Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-01-2014 Ran by Git (administrator) on GIT_LAPTOP on 05-01-2014 02:05:22 Running from C:\Users\Git\Downloads Windows 7 Professional Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (AVAST Software) D:\Programy_64\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AVAST Software) D:\Programy_64\Avast\AvastUI.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (OldTimer Tools) C:\Users\Git\Downloads\OTL.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [NSU_agent] - C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe [190768 2012-02-28] () HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.) HKLM-x32\...\Run: [AvastUI.exe] - D:\Programy_64\Avast\AvastUI.exe [3764024 2013-12-29] (AVAST Software) HKCU\...\Run: [] - [x] HKCU\...\Run: [f.lux] - C:\Users\Git\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC) MountPoints2: {1206601c-8065-11e2-9a5e-00242cd05b5e} - F:\setup.exe MountPoints2: {4da0c43f-3f24-11e3-8c70-00242cd05b5e} - F:\Startme.exe ==================== Internet (Whitelisted) ==================== BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Programy_64\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy_64\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programy_64\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Programy_64\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Programy_64\Avast\aswWebRepIE.dll (AVAST Software) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll No File Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Git\AppData\Roaming\Mozilla\Firefox\Profiles\elrzmv3y.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.6 - D:\Programy_64\VideoLAN\VLC\npvlc.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - D:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Git\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: Adblock Plus - C:\Users\Git\AppData\Roaming\Mozilla\Firefox\Profiles\elrzmv3y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Programy_64\Avast\WebRep\FF FF Extension: avast! Online Security - D:\Programy_64\Avast\WebRep\FF FF StartMenuInternet: FIREFOX.EXE - D:\Programy\Mozilla Firefox\firefox.exe Chrome: ======= CHR HomePage: CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.89\npGoogleUpdate3.dll No File CHR Extension: (Google Docs) - C:\Users\Git\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Git\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Git\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Git\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (AdBlock) - C:\Users\Git\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0 CHR Extension: (avast! Online Security) - C:\Users\Git\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2011.70_0 CHR Extension: (Google Wallet) - C:\Users\Git\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0 CHR Extension: (Gmail) - C:\Users\Git\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Programy_64\Avast\WebRep\Chrome\aswWebRepChrome.crx ==================== Services (Whitelisted) ================= R2 avast! Antivirus; D:\Programy_64\Avast\AvastSvc.exe [50344 2013-12-29] (AVAST Software) S3 DAUpdaterSvc; D:\gry_64\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [25832 2009-07-26] (BioWare) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-10-24] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-10-24] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-24] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-24] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-10-24] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-09] (AVAST Software) R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-10-24] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-24] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-02-27] () R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-02-27] (DT Soft Ltd) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-02-27] () R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-05 02:05 - 2014-01-05 02:05 - 00010781 _____ C:\Users\Git\Downloads\FRST.txt 2014-01-05 02:04 - 2014-01-05 02:04 - 00000000 ____D C:\FRST 2014-01-05 02:03 - 2014-01-05 02:03 - 01931368 _____ (Farbar) C:\Users\Git\Downloads\FRST64.exe 2014-01-05 01:58 - 2014-01-05 01:58 - 00088112 _____ C:\Users\Git\Downloads\Extras.Txt 2014-01-05 01:58 - 2014-01-05 01:58 - 00071122 _____ C:\Users\Git\Downloads\OTL.Txt 2014-01-05 01:47 - 2014-01-05 01:47 - 00602112 _____ (OldTimer Tools) C:\Users\Git\Downloads\OTL.exe 2014-01-05 01:22 - 2014-01-05 01:22 - 00000092 _____ C:\Users\Git\Desktop\strona startowa.txt 2014-01-05 01:15 - 2014-01-05 01:15 - 00000538 _____ C:\Users\Git\Downloads\defogger_disable.log 