Rezultaty skanowania Farbar Recovery Scan Tool (FRST) (x64) Wersja: 19-02-2017 Uruchomiony przez karol (administrator) LAPTOP-RCB0J6HK (20-02-2017 19:09:32) Uruchomiony z C:\Users\karol\Desktop\do wirusów Załadowane profile: karol (Dostępne profile: karol) Platform: Windows 10 Home Wersja 1607 (X64) Język: Polski (Polska) Internet Explorer Wersja 11 (Domyślna przeglądarka: "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe" -- "%1") Tryb startu: Normal Instrukcja obsługi Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Procesy (filtrowane) ================= (Załączenie wejścia w fixlist spowoduje zamknięcie procesu. Powiązany plik nie zostanie przeniesiony.) (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxCUIService.exe (Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe () C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe (Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe () C:\ProgramData\service.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe ("My Web Shield") C:\Program Files\My Web Shield\mweshieldup.exe ("My Web Shield") C:\Program Files\My Web Shield\mweshield.exe () C:\ProgramData\NetworkPacketManitor\Nettrans.exe () C:\Program Files (x86)\UCBrowser\Application\UCService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (SweetLabs, Inc) C:\Users\karol\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxEM.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe (Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe (UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe (UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe (UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe (UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe (UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe (UCWeb Inc.) C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxext.exe (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe () C:\OEM\Preload\FubTracking\FubTracking.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Rejestr (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje usunięcie obiektu z rejestru lub przywrócenie jego domyślnej postaci. Powiązany plik nie zostanie przeniesiony.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16409496 2015-11-27] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-11-27] (Realtek Semiconductor) HKLM\...\Run: [DAX2_APP] => C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe [629248 2015-11-14] () HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-02] (Microsoft Corporation) HKLM\...\Run: [gplyra] => C:\Users\karol\AppData\Roaming\gplyra\gplyra.exe <===== UWAGA HKU\S-1-5-21-1001290168-2904822511-823766712-1001\...\Run: [AcerPortal] => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2418392 2016-09-09] (Acer) HKU\S-1-5-21-1001290168-2904822511-823766712-1001\...\Run: [svchost0] => "C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe"\UUC0789.exe HKU\S-1-5-21-1001290168-2904822511-823766712-1001\...\Run: [hçy--oPaVZ.exe] => C:\Users\karol\AppData\Local\Temp\{821-08-ca-984a4-91988-dad7-82eaa}\hçy--oPaVZ.exe -r1_1 -r2_1 <===== UWAGA HKU\S-1-5-21-1001290168-2904822511-823766712-1001\...\Run: [Bl-NDq_Daa.exe] => C:\Users\karol\AppData\Local\Temp\{821-08-ca-984a4-91988-dad7-82eaa}\Bl-NDq_Daa.exe 1 0 <===== UWAGA HKU\S-1-5-21-1001290168-2904822511-823766712-1001\...\Run: [msiql] => C:\Users\karol\AppData\Local\Temp\00021614\msiql.exe /RUNNING <===== UWAGA HKU\S-1-5-21-1001290168-2904822511-823766712-1001\...\Run: [apphide] => C:\Program Files (x86)\xxx\uc.exe [159830 2017-02-16] (Unauthorized copy) HKU\S-1-5-21-1001290168-2904822511-823766712-1001\...