Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-10-2013 Ran by Lukas (administrator) on LUKAS-PC on 28-10-2013 19:50:45 Running from D:\Users\Lukas\Downloads Windows 7 Professional (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVAST Software) D:\Program Files\AVAST Software\Avast\AvastSvc.exe (Spotify Ltd) D:\Users\Lukas\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) D:\Users\Lukas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () D:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe () D:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe (AVAST Software) D:\Program Files\AVAST Software\Avast\AvastUI.exe (Oracle Corporation) D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () D:\Users\Lukas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () D:\Users\Lukas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () D:\Users\Lukas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe () D:\Users\Lukas\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Microsoft Corporation) D:\Windows\System32\slui.exe () D:\Program Files (x86)\ZTE MF823\ShowTip.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe (OldTimer Tools) D:\Users\Lukas\Downloads\OTL.scr (Google Inc.) D:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKCU\...\Run: [Spotify] - D:\Users\Lukas\AppData\Roaming\Spotify\spotify.exe [4752384 2013-10-14] (Spotify Ltd) HKCU\...\Run: [Spotify Web Helper] - D:\Users\Lukas\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-14] (Spotify Ltd) HKLM-x32\...\Run: [CheckNDISPortF0ac70] - D:\Program Files (x86)\ZTE MF823\CheckNDISPort_df.exe [417536 2013-03-19] () HKLM-x32\...\Run: [CancelAutoPlay_df] - D:\Program Files (x86)\ZTE MF823\CancelAutoPlay_df.exe [446720 2013-02-25] () HKLM-x32\...\Run: [avast] - D:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-05-09] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] - D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) AppInit_DLLs-x32: d:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll [ ] () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.doko-search.com/?babsrc=HP_ss&mntrId=EA55364B50B7EF25&affID=125839&tsp=5040 StartMenuInternet: IEXPLORE.EXE - D:\Program Files (x86)\Internet Explorer\iexplore.exe BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO-x32: dokotoolbar Helper Object - {3B9F6E59-04CA-43FF-92DF-F6E66D3A8D82} - D:\Program Files (x86)\Doko-Toolbar\dokotoolbar\1.8.26.9\bh\dokotoolbar.dll (Doko-Toolbar) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKLM-x32 - dokotoolbar Toolbar - {339E1B37-76D3-4A64-A988-E81425DF831C} - D:\Program Files (x86)\Doko-Toolbar\dokotoolbar\1.8.26.9\dokotoolbarTlbr.dll (Doko-Toolbar) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Chrome: ======= CHR HomePage: hxxp://www.doko-search.com/?babsrc=HP_ss&mntrId=EA55364B50B7EF25&affID=125839&tsp=5040 CHR Extension: (Google Docs) - D:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - D:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - D:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - D:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (AdBlock) - D:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0 CHR Extension: (avast! Online Security) - D:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0 CHR Extension: (Chrome In-App Payments service) - D:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0 CHR Extension: (Gmail) - D:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM-x32\...