Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015 Ran by Julia (administrator) on JULIA-PC on 23-01-2015 10:15:22 Running from C:\Users\Julia\Desktop Loaded Profiles: Julia (Available profiles: Julia) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 8 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Atheros) C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10920552 2010-06-22] (Realtek Semiconductor) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-04-13] (Intel Corporation) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3081752 2014-12-16] () Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-528626890-2092949665-2905896112-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-528626890-2092949665-2905896112-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/pl-pl/?ocid=iehp StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\S-1-5-21-528626890-2092949665-2905896112-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={68D27BEA-A4AA-438B-A107-F0DAF3957B2E}&mid=70c60927ab4747cda460cd3c4e381bab-c30f647d52335491de50ecdda972a485702e4544&lang=pl&ds=AVG&coid=avgtbavg&cmpid=1214tb&pr=fr&d=2014-11-26 08:30:02&v=4.0.5.7&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.0.5.7\AVG Web TuneUp.dll (AVG) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.2.0\ViProtocol.dll (AVG Secure Search) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.2.0\\npsitesafety.dll No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKU\S-1-5-21-528626890-2092949665-2905896112-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Julia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) Chrome: ======= CHR StartupUrls: Default -> "hxxp://google.pl/" CHR Profile: C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-25] CHR Extension: (Dokumenty Google) - C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-25] CHR Extension: (Dysk Google) - C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-25] CHR Extension: (YouTube) - C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-25] CHR Extension: (Szukaj w Google) - C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-25] CHR Extension: (Arkusze Google) - C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-25] CHR Extension: (Booking.com for Chrome™) - C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgkeilefmpmbamgcejhjpiecahcbipip [2014-12-03] CHR Extension: (AdBlock) - C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-12-10] CHR Extension: (Google Wallet) - C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-25] CHR Extension: (Gmail) - C:\Users\Julia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.) S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation) S2 vToolbarUpdater18.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.2.0\ToolbarUpdater.exe [1850392 2014-12-16] (AVG Secure Search) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros Fast Reconnect\Ath_WlanAgent.exe [57344 2011-08-10] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [52000 2014-12-16] (AVG Technologies) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-23 10:15 - 2015-01-23 10:28 - 00011243 _____ () C:\Users\Julia\Desktop\FRST.txt 2015-01-23 10:08 - 2015-01-23 10:22 - 00000000 ____D () C:\FRST 2015-01-23 10:07 - 2015-01-23 10:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64 2015-01-23 09:59 - 2015-01-23 10:07 - 00000000 ____D () C:\Program Files\HWiNFO64 2015-01-23 09:44 - 2015-01-23 08:20 - 02699320 _____ (Martin Malík - REALiX ) C:\Users\Julia\Desktop\hw64_448.exe 2015-01-23 09:44 - 2015-01-23 08:16 - 02126848 _____ (Farbar) C:\Users\Julia\Desktop\FRST64.exe 2015-01-23 09:44 - 2015-01-05 10:26 - 02173952 _____ () C:\Users\Julia\Desktop\AdwCleaner.exe 2015-01-23 08:36 - 2015-01-23 08:36 - 00000000 _____ () C:\Windows\setupact.log 2015-01-22 10:51 - 2015-01-22 10:51 - 00000000 ____D () C:\Users\Julia\AppData\OICE_15_974FA576_32C1D314_38A3 2015-01-21 10:35 - 2015-01-21 11:39 - 00000000 ____D () C:\Users\Julia\Desktop\ZAPROSZENIA 