\Run: [qqwdalfxvv] => explorer "hxxp://azwebty.ru/?utm_source=uoua03&utm_content=fbd6fe6f2d628d670a663a405d23b55e&utm_term=E841F19B371A4C874D6EF9E6A200D17F&utm_d=20170218" <===== UWAGA HKLM\...\Providers\ahwq7cx4: C:\Program Files (x86)\Arodupychinering Nodifier\local64spl.dll [307712 2017-02-18] () ShellExecuteHooks: Brak nazwy - {D4385D50-F441-11E6-BA98-64006A5CFC23} - C:\Program Files (x86)\Miqoshzesetion\Stergalycuvoent.dll -> Brak pliku ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated) ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Brak pliku ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll [2017-02-18] () ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated) ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated) ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated) GroupPolicy: Ograniczenia <======= UWAGA GroupPolicy\User: Ograniczenia <======= UWAGA ==================== Internet (filtrowane) ==================== (Załączenie wejścia w fixlist, w przypadku gdy jest to obiekt rejestru, spowoduje usunięcie go z rejestru lub przywrócenie jego domyślnej postaci.) Tcpip\Parameters: [DhcpNameServer] 31.11.202.254 37.8.214.2 Tcpip\..\Interfaces\{558a6eb2-532d-48fb-b789-32dc69d4d1b2}: [DhcpNameServer] 31.11.202.254 37.8.214.2 Tcpip\..\Interfaces\{e9bb84a4-b039-4307-a252-ae0911dda439}: [DhcpNameServer] 192.16.128.24 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1001290168-2904822511-823766712-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmouuJGbeLR9A1biOirgGkAc143v-YoHPywP0CgUWpzp-hySfxZHriwVp-A8lEV69p6exekaN1GnFd1Jo2DisHSzLgSDmM_kZgPSZDKce8t2sfkJUiDHtUCecOF-MZuNoW-PEu96nQ24L4NLaARygrfyOZJe0-&q={searchTerms} HKU\S-1-5-21-1001290168-2904822511-823766712-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer15.msn.com/?pc=ACTE SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmouuJGbeLR9A1biOirgGkAc143v-YoHPywP0CgUWpzp-hySfxZHriwVp-A8lEV69p6exekaN1GnFd1Jo2DisHSzLgSDmM_kZgPSZDKce8t2sfkJUiDHtUCecOF-MZuNoW-PEu96nQ24L4NLaARygrfyOZJe0-&q={searchTerms} SearchScopes: HKU\S-1-5-21-1001290168-2904822511-823766712-1001 -> {E1BCE238-BB86-4CBA-A110-5F7C92E4789A} URL = SearchScopes: HKU\S-1-5-21-1001290168-2904822511-823766712-1001 -> {FFEBBF0A-C22C-4172-89FF-45215A135AC7} URL = hxxp://go.mail.ru/distib/ep/?q={SearchTerms}&product_id=%7B6BF4E8FE-66E8-42CE-8379-13BB96A5B7EB%7D&gp=811014 SearchScopes: HKU\S-1-5-21-1001290168-2904822511-823766712-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmouuJGbeLR9A1biOirgGkAc143v-YoHPywP0CgUWpzp-hySfxZHriwVp-A8lEV69p6exekaN1GnFd1Jo2DisHSzLgSDmM_kZgPSZDKce8t2sfkJUiDHtUCecOF-MZuNoW-PEu96nQ24L4NLaARygrfyOZJe0-&q={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-02-07] (Microsoft Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-07] (Microsoft Corporation) BHO-x32: Ďîčńę@Mail.Ru -> {8E8F97CD-60B5-456F-A201-73065652D099} -> C:\Users\karol\AppData\Local\Mail.Ru\Sputnik\IESearchPlugin.dll [2017-02-18] (Mail.Ru) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-07] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-07] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-07] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-07] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: ndoc02yp.default FF ProfilePath: C:\Users\karol\AppData\Roaming\Mozilla\Firefox\Profiles\ndoc02yp.default [2017-02-20] FF NewTab: Mozilla\Firefox\Profiles\ndoc02yp.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=h2izbcnbl1bu,eaedea06-9d30-45fe-b972-404e013e9e8d, FF SelectedSearchEngine: Mozilla\Firefox\Profiles\ndoc02yp.default -> FF Homepage: Mozilla\Firefox\Profiles\ndoc02yp.