Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-09-2013 03 Ran by Paweł (administrator) on PAWEŁ-KOMPUTER on 05-09-2013 15:49:59 Running from F:\ Microsoft Windows 7 Professional (X86) OS Language: Polish Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe () C:\Program Files\blueconnect\AssistantServices.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe () C:\Program Files\blueconnect\UIExec.exe (Redefine Sp z o.o.) C:\Program Files\ipla\ipla.exe (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2215064 2010-08-12] (ESET) HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.) HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2012-01-03] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-02] (Adobe Systems Incorporated) HKLM\...\Run: [UIExec] - C:\Program Files\blueconnect\UIExec.exe [138072 2010-08-02] () HKCU\...\Run: [IPLA!] - C:\Program Files\ipla\ipla.exe [19856840 2012-01-31] (Redefine Sp z o.o.) HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [17877168 2012-11-09] (Skype Technologies S.A.) HKCU\...\Run: [GG] - C:\Users\Paweł\AppData\Local\GG\Application\gghub.exe [3365440 2013-05-23] (GG Network S.A.) MountPoints2: {8f4130d1-a989-11e2-b406-001b24ab2420} - F:\windows\Install\Install.exe MountPoints2: {9af1464d-5414-11e1-b3b1-001b24ab2420} - F:\Install.exe ==================== Internet (Whitelisted) ==================== SearchScopes: HKLM - DefaultScope value is missing. BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 85.128.107.242 213.134.134.134 FireFox: ======== FF ProfilePath: C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\lygss5xw.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird Chrome: ======= CHR RestoreOnStartup: "hxxp://www.google.pl/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\29.0.1547.62\pdf.dll () CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) CHR Plugin: (Java(TM) Platform SE 6 U29) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) CHR Plugin: (RealPlayer Version Plugin) - C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () CHR Extension: (Docs) - C:\Users\PAWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0 CHR Extension: (Gmail) - C:\Users\PAWE~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ========================== Services (Whitelisted) ================= S3 EhttpSrv; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [33584 2010-08-12] (ESET) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [810144 2010-08-12] (ESET) R2 UI Assistant Service; C:\Program Files\blueconnect\AssistantServices.exe [247152 2010-08-02] () ==================== Drivers (Whitelisted) ==================== R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation) R2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET) R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [96920 2010-07-29] (ESET) R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation) R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-05 15:43 - 2013-09-05 15:45 - 00000000 ____D C:\AdwCleaner 2013-09-05 15:36 - 2013-09-05 15:36 - 00000000 ____D C:\Users\Paweł\Desktop\Stare dane programu Firefox 2013-09-04 20:24 - 2013-09-04 20:24 - 00000000 ____D C:\FRST 2013-09-03 21:11 - 2013-09-05 15:46 - 00001290 _____ C:\Windows\setupact.log 2013-09-03 21:11 - 2013-09-03 21:11 - 00000000 _____ C:\Windows\setuperr.log 2013-09-03 21:06 - 2013-09-03 21:06 - 00000639 _____ C:\Users\Paweł\Desktop\Muzyka — skrót.lnk 2013-09-03 20:47 - 2013-09-03 20:47 - 00000697 _____ C:\Users\Paweł\Desktop\mariolka fotki — skrót.lnk 2013-09-03 20:47 - 2013-09-03 20:47 - 00000630 _____ C:\Users\Paweł\Desktop\Filmy — skrót.lnk 2013-09-03 20:46 - 2013-09-03 20:46 - 00000683 _____ C:\Users\Paweł\Desktop\Międzyzdroje — skrót.lnk 2013-09-03 20:46 - 2013-09-03 20:46 - 00000676 _____ C:\Users\Paweł\Desktop\nasze fotki — skrót.lnk 2013-09-03 20:46 - 2013-09-03 20:46 - 00000648 _____ C:\Users\Paweł\Desktop\Zdjęcia — skrót.lnk 2013-09-03 19:25 - 2013-09-03 19:25 - 00000000 ____D C:\Windows\erdnt 2013-08-20 11:21 - 2013-08-30 16:35 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-08-20 11:19 - 2013-09-05 15:47 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-20 11:19 - 2013-09-05 15:30 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-20 11:19 - 2013-08-20 11:19 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-08-20 11:19 - 2013-08-20 11:19 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-08-20 11:19 - 2013-08-20 11:19 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-08-20 11:18 - 2013-08-20 11:23 - 