\Chrome\Extension: [edcikfknpchdehdlmjpbofgkoaonaijg] - D:\Users\Lukas\AppData\Roaming\BabSolution\CR\Doko.crx CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; D:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software) ==================== Drivers (Whitelisted) ==================== R2 aswFsBlk; D:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software) R2 aswMonFlt; D:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software) R1 aswRdr; D:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software) R0 aswRvrt; D:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] () R1 aswSnx; D:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-07-18] (AVAST Software) R1 aswSP; D:\Windows\System32\Drivers\aswSP.sys [378944 2013-07-18] (AVAST Software) R1 aswTdi; D:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software) R0 aswVmm; D:\Windows\System32\Drivers\aswVmm.sys [189936 2013-07-18] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-28 19:50 - 2013-10-28 19:50 - 00000000 ____D D:\FRST 2013-10-28 19:48 - 2013-10-28 19:49 - 01956538 _____ (Farbar) D:\Users\Lukas\Downloads\FRST64.exe 2013-10-28 19:45 - 2013-10-28 19:45 - 00602112 _____ (OldTimer Tools) D:\Users\Lukas\Downloads\OTL.scr 2013-10-25 20:32 - 2013-10-25 20:32 - 00264616 _____ (Oracle Corporation) D:\Windows\SysWOW64\javaws.exe 2013-10-25 20:32 - 2013-10-25 20:32 - 00175016 _____ (Oracle Corporation) D:\Windows\SysWOW64\javaw.exe 2013-10-25 20:32 - 2013-10-25 20:32 - 00174504 _____ (Oracle Corporation) D:\Windows\SysWOW64\java.exe 2013-10-25 20:32 - 2013-10-25 20:32 - 00096168 _____ (Oracle Corporation) D:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-25 20:32 - 2013-10-25 20:32 - 00000000 ____D D:\ProgramData\Sun 2013-10-25 20:32 - 2013-10-25 20:32 - 00000000 ____D D:\ProgramData\Oracle 2013-10-25 20:32 - 2013-10-25 20:32 - 00000000 ____D D:\Program Files (x86)\Java 2013-10-25 20:27 - 2013-10-25 20:27 - 00915368 _____ (Oracle Corporation) D:\Users\Lukas\Downloads\chromeinstall-7u45.exe 2013-10-19 09:58 - 2013-10-19 09:58 - 01050644 _____ D:\Users\Lukas\Downloads\AdwCleaner_www.INSTALKI.pl.exe 2013-10-19 09:52 - 2013-10-19 09:52 - 00000000 ____D D:\Users\Lukas\AppData\Local\avgchrome 2013-10-19 09:51 - 2013-10-19 09:51 - 02176312 _____ (WiseCleaner.com ) D:\Users\Lukas\Downloads\wrcfree.exe 2013-10-19 09:51 - 2013-10-19 09:51 - 00003386 _____ D:\Windows\System32\Tasks\BonanzaDealsUpdate 2013-10-19 09:51 - 2013-10-19 09:51 - 00000000 ____D D:\Users\Lukas\AppData\Roaming\Doko-Toolbar 2013-10-19 09:51 - 2013-10-19 09:51 - 00000000 ____D D:\Program Files (x86)\Doko-Toolbar 2013-10-19 09:50 - 2013-10-19 09:50 - 00613808 _____ D:\Users\Lukas\Downloads\Wise.Registry.Cleaner.Free_7.87 (34403).exe 2013-10-14 21:53 - 2013-10-14 21:54 - 00000000 ____D D:\Users\Lukas\Desktop\muza 2013-10-06 20:24 - 2013-10-06 20:24 - 00000000 ____H D:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2013-10-02 19:19 - 2013-10-06 18:20 - 00001137 _____ D:\Users\Lukas\Desktop\literatura.txt ==================== One Month Modified Files and Folders ======= 2013-10-28 19:50 - 2013-10-28 19:50 - 00000000 ____D D:\FRST 2013-10-28 19:49 - 2013-10-28 19:48 - 01956538 _____ (Farbar) D:\Users\Lukas\Downloads\FRST64.exe 2013-10-28 19:47 - 2013-07-18 02:35 - 00261408 _____ D:\Windows\WindowsUpdate.log 2013-10-28 19:45 - 2013-10-28 19:45 - 00602112 _____ (OldTimer Tools) D:\Users\Lukas\Downloads\OTL.scr 2013-10-28 19:14 - 2013-09-21 14:31 - 00000000 ____D D:\Users\Lukas\AppData\Roaming\Spotify 2013-10-28 19:11 - 2013-07-18 05:01 - 00001046 _____ D:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-28 18:56 - 2013-07-18 05:01 - 00001042 _____ D:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-28 18:46 - 2009-07-14 06:13 - 00713888 _____ D:\Windows\system32\PerfStringBackup.INI 2013-10-28 18:44 - 2009-07-14 05:45 - 00009600 ____H