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=h2izbcnbl1bu,eaedea06-9d30-45fe-b972-404e013e9e8d, FF Keyword.URL: Mozilla\Firefox\Profiles\ndoc02yp.default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=H2Izbcnbl1BU,eaedea06-9d30-45fe-b972-404e013e9e8d, FF Extension: (AdBlock for Firefox) - C:\Users\karol\AppData\Roaming\Mozilla\Firefox\Profiles\ndoc02yp.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2017-02-19] FF Extension: (AdBlocker for YouTube™) - C:\Users\karol\AppData\Roaming\Mozilla\Firefox\Profiles\ndoc02yp.default\Extensions\jid1-q4sG8pYhq8KGHs@jetpack.xpi [2017-02-18] FF Extension: (Adblock Plus) - C:\Users\karol\AppData\Roaming\Mozilla\Firefox\Profiles\ndoc02yp.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-02-18] FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\karol\AppData\Roaming\Mozilla\Firefox\Profiles\ndoc02yp.default\features\{b5aab49c-3474-459b-86e0-41d951774966}\disableSHA1rollout@mozilla.org.xpi [2017-02-18] FF SearchPlugin: C:\Users\karol\AppData\Roaming\Mozilla\Firefox\Profiles\ndoc02yp.default\searchplugins\smod.xml [2017-02-19] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Brak pliku] FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [Brak pliku] FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-25] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-25] (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-07] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2014-11-15] () Chrome: ======= CHR HKU\S-1-5-21-1001290168-2904822511-823766712-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx ==================== Usługi (filtrowane) ==================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) S2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3715208 2015-12-14] (Intel Corporation) R2 Amazon 1Button App Service; c:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [460472 2016-12-12] (Amazon Inc.) R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-09-29] (Windows (R) Win 7 DDK provider) R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3702472 2017-01-29] (Microsoft Corporation) S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\IntelCpHeciSvc.exe [301528 2016-11-23] (Intel Corporation) S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\IntelCpHDCPSvc.exe [480216 2016-11-23] (Intel Corporation) R2 DAX2API; C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe [176640 2015-09-22] () [Brak podpisu cyfrowego] R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573568 2015-05-14] (Acer Incorporated) S2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [373312 2015-04-14] (WildTangent) R2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2017-02-18] () [Brak podpisu cyfrowego] <==== UWAGA R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igfxCUIService.exe [341976 2016-11-23] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation) S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [Brak podpisu cyfrowego] R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [Brak podpisu cyfrowego] S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2015-09-19] (Intel Corporation) R2 KuaizipUpdateChecker; C:\Program Files\żěŃą\X86\kuaizipUpdateChecker.dll [219032 2017-02-18] () R2 mweshield; C:\Program Files\My Web Shield\mweshield.exe [931640 2016-08-31] ("My Web Shield") <==== UWAGA R2 mweshieldup; C:\Program Files\My Web Shield\mweshieldup.exe [348472 2016-08-31] ("My Web Shield") <==== UWAGA R2 Nettrans; C:\ProgramData\NetworkPacketManitor\Nettrans.exe [43520 2017-02-18] () [Brak podpisu cyfrowego] R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [401248 2015-09-05] (Acer Incorporated) R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [453984 2015-09-05] (Acer Incorporated) R2 UCBrowserSvc; C:\Program Files (x86)\UCBrowser\Application\UCService.exe [599440 