOWS\system32\PerfStringBackup.INI2015-07-03 15:10 - 2013-11-14 09:13 - 00817424 _____ C:\WINDOWS\system32\perfh015.dat2015-07-03 15:10 - 2013-11-14 09:13 - 00169170 _____ C:\WINDOWS\system32\perfc015.dat2015-07-03 15:10 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\sru2015-07-03 15:10 - 2013-04-09 16:43 - 00000000 ____D C:\Users\Marcin\Documents\888poker2015-07-03 08:18 - 2013-06-10 23:13 - 00000948 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1577275202-546194520-1271563289-1001UA.job2015-07-03 08:02 - 2013-04-14 08:47 - 00001072 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2015-07-02 23:18 - 2013-06-10 23:13 - 00000926 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1577275202-546194520-1271563289-1001Core.job2015-07-02 20:14 - 2013-04-09 19:31 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\BitTorrent2015-07-02 16:51 - 2014-02-12 02:33 - 00000000 ____D C:\Users\Marcin2015-07-01 21:18 - 2013-11-21 02:09 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\Skype2015-07-01 20:52 - 2013-04-09 16:36 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1577275202-546194520-1271563289-10012015-07-01 15:09 - 2015-03-25 03:05 - 00000000 ____D C:\ProgramData\Oracle2015-07-01 15:09 - 2015-03-25 03:05 - 00000000 ____D C:\Program Files (x86)\Java2015-07-01 15:08 - 2015-03-25 03:06 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll2015-07-01 14:58 - 2014-02-12 02:33 - 00000000 ____D C:\Users\postgres2015-07-01 03:21 - 2014-02-02 14:30 - 00001096 _____ C:\Users\Marcin\Desktop\PokerTracker 4.lnk2015-07-01 03:21 - 2013-06-06 01:27 - 00001096 _____ C:\Users\postgres\Desktop\PokerTracker 4.lnk2015-06-28 13:19 - 2014-11-20 19:12 - 00000000 ____D C:\Users\Marcin\Documents\My Games2015-06-28 13:19 - 2013-04-15 09:29 - 00667072 _____ C:\WINDOWS\DirectX.log2015-06-27 17:44 - 2014-01-19 12:21 - 00004182 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update2015-06-27 02:20 - 2013-06-09 14:32 - 00442264 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswsp.sys2015-06-25 02:12 - 2013-11-14 00:22 - 00066348 _____ C:\WINDOWS\PFRO.log2015-06-24 16:46 - 2013-04-09 17:01 - 00000000 ____D C:\Users\Marcin\AppData\Local\Google2015-06-24 02:20 - 2014-08-04 16:46 - 00029168 _____ C:\WINDOWS\system32\Drivers\aswHwid.sys2015-06-24 02:20 - 2014-01-19 12:21 - 00137288 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswStm.sys2015-06-24 02:20 - 2013-06-09 14:32 - 01047320 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswSnx.sys2015-06-24 02:20 - 2013-06-09 14:32 - 00272248 _____ C:\WINDOWS\system32\Drivers\aswVmm.sys2015-06-24 02:20 - 2013-06-09 14:32 - 00093528 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswRdr2.sys2015-06-24 02:20 - 2013-06-09 14:32 - 00089944 _____ (Avast Software s.r.o.) C:\WINDOWS\system32\Drivers\aswMonFlt.sys2015-06-24 02:20 - 2013-06-09 14:32 - 00065736 _____ C:\WINDOWS\system32\Drivers\aswRvrt.sys2015-06-23 08:48 - 2015-03-31 03:39 - 00000000 ____D C:\Users\Marcin\AppData\Local\Soul Gambler2015-06-21 11:11 - 2012-11-26 05:57 - 00000870 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job2015-06-20 16:18 - 2013-12-10 20:48 - 00000000 ____D C:\Users\Marcin\AppData\Local\Battle.net2015-06-17 05:43 - 2013-04-17 23:03 - 00000000 ____D C:\Users\Marcin\AppData\Local\PokerStars.EU2015-06-16 01:54 - 2014-07-08 20:22 - 00000000 ____D C:\Users\Marcin\Desktop\dokumenta2015-06-11 01:05 - 2013-04-17 23:03 - 00000000 ____D C:\Program Files (x86)\PokerStars.EU2015-06-09 07:43 - 2013-04-14 14:22 - 00000000 ____D C:\Users\Marcin\AppData\Roaming\EurekaLog2015-06-08 11:15 - 2014-12-07 14:41 - 00000000 ____D C:\Users\Marcin\Documents\gothic32015-06-08 06:08 - 2015-01-11 17:01 - 00000000 ____D C:\Users\Marcin\Desktop\boty dowody2015-06-08 00:04 - 2013-12-12 01:41 - 00000000 ____D C:\Users\Marcin\AppData\Local\Downloaded Installations2015-06-07 06:50 - 2014-04-27 22:51 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2015-06-07 06:50 - 2014-04-27 22:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware2015-06-07 05:24 - 2013-06-09 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive==================== Files in the root of some directories =======2014-07-10 03:41 - 2014-09-19 01:42 - 0051984 _____ () C:\Users\Marcin\AppData\Roaming\crashdump.dmp2013-12-12 12:28 - 2013-12-12 12:28 - 0000094 _____ () C:\Users\Marcin\AppData\Local\fusioncache.dat2014-04-01 21:52 - 2014-04-01 21:52 - 0000000 ___SH () C:\Users\Marcin\AppData\Local\LumaEmu2013-04-12 03:37 - 2013-04-12 03:37 - 0000017 _____ () C:\Users\Marcin\AppData\Localesmon.resmoncfg2013-04-09 16:46 - 2013-04-09 16:46 - 0005100 _____ () C:\ProgramData\flwjycbm.bab2015-05-20 20:34 - 2015-05-20 20:34 - 0005071 _____ () C:\ProgramData\kmytnfun.aqy2012-11-26 06:14 - 2012-08-08 06:07 - 2258432 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe2012-11-26 06:14 - 2012-08-07 12:11 - 0003196 _____ () C:\ProgramData\MakeMarkerFile.xml2015-05-20 20:34 - 2015-05-20 20:34 - 0000016 _____ () C:\ProgramData\mntempFiles to move or delete:====================C:\ProgramData\MakeMarkerFile.exeC:\Users\EasySurvey\EasySurvey.exeSome files in TEMP:====================C:\Users\Marcin\AppData\Local\Temp\drm_dyndata_7400009.dllC:\Users\Marcin\AppData\Local\Temp\jre-8u45-windows-au.exeC:\Users\Marcin\AppData\Local\Temp\Quarantine.exeC:\Users\Marcin\AppData\Local\Temp\setup.exeC:\Users\Marcin\AppData\Local\Temp\SkypeSetup.exeC:\Users\Marcin\AppData\Local\Temp\sqlite3.dll==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32pcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-07-02 17:12==================== End of log ============================Czy ktoś kto zna ten problem może pomóc?

marinhos · Answer

Addition w załączniku

marinhos · Answer

Acorus 20: dzięki szefie.Możesz wyjaśnić, co zrobiłeś? Problem chyba zniknął. Ciekawi mnie co to było?