CHR DefaultProfile: ChromeDefaultData
RemoveDirectory: C:\Program Files (x86)\Mertoghtzehige
RemoveDirectory: C:\Program Files (x86)\UCBrowser
RemoveDirectory: C:\Program Files (x86)\Anuzuied Server
RemoveDirectory: c:\program files (x86)\herary
RemoveDirectory: C:\Users\Radeon\AppData\Roaming\Jaesywacuk
RemoveDirectory: C:\Program Files\żěŃą
RemoveDirectory: C:\Users\Radeon\AppData\Roaming\KuaiZip
RemoveDirectory: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
RemoveDirectory: C:\Users\Radeon\AppData\Local\svchost
RemoveDirectory: C:\Users\Radeon\Desktop\żěŃą
RemoveDirectory: C:\ProgramData\Zaamlas
RemoveDirectory: C:\Users\Radeon\AppData\Local\Stalatain
RemoveDirectory: C:\ProgramData\Avira
RemoveDirectory: C:\ProgramData\AVAST Software
RemoveDirectory: C:\Users\Radeon\AppData\Local\Janeried
AlternateDataStreams: C:\WINDOWS\system32\drivers:ucdrv-x64.sys [23652]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x64 [1479458]
AlternateDataStreams: C:\WINDOWS\system32\drivers:x86 [1205026]
C:\Users\Radeon\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
C:\Users\Radeon\AppData\Roaming\DaltSolstring.bin
2017-01-14 17:45 - 2017-01-14 17:45 - 07316480 _____ C:\Users\Radeon\AppData\Roaming\agent.dat
2017-01-14 17:45 - 2017-01-14 17:45 - 01907641 _____ C:\Users\Radeon\AppData\Roaming\Icetex.tst
2017-01-14 17:45 - 2017-01-14 17:45 - 00278518 _____ C:\Users\Radeon\AppData\Roaming\Blackfan.bin
2017-01-14 17:45 - 2017-01-14 17:45 - 00126464 _____ C:\Users\Radeon\AppData\Roaming\noah.dat
2017-01-14 17:45 - 2017-01-14 17:45 - 00070704 _____ C:\Users\Radeon\AppData\Roaming\Config.xml
2017-01-14 17:45 - 2017-01-14 17:45 - 00018432 _____ C:\Users\Radeon\AppData\Roaming\Main.dat
2017-01-14 17:45 - 2017-01-14 17:45 - 00005568 _____ C:\Users\Radeon\AppData\Roaming\md.xml
2017-01-14 17:45 - 2017-01-14 17:44 - 00982016 _____ C:\Users\Radeon\AppData\Roaming\Icetex.exe
2017-01-14 17:44 - 2017-01-14 17:45 - 00016224 _____ C:\Users\Radeon\AppData\Roaming\InstallationConfiguration.xml
2017-01-14 17:44 - 2017-01-14 17:44 - 00140288 _____ C:\Users\Radeon\AppData\Roaming\Installer.dat
2017-01-14 17:44 - 2017-01-14 17:44 - 00000000 _____ C:\TOSTACK
C:\ProgramData\hash.dat
Task: {0146A7A9-7C7B-4633-AE51-1A25C8DC926E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Brak pliku <==== UWAGA
Task: {0ECEC637-0AEA-4145-A1B8-F19FF6AC8C97} - System32\Tasks\UCBrowserSecureUpdater => C:\Program Files (x86)\UCBrowser\Security\uclauncher.exe [2017-01-14] (UC Web Inc.) <==== UWAGA
Task: {10AB3FA7-9A87-479B-ADE6-984FC87A0F75} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Brak pliku <==== UWAGA
Task: {13D81445-4735-42BF-95A5-C5D9EC0FA861} - System32\Tasks\Anuzuied Server => C:\Program Files (x86)\Mertoghtzehige\awaly.exe
Task: {1A56EE7B-8561-4696-AF83-C631488045EE} - System32\Tasks\{CCA0FDA7-ABA3-48B4-8FC0-23FBB93180A5} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {1E85F631-8BB1-4D50-BFB4-8D050FA389D7} - System32\Tasks\{2B64F7DE-8EC9-4330-BF69-029993E1B689} => pcalua.exe -a C:\Users\Radeon\Desktop\CreativeOne-Setup.exe -d C:\Users\Radeon\Desktop
Task: {1EE81AEE-E1E2-4646-9672-E0ADF9F0C47D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Brak pliku <==== UWAGA
Task: {2032986E-C443-4A3F-B153-E98D66382ECA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle -> Brak pliku <==== UWAGA
Task: {2FAB9D34-85C0-4154-9858-3A7B68BEF70A} - System32\Tasks\{6143B996-289D-498C-8CB6-6E0B2B41BE3D} => pcalua.exe -a C:\Users\Radeon\Desktop\.minecraft..exe -d C:\Users\Radeon\Desktop
Task: {4C80E37D-A857-4F46-B17E-D9C9F58B4EB4} - \Microsoft\Windows\Setup\GWXTriggers\Logon -> Brak pliku <==== UWAGA
Task: {69BD2EBE-667A-45AD-AD8E-98B2D517CBEB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Brak pliku <==== UWAGA
Task: {6E3A9D50-EA7C-4341-8F8E-E21D7F987E77} - System32\Tasks\{A3DC1E9E-918D-424A-A12C-7CECA53243BA} => pcalua.exe -a "C:\Users\Radeon\Desktop\CreativeOne-Setup (1).exe" -d C:\Users\Radeon\Desktop