2017-02-13] () S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [247040 2015-05-27] (acer) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) S2 serverss; C:\WINDOWS\Temp\CA53.tmp [X] ===================== Sterowniki (filtrowane) ====================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) R3 ETDI2C; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [175152 2015-06-09] (ELAN Microelectronic Corp.) R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_7ee21f0fcd504371\igdkmd64.sys [11039704 2016-11-23] (Intel Corporation) R2 KuaiZipDrive; C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [92832 2017-02-18] (WinMount International Inc) R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2015-09-05] (Acer Incorporated) R1 mwescontroller; C:\WINDOWS\system32\drivers\mwescontroller.sys [57680 2016-08-31] () <==== UWAGA S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () S3 Qcamain; C:\WINDOWS\System32\drivers\Qcamainx64.sys [2276352 2015-07-10] (Qualcomm Atheros, Inc.) [Brak podpisu cyfrowego] R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2336768 2016-07-16] (Qualcomm Atheros, Inc.) R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2015-09-05] (Acer Incorporated) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [889584 2015-09-23] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-19] (Realsil Semiconductor Corporation) R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [25444 ] (UC Web Inc.) <==== UWAGA S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U0 aswVmm; Brak ImagePath ==================== NetSvcs (filtrowane) =================== (Załączenie wejścia w fixlist spowoduje jego usunięcie z rejestru. Powiązany plik nie zostanie przeniesiony, o ile nie zostanie załączony z osobna.) ==================== Jeden miesiąc - utworzone pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-02-20 19:09 - 2017-02-20 19:09 - 00002688 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdaterCore 2017-02-20 19:09 - 2017-02-20 19:09 - 00000334 _____ C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job 2017-02-20 19:08 - 2017-02-20 19:08 - 00000000 ___HD C:\OneDriveTemp 2017-02-19 20:08 - 2017-02-20 19:07 - 00000000 ____D C:\WINDOWS\pss 2017-02-19 20:08 - 2017-02-20 18:59 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-02-19 19:52 - 2017-02-19 19:52 - 00000129 _____ C:\Users\karol\Desktop\Nowy dokument tekstowy (2).txt 2017-02-19 19:51 - 2017-02-20 19:09 - 00000000 ____D C:\Users\karol\Desktop\do wirusów 2017-02-19 19:50 - 2017-02-20 18:59 - 00000000 ____D C:\FRST 2017-02-19 19:38 - 2017-02-19 19:38 - 00000000 _____ C:\Users\karol\Desktop\Nowy dokument tekstowy.txt 2017-02-19 16:04 - 2017-02-19 16:04 - 00286208 _____ C:\WINDOWS\system32\bi3.exe 2017-02-18 11:48 - 2017-02-20 18:49 - 00001414 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2017-02-18 11:48 - 2017-02-20 18:49 - 00001402 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2017-02-18 11:48 - 2017-02-18 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2017-02-18 11:48 - 2017-02-18 11:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2017-02-18 11:47 - 2017-02-18 11:47 - 00245544 _____ C:\Users\karol\Downloads\Firefox Setup Stub 51.0.1.exe 2017-02-18 10:52 - 2017-02-18 10:52 - 00000000 ____D C:\Users\karol\AppData\Roaming\WildTangent 2017-02-18 10:50 - 2017-02-18 10:50 - 00000000 ____D C:\Users\karol\AppData\Local\NetBoxLogs 2017-02-18 10:47 - 2017-02-18 10:49 - 00000000 ____D C:\Program Files\Total Uninstall 6 2017-02-18 10:47 - 2017-02-18 10:47 - 00000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 6.lnk 2017-02-18 10:47 - 2017-02-18 10:47 - 00000884 _____ C:\Users\Public\Desktop\Total Uninstall 6.lnk 2017-02-18 10:47 - 2017-02-18 10:47 - 