2015-01-21 10:01 - 2015-01-21 10:02 - 00000000 ____D () C:\Users\Julia\Desktop\nowe zaproszenia 2015-01-20 07:54 - 2015-01-20 07:54 - 00002772 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC 2015-01-20 07:54 - 2015-01-20 07:54 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2015-01-20 07:54 - 2015-01-20 07:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2015-01-20 07:54 - 2015-01-20 07:54 - 00000000 ____D () C:\Program Files\CCleaner 2015-01-20 07:53 - 2015-01-20 07:53 - 05317104 _____ (Piriform Ltd) C:\Users\Julia\Downloads\ccsetup501.exe 2015-01-19 18:55 - 2015-01-19 18:55 - 00000000 ____D () C:\Users\Julia\Downloads\BOŻE NARODZENIE 2015-01-19 18:54 - 2015-01-22 10:53 - 00000000 ____D () C:\Users\Julia\Downloads\SZKOŁA 2015-01-19 16:38 - 2015-01-20 07:46 - 00000000 ____D () C:\Users\Julia\Downloads\WIELKANOC 2015-01-19 16:33 - 2015-01-19 16:36 - 00000000 ____D () C:\Users\Julia\Downloads\TORTY 2015-01-19 16:27 - 2015-01-19 18:57 - 00000000 ____D () C:\Users\Julia\Downloads\DRUKI I FAKTURY 2015-01-19 08:24 - 2015-01-19 08:50 - 00000000 ____D () C:\Users\Julia\AppData\OICE_15_974FA576_32C1D314_25DC 2015-01-17 22:10 - 2015-01-17 22:10 - 00000000 ____D () C:\Users\Julia\AppData\OICE_15_974FA576_32C1D314_3DA5 2015-01-14 07:22 - 2015-01-14 07:22 - 00000000 ____D () C:\Users\Julia\Desktop\NA FB 2015-01-13 09:36 - 2015-01-13 09:36 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software 2015-01-13 09:36 - 2015-01-13 09:36 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software 2015-01-13 08:40 - 2015-01-13 08:40 - 00000000 ____D () C:\Users\Julia\AppData\Local\KONICA MINOLTA 2015-01-10 19:40 - 2015-01-10 19:40 - 00000000 ____D () C:\Users\Julia\Desktop\kuby 2015-01-10 13:13 - 2015-01-10 13:13 - 00000274 _____ () C:\Users\Julia\Desktop\_Certification_.htm 2015-01-10 13:11 - 2015-01-10 13:11 - 00037888 _____ () C:\Users\Julia\Documents\stopka.msg 2015-01-07 11:47 - 2015-01-07 11:47 - 00012800 ___SH () C:\Users\Julia\Documents\Thumbs.db 2015-01-02 13:24 - 2015-01-19 19:21 - 00000000 ____D () C:\Users\Julia\Desktop\STRONA WWW 2014-12-30 21:14 - 2014-12-30 21:14 - 00001814 _____ () C:\Users\Julia\Downloads\smime.p7s ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-23 10:10 - 2014-11-25 21:05 - 00001046 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-23 09:35 - 2014-11-25 20:03 - 00616654 _____ () C:\Windows\WindowsUpdate.log 2015-01-23 09:32 - 2009-07-14 05:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-23 09:32 - 2009-07-14 05:45 - 00022512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-23 09:00 - 2014-11-25 21:05 - 00001042 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-23 08:52 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-23 08:17 - 2014-11-26 08:23 - 00000000 ____D () C:\ProgramData\MFAData 2015-01-23 07:28 - 2014-11-26 08:23 - 00000000 ____D () C:\Users\Julia\AppData\Local\Avg2015 2015-01-22 10:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2015-01-20 07:55 - 2014-11-26 04:58 - 00000000 ____D () C:\Windows\Panther 2015-01-18 17:14 - 2014-11-25 21:05 - 00002189 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2015-01-13 09:36 - 2014-11-26 08:26 - 00000995 _____ () C:\Users\Public\Desktop\AVG 2015.lnk 2015-01-13 09:36 - 2014-11-26 08:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2015-01-10 17:50 - 2014-11-27 07:14 - 00000000 ____D () C:\Users\Julia\AppData\Local\Microsoft Games 2015-01-10 17:46 - 2009-07-14 06:08 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-09 15:02 - 2014-11-26 08:17 - 00687828 _____ () C:\Windows\system32\perfh015.dat 2015-01-09 15:02 - 2014-11-26 08:17 - 00131382 _____ () C:\Windows\system32\perfc015.dat 2015-01-09 15:02 - 2009-07-14 06:13 - 01523412 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-27 15:44 - 2014-12-04 09:25 - 00000000 ____D () C:\Program Files\Microsoft Office 15 ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-14 07:48 ==================== End Of Log ============================