Task: {73CCA147-9855-45FA-86FF-CEDCED41002B} - System32\Tasks\{39F4EDA9-D993-45FD-B9BC-09DEAC433013} => pcalua.exe -a E:\Setup.exe -d E:\
Task: {770610E8-3A98-4554-B6E1-59A3F227C47C} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Brak pliku <==== UWAGA
Task: {797932AD-D10C-44DF-8E07-A4AC781E38B2} - System32\Tasks\{2F4FD8AF-3E94-4B53-BCA7-C398021E5EB7} => pcalua.exe -a "C:\Users\Radeon\Desktop\Don't Starve\Don't Starve\VCRedist\vcredist_x86.exe" -d "C:\Users\Radeon\Desktop\Don't Starve\Don't Starve\VCRedist"
Task: {81B8F6CA-46DC-41B6-BC00-D52447B29BF1} - System32\Tasks\{23F44465-877F-4B09-80A2-071EDA4B86BC} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Sunin\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Sunin\uninstall.dat" -a uninstallme ABDBE0DB-2152-4563-8D14-67BF9A539388 DeviceId=f2bf21d8-ceb2-ca5f-b28b-8b62dc21ba93 BarcodeId=51107003 ChannelId=3 DistributerName=APSFClickMeIn
Task: {95491A14-7894-4AD4-A8F0-6B23DABA98C9} - System32\Tasks\{2F6121A5-6BCD-49FB-A1E6-05A33567C479} => pcalua.exe -a "C:\Users\Radeon\Desktop\MinecraftZyczu (2).exe" -d C:\Users\Radeon\Desktop
Task: {9B04A98A-CEE0-48A1-85A0-A751D5BBC845} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Brak pliku <==== UWAGA
Task: {9F8B0F03-6151-4455-92DF-BB529EB9A3C2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Brak pliku <==== UWAGA
Task: {A3376744-B075-4B6F-8E8B-A714AA5EAC59} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Brak pliku <==== UWAGA
Task: {A81442F3-9DCB-4606-AE3B-1DD1413F21D8} - System32\Tasks\UCBrowserUpdater => C:\Program Files (x86)\UCBrowser\Application\update_task.exe [2017-01-11] (UCWeb Inc) <==== UWAGA
Task: {AB723410-3152-4CAC-B8E3-2105EBF6127D} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Brak pliku <==== UWAGA
Task: {CE723B11-1B3C-4B33-B9BA-CF253899C294} - System32\Tasks\{53E00C7C-7A74-43B8-A315-7D252C3A75CB} => pcalua.exe -a "C:\Program Files (x86)\MKJogo\MK IM\Bin\uInst.exe"
Task: {E2C9D7CF-AE6C-4D16-B530-DBF6299B589D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Brak pliku <==== UWAGA
Task: {F76AD0F2-4B02-47A8-BDAA-66ECF057F8ED} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Brak pliku <==== UWAGA
Task: {F8F9B2AC-A5CD-4D09-93D2-6B5E4033B82E} - System32\Tasks\{D79455C2-08E4-4C2C-BD2D-178614C964CB} => pcalua.exe -a C:\Users\Radeon\AppData\Roaming\WarThunder\Uninstaller.exe -c /Run /ePN:0W1T1C0T1M2Y1G1Q1P1C
Task: {F9167C7E-4F6C-4168-9D36-952B2EEE7CEA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Brak pliku <==== UWAGA
Task: C:\WINDOWS\Tasks\UCBrowserUpdater.job => C:\Program Files (x86)\UCBrowser\Application\update_task.exe <==== UWAGA
WMI_ActiveScriptEventConsumer_ASEC: <===== UWAGA
ShortcutWithArgument: C:\Users\Radeon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Radeon\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Radeon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Radeon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\WarThunder.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Radeon\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
ShortcutWithArgument: C:\Users\Radeon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --load-extension="C:\Users\Radeon\AppData\Local\kemgadeojglibflomicgnfeopkdfflnk" hxxp://qtipr.com/
FirewallRules: [{0798E14B-D532-4AC8-87BC-01550097803F}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
FirewallRules: [{AC4A38A9-EF85-4AFA-B488-DE795C240067}] => C:\Program Files (x86)\UCBrowser\Application\Downloader\download\MiniThunderPlatform.exe
FirewallRules: [{011B00F5-892E-4186-8E7F-799AA6437615}] => C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [gmsd_pl_47] => [X]
HKLM\...\Providers\uq33ed42: C:\Program Files (x86)\Anuzuied Server\local64spl.dll [291328 2017-01-14] ()
ShellExecuteHooks: Brak nazwy - {C5E9BD50-D3FB-11E6-9B39-64006A5CFC35} - C:\Users\Radeon\AppData\Roaming\Jaesywacuk\Ratether.dll -> Brak pliku
ShellExecuteHooks: Brak nazwy - {5F51FFFE-7463-4220-B711-E5B9ACB8EDFE} - C:\ProgramData\igfxDH.dll -> Brak pliku
ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\żěŃą\X64\KZipShell.dll -> Brak pliku
ShortcutTarget: Curse.lnk -> C:\Users\Radeon\AppData\Roaming\Curse Client\Bin\Curse.exe (Brak pliku)
GroupPolicy: Ograniczenia - Chrome <======= UWAGA
CHR HKLM\SOFTWARE\Policies\Google: Ograniczenia <======= UWAGA
HKU\S-1-5-21-382017500-1135720121-3154498526-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnYN5R-SRTQR4zPSPg7lDWkjCrgzmorjGEYc_ZkJ-SbXFwElI58VjQMUhTBBA_WEOLRnxCu6Oig_HENs-Y0GzKrGf9AQDvCoZiP0lLXtBKGPYHW0tMhwC2JJbn9WwBnZE7Ugq3kg_dCN8q2ImwWvnBC8X1ctB7TJdmYcqehxZ0BCMGUAtIOVSmXjh&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope - brak wartości
SearchScopes: HKLM-x32 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKLM-x32 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120907132549.dll => Brak pliku
BHO: Brak nazwy -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> Brak pliku
FF user.js: detected! => C:\Users\Radeon\AppData\Roaming\Mozilla\Firefox\Profiles\6qspnf9g.default-1409044879735\user.js [2015-06-21]
FF NewTab: Mozilla\Firefox\Profiles\6qspnf9g.default-1409044879735 -> C:\ProgramData\Zaamlas\ff.NT
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\6qspnf9g.default-1409044879735 -> trotux
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\6qspnf9g.default-1409044879735 -> trotux
FF Homepage: Mozilla\Firefox\Profiles\6qspnf9g.default-1409044879735 -> C:\ProgramData\Zaamlas\ff.HP
FF SearchPlugin: C:\Users\Radeon\AppData\Roaming\Mozilla\Firefox\Profiles\6qspnf9g.default-1409044879735\searchplugins\findit.xml [2017-01-14]
FF Plugin-x32: @ogplanet.com/npOGPPlugin -> C:\Windows\system32\npOGPPlugin.dll [Brak pliku]
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Brak pliku]
CHR DefaultProfile: ChromeDefaultData
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.trotux.com/?z=4071dc98ca270f11620acdfgcz7b4z2z3gdo4odc4m&from=isr&uid=ST31000524AS_5VPA5K9PXXXX5VPA5K9P&type=hp"
CHR Profile: C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-14] <==== UWAGA
CHR Extension: (Prezentacje Google) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-14]
CHR Extension: (Dokumenty Google) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-22]
CHR Extension: (Dysk Google) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-22]
CHR Extension: (I'm Gay) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\bkdmilfpfmlknbimolggdepibbnenjaf [2017-01-14]
CHR Extension: (Kaspersky Protection) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2015-11-22]
CHR Extension: (I Have Crippling Depression (iDubbbzTV)) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blcccikeaoeeonhaelglggmfapellcei [2017-01-14]
CHR Extension: (YouTube) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-22]
CHR Extension: (Adblock Plus) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-01-14]
CHR Extension: (Google Search) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-22]
CHR Extension: (OP.GG Summoner Search) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\dfnoddgekoeiljeaekobnchnedoipgpc [2016-11-26]
CHR Extension: (Video Downloader professional) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2017-01-14]
CHR Extension: (Arkusze Google) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-14]
CHR Extension: (Dokumenty Google offline) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (I Have Osteoporosis (iDubbbzTV)) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\mgfkiemlbjdkbalkaneligmhcnjnmlpk [2017-01-14]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-22]
CHR Extension: (Chrome Media Router) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]
CHR Extension: (That's Pretty Good (iDubbbzTV)) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pnidecdngnainebcfbmebgpkmnmljdng [2017-01-14]
R2 Coofele; C:\Program Files (x86)\Herary\rvsadapter.dll [179712 2017-01-14] () [Brak podpisu cyfrowego]
S2 GenesisLogomocja; rundll32.exe "C:\Program Files (x86)\Genesis\GenesisLogomocja.dll",soeasy [X]
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== UWAGA