00000016 _____ C:\ProgramData\mntemp 2017-02-18 10:47 - 2017-02-18 10:47 - 00000000 ____D C:\ProgramData\Martau 2017-02-18 10:42 - 2017-02-18 10:42 - 00000000 ____D C:\Users\karol\AppData\Local\Вoйти в Интeрнет 2017-02-18 10:37 - 2017-02-18 10:43 - 00000000 ____D C:\Users\karol\AppData\Local\fupdate 2017-02-18 10:37 - 2017-02-18 10:37 - 00003482 _____ C:\WINDOWS\System32\Tasks\fupdate 2017-02-18 10:31 - 2017-02-18 10:31 - 00003322 _____ C:\WINDOWS\System32\Tasks\psv_Techcore 2017-02-18 10:31 - 2017-02-18 10:31 - 00000000 ____D C:\Users\karol\AppData\Roaming\Drebpycerrerward 2017-02-18 10:29 - 2017-02-19 19:12 - 00326144 _____ C:\ProgramData\smp2.exe 2017-02-18 10:29 - 2017-02-19 19:12 - 00004252 _____ C:\WINDOWS\System32\Tasks\SMW_P 2017-02-18 10:29 - 2017-02-18 10:29 - 00004422 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_323935363634313336352d5537375a346c2d3232345b41 2017-02-18 10:28 - 2017-02-18 10:29 - 00000000 ____D C:\Users\karol\AppData\Local\NoxInsPackFileder 2017-02-18 10:28 - 2017-02-18 10:28 - 00001599 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk 2017-02-18 10:28 - 2017-02-18 10:28 - 00000000 ____D C:\Users\karol\AppData\Local\Nox 2017-02-18 10:28 - 2017-02-18 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器 2017-02-18 10:27 - 2017-02-20 18:49 - 00000000 ____D C:\Users\karol\AppData\Roaming\KuaiZip 2017-02-18 10:27 - 2017-02-18 12:30 - 00003068 _____ C:\WINDOWS\System32\Tasks\osTip 2017-02-18 10:27 - 2017-02-18 12:02 - 00001617 _____ C:\Users\karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器.lnk 2017-02-18 10:27 - 2017-02-18 12:02 - 00000000 ____D C:\Users\karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UC浏览器 2017-02-18 10:27 - 2017-02-18 10:36 - 00000000 ____D C:\Users\karol\AppData\Local\app 2017-02-18 10:27 - 2017-02-18 10:27 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys 2017-02-18 10:27 - 2017-02-18 10:27 - 00003476 _____ C:\WINDOWS\System32\Tasks\UCBrowserSecureUpdater 2017-02-18 10:27 - 2017-02-18 10:27 - 00000886 _____ C:\Users\karol\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk 2017-02-18 10:27 - 2017-02-18 10:27 - 00000000 ____D C:\Users\karol\AppData\Roaming\Softlink 2017-02-18 10:27 - 2017-02-18 10:27 - 00000000 ____D C:\Users\karol\AppData\Local\UCBrowser 2017-02-18 10:27 - 2017-02-18 10:27 - 00000000 ____D C:\Users\karol\AppData\Local\Chromium 2017-02-18 10:26 - 2017-02-18 12:01 - 00000000 ____D C:\Program Files (x86)\UCBrowser 2017-02-18 10:26 - 2017-02-18 10:27 - 00000000 __SHD C:\ProgramData\WindowsMsg 2017-02-18 10:26 - 2017-02-18 10:26 - 00006106 _____ C:\WINDOWS\System32\Tasks\Vzocult Helper 2017-02-18 10:26 - 2017-02-18 10:26 - 00003714 _____ C:\WINDOWS\System32\Tasks\snp 2017-02-18 10:26 - 2017-02-18 10:26 - 00003314 _____ C:\WINDOWS\System32\Tasks\psv_Nam-Ron 2017-02-18 10:26 - 2017-02-18 10:26 - 00003294 _____ C:\WINDOWS\System32\Tasks\snf 2017-02-18 10:26 - 2017-02-18 10:26 - 00000000 ____D C:\Program Files\żěŃą 2017-02-18 10:26 - 2017-02-18 10:26 - 00000000 ____D C:\Program Files (x86)\Vzocult Helper 2017-02-18 10:25 - 2017-02-18 12:01 - 00000000 ____D C:\Program Files (x86)\pccleanplus 2017-02-18 10:25 - 2017-02-18 10:26 - 00000000 ____D C:\ProgramData\Zaamlas 2017-02-18 10:25 - 2017-02-18 10:25 - 07319040 _____ C:\Users\karol\AppData\Roaming\agent.dat 2017-02-18 10:25 - 2017-02-18 10:25 - 01907163 _____ C:\Users\karol\AppData\Roaming\Lamcanron.tst 2017-02-18 10:25 - 2017-02-18 10:25 - 01620992 _____ C:\ProgramData\service.exe 2017-02-18 10:25 - 2017-02-18 10:25 - 00982016 _____ C:\Users\karol\AppData\Roaming\Lamcanron.exe 2017-02-18 10:25 - 2017-02-18 10:25 - 00278518 _____ C:\Users\karol\AppData\Roaming\TinTip.bin 2017-02-18 10:25 - 2017-02-18 