Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09.12.2018
- Ran by Ciborki (administrator) on CIBORKI-PC (09-12-2018 14:52:34)
- Running from C:\Users\Ciborki\Desktop
- Loaded Profiles: Ciborki (Available Profiles: Ciborki)
- Platform: Microsoft Windows 7 Ultimate (X86) Language: Angielski (Stany Zjednoczone)
- Internet Explorer Version 8 (Default browser: Chrome)
- Boot Mode: Normal
- Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
- ==================== Processes (Whitelisted) =================
- (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
- (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
- (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
- (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
- (Teruten) C:\Windows\System32\FsUsbExService.Exe
- (ALCPU) C:\Program Files\Core Temp\Core Temp.exe
- (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
- (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
- (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
- (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
- (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
- (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
- (AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
- (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
- ==================== Registry (Whitelisted) ===========================
- (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
- HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1537320 2009-06-18] (Synaptics Incorporated)
- HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
- HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
- HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-12-08] (AVAST Software)
- HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
- HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => "C:\Program Files\Garmin\Express Tray\ExpressTray.exe"
- ==================== Internet (Whitelisted) ====================
- (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
- Tcpip\Parameters: [DhcpNameServer] 62.179.1.61 62.179.1.63
- Tcpip\..\Interfaces\{B4AA397C-0BD1-4E15-83D5-6ED42DD9D1E7}: [DhcpNameServer] 62.179.1.61 62.179.1.63
- Tcpip\..\Interfaces\{D56B5EAC-B885-4189-A7A5-1C9167996322}: [DhcpNameServer] 62.179.1.61 62.179.1.63
- Internet Explorer:
- ==================
- HKU\S-1-5-21-1888222736-2957073895-2253413786-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://search.babylon.com/?babsrc=HP_ss&affID=100488&mntrId=4c2974f300000000000000265e2e8623
- BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_71\bin\ssv.dll [2016-01-25] (Oracle Corporation)
- BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
- BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-25] (Oracle Corporation)
- DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
- FireFox:
- ========
- FF ProfilePath: C:\Users\Ciborki\AppData\Roaming\TomTom\HOME\Profiles\2zu4qlbu.default [2011-11-05]
- FF Extension: (No Name) - C:\Program Files\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [not found]
- FF ProfilePath: C:\Users\Ciborki\AppData\Roaming\Mozilla\Firefox\Profiles\5q0z72bx.default [2018-12-09]
- FF Homepage: Mozilla\Firefox\Profiles\5q0z72bx.default -> hxxp://www.google.pl/ig?hl=pl
- FF Extension: (Babylon) - C:\Users\Ciborki\AppData\Roaming\Mozilla\Firefox\Profiles\5q0z72bx.default\Extensions\ffxtlbr@babylon.com [2012-03-20] [Legacy] [not signed]
- FF Extension: (DownloadHelper) - C:\Users\Ciborki\AppData\Roaming\Mozilla\Firefox\Profiles\5q0z72bx.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-08-18] [Legacy]
- FF Extension: (Address Bar Search) - C:\Users\Ciborki\AppData\Roaming\Mozilla\Firefox\Profiles\5q0z72bx.default\Extensions\{badea1ae-72ed-4f6a-8c37-4db9a4ac7bc9}.xpi [2014-01-09] [Legacy] [not signed]
- FF Extension: (uTorrentBar Community Toolbar) - C:\Users\Ciborki\AppData\Roaming\Mozilla\Firefox\Profiles\5q0z72bx.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} [2013-02-09] [Legacy] [not signed]
- FF Extension: (Adblock Plus) - C:\Users\Ciborki\AppData\Roaming\Mozilla\Firefox\Profiles\5q0z72bx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-08-18] [Legacy]
- FF Extension: (Smiley Bar for Facebook) - C:\Users\Ciborki\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks [2013-01-24] [Legacy] [not signed]
- FF Extension: (Special Savings) - C:\Users\Ciborki\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com [2013-01-24] [Legacy] [not signed]
- FF HKLM\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Ciborki\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
- FF HKU\S-1-5-21-1888222736-2957073895-2253413786-1000\...\Firefox\Extensions: [statuswinks@StatusWinks] - C:\Users\Ciborki\AppData\Roaming\Mozilla\Extensions\statuswinks@StatusWinks
- FF HKU\S-1-5-21-1888222736-2957073895-2253413786-1000\...\Firefox\Extensions: [specialsavings@vshsolutions.com] - C:\Users\Ciborki\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com
- FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-08] ()
- FF Plugin: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-25] (Oracle Corporation)
- FF Plugin: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-25] (Oracle Corporation)
- FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-09-09] (Google Inc.)
- FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-09-09] (Google Inc.)
- FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-08-02] (Adobe Systems Inc.)
- Chrome:
- =======
- CHR HomePage: Default -> mysearch.avg.com
- CHR StartupUrls: Default -> "hxxps://www.google.pl/"
- CHR DefaultSearchURL: Default -> hxxps://ch.search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=501549&p={searchTerms}
- CHR DefaultSearchKeyword: Default -> yahoo.com search
- CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
- CHR Profile: C:\Users\Ciborki\AppData\Local\Google\Chrome\User Data\Default [2018-12-09]
- CHR Extension: (Prezentacje) - C:\Users\Ciborki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-21]
- CHR Extension: (Dokumenty) - C:\Users\Ciborki\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-14]
- CHR Extension: (Dysk Google) - C:\Users\Ciborki\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-13]
- CHR Extension: (YouTube) - C:\Users\Ciborki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-13]
- CHR Extension: (uBlock Origin) - C:\Users\Ciborki\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-12-08]
- CHR Extension: (Google Search) - C:\Users\Ciborki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-13]
- CHR Extension: (Arkusze) - C:\Users\Ciborki\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-14]
- CHR Extension: (Dokumenty Google offline) - C:\Users\Ciborki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-11-19]
- CHR Extension: (Porsche) - C:\Users\Ciborki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkclphmapdcppbmekmbkcjfanpmoidpg [2015-08-18]
- CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Ciborki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-11-19]
- CHR Extension: (Gmail) - C:\Users\Ciborki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-18]
- CHR Extension: (Chrome Media Router) - C:\Users\Ciborki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-08]
- CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Ciborki\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx <not found>
- CHR HKLM\...\Chrome\Extension: [aidbbndgjnlaclnmhkdimcdjiebjpdel] - C:\Users\Ciborki\AppData\Roaming\SpecialSavings\SpecialSavings_2.0.0.crx <not found>
- CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonChrome.crx <not found>
- CHR HKLM\...\Chrome\Extension: [hgojaaaiddhmiiakpejiklijbalpckih] - C:\Users\Ciborki\AppData\Roaming\StatusWinks\statuswinks.crx <not found>
- CHR HKLM\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files\Common Files\Spigot\GC\ErrorAssistant_1.3.crx <not found>
- CHR HKLM\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files\Common Files\Spigot\GC\coupons_2.4.crx <not found>
- ==================== Services (Whitelisted) ====================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6799632 2018-12-08] (AVAST Software)
- R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [324000 2018-12-08] (AVAST Software)
- R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-07-18] (Teruten) [File not signed]
- S4 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.80\elevation_service.exe [375776 2018-11-30] (Google Inc.)
- S4 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2009-07-14] (Microsoft Corporation)
- ===================== Drivers (Whitelisted) ======================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167480 2018-12-08] (AVAST Software)
- R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188976 2018-12-08] (AVAST Software)
- R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [165384 2018-12-08] (AVAST Software)
- R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284256 2018-12-08] (AVAST Software)
- R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57904 2018-12-08] (AVAST Software)
- S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42736 2018-12-08] (AVAST Software)
- R1 aswKbd; C:\Windows\System32\drivers\aswKbd.sys [40688 2018-12-08] (AVAST Software)
- R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [135200 2018-12-08] (AVAST Software)
- R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100984 2018-12-08] (AVAST Software)
- R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [72800 2018-12-08] (AVAST Software)
- R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784560 2018-12-08] (AVAST Software)
- R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [397992 2018-12-08] (AVAST Software)
- R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [156936 2018-12-08] (AVAST Software)
- R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310200 2018-12-08] (AVAST Software)
- R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
- S3 FTDIBUS; C:\Windows\System32\drivers\ftdibus.sys [47249 2006-05-18] (FTDI Ltd.)