C:\Users\Radeon\Desktop\fixlist.txt
C:\Users\Radeon\Downloads\Spybot-Search-Destroy-12546-dp.exe
C:\Users\Radeon\Downloads\RKill-39918-dp.exe
C:\Users\Radeon\Pictures\Zdięcia (7)\Skrót (2) do 2009_0116.lnk
C:\Users\Radeon\Pictures\Zdięcia (7)\Skrót do 2009_0116.lnk
C:\Users\Radeon\AppData\Roaming\Microsoft\Windows\Start Menu\żěŃą.lnk
C:\Users\Radeon\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\UC浏览器.lnk
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器\卸载UC浏览器.lnk -> C:\Program Files (x86)\UCBrowser\Application\Uninstall.exe (UCWeb Inc.) -> --uninstall --system-level
HOSTS:
EmptyTemp:
FF NewTab: Mozilla\Firefox\Profiles\6qspnf9g.default-1409044879735 -> C:\ProgramData\Zaamlas\ff.NT
FF Homepage: Mozilla\Firefox\Profiles\6qspnf9g.default-1409044879735 -> C:\ProgramData\Zaamlas\ff.HP
CHR DefaultProfile: ChromeDefaultData
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== UWAGA
RemoveDirectory: C:\Program Files (x86)\UCBrowser
C:\Users\Radeon\AppData\Local\UCBrowser
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UC浏览器
C:\ProgramData\Ament.ini
EmptyTemp:
FF NewTab: Mozilla\Firefox\Profiles\6qspnf9g.default-1409044879735 -> C:\ProgramData\Zaamlas\ff.NT
CHR DefaultProfile: ChromeDefaultData
CHR StartupUrls: ChromeDefaultData -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2017-01-15] <==== UWAGA
CHR Extension: (Prezentacje Google) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-01-15]
CHR Extension: (Dokumenty Google) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake [2017-01-15]
CHR Extension: (Dysk Google) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-15]
CHR Extension: (Kaspersky Protection) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2017-01-15]
CHR Extension: (YouTube) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-15]
CHR Extension: (Arkusze Google) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-01-15]
CHR Extension: (Dokumenty Google offline) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-15]
CHR Extension: (Skype) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-01-15]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-15]
CHR Extension: (Gmail) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-15]
CHR Extension: (Chrome Media Router) - C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-15]
C:\Users\Radeon\AppData\Local\Google\Chrome\User Data\ChromeDefaultData
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== UWAGA
C:\Program Files (x86)\UCBrowser
EmptyTemp:
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== UWAGA
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== UWAGA
RemoveDirectory: C:\Program Files (x86)\UCBrowser
EmptyTemp:
*ucdrv*.*
ucdrv
2017-01-14 17:44 - 2017-01-14 17:44 - 0023622 _____ () C:\Users\Radeon\AppData\Roaming\aliexpress.ico
2017-01-14 17:44 - 2017-01-14 17:44 - 0099678 _____ () C:\Users\Radeon\AppData\Roaming\booking.ico
2017-01-14 17:46 - 2017-01-14 17:46 - 0032038 _____ () C:\Users\Radeon\AppData\Roaming\uninstall_temp.ico
RemoveDirectory: C:\Program Files (x86)\UCBrowser
StartRegedit:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ucdrv]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ucdrv]
"ObjectName"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ucdrv]
EndRegedit:
CMD: fltmc instances
EmptyTemp:
ucdrv; 1484412515;
Czy to jest keylogger?
czy moge chociaż grać z tym normalnie w gry?
"C:\Program Files (x86)\UCBrowser" => Nie można przenieść
Tryb awaryjny Windows 10:
przycisk Start > Ustawienia > Aktualizacja i zabezpieczenia > Odzyskiwanie > Uruchamianie zaawansowane > Uruchom teraz > system zrestartuje i pojawi się ekran z opcjami > Ustawienia zaawansowane > Ustawienia uruchamiania > Tryb awaryjny
R1 ucdrv; C:\Program Files (x86)\UCBrowser\Security:ucdrv-x64.sys [23652 ] (UC Web Inc.) <==== UWAGA
C:\Program Files (x86)\UCBrowser
Reboot:
DeleteQuarantine:
mam usunąć cały folder FRST? Dlaczego?
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 4 gości