10:25 - 00140288 _____ C:\Users\karol\AppData\Roaming\Installer.dat 2017-02-18 10:25 - 2017-02-18 10:25 - 00126464 _____ C:\Users\karol\AppData\Roaming\noah.dat 2017-02-18 10:25 - 2017-02-18 10:25 - 00070752 _____ C:\Users\karol\AppData\Roaming\Config.xml 2017-02-18 10:25 - 2017-02-18 10:25 - 00018432 _____ C:\Users\karol\AppData\Roaming\Main.dat 2017-02-18 10:25 - 2017-02-18 10:25 - 00016224 _____ C:\Users\karol\AppData\Roaming\InstallationConfiguration.xml 2017-02-18 10:25 - 2017-02-18 10:25 - 00005568 _____ C:\Users\karol\AppData\Roaming\md.xml 2017-02-18 10:25 - 2017-02-18 10:25 - 00003334 _____ C:\WINDOWS\System32\Tasks\psv_NimZozsing 2017-02-18 10:25 - 2017-02-18 10:25 - 00003326 _____ C:\WINDOWS\System32\Tasks\psv_Zimdinphase 2017-02-18 10:25 - 2017-02-18 10:25 - 00003106 _____ C:\WINDOWS\System32\Tasks\RunAtStartup 2017-02-18 10:25 - 2017-02-18 10:25 - 00002398 _____ C:\WINDOWS\SysWOW64\findit.xml 2017-02-18 10:25 - 2017-02-18 10:25 - 00000000 __SHD C:\Users\karol\AppData\Local\svchost 2017-02-18 10:25 - 2017-02-18 10:25 - 00000000 ____D C:\Users\karol\AppData\Roaming\Event Monitor 2017-02-18 10:25 - 2017-02-18 10:25 - 00000000 ____D C:\ProgramData\NetworkPacketManitor 2017-02-18 10:25 - 2017-02-18 10:25 - 00000000 ____D C:\Program Files\My Web Shield 2017-02-18 10:25 - 2017-02-18 10:25 - 00000000 ____D C:\Program Files (x86)\xxx 2017-02-18 10:25 - 2017-02-18 10:25 - 00000000 _____ C:\TOSTACK 2017-02-18 10:25 - 2016-08-31 16:00 - 00057680 _____ C:\WINDOWS\system32\Drivers\mwescontroller.sys 2017-02-18 10:24 - 2017-02-18 12:01 - 00000000 ____D C:\Program Files (x86)\Miqoshzesetion 2017-02-18 10:24 - 2017-02-18 10:24 - 00594944 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\SysWOW64\libeay32.dll 2017-02-18 10:24 - 2017-02-18 10:24 - 00152576 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\SysWOW64\ssleay32.dll 2017-02-18 10:24 - 2017-02-18 10:24 - 00006146 _____ C:\WINDOWS\System32\Tasks\Arodupychinering Nodifier 2017-02-18 10:24 - 2017-02-18 10:24 - 00005142 _____ C:\WINDOWS\System32\Tasks\Thwentfhution 2017-02-18 10:24 - 2017-02-18 10:24 - 00000000 ____D C:\Users\karol\AppData\Local\Reodeght 2017-02-18 10:24 - 2017-02-18 10:24 - 00000000 ____D C:\Program Files (x86)\Arodupychinering Nodifier 2017-02-18 10:23 - 2017-02-18 10:36 - 00000000 ____D C:\Program Files (x86)\OneSystemCare 2017-02-18 10:23 - 2017-02-18 10:23 - 00000000 ____D C:\ProgramData\3cd8229f-6853-0 2017-02-18 10:23 - 2017-02-18 10:23 - 00000000 ____D C:\ProgramData\3cd8229f-2395-1 2017-02-18 10:22 - 2017-02-18 10:45 - 00003638 _____ C:\WINDOWS\System32\Tasks\svshost 2017-02-18 10:22 - 2017-02-18 10:22 - 00000000 ____D C:\Users\karol\AppData\Local\svshost 2017-02-18 10:21 - 2017-02-18 10:21 - 00000000 ____D C:\Users\karol\AppData\Local\Поиcк в Интeрнете 2017-02-18 10:17 - 2017-02-18 10:17 - 00000000 ____D C:\Users\karol\AppData\Local\Mail.Ru 2017-02-18 10:17 - 2017-02-18 10:17 - 00000000 ____D C:\ProgramData\Mail.Ru 2017-02-04 18:37 - 2017-02-04 18:37 - 00002836 _____ C:\Users\karol\Desktop\MCP_OPERATION_HISTORY_TEXT_20170204183701.txt 2017-01-25 17:59 - 2016-12-21 08:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe 2017-01-25 17:59 - 2016-12-21 05:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe 2017-01-22 20:09 - 2017-01-22 20:09 - 02652392 _____ (Microsoft Corporation) C:\Users\karol\Downloads\Microsoft Office 2016 Public Preview - Polski 16.0.3930.1008 [1].exe 2017-01-22 20:06 - 2017-01-22 20:08 - 01300656 _____ ( ) C:\Users\karol\Desktop\Microsoft Office 2016 Public Preview - Polski 16.0.3930.1008.exe 2017-01-22 11:46 - 2017-01-22 11:45 - 00485032 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe ==================== Jeden miesiąc - zmodyfikowane pliki i foldery ======== (Załączenie wejścia w fixlist spowoduje przeniesienie pliku/folderu.) 