- R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2018-12-08] (REALiX(tm))
- R0 sptd; C:\Windows\System32\Drivers\sptd.sys [436792 2012-03-25] ()
- S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [98432 2011-07-20] (MCCI)
- S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14848 2011-07-20] (MCCI Corporation)
- S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [123648 2011-07-20] (MCCI Corporation)
- S3 ss_bserd; C:\Windows\System32\DRIVERS\ss_bserd.sys [100224 2011-07-20] (MCCI Corporation)
- R3 ALSysIO; \??\C:\Users\Ciborki\AppData\Local\Temp\ALSysIO.sys [X] <==== ATTENTION
- ==================== NetSvcs (Whitelisted) ===================
- (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
- ==================== One Month Created files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2018-12-09 14:52 - 2018-12-09 14:53 - 000013240 _____ C:\Users\Ciborki\Desktop\FRST.txt
- 2018-12-09 01:00 - 2018-12-09 14:52 - 000000000 ____D C:\FRST
- 2018-12-09 01:00 - 2018-12-09 14:46 - 001776640 _____ (Farbar) C:\Users\Ciborki\Desktop\FRST.exe
- 2018-12-09 00:27 - 2018-12-09 00:29 - 000000000 ____D C:\AdwCleaner
- 2018-12-08 22:57 - 2018-12-08 22:57 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
- 2018-12-08 21:33 - 2018-12-09 08:44 - 000000000 ____D C:\ProgramData\ProductData
- 2018-12-08 21:12 - 2018-12-09 08:44 - 000000000 ____D C:\Users\Ciborki\AppData\LocalLow\IObit
- 2018-12-08 21:11 - 2018-12-09 08:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 6
- 2018-12-08 21:11 - 2018-12-09 08:43 - 000000000 ____D C:\Users\Ciborki\AppData\Roaming\IObit
- 2018-12-08 21:11 - 2018-12-08 21:11 - 000023840 _____ (REALiX(tm)) C:\Windows\system32\Drivers\HWiNFO32.SYS
- 2018-12-08 21:06 - 2018-12-08 21:06 - 000000000 ____D C:\Users\Ciborki\AppData\Roaming\AVAST Software
- 2018-12-08 21:06 - 2018-12-08 21:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
- 2018-12-08 21:03 - 2018-12-08 21:03 - 000397992 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
- 2018-12-08 21:03 - 2018-12-08 21:03 - 000310200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
- 2018-12-08 21:03 - 2018-12-08 21:03 - 000167480 _____ (AVAST Software) C:\Windows\system32\Drivers\aswArPot.sys
- 2018-12-08 21:03 - 2018-12-08 21:03 - 000156936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
- 2018-12-08 21:03 - 2018-12-08 21:03 - 000135200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
- 2018-12-08 21:03 - 2018-12-08 21:03 - 000100984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
- 2018-12-08 21:03 - 2018-12-08 21:03 - 000072800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
- 2018-12-08 21:03 - 2018-12-08 21:03 - 000042736 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
- 2018-12-08 21:03 - 2018-12-08 21:03 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
- 2018-12-08 21:03 - 2018-12-08 21:02 - 000784560 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
- 2018-12-08 21:03 - 2018-12-08 21:02 - 000323288 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
- 2018-12-08 21:03 - 2018-12-08 21:02 - 000284256 _____ (AVAST Software) C:\Windows\system32\Drivers\aswblogx.sys
- 2018-12-08 21:03 - 2018-12-08 21:02 - 000188976 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidsdriverx.sys