D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-28 18:44 - 2009-07-14 05:45 - 00009600 ____H D:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-27 19:44 - 2009-07-14 06:08 - 00000006 ____H D:\Windows\Tasks\SA.DAT 2013-10-27 19:44 - 2009-07-14 05:51 - 00025243 _____ D:\Windows\setupact.log 2013-10-25 20:32 - 2013-10-25 20:32 - 00264616 _____ (Oracle Corporation) D:\Windows\SysWOW64\javaws.exe 2013-10-25 20:32 - 2013-10-25 20:32 - 00175016 _____ (Oracle Corporation) D:\Windows\SysWOW64\javaw.exe 2013-10-25 20:32 - 2013-10-25 20:32 - 00174504 _____ (Oracle Corporation) D:\Windows\SysWOW64\java.exe 2013-10-25 20:32 - 2013-10-25 20:32 - 00096168 _____ (Oracle Corporation) D:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-25 20:32 - 2013-10-25 20:32 - 00000000 ____D D:\ProgramData\Sun 2013-10-25 20:32 - 2013-10-25 20:32 - 00000000 ____D D:\ProgramData\Oracle 2013-10-25 20:32 - 2013-10-25 20:32 - 00000000 ____D D:\Program Files (x86)\Java 2013-10-25 20:27 - 2013-10-25 20:27 - 00915368 _____ (Oracle Corporation) D:\Users\Lukas\Downloads\chromeinstall-7u45.exe 2013-10-23 18:25 - 2013-07-18 05:09 - 00004182 _____ D:\Windows\System32\Tasks\avast! Emergency Update 2013-10-21 17:26 - 2013-09-21 14:31 - 00000000 ____D D:\Users\Lukas\AppData\Local\Spotify 2013-10-19 09:59 - 2013-09-04 18:53 - 00000000 ____D D:\AdwCleaner 2013-10-19 09:58 - 2013-10-19 09:58 - 01050644 _____ D:\Users\Lukas\Downloads\AdwCleaner_www.INSTALKI.pl.exe 2013-10-19 09:52 - 2013-10-19 09:52 - 00000000 ____D D:\Users\Lukas\AppData\Local\avgchrome 2013-10-19 09:51 - 2013-10-19 09:51 - 02176312 _____ (WiseCleaner.com ) D:\Users\Lukas\Downloads\wrcfree.exe 2013-10-19 09:51 - 2013-10-19 09:51 - 00003386 _____ D:\Windows\System32\Tasks\BonanzaDealsUpdate 2013-10-19 09:51 - 2013-10-19 09:51 - 00000000 ____D D:\Users\Lukas\AppData\Roaming\Doko-Toolbar 2013-10-19 09:51 - 2013-10-19 09:51 - 00000000 ____D D:\Program Files (x86)\Doko-Toolbar 2013-10-19 09:50 - 2013-10-19 09:50 - 00613808 _____ D:\Users\Lukas\Downloads\Wise.Registry.Cleaner.Free_7.87 (34403).exe 2013-10-19 09:13 - 2013-07-18 05:01 - 00002187 _____ D:\Users\Public\Desktop\Google Chrome.lnk 2013-10-14 22:06 - 2013-07-18 05:01 - 00004042 _____ D:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-14 22:06 - 2013-07-18 05:01 - 00003790 _____ D:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-14 21:54 - 2013-10-14 21:53 - 00000000 ____D D:\Users\Lukas\Desktop\muza 2013-10-14 21:31 - 2013-07-18 16:30 - 00001564 _____ D:\Windows\PFRO.log 2013-10-06 20:38 - 2012-06-11 16:20 - 00000000 ____D D:\pryw 2013-10-06 20:24 - 2013-10-06 20:24 - 00000000 ____H D:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf 2013-10-06 18:20 - 2013-10-02 19:19 - 00001137 _____ D:\Users\Lukas\Desktop\literatura.txt 2013-09-29 19:09 - 2013-08-08 15:41 - 00000000 ____D D:\Users\Lukas\Desktop\hel-kite Some content of TEMP: ==================== D:\Users\Lukas\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= D:\Windows\System32\winlogon.exe => MD5 is legit D:\Windows\System32\wininit.exe => MD5 is legit D:\Windows\SysWOW64\wininit.exe => MD5 is legit D:\Windows\explorer.exe => MD5 is legit D:\Windows\SysWOW64\explorer.exe => MD5 is legit D:\Windows\System32\svchost.exe => MD5 is legit D:\Windows\SysWOW64\svchost.exe => MD5 is legit D:\Windows\System32\services.exe => MD5 is legit D:\Windows\System32\User32.dll => MD5 is legit D:\Windows\SysWOW64\User32.dll => MD5 is legit D:\Windows\System32\userinit.exe => MD5 is legit D:\Windows\SysWOW64\userinit.exe => MD5 is legit D:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-21 19:01 ==================== End Of Log ============================