2017-02-20 19:08 - 2016-10-02 18:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-02-20 19:08 - 2016-09-23 19:15 - 00000000 ___RD C:\Users\karol\OneDrive 2017-02-20 19:08 - 2016-09-23 19:13 - 00000000 __SHD C:\Users\karol\IntelGraphicsProfiles 2017-02-20 19:07 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI 2017-02-20 19:02 - 2016-07-16 23:05 - 00770982 _____ C:\WINDOWS\system32\perfh015.dat 2017-02-20 19:02 - 2016-07-16 23:05 - 00168022 _____ C:\WINDOWS\system32\perfc015.dat 2017-02-20 19:02 - 2015-08-31 12:01 - 02031596 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-02-20 18:45 - 2016-09-23 19:11 - 00000000 ____D C:\Users\karol\AppData\Local\Host App Service 2017-02-20 18:44 - 2016-11-21 18:58 - 00000000 ____D C:\Users\karol\AppData\LocalLow\Mozilla 2017-02-20 17:39 - 2017-01-06 11:26 - 00000000 ____D C:\Users\karol\AppData\Local\ElevatedDiagnostics 2017-02-19 22:01 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2017-02-19 22:00 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2017-02-19 21:58 - 2016-10-02 18:30 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-02-19 19:20 - 2016-09-23 19:13 - 00000000 ____D C:\Users\karol\AppData\Local\Packages 2017-02-19 19:20 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps 2017-02-19 19:20 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-02-18 12:33 - 2016-11-13 18:41 - 00000000 ____D C:\Users\karol\AppData\Local\Adobe 2017-02-18 12:32 - 2016-11-13 18:42 - 00003916 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2017-02-18 12:02 - 2015-08-31 11:50 - 00000000 ____D C:\Program Files (x86)\Acer 2017-02-18 11:31 - 2016-10-02 19:00 - 00000000 ____D C:\Users\karol\AppData\Roaming\Foxit Software 2017-02-18 11:31 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-18 10:55 - 2015-08-31 11:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2017-02-18 10:55 - 2015-08-31 11:50 - 00000000 ____D C:\Program Files (x86)\WildGames 2017-02-18 10:53 - 2015-08-31 11:50 - 00000000 ____D C:\ProgramData\WildTangent 2017-02-18 10:51 - 2016-11-27 13:10 - 00000000 ____D C:\ProgramData\Nero 2017-02-18 10:51 - 2016-11-27 13:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2017-02-18 10:51 - 2016-11-27 13:10 - 00000000 ____D C:\Program Files (x86)\Nero 2017-02-18 10:48 - 2016-10-02 19:30 - 00000000 ___DC C:\WINDOWS\Panther 2017-02-18 10:42 - 2016-02-25 07:27 - 00000000 ____D C:\Program Files (x86)\Amazon 2017-02-18 10:29 - 2015-08-31 11:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer 2017-02-18 10:17 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2017-02-18 10:17 - 2015-07-10 12:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy 2017-02-18 09:56 - 2015-08-31 11:52 - 00000000 ____D C:\ProgramData\McAfee 2017-02-12 19:27 - 2016-10-02 18:30 - 00342936 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-02-12 19:27 - 2015-08-31 11:52 - 00000000 ____D C:\Program Files (x86)\McAfee 2017-02-12 19:26 - 2016-09-23 19:29 - 00000000 ____D C:\Users\karol\AppData\Roaming\AVAST Software 2017-02-12 19:26 - 2015-08-31 11:50 - 00000000 ____D C:\Program Files\AVAST Software 2017-02-07 18:33 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-02-07 18:32 - 2016-02-25 07:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office 2017-02-03 12:53 - 2016-07-16 07:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2017-02-03 12:52 - 2015-07-10 10:05 - 00000000 ____D C:\Users\Default.migrated 2017-01-29 15:23 - 2016-12-23 18:04 - 00000000 ____D C:\Users\karol\Desktop\filmy z internetu 2017-01-28 14:19 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-01-22 