2014-01-05 01:15 - 2014-01-05 01:15 - 00000142 _____ C:\Users\Git\defogger_reenable 2014-01-05 01:08 - 2014-01-05 01:08 - 00050477 _____ C:\Users\Git\Downloads\Defogger.exe 2014-01-05 00:20 - 2014-01-05 00:47 - 00000000 ____D C:\ProgramData\WPM 2014-01-05 00:20 - 2014-01-05 00:29 - 00000000 ____D C:\Program Files (x86)\Desk 365 2014-01-05 00:18 - 2014-01-05 00:37 - 00000000 ____D C:\Users\Git\AppData\Local\Cool_Mirage 2014-01-05 00:18 - 2014-01-05 00:36 - 00000000 ____D C:\Program Files (x86)\SecretSauce 2013-12-27 16:45 - 2013-12-27 16:45 - 00096256 _____ C:\Users\Git\Downloads\Rachunek.dot ==================== One Month Modified Files and Folders ======= 2014-01-05 02:05 - 2014-01-05 02:05 - 00010781 _____ C:\Users\Git\Downloads\FRST.txt 2014-01-05 02:04 - 2014-01-05 02:04 - 00000000 ____D C:\FRST 2014-01-05 02:03 - 2014-01-05 02:03 - 01931368 _____ (Farbar) C:\Users\Git\Downloads\FRST64.exe 2014-01-05 01:58 - 2014-01-05 01:58 - 00088112 _____ C:\Users\Git\Downloads\Extras.Txt 2014-01-05 01:58 - 2014-01-05 01:58 - 00071122 _____ C:\Users\Git\Downloads\OTL.Txt 2014-01-05 01:52 - 2013-02-26 21:18 - 00001042 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-05 01:51 - 2013-02-26 21:18 - 00001038 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-05 01:47 - 2014-01-05 01:47 - 00602112 _____ (OldTimer Tools) C:\Users\Git\Downloads\OTL.exe 2014-01-05 01:46 - 2009-07-14 05:45 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-01-05 01:46 - 2009-07-14 05:45 - 00016928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-01-05 01:44 - 2009-07-14 18:55 - 00740672 _____ C:\Windows\system32\perfh015.dat 2014-01-05 01:44 - 2009-07-14 18:55 - 00156214 _____ C:\Windows\system32\perfc015.dat 2014-01-05 01:44 - 2009-07-14 06:13 - 01670518 _____ C:\Windows\system32\PerfStringBackup.INI 2014-01-05 01:43 - 2013-02-26 20:53 - 01271895 _____ C:\Windows\WindowsUpdate.log 2014-01-05 01:38 - 2013-10-20 00:00 - 00011781 _____ C:\Windows\setupact.log 2014-01-05 01:38 - 2013-03-24 19:47 - 00000196 _____ C:\Windows\Tasks\AutoKMS.job 2014-01-05 01:38 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2014-01-05 01:37 - 2013-10-22 22:13 - 00211390 _____ C:\Windows\PFRO.log 2014-01-05 01:23 - 2013-10-14 11:02 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-01-05 01:22 - 2014-01-05 01:22 - 00000092 _____ C:\Users\Git\Desktop\strona startowa.txt 2014-01-05 01:20 - 2013-02-27 17:43 - 00000000 ____D C:\Users\Git\AppData\Roaming\eDownload 2014-01-05 01:15 - 2014-01-05 01:15 - 00000538 _____ C:\Users\Git\Downloads\defogger_disable.log 2014-01-05 01:15 - 2014-01-05 01:15 - 00000142 _____ C:\Users\Git\defogger_reenable 2014-01-05 01:15 - 2013-05-06 11:28 - 00000000 ____D C:\Users\Git\AppData\Roaming\uTorrent 2014-01-05 01:15 - 2013-02-26 21:02 - 00000000 ____D C:\Users\Git 2014-01-05 01:08 - 2014-01-05 01:08 - 00050477 _____ C:\Users\Git\Downloads\Defogger.exe 2014-01-05 00:48 - 2013-03-24 19:47 - 00000202 _____ C:\Windows\Tasks\AutoKMSDaily.job 2014-01-05 00:47 - 2014-01-05 00:20 - 00000000 ____D C:\ProgramData\WPM 2014-01-05 00:46 - 2013-02-26 21:14 - 00000000 ____D C:\Users\Git\AppData\Roaming\foobar2000 2014-01-05 00:46 - 2013-02-26 21:08 - 00000000 ____D C:\Users\Git\AppData\Local\Mozilla 2014-01-05 00:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2014-01-05 00:46 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat 2014-01-05 00:37 - 2014-01-05 00:18 - 00000000 ____D C:\Users\Git\AppData\Local\Cool_Mirage 2014-01-05 00:36 - 2014-01-05 00:18 - 00000000 ____D C:\Program Files (x86)\SecretSauce 2014-01-05 00:33 - 2013-02-26 20:49 - 00000000 ____D C:\Windows\Panther 2014-01-05 00:29 - 2014-01-05 00:20 - 00000000 ____D C:\Program Files (x86)\Desk 365 2013-12-30 02:57 - 2013-08-16 22:57 - 00029564 _____ C:\Users\Git\Desktop\RACHUNKATOR ver.alpha.xlsx 2013-12-29 23:41 - 2013-02-26 21:18 - 00004148 _____ C:\Windows\System32\Tasks\avast! Emergency Update 2013-12-27 16:45 - 2013-12-27 16:45 - 00096256 _____ C:\Users\Git\Downloads\Rachunek.dot 2013-12-16 17:10 - 2013-04-02 21:31 - 00000411 _____ C:\Windows\BRWMARK.INI 2013-12-13 01:47 - 2013-02-26 21:18 - 00004038 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-12-13 01:46 - 2013-02-26 21:18 - 00003786 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-12-13 01:45 - 2013-10-14 11:02 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-12-13 01:45 - 2013-02-26 23:53 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-12-13 01:45 - 2013-02-26 23:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Users\Git\AppData\Local\Temp\i4jdel0.exe C:\Users\Git\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-12-30 16:46 ==================== End Of Log ============================