Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 Ran by Paweł (administrator) on PAWEL-KOMPUTER on 01-06-2014 13:22:58 Running from C:\Users\Paweł\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polish Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Sony Ericsson Mobile Communications AB) C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-27] (Avira Operations GmbH & Co. KG) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\.DEFAULT\...\RunOnce: [] - [X] HKU\S-1-5-19\...\RunOnce: [] - [X] HKU\S-1-5-20\...\RunOnce: [] - [X] HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\Run: [Sony Ericsson PC Companion] => C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe [774144 2009-12-08] (Sony Ericsson Mobile Communications AB) HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\Policies\Explorer: [NofolderOptions] 0 HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: E - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: H - H:\Installer.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {39eab762-5761-11e2-ac75-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {39eab765-5761-11e2-ac75-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {3dcd686e-be24-11e2-8df1-50b7c3133987} - F:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {3dcd6880-be24-11e2-8df1-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {5844e8e8-bcbd-11e2-9111-50b7c3133988} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {5844e8f4-bcbd-11e2-9111-50b7c3133988} - F:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {64a06418-5b34-11e2-9ccb-50b7c3133988} - H:\Startme.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {688e97c1-ba67-11e3-9d36-50b7c3133988} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {6f5aceaf-54b5-11e2-b786-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {72dc46e8-8627-11e3-88a6-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {72dc46ec-8627-11e3-88a6-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {7ddcc0e1-4b9d-11e2-a495-50b7c3133988} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {7ddcc0e6-4b9d-11e2-a495-50b7c3133988} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {85db84f5-8147-11e3-aeee-50b7c3133987} - E:\AutoRun.exe /s HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {86ceceb9-b660-11e2-bc71-50b7c3133988} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {aec9b645-4e79-11e2-aab0-50b7c3133988} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {b18d2eb6-8667-11e3-b719-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {ea045609-c6f5-11e2-9ef8-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {f5e5b3ac-c0d9-11e2-b373-50b7c3133987} - E:\AutoRun.exe HKU\S-1-5-21-2666340739-2498256653-3035462964-1000\...\MountPoints2: {f5e5b3b1-c0d9-11e2-b373-50b7c3133987} - E:\AutoRun.exe AppInit_DLLs: c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll => c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll File Not Found AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.webssearches.com/web/?type=ds&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.webssearches.com/?type=hp&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://istart.webssearches.com/?type=hp&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://istart.webssearches.com/web/?type=ds&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX&q={searchTerms} StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://istart.webssearches.com/?type=sc&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX&q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX&q={searchTerms} SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX&q={searchTerms} SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX&q={searchTerms} SearchScopes: HKCU - {062A0111-06AE-4D8B-BE52-3B27724D95CC} URL = http://websearch.ask.com/redirect?client=ie&tb=SGT&o=APN10374&src=kw&q={searchTerms}&locale=&apn_ptnrs=^AHO&apn_dtid=^YYYYYY^YY^PL&apn_uid=a72d9980-6dc7-4bd7-bfc0-45f9b0fc2182&apn_sauid=1B887098-0C21-441E-8424-8BFC7A3C76B8 SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searchTerms}&babsrc=SP_ss_din2g&mntrId=2E6E72B7C3133987&affID=119357&tt=040713_rdrctful&tsp=4937 SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.webssearches.com/web/?type=ds&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX&q={searchTerms} SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: WebCake - {2A5A2A90-3B30-4E6E-A955-2F232C6EF517} - C:\Program Files (x86)\WebCake\WebCakeIEClient.dll (WebCake LLC) BHO-x32: ALLYouTubeDownloader - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\Program Files (x86)\ALLYouTubeDownloader\ALLYouTubeDownloader.dll (ALLCinema Ltd.) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: IplexToALLPlayer - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files (x86)\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220 Tcpip\..\Interfaces\{78FA480C-FCDC-4799-8735-C1467563CE1C}: [NameServer]8.8.4.4,8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\we4p2jke.default FF NewTab: hxxp://istart.webssearches.com/newtab/?type=nt&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX FF DefaultSearchEngine: webssearches FF SelectedSearchEngine: webssearches FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1400622543&from=exp&uid=HitachiXHTS547550A9E384_J1120021C2L5WAC2L5WAX FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=6.0.12.450 - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpjplug;version=6.0.12.448 - C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Paweł\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF SearchPlugin: C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\we4p2jke.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\we4p2jke.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\we4p2jke.default\searchplugins\BrowserDefender.xml FF SearchPlugin: C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\we4p2jke.default\searchplugins\delta.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml FF Extension: Widget context - C:\Users\Paweł\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{140A2D0E-85CC-4ed3-9BA5-8FA35DA7FABA}.xpi [2013-12-14] FF Extension: No Name - C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\we4p2jke.default\Extensions\IplextoALL@ALLPlayer.org.xpi [2012-12-22] FF Extension: WebCake - C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\we4p2jke.default\Extensions\plugins@getwebcake.com.xpi [2013-11-30] FF Extension: ALLYouTubeDownloader - C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\we4p2jke.default\Extensions\YouTubetoALL@ALLPlayer.org.xpi [2012-12-22] FF Extension: Adblock Plus - C:\Users\Paweł\AppData\Roaming\Mozilla\Firefox\Profiles\we4p2jke.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-15] Chrome: ======= CHR Extension: (Widget context) - C:\Users\Paweł\AppData\Local\Google\Chrome\User Data\Default\Extensions\ombmmloebnfnpehgjnmkcgoegfachobp [2013-12-13] CHR HKLM-x32\...\Chrome\Extension: [fjoijdanhaiflhibkljeklcghcmmfffh] - C:\Program Files (x86)\WebCakeLayers.crx [2013-12-13] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-27] (Avira Operations GmbH & Co. KG) S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [127320 2012-04-18] () S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [164184 2012-04-18] (Intel Corporation) S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () S4 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-03-09] (Atheros) S4 WebCake Desktop Updater; "C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe" "C:\Users\Pawe│\AppData\Roaming\WebCake\WebCakeDesktop.exe" ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [112080 2014-05-27] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-12-25] (Avira Operations GmbH & Co. KG) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [133632 2008-09-26] (Huawei Technologies Co., Ltd.) S3 s1039bus; C:\Windows\System32\DRIVERS\s1039bus.sys [127600 2009-11-19] (MCCI Corporation) S3 s1039mdfl; C:\Windows\System32\DRIVERS\s1039mdfl.sys [19568 2009-11-19] (MCCI Corporation) S3 s1039mdm; C:\Windows\System32\DRIVERS\s1039mdm.sys [161904 2009-11-19] (MCCI Corporation) S3 s1039mgmt; C:\Windows\System32\DRIVERS\s1039mgmt.sys [141424 2009-11-19] (MCCI Corporation) S3 s1039nd5; C:\Windows\System32\DRIVERS\s1039nd5.sys [34416 2009-11-19] (MCCI Corporation) S3 s1039obex; C:\Windows\System32\DRIVERS\s1039obex.sys [137328 2009-11-19] (MCCI Corporation) S3 s1039unic; C:\Windows\System32\DRIVERS\s1039unic.sys [158320 2009-11-19] (MCCI Corporation) S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 massfilter_lte; \??