20:29 - 2015-08-31 11:50 - 00000000 ____D C:\ProgramData\AVAST Software 2017-01-22 11:36 - 2016-12-18 16:21 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-01-22 11:36 - 2016-09-23 19:15 - 00002411 _____ C:\Users\karol\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk ==================== Pliki w katalogu głównym wybranych folderów ======= 2017-02-18 10:25 - 2017-02-18 10:25 - 7319040 _____ () C:\Users\karol\AppData\Roaming\agent.dat 2017-02-18 10:25 - 2017-02-18 10:25 - 0023622 _____ () C:\Users\karol\AppData\Roaming\aliexpress.ico 2017-02-18 10:25 - 2017-02-18 10:25 - 0099678 _____ () C:\Users\karol\AppData\Roaming\booking.ico 2017-02-18 10:25 - 2017-02-18 10:25 - 0070752 _____ () C:\Users\karol\AppData\Roaming\Config.xml 2017-02-18 10:25 - 2017-02-18 10:25 - 0016224 _____ () C:\Users\karol\AppData\Roaming\InstallationConfiguration.xml 2017-02-18 10:25 - 2017-02-18 10:25 - 0140288 _____ () C:\Users\karol\AppData\Roaming\Installer.dat 2017-02-18 10:25 - 2017-02-18 10:25 - 0982016 _____ () C:\Users\karol\AppData\Roaming\Lamcanron.exe 2017-02-18 10:25 - 2017-02-18 10:25 - 1907163 _____ () C:\Users\karol\AppData\Roaming\Lamcanron.tst 2017-02-18 10:25 - 2017-02-18 10:25 - 0018432 _____ () C:\Users\karol\AppData\Roaming\Main.dat 2017-02-18 10:25 - 2017-02-18 10:25 - 0005568 _____ () C:\Users\karol\AppData\Roaming\md.xml 2017-02-18 10:25 - 2017-02-18 10:25 - 0126464 _____ () C:\Users\karol\AppData\Roaming\noah.dat 2017-02-18 10:25 - 2017-02-18 10:25 - 0278518 _____ () C:\Users\karol\AppData\Roaming\TinTip.bin 2017-02-18 10:26 - 2017-02-18 10:26 - 0032038 _____ () C:\Users\karol\AppData\Roaming\uninstall_temp.ico 2016-10-02 18:31 - 2016-10-02 18:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2016-10-02 18:31 - 2016-10-02 18:31 - 0000102 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc 2017-02-18 10:47 - 2017-02-18 10:47 - 0000016 _____ () C:\ProgramData\mntemp 2017-02-18 10:25 - 2017-02-18 10:25 - 1620992 _____ () C:\ProgramData\service.exe 2017-02-18 10:29 - 2017-02-19 19:12 - 0326144 _____ () C:\ProgramData\smp2.exe Pliki do przeniesienia lub usunięcia: ==================== C:\ProgramData\service.exe C:\ProgramData\smp2.exe Niektóre pliki w TEMP: ==================== 2017-02-18 10:50 - 2017-02-18 10:50 - 64938720 ____N (Kometa LCC) C:\Users\karol\AppData\Local\Temp\CcPJuJ5CdjZZ.exe 2017-02-18 11:31 - 2015-03-16 20:12 - 5912800 _____ (Foxit Corporation) C:\Users\karol\AppData\Local\Temp\FoxitUpdater.exe 2017-02-18 10:50 - 2017-02-18 10:50 - 64938720 ____N (Kometa LCC) C:\Users\karol\AppData\Local\Temp\lGErkGqZdvC4.exe 2017-02-19 22:00 - 2017-01-19 07:12 - 0397576 _____ (McAfee, Inc.) C:\Users\karol\AppData\Local\Temp\nsi5469.exe 2017-02-18 10:50 - 2017-02-18 10:50 - 64938720 ____N (Kometa LCC) C:\Users\karol\AppData\Local\Temp\zm6O5D2Stmss.exe ==================== Bamital & volsnap ====================== (Brak automatycznej naprawy dla plików które nie przeszły weryfikacji.) C:\WINDOWS\system32\winlogon.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\wininit.exe => Plik podpisany cyfrowo C:\WINDOWS\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\explorer.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\svchost.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\services.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\User32.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\userinit.exe => Plik podpisany cyfrowo C:\WINDOWS\system32\rpcss.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\SysWOW64\dnsapi.dll => Plik podpisany cyfrowo C:\WINDOWS\system32\Drivers\volsnap.sys => Plik podpisany cyfrowo LastRegBack: 2017-02-04 19:57 ==================== Koniec FRST.txt ============================