00000000 ____D C:\Users\PAWE~1\AppData\Local\Google 2013-08-20 11:18 - 2013-08-20 11:21 - 00000000 ____D C:\Program Files\Google 2013-08-20 11:18 - 2013-05-09 10:58 - 00229648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe 2013-08-20 11:16 - 2013-08-20 11:16 - 00000000 ____D C:\Program Files\AVAST Software 2013-08-20 11:14 - 2013-09-05 15:31 - 00000000 ____D C:\ProgramData\AVAST Software 2013-08-20 11:13 - 2013-08-20 11:13 - 117478104 _____ C:\Users\Paweł\Downloads\avast_free_antivirus_setup.exe 2013-08-18 19:50 - 2013-08-20 11:10 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-14 12:30 - 2013-08-14 12:31 - 00000000 ____D C:\Windows\system32\MRT ==================== One Month Modified Files and Folders ======= 2013-09-05 15:47 - 2013-08-20 11:19 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-09-05 15:47 - 2013-06-06 11:28 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\GG 2013-09-05 15:47 - 2012-04-06 20:22 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\ipla 2013-09-05 15:46 - 2013-09-03 21:11 - 00001290 _____ C:\Windows\setupact.log 2013-09-05 15:46 - 2011-12-28 16:38 - 01932167 _____ C:\Windows\WindowsUpdate.log 2013-09-05 15:46 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-05 15:45 - 2013-09-05 15:43 - 00000000 ____D C:\AdwCleaner 2013-09-05 15:39 - 2009-07-14 06:34 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-05 15:39 - 2009-07-14 06:34 - 00020720 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-05 15:36 - 2013-09-05 15:36 - 00000000 ____D C:\Users\Paweł\Desktop\Stare dane programu Firefox 2013-09-05 15:35 - 2011-12-28 16:46 - 01523412 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-05 15:35 - 2009-07-19 13:48 - 00687828 _____ C:\Windows\system32\perfh015.dat 2013-09-05 15:35 - 2009-07-19 13:48 - 00131382 _____ C:\Windows\system32\perfc015.dat 2013-09-05 15:31 - 2013-08-20 11:14 - 00000000 ____D C:\ProgramData\AVAST Software 2013-09-05 15:31 - 2011-12-28 21:42 - 00010760 _____ C:\Windows\PFRO.log 2013-09-05 15:30 - 2013-08-20 11:19 - 00001034 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-09-04 20:24 - 2013-09-04 20:24 - 00000000 ____D C:\FRST 2013-09-04 03:31 - 2011-12-31 10:54 - 00000000 ____D C:\Users\Paweł\AppData\Roaming\Skype 2013-09-03 21:11 - 2013-09-03 21:11 - 00000000 _____ C:\Windows\setuperr.log 2013-09-03 21:06 - 2013-09-03 21:06 - 00000639 _____ C:\Users\Paweł\Desktop\Muzyka — skrót.lnk 2013-09-03 20:47 - 2013-09-03 20:47 - 00000697 _____ C:\Users\Paweł\Desktop\mariolka fotki — skrót.lnk 2013-09-03 20:47 - 2013-09-03 20:47 - 00000630 _____ C:\Users\Paweł\Desktop\Filmy — skrót.lnk 2013-09-03 20:46 - 2013-09-03 20:46 - 00000683 _____ C:\Users\Paweł\Desktop\Międzyzdroje — skrót.lnk 2013-09-03 20:46 - 2013-09-03 20:46 - 00000676 _____ C:\Users\Paweł\Desktop\nasze fotki — skrót.lnk 2013-09-03 20:46 - 2013-09-03 20:46 - 00000648 _____ C:\Users\Paweł\Desktop\Zdjęcia — skrót.lnk 2013-09-03 19:25 - 2013-09-03 19:25 - 00000000 ____D C:\Windows\erdnt 2013-08-30 16:35 - 2013-08-20 11:21 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2013-08-20 11:23 - 2013-08-20 11:18 - 00000000 ____D C:\Users\PAWE~1\AppData\Local\Google 2013-08-20 11:21 - 2013-08-20 11:18 - 00000000 ____D C:\Program Files\Google 2013-08-20 11:19 - 2013-08-20 11:19 - 00000175 _____ C:\Windows\system32\Drivers\aswVmm.sys.sum 2013-08-20 11:19 - 2013-08-20 11:19 - 00000175 _____ C:\Windows\system32\Drivers\aswSP.sys.sum 2013-08-20 11:19 - 2013-08-20 11:19 - 00000175 _____ C:\Windows\system32\Drivers\aswSnx.sys.sum 2013-08-20 11:18 - 2009-07-14 04:04 - 00002577 _____ C:\Windows\system32\config.nt 2013-08-20 11:16 - 2013-08-20 11:16 - 00000000 ____D C:\Program Files\AVAST Software 2013-08-20 11:13 - 2013-08-20 11:13 - 117478104 _____ C:\Users\Paweł\Downloads\avast_free_antivirus_setup.exe 2013-08-20 11:10 - 2013-08-18 19:50 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-08-20 06:46 - 2012-04-28 15:09 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-08-14 12:31 - 2013-08-14 12:30 - 00000000 ____D C:\Windows\system32\MRT 2013-08-14 12:30 - 2011-12-28 17:50 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-14 12:29 - 2011-12-28 21:19 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-08-06 20:30 - 2011-12-28 16:42 - 00000000 ____D C:\Users\Paweł Files to move or delete: ==================== C:\Users\PAWE~1\AppData\Local\Temp\Quarantine.exe C:\Users\PAWE~1\AppData\Local\Temp\uninst1.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-24 10:29 ==================== End Of Log ============================