Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-05-2013
Ran by jacek (administrator) on 29-05-2013 14:42:00
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(OldTimer Tools) F:\OTL.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Farbar) F:\FRST64.exe
(Facebook Inc.) C:\Users\jacek\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKCU\...\Run: [Gadu-Gadu 10] "C:\Program Files (x86)\Gadu-Gadu 10\gg.exe" [13374048 2011-07-04] (GG Network S.A.)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\jacek\AppData\Roaming\skype.dat <==== ATTENTION 
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-08-18] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [345312 2013-05-02] (Avira Operations GmbH & Co. KG)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.pl/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com?pc=HPNTDF
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com?pc=HPNTDF
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {98E71850-EE89-4F13-B1CC-C8EAF4E4F3F5} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://pl.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {98E71850-EE89-4F13-B1CC-C8EAF4E4F3F5} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://pl.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {98E71850-EE89-4F13-B1CC-C8EAF4E4F3F5} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://pl.wikipedia.org/wiki/Special:Search?search={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Pomocnik logowania za pomocą identyfikatora Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: ipp - No CLSID Value - 
Handler: msdaipp - No CLSID Value - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: ipp - No CLSID Value - 
Handler-x32: msdaipp - No CLSID Value - 
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2011-05-28] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\jacek\AppData\Roaming\Mozilla\Firefox\Profiles\bklovfcb.default
FF Homepage: google.pl
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752 2013-04-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816 2013-04-19] (Avira Operations GmbH & Co. KG)
S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)

==================== Drivers (Whitelisted) ====================

R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3678720 2012-06-20] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; system32\DRIVERS\avgntflt.sys [x]
R1 avipbb; system32\DRIVERS\avipbb.sys [x]
R1 avkmgr; system32\DRIVERS\avkmgr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-29 23:04 - 2013-05-29 23:04 - 00000000 ____D C:\FRST
2013-05-29 17:21 - 2013-05-29 17:21 - 00003288 ____N C:\bootsqm.dat
2013-05-29 14:55 - 2013-05-29 14:54 - 01915774 ____A (Farbar) C:\FRST64.exe
2013-05-28 23:02 - 2013-05-28 23:02 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
2013-05-21 20:49 - 2013-05-21 20:49 - 00000000 ____D C:\Users\jacek\AppData\Local\{521C5E4C-E780-4012-899D-7AA1378A4C08}
2013-05-20 14:04 - 2013-05-20 14:04 - 00000000 ____D C:\Users\jacek\AppData\Local\{1820E3FE-E12B-4CD5-9A03-C7353F06E515}
2013-05-20 14:02 - 2013-05-20 14:02 - 00000000 ____D C:\Users\jacek\AppData\Local\{7C27C565-4E04-4D5B-B72F-A12A9FB56573}
2013-05-15 16:14 - 2013-04-10 08:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 16:14 - 2013-04-10 08:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-05-15 16:14 - 2013-04-10 05:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-15 16:14 - 2013-03-19 07:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-05-15 16:14 - 2013-03-19 07:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-05-15 16:14 - 2013-02-27 08:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-05-15 16:14 - 2013-02-27 07:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-15 16:14 - 2013-02-27 07:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-05-15 16:14 - 2013-02-27 07:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-05-15 16:14 - 2013-02-27 07:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-05-15 16:14 - 2013-02-27 06:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-05-15 16:14 - 2013-02-27 06:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-05-15 16:14 - 2013-02-27 06:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-05-15 16:14 - 2011-02-03 13:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-02 16:54 - 2013-05-02 16:54 - 00000000 ____D C:\Users\jacek\AppData\Local\{D2475916-49B6-4220-9421-5D2947B35CFE}
2013-05-02 10:51 - 2013-05-02 10:51 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys

==================== One Month Modified Files and Folders =======

2013-05-29 23:04 - 2013-05-29 23:04 - 00000000 ____D C:\FRST
2013-05-29 17:32 - 2011-08-14 01:44 - 01253455 ____A C:\Windows\WindowsUpdate.log
2013-05-29 17:30 - 2009-07-14 06:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-29 17:30 - 2009-07-14 06:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-29 17:22 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-29 17:22 - 2009-07-14 06:51 - 00229685 ____A C:\Windows\setupact.log
2013-05-29 17:21 - 2013-05-29 17:21 - 00003288 ____N C:\bootsqm.dat
2013-05-29 14:54 - 2013-05-29 14:55 - 01915774 ____A (Farbar) C:\FRST64.exe
2013-05-29 14:42 - 2012-09-12 20:37 - 00000928 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1273909550-2487503245-638697518-1000UA.job
2013-05-29 01:41 - 2011-05-28 11:13 - 00698590 ____A C:\Windows\System32\perfh015.dat
2013-05-29 01:41 - 2011-05-28 11:13 - 00135410 ____A C:\Windows\System32\perfc015.dat
2013-05-29 01:41 - 2009-07-14 07:13 - 01551444 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-29 01:10 - 2011-10-05 14:27 - 00000000 ____D C:\users\jacek
2013-05-29 01:10 - 2007-01-02 03:32 - 00000000 ____D C:\users\Administrator
2013-05-28 23:02 - 2013-05-28 23:02 - 00000017 ____A C:\Windows\SysWOW64\shortcut_ex.dat
2013-05-24 16:00 - 2012-04-17 16:18 - 00000930 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-24 11:16 - 2013-03-16 11:06 - 00174653 ____A C:\Windows\IE9_main.log
2013-05-22 20:42 - 2012-09-12 20:37 - 00000906 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1273909550-2487503245-638697518-1000Core.job
2013-05-21 20:49 - 2013-05-21 20:49 - 00000000 ____D C:\Users\jacek\AppData\Local\{521C5E4C-E780-4012-899D-7AA1378A4C08}
2013-05-21 16:29 - 2012-05-19 23:56 - 00168448 __ASH C:\Users\jacek\Documents\Thumbs.db
2013-05-21 16:29 - 2011-12-12 16:01 - 00000000 ____D C:\Users\jacek\AppData\Roaming\OpenOffice.org2
2013-05-20 23:07 - 2010-11-21 05:47 - 00391690 ____A C:\Windows\PFRO.log
2013-05-20 14:04 - 2013-05-20 14:04 - 00000000 ____D C:\Users\jacek\AppData\Local\{1820E3FE-E12B-4CD5-9A03-C7353F06E515}
2013-05-20 14:02 - 2013-05-20 14:02 - 00000000 ____D C:\Users\jacek\AppData\Local\{7C27C565-4E04-4D5B-B72F-A12A9FB56573}
2013-05-17 18:20 - 2012-07-25 08:34 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-15 19:15 - 2012-04-17 16:18 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-15 19:15 - 2012-04-17 16:18 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-15 17:33 - 2009-07-14 06:45 - 00304096 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-14 17:11 - 2009-07-14 07:08 - 00032608 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-13 00:57 - 2012-05-13 19:58 - 00000000 ____D C:\Users\jacek\Desktop\Nowy folder
2013-05-03 11:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\System32\NDF
2013-05-02 16:54 - 2013-05-02 16:54 - 00000000 ____D C:\Users\jacek\AppData\Local\{D2475916-49B6-4220-9421-5D2947B35CFE}
2013-05-02 10:51 - 2013-05-02 10:51 - 00083160 ____A (Avira GmbH) C:\Windows\System32\Drivers\avnetflt.sys
2013-05-02 02:06 - 2010-11-21 05:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-16 19:44

==================== End Of Log ============================