\C:\windows\system32\drivers\massfilter_lte.sys [X] S3 zgdcat; system32\DRIVERS\zgdcat.sys [X] S3 zgdcdiag; system32\DRIVERS\zgdcdiag.sys [X] S3 zgdcmdm; system32\DRIVERS\zgdcmdm.sys [X] S3 zgdcnet; system32\DRIVERS\zgdcnet.sys [X] S3 zgdcnmea; system32\DRIVERS\zgdcnmea.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-01 13:23 - 2014-06-01 13:23 - 00000000 _____ () C:\Users\Paweł\Desktop\Nowy dokument tekstowy.txt 2014-06-01 13:22 - 2014-06-01 13:23 - 00020477 _____ () C:\Users\Paweł\Downloads\FRST.txt 2014-06-01 13:19 - 2014-06-01 13:20 - 00039425 _____ () C:\Users\Paweł\Downloads\Addition.txt 2014-06-01 13:17 - 2014-06-01 13:23 - 00000000 ____D () C:\FRST 2014-06-01 13:16 - 2014-06-01 13:16 - 02067456 _____ (Farbar) C:\Users\Paweł\Downloads\FRST64.exe 2014-06-01 13:16 - 2014-06-01 13:16 - 00000000 ____D () C:\Users\Paweł\AppData\Roaming\VOPackage 2014-06-01 13:16 - 2014-06-01 13:16 - 00000000 ____D () C:\Users\Paweł\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-06-01 13:13 - 2014-06-01 13:13 - 00602112 _____ (OldTimer Tools) C:\Users\Paweł\Downloads\OTL.exe 2014-06-01 13:13 - 2014-06-01 13:13 - 00380416 _____ () C:\Users\Paweł\Downloads\i4se93t3.exe 2014-05-31 23:48 - 2014-05-31 23:47 - 00313256 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2014-05-31 23:47 - 2014-05-31 23:47 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2014-05-31 23:47 - 2014-05-31 23:47 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe 2014-05-31 23:47 - 2014-05-31 23:47 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2014-05-31 23:47 - 2014-05-31 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-31 23:47 - 2014-05-31 23:47 - 00000000 ____D () C:\Program Files\Java 2014-05-31 23:45 - 2014-05-31 23:47 - 30984104 _____ (Oracle Corporation) C:\Users\Paweł\Downloads\jre-7u60-windows-x64.exe 2014-05-27 14:29 - 2014-05-27 13:12 - 366852096 _____ () C:\Users\Paweł\Desktop\Heroes.S01E12.PL.HDTvRip.Xvid.Godsend.avi 2014-05-20 23:48 - 2014-05-20 23:48 - 00003144 _____ () C:\windows\System32\Tasks\YourFile DownloaderUpdate 2014-05-20 23:48 - 2014-05-20 23:48 - 00001939 _____ () C:\Users\Public\Desktop\YourFile Downloader.lnk 2014-05-20 23:48 - 2014-05-20 23:48 - 00000000 ____D () C:\Users\Paweł\AppData\Roaming\YourFileDownloader 2014-05-20 23:48 - 2014-05-20 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader 2014-05-20 23:48 - 2014-05-20 23:48 - 00000000 ____D () C:\Program Files (x86)\YourFileDownloader Updater 2014-05-20 23:48 - 2014-05-20 23:48 - 00000000 ____D () C:\Program Files (x86)\YourFileDownloader 2014-05-20 23:47 - 2014-05-20 23:47 - 06346584 _____ (http://yourfiledownloader.com) C:\Users\Paweł\Downloads\creative_mediasource_player_5_free_downloader.exe 2014-05-16 21:43 - 2014-05-16 23:46 - 00315392 _____ () C:\Users\Paweł\Downloads\Wsparcie ogniowe Anakonda.ppt 2014-05-15 19:17 - 2014-05-15 19:17 - 00000000 ____D () C:\Users\Paweł\Desktop\The.Soloist.2009.DVDRIP.XviD-ZEKTORM ==================== One Month Modified Files and Folders ======= 2014-06-01 13:23 - 2014-06-01 13:23 - 00000000 _____ () C:\Users\Paweł\Desktop\Nowy dokument tekstowy.txt 2014-06-01 13:23 - 2014-06-01 13:22 - 00020477 _____ () C:\Users\Paweł\Downloads\FRST.txt 2014-06-01 13:23 - 2014-06-01 13:17 - 00000000 ____D () C:\FRST 2014-06-01 13:23 - 2012-12-21 20:38 - 00000000 ____D () C:\Users\Paweł\AppData\Local\Temp 2014-06-01 13:20 - 2014-06-01 13:19 - 00039425 _____ () C:\Users\Paweł\Downloads\Addition.txt 2014-06-01 13:16 - 2014-06-01 13:16 - 02067456 _____ (Farbar) C:\Users\Paweł\Downloads\FRST64.exe 2014-06-01 13:16 - 2014-06-01 13:16 - 00000000 ____D () C:\Users\Paweł\AppData\Roaming\VOPackage 2014-06-01 13:16 - 2014-06-01 13:16 - 00000000 ____D () C:\Users\Paweł\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage 2014-06-01 13:16 - 2009-07-14 06:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-01 13:16 - 2009-07-14 06:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-01 13:13 - 2014-06-01 13:13 - 00602112 _____ (OldTimer Tools) C:\Users\Paweł\Downloads\OTL.exe 2014-06-01 13:13 - 2014-06-01 13:13 - 00380416 _____ () C:\Users\Paweł\Downloads\i4se93t3.exe 2014-06-01 13:12 - 2014-02-07 01:54 - 00000294 _____ () C:\windows\Tasks\Digital Sites.job 2014-06-01 13:10 - 2012-05-28 22:41 - 00698590 _____ () C:\windows\system32\perfh015.dat 2014-06-01 13:10 - 2012-05-28 22:41 - 00135410 _____ () C:\windows\system32\perfc015.dat 2014-06-01 13:10 - 2009-07-14 07:13 - 01551444 _____ () C:\windows\system32\PerfStringBackup.INI 2014-06-01 13:09 - 2009-07-14 06:51 - 00125939 _____ () C:\windows\setupact.log 2014-06-01 13:02 - 2012-12-21 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-01 13:02 - 2012-12-21 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-01 13:01 - 2013-10-02 17:54 - 00000294 _____ () C:\windows\Tasks\DigitalSite.job 2014-06-01 13:01 - 2012-12-22 11:24 - 00000930 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-06-01 12:37 - 2013-07-08 21:32 - 00000928 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2666340739-2498256653-3035462964-1000UA.job 2014-06-01 12:27 - 2012-05-28 23:05 - 01125608 _____ () C:\windows\WindowsUpdate.log 2014-06-01 12:14 - 2013-08-02 14:17 - 00000000 ____D () C:\Users\Paweł\AppData\Roaming\GG 2014-06-01 12:11 - 2012-05-28 07:15 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-06-01 12:11 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-06-01 12:05 - 2013-09-30 13:15 - 00000000 ____D () C:\Users\Paweł\AppData\Roaming\File Scout 2014-06-01 01:54 - 2013-10-02 18:54 - 00000190 _____ () C:\Users\Paweł\AppData\Roaming\WB.CFG 2014-05-31 23:47 - 2014-05-31 23:48 - 00313256 _____ (Oracle Corporation) C:\windows\system32\javaws.exe 2014-05-31 23:47 - 2014-05-31 23:47 - 00189352 _____ (Oracle Corporation) C:\windows\system32\javaw.exe 2014-05-31 23:47 - 2014-05-31 23:47 - 00189352 _____ (Oracle Corporation) C:\windows\system32\java.exe 2014-05-31 23:47 - 2014-05-31 23:47 - 00111016 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge-64.dll 2014-05-31 23:47 - 2014-05-31 23:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-05-31 23:47 - 2014-05-31 23:47 - 00000000 ____D () C:\Program Files\Java 2014-05-31 23:47 - 2014-05-31 23:45 - 30984104 _____ (Oracle Corporation) C:\Users\Paweł\Downloads\jre-7u60-windows-x64.exe 2014-05-31 22:20 - 2013-07-08 21:32 - 00000906 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2666340739-2498256653-3035462964-1000Core.job 2014-05-31 19:09 - 2013-08-13 23:28 - 00000000 ____D () C:\Users\Paweł\AppData\Roaming\Betcat 2014-05-31 16:16 - 2012-05-28 07:15 - 00000830 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-05-27 14:20 - 2013-04-04 00:18 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys 2014-05-27 14:20 - 2013-04-04 00:18 - 00112080 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys 2014-05-27 13:12 - 2014-05-27 14:29 - 366852096 _____ () C:\Users\Paweł\Desktop\Heroes.S01E12.PL.HDTvRip.Xvid.Godsend.avi 2014-05-21 18:07 - 2014-03-09 10:52 - 00000000 ____D () C:\Users\Paweł\Desktop\AON przejazdy 2014-05-20 23:49 - 2012-12-21 21:10 - 00001389 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-05-20 23:49 - 2012-12-21 21:10 - 00001377 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-05-20 23:48 - 2014-05-20 23:48 - 00003144 _____ () C:\windows\System32\Tasks\YourFile DownloaderUpdate 2014-05-20 23:48 - 2014-05-20 23:48 - 00001939 _____ () C:\Users\Public\Desktop\YourFile Downloader.lnk 2014-05-20 23:48 - 2014-05-20 23:48 - 00000000 ____D () C:\Users\Paweł\AppData\Roaming\YourFileDownloader 2014-05-20 23:48 - 2014-05-20 23:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\YourFileDownloader 2014-05-20 23:48 - 2014-05-20 23:48 - 00000000 ____D () C:\Program Files (x86)\YourFileDownloader Updater 2014-05-20 23:48 - 2014-05-20 23:48 - 00000000 ____D () C:\Program Files (x86)\YourFileDownloader 2014-05-20 23:47 - 2014-05-20 23:47 - 06346584 _____ (http://yourfiledownloader.com) C:\Users\Paweł\Downloads\creative_mediasource_player_5_free_downloader.exe 2014-05-16 23:46 - 2014-05-16 21:43 - 00315392 _____ () C:\Users\Paweł\Downloads\Wsparcie ogniowe Anakonda.ppt 2014-05-16 09:02 - 2010-11-21 05:47 - 00500228 _____ () C:\windows\PFRO.log 2014-05-15 19:17 - 2014-05-15 19:17 - 00000000 ____D () C:\Users\Paweł\Desktop\The.Soloist.2009.DVDRIP.XviD-ZEKTORM Files to move or delete: ==================== C:\Users\Paweł\AppData\Roaming\skype.ini C:\Users\Paweł\AppData\Roaming\skype.dat Some content of TEMP: ==================== C:\Users\Paweł\AppData\Local\Temp\avgnt.exe C:\Users\Paweł\AppData\Local\Temp\t.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-05-30 16:13 ==================== End Of Log ============================