- 2018-12-08 21:03 - 2018-12-08 21:02 - 000165384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbidshx.sys
- 2018-12-08 21:03 - 2018-12-08 21:02 - 000057904 _____ (AVAST Software) C:\Windows\system32\Drivers\aswbunivx.sys
- 2018-12-08 21:03 - 2018-12-08 21:02 - 000040688 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
- 2018-12-08 21:02 - 2018-12-08 21:02 - 000000000 ____D C:\Program Files\AVAST Software
- 2018-12-08 21:01 - 2018-12-08 21:03 - 000000000 ____D C:\ProgramData\AVAST Software
- 2018-12-08 20:57 - 2009-02-26 18:32 - 000038224 ____N (CANON INC.) C:\Windows\system32\IJRMF.exe
- 2018-12-08 20:41 - 2018-12-08 20:41 - 000000969 _____ C:\Users\Public\Desktop\CCleaner.lnk
- 2018-12-08 20:41 - 2018-12-08 20:41 - 000000000 ____D C:\Program Files\CCleaner
- 2018-12-08 20:35 - 2018-12-08 20:35 - 000000000 ____D C:\Windows\pss
- 2018-12-08 20:25 - 2018-12-08 23:49 - 000000000 ____D C:\Program Files\Core Temp
- 2018-12-08 20:25 - 2018-12-08 20:25 - 000001105 _____ C:\Users\Ciborki\Desktop\Core Temp.lnk
- 2018-12-08 20:25 - 2018-12-08 20:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
- ==================== One Month Modified files and folders ========
- (If an entry is included in the fixlist, the file/folder will be moved.)
- 2018-12-09 14:50 - 2009-07-14 05:53 - 000000006 ____H C:\Windows\Tasks\SA.DAT
- 2018-12-09 14:49 - 2009-07-14 05:34 - 000020352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2018-12-09 14:49 - 2009-07-14 05:34 - 000020352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2018-12-09 14:48 - 2011-06-05 20:52 - 000000000 ____D C:\Users\Ciborki\AppData\LocalLow\Temp
- 2018-12-09 14:47 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\inf
- 2018-12-09 08:45 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\PolicyDefinitions
- 2018-12-09 08:44 - 2011-09-23 18:02 - 000000000 ____D C:\Windows\WindowsMobile
- 2018-12-09 08:44 - 2011-06-07 22:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
- 2018-12-09 08:44 - 2011-06-07 22:42 - 000000000 ____D C:\Program Files\WinRAR
- 2018-12-09 08:44 - 2011-06-05 20:06 - 000000000 ____D C:\ProgramData\Temp
- 2018-12-09 08:44 - 2011-06-05 19:54 - 000000000 ___HD C:\Program Files\InstallShield Installation Information
- 2018-12-09 08:44 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\registration
- 2018-12-09 08:44 - 2009-07-14 03:37 - 000000000 ____D C:\Windows\Help
- 2018-12-09 08:42 - 2009-07-14 03:37 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
- 2018-12-09 01:25 - 2011-06-05 16:34 - 000739916 _____ C:\Windows\system32\perfh015.dat
- 2018-12-09 01:25 - 2011-06-05 16:34 - 000155458 _____ C:\Windows\system32\perfc015.dat
- 2018-12-09 01:25 - 2011-06-05 15:52 - 001668226 _____ C:\Windows\system32\PerfStringBackup.INI
- 2018-12-08 23:47 - 2011-06-05 16:22 - 000000000 ____D C:\ProgramData\NVIDIA
- 2018-12-08 23:46 - 2012-04-09 18:25 - 000001032 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- 2018-12-08 23:46 - 2011-06-05 15:50 - 000000000 ____D C:\Users\Ciborki
- 2018-12-08 23:46 - 2009-07-14 05:33 - 000382768 _____ C:\Windows\system32\FNTCACHE.DAT
- 2018-12-08 22:58 - 2011-07-29 20:30 - 000000000 ____D C:\Temp
- 2018-12-08 20:58 - 2011-06-05 16:11 - 000094976 _____ C:\Users\Ciborki\AppData\Local\GDIPFONTCACHEV1.DAT
- 2018-12-08 20:57 - 2011-07-29 20:06 - 000000000 ____D C:\Users\Ciborki\AppData\Roaming\Samsung
- 2018-12-08 20:54 - 2011-06-07 22:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
- 2018-12-08 20:54 - 2011-06-07 22:41 - 000000000 ____D C:\Program Files\AnvSoft
- 2018-12-08 20:52 - 2015-12-13 18:56 - 000000000 ____D C:\Users\Ciborki\AppData\Roaming\AVG
- 2018-12-08 20:52 - 2015-12-13 18:56 - 000000000 ____D C:\Users\Ciborki\AppData\Local\Avg
- 2018-12-08 20:47 - 2012-01-29 14:33 - 000000000 ____D C:\Windows\Minidump
- 2018-12-08 20:47 - 2011-06-06 01:41 - 000000000 ____D C:\Windows\Panther
- 2018-12-08 20:28 - 2014-03-20 17:10 - 000000000 ____D C:\Program Files\Mozilla Firefox
- 2018-12-08 20:21 - 2012-04-11 23:09 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
- 2018-12-08 20:21 - 2011-06-05 16:10 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
- 2018-12-08 20:21 - 2011-06-05 16:10 - 000000000 ____D C:\Windows\system32\Macromed
- 2018-12-08 19:40 - 2015-08-18 19:01 - 000002176 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
- ==================== Files in the root of some directories =======
- 2015-08-18 12:41 - 2015-08-18 12:41 - 006420480 _____ () C:\Program Files\GUT816F.tmp
- 2013-06-26 18:09 - 2014-03-21 20:32 - 000003730 _____ () C:\Program Files\Mozilla Firefoxavg-secure-search.xml
- 2013-02-03 21:37 - 2013-02-03 21:37 - 000087608 _____ () C:\Users\Ciborki\AppData\Roaming\inst.exe
- 2013-02-03 21:37 - 2013-02-03 21:37 - 000007887 _____ () C:\Users\Ciborki\AppData\Roaming\pcouffin.cat
- 2013-02-03 21:37 - 2013-02-03 21:37 - 000001144 _____ () C:\Users\Ciborki\AppData\Roaming\pcouffin.inf
- 2013-02-03 21:37 - 2013-02-03 21:37 - 000000055 _____ () C:\Users\Ciborki\AppData\Roaming\pcouffin.log
- 2013-02-03 21:37 - 2013-02-03 21:37 - 000047360 _____ (VSO Software) C:\Users\Ciborki\AppData\Roaming\pcouffin.sys
- 2011-06-05 20:11 - 2011-06-05 20:11 - 000000000 _____ () C:\Users\Ciborki\AppData\Local\AtStart.txt
- 2011-06-05 20:11 - 2011-06-05 20:11 - 000000000 _____ () C:\Users\Ciborki\AppData\Local\DSwitch.txt
- 2011-06-05 20:11 - 2011-06-05 20:11 - 000000000 _____ () C:\Users\Ciborki\AppData\Local\QSwitch.txt
- 2011-07-07 23:29 - 2011-07-08 15:43 - 000007598 _____ () C:\Users\Ciborki\AppData\Local\Resmon.ResmonCfg
- ==================== Bamital & volsnap ======================
- (There is no automatic fix for files that do not pass verification.)
- C:\Windows\explorer.exe => File is digitally signed
- C:\Windows\system32\winlogon.exe => File is digitally signed
- C:\Windows\system32\wininit.exe => File is digitally signed
- C:\Windows\system32\svchost.exe => File is digitally signed
- C:\Windows\system32\services.exe => File is digitally signed
- C:\Windows\system32\User32.dll => File is digitally signed
- C:\Windows\system32\userinit.exe => File is digitally signed
- C:\Windows\system32\rpcss.dll => File is digitally signed
- C:\Windows\system32\dnsapi.dll => File is digitally signed
- C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
- LastRegBack: 2017-11-08 19:02
- ==================== End of FRST.txt ============================
Add Comment
Please, Sign In to add comment